├── Assignment 2.docx
├── session1
├── extra
├── node.js
├── db.java
├── Route53
├── loadbalancer
├── S3
├── session2
├── python.py
├── ec2
└── VPC
/Assignment 2.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Aakashdeveloper/March_AWS_2020/HEAD/Assignment 2.docx
--------------------------------------------------------------------------------
/session1:
--------------------------------------------------------------------------------
1 | /*******Design********/
2 | Onprime
3 | cloud
4 | hybrid
5 | multicloud
6 |
7 | /******************
8 | Region
9 | Availabilty Zone(A-Z)
10 |
11 |
12 | /*******/
13 | IAAS
14 | PAAS
15 | SAAS
16 |
17 |
18 |
--------------------------------------------------------------------------------
/extra:
--------------------------------------------------------------------------------
1 | A user has created an application which will be hosted on EC2. The application makes calls to DynamoDB to fetch certain data. The application is using the
2 | DynamoDB SDK to connect with from the EC2 instance. Which of the below mentioned statements is true with respect to the best practice for security in this
3 | scenario?
4 | A. The user should create an IAM user with DynamoDB access and use its credentials within the application to connect with DynamoDB
5 | B. The user should attach an IAM role with DynamoDB access to the EC2 instance
6 | C. The user should create an IAM role, which has EC2 access so that it will allow deploying the application
7 | D. The user should create an IAM user with DynamoDB and EC2 acces
8 | E. Attach the user with the application so that it does not use the root account credentials
--------------------------------------------------------------------------------
/node.js:
--------------------------------------------------------------------------------
1 | const express = require('express');
2 | const app = express();
3 | const port = 8900;
4 | const Pool = require('pg').Pool;
5 | const bodyParser = require('body-parser');
6 |
7 | const pool = new Pool({
8 | user:'postgres',
9 | host:'localhost',
10 | database:'postgres',
11 | password:'docker',
12 | port:5432
13 | });
14 |
15 | app.use(bodyParser.urlencoded({extended:false}));
16 | app.use(bodyParser.json())
17 |
18 |
19 | app.get('/user', (req,res) => {
20 | pool.query('SELECT * FROM employee', (err,result) => {
21 | if(err){
22 | throw err
23 | }else{
24 | res.status(200).send(result.rows)
25 | }
26 | })
27 | })
28 |
29 | app.post('/addUser', (req,res) => {
30 | const {city,name,phone} = req.body;
31 | pool.query('INSERT INTO employee (city,name,phone) VALUES ($1,$2,$3)' [city,name,phone],(err,result) => {
32 | if(err){
33 | throw err;
34 | }else{
35 | res.status(200).send('data inserted')
36 | }
37 |
38 | })
39 | })
40 |
41 | app.listen(port, () => {
42 | console.log(`Server is running on port ${port}`)
43 | })
--------------------------------------------------------------------------------
/db.java:
--------------------------------------------------------------------------------
1 | import java.sql.Connection;
2 | import java.sql.DriverManager;
3 | import java.sql.Statement;
4 | import java.sql.ResultSet;
5 | import java.sql.PreparedStatement;
6 |
7 |
8 | public class ProductComponent {
9 |
10 | public void printProductList(double lowPrice, double highPrice) throws Exception {
11 |
12 | try (Connection connection =
13 | DriverManager.getConnection("jdbc:mysql://database-1.c83fdlzp5lmg.us-east-2.rds.amazonaws.com:3306/classicmodels?"
