AWS lab by Gauranga Gautam

Lab1

Task 1: Explore Users and Groups

1. Users:

• user-1, user-2, user-3 created.

• No permissions assigned.

Groups:

• EC2-Admin, EC2-Support, S3-Support created.

Group Permissions:

• EC2-Support: AmazonEC2ReadOnlyAccess policy.

• S3-Support: AmazonS3ReadOnlyAccess policy.

• EC2-Admin: Inline policy for EC2 Describe, Start, Stop.

Task 2: Add Users to Groups

Add user-1 to S3-Support:

• Users > S3-Support > Users tab > Add user-1.

Add user-2 to EC2-Support:

• Users > EC2-Support > Users tab > Add user-2.

Add user-3 to EC2-Admin:

• Users > EC2-Admin > Users tab > Add user-3.

Task 3: Sign-In and Test Users

Test user-1 (S3-Support):

Sign in with IAM user-1.

S3 access granted, EC2 access denied.

Test user-2 (EC2-Support):

Sign out user-1.

Sign in with IAM user-2.

EC2 read-only access, no S3 access.

Test user-3 (EC2-Admin):

Sign out user-2.

Sign in with IAM user-3.

EC2 start/stop permissions, no S3 access.

Lab 2

Task 1: Create Your VPC

• Open VPC console.

• Create VPC:

  • Name: lab

  • IPv4 CIDR: 10.0.0.0/16

  • 1 Availability Zone

  • 1 public subnet (10.0.0.0/24)

  • 1 private subnet (10.0.1.0/24)

  • NAT Gateway in 1 AZ.

  • No VPC endpoints.

  • Enable DNS hostnames and resolution.

• Confirm settings in the Preview panel.

• Create VPC.

Task 2: Create Additional Subnets

• Open Subnets.

• Create second public subnet:

  • Name: lab-subnet-public2

  • Availability Zone: us-east-1b

  • IPv4 CIDR: 10.0.2.0/24

• Create second private subnet:

  • Name: lab-subnet-private2

  • Availability Zone: us-east-1b

  • IPv4 CIDR: 10.0.3.0/24

• Associate route table with new private subnet.

• Associate route table with new public subnet.

Task 3: Create a VPC Security Group

• Open Security Groups.

• Create security group:

  • Name: Web Security Group

  • Description: Enable HTTP access

  • VPC: lab-vpc

• Add inbound rule: HTTP from Anywhere-IPv4.

Task 4: Launch a Web Server Instance

• Open EC2 console.

• Launch instance with:

  • Name: Web Server 1

  • Amazon Linux 2023 AMI

  • t2.micro instance type

  • Key pair: vockey

  • Network: lab-vpc, Subnet: lab-subnet-public2, Auto-assign public

    IP enabled

  • Security group: Web Security Group

  • User data script for Apache and PHP installation.

• Wait for the instance to pass status checks.

• Copy Public IPv4 DNS.

• Open browser, paste DNS, view AWS logo and metadata page.

Lab 3

Task 1: Launch Your Amazon EC2 Instance

• Open EC2 console.

• Launch instance:

  • Name: Web Server

  • Amazon Linux 2023 AMI

  • t2.micro instance type

  • Key pair: vockey

  • Network: Lab VPC, Subnet: default, Auto-assign public IP enabled

  • Security group: Create "Web Server security group"

  • User data script for Apache installation.

  • Termination protection enabled.

• **Wait for instance to display "Running" with "2/2 checks

  passed."**

Task 2: Monitor Your Instance

1. Choose "Status checks" tab.

2. Check both System reachability and Instance reachability.

3. Choose "Monitoring" tab to view CloudWatch metrics.

4. View system log and instance screenshot for troubleshooting.

Task 3: Update Your Security Group and Access the Web Server

1. Copy Public IPv4 address.

2. Open Security Groups.

3. Edit "Web Server security group" inbound rules:

• Add rule: Type HTTP, Source Anywhere-IPv4.

4. Refresh web browser, check if you can access the web server.

Task 4: Resize Your Instance: Instance Type and EBS Volume

1. Stop the instance.

2. Change instance type to t2.small.

3. Modify EBS volume size to 10 GiB.

4. Start the resized instance.

Task 5: Explore EC2 Limits

1. Search for "Service Quotas" in the AWS Management Console.

2. Choose "Amazon Elastic Compute Cloud (Amazon EC2)" under AWS

   services.

