SlideShare a Scribd company logo

AWS Workshop 101

L
lynn80827

This document provides an overview and agenda for an AWS workshop on building an application with a baked AMI. The goals are to learn how to build an application that connects to AWS services like S3 and RDS using a baked AMI, scales automatically, balances load, distributes to CDN, and uses a custom domain name. The agenda covers AWS resources like EC2, VPC, RDS, load balancing, auto scaling, S3, Route 53, CloudFront, and IAM. It also discusses tools like Packer and Terraform for building AWS resources and AMIs. The workshop will walk through building a TodoMVC application on AWS using these services and tools.

Engineering
1 of 121
AWS Workshop 101 Build up Application with Baked AMI 2018 @Lynn Lin
Goals Learn to build a application capable of ● connecting to AWS cloud storage and DB instance ● configuring application by a baked AWS machine image (AMI) ● scaling application instances automatically ● balancing load between application instances ● distributing the application onto CDN ● naming instance by a self-defined domain name
Agenda ● Introduction of AWS Resources – Elastic Compute Cloud (EC2) – Virtual Private Cloud (VPC) – Relational Database Service (RDS) – Load Balacnce – Auto Scaling – Simple Storage Service (S3) – Route 53 – CloudFront – Identity and Access Management (IAM) ● Tools to Build AWS Resources - Packer ● Building up the Service - TodoMVC ● Tools to Build AWS Resources - Terraform
Introduction of AWS Resources
Elastic Compute Cloud (EC2) ● A virtual computing instance ● Various configurations of CPU, memory, storage, and networking capacity for instances ● Secure login for an instance using one key pair Amazon Machine Image (AMI) ● The configuration to launch an instance
Virtual Private Cloud (VPC) ● A logically isolated virtual network of the AWS Cloud where AWS resources are launched ● Physical locations are composed of regions (e.g., us-west-1) and availability zones (e.g., us-west-1a, us-west-1b) Subnet ● A range of IP addresses ● Either public- or private-facing controlled by route table Security Group ● Controll inbound and outbound traffic at instance level
● Managed relational database service ● Automated backups to restore a database ● Replication with the primary instance DB Instance ● An isolated database instance in the cloud ● Supports different configurations of computation and memory capacity Subnet Group ● A VPC's IP address range to group DB instances ● Have at least two availability zones (AZ) Relational Database Service (RDS)
Parameter Group ● Configure parameters of DB engine, such as max_connections, character_set_connection ● Apply changes of static paramters after rebooting DB instance ● Apply change of dynamic parameters immediately Option Group ● Additional features for DB engine, such as memcached for MySQL Relational Database Service (RDS)
Load Balacnce ● Servce as a single point for clients ● Distribute incoming application traffic across multiple EC2 instances, in multiple availability zones ● Forward traffic only to healthy instances Classic Load Balance (ELB) ● One ELB forwards traffic on one endpoint Application Load Balance (ALB) ● One ALB forwards traffic on multiple endpoints ● EC2 instances are grouped called target groups
Auto Scaling ● Configure automatic scaling for the scalable AWS resources ● Scale EC2 instances created by launch configurations
Simple Storage Service (S3) ● A web storage used to store and retrieve data ● Store data as objects ● An object consists of a file and any metadata that describes that file Buckets ● The containers for objects
● A DNS service ● Register domain names ● Route internet traffic to the resources for your domain Hosted Zone ● Public - route traffic on the internet ● Private - route traffic within the VPC Route 53
CloudFront ● Distribute services and deliver contents through edge locations of network (collections of servers in geographically dispersed data centers) ● Cache the content in the edge locations
Identity and Access Management (IAM) ● Controll access to AWS resource securely ● Provide authentication for identities (people or processes) User ● Represent the person or service ● Primary uses are to give people ability to sign in to AWS console and make programmatic requests Group ● A collection of users ● Any user in that group automatically has the permissions that are assigned to the group
Identity and Access Management (IAM) Role ● Similar to a user but without password or access keys ● Can also be assigned to a federated user who signs in by using an external identity provider
Tools to Build AWS Resources - Packer
Introduction ● Build machine images automatically, including AWS AMI ● Code with json file which contains three parts ○ variables: from the command-line, environment variables, or files ○ builders: responsible for creating a machine and turning that machine into an image ○ provisoiners: able to install and configure software into the images ● Do NOT manage images, e.g., create instance from image or delete image
