LAB WORKBOOK

CLOUD INFRASTRUCTURE & SERVICES (20CS3037RB)

 LABORATORY WORKBOOK

STUDENT NAME
REG. NO

YEAR

SEMESTER

SECTION

FACULTY

HOD-CSE
K L UNIVERSITY
 Organization of the STUDENT LAB WORKBOOK

The lab framework comprises a creative element. Within this structure, each lab includes Two parts:
Pre-lab, In-Lab.

a. Pre-Lab

The Prelab exercise is a homework assignment that links the lecture with the lab period - typically
takes 2 hours to complete. The goal is to make students familiar with the basic topics which make
in-lab easy for them. Students attending a two-hour closed lab are expected to make a good-faith
effort to complete the Prelab exercise before coming to the lab. Their work need not be perfect, but
their effort must be real.

b. In-Lab

The In-lab section takes place during the actual lab period. The First hour of the lab period can be
used to resolve any problems the students might have experienced in completing the Prelab
exercises. The intention is to give productive feedback so that students leave the lab with working
Prelab software - a significant achievement on their part. During the second hour, students complete
the In-lab exercise to strengthen the concepts learned in the Prelab.

c. Post-Lab

The Post-lab exercise is a homework assignment that links the lecture with the In-lab period -
typically takes 1 hour to complete. The goal is to make students familiar with the basic topics.
Students attends In-lab are expected to make a effort to complete the Post-lab exercise before coming
to the next lab.
 University Vision and Mission
Vision

To be a globally renowned university.

Mission

To impart quality higher education and to undertake research and extension with emphasis on application and
innovation that cater to the emerging societal needs through all-round development of the students of all sections
enabling them to be globally competitive and socially responsible citizens with intrinsic values.

Department Vision and Mission

Vision

To be a department of international repute through continuous research, innovation and industry led curriculum.

Mission

To Impart Quality Education with social consciousness and make them Globally Competent.

Mission Statements

M1: Provide quality education in both the theoretical and applied foundations of computer science & computer
engineering.

M2: Train students effectively to apply their computational skills in solving industrial, societal and real-world
problems.

M3: Provide students a competitive advantage, emulous environment in the ever-changing and challenging
global workforce.

M4: Facilitate multi-disciplinary innovation to advance theoretical computer science through experimental
research.

Program Educational Objectives (PEOs)

S. No PEO# Statement

Graduates will be able to practice engineering in a broad range of

1 PEO1
industrial, societal and real-world applications.

Graduates will be able to pursue advanced education, research and

2 PEO2 development, by adapting creative and innovative practices in their
professional careers.

Graduates will be able to conduct themselves in a responsible,

3 PEO3
professional, and ethical manner.

Graduates will be able to participate as leaders in their fields of

4 PEO4 expertise and in activities that support service and economic
development throughout the world.
 2022-23 ODD SEMESTER LAB CONTINUOUS EVALUATION

In-Lab
Sl No Date Experiment Name Pre-Lab Post Lab Viva Voce Total Faculty
(5M) LOGIC EXECUTION ANALYSIS (5M) (5M) (50M) Signature
RESULT
(10M) (10M) (10M) (5M)

10

11

12
 Table of Contents

WEEK Name of The Experiment / TOPIC Page No.

1 To launch Amazon Linux EC2 instance 7-14

15-18
2 To launch windows EC2 instance

19-24
3 To configure webserver on Amazon linux
instance with elastic IP
25-30
4 To manage Elastic Block Store (EBS)

5 31-41
To manage IAM users, groups and policies
To configure Amazon Simple Storage Service 42-54
6 (Amazon S3)

7 55-60
To configure Amazon Glacier

8 To configure Amazon Virtual Private Cloud 61-71

9 72-74
To configure Amazon Cloudwatch

10 75-78
To configure Amazon Simple notification Service
(SNS)
11 79-85
To configure Amazon Elastic Load balancer
12 86-90
To configure auto scaling using Load balancer
 WEEK - 1
To launch Amazon EC2 Linux instance

Pre Lab Task:

a) What s Amazon EC2 Service?

b) What Are The Features of the Amazon Ec2 Service?

 In Lab Task:

Task 1: Launch Your Amazon EC2 Instance

In this task, you will launch an Amazon EC2 instance with termination protection. Termination
protection prevents you from accidentally terminating an EC2 instance. You will deploy your
instance with a User Data script that will allow you to deploy a simple web server.

1. In the AWS Management Console on the Services menu, click

EC2.

2. Click Launch Instance

Step 1: Choose an Amazon Machine Image (AMI)

An Amazon Machine Image (AMI) provides the information required to launch an instance,
which is a virtual server in the cloud. An AMI includes:

A template for the root volume for the instance (for example, an operating system or an
application server with applications) Launch permissions that control which AWS accounts can
use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance whenit is launched

The Quick Start list contains the most commonly-used AMIs. You can also create your own AMI
or select an AMI from the AWS Marketplace, an online store whereyou can sell or buy software
that runs onAWS.

3. Click Select next to Amazon Linux 2 AMI (at the top of thelist).

Step 2: Choose an Instance Type

Amazon EC2 provides a wide selection of instance types optimized to fit different use cases.
Instance types comprise varying combinations of CPU, memory, storage, and networking capacity
and give you the flexibility to choose the appropriate mix of resources for your applications. Each
instance type includes oneor more instance sizes, allowing you to scale your resources to the
requirements of your target workload.
You will use a t2.micro instance which should be selected by default. Thisinstance type has 1
virtual CPU and 1 GiB of memory.
4. Click Next: Configure Instance DetailsStep 3:

Configure Instance Details

This page is used to configure the instance to suit your requirements. This includesnetworking and
monitoring settings.
 The Network indicates which Virtual Private Cloud (VPC) you wish to launch the instance into.
You can have multiple networks, such as different ones for development, testing and production.

5. For Network, select Lab VPC.

The Lab VPC was created using a Cloud Formation template during the setup process of your lab.
This VPC includes two public subnets in two different Availability Zones.

6. For Enable termination protection, select Protect against accidental

termination.

When an Amazon EC2 instance is no longer required, it can be terminated, which means that the
instance is stopped, and its resources are released. A terminated instance cannot be started again.
If you want to prevent the instance from being accidentally terminated, you can enable termination
protection for the instance, which prevents it from being terminated.
7. Scroll down, and then expand Advanced Details.

A field for User data will appear.

When you launch an instance, you can pass user data to the instance that can be used to perform
common automated configuration tasks and even run scripts after the instance starts.

Your instance is running Amazon Linux, so you will provide a shell script
that will run when the instance starts.

8. Copy the following commands and paste them into the User data field:
#!/bin/bash
yum -y install httpd chkconfig httpd on systemctl start httpd
echo '<html><h1>Hello From Your Web Server!</h1></html>' >
/var/www/html/index.html

The script will:

 Install an Apache web server (httpd)
 Configure the web server to automatically start on boot Activate the Web serverCreate a
simple web page.

9. Click Next: Add TagsStep

5: Add Tags

Tags enable you to categorize your AWS resources in different ways, for example, by purpose,
owner, or environment. This is useful when you have many resources of the same type — you can
quickly identify a specific resource based on the tags you have assigned to it. Each tag consists of
a Key and a Value, both of which you define.
10. Click Add Tag then configure:

Key: Name

Value:

11. Click Next: Configure Security GroupStep 6:

Configure Security Group

A security group acts as a virtual firewall that controls the traffic for one or more instances. When
you launch an instance, you associate one or more security groupswith the instance. You add rules
to each security group that allow traffic to or fromits associated instances. You can modify the
rules for a security group at any time; the new rules are automatically applied to all instances that
are associated with the security group.

12. On Step 6: Configure Security Group, configure:

Security group name:

Description: Security group for my webserver

In this lab, you will not log into your instance using SSH. Removing SSH access will improve
the security of the instance.
13. Click Launch

A Select an existing key pair or create a new key pair window will appear.

Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. To log in
to your instance, you must create a key pair, specify the name of the key pair when you launch the
instance, and provide the private key when you connect to the instance.

In this lab you will not log into your instance, so you do not require a key pair.

14. Click the Choose an existing key pair drop-down and select
Proceed without a key pair.

15. Select I acknowledge that....

16. Click Launch Instances

Your instance will now be launched.
17. Click View Instances

The instance will appear in a pending state, which means it is being launched. It will then change
to running, which indicates that the instance has started booting. There will be a short time before
you can access the instance.
The instance receives a public DNS name that you can use to contact the instance from the Internet.
 Your Web Server should be selected. The Description tab displays detailed information about
your instance.
To view more information in the Description tab, drag the window divider upwards.

