Success! The pinapathrunisaikiran.co.in server block is working!
28 |
29 |
30 |
31 |
32 | - sudo nano /etc/nginx/sites-available/pinapathrunisaikiran.co.in
33 |
34 | server {
35 | listen 80;
36 | listen [::]:80;
37 |
38 | root /var/www/pinapathrunisaikiran.co.in/html;
39 | index index.html index.htm index.nginx-debian.html;
40 |
41 | server_name pinapathrunisaikiran.co.in www.pinapathrunisaikiran.co.in;
42 |
43 | location / {
44 | try_files $uri $uri/ =404;
45 | }
46 | }
47 |
48 |
49 | - sudo ln -s /etc/nginx/sites-available/pinapathrunisaikiran.co.in /etc/nginx/sites-enabled/
50 |
51 | - sudo nginx -t
52 |
53 | - sudo systemctl restart nginx
54 |
55 | sudo certbot certonly \
56 | --agree-tos \
57 | --email pinapathruni.saikiran@gmail.com \
58 | --manual \
59 | --preferred-challenges=dns \
60 | -d *.pinapathrunisaikiran.co.in \
61 | --server https://acme-v02.api.letsencrypt.org/directory
62 |
63 |
64 |
65 | FOR HTTP TO HTTPS FORWARDING RUN THE BELOW COMMAND.
66 |
67 | certbot --nginx
68 |
--------------------------------------------------------------------------------
/Day01/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
5 | ###### IP Explained #######
6 |
7 | # Network Setup Guide
8 |
9 | Welcome to the Network Setup Guide! This guide will help you understand the basics of IP addresses, classes, public and private IPs, and how to configure them for different environments.
10 |
11 | ## Understanding IP Addresses
12 |
13 | In any network setup, devices communicate with each other using IP addresses. There are two types of IP addresses:
14 |
15 | 1. **IPv4:** Shorter addresses, like phone numbers for devices.
16 | 2. **IPv6:** Longer addresses, similar to phone numbers but with more digits.
17 |
18 | ## IP Address Ranges
19 |
20 | IPv4 addresses range from `0.0.0.0` to `255.255.255.255`. They are divided into five classes: A, B, C, D, and E.
21 |
22 | - **Class A:** `1.0.0.0` to `126.255.255.255`
23 | - **Class B:** `128.0.0.0` to `191.255.255.255`
24 | - **Class C:** `192.0.0.0` to `223.255.255.255`
25 |
26 | Classes D and E are reserved for specific purposes and not commonly used.
27 |
28 | ## Loopback Address
29 |
30 | You might wonder why `127` is skipped. `127.0.0.1` is reserved for loopback, meaning a device pings itself.
31 |
32 | ## Public and Private IPs
33 |
34 | As IP addresses are limited, there's a concept of public and private IPs.
35 |
36 | - **Public IPs:** Used for communication over external networks.
37 | - **Private IPs:** Used internally within closed infrastructures or office environments.
38 |
39 | ### Private IP Ranges
40 |
41 | Private IPs are reserved within specific ranges:
42 |
43 | - `10.0.0.0` to `10.255.255.255` (`10/8 prefix`)
44 | - `172.16.0.0` to `172.31.255.255` (`172.16/12 prefix`)
45 | - `192.168.0.0` to `192.168.255.255` (`192.168/16 prefix`)
46 |
47 | These addresses are for internal use only and should not be accessible from outside the network.
48 |
49 | ## Configuring IP Addresses
50 |
51 | ### Example
52 |
53 | To demonstrate, you can open CMD and type `ipconfig` to view your IPv4 private address. Then, by searching "my public IP" on Google, you can find your public IP address.
54 |
55 | 
56 |
57 | In the diagram above, you can see how public and private IPs are used in different environments.
58 |
59 | Now you have a basic understanding of IP addresses, classes, and how to use public and private IPs effectively. Happy networking!
60 |
61 |
62 | 
63 |
--------------------------------------------------------------------------------
/Day02/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 | ############## AWS VPC ####################
5 |
6 | # AWS VPC Setup Guide
7 |
8 | Welcome to the AWS VPC Setup Guide! This guide will walk you through the process of creating a Virtual Private Cloud (VPC) along with its components such as subnets, Internet Gateway, and Routing tables.
9 |
10 | ## What is VPC?
11 |
12 | A Virtual Private Cloud (VPC) is a virtual network environment within AWS that allows you to create a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define.
13 |
14 | ## Creating VPC
15 |
16 | To create a VPC:
17 | 1. Go to the AWS Management Console.
18 | 2. Navigate to the VPC dashboard.
19 | 3. Click on "Create VPC" and specify the VPC details such as CIDR block.
20 |
21 | ## Creating Subnets & Internet Gateway
22 |
23 | ### Subnets
24 | Subnets are subdivisions of a VPC's IP address range. They help organize and manage different parts of your network.
25 |
26 | Imagine a large plot of land that you want to develop into a residential area. Subnets are like individual buildings within this plot, each containing multiple flats.
27 |
28 | To create subnets:
29 | 1. Navigate to the VPC dashboard.
30 | 2. Click on "Subnets" and then "Create Subnet".