// example.json { "variables": { "aws_access_key": "", "aws_secret_key": "", "region": "us-west-2" }, "builders": [ { "type": "amazon-ebs", "access_key": "{{user `aws_access_key`}}", "secret_key": "{{user `aws_secret_key`}}", "ami_name": "packer-example-{{timestamp}}", "instance_type": "t2.micro", "region": "{{user `region`}}", "source_ami": "ami-79873901", "ssh_username": "ubuntu" } ], "provisioners": [ { "type": "shell", "script": "./example.sh" } ] } $ packer build example.json
Lifecycle - Building AWS AMI as the Example 1. Create keypair and security group to access an EC2 instance 2. Create an EC2 instance and wait until it becomes ready 3. SSH to the instance and provision 4. Stop the EC2 instance 5. Create an AMI from the instance and wait until it is available 6. Terminate the EC2 instance 7. Delete keypair and security group
Building up the Service - TodoMVC
Network
Configuration of Network Create a VPC ● Region: US West (Oregon) ● Name tag: demo-vpc ● IPv4 CIDR block: 10.0.0.0/16 ● Set DNS Hostnames as Yes after VPC is created Note. DNS resolution and DNS hostnames should be both yes to allow Route 53 private DNS
Create two private subnets where database is launched ● Name tag: demo-private-subnet-2a | demo-private-subnet-2b ● VPC: demo-vpc ● Availability Zone: us-west-2a | us-west-2b ● IPv4 CIDR block: 10.0.3.0/24 | 10.0.4.0/24 Configuration of Private Subnets Note. The subnets should be in different availability zones to make RDS works
Create two public subnets where webserver is launched ● Name tag: demo-public-subnet-2a | demo-public-subnet-2b ● VPC: demo-vpc ● Availability Zone: us-west-2a | us-west-2b ● IPv4 CIDR block: 10.0.1.0/24 | 10.0.2.0/24 Configuration of Public Subnets Note. 1. The subnets should be in different availability zones to make load balance works 2. Subnets are NOT really public until attached with internet gateway and associate with route table
Create internet gateway and attach to the VPC ● Name tag: demo-internet-gateway Create route table to associate to subnets ● Name tag: demo-public-route-table ● VPC: demo-vpc ● Routes ○ Destination: 0.0.0.0/0 ○ Target: demo-internet-gateway ● Subnet Associations: demo-public-subnet-2a and demo-public-subnet-2b Configuration of Public Subnets
Create a security group for webserver ● Name tag: demo-sg-webserver ● Group name: demo-sg-webserver ● VPC: demo-vpc ● Inbound Rules ○ Type: HTTP ○ Protocol: TCP ○ Port Range: 80 ○ Source: 0.0.0.0/0 Security of Webserver
Create a security group for database ● Name tag: demo-sg-mysql ● Group name: demo-sg-mysql ● VPC: demo-vpc ● Inbound Rules ○ Type: Custom TCP Rule ○ Protocol: TCP ○ Port Range: 3306 ○ Source: demo-sg-webserver Security of Database Note. Source can also be referred to CIDR 10.0.1.0/24 and 10.0.2.0/24 while security group of the resource is recommended for better management
Database
Configuration of Database’ Subnets Create a RDS subnet group ● Name: demo-mysql-subnet-group ● VPC ID: demo-vpc ● Subnets: 10.0.3.0/24 and 10.0.4.0/24
Configuration of Database Create a RDS instance ● Engine: MySQL ○ Check box: Free tier eligible only ● Instance Specifications ○ Check the box: Only show options that are eligible for RDS Free Tier ○ DB Instance Identifier: demo-mysql ○ Master Username: root ○ Master Password/Confirm Password: password
● Network & Security ○ VPC: demo-vpc ○ Subnet Group: demo-mysql-subnet-group ○ Publicly Accessible: No ○ VPC Security Group(s): demo-sg-mysql ● Database Options ○ Database Name: todo ○ Database Port: 3306 ● Backup ○ Backup Retention Period: 0 days Configuration of Database
Configuration of Database Engine Parameters (Optional) Create a RDS parameter group ● Parameter Group Family: mysql5.6 ● Type: DB Paramter Group ● Group Name: demo-mysql-parameter ● Edit the mysql parameters after the group is created
Configuration of Database Engine Features (Optional) Create a RDS option group ● Name: demo-mysql-option ● Engine: mysql ● Major Engine Version: 5.6 ● Add option after the group is created
Private Alias for Domain Name of Database Create hosted zone under Route 53 ● Domain Name: lynn.demo ● Type: Private Hosted Zone for Amazon VPC ● VPC ID: demo-vpc Create record set under hosted zone ● Name: db ● Type: CNAME ● Value: endpoint of RDS demo-mysql
File Storage & CDN
File storage for images Create S3 bucket ● Bucket Name: demo-todo-image ● Region: US West (Oregon)
CDN for Files Storing in S3 Create distribution under Cloudfront ● Get started with Web ● Origin Settings ○ Origin Domain Name: demo-todo-image.s3.amazonaws.com ○ Origin ID: S3-demo-todo-image ● Default Cache Behavior Settings ○ Viewer Protocol Policy: Redirect HTTP to HTTPS ○ Object Caching: Customize ○ Minimum TTL: 0 ○ Maximmum TTL: 300 ○ Default TTL: 60 ● Distribution Settings ○ Price Class: Use Only US, Canada and Europe
