The latest articles on Forem by Sri (@kasukur). https://forem.com/kasukur https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F643937%2Fcd8d3f00-3a1b-4ac1-89cc-6b50a2e021de.JPG https://forem.com/kasukur en Sri Tue, 14 Oct 2025 11:08:28 +0000 https://forem.com/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-2-troubleshooting-real-world-429d https://forem.com/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-2-troubleshooting-real-world-429d <p>Welcome back! In <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-1-complete-setup-guide-lgd">Part 1</a>, we built the foundation of our secure Jenkins-Slack integration. Now it's time to tackle the real-world challenges that make or break production deployments.</p> <p>This is <strong>Part 2</strong> of our series, where we'll dive deep into troubleshooting common issues, implementing critical fixes, and adding production-ready enhancements.</p> <h2> The Reality Check </h2> <p>After deploying the initial setup from Part 1, you'll likely encounter several roadblocks. Based on real-world experience, here are the most common issues and their battle-tested solutions:</p> <h2> 🚨 Critical Issues and Solutions </h2> <h3> Issue 1: Jenkins Authentication Failure </h3> <p><strong>Problem</strong>: Jenkins login with admin/ not working<br><br> <strong>Symptoms</strong>:</p> <ul> <li>Jenkins stuck in initial setup mode</li> <li>"Invalid username or password" errors</li> <li>Cannot access Jenkins dashboard</li> </ul> <p><strong>Root Cause</strong>: Jenkins was in initial setup wizard mode, not accepting default credentials</p> <p><strong>Solution</strong>: Complete Jenkins Reset with Programmatic Admin Creation<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create the final-fix.sh script</span> <span class="nb">cat</span> <span class="o">&gt;</span> final-fix.sh <span class="o">&lt;&lt;</span> <span class="sh">'</span><span class="no">EOF</span><span class="sh">' #!/bin/bash echo "🚀 Starting Jenkins reset and setup..." # Stop Jenkins sudo systemctl stop jenkins echo "✅ Jenkins stopped" # Clean existing user files sudo rm -rf /var/lib/jenkins/users /var/lib/jenkins/init.groovy.d echo "✅ Cleaned existing user files" # Create proper admin user script sudo mkdir -p /var/lib/jenkins/init.groovy.d sudo tee /var/lib/jenkins/init.groovy.d/create-admin.groovy &gt; /dev/null &lt;&lt; 'GROOVY' #!/usr/bin/env groovy import jenkins.model.* import hudson.security.* def instance = Jenkins.getInstance() def hudsonRealm = new HudsonPrivateSecurityRealm(false) hudsonRealm.createAccount("admin", "your-secure-password") instance.setSecurityRealm(hudsonRealm) def strategy = new FullControlOnceLoggedInAuthorizationStrategy() strategy.setDenyAnonymousReadAccess(false) instance.setAuthorizationStrategy(strategy) instance.setCrumbIssuer(null) // Disable CSRF instance.save() println "Admin user created and CSRF disabled" GROOVY sudo chown jenkins:jenkins /var/lib/jenkins/init.groovy.d/create-admin.groovy echo "✅ Created admin user script" # Start Jenkins sudo systemctl start jenkins echo "✅ Jenkins started" # Wait for initialization echo "⏳ Waiting for Jenkins initialization..." sleep 30 # Test authentication echo "🧪 Testing authentication..." curl -u admin:your-secure-password http://localhost:8080/api/json &gt; /dev/null 2&gt;&amp;1 if [ </span><span class="nv">$?</span><span class="sh"> -eq 0 ]; then echo "✅ Authentication successful!" else echo "❌ Authentication failed. Check Jenkins logs." fi echo "🎉 Setup complete! Access Jenkins at http://localhost:8080 with admin/your-secure-password" </span><span class="no">EOF </span><span class="nb">chmod</span> +x final-fix.sh ./final-fix.sh </code></pre> </div> <p><strong>Key Files Created</strong>:</p> <ul> <li> <code>final-fix.sh</code> - Complete Jenkins setup script</li> <li> <code>create-admin.groovy</code> - Programmatic admin user creation</li> <li>CSRF protection disabled for API access</li> </ul> <h3> Issue 2: CSRF Token Errors </h3> <p><strong>Problem</strong>: "403 No valid crumb was included in the request" errors<br><br> <strong>Symptoms</strong>:</p> <ul> <li>Lambda getting 401 Unauthorized for CSRF endpoints</li> <li>Jenkins API calls failing with crumb errors</li> <li>Authentication works but job triggers fail</li> </ul> <p><strong>Root Cause</strong>: Jenkins CSRF protection blocking API calls from Lambda</p> <p><strong>Solution</strong>: Disable CSRF Protection Programmatically<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Create CSRF disable script</span> <span class="nb">sudo tee</span> /var/lib/jenkins/init.groovy.d/disable-csrf.groovy <span class="o">&gt;</span> /dev/null <span class="o">&lt;&lt;</span> <span class="sh">'</span><span class="no">EOF</span><span class="sh">' #!/usr/bin/env groovy import jenkins.model.* def instance = Jenkins.getInstance() instance.setCrumbIssuer(null) instance.save() println "CSRF protection disabled" </span><span class="no">EOF </span><span class="nb">sudo chown </span>jenkins:jenkins /var/lib/jenkins/init.groovy.d/disable-csrf.groovy <span class="nb">sudo </span>systemctl restart jenkins </code></pre> </div> <p><strong>Why This Works</strong>: For API-only access scenarios, CSRF protection can be safely disabled since we're using proper authentication and the API is not exposed to browsers.</p> <h3> Issue 3: Slack Slash Command dispatch_unknown_error </h3> <p><strong>Problem</strong>: <code>dispatch_unknown_error</code> when using <code>/run_test</code><br><br> <strong>Symptoms</strong>:</p> <ul> <li>Slack command returns error immediately</li> <li>No response from API Gateway</li> <li>Lambda function not being invoked</li> </ul> <p><strong>Root Cause</strong>: Slack app not properly installed or missing permissions</p> <p><strong>Solution</strong>: Proper Slack App Configuration</p> <ol> <li> <strong>Verify App Installation</strong>:</li> </ol> <ul> <li>Go to <a href="https://api.slack.com/apps" rel="noopener noreferrer">https://api.slack.com/apps</a> </li> <li>Select your app → "Install App"</li> <li>Ensure it shows "Installed" with green checkmark</li> <li>If not installed, click "Install to Workspace"</li> </ul> <ol> <li> <strong>Check Request URL</strong>:</li> </ol> <ul> <li>Go to "Slash Commands" → Edit <code>/run_test</code> </li> <li>Verify URL is exactly: <code>https://your-api-gateway-url/prod/trigger</code> </li> <li><strong>No extra spaces or characters</strong></li> </ul> <ol> <li> <strong>Test with Webhook</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Use webhook.site for testing</span> <span class="c"># 1. Go to https://webhook.site</span> <span class="c"># 2. Copy unique URL</span> <span class="c"># 3. Temporarily update Slack command to use webhook URL</span> <span class="c"># 4. Test command - should see request in webhook.site</span> </code></pre> </div> <ol> <li> <strong>Reinstall App</strong>: <ul> <li>Uninstall app from workspace</li> <li>Reinstall with proper permissions</li> <li>Grant "Send messages" permission</li> </ul> </li> </ol> <h3> Issue 4: Lambda Function Evolution </h3> <p><strong>Problem</strong>: Lambda function needs optimization for Slack integration<br><br> <strong>Evolution Path</strong>: Basic → CSRF-aware → Slack-optimized</p> <p><strong>Final Solution</strong>: Slack-Optimized Lambda Function<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// main_slack_fixed.go - Final optimized version</span> <span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"encoding/json"</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"net/url"</span> <span class="s">"strings"</span> <span class="s">"github.com/aws/aws-lambda-go/events"</span> <span class="s">"github.com/aws/aws-lambda-go/lambda"</span> <span class="s">"github.com/aws/aws-sdk-go/aws"</span> <span class="s">"github.com/aws/aws-sdk-go/aws/session"</span> <span class="s">"github.com/aws/aws-sdk-go/service/ssm"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">SlackRequest</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Text</span> <span class="kt">string</span> <span class="s">`json:"text"`</span> <span class="n">UserName</span> <span class="kt">string</span> <span class="s">`json:"user_name"`</span> <span class="n">ChannelName</span> <span class="kt">string</span> <span class="s">`json:"channel_name"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">JenkinsCredentials</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Username</span> <span class="kt">string</span> <span class="s">`json:"username"`</span> <span class="n">Password</span> <span class="kt">string</span> <span class="s">`json:"password"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">request</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyRequest</span><span class="p">)</span> <span class="p">(</span><span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Parse Slack request (handles both JSON and form data)</span> <span class="k">var</span> <span class="n">slackReq</span> <span class="n">SlackRequest</span> <span class="k">if</span> <span class="n">request</span><span class="o">.</span><span class="n">Headers</span><span class="p">[</span><span class="s">"Content-Type"</span><span class="p">]</span> <span class="o">==</span> <span class="s">"application/json"</span> <span class="p">{</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">Body</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">slackReq</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// Handle form data</span> <span class="n">values</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">url</span><span class="o">.</span><span class="n">ParseQuery</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span> <span class="n">slackReq</span><span class="o">.</span><span class="n">Text</span> <span class="o">=</span> <span class="n">values</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"text"</span><span class="p">)</span> <span class="n">slackReq</span><span class="o">.</span><span class="n">UserName</span> <span class="o">=</span> <span class="n">values</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"user_name"</span><span class="p">)</span> <span class="n">slackReq</span><span class="o">.</span><span class="n">ChannelName</span> <span class="o">=</span> <span class="n">values</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"channel_name"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Parse parameters from text</span> <span class="n">env</span> <span class="o">:=</span> <span class="s">"dev"</span> <span class="n">testSuite</span> <span class="o">:=</span> <span class="s">"smoke"</span> <span class="k">if</span> <span class="n">slackReq</span><span class="o">.</span><span class="n">Text</span> <span class="o">!=</span> <span class="s">""</span> <span class="p">{</span> <span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Fields</span><span class="p">(</span><span class="n">slackReq</span><span class="o">.</span><span class="n">Text</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="m">1</span> <span class="p">{</span> <span class="n">env</span> <span class="o">=</span> <span class="n">parts</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="p">}</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="m">2</span> <span class="p">{</span> <span class="n">testSuite</span> <span class="o">=</span> <span class="n">parts</span><span class="p">[</span><span class="m">1</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// Get Jenkins credentials from SSM</span> <span class="n">sess</span> <span class="o">:=</span> <span class="n">session</span><span class="o">.</span><span class="n">Must</span><span class="p">(</span><span class="n">session</span><span class="o">.</span><span class="n">NewSession</span><span class="p">())</span> <span class="n">ssmClient</span> <span class="o">:=</span> <span class="n">ssm</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">sess</span><span class="p">)</span> <span class="n">jenkinsURLParam</span> <span class="o">:=</span> <span class="s">"/jenkins-slack-demo/jenkins_url"</span> <span class="n">jenkinsCredsParam</span> <span class="o">:=</span> <span class="s">"/jenkins-slack-demo/jenkins_credentials"</span> <span class="n">jenkinsURLResult</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ssmClient</span><span class="o">.