31 | 3. Specify the subnet details including CIDR block and Availability Zone (AZ).
32 |
33 | ### Internet Gateway (IGW)
34 | An Internet Gateway allows communication between instances in your VPC and the internet.
35 |
36 | To create an Internet Gateway:
37 | 1. Navigate to the VPC dashboard.
38 | 2. Click on "Internet Gateways" and then "Create Internet Gateway".
39 | 3. Attach the Internet Gateway to your VPC.
40 |
41 | ## Creating Routing Tables
42 |
43 | Routing tables define how traffic is directed within the VPC. They control the flow of traffic between subnets, internet gateways, and other network devices within the VPC.
44 |
45 | To create a routing table:
46 | 1. Navigate to the VPC dashboard.
47 | 2. Click on "Route Tables" and then "Create Route Table".
48 | 3. Define the routing rules, ensuring that traffic flows efficiently and securely to its intended destination.
49 |
50 | ## Example on VPC
51 |
52 | On a high level, each company's data and applications are kept separate and secure within their own VPC. Subnets help organize different stages of the software development lifecycle.
53 |
54 | 
55 |
56 | Now you have configured VPC and Subnets successfully!
57 |
58 | ## Internet Gateway & Route Tables
59 |
60 | ### Internet Gateway (IGW)
61 | An Internet Gateway allows communication between instances in your VPC and the internet.
62 |
63 | ### Route Tables
64 | Route tables control the flow of traffic within the VPC. They ensure that traffic is directed efficiently and securely to its intended destination.
65 |
66 | To configure Internet Gateway and Route Tables:
67 | 1. Create an Internet Gateway and attach it to your VPC.
68 | 2. Create a Route Table and define routing rules, allowing traffic to flow between subnets and the internet.
69 |
70 | Remember to allow public subnets to access the internet by configuring the route table appropriately.
71 |
72 | ***Note:*** In routing tables, `0.0.0.0/0` means traffic not destined for the local network (e.g., `10.35.0.0/16`) should be routed to the internet gateway.
73 |
74 | Now you have a fully functional VPC with its components set up properly! Happy networking!
75 |
76 | 
77 |
--------------------------------------------------------------------------------
/Day03/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 |
5 | ####### VPC PEERING #############
6 |
7 | # VPC Peering Guide
8 |
9 | Welcome to the VPC Peering Guide! This guide will walk you through the process of setting up VPC peering between different Virtual Private Clouds (VPCs) in AWS.
10 |
11 | ## Real-Time Example
12 |
13 | Imagine you work for an MNC with data located in both the US and Europe regions. Your company uses AWS to host various services and critical applications. You have VPCs in the US East (Ohio) and EU (Ireland) regions.
14 |
15 | ### Before VPC Peering
16 |
17 | Without VPC peering, communication between resources in separate VPCs and regions is not possible directly. This may lead to increased latency, security risks, additional costs, and potential data security compromises.
18 |
19 | ### After Peering
20 |
21 | Setting up VPC peering establishes a private connection between the VPCs, enabling seamless communication between resources, reducing latency, and enhancing security.
22 |
23 | ## Setting Up VPC Peering
24 |
25 | To set up VPC peering:
26 | 1. **Draw the Diagram**: Visualize the architecture to understand the network topology.
27 | 2. **Create VPCs**: Create three VPCs, two in the US East 1A (10.1.0.0/16, 172.16.0.0/16) and one in US East 2A (192.168.0.0/16).
28 | 3. **Create EC2 Instances**: Launch EC2 instances in each VPC, ensuring Nginx script is included in the user data.
29 | 4. **Configure Security Groups**: Allow necessary inbound and outbound traffic in the security groups for all VPCs and EC2 instances.
30 | 5. **Set Up VPC Peering**: Establish VPC peering connections between the VPCs, ensuring no IP overlap and no transits support.
31 |
32 | 
33 |
34 | Now, by setting up VPC peering, you've created a private connection between VPCs, enabling seamless communication between resources across different regions.
35 |
36 | Remember to follow the two important rules when creating VPC peering connections: no IP overlap and no transits support.
37 |
38 | Happy networking!
39 |
40 | 
41 |
--------------------------------------------------------------------------------
/Day04/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 |
5 | # VPC Flow Logs Guide
6 |
7 | Welcome to the VPC Flow Logs Guide! This guide will help you understand the importance of VPC flow logs and how to set them up in AWS.
8 |
9 | ## Understanding VPC Flow Logs
10 |
11 | After creating an EC2 instance, how does it connect to the internet? The network interface (ENI) is created, which connects to a subnet, and that subnet is connected to a VPC. There are three types of flows:
12 |
13 | 1. **ENI to Subnet:** Traffic flow between the network interface and the subnet.
14 | 2. **Subnet to VPC:** Traffic flow between the subnet and the VPC.
15 | 3. **ENI to VPC:** Aggregated traffic flow between the network interface and the VPC.
16 |
17 | ## Purpose of VPC Flow Logs
18 |
19 | VPC flow logs are essential for auditing and tracing network traffic. They provide insights into network activities and help detect and investigate security breaches. For example, if there's a breach, the audit team may ask for VPC flow logs to trace the traffic. Additionally, compliance standards such as PCI DSS require organizations to maintain transaction history for security and governance purposes.