Instance Profile
Authentication for Webserver to Access S3 Create an IAM policy ● Name: demoS3FullAccessToDemoTodoImage ● By visual editor ○ Service: S3 ○ Actions: All S3 actions (s3:*) ○ Resources: arn:aws:s3:::demo-todo-image/*
Authentication for Webserver to Access S3 ● By json { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::demo-todo-image/*" } ] }
Authentication for Webserver to Access S3 Create an IAM role with the policy attached ● Trusted entities: AWS service: ec2.amazonaws.com ● Policies: demoS3FullAccessToDemoTodoImage ● Role Name: demoInstanceRoleAccessS3
Instance Machine Image
Machine Image for EC2 Instance Create AMI manually by AWS console ● Launch an t2.micro EC2 instance of linux ubuntu ● SSH to the instance and execute script ● Back to the AWS console and create an image ● AMI name: demo-laravel-todo
Machine Image for EC2 Instance Create AMI automatically by packer ● Create an access key for packer to grant corresponding authorities ● Clone the packer-example project and follow the instructions to run
Application Load Balance & Auto Scaling
Load Balance Between Webserver Instances Create target group for with empty instance ● Target group name: demo-target-group-webserver ● Protocol: HTTP ● Port: 80 ● Target Type: instance ● VPC: demo-vpc
Create application load balance (ALB) ● Name: demo-alb-webserver ● Scheme: internet-facing ● IP address type: ipv4 ● Listeners ○ Load Balancer Protocol: HTTP ○ Load Balancer Port: 80 ● Availability zones: demo-public-subnet-2a and demo-public-subnet-2b ● Security groups: demo-sg-webserver ● Target group name: demo-target-group-webserver ● Skip the step of registering targets Load Balance Between Webserver Instances
(Optional) Edit the forwarding rules of listeners ● Listen differnt port and forward to different target group ● Define mulitple rules of forwarding in one listening port Load Balance Between Webserver Instances
Create launch configuration for EC2 instances to be scaled ● AMI: demo-laravel-todo of My AMIs ● Instance Type: t2.micro ● Launch configuration ○ Name: demo-launch-laravel-todo ○ IAM Role: demoInstanceRoleAccessS3 ○ User data: paste the script and replace the value of IMAGE_S3_BUCKET and IMAGE_DOMAIN ○ IP Address Type: Assign a public IP address to every instances ● Security group: demo-sg-webserver Auto Scaling of Websever Instances
Auto Scaling of Websever Instances Create auto scaling group to manage EC2 instances ● Launch configuration: demo-launch-laravel-todo ● Group name: demo-asg-laravel-todo ● Group size: 2 ● Netwrok: demo-vpc ● Subnet: demo-public-subnet-2a and demo-public-subnet-2b ● Load Balancing: Receive traffic from one or more load balancers ● Target Groups: demo-target-group-webserver ● Scaling policies: Keep this group at its initial size
Auto Scaling of Websever Instances (Optional) Set scaling policies for EC2 instances ● Two types of scaling policies ○ Maintain the load on a target value ■ Mantain the average CPU utilization on 50% ○ Increase or decrease a number of instances step by step when the load reaches a threshold ■ Increase 1 instance when average CPU utilization larger than 70%
Create distribution under Cloudfront ● Get started with Web ● Origin Settings ○ Origin Domain Name: demo-alb-webserver-xxx.us-west-2.elb.amazonaws.com ○ Origin ID: ALB-demo-alb-webserver CDN for Webserver
● Default Cache Behavior Settings ○ Viewer Protocol Policy: Redirect HTTP to HTTPS ○ Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE ○ Object Caching: Customize ○ Minimum TTL: 0 ○ Maximmum TTL: 0 ○ Default TTL: 0 ● Distribution Settings ○ Price Class: Use Only US, Canada and Europe CDN for Webserver
Tools to Build AWS Resources - Terraform
Introduction ● Code the infrastructure to build, change and version resources, including AWS VPC, S3, EC2 etc. ● Code with terraform file (.tf) which contains two parts: ○ provider: infrastructure service provider ○ resource: infrastructure component ● Use a json file (terraform.tfstatus) as the infrastrucuture’s current status ● Do not rollback resources when the build fails
Lifecycle 1. Validate the configuration (.tf) 2. Compare the current status (.tfstate) and configuration (.tf) 3. Build the resources according to the compared result 4. Gernerate the new status (.tfstate) after build successes
1. Download all files (.tf and .tpl) in the folder, CreateALaravelProjectBuiltByAMI of terraform-example 2. Install terraform 3. Create a variable file named terraform.tfvars in the same folder // terraform.tfvars access_key = "your aws access key" secret_key = "your aws secret key" ami = "ami id of todoMVC" Steps Note. Make sure the IAM user has corresponding authority to access AWS resources
4. Execute the commands to create resources 5. Check the result after build is completed 6. Execute the command to remove all resources Steps $ terraform init $ terraform apply $ terraform destroy
To Be Continued in AWS 102

