Lomba Kompetensi Siswa

Sekolah Menengah Kejuruan

Tingkat Nasional
Tahun 2021

Modul 1 – Initial Admission app support services

October 25, 2021

Bidang Lomba Cloud Computing

Description of project and tasks
This module is six hours - Day 1: Initial Admission app support services.
The goal of this Project is to deploy and scale an API server services and exam service
web application to support client services for Admission Apps. Today you will deploy a
highly available, scalable, and efficient web application using the nodejs server provided.
You also should be build required initial support services.
This nodejs application has service dependencies as outlined in the Technical Details
section below. This application responds well to scale as horizontal scaling. This
application will not work "out of the box". Instead, you will have six hours to get an
infrastructure rolled out and application deployment. Throughout the day it is your
responsibility to respond to any challenges that may present themselves. Once the day
has concluded, additional load testing will be conducted to determine your architecture’s
resiliency and ability to self-repair.

Tasks
1. Share you AWS pro account on this
link http://ringkas.kemdikbud.go.id/akunlksn2021.
2. Read the documentation thoroughly (Outlined below).
3. Please view and understanding the application architecture in the architecture
section.
4. Please carefully read the technical details section.
5. Please carefully read the application details.
6. Log into the AWS console.
7. Create your key pair and uploaded to this link http://tiny.cc/key_pair. Use this key
pair to each instance you created.
8. Setup your VPC configurations. You can read VPC configuration details in Networking -
Service Details section.
9. Setup a security group. You can read security additional rules in Security – Service
Details section.
10. Setup initial support services like caching, database, share storage and object
storage (S3). More details about those service is in Service Details section.
11. Setup document db. More details about it in Details Service section.
12. Deploy the client services. More details instruction in Application section. (Please read
technical details and application section for more information’s).
13. Deploy the API and exam services. More details instruction in Application section.
(Please read technical details for more information’s).
14. Setup ELB for exam and API services. Please Read Technical details for more
information’s.
15. Re-setup Public ELB to provide URL Routing.
16. Configure the client, API, and exam services to handle increasing load (See technical
detail section, what auto scale config to use for client, API, and exam services).
(a) Create and/or update the user data configuration correctly, including download
locations of the javascript code and server configuration file.
(b) Create and/or update the user data configuration to include any required local
dependencies.
17. Configure any server dependencies as outlined in the technical details.
18. Configure necessary application monitoring and metrics in CloudWatch.

1
Technical Details
1. The Admission apps is deployed as a javascript application. Do not alter the source
code both of client or API service in any way as that will be grounds for
disqualification.
2. All of application services such as client, api, and exam must be deploy in t2.small
instance type.
3. You should be prepared for 1000 concurrent request to all application service (client,
API & Exam). Be careful about overloading and watch for HTTP 503 or 404 responses
from the client and API service.
4. Public load balancer must be containing an ipv4 and ipv6 for each availability zone.
5. You should use existing public load balancer for setting up the URL routing of public
exam API. Don’t create a new public load balancer or you will lose the points.
6. API server cannot be accessible from outside as a private API.
7. Exam service can be accessible from outside as a public API.
8. While you create client service for Auto-Scaling, you are only allowed to use the
launch template for the client services. If the configuration is not following the
instruction, then you will lose the point.
9. While you create API service for Auto-Scaling, you are only allowed to use the launch
template for the API serverservices. If the configuration is not following the
instruction, then you will lose the point.
10. While you create Exam service for Auto-Scaling, you are only allowed to use the
launch template for the Exam services. If the configuration is not following the
instruction, then you will lose the point.
11. This API server requires a connection to a Redis database, a MySQL database, and a
location to store data cache and log files. More details about Redis database, MySQL
database, and location to store data cache and log files instruction at service details
section.
12. This exam service requires a connection to a mongo database as a document db.
More details about document db instruction at service details section.
13. This apps will store the assets data like pictures and documents file in S3 Bucket.
More details for the S3 instructions at S3 Service Details section.
14. This apps requires a connection to a Redis database, a MySQL database, and a
location to store data cache and log files. As the previous deployment, you can
install a Redis server, a database, and a file storage directory on each instance that
has the application deployed but that will be farless efficient than creating a
centralized solution. The more efficient you run the infrastructure, the faster your
servers will respond to requests and the more points you will earn.
15. You should be creating an additional security group follows in security Service
Details section.
16. Remember to label every service you have created like vpc, security group, ec2
instance and everything else you have created except those created automatically
like instance who has creating automatically by auto scaling. The more attentions to
the little things, more point you will earn.
17. Remember to fill each description and tag of the services to get more points.
18. The base OS that has been chosen is Amazon
Linux https://aws.amazon.com/amazon-linux-ami/. This distribution was
selected for its broad industry support, stability, availability of support and excellent
integration with AWS.