20 |
21 | ## Setting Up VPC Flow Logs
22 |
23 | To set up VPC flow logs:
24 | 1. **Create Instance:** Launch an EC2 instance.
25 | 2. **Create S3 Bucket:** Create an S3 bucket to store the flow logs centrally.
26 | 3. **Configure Flow Logs:** Go to the VPC dashboard and create flow logs for the desired VPCs.
27 |
28 | ## Generating Logs
29 |
30 | To generate logs, you can use the cloud shell and run a script to continuously hit a website and capture traffic:
31 |
32 | ```bash
33 | curl ec2-35-173-233-127.compute-1.amazonaws.com
34 | while true
35 | do
36 | curl ec2-35-173-233-127.compute-1.amazonaws.com | grep -I nginx
37 | sleep 1
38 | done
39 | ```
40 |
41 | This script will generate continuous traffic hitting the specified website, allowing you to observe and capture flow logs.
42 |
43 | By setting up VPC flow logs, you ensure visibility into your network traffic, aiding in security monitoring and compliance requirements.
44 |
45 | Happy logging!
46 |
--------------------------------------------------------------------------------
/Day05/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 | VPC Endpoints Guide
5 | Welcome to the VPC Endpoints Guide! In this guide, we'll explore how VPC endpoints can be used to securely access AWS services without the need for public internet connectivity.
6 |
7 | Introduction
8 | Consider a scenario where you have a highly sensitive application deployed within an Amazon VPC (Virtual Private Cloud) in your AWS account. This application needs to securely access AWS services such as Amazon S3 and Amazon DynamoDB without exposing it to the public internet. Additionally, you want to restrict access to these services to only resources within your VPC.
9 |
10 | VPC Endpoints Overview
11 | VPC endpoints enable servers within a VPC to communicate with other AWS services internally, without needing to route traffic through the public internet. There are two types of VPC endpoints:
12 |
13 | Gateway Endpoints: Used for services like S3 and DynamoDB.
14 | Interface Endpoints: Create a network interface on a corresponding subnet for other services.
15 | Gateway Endpoints
16 | To set up a gateway endpoint:
17 |
18 | Remove the route to the NAT gateway and disable all public access.
19 | Go to the VPC dashboard, select S3 gateway endpoints, choose your VPC, and select both public and private routing tables. Create endpoints and wait for the file to be downloaded.
20 | Verify by checking the private routing table.
21 | Interface Endpoints
22 | To set up interface endpoints:
23 |
24 | Create a role for EC2 instances with managed instance core and SSM permissions.
25 | Attach the IAM role to both public and private instances and reboot them.
26 | Create endpoints for ec2messages, SSMMESSAGES, and SSM, selecting the proper private instance region, subnet, and security group. Reboot the private server and wait.
27 | Test by checking internet connectivity (should not work) and downloading an image from S3 (should work).
28 |
--------------------------------------------------------------------------------
/Day06/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
5 | # Security Groups vs Network Access Control Lists (NACLs)
6 |
7 | Let's delve into the differences between security groups (SG) and network access control lists (NACLs) in AWS, using the analogy of firewalls and practical examples to illustrate their functionalities.
8 |
9 | ## Security Groups
10 |
11 | Security groups act as stateful firewalls, controlling traffic at the instance level based on rules. They regulate inbound and outbound traffic and are associated with individual instances.
12 |
13 | ### Practical Example
14 |
15 | Suppose you have an instance with default security group settings:
16 | - All inbound traffic is denied by default.
17 | - Outbound traffic is allowed by default.
18 |
19 | 1. **Allow All Inbound Traffic:** Delete the outbound rules and test internet connectivity. You'll notice that the instance can connect to the internet.
20 | 2. **Restrict Outbound Access to Websites:** Add outbound rules for HTTP and HTTPS. Test again to ensure only website access is permitted.
21 | 3. **Allow ICMP Protocol for Ping:** As ping uses ICMP protocol, add an outbound rule to allow ICMP traffic for ping to work.
22 |
23 | Remember, security groups start with a default deny stance and require explicit rules to allow traffic.
24 |
25 | ## Network Access Control Lists (NACLs)
26 |
27 | NACLs, on the other hand, function as stateless firewalls, controlling traffic at the subnet level based on rules. They evaluate inbound and outbound traffic separately and are associated with subnets.
28 |
29 | ### Real-Time Scenario
30 |
31 | Let's consider a scenario where you have a web server that needs to be accessible from the internet. Here's the setup:
32 | - Outbound Rules: Allow all traffic.
33 | - Inbound Rules: Allow TCP port 80 from 0.0.0.0/0 (anywhere) for web traffic and TCP port 22 from your IP address for SSH access.
34 |
35 | By configuring NACLs in this manner, you ensure that web traffic (HTTP) is allowed from anywhere while SSH access is restricted to your IP address only.
36 |
37 | ## Comparison: SG vs NACL
38 |
39 | - **Security Groups:** Work at the instance level. They are stateful and require explicit rules for inbound and outbound traffic.
