Forem: Clinton Ogechi

DevOps Stage 0 - Setting Up NGINX on Ubuntu

Clinton Ogechi — Fri, 31 Jan 2025 15:53:11 +0000

As we kicked off Stage 0, I was tasked with setting up and configuring an NGINX web server on a fresh Ubuntu instance. This process helped me deepen my understanding of how web servers work and how crucial they are for serving web content in a production environment. Here’s an overview of my experience, challenges faced, and how this task fits into my overall professional goals.

Approach to Completing the Task

The task required me to install the NGINX web server, configure it to serve a custom HTML page, and ensure it was running properly. Below are the steps I followed:

1. Server Setup: I started by setting up a fresh Ubuntu instance on a cloud provider, I choose AWS as my cloud provider. Once the instance was up and running, I SSHed into it.

2.Installing NGINX: The first step was to install NGINX. I used the following command to install it.

sudo apt update && sudo apt install nginx -y

3. Configuring NGINX: After installation, I created a simple HTML page with the message:

Welcome to DevOps Stage 0 - Clinton Ogechi/Clinton Ogechi

I placed this file in the /var/www/html directory, ensuring NGINX was properly configured to serve this page.

4. Firewall Configuration: I checked that my firewall allowed traffic on port 80 (HTTP) and blocked unnecessary ports such as 8080 and 443.

5. Testing and Validation: Finally, I was able to access the website using the server’s public IP address via http://34.239.118.252/ to confirm that the custom message appeared as expected.

Challenges Faced and Solutions
While completing this task, I forgot to enable the firewall after configuring the rules with UFW. This meant that the server was not blocking ports 8080 and 443 as intended. I resolved this by running:

sudo ufw enable

Contribution to My Learning and Professional Goals
This task was an essential step in my journey to becoming proficient in DevOps. By setting up NGINX, I gained practical experience in configuring web servers, which is a foundational skill in DevOps.

References
If you're looking into kick starting your career as a DevOps or as a Cloud Engineer, check out the links below;

DevOps Engineers - https://hng.tech/hire/devops-engineers
Cloud Engineers - https://hng.tech/hire/cloud-engineers

Amazon RDS Read Replica

Clinton Ogechi — Tue, 17 Sep 2024 01:17:08 +0000

A Read Replica allows you to offload read-heavy workloads from your primary database, significantly improving efficiency and reducing latency. Here's a quick overview of setting it up:

Step-by-step guide

Step 1: Create VPC

Create a VPC with an IPv4 CIDR block (e.g., 10.0.0/16).

Step 2: Create Subnets

Create a public subnet and two private subnets in different availability zones (AZs).

Step 3: Create Route Tables

Set up a public route table for internet access and associate it with the public subnet.
Create a private route table for private subnets without external access.

Step 4: Create an Internet Gateway

Create and attach the Internet Gateway to your VPC to allow the public subnet to access the internet.

Step 5: Launch an EC2 Instance

Launch an EC2 instance in the public subnet, allowing for SSH and web access.

Step 6: Create an RDS Instance

Create an RDS instance (e.g., MySQL) in the private subnet, which will not be publicly accessible.

Step 7: Set Up Security Groups

Create security groups for the EC2 instance (allow SSH and HTTP/HTTPS) and RDS (allow traffic from the EC2 instance).

Step 8: Test Connectivity

SSH into the EC2 instance and verify connectivity to the RDS instance using the private IP.

Step 9: Create a Read Replica

Set up a Read Replica for the RDS instance by selecting the "Create Read Replica" option from the RDS dashboard.
Configure replica settings such as DB instance identifier, class, storage type, and security group.
Ensure the Read Replica is placed in the correct VPC and subnet.

Conclusion

Implementing a Read Replica in Amazon RDS is a powerful way to scale database workloads, particularly in environments with high read traffic. By offloading read queries to a replica, the performance of the primary database improves significantly, leading to enhanced scalability and reduced latency. This setup is especially useful for applications that need to handle large volumes of data without compromising performance.

AWS Snow Family

Clinton Ogechi — Sun, 08 Sep 2024 21:56:40 +0000

Overview

The AWS Snow Family is a group of physical devices designed to help organizations transfer large amounts of data to and from AWS in environments where connectivity is limited, unreliable, or non-existent. It’s part of the AWS Data Migration services, allowing you to securely move data at petabyte scale or even deploy AWS capabilities to edge locations.

Components of AWS Snow Family

The Snow Family includes three main products:

1. AWS Snowcone:

Description: Smallest device in the Snow Family.
Storage: 8 TB of usable storage.
Use Case: Ideal for small-scale data transfer or edge computing in remote locations.

Features:

Lightweight and portable.
Can run compute instances using AWS IoT Greengrass for edge computing tasks.
Data transfer is encrypted, and the device has tamper-evident seals.

2. AWS Snowball:

Description: More robust and versatile than Snowcone. It comes in two types; Snowball Edge Storage Optimized and Snowball Edge Compute Optimized.

Storage Optimized: Up to 80 TB of usable storage.
Compute Optimized: 42 TB of storage with powerful compute capabilities.

Use Case: Large-scale data migration (petabytes), edge computing for data processing, and temporary on-premises cloud deployment.