Review the information displayed in the Description tab. It includes information about the
instance type, security settings and network settings.
18. Wait for your instance to display the following:

Instance State: running

Status Checks: 2/2 checks passed

Congratulations! You have successfully launched your first Amazon EC2 instance.

Task 2: To terminate your instance

22. In the navigation pane, choose Instances. In the list of instances, select the instance.

19. Choose Instance state, Terminate instance.

20. Choose Terminate when prompted for confirmation.
21. Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it remains visible
on the console for a short while, and then the entry is automatically deleted. You cannot remove the
terminated instance from the console display yourself.
End Lab
Follow these steps to close the console, end your lab, and evaluate the experience.

22. Return to the AWS Management Console.

23. On the navigation bar, click

<your username>@<Account Number>, and then click Sign Out.
24. Click End Lab

25. Click OK

Post Lab Task:

a) Is It Possible to stop or terminate any running instance instantly? Explain.

b) What Types of Issues Do You Face While Connecting To An Ec2 Instance?

 WEEK - 2

To launch Amazon windows EC2 Instance

Pre Lab Task:

a) What are the different types of EC2 instances based on their costs?

b) What are the common types of AMI designs?

In Lab Task:

Task 1: To launch windows EC2 instance

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. From the EC2 console dashboard, in the Launch instance box, choose Launch instance, and then
choose Launch instance from the options that appear.
3. Under Name and tags, for Name, enter a descriptive name for your instance.
4. Under Application and OS Images (Amazon Machine Image), do the following:
5. Choose Quick Start, and then choose Windows. This is the operating system (OS) for your instance.
6. From Amazon Machine Image (AMI), select the AMI for Windows Server 2016 Base or later.. Notice
 that these AMIs are marked Free tier eligible. An Amazon Machine Image (AMI) is a basic configuration
that serves as a template for your instance.
7. Under Instance type, from the Instance type list, you can select the hardware configuration for your
instance. Choose the t2.micro instance type, which is selected by default. The t2.micro instance type is
eligible for the free tier. In Regions where t2.micro is unavailable, you can use a t3.micro instance under
the free tier. For more information, see AWS Free Tier.
8. Under Key pair (login), for Key pair name, choose the key pair that you created when getting set up. Note
that you must select an RSA key. ED25519 keys are not supported for Windows instances.
9. Do not choose Proceed without a key pair (Not recommended). If you launch your instance without a
key pair, then you can't connect to it.
10. Next to Network settings, choose Edit. For Security group name, you'll see that the wizard created and
selected a security group for you. You can use this security group, or alternatively you can select the
security group that you created when getting set up using the following steps:
11. Choose Select existing security group.
12. From Common security groups, choose your security group from the list of existing security groups.
13. Keep the default selections for the other configuration settings for your instance.
14. Review a summary of your instance configuration in the Summary panel, and when you're ready,
choose Launch instance.
15. A confirmation page lets you know that your instance is launching. Choose View all instances to close
the confirmation page and return to the console.
16. On the Instances screen, you can view the status of the launch. It takes a short time for an instance to
launch. When you launch an instance, its initial state is pending. After the instance starts, its state changes
to running and it receives a public DNS name. If the Public IPv4 DNS column is hidden, choose the
settings icon ( ) in the top-right corner, toggle on Public IPv4 DNS, and choose Confirm.

17. It can take a few minutes for the instance to be ready for you to connect to it. Check that your instance
has passed its status checks; you can view this information in the Status check column.

End Lab

18. Return to the AWS ManagementConsole.

19. On the navigation bar,click

<yourusername>@<AccountNumber>, and then click Sign Out.

20. Click EndLab

21. ClickOK
 Post-Lab Task:

a) What can you do with Amazon EC2?

b) How can you get started with Amazon EC2?

 WEEK - 3
To configure Webserver on Amazon linux instance with Elastic IP

Pre Lab Task:

a) What do you mean by Elastic IP in Amazon?

b) Write down the differences between Public IPv4 and Private IPv4 address?

Task 1: First, you create an Amazon EC2 instance in the public subnet of your VPC.

To launch an EC2 instance

1. Sign in to the AWS Management Console and open the Amazon EC2 console
at https://console.aws.amazon.com/ec2/.
2. Choose EC2 Dashboard, and then choose Launch instance, as shown following.

3. Make sure you have opted into the new launch experience.
4. Under Name and tags, for Name, enter tutorial-web-server.
5. Under Application and OS Images (Amazon Machine Image), choose Amazon Linux, and then choose
the Amazon Linux 2 AMI. Keep the defaults for the other choices.

6. Under Instance type, choose t2.micro.

7. Under Key pair (login), choose a Key pair name to use an existing key pair. To create a new key pair
for the Amazon EC2 instance, choose Create new key pair and then use the Create key pair window to
create it.
8. For more information about creating a new key pair, see Create a key pair in the Amazon EC2 User
Guide for Linux Instances.
9. For Network settings, choose Edit.
10. Under Network settings, set these values and keep the other values as their defaults:
11. VPC (required) – Choose the VPC with both public and private subnets that you choose for the DB
instance, such as the vpc-identifier | tutorial-vpc created in Create a VPC with private and public
subnets.
12. Subnet – Choose an existing public subnet, such as subnet-identifier tutorial-subnet-public1-us-west-
2a created in
13. Auto-assign public IP – Choose Enable.
14. Firewall (security groups) – Choose Select an existing security group.
15. Common security groups – Choose choose an existing security group, such as the tutorial-
securitygroup created in Create a VPC security group for a public web server. Make sure that the
security group that you choose includes inbound rules for Secure Shell (SSH) and HTTP access.
16. Advanced network configuration – Leave the default values.

17. Leave the default values for the remaining sections.

18. Review a summary of your instance configuration in the Summary panel, and when you're ready,
choose Launch instance.
19. On the Launch Status page, shown following, note the identifier for your new EC2 instance, for
example: i-0288d65fd4470b6a9.
20. Choose View all instances to find your instance.
21. Wait until Instance State for your instance is running before continuing.

Task 2: connect to your EC2 instance and install the Apache web server with PHP
22. Connect to the EC2 instance that you created earlier by following the steps
23. Get the latest bug fixes and security updates by updating the software on your EC2 instance. To do this,
use the following command.
sudo yum update -y
24. After the updates complete, install the PHP software using the amazon-linux-extras install command.
This command installs multiple software packages and related dependencies at the same time.
sudo amazon-linux-extras install php8.0 mariadb10.5`
25. Install the Apache web server.
sudo yum install -y httpd
26. Start the web server with the command shown following.
sudo systemctl start httpd
27. You can test that your web server is properly installed and started. To do this, enter the public Domain
Name System (DNS) name of your EC2 instance in the address bar of a web browser, for
example: http://ec2-42-8-168-21.us-west-1.compute.amazonaws.com. If your web server is running,
then you see the Apache test page.
28. Configure the web server to start with each system boot using the systemctl command.
sudo systemctl enable httpd
29. To allow ec2-user to manage files in the default root directory for your Apache web server, modify the
ownership and permissions of the /var/www directory. There are many ways to accomplish this task. In
 this tutorial, you add ec2-user to the apache group, to give the apache group ownership of
the /var/www directory and assign write permissions to the group.

Task 3: To associate an Elastic IP address with an instance

1. Open the Amazon EC2 console.

2. In the navigation pane, choose Elastic IPs.
3. Select the Elastic IP address to associate and choose Actions, Associate Elastic IP address.
4. For Resource type, choose Instance.
5. For instance, choose the instance with which to associate the Elastic IP address. You can also enter text
to search for a specific instance.
6. (Optional) For Private IP address, specify a private IP address with which to associate the Elastic IP
address.
7. Choose Associate.

End Lab

1. Return to the AWS ManagementConsole.

2. On the navigation bar,click

<yourusername>@<AccountNumber>, and then click Sign Out.

3. Click EndLab

4. ClickOK

Post-Lab Task:

a) How many elastic IPs can I have in AWS?

b) What Why we use Elastic IP in NAT gateway?

 WEEK - 4
Introduction to Amazon Elastic Block Store (EBS)

Pre Lab Task:

a) Are Amazon EBS volume and snapshot ID lengths changing in 2018?

b) Are EBS Standard Volumes still available?

c) How do I modify the capacity, performance, or type of an existing EBS volume?

In Lab Task:

Task 1: Create an Elastic Block Store Volume

In this task, you will create an Amazon EBS volume. EBS volumes are like hard drives in a
computer. The data on them persists through the lifetime of the volume and can be transported
between virtual machines as needed.

1. In the AWS Management Console on the Services menu, click

EC2.

2. In the left navigation pane, click Volumes.

You will see a volume that has a status of in-use. This volume is connected to an Amazon
EC2 instance that has been created for this lab exercise.

If you do not see the volume, wait 30 seconds and click the refresh icon. Repeat until it
appears.

