Sunday, April 12, 2020

Lab: Build your VPC and Launch a Web Server

Note: This blog is for you to make your life easier. 
Don't make your life complicated, just enjoy the blog. ^_^
Please pardon my simplicity of my own blog and look for the content. 

 To make it more easier for you just click one photos, follow then scroll. ⏩
Enjoy reading! ^_^



Scenario:
In this blog we will be using Amazon Virtual Private Cloud or simply called VPC to create our own VPC and add additional components to produce a customised network. We will create also a Security Groups for our own EC2 instance. Lastly, we will configure and customise an EC2 instance to run a web server and launch it into the VPC.

Quick Review:
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you defined. This virtual network closely resembles a traditional network that you would operate in your own data center, with the benefits of using the scalable infrastructure of AWS. You can create a VPC that spans multiple Availability Zones.


We will now build the following infrastructure: 


Our main objectives are:
  • Create a VPC.
  • Create subnets.
  • Configure a security group.
  • Launch an EC2 instance into a VPC.


Let us now get started!!!

First, we will access the AWS Management Console:

1. Go to your LAB activity then click the "Start Lab" to launch your lab.(You will see this picture below).
2. Wait until you see the message "Lab status: ready", then click the "X" then proceed.

3. At the top of instructions, click "AWS."
Note: This will open AWS Management Console in a new browser tab. If you had existing then it will automatically log you in.

4. Arrange the AWS Management Console tab and browser for you comfortability.



TASK 1: CREATING YOUR OWN VPC
We will be using VPC Wizard to create a VPC with an Internet Gateway and two subnets in a single Availability Zone. An Internet gateway or simply called IGW is a VPC component that will allows you communication between instances in your VPC and the Internet.

 NOTE: After you create a VPC, you can add subnets than each subnet resides entirely within one Availability Zone and cannot span zones. If a subnet's traffic is routed to an Internet Gateway, the subnet is known as a public subnet. If a subnet does not have a route to the Internet gateway, the subnet is known asprivate subnet.

The wizard will also create a NAT Gateway, this will used to provide connection internet to EC2 instances in private subnets.

5. With the "AWS Management Console", on the "Services" menu, click "VPC."

6. To start "Launch VPC Wizard"



7. In the left navigation panel, click "VPC with Public and Private Subnets" (note: this will be the second option).


8. Click "Select" then configure the following:
    • VPC name: Lab VPC
    • Availability Zone: Select the first Availability Zone
    • Public subnet name: Public Subnet 1
    • Availability Zone: Select the first Availability Zone (the same as used above)
    • Private subnet name: Private Subnet 1
    • Elastic IP Allocation ID: Click in the box and select the displayed IP address


    9. Click "Create VPC." (note: the wizard will create your VPC.)

      10. Once it is complete, click "OK"
      This time the wizard has provisioned a VPC with a private and public subnet in the same Availability Zone. (see picture below for your reference).

      Note: 
      The Public Subnet has a CIDR of 10.0.0.0/24, which means that it contains all IP addresses starting with 10.0.0.x.
      The Private Subnet has a CIDR of 10.0.1.0/24, which means that it contains all IP addresses starting with 10.0.1.x.





      TASK 2: CREATING ADDITIONAL SUBNETS
      We will creating two additional subnets in a second Availability Zone. This will be useful for creating resources in multiple Availability Zones to provide High Availability.

      11. In the left navigation pane, click "Subnets." You will create a second Public Subnet.
      12. Click "Create subnet" then configure:

        • Name tag: Public Subnet 2
        • VPC: Lab VPC
        • Availability Zone: Select the second Availability Zone
        • IPv4 CIDR block: 10.0.2.0/24



      13. Click "Create" then click "Close." This will enable you to create a second Private Subnet.


      14. Click "Create subnet" then configure:
        • Name tag: Private Subnet 2
        • VPC: Lab VPC
        • Availability Zone: Select the second Availability Zone
        • CIDR block: 10.0.3.0/24
      The subnet will have all IP addresses starting with 10.0.3.x.


        15. Click "Create" then click "Close"
        NoteYou will now configure the Private Subnets to route internet-bound traffic to the NAT Gateway so that resources in the Private Subnet are able to connect to the Internet, while still keeping the resources private. This is done by configuring a Route Table.route table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in a VPC must be associated with a route table; the route table controls routing for the subnet.


        16. In the left navigation pane, click "Route Tables."


        17. Select  the route table with Main = Yes and VPC = Lab VPC.


        18. In the lower pane, click the "Routes" tab.
        Note that Destination 0.0.0.0/0 is set to Target nat-xxxxxxxx. This means that traffic destined for the internet (0.0.0.0/0) will be sent to the NAT Gateway. The NAT Gateway will then forward the traffic to the internet.
        This route table is therefore being used to route traffic from Private Subnets. You will now add a name to the Route Table to make this easier to recognize in future.