2
Architecture

The above example illustrates one possible architectural design for the deployment of
the application. This shows all required segments needed to server requests. The Url
Routing “/” to access client services and url path “/exam” to access exam services, all of
them path can be accessible from outside (public).

Application Details
The Admission Apps was developed with javascript with three services running in it.
Those services are Client services, API Server services and the additional service is Exam
services, those services have their respective functions. The Client service is used for the
front end which is to provide views and interaction between applications and users. The
API Server is used for back-end purpose which served to provide data to user through
client service. The last one is Exam service is use for public exam API. Installation
instructions of those service are below.

Pre-Requirement
All services were developed with javascript and running with nodejs for the runtime.
Firstly, you need nodejs and NPM package installed to your system. You can follows this
LKS documentation for node js installation or you can use AWS documentation
installation in aws docs, for LKS documentation you can follows below.
First of all, you need to enable node.js yum repository in your system provided by the
Node.js official website. You also need development tools to build native add-ons to be
installed on your system.

-
-- sudo yum install -y git gcc-c++ make
-

3
- curl -sL https://rpm.nodesource.com/setup_14.x | sudo -E bash -
- -
-
NPM will also be installed with node.js. If you have done with the repository, next you can
install the nodejs packages. The NPM was already installed when node js was installed.
You should clone a Admission Apps source code from git repository. Make sure you have
git package installed in your system. The git repo URL
is https://github.com/betuah/lks-apps-one.git.
Once complete, there are three folders on it with some file in the root folder, one of some
files is README.md file. You can carefully read the configuration instruction and
environment key and value of each service in README.md file. There has three folders
on it, the client, server and exam folders. Each folder represents an application service.

Note : make sure your instance is connected to the internet for running all these
instructions.

Client Services
The client services were developed with nuxt js, which is a vue js framework that runs
server-siderendering. This client services require all of dependencies
in client/package.json file in client folder of Admission Apps. You can follow the
instructions below for the details.
1. You should install all required dependencies with npm or yarn command in the client
folder.
2. Create an .env file in client folder and fill the file content as below. Note: This
environment may be able to fill on day two.
-
-- API_URL=YOUR_API_BACKEND_SERVER_HOST
-- API_EXAM_URL=YOUR_API_BACKEND_SERVER_HOST
--
-
More detail you can follows the client config Setup instruction is README.md file.
3. Use 2nd option deployment in README.md file to generate static source code.
Remember don’t use first option deployment or you will lose the points. This Gives us
the ability to host our web application on any static hosting.
4. You should need to install web server to your instance to run the static code. Use
httpd as web server.
5. The static source code will be generated in dist folder. Copy all the content of dist
folder to webserver document root.
6. If all done you can access the client apps with http://YOUR_DOMAIN in web browser.
The functionality of client service may not run properly because the API and Exam
service have not been deployed, but you can still display the application.

Note : If you have Auto-Scaling Group for these services, use launch template while build
it.

API Server Services

The API server services was developed with express js, which is a node js framework.
This API server services require all of dependencies in server/package.json file in
server folder of Admission Apps. This service requires a connection to redis as cache, s3
to store assets data, serverless database and storage to store log and file cache. You
can’t start deploying this service if those all services are not available or not running
well. More details for installation of those service at the Service Details section. You can
follow these instructions below for the API server deployment.

4
1. You should install all required dependencies with npm or yarn command in the client
folder.
2. You should create the .env file in server folder like below.