Features:

Rugged and secure devices designed for harsh environments.
Can run EC2 instances and Lambda functions for edge computing.
Supports S3-compatible data storage, and all data transfers are encrypted.

3. AWS Snowmobile:

Description: A massive, truck-sized data migration solution.
Storage: Up to 100 PB (petabytes) of data.
Use Case: Designed for exabyte-scale data transfers, such as large-scale data center migrations.

Features:

Physically transported in a shipping container.
Secure, with military-grade security measures, including GPS tracking and 24/7 video surveillance.

Key Features of the AWS Snow Family

1. Edge Computing: Both Snowcone and Snowball Edge allow you to run compute workloads at the edge, enabling local data processing before transferring it to the cloud.

2. Data Transfer & Migration: Snow Family devices allow for secure, offline data transfers to AWS. Once filled with data, the devices are shipped back to AWS, where the data is loaded into S3 or other AWS services.

3. Security: All data is encrypted (AES-256 encryption) before it’s written to the device, ensuring secure transit. Devices are tamper-proof and come with tamper-evident seals.

4. Scalability: From small-scale (Snowcone) to massive (Snowmobile), the Snow Family offers solutions for different data transfer needs, from gigabytes to petabytes.

When to Use AWS Snow Family

Limited Bandwidth or Remote Locations: If your organization operates in a location with poor or no internet connectivity, Snow devices are ideal for moving large datasets to AWS.
Large-Scale Data Transfer: When transferring terabytes or petabytes of data over the internet is impractical due to costs or time constraints.
Edge Computing: Run compute-intensive workloads at the edge using Snowball Edge or Snowcone when you need to process and analyze data locally before sending it to the cloud.

Use Cases & Industry Applications

Disaster Recovery: Quickly transfer large amounts of data to AWS for safe storage and recovery.
Media and Entertainment: Move large video files, render workloads, or film footage from remote sites to the cloud.
Healthcare and Research: Transfer large datasets like genomic data or medical imagery securely and efficiently to AWS.
Data Center Migration: Migrate large amounts of on-premise data to AWS as part of a cloud adoption strategy.

Conclusion

The AWS Snow Family provides a secure, scalable solution for organizations needing to move large volumes of data to AWS or run edge computing workloads in remote locations. With its flexibility and strong security features, it's an excellent choice for situations where network connectivity is limited or non-existent.

Elastic File Service

Clinton Ogechi — Fri, 06 Sep 2024 20:42:12 +0000

Amazon Elastic File System (Amazon EFS) is a fully managed, serverless, and scalable file storage service that allows you to share file data across multiple Amazon EC2 instances and other AWS services. It’s ideal for workloads that require high throughput and concurrent access to file data. It's built for workloads that require shared access to a file system with high throughput and low latency.

Amazon Elastic File System (EFS) Setup Guide

Step 1: Create an EFS File System

Navigate to the Amazon EFS service.
Click on the Create file system button.
Configure File System Settings:

Name: Optionally, provide a name for the file system to easily identify it.
VPC: Select the Virtual Private Cloud (VPC) where you want to create the EFS. The VPC should match the network where your EC2 instances are running.
Availability and Durability: You can opt for the default settings, which provide high availability across multiple availability zones.

Choose a Performance Mode:

General Purpose: Suitable for latency-sensitive use cases like web serving and content management.
Max I/O: Use this mode for workloads requiring higher throughput and can tolerate slightly higher latencies.

Select a Throughput Mode:

Bursting Throughput: This is the default mode and works well for most applications. It automatically adjusts throughput based on file system activity.
Provisioned Throughput: Select this if you need a consistent level of throughput regardless of file size or I/O operations.

Configure Network Access:

Mount Targets: EFS requires mount targets in each availability zone (AZ) where you want to access the file system. Ensure that mount targets are created in the subnets where your EC2 instances are deployed.
Security Groups: Associate the security groups that allow inbound NFS traffic from your EC2 instances.

Review the settings you've configured, and then click Create.

Step 2: Create a Security Group

In the left-hand menu, under Network & Security, click Security Groups.
Create a New Security Group.
Configure the Security Group:

Name: Provide a name (e.g., efs-nfs-ssh-sg).
Description: Describe the purpose (e.g., NFS access for EFS).
VPC: Select the appropriate VPC where EC2 instances and EFS are located.

Step 3: Add Inbound Rules for NFS and SSH

Add an SSH Rule:

Type: SSH.
Port: 22.
Source: Choose My IP or Anywhere (0.0.0.0/0).

Add an NFS Rule:

Type: Custom NFS.
Port: 2049.
Source: Choose My IP or Anywhere (0.0.0.0/0). For better security, it's recommended to restrict the source to the specific subnet(s) or security group(s) that need access.

Step 4: Mount the EFS on EC2 Instances

Ensure EC2 instances are in the same VPC and subnets as the EFS mount targets.
Install NFS Utilities on EC2:
Connect to your EC2 instance.
Install NFS utilities using the appropriate package manager for your OS.

sudo su
yum install amazon-nfs-utils

Then attach your EFS to both of your EC2 instances using the NFS client.