        19. In the Name column for this route table, click "pencil" then type "Private Route Table" and click 


        20.In the lower pane, click "Subnet Associations" tab. You will now associate this route table to the Private Subnets.


        21. Click "Edit subnet associations"


        22. Select  both Private Subnet 1 and Private Subnet 2You can expand the Subnet ID column to view the Subnet names.

        23. Click "Save"


        24. Select  the route table with Main = No and VPC = Lab VPC (and deselect any other subnets).


        25. In the Name column for this route table, click the pencil  then type Public Route Table, and click 


        26. In the lower pane, click the Routes tab.
        Note that Destination 0.0.0.0/0 is set to Target igw-xxxxxxxx, which is the Internet Gateway. This means that internet-bound traffic will be sent straight to the internet via the Internet Gateway.
        You will now associate this route table to the Public Subnets.


        27. Click "Subnet associations" tab.

        28. Click "Edit subnet associations"


        29. Select  both Public Subnet 1 and Public Subnet 2.


        30. Click "Save." 
        Note: Your VPC now has public and private subnets configured in two Availability Zones:


        TASK 3: CREATING a VPC Security Group

        You will create a VPC security group, which acts as a virtual firewall. When you launch an instance, you associate one or more security groups with the instance. You can add rules to each security group that allow traffic to or from its associated instances.

        31. In the left navigation pane, click "Security Groups."


        32. Click "Create Security Group" and then configure:

          • Security group name: Web Security Group
          • Description: Enable HTTP access
          • VPC: Lab VPC
        33. Click "Create" then click "Close"
        Note: You will now add a rule to the security group to permit inbound web requests.
        34. Select "Web Security Group".

         35. Click "Inbound Rules" tab.

         36. Click "Edit Rules."
        37. Click Add Rule then configure:
          • Type: HTTP
          • Source: Anywhere
          • Description: Permit web requests

        38. Click Save rules then click Close
        You will use this security group in the next task when launching an Amazon EC2 instance.






        TASK 4: Launch a Web Server Instance
        We will now launch an Amazon EC2 instance into the new VPC. You will configure the instance to act as a web server.

        39. On the Services  menu, click EC2.


        40. Click Launch Instance
        First, you will select an Amazon Machine Image (AMI), which contains the desired Operating System.



        41. In the row for Amazon Linux 2 (at the top), click "Select."
        The Instance Type defines the hardware resources assigned to the instance. 



        42.Select t2.micro (shown in the Type column).

        43. Click "Next: Configure Instance Details"
        You will now configure the instance to launch in a Public Subnet of the new VPC.



        44. Configure these settings:
          • Network: Lab VPC
          • Subnet: Public Subnet 2 (not Private!)
          • Auto-assign Public IP: Enable


        45. Expand the  Advanced Details section (at the bottom of the page).

        46 - 54. Copy and paste this code into the User data box:
        #!/bin/bash
        # Install Apache Web Server and PHP
        yum install -y httpd mysql php
        # Download Lab files
        wget https://aws-tc-largeobjects.s3.amazonaws.com/AWS-TC-AcademyACF/acf-lab3-vpc/lab-app.zip
        unzip lab-app.zip -d /var/www/html/
        # Turn on web server
        chkconfig httpd on

        This script will be run automatically when the instance launches for the first time. The script loads and configures a PHP web application.


        55. Click "Next: Add Storage"
        Note: You will use the default settings for storage.



        56. Click "Next: Add Tags"
        Note: Tags can be used to identify resources. You will use a tag to assign a Name to the instance.

        57. Click "Add Tag" then configure:
          • Key: Name
          • Value: Web Server 1


        58. Click "Next: Configure Security Group."
        You will configure the instance to use the Web Security Group that you created earlier.

        59Select "Select an existing security group."

        60.Select  Web Security Group.
        This is the security group you created in the previous task. It will permit HTTP access to the instance.




        61. Click "Review and Launch"


        62. When prompted with a warning that you will not be able to connect to the instance through port 22, click "Continue."



        63. Review the instance information and click "Launch."



        64. In the Select an existing keypair dialog, select  I acknowledge....


        65. Click "Launch Instances" and then click "View Instances"




        66.Wait until Web Server 1 shows 2/2 checks passed in the Status Checks column.
        Note: This may take a few minutes. Click refresh  in the top-right every 30 seconds for updates.You will now connect to the web server running on the EC2 instance.

        67. Copy the Public DNS (IPv4) value shown in the Description tab at the bottom of the page.



        68. Open a new web browser tab, paste the Public DNS value and press Enter.
        You should see a web page displaying the AWS logo and instance meta-data values.
        The complete architecture you deployed is:


        And you are done: You should see this in your new web page:


        Congratulations!!! ^_^

        Problems encountered:
        NONE

        Thanks for visiting my blog.

        Email me at: aileen-pacia@live.nmit.ac.nz
        “I can do all things through Christ who strengthens me.”
        Philippians 4:13



        Posted by at

        No comments:

        Post a Comment

        Subscribe to: Post Comments (Atom)