3. Point to the Name column for the volume being displayed. A pencil icon will appear.

4. Click the pencil icon, then:

Type
Press Enter

This adds a name to the EBS Volume. It is recommended that you Name and Tag your EBS
volumes to keep track of their content and their purpose.

5. Take note of the Availability Zone of the Volume. It will look similartous-west-
2a.Youwillneedtousethisvalueinanotherstep.

6. Click Create Volume

You will be presented with the Create Volume dialog box. This contains various
configuration options:

 Volume Type specifies whether to use magnetic disks or SSD. Each volume type has its
own capabilities that can meet specific use-cases.
 Size can be up to 16TB.
 IOPS defines the speed of the disk in Inputs/Outputs per Second.
  Availability Zone identifies where to create the Volume, which should be in the same
AZ as the instance that will use the volume.
 Snapshot ID allows a previous snapshot to be restored onto the new volume.
 Encryption chooses whether the contents of the volume should be automatically
encrypted when stored on disk.

7. In the Create Volume dialog box, configure:

Volume Type: General Purpose SSD (GP2)

Size (GiB):
Availability Zone: Use the Availability Zone noted in the earlier step Click
Create Volume

8. Click Close

Your new EBS volume will appear in the volume list.

Task 2: Attach the EBS Volume to an Amazon EC2 Instance

In this task, you will attach the new EBS volume to an Amazon EC2 instance. Your

volume should be showing a State of available.

If your newly created volume still shows the State as creating (or does not appear),
click the refresh icon in the upper-right of the window.

9. Click the pencil icon in the Name column (which should be blank) then:

Type the name:

Press Enter

You can now attach the volume to an Amazon EC2 instance, which allows the instance to use
the volume. You will select the Amazon EC2 instance that will use the volume.
10. In the Actions drop-down list, click Attach Volume.

11. Click the Instance field and select the running instance that is displayed.

12. Click Attach

You have now connected an Amazon EBS volume to an instance. Congratulations!

Task 3: Snapshot the EBS Volume

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-
 time snapshots. Snapshots are incremental backups, which mean that only the blocks on the
device that have changed after your most recent snapshot are saved. This minimizes the time
required to create the snapshot and saves on storage costs by not duplicating data.
Each snapshot contains all of the information needed to restore your data(from the moment
when the snapshot was taken) to a new EBS volume.

In this task, you will create a Snapshot of your EBS Volume.

13. Click the refresh icon in the top-right of the window. Your volume should now have a
status of in-use.

14. In the Actions drop-down list, click Create Snapshot, then enter:

Description:
Click Create Snapshot
Click Close

15. In the left navigation pane, click Snapshots.

Your snapshot will appear in the list.

In future, this snapshot can be used to create a new volume that will have exactly the same
contents as when the snapshot was created.

Task 4: Modify the EBS Volume

This task demonstrates how to modify the Volume Type and Size of an Amazon EBS volume.

16. In the left navigation pane, click Volumes.

17. Select My Volume.

18. In the Actions drop-down list, click Modify Volume.

This dialog box allows you to select a different Volume Type and/or changethe size of the
volume.

19. Change the Size to:

20. Click Modify

A confirmation dialog box appears.

21. Click Yes then click Close

22. Click there fresh icon. Your volume should now have a sizeof 20GiB.

Conclusion
 Congratulations! You now have successfully learned how to:

 Create an Amazon EBS volume in the Amazon Management Console Attach the EBS
Volume to an Amazon EC2 instance.
 Create a Snapshot of the EBS Volume Modify the EBS Volume
 If you would like to learn more about Amazon EBS, please see the lab titled Working
with Amazon Elastic Block Store (EBS), which provides more in- depth activities with
Amazon EBS Volumes.

End Lab

Follow these steps to close the console, end your lab, and evaluate the experience.

23. Return to the AWS Management Console.

24. On the navigation bar, click

<yourusername>@<AccountNumber>, and then click Sign Out.

25. Click EndLab

26. ClickOK

Post-Lab Task:

a) What level of performance consistency can I expect to see from my Provisioned IOPS SSD
(io1) volumes?

b) What level of performance latency can I expect to see from my Provisioned IOPS SSD (io1)
volumes?
 WEEK - 05
To manage IAM users, groups and policies

Pre Lab Task:

a) Why you need to implement IAM?

b) How does IAM work?

c) Define the purpose of rule designer in IAM?

 In Lab Task:

Task 1: Explore the Users and Groups

In this task, you will explore the Users and Groups that have already been created for you in
IAM.

1. In the AWS Management Console, on the Services menu, click

IAM.

2. In the navigation pane on the left, click Users.

 The following IAM Users have been created for you:

user-1 user-2 user-3

 There is also an aws student user, which you can ignore for this lab.

3. Clickuser-1.

This will bring to a summary page for user-1. The Permissions tab will be displayed.
4. Notice that user-1 does not have any permissions.

5. Click the Groups tab.

user-1 also is not a member of any groups.

6. Click the Security credentials tab. user-1 is assigned a Console password

7. In the navigation pane on the left, click Groups.

 The following groups have already been created for you:

EC2-Admin EC2-Support S3-Support

 Click the EC2-Supportgroup.

This will bring you to the summary page for the EC2-Supportgroup.

8. Click the Permissions tab.

This group has a Managed Policy associated with it, called AmazonEC2ReadOnlyAccess.
Managed Policies are pre-built policies (built either by AWS or by your administrators) that can
be attached to IAM Users and Groups. When the policy is updated, the changes to the policy are
immediately apply against all Users and Groups that are attached to the policy.
 9. Under Actions, click the Show Policy link.

A policy defines what actions are allowed or denied for specific AWS resources. This policy is
granting permission to List and Describe information about EC2, Elastic Load Balancing,
CloudWatch and Auto Scaling. This ability to view resources, but not modify them, is ideal for
assigning to a Support role.

The basic structure of the statements in an IAM Policy is:

Effect says whether to Allow or Deny the permissions.

Action specifies the API calls that can be made against an AWS Service (eg
cloudwatch:ListMetrics).
Resource defines the scope of entities covered by the policy rule (eg a specific Amazon S3
bucket or Amazon EC2 instance, or * which means any resource).

10. Close the Show Policy window.

11. In the navigation pane on the left, click Groups.

12. Click the S3-Support group.

The S3-Support group has the AmazonS3ReadOnlyAccess policy attached.

13. Below the Actions menu, click the Show Policy link.

This policy has permissions to Get and List resources in AmazonS3.

14. Close the Show Policy window.

15. In the navigation pane on the left, click Groups.

16. Click the EC2-Admin group.

This Group is slightly different from the other two. Instead of a Managed Policy, it

has an Inline Policy, which is a policy assigned to just one User or Group. Inline Policies are
typically used to apply permissions for one-off situations.
17. Under Actions, click Edit Policy to view the policy.

This policy grants permission to view (Describe) information about Amazon EC2 and also the
ability to Start and Stop instances.
18. At the bottom of the screen, click Cancel to close the policy.

Business Scenario

For the remainder of this lab, you will work with these Users and Groups to enable permissions
supporting the following business scenario:
 Your company is growing its use of Amazon Web Services, and is using many Amazon EC2
instances and a great deal of Amazon S3 storage. You wish to give access to new staff depending
upon their job function:

User In Group Permissions

user-1 S3-Support Read-Only access to Amazon S3

user-2 EC2-Support Read-Only access to Amazon EC2

user-3 EC2-Admin View, Start and Stop Amazon EC2

instances

Task 2: Add Users to Groups

You have recently hired user-1 into a role where they will provide support for Amazon S3. You
will add them to the S3-Support group so that they inherit the necessary permissions via the
attached AmazonS3ReadOnlyAccess policy.

You can ignore any "not authorized" errors that appear during this task. They are caused by your
lab account having limited permissions and will not impact your ability to complete the lab.
Add user-1 to the S3-Support Group

1. In the left navigation pane, click Groups.

2. Click the S3-Support group.

3. Click the Users tab.

4. In the Users tab, click Add Users to Group.

5. In the Add Users to Group window, configure the following: Select

user-1.
At the bottom of the screen, click Add Users.

In the Users tab you will see that user-1 has been added to the group.

Add user-2 to the EC2-Support Group

You have hired user-2 into a role where they will provide support for Amazon EC2.

6. Using similar steps to the ones above, add user-2 to the EC2- Support group. user-2

should now be part of the EC2-Support group.

Add user-3 to the EC2-Admin Group

You have hired user-3 as your Amazon EC2 administrator, who manage your EC2 instances.
7. Using similar steps to the ones above, adduser-3totheEC2-Admin
group.

user-3 should now be part of the EC2-Admin group.

