Aws-clud01-tb1-implementation-doc-v1


#1
  1. Create an IAM User
  2. Creating an S3 Bucket
  3. Upload an Object to Amazon S3
  4. Creating Read Permission on an Object in S3 Bucket
  5. Showing the Different Versions
  6. Re-Setting the Public Permission
  7. Applying a Bucket Policy
  8. Enable Versioning
  9. Create Lifecycle Rules
  10. Create an EC2 instance with AMI Image
  11. Create ELB
  12. Create Auto Scaling Groups
  13. Create Auto-Scaling Policies for Auto-Scaling-Up && Auto-Scaling-Down
  14. Create a VPC
  15. Create Internet Gateway
  16. Creation of Route Tables
  17. Creating & Configuring Subnets
  18. Navigate to Peering Connections
  19. Create NAT Gateway and Configure to Public Subnet
  20. Create NACL && Configure the NACL
  21. Install AWS CLI
  22. Interaction between the AWS CLI to AWS console
  23. SSH to Private EC2 Instance
  24. Ensuring NAT Gateway is Configure
  25. Create an EC2 Instance IMAGE and backup image

Create an IAM User

    Step1: Go to AWS Console
 	Step2: Go to AWS IAM service
	Step3: Select the Users
	Step4: Select the Add User
	Step5: Enter the User Name & select the Access Type then Click on next
	Step6: Set the Permissions to the User and Click on next
	Step7: Click on Create User

The User is created with above given Permissions.

Creating an S3 Bucket

   Step1: Click on the Create bucket button & enter your DNS-compliant bucket name into the [”Bucket name”]

	 Note: Bucket names must be globally unique.

	Step2:Select the Region in which you want your bucket to be stored.For instance, us- east-1 (N. Virginia).

	Step3:Leave the 'copy settings from an existing bucket' section blank,since we do not have any existing bucket. Click Next to proceed to the Set properties page. Click Versioning, select Enable Versioning, then Save.

	Step4: Click the Next button again to proceed to 'Set Permissions' page. We want to leave the bucket as private, so we do not change 'Manage public permissions'. We will also not modify the 'Manage System permissions'. Click on Next to proceed to the Review page. Review all the bucket settings and click on Create bucket.

Upload an Object to Amazon S3

Step1: Start by downloading the file fountain.jpg from the learning activity description to your computer.

Step2: Go back to the AWS S3 homepage &click on the name of your bucket [or the name that you entered]& Select Upload and click on Add files. Navigate to the directory where you saved the fountain.jpg file and select it.

Step3: Click Next to proceed to [Set Permissions] page& leave all settings here as default and click on Next to proceed to the Storage Class page. We'll leave everything under Storage class as default and click on Next to review the settings. Click Upload.

Step4: Select the uploaded file fountain.jpg from the bucket dashboard & a window will pop up at the right-hand corner displaying all of the configured properties of the file.

Step5: Click on the S3 public link provided under Overview to view the content of the file. You should get an 'Access denied' message.

Creating Read Permission on an Object in S3 Bucket

Step1: Select the object fountain.jpg, right click on the object, scroll down and select Make Public. A small window will pop up. Confirm by clicking on Make Public.

Step2: Navigate back to the object page, click on the object fountain.jpg and click on the public link. You should see a picture of a fountain

Showing the Different Versions

Step1: Click the object fountain.jpg& Under the Overview tab, select Show (next to Version) to display the versions of the object. Right-click on fountain.jpg & select Delete. Navigate back to the show version to view the different versions that existed.

Step2: Right-click on the first version, select Download and save it to your computer.

Step3: We can now go back to the bucket and confirm that fountain.jpg has been deleted. Since we were able to download it via versioning, we can re-upload the file again. Click Upload, navigate to the directory where you saved the downloaded file, select the file, fountain.jpg, and click Next through to review and click Upload file.

Step4: Select fountain.jpg and click on the S3 public link to view the content. This time, you should get an 'Access denied' message.

Re-Setting the Public Permission

Step1: Click on the object fountain.jpg& under the Overview tab, and select Make Public to set the public permission.