14 | + "user=admin&password=admin987&serverTimezone=UTC");
15 |
16 | PreparedStatement preparedStatement = connection
17 | .prepareStatement("SELECT * FROM products "
18 | + "WHERE buyPrice BETWEEN ? AND ?");) {
19 |
20 | preparedStatement.setDouble(1, lowPrice);
21 | preparedStatement.setDouble(2, highPrice);
22 |
23 |
24 |
25 | try (ResultSet resultSet = preparedStatement.executeQuery();) {
26 |
27 | while (resultSet.next()) {
28 |
29 | String name = resultSet.getString("productName");
30 | System.out.println(name);
31 | }
32 |
33 | }
34 | }
35 | }
36 |
37 | }
--------------------------------------------------------------------------------
/Route53:
--------------------------------------------------------------------------------
1 | www. aakashanda .me
2 | host subdomain top level domain
3 |
4 | A record => help to map domain Name to IP address
5 | A record for IPv4
6 | AAAA fro IPv6
7 |
8 |
9 |
10 |
11 |
12 | IAM
13 | VPC
14 | EC2
15 | LoadBalance
16 | AutoScale
17 | S3
18 | Route53
19 | EBS
20 | LightSail
21 | Elastic Bean Stack
22 |
23 |
24 | Ec2 => Route53
25 | S3=> Route53
26 | ELB
27 |
28 | /***********************
29 | Create Hosted Zone
30 | **********************/
31 | Route53
32 | Create Hosted Zone
33 | =>Provide
34 | DoaminName Type
35 | aakashhanda.xyz Public
36 | => Add the NS records in your Domain Server
37 | (bigrock, godaddy)
38 |
39 |
40 | /***********************
41 | Host A Website(Ec2)
42 | **********************/
43 | =>Create One public Ec2 with app
44 | =>Add Http in both inbound and outbound rule
45 | =>Create record Set(route53)
46 | =>Provide
47 | Name Type Value Routig Policy
48 | Keep it blank Arecrod Public IP Simple
49 |
50 | /***********************
51 | Host A Website(S3 Bucket)
52 | **********************/
53 | =>Create One S3 Bucket
54 | =>Create Static Website Hosting in S3 Bucket
55 | =>Create record Set(route53)
56 | =>Alias(yes)
57 | =>From S3 drop down
58 | =>Select S3 instance
59 | =>Routing Policy(simple)
60 | =>Create
61 |
62 | /***********************
63 | For Weight Routing
64 | **********************/
65 | =>Create Record Set
66 | =>Add IP
67 | =>Type(weight)
68 | =>Provide
69 | Weight SetID
70 | 2 First
71 |
72 | **We have to provide weight between 0 -255
73 | 0 Is not active machine
74 |
75 | ** % weight is decided by weight of machine/Total weigh
76 | 8+7+11=26
77 | 8/26 = 30%
78 | 7/26 = 27%
79 | 11/26 = 42%
80 | ========99%
81 |
82 | 4+8+7+11=30
83 |
84 |
85 | 4/30 = 13%
86 | 8/30 =26%
87 | 7/30 = 23%
88 | 11/30 = 36%
89 |
90 |
91 | /***********************
92 | For Failover Routing
93 | **********************/
94 | => Create Health Check
95 | =>Provide
96 | Name ServerIP HealthCheckUrl
97 | TestApp 10.0.01.1 inex.html
98 | =>Create Record Set
99 | =>Add IP
100 | =>Type FailOver Routing
101 | =>Set Primary or Secondary
--------------------------------------------------------------------------------
/loadbalancer:
--------------------------------------------------------------------------------
1 | => Round robin method
2 |
3 | 123456*8910
4 |
5 |
6 |
7 |
8 |
9 | Window Second Machine
10 |
11 |
12 |
13 | => Must have min 2 Ec2 instance
14 | => Make index.html up & running
15 | => Ec2 console
16 | => Load balancer
17 | => Create load balancer
18 | => Select classic load balancer
19 | => Provide LB name and select VPC
20 | => Enable advanced VPC configuration === Checked
21 | => Please select at least two Subnets in different Availability
22 | Zones to provide higher availability for your load balancer.