Step 5: Create and Access Files Across Instances

Create a File on Instance 1. Navigate to the EFS mount directory:

cd efs

Create a file:

echo "Hello World" > helloworld.txt

Access the File on Instance 2. Navigate to the same EFS mount directory:

cd efs

Verify the file:

ls -l
cat helloworld.txt

The contents should match what was written on Instance 1.

Conclusion

Amazon EFS offers scalable, reliable, and fully managed shared file storage for EC2 and other AWS services. Its ease of use, high availability, and flexible performance options make it ideal for a variety of workloads, from web hosting to data analytics. With built-in security and seamless AWS integration, EFS is a powerful solution for simplifying cloud file storage management.

Route53 With Application Loadbalancer

Clinton Ogechi — Wed, 04 Sep 2024 20:34:55 +0000

Amazon Route 53 is a scalable and highly available Domain Name System (DNS) web service that allows you to manage and route traffic to your resources in a reliable and cost-effective way. Amazon Route 53, combined with the powerful Application Load Balancer (ALB), provides a robust solution to distribute traffic across EC2 instances in multiple availability zones.

Step 1: Set Up the Application Load Balancer (ALB)

1. Launch Two EC2 Instances

Open the AWS Management Console and navigate to the EC2 dashboard.
Launch two EC2 instances in different availability zones (e.g., us-east-1a and us-east-1b) with the same AMI and security group.
Ensure that both instances have HTTP and SSH ports enabled in their security group.
Add this bash script file for server 1.

#!/bin/bash
yum update -y
yum upgrade -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<h1>My Webserver 1</h1>" > /var/www/html/index.html

Add this bash script file for server 2.

#!/bin/bash
yum update -y
yum upgrade -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<h1>My Webserver 2</h1>" > /var/www/html/index.html

2. Create a Target Group

Navigate to Target Groups in the EC2 dashboard.
Click Create target group and select the Instances type.
Select your VPC and include both EC2 instances in the target group.
Ensure health checks are enabled for your instances.

3. Create the Application Load Balancer

Navigate to Load Balancers in the EC2 dashboard.
Click Create Load Balancer and select Application Load Balancer.
In the Network mapping section, select your VPC and choose the availability zones where your EC2 instances are running.
Assign the same security group that allows HTTP traffic.
Under Listeners and Routing, select the target group you created earlier.
Click Create Load Balancer.

4. Check the Status of the Load Balancer

Wait until the status of your Load Balancer changes from "Provisioning" to "Active."
Check the target group to ensure both EC2 instances are showing as healthy.

Step 2: Use AWS Provided DNS Name

1. Get the DNS Name of the Application Load Balancer

After the Load Balancer is created, go to the Load Balancers section in the EC2 dashboard.
Select your ALB, and you’ll see the DNS name of the Load Balancer.

2. Test the Load Balancer

Open a web browser and paste the ALB DNS name in the address bar.
You should be able to see the webpage served by one of your EC2 instances.
Refresh the browser a few times, and the request should switch between both EC2 instances.

Step 3: Route 53 Custom Domain Integration

1. Create a Hosted Zone in Route 53

In the AWS Management Console, navigate to Route 53.
Click on Hosted Zones and create a new hosted zone.

2. Create a CNAME Record

Go to the hosted zone you created.
Click Create Record and choose CNAME as the record type.
In Record name - www
Record type - CNAME
Value - DNS of our application load balancer we created in above steps.
Click on Create records.

Now we need to copy the NS record type → all 4 Value/Route traffic and paste it in the name servers of our purchased domain.

In web browser search your domain name and the request will be served from both the instances. You can test this setup using the DNS name provided by the ALB, as you won't be able to route traffic using the placeholder domain without proper registration.

Conclusion

By successfully integrating Amazon Route 53 with an Application Load Balancer, you've implemented a highly available and fault-tolerant architecture that optimizes traffic distribution across multiple EC2 instances. This setup not only enhances application performance but also ensures that requests are dynamically routed to healthy instances in multiple availability zones.

Static Website Hosting Using S3 Bucket

Clinton Ogechi — Tue, 03 Sep 2024 20:33:37 +0000

Amazon S3 (Simple Storage Service) offers a cost-effective and scalable solution for hosting static websites that consist solely of HTML, CSS, and JavaScript files. Amazon S3 offers a robust infrastructure that allows you to store and serve your website's content to users globally, without the need to manage servers. Below is a hand-on steps for achieving this.

Steps

1. Create an S3 Bucket

Navigate to the S3 service in the AWS Management Console.
Click on “Create bucket” and provide a unique bucket name (e.g., my-website-bucket-yourname).
Choose a region and leave other settings as default.
Click “Create bucket”.

2. Upload Website Content

Select the newly created bucket.
Click “Upload” and add your website files (HTML, CSS, JS).

3. Set permissions to make your website files publicly accessible.

Go to the AWS Management Console and open the S3 service.
Click on the bucket name that contains your website files.
In the bucket, go to the Permissions tab.
Scroll down to the Bucket Policy section and click on Edit.
Add the following bucket policy to allow public access to all objects in the bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
    ]
}

Replace your-bucket-name with the name of your bucket.
Click on Save changes.

4. Enable Static Website Hosting

In the bucket settings, select the “Properties” tab.
Click “Static website hosting” and enable it.
Specify the index document (e.g., index.html).
Save the changes.

