Printed by: [email protected]. Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted. © 2023 Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Corrections, feedback, or other questions? Contact us at hitps://support.aws.amazon.com/#/contacts/aws-training. All trademarks are the property of their owners. Printed by: sathwickdutt [email protected]. Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted.[AWS Teaning and Centicaion ‘Archtecting en ANS Contents Lab 1: Explore and interact with the AWS Management Console and AWS CLI 4 Lab 2: Build your Amazon VPC infrastructure at Lab 3: Create a database layer in your Amazon VPC infrastructure 55 Lab 4: Configure High Avaitabilty in your Amazon VPC n Lab 5: Build 2 Serverless Architecture ” 3 Lab 6: Configure an Amazon CloudFront distribution with an Amazon/$3 origin 113 > Lab 7: Capstone Lab , 198 . (©2023 amazon Wa Serots, reo te alates. A ight reserved a Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL AWS training and ~ =) certification Lab 1: Explore and interact with the AWS Management Console and AWS CLI © 2023 Amazon Web Services, Inc. or its affiliates. Al rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission trom Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. All trademarks are the property of their owners. Nei ot ina ay pes, iy, 6 connie ternggs gS environment. Information entered may be visible to others. Corrections, feedback, or other questions? Contact us at AWS Training and Certfication. Lab overview ‘The Amazon Web Services (AWS) environment is an integratae’Collection of hardware and software services designed to provide quick and inexpensive use of resources. The AWS API. \y Sits atop the AWS environment. An API represents a wayo communicate with a resource. ‘There are different ways to interact with AWS resources. but all interaction uses the AWS.API: The AWS Management Console provides:a simple web interface for AWS. The AWS Command Line Interface (AWS CLI) is a unified tool to manage your AWS services through the command line. Whether you access AWS thicugh the AWS Management Console or using he command line tools, you are using tools that make calls to the AWS API. This lab follows the Architecting Fundamentals module, which focuses of thé core requirements for creating workloads in’ AWS. This lab reinforces module discussions Othe what, where, and the how of building AWS workloads. Students first explore the featutesiof the AWS Management Console and then use the Amazon Simple Storage Service (Amazon $3) API to deploy and test connectivity to an Amazon $3 bucket using two different methods: + AWS Management Console + als cl Objectives , ‘After completing this lab, you should be’able to do the following: ‘+ Explore and interact with the AWS Management Console. © Create resources using the AWS Management Console. * Explore and interact, with the AWS CLI. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, ‘ Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL ‘+ Create resources using the AWS CLI. Prerequisites ‘This lab requires the following: '* Access to a notebook computer with Wi-Fi and Microsoft Windows, macOS, or Linux (Ubuntu, SuSE, or Red Hat) ‘+ An internet browser such as Chrome, Firelox, or Microsolt Edge + Aplaintext editor Duration ‘This lab requires approximately 35 minutes to complete, AWS services not used in this lab AWS services not used in this lab are digabled in the lab environment. in addition, the Capabilities of the services used in ths lab are limited to only what the lab requires. Expect errors when accessing other services or performing actions beyond those provided in this fab guide, Lab environment ‘The lab environment provides you with the following resources to'get siarted: an Amazon Virtual Private Cloud (Amazon VPC), the necessary underlying network structure, a security group allowing,the HTTP protocol over port 80, an Amazon Elastic Compute Cloud (Amazon EC2) instancé with the Amazon CL! installed, and an assogiated Amazon EC2 instance profile. The instance profile contains the permissions necessary to allow Session Manager, a capabilty of “AWS Systems Manager, to access the Amazon C2 instance. The following diagram shows the interactive flow of the AWS API for creating AWS services and resources used in the lab through the, AWS Management Console and AWS CLI. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, . Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL ‘is sionen cane & — | = = Start lab 1. To launch the lab, at the top of the page, choose Start Lab. ‘This starts the process of provisioning the lab resources An estimated amount of time 10 provision the lab resources is displayed. You must wail for.the resources to be provisioned. before continuing, © I you are prompted for a token, use the one disinbuted to you (or credits you have purchased), 2, To open the lab, choose Open Cofisble. ‘The AWS Management Console_sign-in page opens in a new web browser tab, 3, On the Sign in as 1AM user page= + ForlAM user name, énter avestudent. ‘+ For Password, Copy and paste the Password value listed to the lelt of these instructions. * Choosessign in. 4, Do not change the Region unless instructed. Common sign-in errors Error: You must first sign out Amazon Web'Services Sign In You must first 10g out before logging into a different AWS account. Tolegne idee] (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, ‘ Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Ifyou see the message, You must first log out before logging into a different AWS, account: © Choose the click here li ‘+ Close your Amazon Web Services Sign In web browser tab and rel to your intial ab page. '* Choose Open Console again. In some cases, certain pop-up or script blocker web browser extensions might prevent the Start ‘Lab button from working as intended. if you experience an issue starting the lab: ‘* Add the lab domain name to your pop-up or,$Cript blocker’s allow list or turn it off. ‘© Refresh the page and try again. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 7 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Task 1: Explore and configure the AWS Maopenement Console In this task, you explore the AWS Management Console and the uned search too. You then Configure the Region. widgets, and services. © Additional information: The AWS Management Console provides secure login using your ‘AWS account root user credentials or AWS Identity and AGCess Management (IAM) account ctedentials. When you first sign in, the user credentials fare authenticated and the home page is displayed. The home page provides access to eachservice console and offers a single place to latcess the information you need to perform yourAWS related tasks. Task Choose an AWS Region {In this task, you choose an AWS Reglonithat specifies where your resources are managed. Regions are sets of AWS resources located in the same geographical area. 4, On the navigation bar, chose the Region selector displayed at the top-right corner of the console, and then choose the Region to which you want to switch. ‘The Region on the console home page is now changed to the Region you chose. ‘4, Caution: If the chosen Region opens up a different wabpaga instead of the console home page, choose Cancel and try to choose a diferent Region. Next, you configure the default Region. 