23 | => Select your subnet
24 | Loadbalancerport Load Balancer Port Instance Protocol Instance Port
25 | Http 80 Http 80
26 |
27 | => Configure health Check
28 |
29 | Ping Protocol == Http
30 | Ping Port === 80
31 | Ping Path == index.html
32 |
33 | Response Timeout === 5 seconds
34 | Interval ====30 seconds
35 | Unhealthy threshold == 2
36 | Healthy threshold ==10
37 | => Add Ec2 instance
38 | => Add Tag
39 | =>Review & launch
40 |
41 | /**************************
42 | Auto scale
43 | **************************/
44 | Scale in and scale out
45 |
46 | => Launch Configure = Instance Type, AMI, SG, Storage
47 | => Scaling Policy = Scale In and scale out
48 |
49 | connect ec2=>
50 | bash
51 | => stress
52 | => remove stress
53 |
54 | prequest
55 | ==> You must have one AMI
56 | =>Step
57 | => create auto scale group
58 | => Select AMI
59 | =>Configuration Detail
60 | name
61 | myautoscale
62 | =>Advanced Details
63 | =>User data
64 | Add bootstrap
65 | "#!/bin/bash
66 | sudo yum install stress -y
67 | "
68 | =>Create Launch Configuration
69 | Add http
70 | =>Create Auto Scaling Group
71 | =>Groupname
72 | =>Number of instance =1
73 | => Select alteast 3 subnet
74 | =>check Load Balancing
75 | =>Add loadBlacancer
76 | =>Use scaling policies to adjust the capacity of this group
77 | =>Scale the Auto Scaling group using step or simple scaling policies
78 | =>Add Alarm (for both scaleup and scale down)
79 | =>whenever=>CPu
80 | =>is lessthan or greater = provide %
81 | =>Add Tags
82 |
83 | /**************************
84 | Strees Testing ******HW
85 | **************************/
86 | => Connect with launched Ec2
87 | =>Open terminal
88 | =>type "stress"
89 | =>type "remove stress"
90 |
91 |
92 | Make sure to install stress package on linux
93 | >connect with server
94 | > type stress
--------------------------------------------------------------------------------
/S3:
--------------------------------------------------------------------------------
1 | 99.99999999 11nine
2 |
3 | Database vs ObjectStorage
4 | Structred Open & Unstructed
5 | Mysql
6 | Oracle
7 | Mongo
8 |
9 |
10 | => Object Based Storage
11 | => 100 bucket per account
12 | => Object Size <= 5TB
13 | => Global Service
14 | => upto 5GB => Free
15 |
16 | /*********************
17 | Create bucket
18 | *********************/
19 | =>S3
20 | => Create bucket
21 | => provide Unique name(select region)
22 | =>Create bucket
23 |
24 | /*********************
25 | Upload in bucket
26 | *********************/
27 | => Select the bucket
28 | =>Add File
29 | => upload
30 |
31 | /*********************
32 | Make Bucket Public
33 | *********************/
34 | => Select bucket
35 | =>Permission
36 | =>Edit
37 | =>Uncheck public option
38 |
39 | /**********************
40 | Versioning
41 | *********************/
42 | Unversioned | enabled | suspend
43 | version is Will maintain If already some object have version they we will
44 | disabled versions remain unaffected but new will not get Versioning
45 |
46 | /**********************
47 | Host Wesbite with S3
48 | *********************/
49 | => Create a Bucket
50 | => create static html page
51 | =>upload html page
52 | => Properties
53 | =>Static website hosting
54 | => Provide main File
55 | =>Hit Url
56 | /**********************
57 | Object-level logging
58 | *********************/
59 | Enable logging for each object with cloudtrail
60 |
61 | /**********************
62 | Default encryption
63 | *********************/
64 | We can encrypt data in multiple format for security
65 |
66 | /**********************
67 | Object lock
68 | *********************/
69 | Can be done only during the creation (WORM)
70 | Write one read many
71 |
72 | /**********************
73 | Tags
74 | *********************/
75 | Can provide name to bucket by Tags
76 |
77 | /**********************
78 | Transfer acceleration
79 | *********************/
80 | With enabling this I/O will be much faster
81 | but cost incresse
82 |
83 | /**********************
84 | Events
85 | *********************/
86 | We can trigger event on the operation selected
87 | It can any crud operation
88 |
89 | We can fire Lambda, SNS and SQS
90 |
91 | /**********************
92 | Requester pays
93 | *********************/
94 |
95 | It make requester charged for the file access
96 | insted for admin
97 |
98 | /**********************
99 | Storage Classes