Recommended

Cloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsCloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsMarcos García
 
Welcome to icehouse
Welcome to icehouseWelcome to icehouse
Welcome to icehouseMarcos García
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSAllice Shandler
 
Open stack and k8s(v4)
Open stack and k8s(v4)Open stack and k8s(v4)
Open stack and k8s(v4)H K Yoon
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for dockerAnanth Padmanabhan
 
Storage as a service and OpenStack Cinder
Storage as a service and OpenStack CinderStorage as a service and OpenStack Cinder
Storage as a service and OpenStack Cinderopenstackindia
 
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Lucas Jellema
 
Running database infrastructure on containers
Running database infrastructure on containersRunning database infrastructure on containers
Running database infrastructure on containersMariaDB plc
 

Recommended

Cloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsCloud economics design, capacity and operational concerns
Cloud economics design, capacity and operational concernsMarcos García
 
Welcome to icehouse
Welcome to icehouseWelcome to icehouse
Welcome to icehouseMarcos García
 
Using Active Directory in AWS
Using Active Directory in AWSUsing Active Directory in AWS
Using Active Directory in AWSAllice Shandler
 
Open stack and k8s(v4)
Open stack and k8s(v4)Open stack and k8s(v4)
Open stack and k8s(v4)H K Yoon
 
Multi tenancy for docker
Multi tenancy for dockerMulti tenancy for docker
Multi tenancy for dockerAnanth Padmanabhan
 
Storage as a service and OpenStack Cinder
Storage as a service and OpenStack CinderStorage as a service and OpenStack Cinder
Storage as a service and OpenStack Cinderopenstackindia
 
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016
Soaring through the Clouds - Oracle Fusion Middleware Partner Forum 2016 Lucas Jellema
 
Running database infrastructure on containers
Running database infrastructure on containersRunning database infrastructure on containers
Running database infrastructure on containersMariaDB plc
 
Cloud stack design camp on jun 15
Cloud stack design camp on jun 15Cloud stack design camp on jun 15
Cloud stack design camp on jun 15Isaac Chiang
 
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowOpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowEd Balduf
 
M|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at NokiaM|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at NokiaMariaDB plc
 
Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Lucas Jellema
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstackFramgia Vietnam
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginnersRadhika Puthiyetath
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackMicrosoft
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStackJoe Brockmeier
 
Cloud OS development
Cloud OS developmentCloud OS development
Cloud OS developmentSean Chang
 
How To Scale v2
How To Scale v2How To Scale v2
How To Scale v2Georgio_1999
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentationSankalp Jain
 
OpenStack Storage Overview
OpenStack Storage OverviewOpenStack Storage Overview
OpenStack Storage OverviewBharat Kumar Kobagana
 
MongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTigerMongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTigerValeri Karpov
 
Using Content Delivery Networks with Drupal
Using Content Delivery Networks with DrupalUsing Content Delivery Networks with Drupal
Using Content Delivery Networks with Drupalcgmonroe
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
 
Turning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformTurning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformOpenStack_Online
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
Apache Libcloud
Apache LibcloudApache Libcloud
Apache LibcloudSebastien Goasguen
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
 
Introducing OpenStack for Beginners
Introducing OpenStack for Beginners Introducing OpenStack for Beginners
Introducing OpenStack for Beginners openstackindia
 
AWS Workshop 102
AWS Workshop 102AWS Workshop 102
AWS Workshop 102lynn80827
 
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Alexey Bokov
 

More Related Content

What's hot

Cloud stack design camp on jun 15
Cloud stack design camp on jun 15Cloud stack design camp on jun 15
Cloud stack design camp on jun 15Isaac Chiang
 
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowOpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowEd Balduf
 
M|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at NokiaM|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at NokiaMariaDB plc
 
Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Lucas Jellema
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstackFramgia Vietnam
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackMicrosoft
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStackJoe Brockmeier
 
Cloud OS development
Cloud OS developmentCloud OS development
Cloud OS developmentSean Chang
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentationSankalp Jain
 
MongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTigerMongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTigerValeri Karpov
 
Using Content Delivery Networks with Drupal
Using Content Delivery Networks with DrupalUsing Content Delivery Networks with Drupal
Using Content Delivery Networks with Drupalcgmonroe
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsGlobus
 
Turning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformTurning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformOpenStack_Online
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayArthur Berezin
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus
 
Introducing OpenStack for Beginners
Introducing OpenStack for Beginners Introducing OpenStack for Beginners
Introducing OpenStack for Beginners openstackindia
 

What's hot (20)

Cloud stack design camp on jun 15
Cloud stack design camp on jun 15Cloud stack design camp on jun 15
Cloud stack design camp on jun 15
 
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowOpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
 
M|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at NokiaM|18 Creating a Reference Architecture for High Availability at Nokia
M|18 Creating a Reference Architecture for High Availability at Nokia
 
Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)Introducing Node.js in an Oracle technology environment (including hands-on)
Introducing Node.js in an Oracle technology environment (including hands-on)
 
Build public private cloud using openstack
Build public private cloud using openstackBuild public private cloud using openstack
Build public private cloud using openstack
 
Cloud stack for_beginners
Cloud stack for_beginnersCloud stack for_beginners
Cloud stack for_beginners
 
Cloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: OpenstackCloud Architect Alliance #15: Openstack
Cloud Architect Alliance #15: Openstack
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStack
 
