If you want to deploy a web application on AWS elastic beanstalk and you want that to be highly available and secure. Read this content. I hope it will be helpful to you.
- Keep web servers and database hosted in private subnet.
- Keep Load Balancer on public subnet.
You need an Internet Gateway to connect to internet. You also need NAT Gateway since your web servers need internet access and web servers will not be accessible to internet.
Use VPC launch template to setup the infrastructure quickly.
If your web servers need access to other AWS services(like S3, dynamoDB, SQS etc) in that case, you need to create VPC endpoints. This will allow your web servers securely access AWS resources with low latency. Example: If your web application need image upload and file reading from S3 you can enable VPC endpoints with S3 Gateway option in the VPC launch template.
Note:~ you can also create single single NAT Gateway in 1 AZ instead of NAT Gateway 1 per AZ to save money.
Once you setup above infrastructure successfully. You can go to elastic beanstalk and create a beanstalk environment using this network setup. In network configuration first choose the VPC and select public subnets for Load Balancer and private subnet for instances.