4 5, 21. In the Favorites list, deselect the star next to the name ofa service you wish to remove. Note: Altematively, in the Recently visited list or All sefvices isi, deselect the star next to the ‘name of a service that isin your Favorites ist. Task 1.4: Open a console for a service 22. On the navigation bar, choose Seryiées to open a full list of services. 23. Choose a service under Favorites or Recently visited or All services to quickly navigate toa spectfc service. ‘The chosen service console page is displayed. 24. Choose the AWS logo ‘displayed in the upper-left-hand comer to retum to the AWS ‘Management Console home page. Task 4.5: Create and use widgets {n.this task, you learn about the widgets that display important information about your AWS. {6rvitohment and provide shortcuts to your services, You can customize your experience by adding and removing widgets, rearranging them, or changing their size. 25. To add a widget, configure the followirig: © Choose + Add widgets on the bottom-right side of the page. ® Tip: Altematively, choose Actions. on the upper-right side of the page, and then choose Add widgets from the dropdoiin menu. The Add widgets window is displayed. 26. In the Add widgets menu, choose the widgets that you want to add to the console, and then choose Add. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 10 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL ‘A message is displayed on the page with the following message: © Added the widget “Favorites”. Find it at the bottom of your Console Home. Click and drag to reorder your widgets, or change a widge''s size using the widget menu. 27. To rearrange a widget, contigure the following: ‘+ Choose the title bar at the top of the widget, for example, Favorites, and then drag the widget to a new location on the console page. 28. To resize a widget, configure the following: ‘+ Choose the Recently Visited widget. ‘+ Inthe upper-right corner of the widget, choose the widget actions ellipsis icon, represented by three vertical dots. + Choose Change size. ‘The Change size window Is displayed. ‘© On the Change size menu, choose your preferréd View for this widget, and then choose’ Change size, Note: You cannot adjust the size of the Welatne to AWS, Explore AWS, and AWS Health widgets. y 28. To remove a widget, configure the following: ‘+ Choose the Welcome to AWS widget, . ‘+ Inthe upper-right Garner of the widget, choose the widget actions ellipsis icon, represented by three vertical dots.) + Choose Remove widget. CongratulationsyYou have explored the AW'S Managment Console and leamad to customize your console home screen. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, " Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Task 2: Create an Amazon S3 bucket using the AWS Management Console In this task, you create and configure a new Amazon S3 bucket in the LabRegion using the ‘AWS Management Console. © Additional information: Amazon S3 is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers can usé Amazon S3 to store and protect any amount of data for a range of use cases, such as datalakes, websites, mobile applications, backup and restore, archive, enterprise applications, Infeftiat of Things (loT) devices, and big data analytics. = ———- as sence , eae 30. On the Services meflu, chodse All Services. 31. On the lett navigjation hen, scroll down the list and choose, Storage. 32. From the Storage list, choose $3. Note: Yo6 can albo search for $3 in the unified searcitbar Search for services, features, marketplave products, and docs at the top of the console. 33TH the: navigation pane on the left-hand side.of the console, choose Buckets. “34. Choose Create bucket a The Create bucket page is displayed. 35. In the General configuration section, for Bucket name, name your bucket Labbucker~ NUMBER. a Replace NUMBER in the bucket name with a random number, This ensures that you have a unique name. ‘+ Example bucket name: Labbucker~987987 (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL ‘Amazon S3 bucket names must be globally unique and Domain Name System (ONS) compliant, For complete bucket naming rules, see the official Bucket naming rules documentation. 36. The AWS Region should match the LabRegion value found to the left of these lab instructions. 37. Leave all other settings on this page as the detault configurations. 38. Choose Create bucket at the bottom of the seroen. © Additional information: In terms of implementation, you can create a bucket using the ‘Amazon S3 API, but you performed the same operation using the Amazon $3 Console instead. ‘The console uses the Amazon $3 APIS to send requests to Amazon Sd» ‘A message is displayed on the page with the following message © Successtuily created bucket “labbucketscoxx’ ‘The $3 console is displayed. The newly created bucket displayed among the list ofall the buckets for the account. Congratulations, you have created a new Amazoh $3 bucket with the default configuration. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 18 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Task 3: Upload an object into the Amazon S3 bucket using the S3 console In this task, you upload an object into the previously created $3 bucket using the S3 console. 39. To open the context menu, right-click on this image ink and choose the option to save the image to your computer. + Name your file similar to SampleFile.jog. Note: The method to save files varies by web browser. Choose the appropdately worded option from your context menu. 40. In the $3 console, choose the labbucket-xxxxx bucket. 41. Choose Upload. The Upload page is displayed. 42. Choose Add files, 43. Browse to and choose the SampleFile.jpg picture you downloaded. 44. Choose Upload. ‘A message is displayed on the page With the following message: + Upload succeeded. 45. Choose Close. - Congratulations, you Haye uploaded an object into the Amazon, S3 bucket (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “4 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Task 4: Create an Amazon S3 bucket and upload an object using the AWS CLI In this task, you use the AWS CL! to create an Amazon $3 bucket. The AWS CLI is an open Source tool that you can use to interact with AWS services using ¢ommands in your command line shell Task 4.1: Create a connection to the Command Host using Session Manager ‘An Amazon EC2 instance preconfigured with the AWS CLI has been provided for you to use in this lab, It has the name Command Host. Se ‘48, From the AWS Management Console; \ise the AWS search bar to search for =¢2 and than choose the service from the list of fesults. Note: The unified search bar is located to the right of the Services menu, and itis labeled the following: ‘Search for services, featurés,"marketplace products. and docs. 4 Caution: This lab is designed to use the new EC2 Console. If you see New EC2 Experience in the top-left corner of your screen, ensure New EC2 Experience is solected, 47. In the navigation pane on the left-hand side of the console, choose Instances. 48, Select @ Command Host. 49. Choose Connect. The Connect to instance page is displayed. 50. Choose the Session Manager tab. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 16 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL © Additional information: With Session Manager, you can connect to Amazon EC2 instances without having to expose the SSH port on your firewall or Amazon Virtual Private Cloud (Amazon VPC) security group. For more complete information about this feature, see AWS ‘Systems Manager Session Manager. 