</span><span class="n">GetParameter</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ssm</span><span class="o">.</span><span class="n">GetParameterInput</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">aws</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">jenkinsURLParam</span><span class="p">),</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">createErrorResponse</span><span class="p">(</span><span class="s">"Failed to get Jenkins URL"</span><span class="p">),</span> <span class="no">nil</span> <span class="p">}</span> <span class="n">credsResult</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ssmClient</span><span class="o">.</span><span class="n">GetParameter</span><span class="p">(</span><span class="o">&amp;</span><span class="n">ssm</span><span class="o">.</span><span class="n">GetParameterInput</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">aws</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">jenkinsCredsParam</span><span class="p">),</span> <span class="n">WithDecryption</span><span class="o">:</span> <span class="n">aws</span><span class="o">.</span><span class="n">Bool</span><span class="p">(</span><span class="no">true</span><span class="p">),</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">createErrorResponse</span><span class="p">(</span><span class="s">"Failed to get Jenkins credentials"</span><span class="p">),</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">var</span> <span class="n">creds</span> <span class="n">JenkinsCredentials</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="o">*</span><span class="n">credsResult</span><span class="o">.</span><span class="n">Parameter</span><span class="o">.</span><span class="n">Value</span><span class="p">),</span> <span class="o">&amp;</span><span class="n">creds</span><span class="p">)</span> <span class="c">// Trigger Jenkins job</span> <span class="n">jobURL</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/job/run_test/buildWithParameters"</span><span class="p">,</span> <span class="o">*</span><span class="n">jenkinsURLResult</span><span class="o">.</span><span class="n">Parameter</span><span class="o">.</span><span class="n">Value</span><span class="p">)</span> <span class="n">data</span> <span class="o">:=</span> <span class="n">url</span><span class="o">.</span><span class="n">Values</span><span class="p">{}</span> <span class="n">data</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"ENVIRONMENT"</span><span class="p">,</span> <span class="n">env</span><span class="p">)</span> <span class="n">data</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"TEST_SUITE"</span><span class="p">,</span> <span class="n">testSuite</span><span class="p">)</span> <span class="n">client</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span><span class="p">{}</span> <span class="n">req</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequest</span><span class="p">(</span><span class="s">"POST"</span><span class="p">,</span> <span class="n">jobURL</span><span class="p">,</span> <span class="n">strings</span><span class="o">.</span><span class="n">NewReader</span><span class="p">(</span><span class="n">data</span><span class="o">.</span><span class="n">Encode</span><span class="p">()))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">createErrorResponse</span><span class="p">(</span><span class="s">"Failed to create request"</span><span class="p">),</span> <span class="no">nil</span> <span class="p">}</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Content-Type"</span><span class="p">,</span> <span class="s">"application/x-www-form-urlencoded"</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">SetBasicAuth</span><span class="p">(</span><span class="n">creds</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">creds</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Do</span><span class="p">(</span><span class="n">req</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">createErrorResponse</span><span class="p">(</span><span class="s">"Failed to trigger Jenkins job"</span><span class="p">),</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="c">// Create Slack-compatible response</span> <span class="k">var</span> <span class="n">status</span> <span class="kt">string</span> <span class="k">var</span> <span class="n">emoji</span> <span class="kt">string</span> <span class="k">if</span> <span class="n">resp</span><span class="o">.</span><span class="n">StatusCode</span> <span class="o">==</span> <span class="m">201</span> <span class="o">||</span> <span class="n">resp</span><span class="o">.</span><span class="n">StatusCode</span> <span class="o">==</span> <span class="m">200</span> <span class="p">{</span> <span class="n">status</span> <span class="o">=</span> <span class="s">"Successfully triggered"</span> <span class="n">emoji</span> <span class="o">=</span> <span class="s">"🚀"</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">status</span> <span class="o">=</span> <span class="s">"Failed to trigger"</span> <span class="n">emoji</span> <span class="o">=</span> <span class="s">"❌"</span> <span class="p">}</span> <span class="n">response</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}{</span> <span class="s">"response_type"</span><span class="o">:</span> <span class="s">"in_channel"</span><span class="p">,</span> <span class="s">"text"</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s Jenkins job triggered!</span><span class="se">\n</span><span class="s">• Environment: %s</span><span class="se">\n</span><span class="s">• Test Suite: %s</span><span class="se">\n</span><span class="s">• Status: %s"</span><span class="p">,</span> <span class="n">emoji</span><span class="p">,</span> <span class="n">env</span><span class="p">,</span> <span class="n">testSuite</span><span class="p">,</span> <span class="n">status</span><span class="p">),</span> <span class="p">}</span> <span class="n">responseBody</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="k">return</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span><span class="p">{</span> <span class="n">StatusCode</span><span class="o">:</span> <span class="m">200</span><span class="p">,</span> <span class="n">Headers</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span> <span class="s">"Content-Type"</span><span class="o">:</span> <span class="s">"application/json"</span><span class="p">,</span> <span class="p">},</span> <span class="n">Body</span><span class="o">:</span> <span class="kt">string</span><span class="p">(</span><span class="n">responseBody</span><span class="p">),</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">func</span> <span class="n">createErrorResponse</span><span class="p">(</span><span class="n">message</span> <span class="kt">string</span><span class="p">)</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span> <span class="p">{</span> <span class="n">response</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}{</span> <span class="s">"response_type"</span><span class="o">:</span> <span class="s">"ephemeral"</span><span class="p">,</span> <span class="s">"text"</span><span class="o">:</span> <span class="s">"❌ "</span> <span class="o">+</span> <span class="n">message</span><span class="p">,</span> <span class="p">}</span> <span class="n">responseBody</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="k">return</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span><span class="p">{</span> <span class="n">StatusCode</span><span class="o">:</span> <span class="m">500</span><span class="p">,</span> <span class="n">Headers</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">{</span> <span class="s">"Content-Type"</span><span class="o">:</span> <span class="s">"application/json"</span><span class="p">,</span> <span class="p">},</span> <span class="n">Body</span><span class="o">:</span> <span class="kt">string</span><span class="p">(</span><span class="n">responseBody</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">lambda</span><span class="o">.</span><span class="n">Start</span><span class="p">(</span><span class="n">handler</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h2> 🛠️ Production Enhancements </h2> <h3> Security Improvements </h3> <h4> 1. Slack Signature Verification </h4> <p>Add proper Slack request signature validation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="s">"crypto/hmac"</span> <span class="s">"crypto/sha256"</span> <span class="s">"encoding/hex"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">verifySlackSignature</span><span class="p">(</span><span class="n">signature</span><span class="p">,</span> <span class="n">timestamp</span><span class="p">,</span> <span class="n">body</span><span class="p">,</span> <span class="n">signingSecret</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">bool</span> <span class="p">{</span> <span class="k">if</span> <span class="n">signature</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="no">false</span> <span class="p">}</span> <span class="c">// Remove "v0=" prefix</span> <span class="n">signature</span> <span class="o">=</span> <span class="n">strings</span><span class="o">.</span><span class="n">TrimPrefix</span><span class="p">(</span><span class="n">signature</span><span class="p">,</span> <span class="s">"v0="</span><span class="p">)</span> <span class="c">// Create signature base string</span> <span class="n">sigBasestring</span> <span class="o">:=</span> <span class="s">"v0:"</span> <span class="o">+</span> <span class="n">timestamp</span> <span class="o">+</span> <span class="s">":"</span> <span class="o">+</span> <span class="n">body</span> <span class="c">// Compute HMAC</span> <span class="n">mac</span> <span class="o">:=</span> <span class="n">hmac</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">sha256</span><span class="o">.</span><span class="n">New</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">signingSecret</span><span class="p">))</span> <span class="n">mac</span><span class="o">.</span><span class="n">Write</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">sigBasestring</span><span class="p">))</span> <span class="n">expectedSignature</span> <span class="o">:=</span> <span class="n">hex</span><span class="o">.</span><span class="n">EncodeToString</span><span class="p">(</span><span class="n">mac</span><span class="o">.</span><span class="n">Sum</span><span class="p">(</span><span class="no">nil</span><span class="p">))</span> <span class="k">return</span> <span class="n">hmac</span><span class="o">.</span><span class="n">Equal</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="n">signature</span><span class="p">),</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">(</span><span class="n">expectedSignature</span><span class="p">))</span> <span class="p">}</span> </code></pre> </div> <h4> 2. Enhanced IAM Roles </h4> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># terraform/iam.tf - Enhanced IAM configuration</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role"</span> <span class="s2">"lambda_execution_role"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"${var.project_name}-lambda-execution-role"</span> <span class="nx">assume_role_policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Action</span> <span class="p">=</span> <span class="s2">"sts:AssumeRole"</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Principal</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Service</span> <span class="p">=</span> <span class="s2">"lambda.amazonaws.com"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_iam_role_policy"</span> <span class="s2">"lambda_policy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"${var.project_name}-lambda-policy"</span> <span class="nx">role</span> <span class="p">=</span> <span class="nx">aws_iam_role</span><span class="p">.</span><span class="nx">lambda_execution_role</span><span class="p">.