Cloud OS development
Cloud OS developmentCloud OS development
Cloud OS development
 
How To Scale v2
How To Scale v2How To Scale v2
How To Scale v2
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
 
OpenStack Storage Overview
OpenStack Storage OverviewOpenStack Storage Overview
OpenStack Storage Overview
 
MongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTigerMongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
MongoDB Miami Meetup 1/26/15: Introduction to WiredTiger
 
Using Content Delivery Networks with Drupal
Using Content Delivery Networks with DrupalUsing Content Delivery Networks with Drupal
Using Content Delivery Networks with Drupal
 
Tutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System AdministratorsTutorial: Introduction to Globus for System Administrators
Tutorial: Introduction to Globus for System Administrators
 
Turning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platformTurning OpenStack Swift into a VM storage platform
Turning OpenStack Swift into a VM storage platform
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech dayOpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
Apache Libcloud
Apache LibcloudApache Libcloud
Apache Libcloud
 
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 TutorialGlobus Endpoint Setup and Configuration - XSEDE14 Tutorial
Globus Endpoint Setup and Configuration - XSEDE14 Tutorial
 
Introducing OpenStack for Beginners
Introducing OpenStack for Beginners Introducing OpenStack for Beginners
Introducing OpenStack for Beginners
 

Similar to AWS Workshop 101

AWS Workshop 102
AWS Workshop 102AWS Workshop 102
AWS Workshop 102lynn80827
 
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Alexey Bokov
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12Chris Shenton
 
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...Amazon Web Services
 
Running your First Application on AWS
Running your First Application on AWSRunning your First Application on AWS
Running your First Application on AWSAmazon Web Services
 
Scaling drupal horizontally and in cloud
Scaling drupal horizontally and in cloudScaling drupal horizontally and in cloud
Scaling drupal horizontally and in cloudVladimir Ilic
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07Heitor Vital
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAmazon Web Services
 
Lessons from migrating container applications to azure
Lessons from migrating container applications to azureLessons from migrating container applications to azure
Lessons from migrating container applications to azureChristoph Schittko
 
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...Serverless Optical Character Recognition in support of Astronaut Safety AWS M...
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...Chris Shenton
 
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...Chris Shenton
 
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...Amazon Web Services
 
AcademyCloudFoundations_Module_08 (1).pptx
AcademyCloudFoundations_Module_08 (1).pptxAcademyCloudFoundations_Module_08 (1).pptx
AcademyCloudFoundations_Module_08 (1).pptxrawwatchtime
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWSGrant Ellis
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWSGrant Ellis
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...WebStackAcademy
 

Similar to AWS Workshop 101 (20)

AWS Workshop 102
AWS Workshop 102AWS Workshop 102
AWS Workshop 102
 
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12
Serverless OCR for NASA EVA: AWS Meetup DC 2017-12-12
 
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...
Customer Case Study: Land Registry as a Service in the Cloud - AWS PS Summit ...
 
AWS Training.pdf
AWS Training.pdfAWS Training.pdf
AWS Training.pdf
 
AWS Training.pdf
AWS Training.pdfAWS Training.pdf
AWS Training.pdf
 
Running your First Application on AWS
Running your First Application on AWSRunning your First Application on AWS
Running your First Application on AWS
 
Scaling drupal horizontally and in cloud
Scaling drupal horizontally and in cloudScaling drupal horizontally and in cloud
Scaling drupal horizontally and in cloud
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07
 
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS CloudAWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
AWS Webcast - Deploying Remote Desktop Gateway on the AWS Cloud
 
Lessons from migrating container applications to azure
Lessons from migrating container applications to azureLessons from migrating container applications to azure
Lessons from migrating container applications to azure
 
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...Serverless Optical Character Recognition in support of Astronaut Safety AWS M...
Serverless Optical Character Recognition in support of Astronaut Safety AWS M...
 
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...
Deploying Serverless Cloud Optical Character Recognition in Support of NASA A...
 
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
AWS Webcast - AWS Webinar Series for Education #3 - Discover the Ease of AWS ...
 
AcademyCloudFoundations_Module_08 (1).pptx
AcademyCloudFoundations_Module_08 (1).pptxAcademyCloudFoundations_Module_08 (1).pptx
AcademyCloudFoundations_Module_08 (1).pptx
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Kubernetes on AWS
Kubernetes on AWSKubernetes on AWS
Kubernetes on AWS
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 1...
 