51. Choose Connect. Note: Alternatively. you can copy the GommandHostSessionUr! value {rom the lett side of these lab instructions and paste it in a new browser tab. The terminal for the Command Host instance opens. ‘A. new browser tab or window opens with a connection to the Comifiand Host instance. Task 4.2: Use high-level S3 commands with the AWS CLI In this task, you access the high-level features of Amazon $3 using the AWS CL. '52. Enter the following command in your Commafid Host session: © Tip: To copy the command, hover on it and choose the copy icon. Paste the command in the Command Host session. © The following Is command lists allt the buckets owned by the user. Porcery 53. Copy the following command to a text editor, replace NUMBER with thé random number you chose for your buckat, and paste the command in the Command Host Session. © The following mbycommand creates a bucket. fave 83 mb 93://labelibucket-NuMBER ‘+ Example'blioket name: ladoltxicket-787787 54. To run the modified command in your Command Host session, press Enter. + /Saifiple output: make_bucket: labclibucket-xx00e “Note: To simplify the instructions in this lab/ this newly created bucket will be referred to as the labclibucket-NUMBER for the remaindsr of the instructions, regardiess of what bucket name you actually choose in this step. 55. Enter the following command j'your Command Host session: ave 53 1s ‘You will notice the newly éréated bucket in the output lst. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, ‘6 Printed by: sathwickdutt [email protected]., Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL 56. Copy the following command to a text editor, replace labolibucket:- NUMBER with the name of the $3 bucket you created in the previous step, and paste the command in the Command Host sossion. © The following ep command copies a single file to a spectfied bucket. ave 23 op /home/asa-user/ReppyFece. jpg 93: //Iabclibucket-WOMBER 57. To 1un the modified command in your Command Host session, press Enter, ‘+ Sample output: upload: /HappyFace jpg to s3//labcibucket-noee/HappyFace. jpg 5B. Copy the following command to a text editor, replace labelibuoket: NUMBER with the name of the $3 bucket you created in the previous step, and paste,the Command in the Command Host session, © The following Is command lists objects under a specified Bucket. ave 93 Lp 23://labelibucket-MIMBER ‘You will notice the uploaded object in the newly creatéd bucket in the output list. Youcan-ciose the browser tab. ‘As demonstrated in this task, the high-evel/Amazon S3 commands simplity managing Amazon 'S3 objects. Using these commands, you can manage the contents of Amazon SSrwithin itself and with local directories. The S3 commands are built on top of the operatiohs found in the S3 ‘API commands. } Congratulations, you have used the AWS CLI to create, list, and copypobjects into the Amazon 'S3 bucket (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 7 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Conclusion ‘& Congratulations! In this lab, you leamed how to do the following: * Explore and interact with the AWS Management Console. ‘© Create resources using the AWS Management Console. ‘+ Explore and interact with the AWS CLI. © Create resources using the AWS CLI. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, Printed by: sathwickdutt [email protected]., Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Lab complete 5 Congratulations! You have completed the lab. End lab Follow these steps to close the console, end your lab, and evaluate your lab experience. 59. Return to the AWS Management Console. 660. At the upper-right comer of the page, choose awsstudent@ , and then ‘choose Sign out. 61. Choose End Lab. 62. Choose Submit. 63. (Optional) ‘+ Select the applicable number of stars. to rate your lab experience © 1 star= Very dissatisfied © 2stars = Dissatistied pr © Bstars = Neutral f © 4>stars = Satisfied © Ssstars = Very satisfied Enter a comment + Choose Submit. ‘You can cjasiathe window it you don't want to provide feedback. For mor¢ information about AWS Training and Certiication, see https:/aws.amazon.comraining/. Your feedback is welcome and appreciated. I'y0u would ike to share any feedback, suggestions, or corrections, please provide the details in our AWS Training and Certification Contact Form, (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 16 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention |L2b 1: Explore and interact wf the AWS Management Console and AWS CL Appendix References © What is the AWS Management Console? * Whalis the AWS Command Line Intertace? + AWS Systems Manager Session Manager (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected]., Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre AWS training and ~ =) certification Lab 2: Build your Amazon VPC infrastructure © 2023 Amazon Web Services, Inc. or is affiliates. All rights reserved, This work may not be reproduced or recistributed, in whole or in part, without prior written permission trom Amazon Web Service, Ine. Commercial copying, lending, seling ie probed ANiipsomarts are the property of their owners. Note: Do net include any personal, identifying, or confidential Hees" into the lab environment. Information entered may be visible to others. - Corrections, feedback, or other questions? Contact us at, ww, Training and Certfication. Lab overview . - ‘As an AWS solutions architect, tis important that you, ufiderstand the overall functionalityand Capabilities of AWS, and the relationship between the AWS networking components. In this lab, you create an Amazon Virtual Private Cloud (VPC), a public and a private subnet in'asingle Availability Zone (AZ), public and private foutes, a NAT gateway, and an intemet gateway. These services are the foundation of net architecture inside of AWS. Thig-architecture dosign covers concepts of infrastructute, désign, routing, and security. The following image shows thefinal achitecture for this lab environment Bix ye os Pc ase ) oe = ee eae | mae oe = Objectives YY After completing this lab, you'should know how to do the following: © Create an Amazon VPE. ‘+ Create public and private subnets. (©2023 Amazon Wb Sones, reo” ts alas. Alright reserved, a Printed by: sathwickdutt [email protected]., Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre ‘© Create an internet gateway. * Configure a route table and associate it to a subnet. * Create an Amazon Elastic Compute Cloud (Amazon EC2) instance and make the instance publicly accessible. + Isolate an Amazon EC2 instance in a private subnet * Create and assign security groups to Amazon EC2 instances. ‘© Connect to Amazon EC2 instances using Session Manager, a.capabilty of AWS Systems Manager. Prerequisites This lab requires the folowing: ‘+ Access to a notebook computer with Wi (Ubuntu, SuSE, oF Red Hat) and Microsolt Windows, macOS, or Linux: © An internet browser, such as Chrome, Firefox, or rosoft Edge ~ ‘= Aplaintext editor f . Duration ‘This lab requifs.up to 48*minutes to complete. Scenario _/ ” ‘Your team has been tasked with prototyping an atchiteciure for a new web-based application. Toefine your architecture, you need 1o have's Better understanding of public and private subnets, routing, and Amazon EC2 instance Sptions.. Start lab 1. Te launch the lab, at the top St the page, choose Start Lab. ‘This starts the process of provisioning the lab resources. An estimated amount of time to provision the lab resources is displayed. You must wail for the resources to be provisioned before continuing © If you are prompted for a token, use the one distributed to you (or credits you have purchased) 2, To open the lab, choose Open Console. ‘The AWS Management Console sign-in page opens in a new web browser tab. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre 3. On the Sign in as 1AM user page: + ForlAM user name, enter aysstudent, «For Password, copy and paste the Password value listed to the left ofthese instructions. + Choose Sign in. 4, Do not change the Region unless instructed. Common sign-in errors Error: You must first sign out Amazon Web Services Sign In You must first log out before logging into a different AWS account. To e924 Ifyou see the message, You must first log out before logging into a different AWS account: © Choose the click here link. ‘+ Close your Amazon Web Services Sign In web browser tab and retum to your initial lab page. ‘+ Choose.Qpen Console again. In some‘Gases, cenain pop-up or script blocker web bfowser extensions might prevent the Start Lab button {rom working as intended. if you experience an issue starting the lab: @ Add the lab domain name to your pop-up or Script blocker's allow list or turn it ff. ‘+ Refresh the page and try again. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, n Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 1: Create an Amazon VPC in a Region In this task, you create anew Amazon VPC in the AWS Cloud. © Additional information: With Amazon VPC, you can provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address ranges, creation of subnets, and configuration of route tables and network gateways. You can aiso leverage the enhanced security options in Amazon VPC 1o provide more granular ‘access to and from the Amazon EC2 instances in your virtual network. 4, From the AWS Management Console, use the AWS search bar io search for vec and then choose the service from the list of results. Note: Th unilied search bar is located to the right of the Services manu, and itis labeled the followings ‘ /S88r¢h for services, features, marketplace products, and docs. ‘Caution: Verity that the Region displayed/in the top-right comer of the console is the same as the Region value on the left side of this lab page. | Caution: This ab is designed toruse the new VPC Console. it New VPC Experience is dispiayed at the top-left corner of your scteen, ensure New VPC Experience is selected. Note: The VPC managerfient console offers a VPC Wizard, which can automatically create several VPC architectures. However, in this lab you create the VPC components manualy. 5. Inthe left navigation pane, choose Your VPCs. list of your VPCs displays. A default VPC is provided so that you can launch resources as. Soon as you start using AWS. 6, Choose Create VPC and configure the following: (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre ‘+ Resources to create: Choose VPC only + Nametag: Leb veo ‘+ IPv4 CIDR block: 0.0.0.0/16 7. Choose Create VPC. The VPC Details page is displayed. 8. Verify the state of the Lab VPC. It should display the following: + State: Available © The lab VPC has a Classless Inter-Domain Routing (CIDR)sarige of 10.0.0.0/16, which includes all IP addresses that start wth 10.0.x.x. This range contains over 65,000 addresses. You later divide the addresses into separate subnets. 9. From the same page, choose Actions ¥ and choose Edit VPC settings. This option assigns a friendly Domain NamSystem (ONS) name to Amazon EC2 inetarces in the VPC, such as the folowing: (002-52-42-133-255.us-wost2.compute.amazonaws.com 10. Select @ Enable DNS hostnames. 11. Choose Save. ‘Any Amazon EG2 instariees launched into this Amazon VPC. flow automatically receive a DNS hostname. You Gan also create a more meaningful DNS name (for example, app.company.com) sing records in Amazon Route 53. ‘You have successfully created your own VPC andinow you can launch the AWS resources in this defined virtual network. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 8 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 2: Create public and private subnets In this task, you create a public subnet and a private subnet in the lab VPC. To add a new subnet to your VPC, you must specify an IPv4 CIDR block for the subnet from the range of your \VPC. You can specify the Availabilty Zone in which you want the subnet to reside. You can have multiple subnets in the same Availability Zone ( Note: A subnetis a sub-range‘6fiP addresses within a network. You can laurich AWS. resources into a specified subnet. Use a public subnet for resources that miust be connected to the internet, and use a private|subnet or resources that are to remain isolated from the intemet. Task 2.1: Create your public subnet ‘The public subnet is for intemet-facing resources. 12. In thé left navigation pane, choose Subnets. 13<@hoose Create subnet and configure the folowing: ‘© ) VPC: Choose Lab VPC. ‘© Subnet name: Enter Public subi ‘© Availability Zone: Solect the firét Availability Zone in the list. (Do not choose No Preference.) ‘© IPv4 CIDR block: Enter 10.0.0.0/24. 14. Choose Create subnet 15. Vority the stato. It should display the following: + State: Available (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 28 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Note: The VPC has a CIDR range of 10.0.0.0/16, which includes all 10.0.x.x IP addresses. The subnet you just created has a CIDR range of 10.0.0.0/24, which includes all 10.0.0.x IP addresses. These ranges may look similar, but the subnet is smaller than the VPC because of the /24 in the CIDR range. Now, configure the subnet to automatically assign a public IP address for all instances launched within it 16. Select @ Public Subnet. 17. Choose Actions ¥ and choose Edit subnet settings. 18. Select @ Enable auto-assign public IPv4 address 19. Choose Save. Note: Even though this subnet is named Public Subnet, it®hot yet public. A public subnet ‘must have an internet gateway and route to the gateway: You create and attach the intemet gateway and route tables in this lab. Task 2.2: Create your private subnet ‘The private subnet is for resources that are.to remain isolated from the internet, 20. Choose Create subnet and then configure the following: '* VPC: Choose Lab VPC: ‘+ Subnet name: Enter Private Subnet. ‘* Availability Zone: Select the first Availability Zone in thelist. (Do not choose No Preference.) ‘© IPv4 CIDR block: Enter 10.0 21. Choose Create subnet 22. Vey the state. It should display the following: © State: Available Note: The CIDR block of 10.0.2.0/23 includes all IP addresses that start with 10.0.2. and 10.0.3.x. This is twice as largelag the public subnet because most resources should be kept private, unless they specifically need to be accessible from the internet. Your VPC now has two'Sbbnets. However, these subnets are isolated and cannot communicate with resources outside the VPC. Next, you configure the public subnet to connect to the internet via an internet gateway. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted.AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 3: Create an internet gateway In this task, you create an internet gateway so that internet trafic can access the public subnet. To enable access to or from the internet for instances in a subnet in a VPC, you create an lnteret gateway and attach it to your VPC. Then you add a route to your subnet's route table that directs internet-bound traffic to the internet gateway. © Additional information: An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. 23. In the left navigation pane, choose internet Gateways. 24. Choose Create internet gateway and configure the following: + Namo tag: Enter tab r6%, 25. Choose Create intemet gateway. ‘You can now attach the internet gateway to your Lab VBC. 28. From the same page, choose Actions ¥ and choose Attach to VPC. 27. For Available VPCs, choose Lab VPC. 28. Choose Attach internet gateway 29. Verify the state. It should displaythe'folowing: + State: Attached ‘The internet gateway is now/attached to your Lab VPC. Even though you have created an internet gateway and atiéched it to your VPC, you must iso configure. the route table of the Public subnet to use the internet gaieway. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 4: Route internet traffic in the public subnet to the internet gateway In this task, you create a route table and add a route to the route table to direct internet-bound trafic to your intermet gateway and associate your public subnets with your route table. Each subnet in your VPC must be associated with a route table; the table controls the routing for the ‘subnet. A subnet can only be associated with one route table at a time, buf you can associate ‘multiple subnets with the same route table. ba © Additional information: A route table contains a set of rules, called routes, that are used to determine where network traffic is directed. To use an intemet gateway, your subnets route table must contain a route that directs internet-bound traffic to the linternet gateway. You can ‘Scope the route to all destinations not explicitly known to.ahé!foute table (0.0.0.0/0 for IPv4 or '=I0 for IPv6), or you can scope the route to @ narrower fange of IP addresses. If your subnet is associated wih a route table that has a route to an jntetniet gateway. i's known as a public, subnet. 30. In the left navigation pane, choose Route Tables. ‘There is currently one default route tablé“asociated with the VPC, Lab VPC. This routes traffic locally. You now ereate an additionalfolte table to route public traific to your intemet Gateway. 31. Choose Create route table and then configure the following: © Name: Enter Public RBute Table. + VPC: Choose Lab VPC. 32. Choose Creaté route table. 33. Choose the Routes tab in the lower haif of the page. Note: There is one route in your route table that allowS traffic within the 10.0.0.0/16 network to flow within the network, but it doos not route traffic outside of the network. You now/add a new route to enable public trafic! 34. Choose Edit routes. * 35. Choose Add route and then contigare the following + Destination: Enter 2.0.0.0/0. + Target: Choose Internet Gateway in the dropdown menu and then choose the displayed internet gateway ID. 36. Choose Save changes. 37. Choose the Subnet Associations tab. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2» Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre 98. Choose Edit subnet associations. 39. Select @ Public Subnet 40. Choose Save associations. You have configured the route table. The subnet is now public because it has a route to the intemet via the internet gateway, (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2% Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted.AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 5: Create a public security group In this task, you create a security group so that users can access your Amazon EC2 instance. ‘Security groups in a VPC specify which traffic is allowed to or from an Amazon EC2 instance. © Additional information: You can use Amazon EC2 security groups to help secure instances within an Amazon VPC. By using security groups in a VPC, you can specify both inbound and outbound network traffic that is allowed to or from each Amazon EC2 intance. Tralfic that is not explicitly allowed to or from an instance is automatically denied. Security: It is recommended to use HTTPS protocol to improvél web tralfic security. However, to simplify this lab, only HTTP protocol is used. 41. In the left navigation pane, choose Security Groups. 42. Choose Create security group and then configif® the following: ‘+ Security group name: Enter Pubic sc. © Description: Enter Allows incopffiy traffic to public instance. «VPC: Select the X to clear the téxt boand then choose Lab VPC from the drofidown menu. 43. In the Inbound rules sects, Choose Add rule and configure the following: ‘© Type: Choose HTTP fromthe dropdown menu. ‘© Source: Choose,Anywhere-IPv4 from the dropdown menu 44. In the Tags section, choose Add new tag and configure the following: «Key: £fiBtlvame. «Value? Enter Public sc. 48. Chobse Croato security group. ‘You have successtully created a security group that allows HTTP traffic. You need this in the ‘next task when you launch an Amazon EC2 instance in the public subnet. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, a Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 6: Launch an Amazon EC2 instance into a public subnet In this task, you launch an Amazon EC2 instance into a pubic subnet. To enable communication over the internet for IPv4, your instance must have a public IPv4 address that's associated with a private |Pv4 address on your instance. By default, your instance is only aware: of the private (internal) IP address space defined within the VPC and subnet. o See secant 4 © Additional information: Tre intemet gateway that you ereatedociclly provides the one-to-one NAT haf of your instance. So when traific leaves. your VPC subnet and goes to the internetythe reply address. iold is sotto the public [Pv4 addr886 or Elastic IP addross of your instafic®, and not its private IP addross. . 49. From the AWS Management Console, use the AWS seafch’bar to search for &c2 and then choose the service from the list of results. 4 Caution: This lab is designed to use the new EC2 consble. If you see New EC2 Experience in the top-lelt;comer of your screen, ensure New EC2 Experience is selecied. ‘The Amazon EC2 Management Console is displayed, Task Begin the instance configuration 47. From the console navigation mend on the left, choose EC2 Dashboard. 48. From the Launch instanee Section, choose the Launch instance ¥ dropdown menu. 49. Choose Launch instagée. The Launch an instanée page is displayed. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task Add tags to the instance You can use tags to categorize your AWS resources in different ways, such as by purpose, ‘owner, or environment. You can apply tags to most AWS Cloud resources. Each tag consists of ‘a key and a value, both of which you define. One use of tags is for when you must manage ‘many resources of the same type. You can quickly search for and identify a specttic resource by the tag you have applied toi. In this task, you add a tag to the Amazon EC2 instance. 50. Locate the Name and tags section. 