Step2:  Navigate back to the bucket home page, click your bucket and select Show Version. You should see the first version, the delete marker and the latest version.

Applying a Bucket Policy - anonymous access to the bucket.

Step1: Click the link in the instructions of this activity to take you to a GitHub page. Open it up and copy the text.

Step2: Navigate back to Amazon S3 management console. Click on S3 and click the bucket name. A small pop up window will appear on the right corner. Select Permissions and click on Bucket policy. Paste in the prior text copied from the GitHub page. Modify the Resources part of the policy by coping and pasting the ARN for the bucket and hit Save.

You should get a warning notification prompting you that any object in your bucket will be public.

Step3: Let's go back into the bucket and upload another file. Select the bucket name, click on Upload, rename the old file to fountain-new.jpg, and upload it. Now click on fountain-new.jpg & then click on the public link. You see a fountain picture.

Enable Versioning

Step1: Navigate to the S3 Management Console in AWS. Enable versioning:

Step2: Click the title of the bucket with s3bucket in its name & click the Properties tab.

Step3: Click the Versioning section and select the Enable Versioning option.

Step4: Repeat these steps to enable Versioning on the tmpfiles bucket

Create Lifecycle Rules

Step1: Navigate to the Management tab & ensure the Lifecycle section is highlighted. Use the Add lifecycle rule button to begin adding lifecycle rules to match those outlined in the Introduction

Create an EC2 instance with AMI Image

Step1: Create an EC2 instance

Step2: Go to CLI and give the 400 permissions to the downloaded key pair
$ chmod 400 keypair.pem

Step3: Login CLI with the public IP

$ ssh -i keypair.pem [email protected]
ec2-user(default Username of AWS)

Create ELB

Step1: Goto EC2 instance

Step2: Select the Load balancer and select the type of load balancer

Step3: Select the classic load balancer and click on next

Step4: Give the basic configuration like load balancer name and give the security group as one public IP and Private IP then click on next

Step5: Assign the security group our own and click on next

Step6: Configure the health checks (Give the ping details) click on next

Step7: Add the EC2 instance (We can add the crocess-zones) and click on next

Step8: Add Tags (Give the tag name and tag value) and Click on review

Step9: Click on Create ELB

Step10: Goto the Auto scaling group and edit the auto scaling group and give the ELB value

Step11: Goto Load balancer and open the load balancer

Copy the DNS name and access in the browser with DNS name (IT showing the output as Our file in the ping place)

Create Auto Scaling Groups

Step1: Goto AWS console and Select the EC2 services

Step2: Launch the two EC2 instances and run those instances

Step3: Then Select the Auto scaling groups and Select the create auto scaling group Click on next

Step4: Select the AMI Images and Click on next

Step5: Select the create and configure (give the name) Click on Next:Add Storage

Step6: Click on Next:Configure Security Group

Step7: Click on Next:Add security Groups and Click on review

Step8: Click on Create Launch Configuration

Create Auto-Scaling Policies for Auto-Scaling-Up && Auto-Scaling-Down

Step1: Goto the EC2 services and select the auto scaling groups

Step2: Select the Create scaling Policies , give the name of the Policies and Select the Create Polices with steps

Step3: Give the Execute policy (select on No alarm) (I.e , Alarm is cloudwatch alaram ) and Un check the send notifications and Give all the information about alarm and click on create alarm

Note: It is displayed on Cloud Watch alarm based Management page

Step4: Add alarm to EC2 dashboard (by click on add dashboard)

Step5: Select the Create auto Scaling policies for “auto-scaling-up and auto-scaling-down” and give the Instance time to deploy instances,If we add more instances then click on “add step” and click on create

Step6: Create an Auto-Scaling-Ploicy for “Down“

Click on Create an Alarm and Give the Name of alarm and Click on Simple Policy ,Click on create New Alarm

Step7: Give the alarm details and click on Create (Give the time where is as (<=40) ) && Select the take action as “ remove” and “one instance” (If In our system 100 instances are running if the server goes down then we need to remove the one instance) && Click on Create alarm

Note: We create the Scale-up alarm It is used to The CPU Utilization is cross the 70% then Auto-scaling group will create the one instance

We can Create the auto Scaling-group-Down, It is used to remove the instance when the traffic reaches the 40% of CPU utilization

Create a VPC

Step1: Navigate to the VPC Dashboard in AWS.