100 | *********************/
101 | S3 standard =>> Immediate access / frequent access /important data
102 | S3 IA =>Imp data but less frequent access
103 | S3 RR => not critiacl data
104 | Amazon Glacier => Long time backups not critiacl data
105 |
106 | /**********************
107 | CRR(cross region replication)
108 | *********************/
109 | SourceBucket => Versioning enabled => diff region
110 | targetBucket => Versioning enabled => diff region
111 |
112 | => Select source bucket
113 | =>mangement
114 | =>replication
115 | =>Select source Bucket
116 | enable encryotion
117 | => Select target bucket
118 | =>Save
119 |
--------------------------------------------------------------------------------
/session2:
--------------------------------------------------------------------------------
1 | component of IAM
2 | > Users =>
3 | Each person can be one User
4 | Each user can have different permissions
5 |
6 | > Group
7 | We can club multiple user and provide common acces
8 |
9 | > Roles
10 | Roles are not for users
11 | Roles are for service
12 | Ec2 => S3, RDS
13 |
14 | > Policies
15 |
16 |
17 | Development
18 |
19 | UserA UserB UserC
20 | IAM S3 RDS
21 | S3 RDS S3
22 | RDS
23 |
24 |
25 | Group Developer (S3,RDS)
26 | UserA (IAM)
27 | UserB
28 | UserC
29 |
30 |
31 | Policies
32 | IAM> Create Group, Create user, create Roles
33 | RDS> Read, write
34 |
35 |
36 | MyPolicy
37 | IAM> Create Group
38 | RDS> Read acces
39 |
40 | JSON
41 | {
42 | "name":"a",
43 | "class":"b"
44 | }
45 |
46 | /*********************
47 | Check All Policy
48 | ***********************/
49 | > AWS Dashboard
50 | > IAM
51 | >Policies
52 | >List All Policy
53 |
54 | /*********************
55 | Create Cutsome Policy
56 | ***********************/
57 | > Policies
58 | > create Policy
59 | > choose service
60 | > Select the actions
61 | > Review Policy
62 | >Provide policy name
63 | >Create policy
64 |
65 | /*******************************
66 | Create New IAM USer
67 | *********************************/
68 | > user
69 | >Create user
70 | >Name , Accesstypee
71 | >custome password
72 | >Attach existing Policies
73 | >select policy
74 | >Add Tags
75 | >Review and create
76 |
77 | /*******************************
78 | Login with IAM user
79 | *********************************/
80 | > Select User
81 | > security credential
82 | >use summery console login url:
83 |
84 |
85 | /*******************************
86 | Asign MFA
87 | *********************************/
88 | > Select user
89 | >security credential
90 | > Assign MFA
91 | >Virtual MFA
92 | > Show QR
93 | > Scan Qr and enter code
94 |
95 | /**************************
96 | Add uSer to group
97 | **************************/
98 | =>Select group
99 | =>user
100 | =>Add User
101 | =>Select Listed User
102 | =>Add
103 |
104 | Roles are for the applications
105 | Groups for the user
106 |
107 | /**************************
108 | Create Role
109 | **************************/
110 | => Role
111 | =>Create Role
112 | `=> Aws Service
113 | => Select service to which yo want to attach policy
114 | => Add Permission to the Service
115 | =>Add tags and Create
116 |
117 | ** We can attach role to service on there own dashboard
118 |
119 | /******************************************
120 | Access resource from diff account
121 | ******************************************/
122 | Acc1 (Aakash Handa) Sender
123 | =>IAM
124 | =>Role
125 | =>Another AWS account
126 | =>Account ID(of aakash)
127 | =>Add permission(s3 full access)
128 | =>RoleName
129 |
130 |
131 |
132 | Acc2 (Aakash) Reciver
133 | ** Access S3 of aakashhanda account
134 | => Create new user(with no permission no group)
135 |
136 | => Create new dummyGroup(no user no policy)
137 | =>Select create group
138 | =>Permission
139 | =>Add Inline Policies
140 | =>Json
141 | =>Create policy
142 | =>Write JSon
143 | {
144 | "Version":"2012-10-17",
145 | "Statement":{
146 | "Effect":"Allow",
147 | "Action":"sts:AssumeRole",
148 | "Resource":"arn:aws:iam::276374296137:role/S3extrenalAcess"
149 | (ARN of role created in sender account)
150 | }
151 | }
152 | => Attach user to group
153 |
154 | => Login with IAM user
155 | =>Swtich role
156 | =>Account* (number od aakashhanda account)
157 | Role* (created in aakash handa account)
158 | =>Switch Role
159 |
--------------------------------------------------------------------------------
/python.py:
