Scribd
Upload
12 views4 pages

AWS Session 17

aws lectures by sunil

Uploaded by

koustub
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views4 pages

AWS Session 17

aws lectures by sunil

Uploaded by

koustub
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Session 17 - VPC Cntd….

Step 1 – Create VPC (MyVPC)


Step 2 – Create two Subnets

Subnet1 – 10.0.1.0/24 - WebSN


Subnet2 – 10.0.2.0/24 – DbSN

Step 3 – Enable Public IP to subnet1


Step 4 – Create Internet Gateway attact to VPC – MyIGW
Step 5 – Create Route Table – InternetRT
Step 6 – Attach Route table to subnet1
Step 7 – Attach Route Table to internet Gateway

Now, subnet 1 is public

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Now lets launch webserver in public domain.


Services – EC2 – Launch Instance – Step 3 , Network : MyVPC , Subnet : 10.0.1.0/24

Additional Details : User Data

#!/bin/bash
sudo su
yum update -y
yum install httpd -y
cd /var/www/html
echo "Hello Google from MyVPC">index.html
service httpd start
chkconfig httpd on

Next – Next – Name Tag : WebServer – Next – Security Group : WebSG18, Description : WebSG18

ADD RULE

Type Source
SSH Anywhere
HTTP Anywhere

Review and launch – Launch – Download Keypair – (webKP18.pem) Launch – View Instance

Kp17jan2022friday.pem

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Lets Launch Database Server in Private Subnet.


Services – EC2 – Launch Instance – Step 3 , Network : MyVPC , Subnet : 10.0.2.0/24

Name Tag DbServer – Next – Security Group : DbSG18, Description : DbSG18


DbSG18jan2022Tuesday DbSG created 2022-01-19T09:30:49.596+05:30

Change type from SSH to MYSQL/Aurora

Type Source
MYSQL/Aurora Custom 10.0.1.0/24

(MySQL port is open to entire subnet)


Review and launch – Launch – Create new Keypair – (DbKP18.pem) Launch Instances – View Instance
DbSG18jan2022Tuesday

As the DB server is in the second subnet series, we can see the IP Address (Private Ipv4 address) in will have 2. Series
(10.0.2.xx). So the machine is in the 2nd subnet.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Now, web server can pull the data from the database server.

{Note : this is the first time we are making an EC2 macine in private newwork, (we can see that tha machine has no
public Ipv4 address). They are not exposed to public. (Communication happens using public IP)
ISP (Internet Service Providers) provides th IP address to our machines

So the question is how we(or a DBA) will connect to Db server if they want to do some maintainance activity }

DBA wants to create some files. OR wants to perform maintainance activity. Can he connect ?
As the DB server is not having public IP and it is not having internet connectivity, DBA can not connect

For this we need to create Bastion Server / Jump server in public subnet. It is nothig but normal EC2 machine.

Services – EC2 – Launch – Amazon Linux  Select VPC (MyVPC) , select subnet (WebSN)

Name : Bastion Server


Security Group : BastionSG18 (BastionSG18jan2022Tuesday)
Description : BastionSG18 (BastionSG created 2022-01-19T09:53:14.215+05:30)

(SSH port should be open to myself)


Type Source
SSH My IP

Review and launch – Launch – Create new Keypair – (BastionKP18.pem)


BastionKP18jan2022Tuesday

{Now only we (DBA) can access the Bastion Server, so if we want to give access to someone else also, we can add
add rule and add Ip addredd of the other person as well }

Now only I can connect to Bastion Server through SSH.


From the Bastion server, Isohould be able to jump into Db Server.
That means, Db server SSH prot should be open to Bastion Server.

Go to Db Server Security Group – DbSG18 (in new tab)


Select DbSG – Inbound – Edit

Type Source
SSH Custom 10.0.1.xx/32 (Private IP of Bastion Server)
10.0.1.7

Save.
Now, Lets test if we can connect to DB server.

In EC2 dashboard – Select bastion server – connect


copy user@public_ip

Open putty
Host name - user@public_ip
provide PPK file -- Connect

sudo su
yum update -y
From bastion server – we need to jump to Db server.

Now, to connect to Db server, we need to enter the details of Db server in bastion server.
Select Db server -- Connect
Copy the entire SSh command.

As we are connecting from linux to linx, .pem file is enough.

Enter the SSH command in putty .


Eg : ssh -i "DbSG18jan2022Tuesday.pem" [email protected]

Note – to connect the, the .pem file need to be present in present working dorectory.

Now, we need to copy abc.pem file in bastion server.


It is there in our windows machine.

We use WINSCP to transfer the file from windows to linux.

In google search from “WinSCP”


winscp.net
download and run

Open WinSCP
we will connect to bastion server using WinSCP
host name : user@ipAddress
Advanced – authentication – private key file – select the ppk file – open – ok – login

Now drag and drop the .pem file to bastion server.

In Putty
# ls (we should be able to see the file)

Now connect to Db server by running th SSH command


# ssh -i "DbSG18jan2022Tuesday.pem" [email protected]

You are now connected to Db server

You might also like