</span><span class="nx">id</span> <span class="nx">policy</span> <span class="p">=</span> <span class="nx">jsonencode</span><span class="p">({</span> <span class="nx">Version</span> <span class="p">=</span> <span class="s2">"2012-10-17"</span> <span class="nx">Statement</span> <span class="p">=</span> <span class="p">[</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span> <span class="s2">"logs:CreateLogStream"</span><span class="p">,</span> <span class="s2">"logs:PutLogEvents"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"arn:aws:logs:*:*:*"</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"ssm:GetParameter"</span><span class="p">,</span> <span class="s2">"ssm:GetParameters"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"arn:aws:ssm:${var.aws_region}:*:parameter/${var.project_name}/*"</span> <span class="p">]</span> <span class="p">},</span> <span class="p">{</span> <span class="nx">Effect</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">Action</span> <span class="p">=</span> <span class="p">[</span> <span class="s2">"ec2:CreateNetworkInterface"</span><span class="p">,</span> <span class="s2">"ec2:DescribeNetworkInterfaces"</span><span class="p">,</span> <span class="s2">"ec2:DeleteNetworkInterface"</span> <span class="p">]</span> <span class="nx">Resource</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="p">}</span> <span class="p">]</span> <span class="p">})</span> <span class="p">}</span> </code></pre> </div> <h3> Monitoring and Observability </h3> <h4> 1. CloudWatch Alarms </h4> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># terraform/monitoring.tf</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"lambda_errors"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"${var.project_name}-lambda-errors"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="s2">"2"</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"Errors"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/Lambda"</span> <span class="nx">period</span> <span class="p">=</span> <span class="s2">"300"</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Sum"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="s2">"0"</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Lambda function errors"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">alerts</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="nx">dimensions</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">FunctionName</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">jenkins_trigger</span><span class="p">.</span><span class="nx">function_name</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">resource</span> <span class="s2">"aws_cloudwatch_metric_alarm"</span> <span class="s2">"jenkins_response_time"</span> <span class="p">{</span> <span class="nx">alarm_name</span> <span class="p">=</span> <span class="s2">"${var.project_name}-jenkins-response-time"</span> <span class="nx">comparison_operator</span> <span class="p">=</span> <span class="s2">"GreaterThanThreshold"</span> <span class="nx">evaluation_periods</span> <span class="p">=</span> <span class="s2">"2"</span> <span class="nx">metric_name</span> <span class="p">=</span> <span class="s2">"Duration"</span> <span class="nx">namespace</span> <span class="p">=</span> <span class="s2">"AWS/Lambda"</span> <span class="nx">period</span> <span class="p">=</span> <span class="s2">"300"</span> <span class="nx">statistic</span> <span class="p">=</span> <span class="s2">"Average"</span> <span class="nx">threshold</span> <span class="p">=</span> <span class="s2">"10000"</span> <span class="c1"># 10 seconds</span> <span class="nx">alarm_description</span> <span class="p">=</span> <span class="s2">"Jenkins response time too high"</span> <span class="nx">alarm_actions</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_sns_topic</span><span class="p">.</span><span class="nx">alerts</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="nx">dimensions</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">FunctionName</span> <span class="p">=</span> <span class="nx">aws_lambda_function</span><span class="p">.</span><span class="nx">jenkins_trigger</span><span class="p">.</span><span class="nx">function_name</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> 2. Structured Logging </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Logger</span> <span class="k">struct</span> <span class="p">{</span> <span class="o">*</span><span class="n">log</span><span class="o">.</span><span class="n">Logger</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewLogger</span><span class="p">()</span> <span class="o">*</span><span class="n">Logger</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">Logger</span><span class="p">{</span> <span class="n">Logger</span><span class="o">:</span> <span class="n">log</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">Stdout</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="n">log</span><span class="o">.</span><span class="n">LstdFlags</span><span class="o">|</span><span class="n">log</span><span class="o">.</span><span class="n">Lshortfile</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">Logger</span><span class="p">)</span> <span class="n">LogRequest</span><span class="p">(</span><span class="n">user</span><span class="p">,</span> <span class="n">channel</span><span class="p">,</span> <span class="n">text</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"REQUEST: user=%s channel=%s text=%s"</span><span class="p">,</span> <span class="n">user</span><span class="p">,</span> <span class="n">channel</span><span class="p">,</span> <span class="n">text</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">Logger</span><span class="p">)</span> <span class="n">LogJenkinsTrigger</span><span class="p">(</span><span class="n">env</span><span class="p">,</span> <span class="n">testSuite</span> <span class="kt">string</span><span class="p">,</span> <span class="n">statusCode</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"JENKINS_TRIGGER: env=%s testSuite=%s status=%d"</span><span class="p">,</span> <span class="n">env</span><span class="p">,</span> <span class="n">testSuite</span><span class="p">,</span> <span class="n">statusCode</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">l</span> <span class="o">*</span><span class="n">Logger</span><span class="p">)</span> <span class="n">LogError</span><span class="p">(</span><span class="n">operation</span> <span class="kt">string</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">l</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"ERROR: operation=%s error=%v"</span><span class="p">,</span> <span class="n">operation</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h3> Advanced Features </h3> <h4> 1. Dynamic Parameter Parsing </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">CommandParser</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">CommandParser</span><span class="p">)</span> <span class="n">ParseCommand</span><span class="p">(</span><span class="n">text</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">params</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">)</span> <span class="c">// Default values</span> <span class="n">params</span><span class="p">[</span><span class="s">"ENVIRONMENT"</span><span class="p">]</span> <span class="o">=</span> <span class="s">"dev"</span> <span class="n">params</span><span class="p">[</span><span class="s">"TEST_SUITE"</span><span class="p">]</span> <span class="o">=</span> <span class="s">"smoke"</span> <span class="k">if</span> <span class="n">text</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="k">return</span> <span class="n">params</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// Parse key=value pairs</span> <span class="n">pairs</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">Split</span><span class="p">(</span><span class="n">text</span><span class="p">,</span> <span class="s">" "</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">pair</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">pairs</span> <span class="p">{</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">pair</span><span class="p">,</span> <span class="s">"="</span><span class="p">)</span> <span class="p">{</span> <span class="n">parts</span> <span class="o">:=</span> <span class="n">strings</span><span class="o">.</span><span class="n">SplitN</span><span class="p">(</span><span class="n">pair</span><span class="p">,</span> <span class="s">"="</span><span class="p">,</span> <span class="m">2</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">==</span> <span class="m">2</span> <span class="p">{</span> <span class="n">params</span><span class="p">[</span><span class="n">strings</span><span class="o">.</span><span class="n">ToUpper</span><span class="p">(</span><span class="n">parts</span><span class="p">[</span><span class="m">0</span><span class="p">])]</span> <span class="o">=</span> <span class="n">parts</span><span class="p">[</span><span class="m">1</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">params</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h4> 2. Job Status Callbacks </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">JobStatusCallback</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">WebhookURL</span> <span class="kt">string</span> <span class="n">Channel</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">j</span> <span class="o">*</span><span class="n">JobStatusCallback</span><span class="p">)</span> <span class="n">SendStatus</span><span class="p">(</span><span class="n">jobName</span><span class="p">,</span> <span class="n">status</span><span class="p">,</span> <span class="n">details</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">message</span> <span class="o">:=</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}{</span> <span class="s">"channel"</span><span class="o">:</span> <span class="n">j</span><span class="o">.</span><span class="n">Channel</span><span class="p">,</span> <span class="s">"text"</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"Job %s: %s"</span><span class="p">,</span> <span class="n">jobName</span><span class="p">,</span> <span class="n">status</span><span class="p">),</span> <span class="s">"attachments"</span><span class="o">:</span> <span class="p">[]</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}{</span> <span class="p">{</span> <span class="s">"color"</span><span class="o">:</span> <span class="n">getStatusColor</span><span class="p">(</span><span class="n">status</span><span class="p">),</span> <span class="s">"fields"</span><span class="o">:</span> <span class="p">[]</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}{</span> <span class="p">{</span> <span class="s">"title"</span><span class="o">:</span> <span class="s">"Details"</span><span class="p">,</span> <span class="s">"value"</span><span class="o">:</span> <span class="n">details</span><span class="p">,</span> <span class="s">"short"</span><span class="o">:</span> <span class="no">false</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="k">return</span> <span class="n">j</span><span class="o">.</span><span class="n">sendToSlack</span><span class="p">(</span><span class="n">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">getStatusColor</span><span class="p">(</span><span class="n">status</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">strings</span><span class="o">.