- Create an IAM User
- Creating an S3 Bucket
- Upload an Object to Amazon S3
- Creating Read Permission on an Object in S3 Bucket
- Showing the Different Versions
- Re-Setting the Public Permission
- Applying a Bucket Policy
- Enable Versioning
- Create Lifecycle Rules
- Create an EC2 instance with AMI Image
- Create ELB
- Create Auto Scaling Groups
- Create Auto-Scaling Policies for Auto-Scaling-Up && Auto-Scaling-Down
- Create a VPC
- Create Internet Gateway
- Creation of Route Tables
- Creating & Configuring Subnets
- Navigate to Peering Connections
- Create NAT Gateway and Configure to Public Subnet
- Create NACL && Configure the NACL
- Install AWS CLI
- Interaction between the AWS CLI to AWS console
- SSH to Private EC2 Instance
- Ensuring NAT Gateway is Configure
- Create an EC2 Instance IMAGE and backup image
Create an IAM User
Step1: Go to AWS Console
Step2: Go to AWS IAM service
Step3: Select the Users
Step4: Select the Add User
Step5: Enter the User Name & select the Access Type then Click on next
Step6: Set the Permissions to the User and Click on next
Step7: Click on Create User
The User is created with above given Permissions.
Creating an S3 Bucket
Step1: Click on the Create bucket button & enter your DNS-compliant bucket name into the [”Bucket name”]
Note: Bucket names must be globally unique.
Step2:Select the Region in which you want your bucket to be stored.For instance, us- east-1 (N. Virginia).
Step3:Leave the 'copy settings from an existing bucket' section blank,since we do not have any existing bucket. Click Next to proceed to the Set properties page. Click Versioning, select Enable Versioning, then Save.
Step4: Click the Next button again to proceed to 'Set Permissions' page. We want to leave the bucket as private, so we do not change 'Manage public permissions'. We will also not modify the 'Manage System permissions'. Click on Next to proceed to the Review page. Review all the bucket settings and click on Create bucket.
Upload an Object to Amazon S3
Step1: Start by downloading the file fountain.jpg from the learning activity description to your computer.
Step2: Go back to the AWS S3 homepage &click on the name of your bucket [or the name that you entered]& Select Upload and click on Add files. Navigate to the directory where you saved the fountain.jpg file and select it.
Step3: Click Next to proceed to [Set Permissions] page& leave all settings here as default and click on Next to proceed to the Storage Class page. We'll leave everything under Storage class as default and click on Next to review the settings. Click Upload.
Step4: Select the uploaded file fountain.jpg from the bucket dashboard & a window will pop up at the right-hand corner displaying all of the configured properties of the file.
Step5: Click on the S3 public link provided under Overview to view the content of the file. You should get an 'Access denied' message.
Creating Read Permission on an Object in S3 Bucket
Step1: Select the object fountain.jpg, right click on the object, scroll down and select Make Public. A small window will pop up. Confirm by clicking on Make Public.
Step2: Navigate back to the object page, click on the object fountain.jpg and click on the public link. You should see a picture of a fountain
Showing the Different Versions
Step1: Click the object fountain.jpg& Under the Overview tab, select Show (next to Version) to display the versions of the object. Right-click on fountain.jpg & select Delete. Navigate back to the show version to view the different versions that existed.
Step2: Right-click on the first version, select Download and save it to your computer.
Step3: We can now go back to the bucket and confirm that fountain.jpg has been deleted. Since we were able to download it via versioning, we can re-upload the file again. Click Upload, navigate to the directory where you saved the downloaded file, select the file, fountain.jpg, and click Next through to review and click Upload file.
Step4: Select fountain.jpg and click on the S3 public link to view the content. This time, you should get an 'Access denied' message.
Re-Setting the Public Permission
Step1: Click on the object fountain.jpg& under the Overview tab, and select Make Public to set the public permission.
Step2: Navigate back to the bucket home page, click your bucket and select Show Version. You should see the first version, the delete marker and the latest version.
Applying a Bucket Policy - anonymous access to the bucket.