-
-- NODE_ENV=production
-- PORT=8000
-- DB_TYPE=YOUR_DATABASE_TYPE
-- MYSQL_DB=YOUR_MYSQL_DATABASE_NAME
-- MYSQL_USERNAME=YOUR_MYSQL_USERNAME
-- MYSQL_PASSWORD=YOUR_MYSQL_PASSWORD
-- MYSQL_HOST=YOUR_MYSQL_HOST
-- MYSQL_PORT=YOUR_MYSQL_PORT
-- REDIS_HOST=YOUR_REDIS_HOST
-- REDIS_PORT=YOUR_REDIS_PORT
-- REDIS_PASSWORD=YOUR_REDIS_PASSWORD
-- AWS_ACCESS_KEY=YOUR_AWS_ACCESS_KEY
-- AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS
-- AWS_BUCKET_NAME=YOUR_AWS_BUCKET_NAME
-- LOG_PATH=YOUR_LOG_FOLDER_LOCATION
-- CACHE_PATH=YOUR_CACHE_PATH_FILE_LOCATION_STORE
--
-
More detail you can follows the Server config Setup instruction in README.md file. Run
“npm run start-prod” to start API server with PM2. You can use “npm run stop-prod”
to stop it if is needed.
3. Then you can access the API endpoint at http://YOUR_API _HOST:8000/check.

Note : If you have Auto-Scaling Group for this services, use launch template while build
it.

Exam API Services

Same as API server the exam services was developed with express js. This exam service
also require all of dependencies in exam/package.json file in exam folder of Admission
Apps. This service needsto connect with mongodb as a document database. You can use
document db service on aws instead of mongodb. You can’t run this service if it fails to
connect to document db. More details about document db in Service details section. For
deploying exam service, you can follows these instruction below
1. You should install all required dependencies with npm or yarn command in the client
folder.
2. You should create document db and download the ssl into exam/ssl folder and set the
cert name in environment file.
3. You should create the .env file in exam folder like below.
-
-- NODE_ENV=production
-- PORT=9000
-- DB_TYPE=mongodb_aws
-- MONGO_DB=YOUR_MONGO_DATABASE_NAME
-- MONGO_USERNAME=YOUR_MONGO_USERNAME
-- MONGO_PASSWORD=YOUR_MONGO_PASSWORD
-- MONGO_HOST=YOUR_MONGO_HOST
-- MONGO_PORT=YOUR_MONGO_PORT
-- MONGO_CERT=YOUR_MONGO_CERT
-- LOG_PATH=YOUR_LOG_FOLDER_LOCATION
-- CACHE_PATH=YOUR_CACHE_PATH_FILE_LOCATION_STORE

5
--
-

Note : Don’t change DB_TYPE variable. More detail you can follows the Exam config
Setup instruction in README.md file.

4. Run “npm run start-prod” to start API server with PM2. You can use “npm run stop-
prod” to stop it if is needed.
5. Then you can access the Exam API endpoint using Postman software at
http://YOUR_API_HOST:9000/.
6. You can create initial dummy data with Exam API Endpoint “GET
http://YOUR_HOST:9000/exam/init”. This endpoint is used to create dummy data. You
can flush the dummy data with this Exam API endpoint “GET
http://YOUR_HOST:9000/exam/flush”. You can use “GET
http://YOUR_HOST:9000/exam/quiz” to retrieve all dummy data.

Service Details
Networking (VPC)

You have to build a network infrastructure before you start all the tasks. You should
create VPC with CIDR 172.16.0.0/20. As shown in the following topology, you must setup
VPC with the following conditions:
 Public subnet must be containing IPv4 and IPv6 subnet.
 Public subnet must have 2 Availability Zone.

6
 You should need to subnet IPv4 public for 10 IP portion for each AZ from block IP
172.16.3.0/24.
 IPv6 public subnet prefix is /64 for each AZ.
 You should be creating client private subnet with 30 IP portion for each AZ from block
IP 172.16.2.0/25.
 You should be creating server API private subnet with 30 IP portion for each AZ from
block IP 172.16.2.64/25.
 You should be creating server Exam private subnet with 50 IP portion for each AZ from
block IP 172.16.2.128/25
 You should create private subnet with 50 IP portion for each service like redis, storage
and database from block IP 172.16.0.0/23, you can determine the IP portion for each
service according to your needs.