</span><span class="n">ToLower</span><span class="p">(</span><span class="n">status</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="s">"success"</span><span class="o">:</span> <span class="k">return</span> <span class="s">"good"</span> <span class="k">case</span> <span class="s">"failure"</span><span class="o">:</span> <span class="k">return</span> <span class="s">"danger"</span> <span class="k">default</span><span class="o">:</span> <span class="k">return</span> <span class="s">"warning"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> 🔧 Troubleshooting Guide </h2> <h3> Common Debugging Commands </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check Lambda logs</span> aws logs <span class="nb">tail</span> /aws/lambda/jenkins-slack-demo-jenkins-trigger <span class="nt">--follow</span> <span class="c"># Test API Gateway directly</span> curl <span class="nt">-X</span> POST https://your-api-gateway-url/prod/trigger <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/x-www-form-urlencoded"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s2">"text=dev smoke&amp;user_name=testuser&amp;channel_name=general"</span> <span class="c"># Check Jenkins connectivity from Lambda subnet</span> aws ec2 describe-instances <span class="nt">--filters</span> <span class="s2">"Name=tag:Name,Values=jenkins-slack-demo-*"</span> <span class="c"># Verify SSM parameters</span> aws ssm get-parameter <span class="nt">--name</span> <span class="s2">"/jenkins-slack-demo/jenkins_url"</span> <span class="nt">--region</span> us-east-1 aws ssm get-parameter <span class="nt">--name</span> <span class="s2">"/jenkins-slack-demo/jenkins_credentials"</span> <span class="nt">--with-decryption</span> <span class="nt">--region</span> us-east-1 <span class="c"># Test Jenkins API directly</span> curl <span class="nt">-u</span> admin:your-secure-password http://localhost:8080/api/json </code></pre> </div> <h3> Performance Optimization </h3> <h4> 1. Connection Pooling </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">httpClient</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="n">transport</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Transport</span><span class="p">{</span> <span class="n">MaxIdleConns</span><span class="o">:</span> <span class="m">100</span><span class="p">,</span> <span class="n">MaxIdleConnsPerHost</span><span class="o">:</span> <span class="m">100</span><span class="p">,</span> <span class="n">IdleConnTimeout</span><span class="o">:</span> <span class="m">90</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="p">}</span> <span class="n">httpClient</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span><span class="p">{</span> <span class="n">Transport</span><span class="o">:</span> <span class="n">transport</span><span class="p">,</span> <span class="n">Timeout</span><span class="o">:</span> <span class="m">30</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> 2. SSM Parameter Caching </h4> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">ParameterCache</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">cache</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="n">mutex</span> <span class="n">sync</span><span class="o">.</span><span class="n">RWMutex</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">ParameterCache</span><span class="p">)</span> <span class="n">GetParameter</span><span class="p">(</span><span class="n">name</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">mutex</span><span class="o">.</span><span class="n">RLock</span><span class="p">()</span> <span class="k">if</span> <span class="n">value</span><span class="p">,</span> <span class="n">exists</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">cache</span><span class="p">[</span><span class="n">name</span><span class="p">];</span> <span class="n">exists</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">mutex</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span> <span class="k">return</span> <span class="n">value</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="n">c</span><span class="o">.</span><span class="n">mutex</span><span class="o">.</span><span class="n">RUnlock</span><span class="p">()</span> <span class="c">// Fetch from SSM and cache</span> <span class="n">c</span><span class="o">.</span><span class="n">mutex</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">c</span><span class="o">.</span><span class="n">mutex</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="c">// SSM fetch logic here</span> <span class="c">// ...</span> <span class="n">c</span><span class="o">.</span><span class="n">cache</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="n">value</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h2> 🎯 Key Lessons Learned </h2> <h3> What Worked Well </h3> <ol> <li> <strong>Infrastructure as Code</strong>: Terraform made the setup reproducible and version-controlled</li> <li> <strong>Private Jenkins</strong>: Keeping Jenkins in private subnets provided excellent security</li> <li> <strong>SSM Parameter Store</strong>: Centralized secret management eliminated hardcoded credentials</li> <li> <strong>Go Lambda Functions</strong>: Fast, efficient, and easy to debug</li> </ol> <h3> What Didn't Work Initially </h3> <ol> <li> <strong>Jenkins Initial Setup</strong>: Manual setup wizard was unreliable for automation</li> <li> <strong>CSRF Tokens</strong>: Added unnecessary complexity for API-only access</li> <li> <strong>Slack App Installation</strong>: Required careful attention to permissions and URLs</li> <li> <strong>Lambda VPC Configuration</strong>: ENI management required proper cleanup</li> </ol> <h3> Best Practices Discovered </h3> <ol> <li> <strong>Automate Everything</strong>: Use scripts for Jenkins setup, not manual configuration</li> <li> <strong>Test Each Layer</strong>: Verify infrastructure, Lambda, Jenkins, and Slack separately</li> <li> <strong>Document Everything</strong>: Keep detailed notes of fixes and workarounds</li> <li> <strong>Monitor Early</strong>: Set up CloudWatch alarms from day one</li> </ol> <h2> 🚀 Production Deployment Checklist </h2> <p>Before going live, ensure you have:</p> <ul> <li>[ ] <strong>Security Review</strong>: All secrets in SSM, no hardcoded credentials</li> <li>[ ] <strong>Monitoring</strong>: CloudWatch alarms for errors and performance</li> <li>[ ] <strong>Backup Strategy</strong>: Jenkins configuration and job definitions</li> <li>[ ] <strong>Disaster Recovery</strong>: Terraform state in S3 with DynamoDB locking</li> <li>[ ] <strong>Access Control</strong>: Proper IAM roles with least privilege</li> <li>[ ] <strong>Network Security</strong>: Security groups reviewed and tightened</li> <li>[ ] <strong>Documentation</strong>: Runbooks for common operations</li> <li>[ ] <strong>Testing</strong>: End-to-end tests for all critical paths</li> </ul> <h2> 📊 Performance Metrics </h2> <p>After implementing all optimizations:</p> <ul> <li> <strong>Lambda Execution</strong>: ~2-3 seconds (down from 5-8 seconds)</li> <li> <strong>Jenkins Job Trigger</strong>: ~1-2 seconds</li> <li> <strong>End-to-End Response</strong>: ~5 seconds (down from 10-15 seconds)</li> <li> <strong>Error Rate</strong>: &lt;1% (down from 15-20%)</li> <li> <strong>Infrastructure Deployment</strong>: ~8 minutes (consistent)</li> </ul> <h2> 🎉 Conclusion </h2> <p>Building a production-ready Jenkins-Slack integration is more than just connecting the dots. The real value comes from understanding the challenges, implementing robust solutions, and continuously improving the system.</p> <p>Key takeaways from this journey:</p> <p>✅ <strong>Automation is Critical</strong>: Manual setup processes are error-prone and don't scale<br><br> ✅ <strong>Security by Design</strong>: Private subnets, SSM parameters, and least privilege IAM<br><br> ✅ <strong>Monitoring Matters</strong>: You can't fix what you can't see<br><br> ✅ <strong>Documentation Saves Time</strong>: Detailed troubleshooting guides prevent future headaches<br><br> ✅ <strong>Iterative Improvement</strong>: Start simple, then add complexity as needed</p> <h2> 🔗 Resources and Next Steps </h2> <ul> <li> <strong>Repository</strong>: <a href="https://github.com/kasukur/jenkins-slack-aws-integration" rel="noopener noreferrer">jenkins-slack-aws-integration</a> </li> <li> <strong>Part 1</strong>: <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-1-complete-setup-guide-lgd">Complete Setup Guide</a> </li> <li> <strong>AWS Documentation</strong>: <a href="https://docs.aws.amazon.com/lambda/latest/dg/configuration-vpc.html" rel="noopener noreferrer">Lambda in VPC</a> </li> <li> <strong>Jenkins Documentation</strong>: <a href="https://www.jenkins.io/doc/book/using/remote-access-api/" rel="noopener noreferrer">REST API</a> </li> <li> <strong>Slack API</strong>: <a href="https://api.slack.com/interactivity/slash-commands" rel="noopener noreferrer">Slash Commands</a> </li> </ul> <h2> 🤝 Community Contributions </h2> <p>This project is open source and welcomes contributions! Areas for improvement:</p> <ul> <li> <strong>Additional CI/CD Tools</strong>: Support for GitLab, GitHub Actions, or Azure DevOps</li> <li> <strong>Enhanced Monitoring</strong>: Prometheus metrics, Grafana dashboards</li> <li> <strong>Multi-Environment</strong>: Support for multiple Jenkins instances</li> <li> <strong>Advanced Features</strong>: Job scheduling, parameter validation, approval workflows</li> </ul> <p><em>Ready to build something amazing? Start with <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-1-complete-setup-guide-lgd">Part 1</a> if you haven't already, then implement these production enhancements. Have questions or want to share your own solutions? Drop a comment below!</em></p> <p><em>Remember: The best DevOps solutions are built through iteration, collaboration, and learning from real-world challenges. Happy building! 🚀</em></p> <p>Cover image by <a href="https://unsplash.com/@dlxmedia" rel="noopener noreferrer">@dlxmedia.hu</a> from <a href="https://unsplash.com/" rel="noopener noreferrer">unsplash</a></p> aws terraform slack serverless Sri Tue, 14 Oct 2025 11:08:20 +0000 https://forem.com/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-1-complete-setup-guide-lgd https://forem.com/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-1-complete-setup-guide-lgd <h1> Building Secure Jenkins-Slack Integration with AWS Lambda - Part 1: Complete Setup Guide </h1> <p>Ever wished you could trigger your CI/CD pipelines directly from Slack without exposing Jenkins to the public internet? In this comprehensive two-part series, we'll build a production-ready solution that lets your team trigger Jenkins jobs using Slack slash commands while maintaining enterprise-grade security.</p> <p>This is <strong>Part 1</strong> of our series, focusing on architecture design, infrastructure setup, and initial implementation. <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-2-troubleshooting-real-world-429d">Part 2</a> will dive deep into troubleshooting real-world issues and production enhancements.</p> <h2> What We'll Build </h2> <p>This solution enables teams to trigger Jenkins CI/CD pipelines from Slack using a secure, serverless architecture. The key innovation is keeping Jenkins completely private while providing a public API endpoint through AWS Lambda and API Gateway.</p> <h3> Tech Stack Overview </h3> <ul> <li> <strong>Infrastructure</strong>: Terraform (IaC), AWS VPC, EC2, Lambda, API Gateway, ALB, NAT Gateway</li> <li> <strong>Backend</strong>: Go 1.20 (Lambda functions), Jenkins (CI/CD orchestration)</li> <li> <strong>Storage/Secrets</strong>: AWS SSM Parameter Store</li> <li> <strong>Integration</strong>: Slack API (Slash Commands, Webhooks)</li> <li> <strong>Monitoring</strong>: CloudWatch Logs</li> <li> <strong>OS</strong>: Amazon Linux 2</li> </ul> <h2> Architecture Deep Dive </h2> <p>Let's start with the complete architecture flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────────────────────────────────────────────────────┐ │ Architecture Flow │ └─────────────────────────────────────────────────────────────────┘ 👥 Slack User 🌐 API Gateway /run_test environment=staging ──→ /prod/trigger │ ▼ ⚡ AWS Lambda jenkins-trigger │ ┌───────────────────┼───────────────────┐ │ │ │ ▼ ▼ ▼ 🔐 AWS SSM Parameter 🔧 Jenkins (Private EC2) 🛡️ Bastion Host Store CI/CD Orchestration SSH Access Gateway Jenkins URL &amp; ◄─────────────────────────┘ Credentials │ │ │ └───────────────┼───────────────────────────┐ │ │ ▼ ▼ ⚖️ Internal ALB Job Status Load Balancer Notifications │ │ └───────────────────────────┘ │ ▼ 👥 Slack User (Status Updates) Legend: 🟠 AWS Services (API Gateway, Lambda, SSM, ALB, Bastion) 🟣 Slack Integration 🔴 Jenkins (Private EC2) </code></pre> </div> <h3> Key Components Explained </h3> <p><strong>🔒 VPC with Public/Private Subnets</strong>: Jenkins runs in a private subnet with no internet access, while the bastion host provides secure SSH access from the public subnet.</p> <p><strong>⚡ Lambda Function in VPC</strong>: The Lambda function runs in the private subnet to communicate with Jenkins while being invoked by API Gateway from the internet.</p> <p><strong>🌐 API Gateway</strong>: Provides a public HTTPS endpoint that Slack can reach, while the Lambda function handles the secure communication with Jenkins.