#Connect to IRC
http://webchat.freenode.net/ Channel: phpnwaws
#Creating an IAM account
-
Log into the AWS managment console
-
Select IAM from the services menu
-
Select "Users" from the left hand nav
-
Click "Create New Users" button
-
Enter a username in the box
-
Click "Create"
-
Download the security credentials
-
Click "Close"
-
Click on the newly created user
-
Under "Security Credentials" click manage password
-
Click auto assign password and download the newly created credentials
-
Under "Permissions" Click "Attach User Policy" click the "Select button under "Administrator Access"
-
Select 'VPC' from the services menu
-
Click 'Create VPC'
-
Enter 'tutorialvpc' in the name box and '10.0.0.0/0' in the CIDR box and click 'Yes, Create'
-
Click 'Subnets' on the left hand nav
-
Click 'Create Subnet'
-
Enter public1a in the name box and select 'eu-west-1a' from the availability zone drop down and 10.0.1.0/24 in the CIDR box.
-
Click 'Internet Gateways' on the left hand nav
-
Click 'Create Internet Gateway', enter 'publicigw' in the name box and click 'Yes, Create'
-
Right click on the new internet gateway and select 'Attach To VPC', select the previously created VPC and click 'Yes, Attach'
-
Click 'Route Tables' on the left hand nav
-
Click 'Create Route Table' and name it 'PublicRoute'
-
Click the new route table and in the bottom pane select 'Routes'
-
Click 'Edit' and add a new route with the destination "0.0.0.0/0" and the Target of the previously created gateway. Click 'Save'
-
Finally click 'Subnets' on the left hand nav. Select the previously created subnet and in the bottom pane Click 'Route Table', 'Edit' then change the route table to 'PublicRoute'.
-
Select 'Ec2' from the services menu.
-
Click 'Launch Instance'
-
Select 'Ubuntu 14.04 HVM' from the list of images
-
Click 'Next: Configure Instance Details'. Change the following:
- Auto Assign Public Ip: Enable
-
Click 'Next: Add Storage'
-
Click 'Next: Tag Instance'. Name the instance 'Webserver Test'
-
Click 'Next: Configure Security Group'
-
Create a new security Group with the following settings:
- Name: webserver
- Description: webserver sg Add a rule:
- Type: HTTP
-
Click 'Review And Launch'
-
Click Launch
-
Select 'Create A New Key Pair' and name it phpnwtest. Save it to your desktop.
-
From the EC2 'Instances' screen copy the public ip of the newly created instance
-
Wait for the instance status to be 'running' and checks to be '2/2 Passed'
-
Open a terminal and SSH to the new instance
- ssh -i /path/to/key ubuntu@IPADDRESS
- SSH into the new instance and install apache 2
- sudo apt-get update
- sudo apt-get install apache2 php5
- sudo nano /var/www/html/hello.php
- Enter some php and save the file. I suggest ""
- SSH into the new instance and install apache 2
- sudo apt-get update
- sudo apt-get install apache2
-
Input the IPADDRESS into a web browser screen and check that apache is running
-
From the EC2 'Instances' screen right click on the newly created instance and click 'Create Image'
-
Name the image 'Webserver' and add the description 'Apache2 webserver'
-
Click on 'AMIs' on the left hand nav you should see a newly created AMI. Wait until the status reads 'available'
-
You can now launch new apache instances into your VPC. Try It!
-
Select 'S3' from the services menu
-
Click "Create Bucket"
-
Enter a bucket name, and pick a region (eu). Click 'Create'
-
Select 'Cloud Formation' from the services menu
-
Click the "Create A Stack" button
-
Name the stack 'CloudFormer' and select "Cloud Former" from the 'source' select box
-
Click 'Next' until ariving at the review screen, acknowlege the usage charges and click "Create"
-
When the stack status reaches 'COMPLETE', click on it and in the bottom pane select 'Outputs'
-
Navigate to the URL shown, you may need to refresh occasionally until the application comes up
-
Click the 'Create Template' button
-
Tick 'Select All Resources'
- Navigate through the following screens selecting:
- DNS: NA
- VPC: Select the VPC
- VPC Network: Select subnet, internet gateway and DHCP options
- VPC Security: Unselect ACL, Select Routing Tables
- Network: Select the load balancer, Unselect Cloud Front Distributions
- Compute: Select the previously created instance
- Storage: Unselect S3 Buckets
- Application Services: NA
- Config: NA
- Security: Select 'webserver' security group, unselect everything else
- Operational Resources: NA
-
On the sumary screen rename the resources to be inline with the elements of the architecure they represent. Use the aws managment console as a a guide to convert id numbers to names.