Recently uploaded

Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startQuintin Balsdon
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoordharasingh5698
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueBhangaleSonal
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptNANDHAKUMARA10
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 

Recently uploaded (20)

Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoorTop Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 

AWS Workshop 101

  • 1. AWS Workshop 101 Build up Application with Baked AMI 2018 @Lynn Lin
  • 2. Goals Learn to build a application capable of ● connecting to AWS cloud storage and DB instance ● configuring application by a baked AWS machine image (AMI) ● scaling application instances automatically ● balancing load between application instances ● distributing the application onto CDN ● naming instance by a self-defined domain name
  • 3. Agenda ● Introduction of AWS Resources – Elastic Compute Cloud (EC2) – Virtual Private Cloud (VPC) – Relational Database Service (RDS) – Load Balacnce – Auto Scaling – Simple Storage Service (S3) – Route 53 – CloudFront – Identity and Access Management (IAM) ● Tools to Build AWS Resources - Packer ● Building up the Service - TodoMVC ● Tools to Build AWS Resources - Terraform
  • 5. Elastic Compute Cloud (EC2) ● A virtual computing instance ● Various configurations of CPU, memory, storage, and networking capacity for instances ● Secure login for an instance using one key pair Amazon Machine Image (AMI) ● The configuration to launch an instance
  • 6. Virtual Private Cloud (VPC) ● A logically isolated virtual network of the AWS Cloud where AWS resources are launched ● Physical locations are composed of regions (e.g., us-west-1) and availability zones (e.g., us-west-1a, us-west-1b) Subnet ● A range of IP addresses ● Either public- or private-facing controlled by route table Security Group ● Controll inbound and outbound traffic at instance level
  • 7. ● Managed relational database service ● Automated backups to restore a database ● Replication with the primary instance DB Instance ● An isolated database instance in the cloud ● Supports different configurations of computation and memory capacity Subnet Group ● A VPC's IP address range to group DB instances ● Have at least two availability zones (AZ) Relational Database Service (RDS)
  • 8. Parameter Group ● Configure parameters of DB engine, such as max_connections, character_set_connection ● Apply changes of static paramters after rebooting DB instance ● Apply change of dynamic parameters immediately Option Group ● Additional features for DB engine, such as memcached for MySQL Relational Database Service (RDS)
  • 9. Load Balacnce ● Servce as a single point for clients ● Distribute incoming application traffic across multiple EC2 instances, in multiple availability zones ● Forward traffic only to healthy instances Classic Load Balance (ELB) ● One ELB forwards traffic on one endpoint Application Load Balance (ALB) ● One ALB forwards traffic on multiple endpoints ● EC2 instances are grouped called target groups
  • 10. Auto Scaling ● Configure automatic scaling for the scalable AWS resources ● Scale EC2 instances created by launch configurations
  • 11. Simple Storage Service (S3) ● A web storage used to store and retrieve data ● Store data as objects ● An object consists of a file and any metadata that describes that file Buckets ● The containers for objects
  • 12. ● A DNS service ● Register domain names ● Route internet traffic to the resources for your domain Hosted Zone ● Public - route traffic on the internet ● Private - route traffic within the VPC Route 53
  • 13. CloudFront ● Distribute services and deliver contents through edge locations of network (collections of servers in geographically dispersed data centers) ● Cache the content in the edge locations
  • 14. Identity and Access Management (IAM) ● Controll access to AWS resource securely ● Provide authentication for identities (people or processes) User ● Represent the person or service ● Primary uses are to give people ability to sign in to AWS console and make programmatic requests Group ● A collection of users ● Any user in that group automatically has the permissions that are assigned to the group
  • 15. Identity and Access Management (IAM) Role ● Similar to a user but without password or access keys ● Can also be assigned to a federated user who signs in by using an external identity provider
  • 16. Tools to Build AWS Resources - Packer
  • 17. Introduction ● Build machine images automatically, including AWS AMI ● Code with json file which contains three parts ○ variables: from the command-line, environment variables, or files ○ builders: responsible for creating a machine and turning that machine into an image ○ provisoiners: able to install and configure software into the images ● Do NOT manage images, e.g., create instance from image or delete image