Step2: Click the Your VPCs link in the navigation pane to the left of the page.

Step3: Click the Create VPC button at the top of the list.

Step4: Set the Name tag: [VPC1]

 IPv4 CIDR block to be [10.0.0.0/16]

Leave the IPv6 CIDR block and Tenancy settings unchanged.

Step5: Click the [Yes, Create] button.

You will see the new VPC named [VPC1] in the list of VPCs. We can move on to configuring subnets.

Create Internet Gateway
Configuring VPC with IGW && Route Table with IGW && Subnet with Route Table

Let’s create an Internet Gateway that we can attach to our VPC in order to be able to create public subnets.

Step1: Click the Internet Gateways link on the left of the page.

Step2: Click the Create Internet Gateway button

Step3: Type a Name tag of my-internet-gateway to fit the naming .Use the Yes, Create button to create the Internet Gateway.

Step4: You will see the new Internet Gateway listed on this page. Notice that it's State is detached. Attach it to the VPC we created:

Step5: Right click the my-internet-gateway listing and choose the Attach to VPC option.

Step6: Select the my-new-vpc option.

Step7: Click Yes, Attach

The State will now show attached.

Attaching the Internet Gateway with a Route Table

Creation of Route Tables
We will now configure a new Route Table for the Internet Gateway and explicitly associate it to the subnet we want to be public.

Step1: Navigate to the Route Tables page.

Step2: Click the Create Route Table button.

Step3: Type a Name tag of my-route-table

Step4: Set the VPC to my-new-vpc.

Step5: Click the Yes, Create button.

You'll see the new Route Table in the list. It should be selected by default. We'll configure it further using the pane at the bottom of the page.

Let's add a new route for the Internet Gateway:

Step6: Click the Routes tab.

Step7: Click the Edit button.

Step8: Click the Add another route button to add an entry.

For the Destination, type 0.0.0.0/0 (this represents any/every IP address).

For the Target, select the Internet Gateway we created a moment ago (we named it my-internet-gateway).

Step9:Click the Save button.

Creating & Configuring Subnets
We will create two subnets: A private & a Public.

Private Subnets vs. Public Subnets

A private subnet is one without an internet gateway and is therefore “isolated” to our VPC. A public subnet is one that does have an internet gateway attached, allowing it to interact with the outside world. New subnets are created without internet gateways attached and are therefore initially private. If you intend to create a public subnet, you’ll have to attach an internet gateway. This lab demonstrates such a process.

Create new subnets:

We will now create two new subnets. We want one to be public & one to be private, So we will need to create and attach an internet gateway to one of them. Let’s start by creating the subnet we want to be private.

Step1: Click the Subnets link on the left of the page.

Step2: Use the Create Subnet button to get started.

Step3: Since this is a subnet we intend to keep as private, type a Name tag of my-private-subnet.

Step4: Set the VPC to the new one we created (identified by the name we gave it).

Step5: For the Availability Zone, we can choose us-east-1a. If you don't see us-east-1a, just choose another option and it will work the same way.

Step6: Set the IPv4 CIDR block to [ 10.0.1.0/24 ]

Step7: Click the Yes, Create button.

Step8: Now we will create the subnet which we want to be public.

Step9: Click the Create Subnet button.

Step10: Set the Name tag to [ my-public-subnet ] so that we can easily identify which subnet we intend to be public (we will attach the Internet Gateway to this one later in the lab).

Step11: Set the VPC to [ VPC1 ].

Step12: Choose the same availability zone as the private subnet:[ us-east-1a ]

Step13: Set the IPv4 CIDR block to [ 10.0.2.0/24 ]

Step14: Click Yes, Create

We will see both subnets listed on the page. Now we need to make the subnet we just created (my-public-subnet) public by creating and attaching an Internet Gateway to it.

We can now explicitly associate the Route Table to the subnet we want to be public:

Step17: Navigate to the Subnet Associations tab.

Step18: Click the Edit button.