Step1: Click the link in the instructions of this activity to take you to a GitHub page. Open it up and copy the text.
Step2: Navigate back to Amazon S3 management console. Click on S3 and click the bucket name. A small pop up window will appear on the right corner. Select Permissions and click on Bucket policy. Paste in the prior text copied from the GitHub page. Modify the Resources part of the policy by coping and pasting the ARN for the bucket and hit Save.
You should get a warning notification prompting you that any object in your bucket will be public.
Step3: Let's go back into the bucket and upload another file. Select the bucket name, click on Upload, rename the old file to fountain-new.jpg, and upload it. Now click on fountain-new.jpg & then click on the public link. You see a fountain picture.
Enable Versioning
Step1: Navigate to the S3 Management Console in AWS. Enable versioning:
Step2: Click the title of the bucket with s3bucket in its name & click the Properties tab.
Step3: Click the Versioning section and select the Enable Versioning option.
Step4: Repeat these steps to enable Versioning on the tmpfiles bucket
Create Lifecycle Rules
Step1: Navigate to the Management tab & ensure the Lifecycle section is highlighted. Use the Add lifecycle rule button to begin adding lifecycle rules to match those outlined in the Introduction
Create an EC2 instance with AMI Image
Step1: Create an EC2 instance
Step2: Go to CLI and give the 400 permissions to the downloaded key pair
$ chmod 400 keypair.pem
Step3: Login CLI with the public IP
$ ssh -i keypair.pem ec2-user@public-ip
ec2-user(default Username of AWS)
Create ELB
Step1: Goto EC2 instance
Step2: Select the Load balancer and select the type of load balancer
Step3: Select the classic load balancer and click on next
Step4: Give the basic configuration like load balancer name and give the security group as one public IP and Private IP then click on next
Step5: Assign the security group our own and click on next
Step6: Configure the health checks (Give the ping details) click on next
Step7: Add the EC2 instance (We can add the crocess-zones) and click on next
Step8: Add Tags (Give the tag name and tag value) and Click on review
Step9: Click on Create ELB
Step10: Goto the Auto scaling group and edit the auto scaling group and give the ELB value
Step11: Goto Load balancer and open the load balancer
Copy the DNS name and access in the browser with DNS name (IT showing the output as Our file in the ping place)
Create Auto Scaling Groups
Step1: Goto AWS console and Select the EC2 services
Step2: Launch the two EC2 instances and run those instances
Step3: Then Select the Auto scaling groups and Select the create auto scaling group Click on next
Step4: Select the AMI Images and Click on next
Step5: Select the create and configure (give the name) Click on Next:Add Storage
Step6: Click on Next:Configure Security Group
Step7: Click on Next:Add security Groups and Click on review
Step8: Click on Create Launch Configuration
Create Auto-Scaling Policies for Auto-Scaling-Up && Auto-Scaling-Down
Step1: Goto the EC2 services and select the auto scaling groups
Step2: Select the Create scaling Policies , give the name of the Policies and Select the Create Polices with steps
Step3: Give the Execute policy (select on No alarm) (I.e , Alarm is cloudwatch alaram ) and Un check the send notifications and Give all the information about alarm and click on create alarm
Note: It is displayed on Cloud Watch alarm based Management page
Step4: Add alarm to EC2 dashboard (by click on add dashboard)
Step5: Select the Create auto Scaling policies for “auto-scaling-up and auto-scaling-down” and give the Instance time to deploy instances,If we add more instances then click on “add step” and click on create
Step6: Create an Auto-Scaling-Ploicy for “Down“
Click on Create an Alarm and Give the Name of alarm and Click on Simple Policy ,Click on create New Alarm
Step7: Give the alarm details and click on Create (Give the time where is as (<=40) ) && Select the take action as “ remove” and “one instance” (If In our system 100 instances are running if the server goes down then we need to remove the one instance) && Click on Create alarm
Note: We create the Scale-up alarm It is used to The CPU Utilization is cross the 70% then Auto-scaling group will create the one instance
We can Create the auto Scaling-group-Down, It is used to remove the instance when the traffic reaches the 40% of CPU utilization
Create a VPC
Step1: Navigate to the VPC Dashboard in AWS.