</p> <p><strong>🔐 SSM Parameter Store</strong>: Stores Jenkins credentials and configuration securely, eliminating the need for hardcoded secrets.</p> <p><strong>🛡️ Bastion Host</strong>: Provides secure SSH access to Jenkins for administrative tasks without exposing Jenkins directly.</p> <p><strong>⚖️ Internal Load Balancer</strong>: Distributes traffic to Jenkins instances and provides health checks.</p> <h3> Security Benefits </h3> <ul> <li> <strong>Zero Public Exposure</strong>: Jenkins never faces the internet</li> <li> <strong>Encrypted Secrets</strong>: All credentials stored in SSM with encryption</li> <li> <strong>Network Isolation</strong>: Private subnets with controlled access</li> <li> <strong>Least Privilege</strong>: IAM roles with minimal required permissions</li> </ul> <h2> Prerequisites </h2> <p>Before we start, ensure you have:</p> <ul> <li>AWS account with appropriate permissions (EC2, Lambda, API Gateway, SSM, VPC)</li> <li>Terraform &gt;= 1.0.0 installed</li> <li>AWS CLI configured with credentials</li> <li>Go 1.20+ installed (for Lambda function builds)</li> <li>Slack workspace with admin privileges</li> <li>SSH key pair for EC2 access</li> <li>Basic understanding of Jenkins, Lambda, and Terraform</li> </ul> <h3> Step 0: Initial Setup </h3> <h4> Configure AWS CLI </h4> <p>First, configure your AWS CLI with proper credentials:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Configure AWS CLI</span> aws configure <span class="c"># Enter your AWS Access Key ID, Secret Access Key, region (us-east-1), and output format (json)</span> <span class="c"># Verify configuration</span> aws sts get-caller-identity </code></pre> </div> <h4> Create SSH Key Pair </h4> <p>Create an EC2 key pair for SSH access:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Option 1: Create via AWS CLI</span> aws ec2 create-key-pair <span class="nt">--key-name</span> jenkins-slack-key <span class="nt">--query</span> <span class="s1">'KeyMaterial'</span> <span class="nt">--output</span> text <span class="o">&gt;</span> jenkins-slack-key.pem <span class="nb">chmod </span>400 jenkins-slack-key.pem <span class="c"># Option 2: Create via AWS Console</span> <span class="c"># Go to EC2 → Key Pairs → Create Key Pair → Name: jenkins-slack-key → Download .pem file</span> </code></pre> </div> <h2> Step-by-Step Implementation </h2> <h3> Step 1: Clone and Setup </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/kasukur/jenkins-slack-aws-integration <span class="nb">cd </span>jenkins-slack-aws-integration </code></pre> </div> <h3> Step 2: Build Lambda Functions </h3> <p>Build the Lambda function binaries:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Navigate to Lambda function directories</span> <span class="nb">cd </span>lambda/jenkins_trigger go mod tidy <span class="nv">GOOS</span><span class="o">=</span>linux <span class="nv">GOARCH</span><span class="o">=</span>amd64 go build <span class="nt">-o</span> bootstrap main.go zip jenkins_trigger.zip bootstrap <span class="nb">cd</span> ../slack_verification go mod tidy <span class="nv">GOOS</span><span class="o">=</span>linux <span class="nv">GOARCH</span><span class="o">=</span>amd64 go build <span class="nt">-o</span> bootstrap main.go zip slack_verification.zip bootstrap <span class="c"># Copy zips to terraform directory</span> <span class="nb">cp </span>jenkins_trigger.zip ../../terraform/ <span class="nb">cp </span>slack_verification.zip ../../terraform/ </code></pre> </div> <p>The repository structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>├── terraform/ # Infrastructure as Code │ ├── main.tf # Provider and key pair │ ├── vpc.tf # VPC, subnets, security groups │ ├── jenkins.tf # Jenkins EC2 and ALB │ ├── lambda.tf # Lambda functions │ ├── api_gateway.tf # API Gateway configuration │ ├── iam.tf # IAM roles and policies │ └── variables.tf # Variable definitions ├── lambda/ # Lambda function source code │ ├── jenkins_trigger/ # Main Lambda function │ └── slack_verification/ # Slack signature verification └── jenkins/ # Jenkins pipeline definitions └── Jenkinsfile # Test pipeline configuration </code></pre> </div> <h3> Step 3: Configure Slack App </h3> <h4> Create Slack App </h4> <ol> <li> <strong>Go to Slack API</strong>: <a href="https://api.slack.com/apps" rel="noopener noreferrer">https://api.slack.com/apps</a> </li> <li> <strong>Click "Create New App"</strong> → "From scratch"</li> <li> <strong>App Name</strong>: <code>Jenkins CI/CD Integration</code> </li> <li> <strong>Workspace</strong>: Select your workspace</li> <li><strong>Click "Create App"</strong></li> </ol> <h4> Configure Slash Command </h4> <ol> <li> <strong>In your app settings</strong>, go to <strong>"Slash Commands"</strong> </li> <li><strong>Click "Create New Command"</strong></li> <li> <strong>Fill in the details</strong>: <ul> <li> <strong>Command</strong>: <code>/run_test</code> </li> <li> <strong>Request URL</strong>: <code>https://your-api-gateway-url/prod/trigger</code> (we'll get this after deployment)</li> <li> <strong>Short Description</strong>: <code>Trigger Jenkins test pipeline</code> </li> <li> <strong>Usage Hint</strong>: <code>[environment] [test_suite]</code> </li> </ul> </li> <li><strong>Click "Save"</strong></li> </ol> <h4> Enable Incoming Webhooks </h4> <ol> <li> <strong>Go to "Incoming Webhooks"</strong> in your app settings</li> <li> <strong>Toggle "Activate Incoming Webhooks"</strong> to On</li> <li><strong>Click "Add New Webhook to Workspace"</strong></li> <li> <strong>Select a channel</strong> (e.g., #devops)</li> <li><strong>Click "Allow"</strong></li> <li> <strong>Copy the webhook URL</strong> (starts with <code>https://hooks.slack.com/services/</code>)</li> </ol> <h4> Get App Credentials </h4> <ol> <li> <strong>Go to "Basic Information"</strong> in your app settings</li> <li> <strong>In "App Credentials" section</strong>, copy: <ul> <li> <strong>App-Level Token</strong> (starts with <code>xapp-</code>)</li> <li> <strong>Signing Secret</strong> (long random string)</li> </ul> </li> </ol> <h4> Install App to Workspace </h4> <ol> <li> <strong>Go to "Install App"</strong> in your app settings</li> <li><strong>Click "Install to Workspace"</strong></li> <li> <strong>Review permissions</strong> and click "Allow"</li> <li> <strong>Copy the Bot User OAuth Token</strong> (starts with <code>xoxb-</code>)</li> </ol> <p><strong>Save these values for the Terraform configuration</strong>:</p> <ul> <li>App-Level Token (xapp-...)</li> <li>Signing Secret</li> <li>Webhook URL</li> <li>Bot User OAuth Token (xoxb-...)</li> </ul> <h3> Step 4: Prepare Terraform Variables </h3> <p>Copy the example configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp </span>terraform/terraform.tfvars.example terraform/terraform.tfvars </code></pre> </div> <p>Edit <code>terraform/terraform.tfvars</code> with your values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1"># Basic Configuration</span> <span class="nx">aws_region</span> <span class="err">=</span> <span class="s2">"us-east-1"</span> <span class="nx">project_name</span> <span class="err">=</span> <span class="s2">"jenkins-slack-demo"</span> <span class="c1"># Network Configuration</span> <span class="nx">vpc_cidr</span> <span class="err">=</span> <span class="s2">"10.0.0.0/16"</span> <span class="nx">public_subnet_cidrs</span> <span class="err">=</span> <span class="p">[</span><span class="s2">"10.0.1.0/24"</span><span class="p">,</span> <span class="s2">"10.0.2.0/24"</span><span class="p">]</span> <span class="nx">private_subnet_cidrs</span> <span class="err">=</span> <span class="p">[</span><span class="s2">"10.0.101.0/24"</span><span class="p">,</span> <span class="s2">"10.0.102.0/24"</span><span class="p">]</span> <span class="c1"># SSH Access</span> <span class="nx">key_name</span> <span class="err">=</span> <span class="s2">"your-key-pair-name"</span> <span class="nx">public_key</span> <span class="err">=</span> <span class="s2">"ssh-rsa AAAAB3NzaC1yc2E... your-email@example.com"</span> <span class="c1"># Jenkins Configuration</span> <span class="nx">jenkins_admin_username</span> <span class="err">=</span> <span class="s2">"admin"</span> <span class="nx">jenkins_admin_password</span> <span class="err">=</span> <span class="s2">"your-secure-password"</span> <span class="c1"># Slack Configuration</span> <span class="nx">slack_app_token</span> <span class="err">=</span> <span class="s2">"xapp-your-app-token"</span> <span class="nx">slack_signing_secret</span> <span class="err">=</span> <span class="s2">"your-signing-secret"</span> <span class="nx">slack_webhook_url</span> <span class="err">=</span> <span class="s2">"https://hooks.slack.com/services/your/webhook/url"</span> <span class="nx">slack_bot_token</span> <span class="err">=</span> <span class="s2">"xoxb-your-bot-token"</span> <span class="nx">slack_channel</span> <span class="err">=</span> <span class="s2">"#devops"</span> </code></pre> </div> <h3> Step 5: Deploy Infrastructure </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd </span>terraform <span class="c"># Initialize Terraform</span> terraform init <span class="c"># Review the plan (should show ~25 resources)</span> terraform plan <span class="c"># Deploy the infrastructure</span> terraform apply </code></pre> </div> <p><strong>Important</strong>: Save the outputs displayed after successful deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>api_gateway_url = "https://&lt;your-api-gateway-id&gt;.execute-api.&lt;region&gt;.amazonaws.com/prod/trigger" bastion_public_ip = "&lt;bastion-public-ip&gt;" jenkins_url = "http://&lt;internal-alb-url&gt;" </code></pre> </div> <h3> Step 6: Update Slack Configuration </h3> <ol> <li>Go back to your Slack app settings</li> <li>Update the slash command Request URL with the API Gateway URL from Step 5</li> <li>Save the changes</li> </ol> <h3> Step 7: Configure Jenkins </h3> <h4> Access Jenkins </h4> <p>Set up SSH tunnel through the bastion host:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># SSH to bastion host with port forwarding</span> ssh <span class="nt">-i</span> your-key.pem <span class="nt">-L</span> 8080:&lt;jenkins_private_ip&gt;:8080 ec2-user@&lt;bastion_public_ip&gt; <span class="nt">-N</span> <span class="c"># In another terminal, access Jenkins via localhost</span> <span class="c"># Open browser: http://localhost:8080</span> </code></pre> </div> <h4> Initial Jenkins Setup </h4> <p><strong>Wait for Jenkins initialization</strong> (5-10 minutes), then:</p> <ol> <li> <strong>Get the initial admin password</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># SSH to Jenkins instance</span> ssh <span class="nt">-i</span> your-key.pem ec2-user@&lt;bastion_public_ip&gt; ssh ec2-user@&lt;jenkins_private_ip&gt; <span class="c"># Get initial password</span> <span class="nb">sudo cat</span> /var/lib/jenkins/secrets/initialAdminPassword </code></pre> </div> <ol> <li> <strong>Access Jenkins</strong> at <a href="http://localhost:8080" rel="noopener noreferrer">http://localhost:8080</a> </li> <li><strong>Enter the initial admin password</strong></li> <li><strong>Install suggested plugins</strong></li> <li> <strong>Create admin user</strong>: <ul> <li>Username: <code>admin</code> </li> <li>Password: <code>&lt;your-secure-password&gt;</code> (use a strong password)</li> <li>Full name: <code>Administrator</code> </li> <li>Email: <code>admin@yourcompany.com</code> </li> </ul> </li> </ol> <h4> Install Slack Plugin </h4> <ol> <li> <strong>Go to</strong>: Manage Jenkins → Manage Plugins → Available</li> <li> <strong>Search for</strong>: "Slack Notification"</li> <li> <strong>Check the box</strong> and click <strong>"Install without restart"</strong> </li> <li> <strong>Wait for installation</strong> to complete</li> <li> <strong>Go to</strong>: Manage Jenkins → Configure System</li> <li> <strong>Find "Slack" section</strong>: <ul> <li> <strong>Workspace</strong>: Your workspace name</li> <li> <strong>Default Channel</strong>: #devops (or your preferred channel)</li> <li> <strong>Integration Token</strong>: Paste your Bot User OAuth Token (xoxb-...)