40 | - **NACLs:** Operate at the subnet level. They are stateless and evaluate inbound and outbound traffic separately, with the option to allow or deny traffic based on defined rules.
41 |
42 | Remember, in an interview scenario, you may be asked to differentiate between security groups and NACLs. Security groups regulate traffic at the instance level, while NACLs control traffic at the subnet level, offering both allow and deny options based on defined rules.
43 |
44 | 
45 |
46 | This diagram visually represents the differences between security groups and NACLs in AWS, highlighting their respective scopes and functionalities.
47 |
48 |
49 | 
50 |
51 |
--------------------------------------------------------------------------------
/Day07/README.md:
--------------------------------------------------------------------------------
1 | 
2 | # NAT Gateway Guide
3 |
4 | Welcome to the NAT Gateway Guide! In this guide, we'll explore what NAT gateways are, how they work, and how to set them up in AWS.
5 |
6 | ## What is a NAT Gateway?
7 |
8 | A NAT (Network Address Translation) gateway is a managed AWS service that enables instances within a private subnet to connect to the internet or other AWS services while preventing inbound traffic from reaching those instances.
9 |
10 | ## How does a NAT Gateway Work?
11 |
12 | When instances in a private subnet need to access the internet or AWS services, they send their traffic to the NAT gateway. The NAT gateway then forwards the traffic to the internet or the specified AWS service. When the response returns, the NAT gateway sends it back to the instances in the private subnet.
13 |
14 | ## Setting Up a NAT Gateway
15 |
16 | To set up a NAT gateway:
17 | 1. Navigate to the VPC dashboard in the AWS Management Console.
18 | 2. Select "NAT Gateways" and click on "Create NAT Gateway."
19 | 3. Choose the subnet where you want to deploy the NAT gateway and allocate an Elastic IP address for it.
20 | 4. Review and create the NAT gateway.
21 |
22 | ## Practical Example
23 |
24 | Let's say you have a VPC with public and private subnets. Your web servers are in the public subnet, and your application servers are in the private subnet. Your application servers need to access the internet to download software updates.
25 |
26 | By deploying a NAT gateway in the public subnet and routing traffic from the private subnet through it, your application servers can securely access the internet while remaining protected from inbound traffic initiated from the internet.
27 |
28 | ## Benefits of Using a NAT Gateway
29 |
30 | - **Security:** NAT gateways help maintain the security of your private instances by preventing direct inbound traffic.
31 | - **Simplicity:** NAT gateways are fully managed by AWS, reducing the operational overhead for managing NAT instances.
32 | - **Scalability:** NAT gateways automatically scale up to meet your traffic demands without manual intervention.
33 |
34 | ## Considerations
35 |
36 | - **Cost:** NAT gateways incur hourly charges as well as data processing charges for traffic routed through them.
37 | - **High Availability:** For high availability, deploy NAT gateways across multiple Availability Zones within your VPC.
38 |
39 | By leveraging NAT gateways, you can securely enable internet access for instances in private subnets, facilitating communication with external resources while maintaining a secure network environment.
40 |
41 | Happy networking with NAT gateways!
42 |
43 |
44 | 
45 |
46 |
--------------------------------------------------------------------------------
/Day08/Practicals-README.md:
--------------------------------------------------------------------------------
1 | # AWS Transit Gateway (TGW) Practical Demo
2 |
3 | ### What is Transit Gateway (TGW)?
4 | • Transit Gateway is a AWS service which helps in centralising connectivity between multiple VPCs, on-prem networks and even other AWS Accounts
5 | • Reduces the need of VPC peering simplifying network management
6 | • Also called as Site to Site (or) Tunnel to Tunnel VPN Connection
7 |
8 | # Practical Demo Steps
9 |
10 | ## Create Two VPCs in the Mumbai Region
11 | - **VPC-1**: CIDR - `10.0.0.0/16`
12 | - **VPC-2**: CIDR - `192.168.0.0/16`
13 |
14 | ## Update Security Groups
15 | - Allow "All Traffic" in both VPCs.
16 |
17 | ## Create a Transit Gateway
18 |
19 | ## Attach Transit Gateway to Both VPCs
20 | - Use Transit Gateway attachments, selecting the corresponding Transit Gateway and VPCs.
21 |
22 | ## Launch EC2 Instances
23 | - Deploy one EC2 instance each in **VPC-1** and **VPC-2** for testing.
24 |
25 | ## Configure Route Tables
26 | - Create route tables for **VPC-1** and **VPC-2**, directing traffic to each other's CIDR blocks via the Transit Gateway created earlier.
27 |
28 | ## Test Connectivity
29 | - Use the `ping` command with the private IPs of the EC2 instances in both VPCs to verify connectivity.
30 |
31 | ## Validate Connectivity
32 | - Ensure the `ping` command successfully exchanges packets, confirming proper routing and Transit Gateway configuration.
33 |
34 | ## Create a VPC in the North Virginia Region
35 | - **VPC-3**: CIDR - `172.168.0.0/16`
36 |
37 | ## Update Security Groups
38 | - Allow "All Traffic" in **VPC-3**.