8. In the navigation pane on the left, click Groups.

Each Group should have a 1 in the Users column for the number of Users in each Group. If you
do not have a 1 beside each group, revisit the above instructions above to ensure that each user is
assigned to a Group, as shown in the table in the Business Scenario section.

Task 3: Sign-In and Test Users

In this task, you will test the permissions of each IAM User.

9. In the navigation pane on the left, click Dashboard.

An IAM users sign-in link is displayed It will look similar to:

https://123456789012.signin.aws.amazon.com/console

This link can be used to sign-in to the AWS Account you are currently using.

10. Copy the IAM user’s sign-in link to a text editor.

11. Open a private window.

Mozilla Firefox
Click the menu bars at the top-right of the screen Select New Private WindowGoogle Chrome

Click the ellipsis at the top-right of the screen Click New incognito window

Microsoft Edge

Click the ellipsis at the top-right of the screen Click New In Private window Microsoft

Internet Explorer

Click the Tools menu option Click In Private Browsing

12. Paste the IAM users sign-in link into your private window and press Enter.

You will now sign-in as user-1, who has been hired as your Amazon S3 storage support staff.

13. Sign-in with:

IAM user name:

 Password:

14. In the Services menu, clickS3.

15. Click the name of one of your buckets and browse the contents.

Since your user is part of the S3-Support Group in IAM, they have permission to view a list of
Amazon S3 buckets and their contents.

Now, test whether they have access to Amazon EC2.

16. In the Services menu, clickEC2.

17. In the left navigation pane, click Instances.

You cannot see any instances! Instead, it says An error occurred fetching instance data: You are
not authorized to perform this operation.. This is because your user has not been assigned any
permissions to use Amazon EC2.

You will now sign-in as user-2, who has been hired as your Amazon EC2 support person.

18. Sign user-1 out of the AWS Management Console by configuring the
following:

At the top of the screen, click user-1

Click Sign Out

19. Paste the IAM users sign-in link into your private window and pressEnter.

This links should be in your text editor.

20. Sign-in with:

 IAM user name:

Password:

21. In the Services menu, clickEC2.

22. In the navigation pane on the left, click Instances.

You are now able to see an Amazon EC2 instance because you have Read Only permissions.
However, you will not be able to make any changes to
Amazon EC2 resources.

If you cannot see an Amazon EC2 instance, then your Region may be incorrect. In the top-right
of the screen, pull-down the Region menu and select the region that you noted at the start of the
lab (eg Oregon).

Your EC2instance should be selected. If it is not selected, select it.

23. In the Actions menu, click Instance State >Stop.

24. In the Stop Instances window, click Yes, Stop.

You will receive an error stating You are not authorized to perform this operation. This
demonstrates that the policy only allows you to information, without making changes.
25. At the Stop Instances window, click Cancel.

Next, check if user-2 can access Amazon S3.

26. In the Services, clickS3.

You will receive an Error Access Denied because user-2 does not permission to use Amazon
S3.

You will now sign-in as user-3, who has been hired as your Amazon EC2 administrator.

27. Sign user-2 out of the AWS Management Console by configuring the following:

At the top of the screen, click user-2

Click Sign Out
28. Paste the IAM users sign-in link into your private window and press Enter.

29. Paste the sign-in link into your web browser address bar again. If it is not in your clipboard,
retrieve it from the text editor where you stored it earlier.

30. Sign-in with:

IAM user name:
Password:

31. In the Services menu, clickEC2.

32. In the navigation pane on the left, click Instances.

As an EC2 Administrator, you should now have permissions to stop the Amazon EC2 instance.

Your EC2 instance should be selected . If it is not, please select it.

If you cannot see an Amazon EC2 instance, then your Region may be incorrect. In the top-right
of the screen, pull-down the Region menu and select the region that you noted at the start of the
lab (eg Oregon).
33. In the Actions menu, click Instance State >Stop.

34. In the Stop Instances window, click Yes, Stop.

The instance will enter the stopping state and will shutdown.

35. Close your private window.

End Lab

Follow these steps to close the console, end your lab, and evaluate the experience.

1. Return to the AWS Management Console.

2. On the navigation bar,click <yourusername>@<AccountNumber>, and then click Sign Out.
3. Click EndLab
4. ClickOK

Post-Lab Task:

a) Describe Step by step how IAM solutions implemented?

 WEEK - 6
To configure Amazon Simple Storage Service (Amazon S3)

Pre Lab Task:

a) What is Amazon S3?

b) What can I do with Amazon S3?

c) What can developers do with Amazon S3 that they could not do with an on- premises
solution?

d) What kind of data can I store in Amazon S3?

In Lab Task:

Task 1: Create a Bucket

In this task you will create an Amazon S3 bucket. Every object in Amazon S3 is stored in a
bucket.

1. In the AWS Management Console, on the Services menu, click S3.

2. Click Create bucket then configure:

Bucket name:
Replace NUMBER with a random number Leave Region at its default value

Selecting a particular region allows you to optimize latency, minimize costs, or address
regulatory requirements. Objects stored in a region never leave that region unless you explicitly
transfer them to another region.

The Copy settings from an existing bucket option can be used to make it easier to create
buckets that use the same settings as another bucket. For this lab, you are not going to use this
option.

3. Click Next then configure:

Versioning: Select keep all versions of an object in the same bucket

Click Next

By default new S3 buckets that you create are not publicly accessible.

4. At the Configure options screen:

 De-select Block new public ACLs and uploading public objects

(Recommended)
 De-select Remove public access granted through public ACLs
(Recommended)
 De-select Block new public bucket policies (Recommended)
 De-select Block public and cross-account access if bucket has
public policies (Recommended)
 Click Next
5. Click Create bucket
Task 2: Upload an Object to the Bucket
Now that you have created a bucket, you are ready to store objects. An object can be any kind
of file: a text file, a photo, a video, a zip file, etc. When you add an object to Amazon S3, you
have the option of including metadata with the object and setting permissions to control
 access to the object.

In this task you will upload objects to your S3 bucket.

6. Right-click this link and download the picture to your computer: sheep.png

7. In the S3 Management Console, click your bucket that starts with the name my bucket.

8. Click Upload

This launches an upload wizard that will assist you in uploading files. Using this wizard you can
upload files, either by selecting them from a file chooser or by dragging them to the S3 window.

9. At the (1) Select files dialog box, click Add files then configure:

 Browse to and select the sheep.png file that you downloaded Click Upload

 You can watch the progress of the upload from within the Transfer panel at the bottom of the
screen. Since this is a very small file, you might not see the transfer. Once your file has been
uploaded, it will be displayed in the bucket.

Task 3: Make Your Object Public

In this task you will configure permissions on your object so that it is publicly accessible.
First, you will attempt to access the object to confirm that it is private by default.

10. Click the sheep.png file.

 11. Copy the S3 Link displayed at the bottom of the window.

The link should look similar to this: https://s3-us-west-

2.amazonaws.com/mybucket45647467/sheep.png

12. In a new browser tab, paste the link into the address field, then press
ENTER.

You should receive an Access Denied error. This is because objects in Amazon S3 are private by
default.

You will now configure the object to be publicly accessible.

13. Keep this browser tab open, but return to the web browser tab with the S3
Management Console.

14. In the S3 Management Console, click the Permissions tab, then configure:

Under the Public access section, select Everyone. Select Read object
Click Save

15. Return to the browser tab that displayed Access Denied and refresh the page.
 Your picture should be now be displayed because it is publicly accessible.

16. Close the web browser tab that is displaying your picture and return to the web browser tab
with the Amazon S3 Management Console.

In this example, you granted read access only to a specific object. If you wish to grant access
to an entire bucket, you would use a Bucket Policy.
Task 4: Create a Bucket Policy

A Bucket Policy is a set of permissions associated with an Amazon S3 bucket. It can be used
to control access to a whole bucket or to specific directories within a bucket.
You will now upload a new file and verify that it is not publicly accessible.

17. Right-click this link and download the picture to your computer.

18. In the S3 Management Console tab, click the name of your bucket at the top of the window.

19. Click Upload and use the same upload process to upload the Eiffel.pngfile.

This is the same upload process you used in task 2.

20. Click on the eiffel.pngname.

21. Copy the S3 Link displayed at the bottom of the window.

22. Open a new web browser tab, paste the link into the address field, and then press
Enter.

Once again, Access Denied will be displayed. You will now configure a Bucket Policy to
grant access to all objects in the bucket without having to specify permissions on each object
individually.

23. Keep this browser tab open, but return to the web browser tab with the S3
Management Console.

24. Click the name of your bucket at the top of the window.

You should see a list of the objects in your bucket. If not, navigate back to your bucket so that
you see the list of objects you have uploaded.

25. Click the Permissions tab.

26. In the Permissions tab, click Bucket Policy

A blank Bucket policy editor is displayed. Bucket policies can be created manually, or they
can be created with the assistance of the AWS Policy generator.
 Before creating the policy, you will need to copy the ARN (Amazon Resource Name) of
your bucket.