-
Click 'Continue'
-
Click 'Save Template' and on the next screen 'Launch Stack'
-
Select 'VPC' from the 'Services' menu
-
Click Subnets on the left hand nav
-
Click 'Create Subnet'. Name the subnet 'public1b', use the CIDR '10.0.2.0/24' and use availability zone 'eu-west-1b'
-
Click 'Subnets' on the left hand nav, Select the new subnet and change its routing table to be PublicRoute (as above)
-
Select 'EC2' from the 'Services' menu
-
Click 'Load Balancers' on the left hand nav
-
Click 'Create Load Balancer'
-
Name it 'testloadbalancer', create it inside the test VPC and click 'Continue'
-
Change the following settings and click 'Continue':
- Health Check Interval: 10
- Healthy threshold: 2
-
Add the two previously created subnets and click 'Continue'
-
Select the 'Webserver' security group and click 'Continue'
-
Add the previously created webserver to the the load balancer and click 'Continue'
-
Click 'Conitnue' then 'Create'
-
Navigate to the DNS Name shown in the newly created load balancers bottom pane
-
Select 'EC2' from the 'Services' menu
-
Click 'Auto Scaling Groups' on the left hand nav
-
Click 'Create Auto Scaling Group'
-
Click 'Create Launch Configuration'
-
Click 'My AMIs' and select the webserver AMI previously created
-
Click 'Configure Details'
- Name: WebserverLaunchConf Advanced
- Assign Public Ip Address
-
Click 'Next Add Storage', Click 'Next: Configure Security Group'
-
Select the webserver security group and click 'Review' and then 'Create Launch Configuration'
-
Select the previously created tutorial Key
-
Use the following values:
- Group: webservers
- Group Size: 2
- Network: tutorialvpc
- Subnets: (select both) Advanced
- Receive Traffic From Loadbalancers: (select testloadbalancer)
-
Click 'Next Configure Scaling Policy' and select 'Keep this group at its initial size'
-
Click 'Review', then 'Create Auto Scaling Group'
-
Monitor the new servers coming up from the instances screen
-
Create a new security group 'bastion'. Allow SSH access from the internet to this group.
-
Add a new SSH access rule to the webserver group. Allow SSH traffic from the new 'Bastion' security group
-
Delete the old SSH access rule from the 'Webserver' security group
-
Add two additional subnets in availability zones 1a and 1b. Name them 'private1a' and 'private1b' using CIDRs '10.0.3.0/24' and '10.0.4.0/24'
-
Delete the current auto scaling group
-
Create a new launch configuration as before (using the webserver ami). However this time on the 'Configure Details' under 'Advanced' select the option 'Do not assign a public IP address to any instances.'
-
When the launch config is created select the option to launch an auto scaling group and have it deploy instances into subnets 'private1a' and 'private1b'. Start with two instances.
- Launch an Ubuntu instance using the stock ubuntu ami as in previous examples.
- Ensure it has a public IP address and is in either public1a or public1b
- SSH to this instance and use it to SSH into your web instances
#Creating A Cloud Front Distribution Backed By S3
##Create an S3 bucket
-
Select "S3" from the service menu on the upper right hand side
-
Click "Create Bucket"
-
Give the bucket a name (this has to be unique across the region)
-
Click "Create"
-
Click "Actions" then "Upload"
-
Upload the test image in this folder
##Create a Cloud Front Distribution
-
Select "Cloud Front" from the services menu on the upper right hand side
-
Click "Create Distribution"
-
In the Origin Domain Name box select your previously created bucket
-
Click "Create Distribution"
-
Wait for the status to move from "InProgress"
NOTE: Setting up the distribution takes a long time!
##Altering Your Bucket Permissions
-
Select "S3" from the service menu on the upper right hand side
-
Click your previously created bucket
-
Click "Properties" on the upper left hand side of the screen
-
Click "Permissions"
-
Click "Apply Bucket Policy"
-
Copy the policy from this folder into the text box, remembering to change the example bucket name to the name you created above.
##Testing
-
Select "Cloud Front" from the services menu on the upper right hand side
-
Click the "i" button on your previously created cloud front distribution
-
Copy the "domain name" value and paste it into your browser. Add /php.png to the end and hit return
-
You should see the famous elephant
-
Select 'VPC' from the services menu and 'Security Groups' from the left hand nav
-
Create a new security group 'database' as in previous examples
-
Allow Mysql Connections from the webserver group
-
Allow Mysql and SSH connections from the bastion group (to enable mysql gui access via a tunnel).
-
Select 'RDS' from the services menu and 'Subnet Groups' from the left hand nav
-
Click 'Create DB Subnet Groups'
-
Give the group a name, description and select the previously created VPC.
-
Select Availability Zonw eu-west-1a and then add the private subnet from that zone
-
Repeat the process for eu-west-1b (private subnets are 10.0.3.0 and 10.0.4.0)
-
Select 'RDS' from the services menu and 'Instances' from the left hand nav
-
Click 'Launch DB Instance'
-
Select 'Mysql'
-
Select 'No'
-
On the 'Specify DB Details' page modify the following:
- DB Instance Class: db.t2.micro
- Multi-AZ Deployment: yes
- Use Provisioned IOPS: no
- Add a database identifier, username and password
- On the 'Configure Advanced Settings' page:
- VPC (select the test vpc)
- Select two subnets
- Add the Database security group
- Click 'Launch Instance'
NOTE: Setting up the database instance takes a long time!