--------------------------------------------------------------------------------
1 | import flask
2 | from flask import request, jsonify
3 | from flask_cors import CORS, cross_origin
4 | from sqlalchemy.orm.util import identity_key
5 | from flask_sqlalchemy import SQLAlchemy
6 | from psycopg2.pool import SimpleConnectionPool
7 | import time
8 | import random
9 | import psycopg2
10 | import os
11 | import csv
12 | from gevent.pywsgi import WSGIServer
13 | import logging
14 | import pandas as pd
15 | from zipfile import ZipFile
16 |
17 | logger = logging.getLogger(__name__)
18 | #logging.basicConfig(level=Parameters.logging)
19 |
20 |
21 | application = flask.Flask(__name__)
22 | application.config["DEBUG"] = True
23 | CORS(application,resources={r"/*": {"origins": "*"}})
24 | application.config['CORS_HEADERS'] = 'Content-Type'
25 |
26 |
27 | class Apiservice():
28 |
29 | def __init__(self):
30 |
31 | print('Inside __init__')
32 | self.conn = psycopg2.connect(user='postgres',password='admin12345',host="database-1.cjcjgqizui8x.us-east-1.rds.amazonaws.com",port=5432,dbname='postgres')
33 |
34 |
35 | def getConnection (self):
36 | print('Inside getConnection')
37 | try:
38 | cur = self.conn.cursor()
39 | cur.execute('SELECT 1')
40 | cur.close()
41 |
42 | except Exception as exc:
43 | logger.error(exc)
44 | self.conn = psycopg2.connect(user='postgres',password='admin12345',host="database-1.cjcjgqizui8x.us-east-1.rds.amazonaws.com",port=5432,dbname='postgres')
45 |
46 | return self.conn
47 |
48 |
49 | def getData(self,query):
50 | sql_query = query
51 | conn = apiService.getConnection ()
52 | cur = conn.cursor()
53 | out = cur.execute(sql_query)
54 | context_records = cur.fetchall()
55 | out = jsonify(context_records)
56 | return context_records
57 |
58 | def postData(self,query,value):
59 | sql_query = query
60 | conn = apiService.getConnection ()
61 | cur = conn.cursor()
62 | cur.execute(sql_query,value)
63 | conn.commit()
64 | return "Data Added"
65 |
66 | @application.route('/health', methods=['GET'])
67 | @cross_origin('*')
68 | def hello():
69 | return "hello from API"
70 |
71 | @application.route('/userInfo/', methods=['GET'])
72 | @cross_origin('*')
73 | def getEntity():
74 | output = apiService.getData("SELECT * FROM userinfo")
75 | print(output)
76 | outArray=[]
77 | try:
78 | length = len(output)
79 | for i in range(length):
80 | userinfo={}
81 | userinfo["uname"]= output[i][0]
82 | userinfo["empid"]= output[i][1]
83 | userinfo["tech"]= output[i][2]
84 | outArray.append(userinfo)
85 | except Exception as exc:
86 | print(exc)
87 | return jsonify(outArray)
88 |
89 |
90 |
91 | @application.route('/postuser/', methods=['POST'])
92 | @cross_origin('*')
93 | def postIntent():
94 | body = request.json
95 | uname= body['uname']
96 | empid= body['empid']
97 | tech= body['tech']
98 | sql_ins="""INSERT INTO userinfo(uname,empid,tech) VALUES (%s,%s,%s)"""
99 | values=(uname,empid,tech)
100 | out = apiService.postData(sql_ins,values)
101 | return out
102 |
103 |
104 |
105 |
106 |
107 |
108 | @application.route('/updateuser/', methods=['PUT'])
109 | @cross_origin('*')
110 | def updateIntent():
111 | body = request.json
112 | uname= body['uname']
113 | empid= body['empid']
114 | tech= body['tech']
115 | sql_upt="""Update userinfo set uname = %s, tech=%s where empid = %s"""
116 | values=(uname,tech,empid)
117 | out = apiService.postData(sql_upt,values)
118 | return out
119 |
120 |
121 | apiService = Apiservice ()
122 |
123 |
124 | if __name__ == '__main__':
125 | #http_server = WSGIServer(('0.0.0.0', 8443), application, keyfile='/opt/epaas/certs/dkey', certfile='/opt/epaas/certs/ca-chain')
126 | http_server = WSGIServer(('0.0.0.0', 8005), application)
127 | http_server.start()
128 | try:
129 | logger.info("LDAP Service is up and running")
130 | http_server.serve_forever()
131 |
132 | except Exception as exc:
133 | logger.exception(exc)
--------------------------------------------------------------------------------
/ec2:
--------------------------------------------------------------------------------
1 | core/ foundational service
2 | 70% app running on ec2
3 | VM
4 | Regional Service
5 | Had to launched in VPC
6 | => Free tire limit t2.micro 750hrs
7 | => Configuration
8 | => Instance are =CPU, Storage, Memory, Network
9 | => AMI => OS, Custome AMI
10 |
11 | => Virtualization type: hvm | Para