27. Copy the ARN of your bucket to the clipboard. It is displayed at the top of the policy
editor:

It should look similar to: arn: aws: s3::: lab-xxxx

28. Click the Policy generator link at the bottom of the page.

A new web browser tab will open with the AWS Policy Generator.

29. In the AWS Policy Generator window, configure the following:

Select Type of Policy: S3 Bucket Policy

Principal: *

This means that anyone will be able to perform the actions in the policy.

Actions: GetObject

The get GetObject action grants permission for objects to be retrieved from Amazon S3.

Amazon Resource Name (ARN): Paste the ARN that you previously copied. At the end
of the ARN, append

The ARN should look similar to: arn:aws:s3:::lab-xxx/*

An Amazon Resource Name (ARN) is a standard way to refer to resources within AWS. In this
case, the ARN is referring to your S3 bucket. Adding /* to the end of the bucket name allows the
policy to apply to all objects with in the bucket.
 30. Click Add Statement.

31. Click Generate Policy.

Your bucket policy is now displayed. It should look similar to: Copy the
policy to your clip board.

32. Close the web browser tab and return to the web browser tab with the
Bucket policy editor.

33. Paste the bucket policy into the Bucket policy editor.

34. Click Save

You have just applied a bucket policy to your bucket. All objects in your bucket should now be
publicly accessible.

35. Return to the browser tab that displayed Access Denied and refresh the page.
 You should now see a picture of the Eiffel Tower. This is because the Bucket Policy
applies to the bucket as a whole, without having to grant individual permissions to each
object individually.

36. Keep this browser tab open, but return to the web browser tabwiththe S3
Management Console.

Task 5: Explore Versioning

Versioning is a means of keeping multiple variants of an object in the same bucket. You can use
versioning to preserve, retrieve, and restore every version of every object stored in your Amazon
S3 bucket. With versioning you can easily recover from both unintended user actions and
application failures.

In this task, you will upload a different version of the Eiffel Tower picture.

37. Right-click this link and save the picture to your computer using the same name:eiffel

While this file has the same name as the previous file, it is a different picture.

38. In the S3 Management Console, click the Overview tab.

39. Click Upload and use the same upload process to upload the new eiffel.pngpicture.

This is the same upload process you used in task 2.

40. Go to the browser tab that has the picture of the Eiffeltower.

41. Take note of the contents of the picture, then refresh thepage.

You should now see a different picture. Amazon S3 always returns the
latest version of an object if a version is not otherwise specified.

You can also obtain a list of available versions in the S3 Management Console.

42. Close the web browser tab displaying the Eiffel Tower.

43. In the Amazon S3 Management Console, click the name of the

eiffel.png object.
44. Click Latest version beside the object name and select the bottom version (which is not the
latest version):

45. ClickOpen

You should now see the first version of the picture using the S3 Management Console.

However, if you try to access the older Eiffel Tower picture using the S3 URL link, you will
receive an access denied message. This is expected in the lab because you only have permission
to access the latest version of the object. In order to access the previous version of the object, you
need to update your bucket policy to have the "s3: GetObjectVersion" permission. Here is an
example bucket policy that allows you to access the older version using thelink.
End Lab

Follow these steps to close the console, end your lab, and evaluate the experience.
46. Return to the AWS ManagementConsole.

47. On the navigation bar,click

<yourusername>@<AccountNumber>, and then click Sign Out.

48. Click EndLab

49. ClickOK

Post-Lab Task:

a) What does Amazon do with my data in Amazon S3?

b) How is Amazon S3 data organized?

 WEEK - 7
To configure amazon Glacier

Pre-Lab Task:

a) What is the use of Glacier in AWS?

b) For what types of data is Glacier best suited in AWS? Explain

 In-Lab Task:

Task 1: Set up AWS account and an Administrator User

If you have not already done so, you must sign up for an AWS account and create an administrator user in the
account.

If you signed up for AWS, but you haven't created an IAM user for yourself, you can create one by using the
IAM console.

The Getting Started exercise in this guide assumes that you have a user with administrator privileges.

To create an administrator user for yourself and add the user to an administrators group (console)

1. Sign in to the IAM console as the account owner by choosing Root user and entering your AWS
account email address. On the next page, enter your password.

Note

We strongly recommend that you adhere to the best practice of using the Administrator IAM user that
follows and securely lock away the root user credentials. In the navigation pane, choose Users and then
choose Add users.
2. For User name, enter Administrator.
3. Select the check box next to AWS Management Console access. Then select Custom password, and
then enter your new password in the text box.
4. (Optional) By default, AWS requires the new user to create a new password when first signing in. You
can clear the check box next to User must create a new password at next sign-in to allow the new user
to reset their password after they sign in.
5. Choose Next: Permissions.
6. Under Set permissions, choose Add user to group.
7. Choose Create group.
8. In the Create group dialog box, for Group name enter Administrators.
9. Choose Filter policies, and then select AWS managed - job function to filter the table contents.
10. In the policy list, select the check box for AdministratorAccess. Then choose Create group.

Note

You must activate IAM user and role access to Billing before you can use
the AdministratorAccess permissions to access the AWS Billing and Cost Management console. Back
in the list of groups, select the check box for your new group. Choose Refresh if necessary to see the
group in the list.
11. Choose Next: Tags.
12. (Optional) Add metadata to the user by attaching tags as key-value pairs. For more information
about using tags in IAM.
 13. Choose Next: Review to see the list of group memberships to be added to the new user. When
you are ready to proceed, choose Create user.

You can use this same process to create more groups and users and to give your users access to your AWS
account resources.

To sign in as the new IAM user

14. Sign out of the AWS Management Console.

15. Use the following URL format to log in to the console:

https://aws_account_number.signin.aws.amazon.com/console/

The aws_account_number is your AWS account ID without hyphen. For example, if your AWS
account ID is 1234-5678-9012, your AWS account number is 123456789012. For information about
how to find your account number. Enter the IAM user name and password that you just created. When
you're signed in, the navigation bar displays your_user_name @ your_aws_account_id.

If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account
alias.

To create or remove an account alias

16. Sign in to the AWS Management Console and open the IAM console
17. On the navigation pane, choose Dashboard.
18. Find the IAM users sign-in link.
19. To create the alias, click Customize, enter the name you want to use for your alias, and then
choose Yes, Create.
20. To remove the alias, choose Customize, and then choose Yes, Delete. The sign-in URL reverts
to using your AWS account ID.

To sign in after you create an account alias, use the following URL:

https://your_account_alias.signin.aws.amazon.com/console/

To verify the sign-in link for IAM users for your account, open the IAM console and check under IAM users
sign-in link: on the dashboard.

Download the appropriate AWS SDK FOR JAVA

To try the getting started exercise, you must decide which programming language you want to use, and then
download the appropriate AWS SDK for your development platform.

The getting started exercise provides examples in Java and C#.

Task 2: To create a vault in S3 Glacier

21. Sign in to the AWS Management Console and open the S3 Glacier console
22. In the left navigation pane, choose Vaults.
23. Choose Create vault.
The Create vault page opens.
24. Under Select a Region, select an AWS Region from the Region selector. Your vault will be
located in the Region that you select.
25. For Vault name, enter a name for your vault.
The following are the vault-naming requirements:
1. A vault name must be unique within an AWS account and the AWS Region in which the vault
is created.
2. A vault name must be between 1 and 255 characters long.
3. A vault name can contain only the following characters: a–z, A–Z, 0–
9, _ (underscore), - (hyphen), and . (period).
26. Under Event notifications, to turn on or off notifications on a vault for when a job is completed,
choose one of the following settings:
1. Turn off notifications – Notifications are turned off, and notifications are not sent to an Amazon
Simple Notification Service (Amazon SNS) topic when a specified job is completed.
2. Turn on notifications – Notifications are turned on, and notifications are sent to the provided
Amazon SNS topic when a specified job is completed.
If you chose Turn on notifications.
If the AWS Region and vault name are correct, then choose Create vault.

Your new vault is now listed on the Vaults page in the S3 Glacier console.

Task 3: Upload an Archive to a Vault in S3 Glacier

27. In this step, you'll upload a sample archive to the vault that you created in the preceding step
(see Task 2). Depending on the development platform that you're using, choose one of the links at the
end of this section.

Important
Any archive operation, such as upload, download, or deletion, requires you to use the AWS Command Line
Interface (CLI) or write code. There is no console support for archive operations. For example, to upload data,
such as photos, videos, and other documents, you must either use the AWS CLI or write code to make
requests, by using either the REST API directly or by using the AWS SDKs.