Step2: Click the Your VPCs link in the navigation pane to the left of the page.
Step3: Click the Create VPC button at the top of the list.
Step4: Set the Name tag: [VPC1]
IPv4 CIDR block to be [10.0.0.0/16]
Leave the IPv6 CIDR block and Tenancy settings unchanged.
Step5: Click the [Yes, Create] button.
You will see the new VPC named [VPC1] in the list of VPCs. We can move on to configuring subnets.
Create Internet Gateway
Configuring VPC with IGW && Route Table with IGW && Subnet with Route Table
Let’s create an Internet Gateway that we can attach to our VPC in order to be able to create public subnets.
Step1: Click the Internet Gateways link on the left of the page.
Step2: Click the Create Internet Gateway button
Step3: Type a Name tag of my-internet-gateway to fit the naming .Use the Yes, Create button to create the Internet Gateway.
Step4: You will see the new Internet Gateway listed on this page. Notice that it's State is detached. Attach it to the VPC we created:
Step5: Right click the my-internet-gateway listing and choose the Attach to VPC option.
Step6: Select the my-new-vpc option.
Step7: Click Yes, Attach
The State will now show attached.
Attaching the Internet Gateway with a Route Table
Creation of Route Tables
We will now configure a new Route Table for the Internet Gateway and explicitly associate it to the subnet we want to be public.
Step1: Navigate to the Route Tables page.
Step2: Click the Create Route Table button.
Step3: Type a Name tag of my-route-table
Step4: Set the VPC to my-new-vpc.
Step5: Click the Yes, Create button.
You'll see the new Route Table in the list. It should be selected by default. We'll configure it further using the pane at the bottom of the page.
Let's add a new route for the Internet Gateway:
Step6: Click the Routes tab.
Step7: Click the Edit button.
Step8: Click the Add another route button to add an entry.
For the Destination, type 0.0.0.0/0 (this represents any/every IP address).
For the Target, select the Internet Gateway we created a moment ago (we named it my-internet-gateway).
Step9:Click the Save button.
Creating & Configuring Subnets
We will create two subnets: A private & a Public.
Private Subnets vs. Public Subnets
A private subnet is one without an internet gateway and is therefore “isolated” to our VPC. A public subnet is one that does have an internet gateway attached, allowing it to interact with the outside world. New subnets are created without internet gateways attached and are therefore initially private. If you intend to create a public subnet, you’ll have to attach an internet gateway. This lab demonstrates such a process.
Create new subnets:
We will now create two new subnets. We want one to be public & one to be private, So we will need to create and attach an internet gateway to one of them. Let’s start by creating the subnet we want to be private.
Step1: Click the Subnets link on the left of the page.
Step2: Use the Create Subnet button to get started.
Step3: Since this is a subnet we intend to keep as private, type a Name tag of my-private-subnet.
Step4: Set the VPC to the new one we created (identified by the name we gave it).
Step5: For the Availability Zone, we can choose us-east-1a. If you don't see us-east-1a, just choose another option and it will work the same way.
Step6: Set the IPv4 CIDR block to [ 10.0.1.0/24 ]
Step7: Click the Yes, Create button.
Step8: Now we will create the subnet which we want to be public.
Step9: Click the Create Subnet button.
Step10: Set the Name tag to [ my-public-subnet ] so that we can easily identify which subnet we intend to be public (we will attach the Internet Gateway to this one later in the lab).
Step11: Set the VPC to [ VPC1 ].
Step12: Choose the same availability zone as the private subnet:[ us-east-1a ]
Step13: Set the IPv4 CIDR block to [ 10.0.2.0/24 ]
Step14: Click Yes, Create
We will see both subnets listed on the page. Now we need to make the subnet we just created (my-public-subnet) public by creating and attaching an Internet Gateway to it.
We can now explicitly associate the Route Table to the subnet we want to be public:
Step17: Navigate to the Subnet Associations tab.
Step18: Click the Edit button.
Step19: Check the Associate box beside the subnet we called my-public-subnet
Step20: Click the Save button.