5. Access Your Website Using the S3 Endpoint

Once you enable static website hosting, AWS will provide an S3 website endpoint. This endpoint typically looks like:

http://my-website-bucket.s3-website-region.amazonaws.com

Replace my-website-bucket with your bucket name and region with the region code (e.g., us-east-1).
You can now access your static website by navigating to this endpoint in your web browser.

Conclusion

By following these steps, you've successfully set up a static website hosted on Amazon S3, leveraging AWS's scalable and reliable infrastructure without the need to manage servers. Your website is now globally accessible via the S3 endpoint, allowing you to deliver content efficiently to users around the world. This setup not only simplifies the process of hosting a static website but also provides a cost-effective solution with the flexibility to scale as your website's traffic grows.

Network load Balancer

Clinton Ogechi — Mon, 02 Sep 2024 20:51:45 +0000

A Network Load Balancer (NLB) is a type of load balancer provided by AWS that operates at the Transport Layer (Layer 4) of the OSI model. It is designed to handle high volumes of traffic and distribute it efficiently across multiple targets, such as EC2 instances, containers, or IP addresses.

Aim

Provide step-by-step instructions for creating a launch template, setting up an Auto Scaling Group, configuring the NLB, and verifying the setup to ensure that the traffic is balanced effectively.

Objective

Create and configure a launch template that automates the setup of EC2 instances.
Establish an ASG that dynamically adjusts the number of instances based on load requirements.
Set up a NLB and associate it with an ASG to distribute incoming traffic across multiple instances.
Verify the proper configuration of the NLB and Auto Scaling Group, ensuring that traffic is routed efficiently and that the system scales as needed.

Steps

1. Create a Launch Template

In the navigation pane, choose "Launch Templates".
Choose "Create launch template".
Enter a name and description for your launch template (e.g., MyLaunchTemplate ).
Choose an AMI (e.g., Amazon Linux 2 AMI).
Select an instance type (e.g., t2.micro ).
In the Advanced details section, under User data , paste your Bash script:

#!/bin/bash
yum update -y
yum upgrade -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "this is my $(hostname)" > /var/www/html/index.html

Choose a key pair and configure other settings like security groups.
Choose "Create launch template".

2. Create an Auto Scaling Group

In the navigation pane, choose "Auto Scaling Groups".
Choose "Create Auto Scaling group".
Enter a name for your auto-scaling group (e.g., MyAutoScalingGroup ).
Select the launch template created in step 1.
Choose "Next".
Choose the VPC and subnets where you want your instances to run.
Specify the group size (minimum capacity: 2, desired capacity: 2, maximum capacity: 5).
Configure scaling policies if needed, then choose "Next".
Configure notifications, tags, and other settings as needed.
Review and create the auto-scaling group.

3. Create a Network Load Balancer and Target Group

In the navigation pane, choose "Load Balancers".
Choose "Create Load Balancer".
Select "Network Load Balancer" and choose "Create".
Enter a name for your load balancer (e.g., MyNetworkLoadBalancer ).
Select the scheme (e.g., internet-facing ).
Choose the VPC and subnets.
Configure the listeners (protocol: TCP, port: 80).
Choose "Next".
Under "Configure routing", choose "Create a target group".
Enter a name for your target group (e.g., MyTargetGroup ).
Select the target type (e.g., instance ).
Configure the health checks (protocol: TCP, port: 80).
Choose "Next".
Register targets if needed, or choose "Next" if you want the auto-scaling group to manage targets.
Review and create the target group.

4. Attach Target Group to Auto Scaling Group

In the navigation pane, choose "Auto Scaling Groups".
Select your auto-scaling group ( MyASG ).
Choose the "Details" tab, then "Edit".
Under "Load balancing", select "Attach to a new load balancer".
Choose "Attach to an existing target group" and select your target group ( MyTargetGroup ).
Save the changes.

5. Verify Configuration

Ensure the instances are launched in the desired subnets and are healthy in the target group.
Test the network load balancer's DNS name to verify it distributes traffic to the instances.

Conclusion

These steps helps to successfully implement a Network Load Balancer in AWS, effectively distributing traffic across multiple EC2 instances managed by an Auto Scaling Group. This setup not only enhances the availability and reliability of applications but also ensures that the system can scale to meet varying levels of demand.

Application Load Balancer

Clinton Ogechi — Sat, 31 Aug 2024 20:26:08 +0000

An Application Load Balancer (ALB) is one of the types of load balancers provided by Amazon Web Services (AWS) within the Elastic Load Balancing (ELB) service. ALB is designed to handle and distribute incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses, based on specified rules.

Aim

To configure an Application Load Balancer (ALB) in Amazon Web Services (AWS) that distributes traffic to EC2 instances across two subnets in different AZ within the default Virtual Private Cloud (VPC). Additionally, configure the EC2 instances with an HTTP web server.

Objective

Launch two EC2 instances, each in a different subnet within the the default VPC.
Set up an Application Load Balancer (ALB) to distribute incoming traffic across the EC2 instances.
Configure the EC2 instances as Linux servers with an HTTP web server.
Ensure the setup allows for high availability and fault tolerance by leveraging multiple Availability Zones.