Step19: Check the Associate box beside the subnet we called my-public-subnet

Step20: Click the Save button.

Since we've connected an internet gateway, the subnet we called my-public- subnet is now actually public.

Navigate to Peering Connections
Step1: Peering Connection name tag[any name]

Step2: VPC requester[select newly created vpc]

Step3: Select another VPC to peer with My Account

Step4: Select Region

VPC accepter[Select the one which was created earlier]&create on [creating peering connection]&Accept the pending acceptance

Navigate to Route Tables &select the route table which was in VPC

Click on Route &Add a route

Virtual Private Gateways[10.0.0.0/16] Target[New VPC] &Click on Save

Step5: Click on the Route table in VPC2

Navigate to Route & Add a route

Destination[10.99.0.0/16] Target[New VPC] &save it.

Create NAT Gateway and Configure to Public Subnet

Step1: Navigate to the VPC Dashboard in AWS.

Step2: Click the NAT Gateways link in to the left of the page.

Create a new NAT Gateway.

Step3: We want to assign this new NAT Gateway to the Public subnet so it can access the Internet. Click the text field for the Subnet setting. Select the subnet titled Public.

Step4: Use the Create New EIP button to create and select a new Elastic IP.

Step5: Click the Edit Route Tables button.

Step6: Select the route table associated to our Private subnet. Note: The private subnet was not explicitly assigned to the route table containing an Internet Gateway; therefore, it was implicitly associated to the Main route table. The Main route table in the list.

Step7: Click on the Routes tab in the settings pane at the bottom of the page.

Step8: Click the Edit.

Add another route with a Destination of 0.0.0.0/0 (signifying any/all IP addresses).

Choose the NAT we just created as the Target (identified by the nat prefix).

Step9: Click the Save button.

Step10: Wait a few moments while the NAT Gateway starts up. You can check its Status by navigating back to the NAT Gateways section of the VPC Dashboard. Use the refresh button occasionally. Once the status goes from Pending to Available, navigate back to the terminal window that's currently connect to the Private instance.

Create NACL && Configure the NACL:
Step1: click on VPC dashboard and Network ACLs

Step2: click on Create Network ACL

Step3: Fill the Name tag and select VPC

Step4: edit Inbound and Outbound Rules

Step5: edit Subnet Associations

Install AWS CLI :
Step1: Go to Command Prompt

Step2: Run the commands from the root user

$ su             # connect to root user

Step3: Install python and check the version

$ sudo yum install python
$ python --version

Step4: Download and Install pip

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
$ sudo python3 get-pip.py
$ pip --help

Step5: Install the CLI(Command Line Interface)

$ sudo pip install awscli # install AWS CLI
$ aws help # Check the awscli

Interaction between the AWS CLI to AWS console
Step1: Connect to AWS console

$ aws configure         # create AWS Access key ,Secrete Access Key , region name

Step2: Copy the user Acess key and Secret Access key from .csv file which is downloaded at the time of user creation or get it from the Aws console

Step3: Upload the ssh-keygen generated from CLI(Command Line Interface) to AWS console in IAM users security credentials

SSH to Private EC2 Instance
Step1: Connect to Public Ec2 Instance from AWS CLI using SSH

Step2: Login to Private EC2 instance from public Ec2 instance using SSH

$ ssh key-pair.pem -i [email protected]

Ensuring NAT Gateway is Configure
Step1: $ yum update

(If the yum update command is successfully executed then the NAT gateway is Configured else we have to re-configure the NAT Gateway)

Create an EC2 Instance IMAGE and backup image

Step1: Goto the EC2 instance service 

Step2: Click on actions and select the Image → (Create Image ) click on create Image 

Step3: Give the Image name and description and click on create Image 

Step4: Click on show Images and It showing available 

Step5: Go to Ec2 instance and stop the running instance and create an Image with backup 

Step6: Go to Launch an instance and Select the My AMIs and select click on next 

Step7: Click on exiting configurations and click on next 

Step8: Click on next configuration and launch an instance 

Step9: Access In the browser with New Public IP 

Step10: Goto Images AMIs Select the actions → Select the copy AMI

Step11: Select the destination region as we want and click on copy AMI