Since we've connected an internet gateway, the subnet we called my-public- subnet is now actually public.
Navigate to Peering Connections
Step1: Peering Connection name tag[any name]
Step2: VPC requester[select newly created vpc]
Step3: Select another VPC to peer with My Account
Step4: Select Region
VPC accepter[Select the one which was created earlier]&create on [creating peering connection]&Accept the pending acceptance
Navigate to Route Tables &select the route table which was in VPC
Click on Route &Add a route
Virtual Private Gateways[10.0.0.0/16] Target[New VPC] &Click on Save
Step5: Click on the Route table in VPC2
Navigate to Route & Add a route
Destination[10.99.0.0/16] Target[New VPC] &save it.
Create NAT Gateway and Configure to Public Subnet
Step1: Navigate to the VPC Dashboard in AWS.
Step2: Click the NAT Gateways link in to the left of the page.
Create a new NAT Gateway.
Step3: We want to assign this new NAT Gateway to the Public subnet so it can access the Internet. Click the text field for the Subnet setting. Select the subnet titled Public.
Step4: Use the Create New EIP button to create and select a new Elastic IP.
Step5: Click the Edit Route Tables button.
Step6: Select the route table associated to our Private subnet. Note: The private subnet was not explicitly assigned to the route table containing an Internet Gateway; therefore, it was implicitly associated to the Main route table. The Main route table in the list.
Step7: Click on the Routes tab in the settings pane at the bottom of the page.
Step8: Click the Edit.
Add another route with a Destination of 0.0.0.0/0 (signifying any/all IP addresses).
Choose the NAT we just created as the Target (identified by the nat prefix).
Step9: Click the Save button.
Step10: Wait a few moments while the NAT Gateway starts up. You can check its Status by navigating back to the NAT Gateways section of the VPC Dashboard. Use the refresh button occasionally. Once the status goes from Pending to Available, navigate back to the terminal window that's currently connect to the Private instance.
Create NACL && Configure the NACL:
Step1: click on VPC dashboard and Network ACLs
Step2: click on Create Network ACL
Step3: Fill the Name tag and select VPC
Step4: edit Inbound and Outbound Rules
Step5: edit Subnet Associations
Install AWS CLI :
Step1: Go to Command Prompt
Step2: Run the commands from the root user
$ su # connect to root user
Step3: Install python and check the version
$ sudo yum install python
$ python --version
Step4: Download and Install pip
$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
$ sudo python3 get-pip.py
$ pip --help
Step5: Install the CLI(Command Line Interface)
$ sudo pip install awscli # install AWS CLI
$ aws help # Check the awscli
Interaction between the AWS CLI to AWS console
Step1: Connect to AWS console
$ aws configure # create AWS Access key ,Secrete Access Key , region name
Step2: Copy the user Acess key and Secret Access key from .csv file which is downloaded at the time of user creation or get it from the Aws console
Step3: Upload the ssh-keygen generated from CLI(Command Line Interface) to AWS console in IAM users security credentials
SSH to Private EC2 Instance
Step1: Connect to Public Ec2 Instance from AWS CLI using SSH
Step2: Login to Private EC2 instance from public Ec2 instance using SSH
$ ssh key-pair.pem -i User-name@Private-IP
Ensuring NAT Gateway is Configure
Step1: $ yum update
(If the yum update command is successfully executed then the NAT gateway is Configured else we have to re-configure the NAT Gateway)
Create an EC2 Instance IMAGE and backup image
Step1: Goto the EC2 instance service
Step2: Click on actions and select the Image → (Create Image ) click on create Image
Step3: Give the Image name and description and click on create Image
Step4: Click on show Images and It showing available
Step5: Go to Ec2 instance and stop the running instance and create an Image with backup
Step6: Go to Launch an instance and Select the My AMIs and select click on next
Step7: Click on exiting configurations and click on next
Step8: Click on next configuration and launch an instance
Step9: Access In the browser with New Public IP
Step10: Goto Images AMIs Select the actions → Select the copy AMI
Step11: Select the destination region as we want and click on copy AMI