Steps

Step 1: Launch two EC2 Instances

Go to the EC2 Dashboard in the AWS Management Console.
Click "Launch Instance."
Select an Amazon Machine Image (AMI) (e.g., Amazon Linux 2).
Choose an instance type.
Under "Network," select the default VPC.
Choose a subnet in an Availability Zone (e.g., us-east-1a).
Under "Advanced Details > USER DATA SCRIPT:

#!/bin/bash
yum update -y
yum upgrade -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<h1>Instance A is running</h1>" > /var/www/html/index.html

Second Ec2 Instance

#!/bin/bash
yum update -y
yum upgrade -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
echo "<h1>Instance B is running</h1>" > /var/www/html/index.html

Configure the security group to allow HTTP (port 80) and SSH (port 22) traffic.
Launch the instance.

Step 2: Create an Application Load Balancer

1. Create ALB:

Go to the EC2 Dashboard.
Under "Load Balancing," click "Load Balancers."
Click "Create Load Balancer" and choose "Application Load Balancer."

2. Configure Security Groups:

Create or select an existing security group that allows inbound HTTP/HTTPS traffic.

3. Configure Routing:

Create a target group.
Choose "Instances" as the target type.
Configure the health checks for the target group.
Register your EC2 instances with this target group.

4. Review and Create:

Review your configuration and create the load balancer.

Step 4: Test the Setup

Test ALB:

Note the DNS name of the ALB.
Access it via a web browser to ensure it distributes traffic to your EC2

Instance A

Instance B

Conclusion

By completing these steps, you have successfully configured an Application Load Balancer (ALB) in AWS within the default VPC and subnets. The ALB now efficiently distributes incoming traffic across EC2 instances in multiple Availability Zones, ensuring high availability and fault tolerance

NAT Gateway Implementation

Clinton Ogechi — Thu, 29 Aug 2024 19:54:02 +0000

A NAT Gateway is a key component in AWS networking, that allows instances in a private subnet to connect to the internet or other AWS services while preventing inbound traffic from the internet. Below are steps on how to implement it;

Aim

To provide a comprehensive guide on implementing a NAT Gateway in AWS, detailing the necessary steps to set up a secure and efficient networking environment.

Objectives

To demonstrate the configuration and attachment of an Internet Gateway to facilitate internet connectivity for the public subnet.
To provide step-by-step instructions for creating and configuring a NAT Gateway.
To verify the configuration by launching instances in both public and private subnets, confirming their respective connectivity requirements are met.

Steps

1. Create a VPC

Log in to the AWS Management Console.
Navigate to the VPC Dashboard.
Click on Your VPCs in the left-hand menu.
Click on Create VPC.
Fill in the following details: Name tag: MyVpc IPv4 CIDR block: 10.0.0.0/16
Click on Create VPC.

2. Create Subnets

Create Public Subnet

In the VPC Dashboard, click on Subnets.
Click on Create subnet.
Enter the following details: Name tag: PublicSubnet, VPC: Select MyVpc, Availability Zone: Choose one (e.g., af-south-1a ), IPv4 CIDR block: 10.0.1.0/24.
Click on Create subnet.

Create Private Subnet

In the VPC Dashboard, click on Subnets.
Click on Create subnet again.
Fill in the following details: Name tag: PrivateSubnet VPC: Select MyVpc Availability Zone: Choose one (e.g., af-south-1b ) IPv4 CIDR block: 10.0.2.0/24
Click on Create subnet.

3. Create and Attach an Internet Gateway

Go to the Internet Gateways section in the VPC Dashboard.
Click on Create internet gateway.
Fill in the following details: Name tag: MyInternetGateway
Click Create internet gateway.
Select the newly created Internet Gateway and click Actions > Attach to VPC.
Select MyVpc and click Attach internet gateway.

4. Create a NAT Gateway

Go to the NAT Gateways section in the VPC Dashboard.
Click on Create NAT gateway.
Fill in the following details: Name tag: MyNatGateway Subnet: Select PublicSubnet Elastic IP allocation ID: Click on Allocate Elastic IP and then Allocate.
Click Create a NAT Gateway.

5. Create Route Tables

Go to the Route Tables section in the VPC Dashboard.
Click on Create route table.
Fill in the details for the public route table: Name tag: PublicRouteTable VPC: Select MyVpc
Click Create route table.
Select the newly created route table PublicRouteTable and click on the Routes tab.
Click Edit routes > Add route.
Set the Destination to 0.0.0.0/0 and Target to the Internet Gateway ( MyInternetGateway ).
Click Save routes.

Go back to Route Tables and create another route table for the private subnet: Name tag: PrivateRouteTable VPC: Select MyVpc
Click Create route table.
Select the newly created route table PrivateRouteTable and click on the Routes tab.
Click Edit routes > Add route.
Set the Destination to 0.0.0.0/0 and Target to the NAT Gateway ( MyInternetGateway ).
Click Save routes.

6. Associate Route Tables with Subnets

Select the PublicRouteTable route table.
Click on the Subnet associations tab.
Click Edit subnet associations.
Select the PrivateRouteTable and click Save.
Select the PrivateRouteTable route table.
Click on the Subnet associations tab.
Click Edit subnet associations.
Select the PrivateRouteTable and click Save.