51. In the Name field, enter Public Instance This name will appear on the instance in the Amazon EC2 Mafagement Console. No additional instance tags are required for this lab) Task 6.3: Select an Amazon Machine Image (AMI) In this task, you choose an AMI. The AMI contains a copy of the disk volume used launch the instance, 52. Locate the Application and OS'images (Amazon Machine Image) sétton. 53. Ensure that Amazon Linu is selected as the OS. . 54. Ensure thal Amazon’Linux 2 AMI is selected in the dropdowh menu. Task 6.4: Choose the Amazon EC2 instance type Each instance type allocates a specific combination of virtual CPUs (vCPUs), memory, disk storage, and network performance. For this lab, use @ t3.micro instance typé"This instance type has 2 vCPUs and 1 GiB of memory. 55. Locate the Instance type Section. 56. From the Instance type Uropdown menu. choose t3.micro. Task 6.5: Configure key pair for login 57. Locate the Key pair (login) section, 58. From the Key pair name - required dropdown menu, choose Proceed without a key pair (Not recommended) ¥. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 6.6: Configure instance networking 59. Locate tho Network settings section 60. Choose Edit 61. Configure the following settings from the dropdown menus: ‘+ VPC - required: Choose Lab VPC. + Subnet: Choose Public Subnet. ‘+ Auto-assign public Choose Enable, Task 6.7: Configure instance security groups You can use security groups to define both the allowed/denied and the inbound/outbound traf for the elastic network interface. The ptwork intertace is attached to an Amazon EG? instance. Port 80 is the default port for HTTPitralfic)and itis necassary for the web server You launch in this lab to work correctly, 62. Choose Select existing security group. 63. From the Common Security groups dropdown menu, choose the’ Security group that has a name lke Public SG. Task 6.8: Add storage ‘You can uSe the Configure storage section to modify ephemeral instance storage and add additional Amazon Elastic Block Store (Amazon EBS) disk volumes attached to the instance. TheEBS volumes can be configured in both their size and performance. {nithis lab, the default storage settings are ail that is needed. No changes are required. Task 6.9: Configure user data 64. Locate and expand the ® Advanced details section. 65. From the IAM instance profile dropdown menu, choose the role that has a name like EC2InstProfile. Note: To install and contigure the new instance as a web server, you provide a user data script that will automatically run when the instance launches. 66. In the User Data section, copy and paste the following: Hiei fash #70 connect to your £C2 instance and install the Apache web server with PHP (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “ Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission. Violators will be prosecuted.AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre yum update -y 45 Seenon-iimux-axtras install -y lamp-mariadbi0.2-php7.2 php?.2 66 yan install -y httpd 66 aystenctl enable httpd service Systenct start Bete 0a /ons/see nem) wget _Bttpe://ua-west-2-toprod.#3.amazonaws .con/courses/1it~r#-2005ARCHIT/¥7.9.2/Lab- 25vpc/scripts/instanceData-=1p The remaining settings on the page can be left at their default values. Task 6.10: Review the instancefaunch ‘Take a moment to review that the configuration for the Amazon EC2 instance you are about to launch is correct. 67. Locate the Summary section. 68. Choose Launch instance. The Launch an instance page is displayed. ‘Your Amazon EC2 instéribe is now launched and configured as you specified. 69. Choose View ail instances. The Amazon EC2 console is displayed. 70. Occaéionaly choose the console refresh button ané wait for Public Instance to display the Instance state as Running and wait for Status'check to pass 2/2 checks passed, Note: Thie Amazon EC? instance named Public Instance is initially in a Pending state. The instance state then changes to Running indicating that the instance has finished booting. Congratulations, you have successully jaunched an Amazon EC2 instance into a public subnet. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, a8 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 7: Connect to a public instance via HTTP In this task, you connect to the public instance and launch the basic Apache wab server page. ‘The inbound rules added earlier that allow HTTP access (port 80) will allow you to connect to the web server running Apache. 71. In the left navigation pane, choose Instances. 72. Select @ Public Instance. 73. Choose the Networking tab in the lower pane, Note: if you need to make any section of the console larger, you can resize the horizontal ‘edges of the containers displayed on the console. 74, Locate the Public IPv4 DNS value. 75. Copy the public DNS value. Do not choose the opefl address option, because HTTPS is not Set up for this lab environment. 76. Open anew browser tab and paste the publié DNS value for Public Instance in the URL address bar. The web page hosted on the Amazon E62 instance is displayed. The page displays the’ instance ID and the AWS Availability Zone where the Amazon EC2 instance is located: ‘You have successfully launched’am Apache web server in the public subnet and tested the HITTP connection. You can safely close the tab and return to the console. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 8: Connect to the Amazon EC2 instance in the public subnet via Session Manager y In this task, you connect to your Amazon EC2 instance in the public subnet using Session Manager. © Additional information: ‘Session Manager isa fully managed AWS Systems Manger capability that you use to manage your Amazon EC? instances through an interactive one-click browser-based shell or through the AWS Command Line Interface (AWS CL). You carruse Session Manager to start a session with an Amazon EC2 instance in your account. After starting the session, you can run bash commands as you would through any other connection type. 77. From the AWS Management Consolle!/use the AWS search bar to search for £c2 and then choose the service from theistof results. 78. Inthe left navigation pane, choose Instances. 79, Select @ Public in in¢e_and then choose Connect Tho Connect to instance page is displayed. 80. For Connection method, choose the Session Manager tab; © Additionalinformation: With Session Manager, you can Connect to Amazon EC2 instances ‘without néeding to expose the SSH port on your firewall or Amazon VPC security group. See AWS Systems Manager Session Manager for more information. at. Choose Connect. ‘A fiew browser tab or window opens with a.connection to the Public Instance. Note: The Session Manager service is Not updated in real time. if you experience errors with ‘Session Manager connecting to an Amazon EC2 instance you just launched, ensure that you have given the instance a few minutes to launch, pass health checks, and communicate with the ‘Session Manager service before trying to open a session connection again. 