12 | Hardware vitural machine | Para
13 | Fast Slow
14 | New
15 | support more hardwar Old
16 |
17 | => Root Device
18 | EBS volume, ISVolume
19 |
20 | EBS volume
21 | => Similar to hard disk
22 | => Presistent in nature
23 | => Upto 30GB is Free
24 | => EBS HDD & SDD(solid state disk)
25 | => AMI backuped by EBS volume
26 | => Stop, Run, Terminate & reboot
27 |
28 | Instance Store volume (epnemeral volume)
29 | => Similar to RAM
30 | => Volatile in nature
31 | => Running, Terminate
32 |
33 | Amazone => EBS+ HVM
34 |
35 | ENA=> Network connectors
36 |
37 | Hypervisior mange the resources
38 |
39 |
40 | /************************
41 | Purchasing option
42 | *************************/
43 | On Demand Instance => Pay as yo go(/hr)
44 | Reserved Instance => For long term (upto 75% for total)
45 | > 1 yr to 3 yrs
46 | > All upfront, Partial upfront, No upfront
47 |
48 | Spot Instance => Binding or auction
49 | => 2 min and terminate my instance
50 | => 90% cost benift
51 | => Interruption can happen on biding price
52 | => Testing , learning or
53 | => Duration(1hr to 6 hr)
54 |
55 | /************************
56 | Tenancy
57 | *************************/
58 |
59 | Shared => Multiple VM on same physical device
60 | Dedicate instance => Instance storage is Presistent and remain as backup
61 | Dedicate Host => Dedicated physical Machine for my VM
62 |
63 |
64 |
65 | /************************
66 | Use linux as web server
67 | *************************/
68 | => sudo su -
69 | => yum install httpd -y
70 | => cd /var/www/html
71 | => vi index.html
72 | => Hi welcome
73 | => chmod 755 index.html
74 | => service httpd start
75 | => chkconfig httpd on
76 | => publicip/ index.html
77 |
78 | /************************
79 | Use Windows as web server
80 | *************************/
81 | => Install IIS
82 | => Install-WindowsFeature -name Web-Server -IncludeManagementTools
83 | => C:/inetpub/wwwroot/index.html
84 | => Hi welcome
85 | => publicip/ index.html
86 |
87 | /************************
88 | Golden Image(Custome Image) AMI
89 | *************************/
90 | => Select Instance
91 | =>Action
92 | =>Image
93 | =>Create Image
94 | => Name & No Reboot
95 |
96 | EC2 => Images => AMI (images list here)
97 |
98 | Copy to other Region
99 | => Select Image
100 | =>Action
101 | => Modify Image Perission
102 | |
103 | ------------------------
104 | | |
105 | Public Add Aws User Account Number
106 |
107 | /**********************
108 | Create volume
109 | **************************/
110 | Linux
111 | => xvda
112 | xen, virtual, disk , a is for first volume
113 |
114 | => Elastic Block Storage
115 | => Create Volume
116 | => AZ(create in same AZ as EC2)
117 | => Create Volume
118 |
119 | /**********************
120 | Attach volume
121 | **************************/
122 | => Select Volume
123 | => Actions
124 | => Attach volume
125 | => Select Instance
126 | =>Done
127 |
128 | /**********************
129 | Snapshot Of EBS
130 | **************************/
131 | => Select Volume
132 | => Action
133 | => create Snapshot
134 | => tag
135 | => Create
136 |
137 | AMI in EBS
138 | Volume in S3
139 |
140 | /**********************
141 | Vertiacl Scale
142 | **************************/
143 | => Select Instance
144 | => Stop Instance
145 | => Action
146 | => Instance Setting
147 | => Change instance Type
148 | => Select Type
149 | =>Apply
150 |
151 |
152 | /**********************
153 | Placement Group
154 | *******************/
155 | Cluster is in single AZ on same physical server
156 | Spreed in single AZ but different physical Server
157 | => Placement Group
158 | => Create Placement Group
159 | => Name and Stargey
160 |
161 | => Logical grouping of instance
162 | => To improve through put and reduce latency
163 | => 10 Gib
164 | => Heavy I/O should in once placement group
165 |
166 | /**********************
167 | Change Key Pair
168 | *******************/
169 | => Select Key pair tab
170 | => Create new key Pair
171 |
172 | =>Select instance
173 | => Action
174 | => Instance Setting
175 | => View & change user data
176 |
177 |
178 |
179 | //
180 | Auto Scaling
181 | Load Balancing
182 | S3
183 | DataBase
184 |
185 |
186 | //VPC
187 | //Route53
188 | //Cloud Watch
189 | //Cloud Trail
190 |
191 | SNS
192 | SQS
193 | SES
194 | OpsWork
195 | Well Arch
196 |
197 | --------
198 | Lamdba
199 | CodePipeLine
200 | Ecs
201 |
202 |
203 |
204 |