39 |
40 | ## Create a Transit Gateway
41 |
42 | ## Attach Transit Gateway to VPC-3
43 | - Use Transit Gateway attachments to link the Transit Gateway with **VPC-3**.
44 |
45 | ## Launch an EC2 Instance in VPC-3
46 | - Deploy an EC2 instance in **VPC-3** for testing.
47 |
48 | ## Configure Route Tables
49 | - Set up route tables in **VPC-3** for **VPC-1** and **VPC-2** CIDR blocks.
50 |
51 | ## Update Mumbai Region Route Tables
52 | - Configure route tables in **VPC-1** and **VPC-2** to route traffic to **VPC-3** via the Transit Gateway.
53 |
54 | ## Verify Routing Configuration
55 | - Ensure all routing configurations are complete.
56 |
57 | ## Create a Transit Gateway Peering Connection
58 | - Establish a Transit Gateway peering connection from the North Virginia region to the Mumbai region to enable inter-region traffic flow.
59 |
60 | ## Accept the Peering Connection
61 | - Approve the Transit Gateway peering request from the Mumbai region.
62 |
63 | ## Update Static Routes
64 | - Update the Transit Gateway route tables:
65 | - Add **VPC-1** and **VPC-2** CIDRs with their Transit Gateway attachments in the North Virginia region.
66 | - Similarly, add **VPC-3** CIDR and its Transit Gateway attachment in the Mumbai region.
67 |
68 | ## Test Final Connectivity
69 | - Use the `ping` command to validate connectivity between EC2 instances across all VPCs.
70 | - Confirm successful traffic flow.
71 |
--------------------------------------------------------------------------------
/Day08/README.md:
--------------------------------------------------------------------------------
1 |
2 |
3 | # Transit Gateway Configuration Guide
4 |
5 | Welcome to the Transit Gateway Configuration Guide! In this guide, we'll explore what Transit Gateways are, how they work, and how to set them up in AWS.
6 |
7 | ## What is a Transit Gateway?
8 |
9 | A Transit Gateway is a network transit hub that enables you to connect multiple VPCs, VPNs, and on-premises networks to streamline network connectivity and management within your AWS infrastructure.
10 |
11 | ## How does a Transit Gateway Work?
12 |
13 | Transit Gateways act as a central hub for routing traffic between connected networks. They simplify network architecture by providing a single point of entry and exit for traffic, reducing the need for complex VPC peering configurations.
14 |
15 | ## Setting Up a Transit Gateway
16 |
17 | To set up a Transit Gateway:
18 |
19 | 1. **Navigate to the Transit Gateway Console:**
20 | - Access the AWS Management Console and navigate to the Transit Gateway service.
21 |
22 | 2. **Create a Transit Gateway:**
23 | - Click on "Create Transit Gateway" and provide details such as name, description, and Amazon side ASN (Autonomous System Number).
24 |
25 | 3. **Add Attachments:**
26 | - Attach VPCs, VPN connections, and Direct Connect gateways to the Transit Gateway to establish connectivity.
27 |
28 | 4. **Configure Route Tables:**
29 | - Define route tables to specify how traffic should be routed between attached networks.
30 |
31 | 5. **Propagation of Routes:**
32 | - Propagate routes from attached VPCs or VPN connections to ensure proper routing of traffic.
33 |
34 | 6. **Associate Subnets:**
35 | - Associate subnets from attached VPCs with the Transit Gateway to enable communication between resources.
36 |
37 | 7. **Testing and Validation:**
38 | - Test connectivity between resources in different networks to ensure proper routing through the Transit Gateway.
39 |
40 | ## Benefits of Using a Transit Gateway
41 |
42 | - **Simplified Network Architecture:** Transit Gateways simplify network connectivity by providing a centralized hub for routing traffic.
43 | - **Scalability:** They support the connection of thousands of VPCs and on-premises networks, allowing for scalable network expansion.
44 | - **Cost-Effective:** Transit Gateways eliminate the need for multiple VPN connections and complex VPC peering arrangements, reducing operational costs.
45 |
46 | ## Considerations
47 |
48 | - **Data Transfer Costs:** Data transfer costs may apply for traffic traversing the Transit Gateway between regions or across AWS services.
49 | - **High Availability:** Deploy Transit Gateways across multiple Availability Zones for high availability and fault tolerance.
50 |
51 | By leveraging Transit Gateways, you can establish a scalable and efficient network architecture in AWS, facilitating seamless communication between VPCs, VPNs, and on-premises networks.
52 |
53 | Happy networking with Transit Gateways!
54 |
--------------------------------------------------------------------------------
/Day09/README.md:
--------------------------------------------------------------------------------
1 |
2 | 
3 |
4 |
5 | # Understanding EC2 Instance Types and Cost-Saving Techniques
6 |
7 | In AWS, EC2 instances offer various pricing options to suit different usage patterns and budget considerations. Let's explore the different types of EC2 instances and cost-saving techniques you can employ.
8 |
9 | ## EC2 Instance Types
10 |
11 | 1. **On-Demand Instances:**
12 | - Pay-as-you-go pricing model where you pay for compute capacity by the hour or second with no long-term commitments.