3. Observe and explore the default limits for running instances.

Task 6: Test Termination Protection

1. Open EC2 console.

2. Choose Instances.

3. Select "Web Server" instance.

4. Attempt to terminate, observe termination protection message.

5. Disable termination protection in "Instance settings."

6. Terminate the instance.

Lab 4

Task 1: Create a New EBS Volume

• Open EC2 console.

• Navigate to Instances.

• **Note the Availability Zone of the existing instance (e.g.,

  us-east-1a).**

• Go to Volumes.

• Create a new volume:

  • Volume Type: General Purpose SSD (gp2)

  • Size (GiB): 1

  • Availability Zone: Select the same as the instance

  • Add Tag: Key: Name, Value: My Volume

  • Create Volume

Task 2: Attach the Volume to an Instance

1. Select "My Volume."

2. In Actions, choose Attach volume.

3. Choose the Lab instance, Device: /dev/sdf.

4. Attach volume.

Task 3: Connect to Your Amazon EC2 Instance

• macOS and Linux Users

• Download labsuser.pem.

• Open terminal, navigate to the directory.

  • cd ~/Documents

  • chmod 400 labsuser.pem

• Copy the Public IPv4 address.

• In terminal:

  • ssh -i labsuser.pem ec2-user@<public-ip>

Task 4: Create and Configure Your File System

• View available storage:

  • df -h

• Create ext3 file system:

  • sudo mkfs -t ext3 /dev/sdf

• Create a directory for mounting:

  • sudo mkdir /mnt/data-store

• Mount the new volume:

  • sudo mount /dev/sdf /mnt/data-store

• Add to /etc/fstab:

  • **echo "/dev/sdf /mnt/data-store ext3 defaults,noatime 1 2" |

    sudo tee -a /etc/fstab**

• View configuration file:

  • cat /etc/fstab

• View available storage again:

  • df -h

• Create a file and add text:

  • sudo sh -c "echo some text has been written >

    /mnt/data-store/file.txt"

• Verify the text has been written:

  • cat /mnt/data-store/file.txt

Task 5: Create an Amazon EBS Snapshot

1. In EC2 console, choose Volumes, select "My Volume."

2. In Actions, choose Create snapshot.

3. Add tag: Key: Name, Value: My Snapshot.

4. Create snapshot.

Task 6: Restore the Amazon EBS Snapshot

• Create a Volume Using Your Snapshot

1. In EC2 console, select "My Snapshot."

2. In Actions, choose Create volume from snapshot.

3. For Availability Zone, select the same as before.

4. Add tag: Key: Name, Value: Restored Volume.

5. Create volume.

• Attach the Restored Volume to Your EC2 Instance

1. In Volumes, select "Restored Volume."

2. In Actions, choose Attach volume.

3. Choose the Lab instance, Device: /dev/sdg.

4. Attach volume.

• Mount the Restored Volume

• Create a directory for mounting:

  • sudo mkdir /mnt/data-store2

• Mount the restored volume:

  • sudo mount /dev/sdg /mnt/data-store2

• Verify the volume has the file:

  • ls /mnt/data-store2/

Lab 5

Task 1: Create a Security Group for the RDS DB Instance

• Go to the VPC service in the AWS Management Console.

• In the left navigation pane, select "Security Groups."

• Choose "Create security group" and configure:

  • Security group name: DB Security Group

  • Description: Permit access from Web Security Group

  • VPC: Lab VPC

• Add inbound rule:

  • Type: MySQL/Aurora (3306)

  • Source: Type "sg" and select Web Security Group.

• Choose "Create security group."

Task 2: Create a DB Subnet Group

• Go to the RDS service in the AWS Management Console.

• In the left navigation pane, select "Subnet groups."

• Choose "Create DB Subnet Group" and configure:

  • Name: DB-Subnet-Group

  • Description: DB Subnet Group

  • VPC: Lab VPC

  • Add subnets for us-east-1a and us-east-1b with CIDR ranges

    10.0.1.0/24 and 10.0.3.0/24.

• Choose "Create."

Task 3: Create an Amazon RDS DB Instance

• In the RDS service, choose "Databases."

• Choose "Create database" and select MySQL under Engine Options.

• Choose Dev/Test under Templates.

• Choose Multi-AZ DB instance under Availability and durability.