--------------------------------------------------------------------------------
/VPC:
--------------------------------------------------------------------------------
1 | CIDR=> ClassLess interdomain routing
2 |
3 | IPv4 => 32bits
4 | IPv6 => 128bits
5 |
6 | IPv4 32bits
7 | (0-255)
8 | 0.0.0.0/16 ------0.0.0.0/28
9 |
10 | 0.0.0.0/16 ==> 32-16 = 16 => 2^16 => 65536Ip address -5
11 | 0.0.0.0/24 ==> 32-24 = 8 => 2^8 == 256-5
12 | 0.0.0.0/28 => 32-28 = 4=> 2^4 = 16 -5 =
13 |
14 | Understand VPC
15 | Design Arch. of VPC
16 | And Implement VPC
17 | *************************
18 | 40% exam question from VPC
19 | Public IP = accesicable Outside and Auto generated
20 | Private IP => accesicablein VPC and auto generated
21 | Elastic Public Static IP=> If IP is attached to Instance
22 | its free, If you keepn it idel
23 | its chargeable
24 |
25 | IPv4
26 | -32Bit
27 | x.x.x.x/16 - x.x.x.x/28
28 | 10.0.0.0/16 = 32-16 = 16 => 2^16 = 65536 ipaddress
29 | 10.0.0.0/24 = 32-24 = 8 => 2^8 = 256
30 | 10.0.0.0/28 = 32-28 = 4 => 2^4 = 16
31 |
32 |
33 |
34 |
35 | IPv6
36 | -128Bit
37 |
38 |
39 | VPC1 | VPC2
40 | 192.65.32.1 | 192.65.32.2
41 | 10.0.0.1/20 | 10.0.0.1/20
42 | 10.0.0.2/21 | 10.0.0.2/21
43 |
44 | /**************************
45 | Step To create VPC
46 | ****************************/
47 | =>On AWS console
48 | => Networking
49 | =>VPC
50 | => Your VPC
51 | =>Create VPC
52 | => Provide VPC
53 | Name Cidr
54 | demovpc 10.0.0.0/16
55 | =>Create
56 |
57 | *** It will create one default Route table
58 |
59 | /**************************
60 | launch Subnet
61 | ****************************/
62 | => Subnet
63 | =>Create Subnet
64 | =>Enter details
65 | Name VPC Availability Zone IPv4 CIDR block
66 | Public Demovpc Select az 10.0.1.0/24
67 | Private Demovpc Select az 10.0.2.0/24
68 |
69 | *** IPv4 CIDR block => Should be unique
70 | *** All Subets default enter in default Route Table
71 |
72 | /**************************
73 | Create Route table
74 | ****************************/
75 | => Route Table
76 | =>Create RouteTable
77 | => Provid
78 | Name VPC
79 | PublicRT Demovpc
80 | PrivateRt DemoVpc
81 |
82 | /**************************
83 | Create Internet Gateway
84 | ****************************/
85 | => Internet Gateway
86 | => Create Internet Gateway
87 | => Provide
88 | Name
89 | demovpcIg
90 |
91 | ** Default it's deteched
92 |
93 | /**************************
94 | Set to attch Internet Gateway
95 | ****************************/
96 | => Select your IG
97 | =>Action
98 | =>Attach IG
99 | => Select VPC
100 |
101 | /**************************
102 | Add Subnet to route Table
103 | ****************************/
104 | => Select Route table
105 | =>Action
106 | => Edit Subnet Association
107 | => Select Subnet
108 | =>Save
109 |
110 | /**************************
111 | Step to associate Ig
112 | ****************************/
113 | => Select PublicRT
114 | => Action
115 | =>EditRoutes
116 | =>Provide
117 | Destination Target
118 | 0.0.0.0/0 Select Internet Gateway
119 | => Select your IG
120 |
121 | /**********************************
122 | Launch Instance in Public Subnet
123 | ************************************/
124 | => Go To EC2
125 | =>Launch Instance
126 | =>Select Amazon Linux AMI 2018.03.0
127 | =>Next
128 | =>Provide
129 | Network Subnet Auto-assign Public IP
130 | DemoVpc Public Enable
131 | =>Next
132 | =>Storage(default)
133 | =>Tag
134 | Name PublicLinux
135 | =>Launch
136 |
137 | *** In Private Sunet 'Auto-assign Public IP' Should be disable
138 |
139 | PuttyGen
140 | => .pem =>.ppk
141 |
142 | /**********************************
143 | Step to connect with Instance
144 | ************************************/
145 | =>Select EC2
146 | => connect
147 | =>Window => connect to PuttyGen
148 | =>mac/linux => ssh
149 | =>enter command in terminal with right .pem file access
150 |
151 | *** make .pem file readable
152 | => chmod 400
153 |
154 | /**********************************
155 | Step to connect Public with Private
156 | ************************************/
157 |
158 | *** We need .pem file of Private
159 | We will copy .pem file and create
160 | one new file in public instance to access private instance
161 | /###############
162 | Step to create .pem in Public instance
163 | ###############/
164 | => Connect with public instance
165 | =>sudo su -
166 | =>vi demoprivate.pem
167 | =>press esc
168 | =>:wq!
