Security Group
Go to the Security Group section of EC2 and click on Create Security Group button
Fill up the details for you Security Group and hit on Create button
You will be able to see security group in the list
Elastic IP
Go to Elastic IPs section in EC2 and click on Allocate new address
Text
Click on Allocate Button
Click on Close button
Select the IP and associate it the your instance
Provide the instance and click on Associate
Monitoring with CloudWatch
Monitoring Types
Go to the dashboard in the Cloudwatch Section and provide the name for custom dashboard and click on Create dashboard button
Select the Line graph and click on Configure button
Provide the name to the graph and click on EC2 under All metrics section
Select Per-Instance Metrics
From the all metrics section you can select the metrics you want to display as shown below and change the graph time and duration for graph
Specify the graph options for Y axis
Provide Horizontal Annotations
Provide the Vertical Annotation and not click on Create widget
Now click on Save Dashboard
Now click on the widget and click on view in metrics
Basic Monitoring in EC2 section
Exercise 1
Follow the steps https://slides.com/pulkitpushkarna/aws-basics/fullscreen#/32 the only change is the Security Group where you will have to select your own Security Group inspite of the default one.
VPC (Virtual private cloud)
Amazon Virtual private cloud (Amazon VPC) enables you to launch AWS resources in a virtual network that you have defined. The virtual network closely resembles a traditional network that you'd operate in your own data center with the benefit of using a scalable infrastructure on AWS.
Default VPC
vs
Custom VPC
Note : Do not delete the default VPC otherwise you will have to request AWS to get it back
Creating a Custom VPC
Go to the VPC service and click on Your VPCs
Click on Create VPC
Fill the values for your VPC and click on Create
Subnet
Creating Subnet
In the VPC section got to Subnets
Click on Create subnet
Enter the details for the subnet and click on Create
Create one more private Subnet
Internet Gateway
Internet Gateway Requirements
Go to Internet Gateway section and hit Create internet gateway
Enter the Name of Internet Gateway and Click on Create
Right click on your internet Gateway and Attach to VPC
select the VPC for Internet Gateway
Route Table
Creating Route table
Fill the values for custom Route Table and select the VPC for route table and hit Create
Change the routes of the route table by clicking on edit routes
Click on Add Route. Set destination to 0.0.0.0/0 and source to the internet gateway and hit create
Select the Route table and in the subnet associations tab click on Edit subnet assosiations
Select the Public Subnet in order to associate it with route table and click on Save
(Network Address Translation) NAT Devices
Creating a NAT gateway
NAT gateway should reside in public subnet
Create or Select new elastic IP and click on Create a NAT Gateway button
Click on edit route tables
Select the route table to whom private subnet is associated
In the route section click on Edit routes
In the source provide 0.0.0.0/0 and in the target set NAT gateway
Security Group
Go to the Security Group Section under VPC and click on Create security group
Enter the details for security group and click on Create button
Select the newly create group and click on edit rules in the Inbound Rules section
Set values for Public Security Group Inbound
Create one more Private Security Group and set the inbound as shown in the below in the security group in the source point to the Public security group
Exercise 2
Note : You can connect to Private Instance via public Instance through private IP. Steps to create Application load balancer https://slides.com/pulkitpushkarna/aws-basics/fullscreen#/96
S3 - Simple Storage Service
Types of S3 Storage classes
Go to the S3 bucket section Click on Create bucket
Provide the Bucket name and select the Region an hit on Next
Check the checkbox for Versioning and logging
uncheck Block all public access checked and hit next
Click on Create bucket button
Click on the newly created bucket
You will land to this screen click on Upload
Click on Add files and select the file to be uploaded
Click on next
Select Standard and click Next
Now click on upload
Once the file is uploaded. Select the checkbox of the file.
In the pop up select the link to the file. You must get the access error .
Go to the uploaded file and in the Permissions section Provide access to everyone
Text
In the pop up select Read Object Permission for Everyone and Click on Save.
After giving the permision you should able to see the file
Select the file and upload another version of it after editing the text in the original file. Now you should see the different version of the file.
Go to your S3 bucket Management Section and Click on Add lifecycle rule button
Enter the name of your rule and click on next
Select the checkbox Current version and Previous Versions and Provide the transition rules
Fill in the expiration details and Click Next
Now Click Save
Select the bucket name and Hit the Delete Button
Java SDK for Aws Services
plugins {
id 'java'
}
repositories {
mavenCentral()
}
dependencies {
compile group: 'com.amazonaws', name: 'aws-java-sdk', version: '1.11.581'
}
package com.aws.demo.s3;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
public class CloudCredentials {
public static BasicAWSCredentials getCloudCredentials() {
return new BasicAWSCredentials("access_key", "secret_key");
}
public static AmazonS3 getAmazonS3Client(){
return AmazonS3ClientBuilder.standard()
.withRegion(Regions.AP_SOUTH_1)
.withCredentials(new AWSStaticCredentialsProvider(getCloudCredentials()))
.build();
}
}
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
public class CreateBucket {
public static void main(String[] args) {
AmazonS3 amazonS3= CloudCredentials.getAmazonS3Client();
String name = "pulkitpushkarnabucket1";
if(amazonS3.doesBucketExistV2(name)){
System.out.println("Bucket Already Exists");
}else {
System.out.println(amazonS3.createBucket(name));
}
}
}
Create bucket
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
public class ListBucket {
public static void main(String[] args) {
AmazonS3 s3 = CloudCredentials.getAmazonS3Client();
s3.listBuckets().forEach(System.out::println);
}
}
List Bucket
Delete Bucket
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
public class DeleteBucket {
public static void main(String[] args) {
AmazonS3 amazonS3= CloudCredentials.getAmazonS3Client();
amazonS3.deleteBucket("pulkitpushkarnabucket1");
}
}
Upload Object
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.PutObjectResult;
import java.io.File;
public class UploadObject {
public static void main(String[] args) {
AmazonS3 amazonS3 = CloudCredentials.getAmazonS3Client();
PutObjectResult putObjectResult=amazonS3.putObject("pulkitpushkarnabucket1",
"myfile",
new File("/Users/pulkitpushkarna/Documents/abc.txt"));
System.out.println(putObjectResult);
}
}
List Objects
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.ListObjectsV2Result;
public class ListObjects {
public static void main(String[] args) {
AmazonS3 amazonS3 = CloudCredentials.getAmazonS3Client();
ListObjectsV2Result listObjectsV2Result =
amazonS3.listObjectsV2("pulkitpushkarnabucket1");
listObjectsV2Result.getObjectSummaries().forEach(System.out::println);
}
}
package com.aws.demo.s3;
import com.amazonaws.services.s3.AmazonS3;
public class DeletingObject {
public static void main(String[] args) {
AmazonS3 amazonS3 = CloudCredentials.getAmazonS3Client();
amazonS3.deleteObject("pulkitpushkarnabucket1","123");
}
}
Delete Object
Exercise 3
Network ACL
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets
You might set up network ACLs with rules similar to security groups in order to add additional layer of security to your VPC
Network ACL Rules
Each subnet in your VPC must be associated with an ACL
A subnet can only be associated with one subnet. However, an ACL can be assosiated with multiple subnets.
An ACL contains a list of numbered rules with are evaluated in order, starting with lowest
ACLs are stateless, responses to allowed inbound traffic are subject to rules of outbound traffic.