Amazon Web Services Notes

Study notes on Pluralsight AWS Developer: Getting Started by Ryan Lewis

EC2

winscp https://glassonionblog.wordpress.com/2012/01/29/connect-to-an-ec2-instance-with-putty-winscp/

putty https://linuxacademy.com/guide/17385-use-putty-to-access-ec2-linux-instances-via-ssh-from-windows/

Using Putty to ssh:

https://linuxacademy.com/guide/17385-use-putty-to-access-ec2-linux-instances-via-ssh-from-windows/

AWS Policy Generator

https://awspolicygen.s3.amazonaws.com/policygen.html

#!/bin/bash
echo "starting"
cd /home/ec2-user/pizza-luvrs
npm start


52.205.28.83

#ssh
ssh -i "pizza-keys.pem" ec2-user@52.205.28.83

#update ec3 server and install nodejs
sudo yum update

curl --location https://rpm.nodesource.com/setup_6.x | sudo bash -

sudo yum install -y nodejs

node -v

#copy app to ec3 vm using scp
#In local folder remove node modules
 rm -r node_modules

#cd one folder above : _aws
#use scp to copy application files to ec2
scp -r -i pizza-keys.pem ./pizza-luvrs ec2-user@52.205.28.83:/home/ec2-user/pizza-luvrs

#on server go to app folder
sudo npm cache clean -f
sudo npm install -g n
sudo n stable

npm start

Copying to s3

aws s3 cp ./assets/js s3://pizza-luvers-hb/js --recursive --exclude ".DS_Store"

aws s3 cp ./assets/css s3://pizza-luvers-hb/css --recursive --exclude ".DS_Store"

aws s3 cp ./assets/pizzas s3://pizza-luvers-hb/pizzas --recursive --exclude ".DS_Store"

CORS Configuration

CORS does not work on Chrome – use Firefox

(S3 bucket, CORS Configuration tab)

<CORSConfiguration>
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
    </CORSRule>
</CORSConfiguration>

After making changes to application, to redeploy, copy to stand alone EC2 instance

note destination folder not included

 rm -r node_modules
 
scp -r -i pizza-keys.pem ./pizza-luvrs ec2-user@52.205.28.83:/home/ec2-user

Create a new Image (AMI) with this EC2 instance

Create a role to use with application that has access to s3

pizza-ec2-role

In Services/IAM create role

Service for role is EC2

Search for S3 in Permissions

Select AmazonS3FullAccess

AmazonRDSFullAccess

AmazonDynamoDbFullAccess

Create a new Launch Configuration with modified s3 app & pizza-ec2-role

pizza-launcher-2

  1. Create a new Launch Configuration
  2. Select AMI (Image) created above
  3. In the IAM Role dropdown, select the pizza-ec2-role created above
  4. In advanced, enter the bash script to start the instance
#!/bin/bash
echo "starting"
cd /home/ec2-user/pizza-luvrs
npm start
  1. In IP Address Type,select:

    Assign a public IP address to every instance.\

  2. In Security Group, select pizza-ec2-sg

Now Replace Launch Configuration in our Auto scaling group with this

In Auto Scaling Groups, Edit and change the launch configuration

In Instances, terminate existing instances

This will terminate and launch new instances based on our new image

Database

Creation

PostgreSql

Name: pizza-db

Credentials: postgres/ PassW0rd

Connectivity: select VPC: pizza-vpc

Additional connectivity configuration/Publically accessible: yes

Addition configuration/initial database name: pizza_luvrs

Once Database is created, create inbound rule for your ip

  1. RDS/Databases/pizza-db/connectivity & security tab/Security/click on default security group
  2. Inbound tab: Edit/Add Rule
    1. Type: PostgreSql
    2. Source: My IP
  3. Add Another rule to allow access from the pizza-ec2-sg secutity group (the EC2 launcher instance uses this so to connect from EC2, this rule is required )
    1. Type: PostgreSql
    2. Source: pizza-ec2-sg

Tools to connect to PostgreSQL

Hersh

PGAdmin: https://www.pgadmin.org/ https://www.postgresql.org/download/windows/

Postico (paid, Mac Only) https://eggerapps.at/postico/

Connection Info

  1. Connectivity & Security Tab/Endpoint & Port:

​ endpoint: pizza-db.cwmp0zmuf4kk.us-east-1.rds.amazonaws.com

​ port: 5432

  1. Username: postgres

    Pwd: PassW0rd

  2. database : pizza_luvrs

Cloud Formation templates

https://aws.amazon.com/cloudformation/aws-cloudformation-templates/

accessing output variables of a stack

#if name is not specified, all stacks are returned
aws cloudformation describe-stacks <name>

Cloud Formation Designer

Cloud Formation Designer

Pseudo Parameters Available

  1. AWS:: AccountId = AWS account Id
  2. AWS:: NotificationARNS = ARNS for notification topics
  3. AWS:: NoValue = Removes attribute
  4. AWS:: Region = Region of current stack
  5. AWS:: StackId = ID of current stack
  6. AWS::StackName = Name of current stack

Example:

"AvailabilityZone": {"Fn::Select": ["0", {"Fn::GetAZs": {"Ref": "AWS::Region"}}]}

CloudFormer

CloudFormer

https://www.youtube.com/watch?v=wJ1EKkJbg6M

Elastic Beanstalk

zip up files (zip up files not directory). cd into app directory (pizza-luvrs)

zip -r package.zip .
or use 7zip

More Configurations

Network:

  1. Select Pizza VPC

  2. Public IP address checked

  3. Select both subnets in Availability Zone

Instances:

  1. EC2 security groups: select pizza-ec2-sg

Security:

Virtual machine permissions

  1. EC2 key pair: select pizza-keys

  2. IAM instance profile: pizza-ec2-role

Capacity:

  1. Environment Type : Load Balanced

Load Balancer:

Processes/default/Port: 3000

Elastic Beanstalk: Configuring permissions

IAM/Roles/pizza-ec2-role: Add roles

RDS should allow access to EC2 instance. Go to RDS dashboard,

…then databases and then select pizzadb

…then select Security Tab/VPC security groups/default link

2 Inbound Rule:

PostgresSQL MYIP

PostgresSQL pizza-ec2-sg

RDS Environment Properties

When you create a RDS with Beanstalk, your app can access these variables

RDS_HOSTNAME, RDS_PORT, RDS_DB_NAME, RDS_USERNAME, RDS_PASSWORD

Configuration Locations (in order of precedence)

Create/Update configuration

Saved Configuration

.ebextension files (in .ebextension folder)

Default Values