7. Launch Instances

Go to the EC2 Dashboard in the AWS Management Console.
Click on Launch Instance.
Fill in the following details: Name: public-instance AMI: Select an AMI, e.g., Amazon Linux 2 Instance type: t2.micro (or any other type you prefer) Key pair: Create a new key pair or select an existing one
Network settings: VPC: Select MyVpc Subnet: Select PublicSubnet Auto-assign Public IP: Enable
Click Launch instance.
Repeat the steps to launch another instance in the private subnet: Name: private-instance AMI: Select an AMI, e.g., Amazon Linux 2 Instance type: t2.micro (or any other type you prefer) Key pair: Create a new key pair or select an existing one Network settings: VPC: Select MyVpc Subnet: Select PrivateSubnet Auto-assign Public IP: Disable

Verify the Configuration

Public Instance: Should have internet access directly.
Private Instance: Should have internet access through the NAT Gateway.

Conclusion

A NAT Gateway is essential for allowing instances in a private subnet to securely access the internet or other AWS services while preventing inbound traffic. This setup ensures the privacy of your internal resources and effective management of outbound connections, enhancing the security and functionality of your AWS environment.

Security Groups & Network ACLs

Clinton Ogechi — Wed, 28 Aug 2024 16:02:52 +0000

Security groups and Network ACLs are similar in that they allow you to control access to AWS resources within your VPC. Howerver, SGs allow you to control inbound and outbound traffic at the instance level, while NACLs offer similar capabilities at the VPC subnet level.

Aim

To provide a comprehensive, step-by-step guide understanding on how to configure and manage key components such as VPCs, subnets, internet gateways, route tables, security groups, and Network ACLs, ensuring a secure and scalable environment for deploying AWS resources.

Objective

Demonstrate the creation and configuration of a VPC and its associated components, including public and private subnets.
Illustrate the setup and association of Security Groups and Network ACLs to control inbound and outbound traffic at both the instance and subnet levels.
Guide readers through the process of launching and securely accessing an EC2 instance within the configured VPC environment.

Steps

1. Create a VPC

Log in to the AWS Management Console.
Navigate to the VPC Dashboard.
Click on Your VPCs in the left-hand menu.
Click on Create VPC.
Enter the following details: Name tag: MyVpc IPv4 CIDR block: 10.0.0.0/16 IPv6 CIDR block: No IPv6 CIDR Block Tenancy: Default
Click on Create VPC.

2. Create Subnets

Create Public Subnet
In the VPC Dashboard, click on Subnets.
Click on Create subnet.
Enter the following details: Name tag: PublicSubnet, VPC: Select MyVpc, Availability Zone: Choose one (e.g., af-south-1a ), IPv4 CIDR block: 10.0.1.0/24.
Click on Create subnet.

Create Private Subnet

In the VPC Dashboard, click on Subnets.
Click on Create subnet again.
Enter the following details: Name tag: PrivateSubnet VPC: Select MyVpc Availability Zone: Choose one (e.g., af-south-1b ) IPv4 CIDR block: 10.0.2.0/24
Click on Create subnet.

3. Create an Internet Gateway

Click on Create internet gateway.
Enter the following details:Name tag: MyInternetGateway
Click on Create internet gateway.
Select the newly created internet gateway, then click on*Actions* and select Attach to VPC.
Choose MyVpc and click on Attach internet gateway.

4. Create Route Tables

Create Public Route Table

In the VPC Dashboard, click on Route Tables.
Click on Create route table.
Enter the following details: Name tag: PublicRouteTable VPC: Select MyVpc
Click on Create route table.
Select the newly created route table, click on Routes, then click on Edit routes.
Add the following route: Destination: 0.0.0.0/0 Target: Select Internet Gateway and then select MyInternetGateway
Click on Save routes.
Click on the Subnet associations tab, then click on Edit subnet associations.
Select PublicSubnet and click on Save associations.

Create Private Route Table

Click on Create route table again.
Enter the following details: Name tag: PrivateRouteTable VPC: Select MyVpc
Click on Create route table.
No need to add routes for the private route table at this point unless you have a specific setup (e.g., NAT Gateway for internet access)
Click on the Subnet associations tab, then click on Edit subnet associations. Select PrivateSubnet and click on Save associations.

5. Create Security Groups

Create Public Security Group

In the EC2 Dashboard, click on Security Groups.
Click on Create security group.
Enter the following details: Name tag: PublicSG Description: Security group for public instances VPC: Select MyVpc
Add Inbound Rules: Type: SSH Protocol: TCP Port Range: 22 Source: 0.0.0.0/0 (Allow access from anywhere)
Add Outbound Rules: The default outbound rule allows all traffic.
Click on Create security group

6. Create Network ACLs

Create Public Network ACL

In the VPC Dashboard, click on Network ACLs.
Click on Create network ACL.
Enter the following details: Name tag: PublicNACL VPC: Select MyVpc
Click on Create network ACL.
Add Inbound Rules: Rule #: 100 Type: SSH Protocol: TCP Port Range: 22 Source: 0.0.0.0/0 (Allow access from anywhere)
Add Outbound Rules: Rule #: 101 Type: Custom TCP Protocol: TCP Port Range: 1024-65535 Destination: 0.0.0.0/0

Associate with Subnet:

Select the Subnet: Choose the public subnet to associate with this NACL.
Click on Save.