</li> </ul> </li> <li> <strong>Click "Test Connection"</strong> - should show "Success"</li> <li><strong>Click "Save"</strong></li> </ol> <h4> Create Pipeline Job </h4> <ol> <li><strong>Click "New Item"</strong></li> <li> <strong>Enter item name</strong>: <code>run_test</code> </li> <li> <strong>Select "Pipeline"</strong> and click <strong>"OK"</strong> </li> <li> <strong>In Pipeline section</strong>, select <strong>"Pipeline script"</strong> </li> <li> <strong>Copy the content</strong> from <code>jenkins/Jenkinsfile</code> into the script area</li> <li><strong>Click "Save"</strong></li> </ol> <h3> Step 8: Update SSM Parameters </h3> <p>Verify the Jenkins URL in SSM Parameter Store:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ssm get-parameter <span class="nt">--name</span> <span class="s2">"/jenkins-slack-demo/jenkins_url"</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <p>If needed, update it with the correct internal ALB URL:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ssm put-parameter <span class="se">\</span> <span class="nt">--name</span> <span class="s2">"/jenkins-slack-demo/jenkins_url"</span> <span class="se">\</span> <span class="nt">--value</span> <span class="s2">"http://&lt;internal-alb-url&gt;"</span> <span class="se">\</span> <span class="nt">--overwrite</span> <span class="se">\</span> <span class="nt">--region</span> us-east-1 </code></pre> </div> <h2> Verification and Testing </h2> <h3> Test 1: Verify Infrastructure </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check EC2 instances</span> aws ec2 describe-instances <span class="nt">--filters</span> <span class="s2">"Name=tag:Name,Values=jenkins-slack-demo-*"</span> <span class="nt">--region</span> us-east-1 <span class="c"># Check Lambda functions</span> aws lambda list-functions <span class="nt">--region</span> us-east-1 <span class="c"># Check API Gateway</span> curl <span class="nt">-X</span> POST https://your-api-gateway-url/prod/trigger </code></pre> </div> <h3> Test 2: Verify Lambda Function </h3> <p>Test the Lambda function directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Test Lambda function</span> aws lambda invoke <span class="se">\</span> <span class="nt">--function-name</span> jenkins-slack-demo-jenkins-trigger <span class="se">\</span> <span class="nt">--payload</span> <span class="s1">'{}'</span> <span class="se">\</span> /tmp/lambda-response.json <span class="o">&amp;&amp;</span> <span class="nb">cat</span> /tmp/lambda-response.json </code></pre> </div> <h3> Test 3: Verify Jenkins Connectivity </h3> <p>Test Jenkins accessibility from Lambda:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># SSH to Jenkins and verify it's running</span> ssh <span class="nt">-i</span> your-key.pem ec2-user@&lt;bastion_public_ip&gt; ssh ec2-user@&lt;jenkins_private_ip&gt; <span class="c"># Check Jenkins status</span> <span class="nb">sudo </span>systemctl status jenkins curl <span class="nt">-u</span> admin:&lt;your-secure-password&gt; http://localhost:8080/api/json </code></pre> </div> <h3> Test 4: Test Slack Command </h3> <p>In any Slack channel where your app is installed, type:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/run_test </code></pre> </div> <p><strong>Expected behavior</strong>:</p> <ul> <li>Immediate response in Slack: "Job triggered successfully!"</li> <li>Jenkins job appears in the dashboard</li> <li>Job runs with default parameters (ENVIRONMENT=dev, TEST_SUITE=smoke)</li> </ul> <h3> Test 5: Verify Jenkins Job Execution </h3> <ol> <li> <strong>Check Jenkins dashboard</strong> for the <code>run_test</code> job</li> <li> <strong>Verify job parameters</strong> (ENVIRONMENT=dev, TEST_SUITE=smoke)</li> <li> <strong>Check job logs</strong> for successful execution</li> <li> <strong>Confirm Slack receives</strong> success/failure notifications</li> </ol> <h3> Test 6: End-to-End Test with Parameters </h3> <p>Test with custom parameters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/run_test environment=staging test_suite=regression </code></pre> </div> <p><strong>Monitor the complete flow</strong>:</p> <ol> <li> <strong>Slack</strong> → API Gateway → Lambda</li> <li> <strong>Lambda</strong> → Jenkins (job trigger with parameters)</li> <li> <strong>Jenkins</strong> → Slack (status notification)</li> </ol> <h2> Key Code Components </h2> <h3> Lambda Function (Go) </h3> <p>The Lambda function handles the core integration logic:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">handler</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">request</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyRequest</span><span class="p">)</span> <span class="p">(</span><span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Get Jenkins URL and credentials from SSM</span> <span class="n">jenkinsURL</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">getSSMParameter</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">jenkinsURLParam</span><span class="p">,</span> <span class="no">false</span><span class="p">)</span> <span class="n">credsJSON</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">getSSMParameter</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">jenkinsCredsParam</span><span class="p">,</span> <span class="no">true</span><span class="p">)</span> <span class="c">// Get CSRF crumb for Jenkins security</span> <span class="n">crumbField</span><span class="p">,</span> <span class="n">crumb</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">getJenkinsCrumb</span><span class="p">(</span><span class="n">client</span><span class="p">,</span> <span class="n">jenkinsURL</span><span class="p">,</span> <span class="n">creds</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">creds</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="c">// Trigger Jenkins job</span> <span class="n">jobURL</span> <span class="o">:=</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s/job/run_test/buildWithParameters"</span><span class="p">,</span> <span class="n">jenkinsURL</span><span class="p">)</span> <span class="n">data</span> <span class="o">:=</span> <span class="n">url</span><span class="o">.</span><span class="n">Values</span><span class="p">{}</span> <span class="n">data</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"ENVIRONMENT"</span><span class="p">,</span> <span class="s">"dev"</span><span class="p">)</span> <span class="n">data</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"TEST_SUITE"</span><span class="p">,</span> <span class="s">"smoke"</span><span class="p">)</span> <span class="c">// Make authenticated request with crumb</span> <span class="n">req</span><span class="o">.</span><span class="n">Header</span><span class="o">.</span><span class="n">Set</span><span class="p">(</span><span class="s">"Jenkins-Crumb"</span><span class="p">,</span> <span class="n">crumb</span><span class="p">)</span> <span class="n">req</span><span class="o">.</span><span class="n">SetBasicAuth</span><span class="p">(</span><span class="n">creds</span><span class="o">.</span><span class="n">Username</span><span class="p">,</span> <span class="n">creds</span><span class="o">.</span><span class="n">Password</span><span class="p">)</span> <span class="k">return</span> <span class="n">events</span><span class="o">.</span><span class="n">APIGatewayProxyResponse</span><span class="p">{</span> <span class="n">StatusCode</span><span class="o">:</span> <span class="m">200</span><span class="p">,</span> <span class="n">Body</span><span class="o">:</span> <span class="s">`{"message": "Job triggered! Status: 201"}`</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <h3> Jenkins Pipeline </h3> <p>The Jenkinsfile defines the test pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">parameters</span> <span class="o">{</span> <span class="n">string</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'ENVIRONMENT'</span><span class="o">,</span> <span class="nl">defaultValue:</span> <span class="s1">'dev'</span><span class="o">,</span> <span class="nl">description:</span> <span class="s1">'Environment to run tests against'</span><span class="o">)</span> <span class="n">string</span><span class="o">(</span><span class="nl">name:</span> <span class="s1">'TEST_SUITE'</span><span class="o">,</span> <span class="nl">defaultValue:</span> <span class="s1">'smoke'</span><span class="o">,</span> <span class="nl">description:</span> <span class="s1">'Test suite to run'</span><span class="o">)</span> <span class="o">}</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Prepare'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">echo</span> <span class="s2">"Preparing to run tests in ${params.ENVIRONMENT} environment"</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">color:</span> <span class="s1">'#FFFF00'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"STARTED: Job '${env.JOB_NAME} [${env.BUILD_NUMBER}]'"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'Run Tests'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">echo</span> <span class="s2">"Running ${params.TEST_SUITE} tests against ${params.ENVIRONMENT}"</span> <span class="c1">// Your actual test commands here</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="n">post</span> <span class="o">{</span> <span class="n">success</span> <span class="o">{</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">color:</span> <span class="s1">'#00FF00'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"SUCCESS: Job completed successfully"</span><span class="o">)</span> <span class="o">}</span> <span class="n">failure</span> <span class="o">{</span> <span class="n">slackSend</span><span class="o">(</span><span class="nl">color:</span> <span class="s1">'#FF0000'</span><span class="o">,</span> <span class="nl">message:</span> <span class="s2">"FAILED: Job failed"</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <h2> What's Next? </h2> <p>Congratulations! You've successfully built the foundation of a secure Jenkins-Slack integration. At this point, you should have:</p> <p>✅ <strong>Working Infrastructure</strong>: VPC, Jenkins, Lambda, API Gateway<br><br> ✅ <strong>Basic Integration</strong>: Slack can trigger Jenkins jobs<br><br> ✅ <strong>Security</strong>: Private Jenkins with secure access patterns<br><br> ✅ <strong>Monitoring</strong>: CloudWatch logs for observability</p> <h2> Coming Up in Part 2 </h2> <p>In <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-2-troubleshooting-real-world-429d">Part 2 of this series</a>, we'll dive deep into:</p> <p>🔧 <strong>Real-World Troubleshooting</strong>: Common issues you'll encounter and battle-tested solutions<br><br> 🛠️ <strong>Production Enhancements</strong>: Security improvements, monitoring, and scaling considerations<br><br> 🚨 <strong>Critical Fixes</strong>: Jenkins authentication issues, CSRF token problems, and Slack integration challenges<br><br> 📊 <strong>Advanced Features</strong>: Parameter parsing, job status callbacks, and multi-environment support</p> <h2> Key Takeaways </h2> <p>This architecture demonstrates several important DevOps and AWS best practices:</p> <p>✅ <strong>Security First</strong>: Jenkins is never exposed to the internet, following zero-trust principles</p> <p>✅ <strong>Infrastructure as Code</strong>: Everything is defined in Terraform, making it reproducible and version-controlled</p> <p>✅ <strong>Serverless Integration</strong>: Lambda provides cost-effective, scalable integration without managing servers</p> <p>✅ <strong>Secret Management</strong>: SSM Parameter Store eliminates hardcoded credentials</p> <p>✅ <strong>Network Isolation</strong>: VPC with public/private subnets provides proper network segmentation</p> <p>✅ <strong>Observability</strong>: CloudWatch logs provide visibility into system behavior</p> <p><em>Ready to tackle the real-world challenges? Check out <a href="https://dev.to/aws-builders/building-secure-jenkins-slack-integration-with-aws-lambda-part-2-troubleshooting-real-world-429d">Part 2</a> where we'll solve the tricky issues that make or break production deployments!</em></p> <p><em>Have questions or suggestions for improvements? Feel free to reach out or contribute to the project repository!