Security
Security is an important thing that should not be pass when you are building an
infrastructure. You mustinclude the security planning on your infrastructure. The
admission apps have sensitive data such as student personal data, so you need to create
security group. You can follow these security rules below to secure the app data.
 You should create a security group that only allow tcp port 80 and 443 can be
accessible from ipv4 and ipv6 outside and don’t allow anyone to access others port
from outside. This security group will be use for public load balancer.
 You should create a security group that only allow tcp port 80 can be accessible from
public subnet.
 You should create a security group that only allow tcp port 8000 in API services can be
accessible from client services and don’t allow anyone to access the API services port.
 you should create a security group to allow exam port just can be accessible from
public subnet and client subnet
 You should create a security group that only allow serverless database can be
accessible from API service and don't allow anyone including client service to be able
to access the database port.
 You should create a security group that only allow redis cache can be accessible from
API service and don't allow anyone including client service to be able to access the
redis port.
 You should create a security group that only allow file storage can be accessible from
API service and don't allow anyone including client service to be able to access the
redis port.You can use those security groups for each service needs.
 You should create security group allow document db port can be accessible from
exam service, the default port of document db is 27017. You can use the security
group that you have created before according to yourcurrent service needs.

7
SQL Database
The API server application uses Sequelize as an ORM library that connects applications to
database services with SQL language, so you need to deploy a centralized relational
database management system (RDMS). You need to use a reliable Relational Database
Service (RDS) with a serverless conceptwith mysql 5.7 cluster engine. Increase
database capacity unit on demand automatically according to database load request.
Make sure the maximum unit capacity is no more than 32 GiB RAM to save a cost. Allows
your database Serverless cluster to set its capacity to 0 ACUs while inactive and set the
idle time to 6 Hours. Use db_campus as the database name. Once your serverless
already provisioned, you will need to create the table necessary to serve the request.
You can use the table definition below.
-
-- CREATE TABLE `majors` (
-- `majorsId` int(11) ,
- - `major_name` varchar(50),
- - PRIMARY KEY (`majorsId`)
-- );
-
-
-- CREATE TABLE `students` (
-- `studentId` varchar(40) ,
-- `fullName` varchar(50),
-- `tglLahir` date,
-- `gender` varchar(6),
-- `profilePics` varchar(255),
-- `document` varchar(255),
-- `majorsId` int(11),
-- `status` int(11),
-- PRIMARY KEY (`studentId`),
-- );
--
-
This is an example of a student and department table. You also have to fill in majors data
as a major selection for application users. You can use the definition below as master
data.
-
-- INSERT INTO `majors` VALUES (1, 'Electrical Engineering');
-- INSERT INTO `majors` VALUES (2, 'Informatics Engineering');
-- INSERT INTO `majors` VALUES (3, 'Mathematics');
- - INSERT INTO `majors` VALUES (4, 'Psychology');
-- INSERT INTO `majors` VALUES (5, 'Medical Science');
--
-
Once complete, you will need to set database environment to each server via the ".env"
files deployed to each instance.
-
-- MYSQL_DB=YOUR_MYSQL_DATABASE_NAME
-- MYSQL_USERNAME=YOUR_MYSQL_USERNAME
-- MYSQL_PASSWORD=YOUR_MYSQL_PASSWORD
-- MYSQL_HOST=YOUR_MYSQL_HOST
-- MYSQL_PORT=YOUR_MYSQL_PORT
--
-
You will need to replace the red text according to your database configuration.

8
Note : The table name is set to " majors" and “students” in the application and cannot
be changed. You will need to create the table as defined in the example.

Object Storage (S3)

This application should be use object storage to store user asset data such as pictures
and documents. You can use S3 service to store the data. You also need to consider the
security of the assets data, we don’t want that assets data such as document can be
accessible from outside of our application for bad purposed. When the user starts to
register, the application will automatically create two folders in your bucket when
registered. The folder name is pictures and documents. You can give public access to the
pictures files but not to the document files. The document files contain a sensitive data
so that data cannot be accessed using the URL object in S3. Create a bucket policy that
doesn't allow the document files to be accessed using the URL Bucket from S3. Be careful
it might be makes the client application cannot be running properly. Make sure the
application runs properly and the assets file can be accessible from the client app. You
might be getting a point deduction if the client application is not running properly. For
cost efficiency you should create s3 lifecycle rules for pictures and document folder.
Move all child files of picture and document folder with this following rules below.