Create Private Network ACL

In the VPC Dashboard, click on Network ACLs.
Click on Create network ACL.
Enter the following details: Name tag: PrivateNACL VPC: Select MyVpc
Click on Create network ACL.
Add Inbound Rules:

Rule #: 100
Type: SSH
Protocol: TCP
Port Range: 22
Source: 0.0.0.0/0 (Allow access from anywhere)

Rule #: 101
Type: Custom TCP
Protocol: TCP
Port Range: 1024-65535
Source: 0.0.0.0/0 (Allow access from anywhere)

Associate with Subnet:

Select the Subnet: Choose the private subnet to associate with this NACL.
Click on Save.

7. Create Ec2 Instance

Click on Launch Instance.
Enter the following details: Name: PublicServer AMI: Choose an Amazon Linux 2 AMI (HVM), SSD Volume Type Instance Type: t2.micro (or another type as needed) Key Pair: Select an existing key pair or create a new one Network: Select MyVpc Subnet: Select PublicSubnet Auto-assign Public IP: Enable Security Group: Select PublicSG
Click on Launch Instance

8. Connect to an EC2 Instance Using EC2 Instance Connect

Navigate to the EC2 Dashboard.
Select the PublicServer Instance.
Click on Connect at the top of the page.
Choose EC2 Instance Connect as the connection method.
Click on Connect to open the terminal.

Conclusion

Security Groups (SGs) and Network ACLs (NACLs) are essential for controlling access to AWS resources within a VPC. SGs manage traffic at the instance level with stateful filtering, while NACLs provide stateless filtering at the subnet level. Together, they offer a robust security framework, ensuring both individual instance protection and broader network security within your VPC. This layered approach enhances the overall security and resilience of your AWS environment.

Auto Scalling Groups

Clinton Ogechi — Tue, 27 Aug 2024 18:04:04 +0000

Auto Scaling Groups automatically manage the number of EC2 instances in your application to maintain availability and ensure performance. Whether you’re dealing with variable traffic or need to ensure high availability, ASGs have got you covered.

Aim

To provide a comprehensive guide on how to effectively leverage Auto Scaling Groups (ASGs) in AWS to maintain the availability and performance of your applications.

Objective

Creating a launch template.
Configuring an Auto Scaling Group.
Setting up a target tracking scaling policy.
Monitoring the performance of EC2 instances under load.

Steps

1. Create a Launch Template

Navigate to EC2: Open the Amazon EC2 console.
Launch Templates: In the navigation pane, under Instances, choose Launch templates.
Create Launch Template: Click on "Create launch template".

Name and Description: Provide a name and description for your launch template.

Image: Select the desired Amazon Machine Image (AMI).
Instance Type: Choose the instance type that suits your application's requirements.
Key Pair: Select an existing key pair or create a new one.
Security Groups: Add or create security groups to control inbound and outbound traffic.
Network Settings: Configure network interfaces, subnets, and other network-related settings.
Storage: Configure root volume and additional EBS volumes as needed.
Advanced Details: Customize additional settings like user data, IAM roles, and monitoring.
Create Launch Template: Click "Create launch template".

2. Create an Auto Scaling Group

Navigate to Auto Scaling: Open the Auto Scaling console.
Create Auto Scaling Group: Click on "Create Auto Scaling group".
Basic Configuration: Auto Scaling group name: Provide a name for your Auto Scaling group. Launch template: Select the launch template you created in step 1. VPC: Choose the VPC where you want to launch instances. Availability Zones: Select the desired availability zones.
Group Size: Desired capacity: Specify the initial number of instances. Minimum capacity: Set the minimum number of instances. Maximum capacity: Set the maximum number of instances.
Scaling Policies: Configure scaling policies based on your application's requirements. This involves defining trigger conditions and scaling actions.
Tags: Add tags to your Auto Scaling group for organization and filtering.
Create Auto Scaling Group: Click "Create Auto Scaling group".

Based on the desired capacity, Auto Scalling group will spin up two ec2 instances.

3. Create a Target Tracking Scaling Policy

Navigate to Automatic Scaling: Open the Auto Scaling Group and go to the "Automatic scaling" tab.
Add Scaling Policy: Under the "Target tracking scaling policies" section, click on "Create policy."
Select Policy Type: Choose "Target tracking scaling policy" as the policy type.
Configure Policy: Policy Name: Enter a name for your scaling policy. Metric Type: Select a predefined metric like Average CPU Utilization or use a custom CloudWatch metric. Target Value: Input the desired target value (e.g., 50 for 50% CPU utilization). Instance Warm-Up Period: Specify the warm-up period for new instances.
Create the Policy: Click "Create" to finalize and activate the scaling policy.

4. Install the Stress Tool on Your EC2 Instance

Connect via SSH: Use Amazon EC2 Instance Connect to connect to your EC2 instance.
Install the Stress Tool:
Run the Stress Command: Generate CPU load by running the following command.

sudo yum install -y stress

stress --cpu 2 --timeout 300

Monitor Auto Scaling Group: Click on your Auto Scaling Group to view its details, then go to the Activity tab to see scaling actions as new instances are added.