  • 18. // example.json { "variables": { "aws_access_key": "", "aws_secret_key": "", "region": "us-west-2" }, "builders": [ { "type": "amazon-ebs", "access_key": "{{user `aws_access_key`}}", "secret_key": "{{user `aws_secret_key`}}", "ami_name": "packer-example-{{timestamp}}", "instance_type": "t2.micro", "region": "{{user `region`}}", "source_ami": "ami-79873901", "ssh_username": "ubuntu" } ], "provisioners": [ { "type": "shell", "script": "./example.sh" } ] } $ packer build example.json
  • 19. Lifecycle - Building AWS AMI as the Example 1. Create keypair and security group to access an EC2 instance 2. Create an EC2 instance and wait until it becomes ready 3. SSH to the instance and provision 4. Stop the EC2 instance 5. Create an AMI from the instance and wait until it is available 6. Terminate the EC2 instance 7. Delete keypair and security group
  • 20. Building up the Service - TodoMVC
  • 21.
  • 22.
  • 24. Configuration of Network Create a VPC ● Region: US West (Oregon) ● Name tag: demo-vpc ● IPv4 CIDR block: 10.0.0.0/16 ● Set DNS Hostnames as Yes after VPC is created Note. DNS resolution and DNS hostnames should be both yes to allow Route 53 private DNS
  • 25.
  • 26.
  • 27. Create two private subnets where database is launched ● Name tag: demo-private-subnet-2a | demo-private-subnet-2b ● VPC: demo-vpc ● Availability Zone: us-west-2a | us-west-2b ● IPv4 CIDR block: 10.0.3.0/24 | 10.0.4.0/24 Configuration of Private Subnets Note. The subnets should be in different availability zones to make RDS works
  • 28.
  • 29.
  • 30. Create two public subnets where webserver is launched ● Name tag: demo-public-subnet-2a | demo-public-subnet-2b ● VPC: demo-vpc ● Availability Zone: us-west-2a | us-west-2b ● IPv4 CIDR block: 10.0.1.0/24 | 10.0.2.0/24 Configuration of Public Subnets Note. 1. The subnets should be in different availability zones to make load balance works 2. Subnets are NOT really public until attached with internet gateway and associate with route table
  • 31.
  • 32.
  • 33. Create internet gateway and attach to the VPC ● Name tag: demo-internet-gateway Create route table to associate to subnets ● Name tag: demo-public-route-table ● VPC: demo-vpc ● Routes ○ Destination: 0.0.0.0/0 ○ Target: demo-internet-gateway ● Subnet Associations: demo-public-subnet-2a and demo-public-subnet-2b Configuration of Public Subnets
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39. Create a security group for webserver ● Name tag: demo-sg-webserver ● Group name: demo-sg-webserver ● VPC: demo-vpc ● Inbound Rules ○ Type: HTTP ○ Protocol: TCP ○ Port Range: 80 ○ Source: 0.0.0.0/0 Security of Webserver
  • 40.
  • 41.
  • 42. Create a security group for database ● Name tag: demo-sg-mysql ● Group name: demo-sg-mysql ● VPC: demo-vpc ● Inbound Rules ○ Type: Custom TCP Rule ○ Protocol: TCP ○ Port Range: 3306 ○ Source: demo-sg-webserver Security of Database Note. Source can also be referred to CIDR 10.0.1.0/24 and 10.0.2.0/24 while security group of the resource is recommended for better management
  • 43.
  • 44.
  • 46. Configuration of Database’ Subnets Create a RDS subnet group ● Name: demo-mysql-subnet-group ● VPC ID: demo-vpc ● Subnets: 10.0.3.0/24 and 10.0.4.0/24
  • 47.
  • 48. Configuration of Database Create a RDS instance ● Engine: MySQL ○ Check box: Free tier eligible only ● Instance Specifications ○ Check the box: Only show options that are eligible for RDS Free Tier ○ DB Instance Identifier: demo-mysql ○ Master Username: root ○ Master Password/Confirm Password: password
  • 49. ● Network & Security ○ VPC: demo-vpc ○ Subnet Group: demo-mysql-subnet-group ○ Publicly Accessible: No ○ VPC Security Group(s): demo-sg-mysql ● Database Options ○ Database Name: todo ○ Database Port: 3306 ● Backup ○ Backup Retention Period: 0 days Configuration of Database
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. Configuration of Database Engine Parameters (Optional) Create a RDS parameter group ● Parameter Group Family: mysql5.6 ● Type: DB Paramter Group ● Group Name: demo-mysql-parameter ● Edit the mysql parameters after the group is created
  • 55.
  • 56.
  • 57. Configuration of Database Engine Features (Optional) Create a RDS option group ● Name: demo-mysql-option ● Engine: mysql ● Major Engine Version: 5.6 ● Add option after the group is created
  • 58.
  • 59.
  • 60. Private Alias for Domain Name of Database Create hosted zone under Route 53 ● Domain Name: lynn.demo ● Type: Private Hosted Zone for Amazon VPC ● VPC ID: demo-vpc Create record set under hosted zone ● Name: db ● Type: CNAME ● Value: endpoint of RDS demo-mysql
  • 61.
  • 62.
  • 63.
  • 65. File storage for images Create S3 bucket ● Bucket Name: demo-todo-image ● Region: US West (Oregon)
  • 66.
  • 67. CDN for Files Storing in S3 Create distribution under Cloudfront ● Get started with Web ● Origin Settings ○ Origin Domain Name: demo-todo-image.s3.amazonaws.com ○ Origin ID: S3-demo-todo-image ● Default Cache Behavior Settings ○ Viewer Protocol Policy: Redirect HTTP to HTTPS ○ Object Caching: Customize ○ Minimum TTL: 0 ○ Maximmum TTL: 300 ○ Default TTL: 60 ● Distribution Settings ○ Price Class: Use Only US, Canada and Europe
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 75. Authentication for Webserver to Access S3 Create an IAM policy ● Name: demoS3FullAccessToDemoTodoImage ● By visual editor ○ Service: S3 ○ Actions: All S3 actions (s3:*) ○ Resources: arn:aws:s3:::demo-todo-image/*