13 | - Ideal for short-term workloads, unpredictable usage, or testing environments.
14 |
15 | 2. **Reserved Instances (RIs):**
16 | - Commit to a specific instance type in a region for a one- or three-year term and receive significant discounts compared to On-Demand pricing.
17 | - Suitable for steady-state workloads with predictable usage patterns, providing substantial cost savings over time.
18 |
19 | 3. **Spot Instances:**
20 | - Bid for spare Amazon EC2 computing capacity at a significantly lower price compared to On-Demand instances.
21 | - Perfect for fault-tolerant and flexible workloads, such as batch processing, data analysis, and testing.
22 |
23 | 4. **Launch Templates:**
24 | - Define the configuration of an EC2 instance, including the AMI, instance type, network settings, and storage, and then use it to launch instances repeatedly.
25 | - Streamlines instance provisioning and ensures consistency across deployments.
26 |
27 | ## Cost-Saving Techniques
28 |
29 | 1. **Reserved Instances (RIs):**
30 | - Identify long-term workload requirements and purchase RIs to benefit from significant cost savings over On-Demand pricing.
31 | - Opt for All Upfront, Partial Upfront, or No Upfront payment options based on your budget and cash flow preferences.
32 |
33 | 2. **Spot Instances:**
34 | - Leverage Spot Instances for non-critical workloads or tasks with flexible deadlines to take advantage of cost savings.
35 | - Utilize Spot Fleet or Spot Blocks for more predictable and reliable capacity compared to Spot Instances.
36 |
37 | 3. **Scheduled RIs:**
38 | - Utilize Scheduled RIs to reserve capacity for specific time windows, allowing you to optimize costs for predictable workloads.
39 |
40 | 4. **Resource Optimization:**
41 | - Right-size your EC2 instances by selecting instance types that match your workload requirements to avoid over-provisioning.
42 | - Implement Auto Scaling to dynamically adjust capacity based on demand, optimizing resource utilization and reducing costs.
43 |
44 | 5. **Monitoring and Analysis:**
45 | - Monitor resource usage and performance metrics using AWS Cost Explorer, Trusted Advisor, and third-party tools to identify opportunities for optimization.
46 | - Analyze usage patterns and historical data to make informed decisions about purchasing Reserved Instances or utilizing Spot Instances.
47 |
48 | By understanding the different EC2 instance types and implementing cost-saving techniques, you can effectively manage your AWS infrastructure costs while meeting your application requirements. Choose the pricing model and instance type that best aligns with your workload characteristics and budget constraints.
49 |
--------------------------------------------------------------------------------
/Day09/script.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | I=1
3 | sgids='sg-0664fad55261dd1fa'
4 | for subnet in 'subnet-0d124b5eb12011584' 'subnet-0aacfa913cba54372' 'subnet-0e595f62126dd8670'
5 | do
6 | echo "Creating EC2 Instance in $subnet ..."
7 | aws ec2 run-instances --instance-type t2.nano --launch-template LaunchTemplateId=lt-0bc152f2d8ccfde3e --security-group-ids $sgids --subnet-id $subnet --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=AWSB28-Server-'${I}'}]' >> /dev/null 2>&1
8 | echo "Created EC2 Machine with the name Testserver-${I}"
9 | I=$((I+1))
10 | done
11 |
--------------------------------------------------------------------------------
/Day10/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 | PACKER ALL LAB FILES HERE : https://github.com/saikiranpi/packer.git
5 |
6 |
7 |
8 | AMI With PACKER
9 |
10 | 1- Automation of AMI Creation Using Packer
11 | 2- Secure AMI creation Using Inspector.
12 | 1 – Secure AMI creation Using Inspector:
13 | - Create an EC2 instance and install nginx init from User data. Make sure you are giving the tags as app = Nginx.
14 |
15 | - Download Inspector and Give permissions and install Inspector.
16 |
17 | - Meanwhile comeback to console and configure INSPECTOR (Scanning Will take for 15 min )
18 |
19 | - Assessment target > Create > Name optional >
20 |
21 | - Use tags App: nginx – Save
22 |
23 | - Open amazon inspector > Go to classic Inspector.
24 |
25 | - Assessment templates > Create Name > target (you should select the name you have given)
26 |
27 | - Rile packages > network – security – common vulnerability – CIS operating system.(Central Operating system)
28 |
29 | - It will take some time leave it like that .
30 |
31 |
32 | 3- Automation of AMI Creation Using Packer
33 | Creation of AMI :
34 | - Create a Ec2
35 | - Login and install/configure all application
36 | - Shutdown the machine
37 | - Create AMI image from the machine
38 | - Check the AMI
39 | - Delete the machine
40 | Now we can automate all the steps guys, Daily we cant do all these manually. For achieving these we shall Using Hashicorp packer and terraform.
41 | - Download packer from Packer.io > Binary file > Save it in C dire > Copy the path.
42 | - And follow the steps.
43 |
44 |
45 | Go to Control Panel -> System -> System settings -> Environment Variables.
46 | Scroll down in system variables until you find PATH.
47 | Click edit and change accordingly.