• Configure settings:

  • DB instance identifier: lab-db

  • Master username: main

  • Master password: lab-password

  • DB instance class: db.t3.micro

  • Allocated storage: 20

  • VPC: Lab VPC

  • Security group: DB Security Group

  • Initial database name: lab

  • Uncheck backups, encryption, and enhanced monitoring.

• Choose "Create database."

• Wait for the database to be available, copy the Endpoint.

Task 4: Interact with Your Database

• Obtain WebServer IP address from the Details dropdown.

• **Open a new web browser tab, paste the WebServer IP address, and

  press Enter.**

• Navigate to the RDS link on the web application.

• Configure the application:

  • Endpoint: Paste the Endpoint copied earlier

  • Database: lab

  • Username: main

  • Password: lab-password

• Choose "Submit."

Lab 6

Task 1: Create an AMI for Auto Scaling

• Go to EC2 in the AWS Management Console.

• In the left navigation pane, select "Instances."

• **Wait for Web Server 1 to show "2/2 checks passed" under Status

  Checks.**

• Select Web Server 1.

• **In the "Actions" menu, choose "Image and templates" >

  "Create image."**

  • Image name: WebServerAMI

  • Image description: Lab AMI for Web Server

• Choose "Create image."

Task 2: Create a Load Balancer

• Go to the AWS Management Console.

• In the left navigation pane, select "Target Groups."

• Choose "Create target group":

  • Target type: Instances

  • Target group name: LabGroup

  • VPC: Lab VPC

• Choose "Create target group."

• Go to "Load Balancers" in the left navigation pane.

• **Choose "Create load balancer" and select "Application Load

  Balancer."**

  • Load balancer name: LabELB

  • VPC: Lab VPC

  • Subnets: Public Subnet 1, Public Subnet 2

  • Security groups: Web Security Group

  • Listener HTTP:80, Default action: forward to LabGroup

• Choose "Create load balancer."

Task 3: Create a Launch Template and an Auto Scaling Group

• Go to "Launch Templates" in the left navigation pane.

• Choose "Create launch template":

  • Launch template name: LabConfig

  • Auto Scaling guidance: Provide guidance

  • AMI: Web Server AMI

  • Instance type: t2.micro

  • Key pair: vockey

  • Security groups: Web Security Group

  • Enable detailed CloudWatch monitoring

• Choose "Create launch template."

• In the success dialog, choose the LabConfig template.

• From the "Actions" menu, choose "Create Auto Scaling group":

  • Auto Scaling group name: Lab Auto Scaling Group

  • Launch template: LabConfig

  • VPC: Lab VPC

  • Subnets: Private Subnet 1, Private Subnet 2

  • Attach to an existing load balancer: LabGroup

  • Enable group metrics collection within CloudWatch

  • Desired capacity: 2, Minimum capacity: 2, Maximum capacity: 6

  • Scaling policy: Target tracking, Metric type: Average CPU

    Utilization, Target value: 60

  • Tags: Key: Name, Value: Lab Instance

Choose "Create Auto Scaling group."

Task 4: Verify that Load Balancing is Working

1. Go to "Instances" in the left navigation pane.

2. Verify two new instances named Lab Instance.

3. Go to "Target Groups" and select LabGroup.

4. Choose the "Targets" tab and wait for both instances to become

   healthy.

5. Go to "Load Balancers," select LabELB, and copy the DNS name.

6. Open a new browser tab, paste the DNS name, and ensure the

   application appears.

Task 5: Test Auto Scaling

1. Open CloudWatch from the AWS Management Console.

2. Choose "All alarms" in the left navigation pane.

3. Verify the two alarms created by Auto Scaling.

4. If alarms are not visible, go to EC2 > Auto Scaling Groups > Lab

   Auto Scaling Group > Automatic Scaling > LabScalingPolicy > Actions > Edit, change Target Value to 50, and choose Update.

5. Choose the OK alarm (AlarmHigh) and wait for it to transition to OK.

6. Return to the web application and choose "Load Test" to generate

   load.

7. Return to CloudWatch and wait for AlarmHigh to change to In alarm.

8. Verify additional instances were launched in EC2 > Instances.

Task 6: Terminate Web Server 1

1. Select Web Server 1.

2. In the "Instance state" menu, choose "Instance State" >

   "Terminate Instance."

3. Choose "Terminate."