82. Enter the following command to change to the home directory (/home/ssm-user/) and test web connectivity using the CURL command. co curl ~r hetps://aws-amazon.con/training/ ‘Sample output: rre/2 200 (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, ” Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre set-cockie: aws-priveeyi2IjoxLCJ1dsT6MCwic30i0389: Version=1; Coment="Anonymous Seckie Zor peivacy regulations"; Donain-.cwe.enanca.con/ Hax-hge-31536000; Expiressgat, 14-May-2022 14:30:15 Gat) Pathe/ set-cockie: avs_lang-an/ Domain=.anazon.com; Path=/ x-frame-options? SAMEORIGIN x-contenttype-options: nosni ff eemendd-1: SHOTERMBGMPOAD HEA? Last-modified: Tue, 11 May 2022 17:39:32 Gur vary: socept-encoding, Content-Type Accept-Encoding X-Aman-CDN-Cache,X-Aman-AX- ‘Treatment User-Agent. x-eacha! Mise from cloudfront Wier Led 86561b42435740478c045¢2d00132000.cloudfront.net (CloadFront) xvamz-cf-pop: ATLS2-Cl soame-ef- Ld! 3VxbelSTLUTarddedPettep£u7 jal jQB-tgqettmmALSabU0eQoLeIw—= ‘You have successfully connected to your pubic instance using Session Manager. You can Safely close the tab and return to the console. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission. Violators will be prosecuted.AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 9: Create a NAT gateway and configure routing in the private subnet In this task, you create a NAT gateway and then create a route table to route non-local tattic to the NAT gateway. You then attach the route table to the private subnet. You can use a NAT Gateway to allow instances in a private subnet to connect to the intemet or other AWS services, but prevent the internet from initiating a connection with those instances, Note: To create a NAT gateway, you must specify the public subnet in which the NAT gateway should reside. You must also specify an Elastic IP address to associate with the NAT gateway When you create it. You cannot change the Elastic IP address after you associate it with the NAT gateway. Alter you've created a NAT gateway. you must update the Tellppl associated with one or more of your private subnets 10 point internet-bound traffic to the NAT gateway. This allows instances in your private subnets to communicate wth the internet. 83, Retum to the browser tab with the AWS Management Console ope 84. From the AWS Management Console, use the AWS search bar to search for vec and then choose the service from the list of results. / 85. Inthe left navigation pane, choose NAT Gateways. 86. Choose Create NAT gateway and configure the félowing: + Name: Enter Lab Ncw. + Subnet: Choose Public Subnet. Y Choose Allocate Elastic IP. 87. Choose Create NAT gateway. In the next step, you create a new route table for a private subne,that redirects non-local traffic to the NAT gateway. 88. In the left navigation pane, choose Route Tables. 89, Choosa))Creale route table and contigure the following: ‘© \Nam@ Enter Private Route Table. » VPC: Choose Lab VPC. 90. Choose Create route table. ‘The private route table is created and the details page for the private route table is displayed. 91. Choose the Routes tab. ‘There is currently one route that directs all traffic Jocally. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2” Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre ‘You now acd a route to send intemet-bound traffic through the NAT gateway. 92. Choose Edit routes. 93. Choose Add route and then configure the following: + Destination: Enter 9.9.0.0/0. ‘+ Target: Choose NAT Gateway in the dropdown menu and then choose the displayed NAT Gateway ID. 94. Choose Save changes. 95. Choose the Subnet Associations tab. 96. Choose Edit subnet associations. 97. Select Private Subnet. 98. Choose Save associations. This route sends intemet-bound traffic from the private subnet to the NAT gateway that is in the same Availabilty Zone. ‘a ‘You have successfully created the NAT gateway and configured the private route table, Task 10: Create asecurity group for private réSources In this task, you create a sedurty group that allows incoming HTTPS trafic rom resources assigned tothe public s6curty group © Additional infof@ation: When you specity a security group as th® source for a rule, traffic is allowed from the network interfaces that are associated with the source security group for the ‘specified port.and protocol. Incoming trafic is allowed based n the private IP addresses of the networkyintertaces that are associated with the source security group (and not the public IP or Elastic IP addresses). Adding a security group as a Spufce does not acd rules from the source seourty group. 199. Inthe left navigation pane, choose Security Groups. 100. Choose Create security groupand then configure the following: © Security group name: Enterovivate Sc. ‘© Description: Enter Ai lows|"incoming traffic to private instance using public security Sxdup. ‘+ VPC: Select the X16 clear the text box and then choose Lab VPC from the dropdown menu, 101. In the Inbound rules section, choose Add rule and configure the following: «Type: Choose HTTPS from the dropdown menu. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 4 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre ‘+ Source type: Choose Custom from the dropdown menu. * Source: In the box to the right of Custom, type 233 © Choose Public $6 from thelist. 102. In the Tags section, choose Add new tag and configure the following: «© Key: Entor vane + Value: Entor Psivate so. 103. Choose Create security group. You have successfully created the private security group (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “4 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 11: Launch an Amazon EC2 instance into a private subnet In this task, you launch an Amazon EC2 instance into a private subnet © Additional information: Private instances can route their traffic through a NAT gateway or a NAT instance to access the internet. Private instances use the public IP address of the NAT. gateway or NAT instance to traverse the internet. The NAT gateway or NAT instance allows outbound communication but doesn't allow machines on the intemet to initiate a connection to the privately addressed instances. 104. From the AWS Management Console, use the AWS search bar to search for 5¢2 and thon choose the service from the list of results. 4 Caution: This lab is designed to use the new EC2 console. Il you See New EC2 Experience in the top-left corner of your screen, ensure New EC2 Experience is Sélecied. ‘The Amazon EC2 console is displayed. Task 11.1: Begin the instance configuration 105. Choose EC2 Dashboard from the console navigation menu on the let. 106. Choose the Launch instance ¥ dropdown menu from the Launch instance section. 107. Select Launch instance trom the list? ‘The Launch an instance page is displayed. Task 11.2: Add tags'to the instance ™ In this task, you add a tag’fo the Amazon EC2 instance. 108. Locate the Name and tags section. 109. Entetibefvate tnstance in the Name field ‘This name will appear on the instance in the Amazon EC2 Management Console, No additional instance tags are required fomthis lab. Task 11.3: Select an AMI In this task, you choose an AM). The AMI contains a copy of the disk volume used to launch the instance 110. Locate the Application and OS Images (Amazon Machine Image) section. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, 2 Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre 111. Ensure that Amazon Linux is selected as the OS, 112. Ensure that Amazon Linux 2 AMI is selected in the dropdown menu. Task 11.4: Choose the Amazon EC2 instance type Each instance type allocates a specific combination of vCPUs, memory, disk storage, and network performance For this lab, use @ t3.micro instance type. This instance type has 2 vCPUs and 4 GiB of memory. 113. Locate the Instance type section. 