Monitor Instances: In the EC2 Dashboard, under the Instances tab, you should the third instance launching as the load increases.

Conclusion

Auto Scaling Groups (ASGs) in AWS automatically adjust the number of EC2 instances to match demand, ensuring high availability and performance without manual intervention. With health checks, load balancing, and customizable scaling policies, ASGs offer a flexible and efficient solution for managing cloud resources, making them vital for scalable and resilient cloud architectures.

User Creation Aumation in Linux with a Bash Script

Clinton Ogechi — Tue, 02 Jul 2024 16:00:42 +0000

Introduction

In the world of a SysOps engineer, one of the common tasks you will encouter is the creation and management of users and groups. Automation helps simplify this process, making it efficient and time saving. In this blog post, we'll go through a bash script createusers.sh that automates the creation of users and groups, set up home directories with appropriate permissions and ownership, generate random passwords for the users, and log all actions.

Breaking down the script

Here is the complete script created in create_users.sh with and an explanation of each section.

#!/bin/bash

# Define the log & password file variables
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

# Create and set permissions for log and password files
touch $LOG_FILE
mkdir -p /var/secure
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

# Generate a random password for a user
generate_password() {
  tr -dc A-Za-z0-9 </dev/urandom | head -c 12
}

# Check if the file is provided
if [ -z "$1" ]; then
  echo "Usage: $0 <user_file>"
  exit 1
fi
USER_FILE="$1"

# Process each line of the user file
while IFS=";" read -r username groups; do
  # Remove leading and trailing whitespace from username and groups
  username=$(echo $username | xargs)
  groups=$(echo $groups | xargs)

  # If a user does not exist, create user and personal group
  if ! id -u $username >/dev/null 2>&1; then
    useradd -m -s /bin/bash $username
    echo "$(date) - Created user: $username" >> $LOG_FILE

    # Generate a password for the user
    password=$(generate_password)
    echo "$username,$password" >> $PASSWORD_FILE
    echo "$username:$password" | chpasswd

    # Set appropriate permissions and ownership for home directory
    chown -R "$username:$username" "/home/$username"
    chmod 700 "/home/$username"

    # Assign the user to the specified groups
    if [ -n "$groups" ]; then
      IFS=',' read -r -a group_array <<< "$groups"
      for group in "${group_array[@]}"; do
        if ! getent group $group >/dev/null; then
          groupadd $group
          echo "$(date) - Created group: $group" >> $LOG_FILE
        fi
        usermod -aG $group $username
        echo "$(date) - Added $username to group: $group" >> $LOG_FILE
      done
    fi
  else
    echo "$(date) - User $username already exists" >> $LOG_FILE
  fi
done < "$USER_FILE"
echo "The user creation process is completed."

Explanation

Defining the log & password file variables: We define the paths for the log file and the password storage file. It also ensures that a secure directory for password storage is created with the neccesary permissions.

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

touch $LOG_FILE
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

Processing the Input File: The script reads the input file provided. Each line is expected to have a username and a list of groups separated by a semicolon. The script processes each line, removing any leading or trailing whitespace from username and groups.

if [ -z "$1" ]; then
  echo "Usage: $0 <user_file>"
  exit 1
fi
USER_FILE="$1"

while IFS=";" read -r username groups; do
  # Remove leading and trailing whitespace from username and groups
  username=$(echo $username | xargs)
  groups=$(echo $groups | xargs)

Generating Random Passwords: This script generates random passwords for each user using a secure method. These passwords are then stored in a directory; /var/secure/user_passwords.csv, with the neccesary file permissions set to ensure only the owner can read it.

generate_password() {
  tr -dc A-Za-z0-9 </dev/urandom | head -c 12
}

Function to Create Users and Groups: This script creates each user and their group, as well as any additional groups. If the user or group already exists, the script logs a message and skips to the next entry. It sets up home directories with appropriate permissions and ownership.

if ! id -u $username >/dev/null 2>&1; then
    useradd -m -s /bin/bash $username
    echo "$(date) - Created user: $username" >> $LOG_FILE

    password=$(generate_password)
    echo "$username,$password" >> $PASSWORD_FILE
    echo "$username:$password" | chpasswd

    chown -R "$username:$username" "/home/$username"
    chmod 700 "/home/$username"

    if [ -n "$groups" ]; then
      IFS=',' read -r -a group_array <<< "$groups"
      for group in "${group_array[@]}"; do
        if ! getent group $group >/dev/null; then
          groupadd $group
          echo "$(date) - Created group: $group" >> $LOG_FILE
        fi
        usermod -aG $group $username
        echo "$(date) - Added $username to group: $group" >> $LOG_FILE
      done
    fi

Running the Script

Before executing the script, ensure it has executable permissions. You can make it executable by granting the necessary permissions using:

chmod +x create_users.sh

Run the Script with Root Privileges.

sudo ./create_users.sh

After executing the script, it will display messages confirming the creation.

Conclusion

This bash script helps automate user creation and management making the process easier and saves time. This ensures all actions are logged and passwords stored securely.

To learn about this and more, check out HNG Internship and also check out HNG Hire for top talents.