48 | BE SURE to include a semicolon at the end of the previous as that is the delimiter, i.e. c:\path;c:\path2
49 | Launch a new console for the settings to take effect.
50 |
51 | -------
52 | - Now I need Two files , create 1 as packer. Json and copy the code from terraform single instance GitHub and do necessary changes.
53 |
54 | - Now you need access key and secrete key, for that go to IAM > User > name > Attach existing policy > ec2fullaccess > Create security Credentials and paste it on a variable file
55 |
56 | - AMI – VPC – subnet > Copy Ami from the region.
57 |
58 | - Now run the packer with the commands. Wrong command
59 |
60 | - Packer.exe validate –var-file packer-vars.json packer.json
61 |
62 | - $ packer.exe inspect --var-file packer-vars.json packer.json
63 |
64 |
65 |
--------------------------------------------------------------------------------
/Day11/Practicals-README.md:
--------------------------------------------------------------------------------
1 | # Mounting and Attaching EBS Volume to an EC2 Instance
2 |
3 | ## Step 1: Create an EC2 Instance
4 |
5 | Launch an EC2 instance with the following specs:
6 |
7 | - **Instance Type:** t2.micro
8 | - **Root Volume:** 8 GB
9 |
10 | ## Step 2: Create an EBS Volume
11 |
12 | Navigate to the EBS Dashboard and create a volume:
13 |
14 | - **Type:** GP2
15 | - **Size:** 4 GB
16 | - Ensure the volume is in the same Availability Zone (AZ) as your EC2 instance.
17 |
18 | ## Step 3: Attach the Volume
19 |
20 | Attach the newly created EBS volume to your EC2 instance.
21 |
22 | ## Step 4: Login and Verify the Block Device
23 |
24 | 1. SSH into your EC2 instance.
25 | 2. List the block devices using:
26 | ```
27 | lsblk
28 | ```
29 | 3. Confirm the new volume is listed and matches the size you created.
30 |
31 | ## Step 5: Format the Disk and Create a Partition
32 |
33 | 1. Start the disk partitioning tool:
34 | ```
35 | sudo fdisk
36 | ```
37 | 2. Follow these steps in `fdisk`:
38 | - Type `n` to create a new partition.
39 | - Type `p` to make it a primary partition.
40 | - Press Enter three times to accept defaults.
41 | - Type `w` to write changes and exit.
42 |
43 | ## Step 6: Validate the Partition
44 |
45 | Run the `lsblk` command again to ensure the partition is listed under the disk.
46 |
47 | ## Step 7: Create a Filesystem
48 |
49 | Format the partition with the `ext4` filesystem:
50 | ```
51 | sudo mkfs -t ext4
52 | ```
53 |
54 | ## Step 8: Prerequisite to Mount the Disk
55 |
56 | 1. Create a directory to mount the volume:
57 | ```
58 | sudo mkdir /
59 | ```
60 | 2. Add some test data to validate persistence later.
61 |
62 | ## Step 9: Mount the Partition
63 |
64 | Mount the partition to the folder:
65 | ```
66 | sudo mount /
67 | ```
68 |
69 | ## Step 10: Persist Mount on Reboot
70 |
71 | 1. Edit the `fstab` file:
72 | ```
73 | sudo vi /etc/fstab
74 | ```
75 | 2. Add the line. Note: Give the relative (full) path of the folder
76 | ```
77 | / ext4 defaults 0 0
78 | ```
79 | 3. Save and verify using:
80 | ```
81 | cat /etc/fstab
82 | ```
83 |
84 | ## Step 11: Test Persistence
85 |
86 | 1. Stop and start the EC2 instance.
87 | 2. Verify the mount and test data:
88 | ```
89 | ls /
90 | ```
91 |
92 |
--------------------------------------------------------------------------------
/Day11/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 |
5 | Understanding Storage Types
6 | In AWS, storage options vary based on the type of data you're working with and your performance and durability requirements. Let's delve into the different types of storage available, focusing on EBS, which provides block-level storage volumes for use with EC2 instances.
7 |
8 | Storage Types
9 | 1. Block Storage
10 | Elastic Block Storage (EBS) Volumes:
11 | Provides persistent block storage volumes that can be attached to EC2 instances.
12 | Allows you to create, attach, and detach volumes to EC2 instances as needed.
13 | Supports different volume types optimized for various workloads, including General Purpose SSD (gp2/gp3), Provisioned IOPS SSD (io1/io2), and Throughput Optimized HDD (st1).
14 | Instance Storage:
15 | Directly attached storage to EC2 instances.
16 | Provides high I/O performance but is non-persistent.
17 | Data stored in instance storage is lost if the instance is stopped or terminated.
18 | Typically available in fixed sizes and types and limited to specific instance types.
19 | 2. File Storage
20 | AWS Elastic File System (EFS):
21 | Fully managed file storage service that supports NFSv4 protocol.
22 | Offers scalable and highly available file storage for Linux-based workloads, allowing multiple EC2 instances to access the same file system concurrently.
23 | AWS FSx:
24 | Provides fully managed file systems optimized for Windows-based workloads, including Windows File Server and Lustre.