Task 4: Download an Archive from a Vault in S3 Glacier

28. In this step, you'll download the sample archive that you uploaded previously in Task 3.

Important
Amazon S3 Glacier does provide a console. However, any archive operation, such as upload, download, or
deletion, requires you to use the AWS Command Line Interface (CLI) or write code. There is no console
support for archive operations. For example, to upload data, such as photos, videos, and other documents, you
must either use the AWS CLI or write code to make requests, by using either the REST API directly or by
using the AWS SDKs

Task 5: Delete an Archive from a Vault in S3 Glacier

29. In this step, you'll delete the sample archive that you uploaded in Task 3.

Important
You cannot delete an archive by using the Amazon S3 Glacier console. Any archive operation, such as upload,
download, or deletion, requires you to use the AWS Command Line Interface (CLI) or write code. To upload
data, such as photos, videos, and other documents, you must either use the AWS CLI or write code to make
requests, by using either the REST API directly or by using the AWS SDKs.

Task 6: Delete a Vault in S3 Glacier

A vault is a container for storing archives. To delete an Amazon S3 Glacier vault, you must first delete all
existing archives in the vault as of the last inventory that S3 Glacier computed.

You can delete a vault programmatically or by using the S3 Glacier console.

To delete an empty vault

30. Sign in to the AWS Management Console and open the S3 Glacier console
31. From the Select a Region menu, choose the AWS Region for the vault that you want to delete.
In this getting started exercise, your example vault is in the US West (Oregon) Region.

32. Select the option button next to the empty vault that you want to delete. If the vault is not
empty, you must delete all archives before deleting the vault.

Important: Deleting a vault can't be undone.

33. Choose Delete.

34. The Delete vault dialog box appears. Choose Delete.
To delete a nonempty vault

35. If you're deleting a nonempty vault, you must first delete all existing archives before deleting
the vault. You can do this by writing code to make a delete archive request by using either the REST
API, the AWS SDK for Java, the AWS SDK for .NET or the AWS CLI. For information about deleting
archives.
36. After the vault is empty, follow the steps to delete an empty vault in the preceding procedure.
End Lab

Follow these steps to close the console, end your lab, and evaluate the experience.

37. Return to the AWS Management Console.

38. On the navigation bar,click

<yourusername>@<AccountNumber>, and then click Sign Out.

39. Click EndLab

40. ClickOK

Post-Lab Task:

a) What is the difference between S3 and Glacier?

b) What is the maximum number of Glacier vaults you can create per account per region?

c) How do I transfer data from S3 to Glacier?

 WEEK – 8
To configure Amazon Virtual Private cloud
Pre Lab Task:

a) What are the components of Amazon VPC?

b) What are Internet Gateways in VPC?

In Lab Task:

Task 1: Create an Elastic IP address

Your VPC will launch a NAT Gateway to provide Internet access to private resources. The NAT
Gateway will be assigned a static IP address, known as an Elastic IP address. In this task, you
will create the Elastic IP address.

An Elastic IP address is a public IPv4 address, which is reachable from the Internet. It is a static
IP address, which means that the IP address will not change. You can associate the Elastic IP
address with a resource in your VPC, such as a NAT Gateway or an Amazon EC2 instance. You
retain control of the Elastic IP address until you release it back to AWS.

1. In the AWS Management Console, on the Services menu, click

VPC.

2. In the left navigation pane, click Elastic IPs.

3. Click Allocate new address.

4. Click Allocate.
Your Elastic IP address is displayed. You will use it in the next task.

5. Click Close.
Task 2: Create an Amazon VPC

In this task you will create an Amazon VPC using the VPC wizard. The wizard automatically
creates a VPC based upon parameters you specify. Using the VPC Wizard is much simpler than
manually creating each component of the VPC.

Here is an overview of the VPC you will create:

Each component will be explained in more detail later in this lab.

6. Click VPC Dashboard in the top-left corner. Click Launch VPC Wizard.

The wizard offers four pre-defined configurations. Click each option in the Wizard to view their
definition:

VPC with a Single Public Subnet: A single public subnet connected to the Internet. This is ideal
for applications that operate purely in the AWS cloud.
VPC with Public and Private Subnets: A public subnet for Internet-facing resources and a
private subnet for back-end resources. A NAT Gateway is also launched to provide Internet access
for resources in the private subnet. This is ideal for keeping private resources separate from the
Internet.
VPC with Public and Private Subnets and Hardware VPN Access: A public subnet and a
private subnet, plus a Virtual Private Network (VPN) connection to an existing Corporate Data
Center. This is ideal when you have legacy infrastructure in a data center, which can connect to
the AWS cloud as a combine network.

VPC with a Private Subnet Only and Hardware VPN Access: A private subnet connected to a
Corporate Data Center via a VPN connection. This is ideal for bursting into the AWS cloud to
provide additional resources while remaining totally secure from Internet access. This design is
often used for Development and Testing, where no direct Internet access is required.
 This lab will use the VPC with Public and Private Subnets template.

7. Click VPC with Public and Private Subnets (the second option).

8. Click Select.

You are now presented with parameters to customize the VPC configuration. Configure the
following settings, leaving other fields at their default values:
VPC name:
Public subnet's IPv4 CIDR:
Public Availability Zone: Select the first Availability Zone in the list
Private subnet's IPv4 CIDR:
Private Availability Zone: Select the same availability zone as the public subnet Elastic IP
Allocation ID: Click in the box and select the Elastic IP Address you created earlier

9. Click CreateVPC.

Your VPC will now be created. A status window displays progress. When the VPC completes, a
status window confirms that your VPC has been successfully created. This may take a few minutes
to create.

10. Click O to close the status window and return to the VPC dashboard.

Your newly created VPC is now displayed in the VPC Dashboard. Task 3:

Explore your VPC

In this task, you will explore the VPC components created by the VPC Wizard.

11. In the top-left corner, under Filter by VPC, click in the Select a VPC field and

select MyVPC.

This limits the console display to only show components related to the VPC you created.

12. In the left navigation pane, click Internet Gateways.

The Internet gateway for your VPC will be displayed.

An Internet gateway connects your VPC to the Internet. If the Internet Gateway was not present,
then the VPC would have no connectivity to the Internet.

An Internet gateway is a horizontally scaled, redundant and highly available VPC component. It
therefore imposes no availability risks or bandwidth constraints on your network traffic.

13. In the left navigation pane, click Subnets.

A Subnet is a subset of a VPC. A subnet:

 Belongs to a specific VPC
Exists in a single Availability Zone (while a VPC can span multiple Availability Zones)
Has a range of IP addresses (known as a CIDR range, which stands for Classless Inter-Domain
Routing)

Two subnets will be displayed for your VPC: a Public subnet and a Private subnet.

14. Select the Public subnet.

Examine the information displayed in the lower window pane:

Each subnet is assigned a unique Subnet ID.

The IPv4 CIDR of 10.0.25.0/24 means that the subnet contains the range of IP addresses from
10.0.25.0 to 10.0.25.255. (IPv6 is also supported, but is not part of this lab.)
The subnet only has 250 Available IPs out of 256 possible addresses. This is because there are
several reserved addresses in each subnet and one IP address has been consumed by the NAT
Gateway.
Why is this subnet considered to be a Public subnet? The answer lies in the Subnet
Routing.

15. Click the Route Tabletab.

Each subnet is associated with a Route Table, which specifies the routes for outbound traffic
leaving the subnet. Think of it like an address book that lists where to direct traffic based upon its
destination.

There are two routes in the route table that is associated with your public subnet:
 Route 10.0.0.0/16 | local directs traffic destined for elsewhere in the VPC (which has a range of
10.0.0.0/16) locally within the VPC. This traffic never leaves the VPC.
Route 0.0.0.0/0 | igw- directs all traffic to the Internet gateway.

Routing rules are evaluated from the most restrictive (with the bigger number after the slash) through
to the least restrictive (which is 0.0.0.0/0 since it refers to the entire Internet). Thus, traffic is first sent
within the VPC if it falls within the range of the VPC, otherwise it is send to the Internet. The rules can
further be edited based upon your particular network configuration.
The fact that this subnet is associated with a Route Table that has a route to an Internet gateway
makes it a Public Subnet. That is, it is reachable from the Internet.

16. Click the Network ACL tab.

A network access control list (ACL) is an optional layer of security for your VPC that acts as a
firewall for controlling traffic in and out of subnets.
Network ACLs are normally left with their default settings that allow all traffic in and out of subnets:

Rule 100 Inbound allows all inbound traffic into the Public Subnet. Rule 100

Outbound allows all traffic out of the Public Subnet.

The second line in each rule set shows an asterisk (*) that acts as a
catch-all rule in case traffic does not match any of the earlier rules.
 1. Click the Tags tab.
The subnet has been tagged with the key of Name having the value of Public subnet. Tags help
you to manage and identify your AWS resources.

