AWS Part-2

 What is AWS EC2 ?

Amazon EC2 provides scalable computing capacity in the AWS cloud.EC2 makes life easier for developers by providing secure, and resizable compute capacity in the cloud.Users can launch virtual servers, configure security and networking, and manage cookies from an intuitive dashboard. 

 

Why EC2 ? 

1. You don’t require any hardware units
2. Easily scalable (up or down)
3. You only pay for what you use
4. You have complete control
5. Highly secure
6. You can access your assets from anywhere in the world 

Here’s how:

 

1. Create an AWS account 

2. Set up an EC2 instance 

If at some point in the future, you wanted to create an application using the resources you’ve stored on S3, you’ll need to create an instance EC2.

2a) Choosing an AMI (Amazon Machine Image):

An AMI is a template that is used to create a new instance—or virtual machine—based on user requirements. The AMI will contain information about the software, operating system, volume, and access permissions. There are two types of AMIs:

i) Predefined AMIs: Amazon creates these, and the user can modify them.

ii) Custom AMIs: The user also creates these, and they can be reused. These AMIs are also available in the AMI Marketplace 

2b) Choosing an instance type:

An instance type specifies the hardware specifications that are required in the machine from the previous step. Instance types belong to five main families:

i) Compute-optimized: For situations that require a lot of processing power 

ii) Memory-optimized: For setting up something to do with your in-memory cache

iii) GPU optimized: For setting up a gaming system, or something with the requirement of a large graphic

iv) Storage optimized: When you need to set up a storage server

v) General-purpose: When everything is equally balanced

Instance types are fixed, and their configurations cannot be altered. 

2c) Configure Instance:

You have to specify the number of instances, purchasing options, the kind of network, the subnet, assign a public IP, set the IAM role, the shutdown behavior, etc. On that note, stopping the system and terminating the system under ‘Shutdown behavior’ are completely different things.

Stopping = Temporarily shutting down the system

Terminating = Returning control to Amazon

Under the advanced details, users can also add bootstrap scripts that are executed when the virtual machine starts up. It also offers multiple payment options, such as: 

i) On-demand instances: Can be launched whenever the user requires normal rates

ii) Reserved instances: These instances are reserved for one year or three years. The entire amount has to be paid upfront or over a span of a few months.

iii) Spot instances: Bidding goes to the bidder with the highest bid. These instances are available at a lesser cost than on-demand instances.

2d) Adding Storage: 

You’re tasked with deciding the type of storage, which could be: 

i) Ephemeral Storage (temporary and free)  

ii) Amazon Elastic Block Store (permanent and paid) 

iii) Amazon S3

2e) Adding tags: 

This helps to identify instances more quickly. 

2f) Configuring security groups: 

These are used to specify rules based on which users are given access to the EC2 instance. You set up the type of security, protocol, the port range, and source (from where the incoming traffic is coming from). Incoming traffic has to be explicitly specified, and outgoing traffic is open.

2g) Review

Click on ‘Launch’ and the instance is created. However, there’s a little more work to be done.

The size (in GBs), volume type, where the disk is mounted, and whether the volume needs to be encrypted needs to be specified. Free users get to access up to 30 GBs of SSD or magnetic storage (which can be found under ‘Volume Type’).

Fig: This dialog will pop up

Private key: The user downloads the private key

Public key: AWS uses the public key to confirm the identity of the user. 

After choosing to create a new pair, a new private key is downloaded as a .pem file.

For the next step, we need to use the following tools: PuTTY and PuTTYgen. PuTTY is generally used when you need to connect a Windows system with a Linux system, which is what we’re doing now. PuTTY doesn’t accept .pem files.

So, using the PuTTY Key Generator, you create a new .ppk file.

Conversion> Insert Key

And load the .pem file.

Select “Save Private Key” and find a location to save the key.

 

 

Fig: In the PuTTY configuration tool, provide your IP address and click on “Auth.”

 Fig: Now click on browse and find the corresponding .ppk file

 

Fig: Once that’s done, a terminal will open up where you can log in as ec2-user

3. Create an SNS and a topic

4. Make sure the topic is set to “public.”

5. Add subscribers: 

These are the individuals who have opted-in to be notified about your newsletter

6. Create an S3 bucket

7. Set up an event relating it with SNS: 

A notification is sent to the company’s subscribers every time something is added to the bucket

8. Sync the S3 bucket and AWS instance

And that’s it: Your users will be notified.

AWS’s Virtual Private Cloud (VPC)

Amazon VPC enables you to connect your on-premises resources to AWS infrastructure through a virtual private network.Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. 

Each VPC that you create is logically isolated from other virtual networks in the AWS cloud and is fully customizable. You can select the IP address range, create subnets, configure root tables, set up network gateways, define security settings using security groups, and network access control lists. 

Default Amazon VPC

Each Amazon account comes with a default VPC that is per-configured for you to start using immediately. A VPC can span multiple availability zones in a region. 

In the first section, there is a default Amazon VPC. The CIDR block for the default VPC is always a 16 subnet mask; in this example, it's 172.31.0.0/16. It means this VPC can provide up to 65,536 IP addresses.

Custom Amazon VPC

The default VPC is suitable for launching new instances when you're testing AWS, but creating a custom VPC allows you to:

• Make things more secure
• Customize your virtual network, as you can define your own our IP address range 
• Create your subnets that are both private and public
• Tighten security settings

Hardware VPN Access

By default, instances that you launch into an Amazon VPC can't communicate with your network. You can connect your VPCs to your existing data center using hardware VPN access. By doing so, you can effectively extend your data center into the cloud and create a hybrid environment. To do this, you will need to set up a virtual private gateway. 

 There is a VPN concentrator on the Amazon side of the VPN connection. For your data center, you need a customer gateway, which is either a physical device or a software application that sits on the customer’s side of the VPN connection. When you create a VPN connection, a VPN tunnel comes up when traffic is generated from the customer's side of the connection. 

VPC Peering 

A peering connection can be made between your own VPCs or with a VPC in another AWS account, as long as it is in the same region. 

If you have instances in VPC A, they wouldn't be able to communicate with instances in VPC B or C unless you set up a peering connection. Peering is a one-to-one relationship; a VPC can have multiple peering connections to other VPCs, but transitive peering is not supported. In other words, VPC A can connect to B and C in the above diagram, but C cannot communicate with B unless directly paired.

Additionally, VPCs with overlapping CIDRs cannot be paired. In the diagram, all VPCs have different IP ranges. If they have the same IP ranges, they wouldn't be able to pair.

Default VPC Deletion

In the event that the default VPC gets deleted, it is advised to reach out to AWS support for restoration. Therefore, you’ll only want to delete the default VPC only if you have a good reason.

After going through what AWS VPC is, let us next learn the IP addresses.