 You should be set lifecycle rules to move pictures files to Standard-IA in 100 Days
 You should be set lifecycle rules to permanently delete noncurrent version of pictures
files in 14 Days
 You should be set lifecycle rules to move document files to Standard-IA in 30 Days
 You should be set lifecycle rules to move document files to Glacier in 90 Days
 You should be set lifecycle rules to permanently delete noncurrent versions of
document files in 30 days.
You have to create an access key and secret key also, so the API server services has
access to store data on S3. you should add environment variable for S3 in “.env” file in
API Service like below.
-
-- AWS_ACCESS_KEY=YOUR_AWS_ACCESS_KEY
-- AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS
-- AWS_BUCKET_NAME=YOUR_AWS_BUCKET_NAME
--
-

Note : The aws bucket name must be unique. Use this bucket name format i.e. lks-your-
name-your-province. Ex: lks-betuah-anugerah-jawa_barat.

Redis Cache
You will want to deploy a centralized Redis service for the same reasons as you want to
create a centralized database service, for efficiency. Just as with database, you can
create a per-instance deployment of Redis but that will operate slower (fewer responses
to requests) than using a centralized solution. This redis workload will be quite intensive.
The app will store any API data temporarily in redis and will be used frequently when app
requests come. Demand may increase when graduation announcements are displayed,
thus should be deployed on T2 Medium series instances. Be wise in determining
capacity, too many redis may would indicate an inefficient deployment. Use redis
capacity unit sufficiently as needed. To configure your API server application to use the
Redis service that you have deployed, the relevant portions of the environment ".env"
file are below:
-
-- REDIS_HOST=YOUR_REDIS_HOST
-- REDIS_PORT=YOUR_REDIS_PORT

9
--
-
REDIS HOST is the hostname of the Redis service provider.
REDIS PORT is the TCP port number for the service.

Document DB
The Exam service uses Mongoose as an ORM library that connects the exam service to
database services with No SQL language. Mongoose uses the document base database,
so you need to deploy a document db cluster. You need to create a document db cluster
with instance class db.r5.large with just one instance and 27017 as a ducment db port.
Don’t forget to setup user and password to be access by exam service. Once complete,
you will need to set database environment to exam services via ".env" files deployed to
each instance.
-
-- DB_TYPE=mongodb_aws
-- MONGO_DB=YOUR_MONGO_DATABASE_NAME
-- MONGO_USERNAME=YOUR_MONGO_USERNAME
-- MONGO_PASSWORD=YOUR_MONGO_PASSWORD
-- MONGO_HOST=YOUR_MONGO_HOST
-- MONGO_PORT=YOUR_MONGO_PORT
-- MONGO_CERT=YOUR_MONGO_CERT
--
-

Note : The db_type env variable must be mongodb_aws for use document db on aws
cloud.

URL Routing
You will provide a single URL that the application will use to access both of your
applications. In order to facilitate this, you will need to perform URL routing. The
application identified as “root” should run on the root of your URL. Thus, if deployed
properly, when you visit the public URL of your application.You will need to deploy the
second application named, “exam” to the URL of “/exam” off of your main URL. If your
main URL is http://server.example.com, then hitting that main site in your browser should
return the image above. Going to http://server.example.com/exam should however.You
can accomplish this by also deploying the application named “exam” to the “/exam”
suffix to your URL. The URL that you enter will receive requests on the root of your URL
as well as the “/exam” endpoint.

File Storage
A central file storage location IS NOT a requirement for the application to operate. The
application will serve some requests faster with a centralized file storage solution. As
with the previous service examples, you could look to create a centralized file storage
solution with Elastic File Storage to store log and cache file from the application. You can
use a local directory to save the log files but a shared storage solution or the ability to
share files to each instance will allow you to have centralize log file which is it will be
made maintenance process easier. File Cache need central file storage solution
forconsistency data. The relevant environment variable in the ".env" configuration file is
below:
-
-- LOG_PATH=YOUR_LOG_FOLDER_LOCATION
-- CACHE_PATH=YOUR_CACHE_PATH_FILE_LOCATION_STORE
--
-

10
CACHE_PATH is the local directory for file cache on the instance where the server
application is able to both read and write to the cache files. This can be a local directory
on the server or a remote directory mounted as a local directory on the server. The
default path storage if you not set cache environment path will store in
<your_apps_path>/server/tmp.
LOG_PATH is the local directory for store applications log on the instance where the
server application is able to both read and write to the cache files. This can be a local
directory on the server or a remote directory mounted as a local directory on the server.
The default path log storage if you not set cache environment path will store in
<your_apps_path>/server/logs.

11