</em></p> <p>Cover image by <a href="https://unsplash.com/@dlxmedia" rel="noopener noreferrer">@dlxmedia.hu</a> from <a href="https://unsplash.com/" rel="noopener noreferrer">unsplash</a></p> aws terraform slack serverless Sri Sat, 26 Jul 2025 03:16:24 +0000 https://forem.com/aws-builders/setting-up-aws-client-vpn-with-cloudformation-and-aws-cli-1nnf https://forem.com/aws-builders/setting-up-aws-client-vpn-with-cloudformation-and-aws-cli-1nnf <p>After I published my blog on <a href="https://dev.to/kasukur/how-to-setup-an-aws-client-vpn-51f">How to Set Up an AWS Client VPN</a>, someone asked if I could share a CloudFormation template to automate the setup. In response, I’ve put together this follow-up post to walk you through deploying an AWS Client VPN endpoint using CloudFormation and AWS CLI. You’ll learn how to associate the VPN with your VPC, configure access rules, and handle the critical manual step of updating security group rules. I’ve also included a handy shell script to simplify and automate the entire deployment process.</p> <h2> Table of Contents </h2> <ul> <li>What is AWS Client VPN?</li> <li>Prerequisites</li> <li> Step-by-Step Deployment with CloudFormation <ul> <li>1. Generate Client and Server Certificates</li> <li>2. Deploy VPC and EC2 Instance Optional</li> <li>3. Deploy the Client VPN CloudFormation Stack</li> <li>4. Manual Step Update Security Group Rule</li> <li>5. Authorize Clients to Access the Network</li> <li>6. Optional Add Route to Enable Traffic from VPN to VPC</li> </ul> </li> <li> Deploying with AWS CLI Alternate Method <ul> <li>1. Create Client VPN Endpoint</li> <li>2. Associate Client VPN Endpoint with a Subnet</li> <li>3. Authorize Client VPN Ingress</li> <li>4. Revoke Client VPN Ingress Optional</li> </ul> </li> <li>Deployment Script</li> <li>Cleanup</li> <li>Conclusion</li> <li>Referrals</li> </ul> <h2> What is AWS Client VPN? </h2> <p>AWS Client VPN is a managed client-based VPN service that enables you to securely access your AWS resources and on-premises networks from any location. It provides a highly available and scalable solution for remote access, allowing your users to connect to your private networks using a VPN client.</p> <h2> Prerequisites </h2> <p>Before you begin, ensure you have the following:</p> <ul> <li>An AWS account.</li> <li>AWS CLI installed and configured with appropriate permissions.</li> <li>OpenSSL installed for certificate generation (if not using existing certificates).</li> <li>A VPC where you want to deploy the Client VPN endpoint. The provided CloudFormation template assumes a new VPC will be created.</li> </ul> <h2> Step-by-Step Deployment with CloudFormation </h2> <p>AWS CloudFormation allows you to define your AWS infrastructure as code, making it easy to deploy and manage resources.</p> <h3> 1. Generate Client and Server Certificates </h3> <p>AWS Client VPN requires mutual authentication, which means both the server and client need certificates. You can generate these using OpenSSL. The provided <code>generate_certs.sh</code> script in the attached zip file can help you with this, as detailed in the original blog post: <a href="https://dev.to/kasukur/how-to-setup-an-aws-client-vpn-51f">How to Set Up an AWS Client VPN</a>. Make sure to upload these certificates to AWS Certificate Manager (ACM).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Example command to generate certificates (from generate_certs.sh)</span> <span class="c"># This is a simplified example, refer to the actual script for full details.</span> <span class="c"># You will need to import these into ACM.</span> <span class="c"># Generate server certificate and key</span> openssl genrsa <span class="nt">-out</span> server.key 2048 openssl req <span class="nt">-new</span> <span class="nt">-key</span> server.key <span class="nt">-out</span> server.csr openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> server.csr <span class="nt">-signkey</span> server.key <span class="nt">-out</span> server.crt <span class="c"># Generate client certificate and key</span> openssl genrsa <span class="nt">-out</span> client.key 2048 openssl req <span class="nt">-new</span> <span class="nt">-key</span> client.key <span class="nt">-out</span> client.csr openssl x509 <span class="nt">-req</span> <span class="nt">-in</span> client.csr <span class="nt">-signkey</span> client.key <span class="nt">-out</span> client.crt <span class="c"># Import server certificate to ACM</span> aws acm import-certificate <span class="nt">--certificate</span> fileb://server.crt <span class="nt">--private-key</span> fileb://server.key <span class="nt">--certificate-chain</span> fileb://ca.crt <span class="c"># Import client certificate to ACM</span> aws acm import-certificate <span class="nt">--certificate</span> fileb://client.crt <span class="nt">--private-key</span> fileb://client.key <span class="nt">--certificate-chain</span> fileb://ca.crt </code></pre> </div> <p><strong>Important:</strong> Note down the ARNs of the imported server and client certificates. You will need them for the CloudFormation deployment.</p> <h3> 2. Deploy VPC and EC2 Instance (Optional) </h3> <p>If you don't have an existing VPC and an EC2 instance in a private subnet, you can use the <code>vpc-ec2.yaml</code> CloudFormation template (provided in the attached zip file) to set up a basic environment. This template creates a VPC, a private subnet, a route table, a security group, and an EC2 instance within that private subnet.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">VPC, subnet, security group, and EC2 instance for AWS Client VPN demo.</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Name of an existing EC2 KeyPair to enable SSH access</span> <span class="na">LatestAmiId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::SSM::Parameter::Value&lt;AWS::EC2::Image::Id&gt;'</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">SSM parameter for the latest Amazon Linux 2 AMI</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">MyVPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">192.168.0.0/16</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyClientVPNVPC</span> <span class="na">MyPrivateSubnet</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">192.168.1.0/24</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s1">'</span><span class="s">'</span><span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateSubnet</span> <span class="na">MyRouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateRouteTable</span> <span class="na">MySubnetRouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyRouteTable</span> <span class="na">MySecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">Allow SSH from Client VPN</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">SecurityGroupIngress</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateSG</span> <span class="na">MyInstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">MyInstanceRole</span><span class="pi">]</span> <span class="na">MyInstanceRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2012-10-17'</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">ec2.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/'</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="na">MyEC2Instance</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="s">t3.micro</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">KeyName</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">MySecurityGroup</span><span class="pi">]</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyInstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LatestAmiId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateEC2</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">VPC ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private Subnet ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">SecurityGroupId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Security Group ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MySecurityGroup</span> <span class="na">InstanceId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">EC2 Instance ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyEC2Instance</span> </code></pre> </div> <p>To deploy this stack, you can use the AWS CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation deploy <span class="se">\</span> <span class="nt">--stack-name</span> MyVPCAndEC2Stack <span class="se">\</span> <span class="nt">--template-file</span> vpc-ec2.yaml <span class="se">\</span> <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM <span class="se">\</span> <span class="nt">--parameter-overrides</span> <span class="se">\</span> <span class="nv">KeyName</span><span class="o">=</span>YOUR_KEY_PAIR_NAME <span class="se">\</span> <span class="nv">LatestAmiId</span><span class="o">=</span>/aws/service/ami-amazon-linux-2/latest/amzn2-ami-hvm-x86_64-gp2 </code></pre> </div> <p><strong>Note:</strong> Replace <code>YOUR_KEY_PAIR_NAME</code> with your actual key pair name. If you deploy this stack, you will need to retrieve the <code>VpcId</code>, <code>SubnetId</code>, and <code>SecurityGroupId</code> from its outputs to use in the next step.</p> <h3> 3. Deploy the Client VPN CloudFormation Stack </h3> <p>The <code>aws-client-vpn.yaml</code> CloudFormation template (provided in the attached zip file) defines the necessary AWS resources for the Client VPN endpoint. This template assumes you have an existing VPC and subnet, or have deployed them using the previous step. It sets up the Client VPN endpoint itself, and includes a security group for the EC2 instance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">AWSTemplateFormatVersion</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2010-09-09'</span> <span class="na">Description</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">AWS Client VPN and EC2 setup.</span> <span class="s">- VPC: 192.168.0.0/16</span> <span class="s">- Private Subnet: 192.168.1.0/24</span> <span class="s">- EC2 Instance in private subnet</span> <span class="s">- Security group for EC2</span> <span class="s">- Client VPN endpoint (client CIDR: 10.0.0.0/22, does not overlap with VPC)</span> <span class="na">Parameters</span><span class="pi">:</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Name of an existing EC2 KeyPair to enable SSH access</span> <span class="na">ServerCertificateArn</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">ARN of the ACM server certificate for the Client VPN endpoint</span> <span class="na">ClientCertificateArn</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">String</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">ARN of the ACM client certificate for mutual authentication</span> <span class="na">LatestAmiId</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s1">'</span><span class="s">AWS::SSM::Parameter::Value&lt;AWS::EC2::Image::Id&gt;'</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">SSM parameter for the latest Amazon Linux 2 AMI</span> <span class="na">Resources</span><span class="pi">:</span> <span class="na">MyVPC</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::VPC</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">192.168.0.0/16</span> <span class="na">EnableDnsSupport</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">EnableDnsHostnames</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyClientVPNVPC</span> <span class="na">MyPrivateSubnet</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Subnet</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">CidrBlock</span><span class="pi">:</span> <span class="s">192.168.1.0/24</span> <span class="na">MapPublicIpOnLaunch</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">AvailabilityZone</span><span class="pi">:</span> <span class="kt">!Select</span> <span class="pi">[</span><span class="nv">0</span><span class="pi">,</span> <span class="kt">!GetAZs</span> <span class="s1">'</span><span class="s">'</span><span class="pi">]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateSubnet</span> <span class="na">MyRouteTable</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::RouteTable</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateRouteTable</span> <span class="na">MySubnetRouteTableAssociation</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SubnetRouteTableAssociation</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">RouteTableId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyRouteTable</span> <span