2. At the top of the window, select Private subnet and ensure that it is the only line selected.

3. Click the Route Table tab.

The Route Table for the Private subnet has the configuration:

Route 10.0.0.0/16 | local is the same as the Public subnet.

Route 0.0.0.0 | nat- directs traffic to the NAT Gateway.

This subnet does not have a route to the Internet gateway. Therefore, it is a
Private Subnet.

4. In the left navigation pane, click NAT Gateways. A NAT gateway is displayed.

A Network Address Translation (NAT) Gateway allows resources inaprivate subnet to connect to the
Internet and other resources outside the VPC. This is an outbound-only connection, which means that
the connection must be initiated from within the private subnet. Resources on the Internet cannot
initiate an inbound connection. Therefore, it is a means of keeping resources private and improving
security for VPC resources.
 5. . In the left navigation pane, click Security Groups.

6. Select the Security Group displayed and click the Inbound Rules
tab. Security groups act as virtual firewall for your instances to control inbound and outbound
traffic. When you launch an Amazon EC2 instance into a VPC, you can assign up to five
security groups to the instance. Security groups act at the instance level and not the subnet
level. Your VPC automatically comes with a default security group. If you do not specify a
different security group when you launch an Amazon EC2 instance, it will use the default
security group.

The default security group permits ALL traffic to access associated resources, but only if the
Source is the default security group. This self- reference might appear strange, but this
configuration simply means that any EC2 instance associated with the default security group
can communicate with any other EC2 instance that is associated with the default security
group. All other traffic is denied. This is a very safe default setting because it limits any
access from other resources.
When adding resources to the VPC, you can create additional security groups to permit
desired access to resources such as web servers, application servers and database servers.

Launching Amazon EC2 instances in this lab is out of the scope of the lab. Please do not attempt to
launch an Amazon EC2 instance. This lab will not allow you to launch EC2 instances.

Conclusion

Congratulations! You now have successfully:

Created an Amazon VPC Using the VPC Wizard. Explored the basic components of a VPC.

End Lab

Follow these steps to close the console, end your lab, and evaluate the experience.

7. Return to the AWS Management Console.

8. On the navigation bar, click

 <yourusername>@<AccountNumber>, and then click Sign Out.

9. Click End Lab

10. Click OK

Post_Lab Task:

Illustrate what is CIDR Routing in VPC?

 WEEK – 9
To configure Amazon Cloudwatch

Pre Lab Task:

a) What is CloudWatch in AWS?

b) Can CloudWatch monitor disk space?

In Lab Task:

To create an alarm using the Amazon EC2 console

1. Open the Amazon EC2.

2. In the navigation pane, choose Instances.
3. Select the instance.
4. On the Monitoring tab located at the bottom of the page, choose Create Alarm. Or, from
the Actions dropdown, choose CloudWatch Monitoring, Add/Edit Alarm.
5. In the Create Alarm dialog box, do the following:
a. Choose create topic. For Send a notification to, enter a name for the SNS topic. For With these
recipients, enter one or more email addresses to receive notification.
b. Specify the metric and the criteria for the policy. For example, you can leave the default
settings for Whenever (Average of CPU Utilization). For Is, choose >= and enter 80 percent.
For For at least, enter 1 consecutive period of 5 Minutes.
c. Choose Create Alarm.
You can edit your CloudWatch alarm settings from the Amazon EC2 console or the CloudWatch console. If
you want to delete your alarm, you can do so from the CloudWatch console

End Lab

6. Return to the AWS Management Console.

7. On the navigation bar, click

<yourusername>@<AccountNumber>, and then click Sign Out.

8. Click EndLab

9. Click OK

Post- Lab Task:

a) What kind of things can you do with CloudWatch logs?

b) How do you set an alarm on CloudWatch?

 WEEK – 10
To configure Amazon Simple notification Service (SNS)

Pre Lab Task:

a) What is use of SNS in AWS??

b) How many messages can SNS handle per second?

In Lab Task:

Task 1: Create a topic

1. Sign in to the Amazon SNS console.
2. In the left navigation pane, choose Topics.
3. On the Topics page, choose Create topic.
4. By default, the console creates a FIFO topic. Choose Standard.
5. In the Details section, enter a Name for the topic, such as MyTopic.
6. Scroll to the end of the form and choose Create topic.
The console opens the new topic's Details page.

Task 2: Create a subscription to the topic

7. In the left navigation pane, choose Subscriptions.

8. On the Subscriptions page, choose Create subscription.
9. On the Create subscription page, choose the Topic ARN field to see a list of the topics in your AWS
account.
10. Choose the topic that you created in the previous step.
11. For Protocol, choose Email.
12. For Endpoint, enter an email address that can receive notifications.
13. Choose Create subscription.
The console opens the new subscription's Details page.
 14. Check your email inbox and choose Confirm subscription in the email from AWS Notifications.
The sender ID is usually "[email protected]".
15. Amazon SNS opens your web browser and displays a subscription confirmation with your
subscription ID.

Task 3: publish a message to the topic

16. In the left navigation pane, choose Topics.

17. On the Topics page, choose the topic that you created earlier, and then choose Publish message.
The console opens the Publish message to topic page.
18. (Optional) In the Message details section, enter a Subject, such as:

Hello from Amazon SNS!

19. In the Message body section, choose Identical payload for all delivery protocols, and then enter
a message body, such as:

Publishing a message to an SNS topic.

20. Choose Publish message.

The message is published to the topic, and the console opens the topic's Details page.
21. Check your email inbox and verify that you received an email from Amazon SNS with the
published message.

Task 4: Delete the subscription and topic

22. On the navigation panel, choose Subscriptions.

23. On the Subscriptions page, choose a confirmed subscription and then choose Delete.

Note: You can't delete a pending confirmation. After 3 days, Amazon SNS deletes it automatically.

24. In the Delete subscription dialog box, choose Delete.

The subscription is deleted.
25. On the navigation panel, choose Topics.
26. On the Topics page, choose a topic and then choose Delete.
27. Return to the AWS Management Console.

End Lab

28. On the navigation bar, click

<yourusername>@<AccountNumber>, and then click Sign Out.

29. Click EndLab

30. ClickOK
Post- Lab Task:

a) Which communication channel does SNS?

b) Can an SNS topic subscribe to another topic?

 WEEK – 11
To configure Amazon Elastic Load Balancer

Pre Lab Task:

a) What is load balancer in AWS?

b) What are the 3 types of load balancers in AWS?

In Lab Task:
Before you start
 Complete the steps in Prepare your VPC and EC2 instances.
 Launch the EC2 instances that you plan to register with your load balancer. Ensure that the security
groups for these instances allow HTTP access on port 80.
 Install a web server, such as Apache or Internet Information Services (IIS), on each instance, enter its
DNS name into the address field of an internet-connected web browser, and verify that the browser
displays the default page of the server.

Task 1: Select a load balancer type

Elastic Load Balancing supports different types of load balancers. For this tutorial, you create a Classic Load
Balancer.

To create a Classic Load Balancer

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. On the navigation bar, choose a Region for your load balancer. Be sure to select the same Region that
you selected for your EC2 instances.
3. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
4. Choose Create Load Balancer.
5. For Classic Load Balancer, choose Create.
Task 2: Define your load balancer

You must provide a basic configuration for your load balancer, such as a name, a network, and a listener.

A listener is a process that checks for connection requests. It is configured with a protocol and a port for front-
end (client to load balancer) connections and a protocol and a port for back-end (load balancer to instance)
connections. In this tutorial, you configure a listener that accepts HTTP requests on port 80 and sends them to
your instances on port 80 using HTTP.

To define your load balancer and listener

6. For Load Balancer name, type a name for your load balancer.
The name of your Classic Load Balancer must be unique within your set of Classic Load Balancers for
the region, can have a maximum of 32 characters, can contain only alphanumeric characters and hyphens,
and must not begin or end with a hyphen.
7. For Create LB inside, select the same network that you selected for your instances: EC2-Classic or a
specific VPC.
8. [Default VPC] If you selected a default VPC and would like to choose the subnets for your load
balancer, select Enable advanced VPC configuration.
9. Leave the default listener configuration.

10. [EC2-VPC] For Available subnets, select at least one available public subnet using its add icon.
The subnet is moved under Selected subnets. To improve the availability of your load balancer,
select more than one public subnet.
Note
11. If you selected EC2-Classic as your network, or you have a default VPC but did not select Enable
advanced VPC configuration, you do not see the user interface to select subnets.
12. You can add at most one subnet per Availability Zone. If you select a subnet from an Availability Zone
where there is already an selected subnet, this subnet replaces the currently selected subnet for the
Availability Zone.
 13. Choose Next: Assign Security Groups.