169 | => Provide Permisson
170 | =>ssh -i 'demoprivate.pem' ec2-user@10.0.2.67
171 | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html?icmpid=docs_ec2_console
172 |
173 |
174 | /**************************
175 | Step To create NAT Gateway
176 | ****************************/
177 | => Generate Elastic IP
178 | => Elastic IP
179 | =>amazon pool
180 | => Allocate
181 | *** Its Paid if its not attached
182 |
183 | =>Select NAT Gateway
184 | =>Provide
185 | Subnet ElasticIP
186 | Public subnet Generated EIP
187 |
188 | /**************************
189 | Attach to Route Table
190 | ****************************/
191 | => Go to RouteTable
192 | =>Private Route table
193 | =>Actions
194 | =>Edit Routes
195 | =>Provide
196 | Destination Target
197 | 0.0.0.0/0 Nat
198 |
199 | /**************************
200 | Testing of Nat
201 | ****************************/
202 | => Connect private machine from public subnet
203 | =>Try ping google.com
204 |
205 |
206 | /**************************
207 | Step To create NAT Instance
208 | ****************************/
209 | => EC2
210 | =>Instance
211 | =>Launch Instance
212 | =>Select Community AMI
213 | =>Search NAT
214 | =>Select First Nat
215 | =>Configuration
216 | Provide
217 | Demovpc public subnet
218 | =>launch
219 |
220 | /**************************
221 | Step To Associate EIP with NAT
222 | ****************************/
223 | => Select Elastic IP
224 | =>Generate New EIP
225 | =>Select EIP
226 | =>Action
227 | =>Associate Address
228 | =>Select Instance
229 | =>NAt Instance
230 |
231 | =>Route Table
232 | =>Priavte RouteTable
233 | =>Select Route
234 | =>Edit Route
235 | =>Provide
236 | 0.0.0.0/0 Instance(NAT)
237 |
238 | =>Go To EC2
239 | =>Select NAT instance
240 | =>securityGroup
241 | =>launch-wizard
242 | =>Inbound
243 | =>Edit
244 | =>Add Rule
245 | =>Provide
246 | Type CIDR
247 | ALL ICMP 10.0.2.0/24
248 |
249 | /**************************
250 | SG & ACL
251 | ****************************/
252 | SG
253 | >Virtual Firewall accross the instance
254 | >statefull in nature
255 | >only allow Rule
256 | >deny all mode
257 |
258 | NACl
259 | Virtual firewall accross the subnet
260 | >stateless
261 | >allow & denay also
262 | >everything is allowed
263 |
264 |
265 | /**************************
266 | Step For SG
267 | ****************************/
268 | =>securityGroup in EC2 consle
269 | =>Create securityGroup
270 | =>Provide
271 | Name description VPC
272 | mysg aboutmysg Dmeo
273 |
274 |
275 | /**************************
276 | Step For ACL
277 | ****************************/
278 | => Newtwork ACL(vpc)
279 | =>Provide Name
280 | =>Select VPC
281 | =>Add Rule
282 | *** Prioerity is on the basis of Rule number
283 | lower the rule number higher the priority
284 |
285 |
--------------------------------------------------------------------------------