  • 76.
  • 77. Authentication for Webserver to Access S3 ● By json { "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::demo-todo-image/*" } ] }
  • 78.
  • 79.
  • 80. Authentication for Webserver to Access S3 Create an IAM role with the policy attached ● Trusted entities: AWS service: ec2.amazonaws.com ● Policies: demoS3FullAccessToDemoTodoImage ● Role Name: demoInstanceRoleAccessS3
  • 81.
  • 83. Machine Image for EC2 Instance Create AMI manually by AWS console ● Launch an t2.micro EC2 instance of linux ubuntu ● SSH to the instance and execute script ● Back to the AWS console and create an image ● AMI name: demo-laravel-todo
  • 84.
  • 85.
  • 86. Machine Image for EC2 Instance Create AMI automatically by packer ● Create an access key for packer to grant corresponding authorities ● Clone the packer-example project and follow the instructions to run
  • 87.
  • 88. Application Load Balance & Auto Scaling
  • 89. Load Balance Between Webserver Instances Create target group for with empty instance ● Target group name: demo-target-group-webserver ● Protocol: HTTP ● Port: 80 ● Target Type: instance ● VPC: demo-vpc
  • 90.
  • 91.
  • 92. Create application load balance (ALB) ● Name: demo-alb-webserver ● Scheme: internet-facing ● IP address type: ipv4 ● Listeners ○ Load Balancer Protocol: HTTP ○ Load Balancer Port: 80 ● Availability zones: demo-public-subnet-2a and demo-public-subnet-2b ● Security groups: demo-sg-webserver ● Target group name: demo-target-group-webserver ● Skip the step of registering targets Load Balance Between Webserver Instances
  • 93.
  • 94.
  • 95.
  • 96.
  • 97.
  • 98.
  • 99. (Optional) Edit the forwarding rules of listeners ● Listen differnt port and forward to different target group ● Define mulitple rules of forwarding in one listening port Load Balance Between Webserver Instances
  • 100.
  • 101.
  • 102. Create launch configuration for EC2 instances to be scaled ● AMI: demo-laravel-todo of My AMIs ● Instance Type: t2.micro ● Launch configuration ○ Name: demo-launch-laravel-todo ○ IAM Role: demoInstanceRoleAccessS3 ○ User data: paste the script and replace the value of IMAGE_S3_BUCKET and IMAGE_DOMAIN ○ IP Address Type: Assign a public IP address to every instances ● Security group: demo-sg-webserver Auto Scaling of Websever Instances
  • 103.
  • 104.
  • 105. Auto Scaling of Websever Instances Create auto scaling group to manage EC2 instances ● Launch configuration: demo-launch-laravel-todo ● Group name: demo-asg-laravel-todo ● Group size: 2 ● Netwrok: demo-vpc ● Subnet: demo-public-subnet-2a and demo-public-subnet-2b ● Load Balancing: Receive traffic from one or more load balancers ● Target Groups: demo-target-group-webserver ● Scaling policies: Keep this group at its initial size
  • 106.
  • 107.
  • 108.
  • 109. Auto Scaling of Websever Instances (Optional) Set scaling policies for EC2 instances ● Two types of scaling policies ○ Maintain the load on a target value ■ Mantain the average CPU utilization on 50% ○ Increase or decrease a number of instances step by step when the load reaches a threshold ■ Increase 1 instance when average CPU utilization larger than 70%
  • 110.
  • 111. Create distribution under Cloudfront ● Get started with Web ● Origin Settings ○ Origin Domain Name: demo-alb-webserver-xxx.us-west-2.elb.amazonaws.com ○ Origin ID: ALB-demo-alb-webserver CDN for Webserver
  • 112. ● Default Cache Behavior Settings ○ Viewer Protocol Policy: Redirect HTTP to HTTPS ○ Allowed HTTP Methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE ○ Object Caching: Customize ○ Minimum TTL: 0 ○ Maximmum TTL: 0 ○ Default TTL: 0 ● Distribution Settings ○ Price Class: Use Only US, Canada and Europe CDN for Webserver
  • 113.
  • 114.
  • 115.
  • 116. Tools to Build AWS Resources - Terraform
  • 117. Introduction ● Code the infrastructure to build, change and version resources, including AWS VPC, S3, EC2 etc. ● Code with terraform file (.tf) which contains two parts: ○ provider: infrastructure service provider ○ resource: infrastructure component ● Use a json file (terraform.tfstatus) as the infrastrucuture’s current status ● Do not rollback resources when the build fails
  • 118. Lifecycle 1. Validate the configuration (.tf) 2. Compare the current status (.tfstate) and configuration (.tf) 3. Build the resources according to the compared result 4. Gernerate the new status (.tfstate) after build successes
  • 119. 1. Download all files (.tf and .tpl) in the folder, CreateALaravelProjectBuiltByAMI of terraform-example 2. Install terraform 3. Create a variable file named terraform.tfvars in the same folder // terraform.tfvars access_key = "your aws access key" secret_key = "your aws secret key" ami = "ami id of todoMVC" Steps Note. Make sure the IAM user has corresponding authority to access AWS resources
  • 120. 4. Execute the commands to create resources 5. Check the result after build is completed 6. Execute the command to remove all resources Steps $ terraform init $ terraform apply $ terraform destroy
  • 121. To Be Continued in AWS 102