Task 3: Assign security groups to your load balancer in a VPC

If you selected a VPC as your network, you must assign your load balancer a security group that allows
inbound traffic to the ports that you specified for your load balancer and the health checks for your load
balancer.

Note
If you selected EC2-Classic as your network, you can continue to the next step. By default, Elastic Load
Balancing provides a security group for load balancers in EC2-Classic.
To assign security group to your load balancer

1. On the Assign Security Groups page, select Create a new security group.
2. Type a name and description for your security group, or leave the default name and description.
This new security group contains a rule that allows traffic to the port that you configured your load
balancer to use.

3. Choose Next: Configure Security Settings.

4. For this tutorial, you are not using a secure listener. Choose Next: Configure Health Check to
continue to the next step.

Task 4: Configure health checks for your EC2 instances

Elastic Load Balancing automatically checks the health of the EC2 instances for your load balancer. If
Elastic Load Balancing finds an unhealthy instance, it stops sending traffic to the instance and reroutes
traffic to healthy instances. In this step, you customize the health checks for your load balancer.

To configure health checks for your instances

5. On the Configure Health Check page, leave Ping Protocol set to HTTP and Ping Port set to 80.
 6. For Ping Path, replace the default value with a single forward slash ("/"). This tells Elastic Load
Balancing to send health check queries to the default home page for your web server, such
as index.html.

7. For Advanced Details, leave the default values.

8. Choose Next: Add EC2 Instances.

Task 5: Register EC2 instances with your load balancer

Your load balancer distributes traffic between the instances that are registered to it.

Note
When you register an instance with an elastic network interface (ENI) attached, the load balancer routes
traffic to the primary IP address of the primary interface (eth0) of the instance.
To register EC2 instances with your load balancer

9. On the Add EC2 Instances page, select the instances to register with your load balancer.
10. Leave cross-zone load balancing and connection draining enabled.
11. Choose Next: Add Tags.

Alternatively, you can register instances with your load balancer later on using the following options:

 Select running instances after you create the load balancer.

 Set up Auto Scaling to register the instances automatically when it launches them.
Task 6: Tag your load balancer (optional)

You can tag your load balancer, or continue to the next step. Note that you can tag your load balancer later on;

To add tags to your load balancer

12. On the Add Tags page, specify a key and a value for the tag.
13. To add another tag, choose Create Tag and specify a key and a value for the tag.
14. After you are finished adding tags, choose Review and Create.

Task 7: Create and verify your load balancer

Before you create the load balancer, review the settings that you selected. After creating the load balancer, you
can verify that it's sending traffic to your EC2 instances.

To create and test your load balancer

 15. On the Review page, choose Create.
16. After you are notified that your load balancer was created, choose Close.
17. Select your new load balancer.
18. On the Description tab, check the Status row. If it indicates that some of your instances are not in
service, its probably because they are still in the registration process. For more information.

19. After at least one of your EC2 instances is in service, you can test your load balancer. Copy the string
from DNS name (for example, my-load-balancer-1234567890.us-west-2.elb.amazonaws.com) and
paste it into the address field of an internet-connected web browser. If your load balancer is working,
you see the default page of your server.

Task 8: Delete your load balancer (optional)

As soon as your load balancer becomes available, you are billed for each hour or partial hour that you keep
it running. When you no longer need a load balancer, you can delete it. As soon as the load balancer is
deleted, you stop incurring charges for it. Note that deleting a load balancer does not affect the instances
registered with the load balancer.

To delete your load balancer

20. If you have a CNAME record for your domain that points to your load balancer, point it to a new
location and wait for the DNS change to take effect before deleting your load balancer.
21. Open the Amazon EC2 console.
22. On the navigation pane, under LOAD BALANCING, choose Load Balancers.
23. Select the load balancer.
24. Choose Actions, Delete.
25. When prompted for confirmation, choose Yes, Delete.
26. (Optional) After you delete a load balancer, the EC2 instances associated with the load balancer
continue to run, and you are billed for each hour or partial hour that you keep them running.

End Lab

27. On the navigation bar, click

<yourusername>@<AccountNumber>, and then click Sign Out.

28. Click EndLab

29. ClickOK

Post- Lab Task:

a) How AWS Elastic Load Balancing Works?

 WEEK – 12
To configure Auto Scaling using Load balancer

Pre Lab Task:

a) What is Auto Scaling and Load Balancing?

b) What is difference between ALB and NLB?

c) How many EC2 instances can you have in an Auto Scaling group?
 In Lab Task:

We will learn how to attach an Elastic Load Balancing load balancer to your Auto Scaling group. Amazon
EC2 Auto Scaling integrates with Elastic Load Balancing to help you to insert an Application Load Balancer,
Network Load Balancer, Classic Load Balancer, or Gateway Load Balancer in front of your Auto Scaling
group

You can attach an existing load balancer to an Auto Scaling group when you create or update the group. If you
want to create and attach a new Application Load Balancer or Network Load Balancer at the same time that
you create the group.

Task 1: Attach an existing load balancer as you are creating a new Auto Scaling group

1. Open the Amazon EC2 Auto Scaling console.

2. Choose Create Auto Scaling group.
3. In steps 1 and 2, choose the options as desired and proceed to Step 3: Configure advanced options.
4. For Load balancing, choose Attach to an existing load balancer.
5. Under Attach to an existing load balancer, do one of the following:
a. For Application Load Balancers, Network Load Balancers, and Gateway Load Balancers:
Choose Choose from your load balancer target groups, and then choose a target group in
the Existing load balancer target groups field.
b. For Classic Load Balancers:
Choose Choose from Classic Load Balancers, and then choose your load balancer in
the Classic Load Balancers field.
6. Proceed to create the Auto Scaling group. Your instances will be automatically registered to the load
balancer after the Auto Scaling group has been created.

Task 2: To attach an existing load balancer to an existing Auto Scaling group

Use the following procedure to attach a load balancer to an existing Auto Scaling group.

7. Open the Amazon EC2 Auto Scaling console.

8. Select the check box next to an existing group.
A split pane opens up in the bottom of the Auto Scaling groups page.
9. On the Details tab, choose Load balancing, Edit.
10. Under Load balancing, do one of the following:
a. For Application, Network or Gateway Load Balancer target groups, select its check box
and choose a target group.
b. For Classic Load Balancers, select its check box and choose your load balancer.
11. Choose Update.

Task 3: To detach a load balancer from a group

 12. Open the Amazon EC2 Auto Scaling console
13. Select the check box next to an existing group.
A split pane opens up in the bottom of the Auto Scaling groups page.
14. On the Details tab, choose Load balancing, Edit.
15. Under Load balancing, do one of the following:
a. For Application, Network or Gateway Load Balancer target groups, choose the delete (X)
icon next to the target group.
b. For Classic Load Balancers, choose the delete (X) icon next to the load balancer.
16. Choose Update.

Use the following procedure to create and attach an Application Load Balancer or a Network Load Balancer
as you create your Auto Scaling group.

Task 3: To create and attach a new load balancer as you create a new Auto Scaling group

17. Open the Amazon EC2 Auto Scaling console.

18. Choose Create Auto Scaling group.
19. In steps 1 and 2, choose the options as desired and proceed to Step 3: Configure advanced
options.
20. For Load balancing, choose Attach to a new load balancer.
a. Under Attach to a new load balancer, for Load balancer type, choose whether to create an
Application Load Balancer or Network Load Balancer.
b. For Load balancer name, enter a name for the load balancer, or keep the default name.
c. For Load balancer scheme, choose whether to create a public internet-facing load balancer, or
keep the default for an internal load balancer.
d. For Availability Zones and subnets, select the public subnet for each Availability Zone in
which you chose to launch your EC2 instances. (These prepopulate from step 2.).
e. For Listeners and routing, update the port number for your listener (if necessary), and
under Default routing, choose Create a target group. Alternatively, you can choose an
existing target group from the drop-down list.
f. If you chose Create a target group in the last step, for New target group name, enter a name
for the target group, or keep the default name.
g. To add tags to your load balancer, choose Add tag, and provide a tag key and value for each
tag.
21. Proceed to create the Auto Scaling group. Your instances will be automatically registered to the
load balancer after the Auto Scaling group has been created.

Note

After creating your Auto Scaling group, you can use the Elastic Load Balancing console to create
additional listeners. This is useful if you need to create a listener with a secure protocol, such as
HTTPS, or a UDP listener. You can add more listeners to existing load balancers, as long as you use
distinct ports.
 End Lab

22. On the navigation bar, click

<yourusername>@<AccountNumber>, and then click Sign Out.

23. Click EndLab

24. ClickOK
Post- Lab Task:

a) What are the first 2 steps of using Amazon EC2 Auto Scaling?

b) How does AWS Auto Scaling work?

c) What triggers Auto Scaling?