114. Choose t3.miero from the Instance type dropdown menu. Task 11.5: Configure key pair for login 115. Locate the Key pair (login) section. 116. Choose Proceed without a key pair (Not recommended) ¥ from the Key pair name - required dropdown mon. Task 11.6: Configure instance networking 117. Locate the Network settings section. 118. Choose Edit and configure the folloling settings from the dropcown mens) ‘+ VPC - required: Choose Lab VPC, ‘+ Subnet: Choose Private Subnet! ‘+ Auto-assign public IP: Ghoose Disable. Task 11.7: Configure instance security groups 119. Choose Select existing security group 120. Chooseithe security group that has a name like Private SG from the Common security groups dropdown menu. Task 11.8: Add storage ‘You can use the Configure storage s8ttion modily ephemeral instance storage and add additional Amazon EBS disk volumes attached to the instance. You can configure the EBS volumes in size and performance? (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, « Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre In this lab, the default storage settings are all that is needed. No changes are required. Task 11.9: Configure user data 121. Locate and expand the P Advanced Details section. 122. Choose the EC2InstProfile role from the 1AM instané® profile dropdown menu. The remaining settings on the page can be left at their défault Values. Task 11.10: Review the instance‘launch ‘Take a moment to review that the configuratioa for the Amazon EC2 instance you are about to launch is correct. 123. Locate the Summary section, 124. Choose Launch instance. ‘The Launch an instance page is displayed. ‘Your Amazon EC2 instafige is fhow launched and configured as you specilied. 125. Choose Vigdilallinstances. ‘The Amazon EG2 console is displayed. ‘The Amaz6n EC2 instance name Private Instance is iftilly ina Pending state. The siate then changes to, Running, indicating that the instance has finished booting. 126 Occasionally choose the console refresh button and wait for the Instance State to change to Running. Congratulations, you have successtully aunched an Amazon EC2 instance into a private subnet. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “ Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Task 12: Connect to the Amazon EC2 instance in the private subnet In this task, you connect to the Amazon EC2 instance in the private subnet using Session Manager. 127. In the left navigation pane, choose Instances. 128. Select @ Private Instance and then choose Connect The Connect to instance page is displayed. 129. For Connection method, colect the Session Manager tab. 130. Choose Connect. ‘Anew browser tab or window opens with a connection to the Private Instance.” Noto: The Session Manager service is not updated in realtime: If you\experience errors with ‘Session Manager connecting to an Amazon EC2 instance you just lauriched, ensure that you have given the instance a few minutes to launch, pass health checks. and communicate with the ‘Session Manager service before trying to open a session corineetion again. 131. _ Enter the following command to change to the honle directory (/home/ssm-user/) and test web connectivity using the CURL command: ourl ~I httpe://awe amazon .con/training/) Sample output: J rTe/2 200 yd May 20200%14:30015 cer wrame-xid! SWOFEERODGHPOAPGETART Ret-cockie: awsepriveayd2T joxLCJ1AST6MCwi 03010389) Varhion=1) Comnant=" Anonymous Sookie for privacy regulations" ; Domain=.aws.anaxoHiGon; Max-Age~31536000; Expires=saty 14-May-2022 14:30:15 Ger; Path=/) sstocockie: Svs langron Sonain=-ananon.con),Pisiin/ Xefeame-pptions? SAMEORIGIN Sceontent=type-options: nosni ff svemnpdd- 1: SHNTERIRGHPOAP CHT EXT Laebemodi fied: Tue, 11 May 2021 17)39)32 cut ‘nccept-encoding Content-Type, Agsept-Encoding X-Aman-CDM-Cache,X-Aman-AX- wrens cf-id: 3VabsiSTinerdedr ttep tu? jal jQB-tgqetSemALSabU0sgo1sIe— (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “s Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre You have successfully connected to a private instance using Session Manager. You can safely close the tab and return to the console. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, “ Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Optional Task 1: Test connectivity to the private instance from the public instance In this optional task, you use the Internet Control Message Protocol (ICMP) to validate a private instance's network reachability from the public instance. Note: This task is optional and is provided in case you have lab time remaining. You may Complete this task or skip to the end of the lab here. 132. Return to the browser tab with the AWS Management Console open. 133. Inthe lft navigation pane, choose Instances. 134, Solect @ Private Instance. 136. On the Details tab, copy the private IPv4 address to yourcipboard. Note: To copy the private IPvé address, hover over it ané.chooge the copy icon 136. Unselect Private Instance. 137. Select @ Public instance 138. Choose Connect The Connect to instance page is displayed) 138. Select the Session Manager tab. 140. Choose Connect ‘Anew browser tab or windowlepens with a connection to the Public Instance. 141. Copy the following command to your notepad. Replace) with the value of the Private IPv4 addresses: ping , and then choose Sign out. 154. Choose End Lab. 155. Choose Submit. 156. (Optional) '* Select the applicable number of stars to rate your lab experience. © 1 star= Very dissatisfied © 2stars = Dissatisfied © 3stars = Neutral © 4 stars = Satisfied © Sstars = Very satisfied © Enter a comment. + Choose Submit. You can ciose the window if you don't want to provide feedback: (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, st Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Optional task solution 157. Return to the browser tab with the AWS Management Console open. 158. From the AWS Management Console, use the AWS search bar to search for s¢2 and then choose the service from the list of result. 159. In the left navigation pane, choose Security Groups. 160. Select & Private SG. 161. Choose Actions and then choose Edit inbound rules. 162. On the Ediit inbound rules page, in the Inbound rules, choose Add rule and configure the following: ‘+ Type: Choose Custom ICMP - IPV4. + Source: ‘© In the box to the right of Custom, type so. © Choose Public $6 from the lis. 163. Choose Save rules. 164. Select the link here to go to Optional Task and re-run the steps. The Publié Instance should now be able to successfully ping Private Instance. = (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, es Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre Additional resources © YPC Int * Subnots + dnternet gateways © Configure Route Tabi (©2023 Amazon Wb Sones, reo” ts alas. Alright reserved, s Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,AWS Traning and Cention Lab 2 Bull your Amazon VPC inrasructre For more information about AWS Training and Certification, see ttps:/aws.amazon.comraining/. Your feedback is welcome and appreciated. It you would ike to share any feedback, suggestions, or corrections, please provide the details In our AWS Training and Certification Contact Form. (© 2028 Amazon Web Sences, rc. or te alates. Alright reserved, sa Printed by: sathwickdutt [email protected], Printing is for personal, private use only. No part of this book may be reproduced or transmitted without publisher's prior permission, Violators will be prosecuted,