25 | 3. Object Storage
26 | Amazon Simple Storage Service (S3):
27 | Object storage service designed to store and retrieve any amount of data from anywhere on the web.
28 | Ideal for storing unstructured data, such as images, videos, documents, and backups.
29 | Offers high durability, availability, and scalability at a low cost.
30 | Amazon Glacier:
31 | Low-cost storage service designed for long-term data archiving and backup.
32 | Offers multiple retrieval options with varying latency, allowing you to optimize costs based on your access requirements.
33 | Advantages and Use Cases of EBS Volumes
34 | Permanent Storage:
35 | EBS volumes provide persistence, ensuring that data remains intact even if the associated EC2 instance is stopped or terminated.
36 | Flexible Volume Types:
37 | Choose from a variety of EBS volume types optimized for different performance and cost requirements, ranging from high-performance SSDs to cost-effective HDDs.
38 | Scalability and Attachment Flexibility:
39 | Easily scale EBS volumes up to 16TB in size and attach/detach them to different EC2 instances as needed.
40 | Practical Implementation and Best Practices
41 | Volume Provisioning and Mounting:
42 | Provision EBS volumes and mount them to EC2 instances using standard Linux commands like lsblk, fdisk, mkfs, and mount.
43 | Update the /etc/fstab file to automatically mount EBS volumes at boot time.
44 | Performance Optimization:
45 | Utilize different EBS volume types based on your application's performance requirements, ensuring optimal I/O performance and cost-effectiveness.
46 | By understanding the various storage options available in AWS, including EBS volumes, you can architect scalable and reliable storage solutions tailored to your specific workload requirements and budget constraints.
47 |
--------------------------------------------------------------------------------
/Day12/README.md:
--------------------------------------------------------------------------------
1 | 
2 |
3 |
4 | Commands for Load balancing checking !!!
5 |
6 | - while true; do curl -sL https://www.cloudvishwakarma.in/ | grep -i 'ip-10-0'; sleep 1; done
7 |
8 | - while true; do curl -sL https://www.cloudvishwakarma.in/ | grep -i 'ip-10-0'; sleep 1; done | tee -a awsnlb.log
9 |
10 | - cat awsnlb.log | grep -i ip-10-0-156-5 | wc -l
11 |
12 |
13 | ## Network Load Balancer (NLB)
14 |
15 | In AWS, load balancers play a crucial role in distributing incoming traffic across multiple targets to ensure high availability, fault tolerance, and scalability of applications. Let's explore the Network Load Balancer (NLB), one of the types of load balancers offered by AWS.
16 |
17 | ### Overview:
18 | NLB operates at Layer 4 (Transport Layer) of the OSI model, making it ideal for handling TCP and UDP traffic. It provides ultra-high performance and low-latency load balancing, making it suitable for use cases that require extreme performance and scalability.
19 |
20 | ### Key Features:
21 | - **Layer 4 Load Balancing:**
22 | - NLB operates at the transport layer, allowing it to efficiently distribute traffic based on IP protocol data (TCP or UDP).
23 |
24 | - **High Performance:**
25 | - NLB offers high throughput and low latency, making it suitable for latency-sensitive and high-traffic applications.
26 |
27 | - **Cross-Zone Load Balancing:**
28 | - NLB supports cross-zone load balancing, enabling it to distribute traffic evenly across instances in different availability zones within the same region.
29 |
30 | - **Target Groups:**
31 | - NLB forwards incoming traffic to a target group, which can include EC2 instances, IP addresses, or Lambda functions.
32 |
33 | ### Practical Implementation:
34 | 1. **Setting Up NLB:**
35 | - Create a Network Load Balancer in the AWS Management Console, specifying the listeners, target group, and other configuration details.
36 |
37 | 2. **Testing Load Balancing:**
38 | - Use tools like `curl` to send requests to the NLB's DNS name and observe the distribution of traffic across the registered targets.
39 |
40 | 3. **Monitoring and Optimization:**
41 | - Utilize AWS CloudWatch metrics to monitor the performance of the NLB and optimize its configuration based on traffic patterns and application requirements.
42 |
43 | ### Advantages and Use Cases:
44 | - **Highly Scalable Applications:**
45 | - NLB is well-suited for applications that require high scalability and handle a large volume of traffic, such as gaming platforms, media streaming services, and IoT applications.
46 |
47 | - **Latency-Sensitive Workloads:**
48 | - Applications with stringent latency requirements, such as financial trading platforms and real-time communication services, benefit from NLB's low-latency load balancing capabilities.
49 |
50 | - **UDP-Based Applications:**
51 | - NLB is ideal for UDP-based applications like DNS servers, VoIP services, and online gaming platforms that require efficient load balancing of UDP traffic.
52 |
53 | By leveraging Network Load Balancer, AWS customers can ensure the reliability, scalability, and performance of their applications, especially in scenarios where low latency and high throughput are paramount.
54 |
--------------------------------------------------------------------------------
/Day12/userdata.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | sudo apt update
3 | sudo apt install nginx -y
4 | sudo systemctl restart nginx
5 | sudo systemctl enable nginx
6 | echo "