class="na">MySecurityGroup</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::SecurityGroup</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">GroupDescription</span><span class="pi">:</span> <span class="s">Allow SSH from Client VPN</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">SecurityGroupIngress</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateSG</span> <span class="na">MyInstanceProfile</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::InstanceProfile</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">Roles</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">MyInstanceRole</span><span class="pi">]</span> <span class="na">MyInstanceRole</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::IAM::Role</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AssumeRolePolicyDocument</span><span class="pi">:</span> <span class="na">Version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">2012-10-17'</span> <span class="na">Statement</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Effect</span><span class="pi">:</span> <span class="s">Allow</span> <span class="na">Principal</span><span class="pi">:</span> <span class="na">Service</span><span class="pi">:</span> <span class="s">ec2.amazonaws.com</span> <span class="na">Action</span><span class="pi">:</span> <span class="s">sts:AssumeRole</span> <span class="na">Path</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/'</span> <span class="na">ManagedPolicyArns</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore</span> <span class="na">MyEC2Instance</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::Instance</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">InstanceType</span><span class="pi">:</span> <span class="s">t3.micro</span> <span class="na">KeyName</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">KeyName</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">SecurityGroupIds</span><span class="pi">:</span> <span class="pi">[</span><span class="kt">!Ref</span> <span class="nv">MySecurityGroup</span><span class="pi">]</span> <span class="na">IamInstanceProfile</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyInstanceProfile</span> <span class="na">ImageId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">LatestAmiId</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyPrivateEC2</span> <span class="na">MyClientVPNEndpoint</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::ClientVpnEndpoint</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">AuthenticationOptions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">certificate-authentication</span> <span class="na">MutualAuthentication</span><span class="pi">:</span> <span class="na">ClientRootCertificateChainArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ClientCertificateArn</span> <span class="na">ConnectionLogOptions</span><span class="pi">:</span> <span class="na">Enabled</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">ServerCertificateArn</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">ServerCertificateArn</span> <span class="na">ClientCidrBlock</span><span class="pi">:</span> <span class="s">10.0.0.0/22</span> <span class="na">DnsServers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8.8.8.8</span> <span class="pi">-</span> <span class="s">8.8.4.4</span> <span class="na">SplitTunnel</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">TagSpecifications</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ResourceType</span><span class="pi">:</span> <span class="s">client-vpn-endpoint</span> <span class="na">Tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">Key</span><span class="pi">:</span> <span class="s">Name</span> <span class="na">Value</span><span class="pi">:</span> <span class="s">MyClientVPNEndpoint</span> <span class="na">MyClientVPNAuthorizationRule</span><span class="pi">:</span> <span class="na">Type</span><span class="pi">:</span> <span class="s">AWS::EC2::ClientVpnAuthorizationRule</span> <span class="na">Properties</span><span class="pi">:</span> <span class="na">ClientVpnEndpointId</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyClientVPNEndpoint</span> <span class="na">TargetNetworkCidr</span><span class="pi">:</span> <span class="s">192.168.1.0/24</span> <span class="c1"># Your VPC subnet</span> <span class="na">AuthorizeAllGroups</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Allow access to VPC subnet</span> <span class="na">Outputs</span><span class="pi">:</span> <span class="na">VpcId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">VPC ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyVPC</span> <span class="na">SubnetId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Private Subnet ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyPrivateSubnet</span> <span class="na">SecurityGroupId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Security Group ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MySecurityGroup</span> <span class="na">InstanceId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">EC2 Instance ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyEC2Instance</span> <span class="na">ClientVpnEndpointId</span><span class="pi">:</span> <span class="na">Description</span><span class="pi">:</span> <span class="s">Client VPN Endpoint ID</span> <span class="na">Value</span><span class="pi">:</span> <span class="kt">!Ref</span> <span class="s">MyClientVPNEndpoint</span> </code></pre> </div> <p>To deploy this stack, you can use the AWS CLI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation deploy <span class="se">\</span> <span class="nt">--stack-name</span> MyClientVPNStack <span class="se">\</span> <span class="nt">--template-file</span> aws-client-vpn.yaml <span class="se">\</span> <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM <span class="se">\</span> <span class="nt">--parameter-overrides</span> <span class="se">\</span> <span class="nv">KeyName</span><span class="o">=</span>YOUR_KEY_PAIR_NAME <span class="se">\</span> <span class="nv">ServerCertificateArn</span><span class="o">=</span>YOUR_SERVER_CERT_ARN <span class="se">\</span> <span class="nv">ClientCertificateArn</span><span class="o">=</span>YOUR_CLIENT_CERT_ARN <span class="se">\</span> <span class="nv">LatestAmiId</span><span class="o">=</span>/aws/service/ami-amazon-linux-2/latest/amzn2-ami-hvm-x86_64-gp2 </code></pre> </div> <p><strong>Note:</strong> Replace <code>YOUR_KEY_PAIR_NAME</code>, <code>YOUR_SERVER_CERT_ARN</code>, and <code>YOUR_CLIENT_CERT_ARN</code> with your actual values.</p> <h3> 4. Manual Step: Update Security Group Rule </h3> <p>After the CloudFormation stack is deployed, you need to manually update the security group associated with your EC2 instance to allow ingress from the Client VPN. This step is crucial because the Client VPN endpoint assigns IP addresses from its own CIDR block (e.g., 10.0.0.0/22 in our template), and your EC2 instance's security group needs to explicitly allow traffic from this range.</p> <ol> <li> Navigate to the EC2 console and find the security group created by the CloudFormation stack (e.g., <code>MyPrivateSG</code>).</li> <li> Go to the Inbound Rules tab and click <code>Edit inbound rules</code>.</li> <li> Add a new rule: <ul> <li>Type: All TCP (or specific ports like SSH if preferred)</li> <li>Source: Custom, and enter the Client VPN CIDR block (e.g., <code>10.0.0.0/22</code>).</li> <li>Description: Allow traffic from Client VPN.</li> </ul> </li> <li> Save the rules.</li> </ol> <p>This manual step is necessary because CloudFormation does not inherently know the dynamically assigned Client VPN CIDR block at the time of stack creation, and it's a best practice to explicitly define ingress rules for security groups.</p> <h3> 5. Authorize Clients to Access the Network </h3> <h3> 6. (Optional) Add Route to Enable Traffic from VPN to VPC </h3> <p>To allow VPN clients to route traffic to your VPC, you need to add a route:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 create-client-vpn-route <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> &lt;VPN_ENDPOINT_ID&gt; <span class="se">\</span> <span class="nt">--destination-cidr-block</span> 192.168.1.0/24 <span class="se">\</span> <span class="nt">--target-vpc-subnet-id</span> &lt;SUBNET_ID&gt; <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <p>Replace <code>&lt;VPN_ENDPOINT_ID&gt;</code> and <code>&lt;SUBNET_ID&gt;</code> with your actual values. This is essential for traffic to flow from VPN clients to private resources in the VPC.</p> <p>Even after associating the Client VPN endpoint with a subnet, clients cannot access resources until authorization rules are defined. This rule specifies which network resources clients can access.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 authorize-client-vpn-ingress <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> &lt;VPN_ENDPOINT_ID&gt; <span class="se">\</span> <span class="nt">--target-network-cidr</span> 192.168.1.0/24 <span class="se">\</span> <span class="nt">--authorize-all-groups</span> <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"Allow access to VPC subnet"</span> <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <p>Replace <code>&lt;VPN_ENDPOINT_ID&gt;</code> with the actual ID of your Client VPN endpoint, which you can get from the CloudFormation stack outputs or the AWS console. The <code>target-network-cidr</code> should be the CIDR block of the subnet you want your VPN clients to access (e.g., <code>192.168.1.0/24</code> for the private subnet in our CloudFormation template).</p> <h2> Deploying with AWS CLI (Alternate Method) </h2> <p>For those who prefer a more granular approach or need to integrate into existing scripts, here are the AWS CLI commands to set up an AWS Client VPN. This section assumes you have already generated and imported your server and client certificates into ACM.</p> <h3> 1. Create Client VPN Endpoint </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 create-client-vpn-endpoint <span class="se">\</span> <span class="nt">--client-cidr-block</span> <span class="s2">"10.0.0.0/22"</span> <span class="se">\</span> <span class="nt">--server-certificate-arn</span> <span class="s2">"arn:aws:acm:ap-south-1:123456789012:certificate/your-server-cert-id"</span> <span class="se">\</span> <span class="nt">--authentication-options</span> <span class="nv">Type</span><span class="o">=</span>certificate-authentication,MutualAuthentication<span class="o">={</span><span class="nv">ClientRootCertificateChainArn</span><span class="o">=</span><span class="s2">"arn:aws:acm:ap-south-1:123456789012:certificate/your-client-cert-id"</span><span class="o">}</span> <span class="se">\</span> <span class="nt">--connection-log-options</span> <span class="nv">Enabled</span><span class="o">=</span><span class="nb">false</span> <span class="se">\</span> <span class="nt">--dns-servers</span> <span class="s2">"8.8.8.8"</span> <span class="s2">"8.8.4.4"</span> <span class="se">\</span> <span class="nt">--split-tunnel</span> <span class="se">\</span> <span class="nt">--tag-specifications</span> <span class="s1">'ResourceType=client-vpn-endpoint,Tags=[{Key=Name,Value=MyClientVPNEndpointCLI}]'</span> </code></pre> </div> <p><strong>Note:</strong> Replace the ARN values with your actual certificate ARNs.</p> <h3> 2. Associate Client VPN Endpoint with a Subnet </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 associate-client-vpn-target-network <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> &lt;VPN_ENDPOINT_ID&gt; <span class="se">\</span> <span class="nt">--subnet-id</span> &lt;SUBNET_ID&gt; </code></pre> </div> <p>Replace <code>&lt;VPN_ENDPOINT_ID&gt;</code> and <code>&lt;SUBNET_ID&gt;</code> with your respective IDs.</p> <h3> 3. Authorize Client VPN Ingress </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 authorize-client-vpn-ingress <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> &lt;VPN_ENDPOINT_ID&gt; <span class="se">\</span> <span class="nt">--target-network-cidr</span> 192.168.1.0/24 <span class="se">\</span> <span class="nt">--authorize-all-groups</span> <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"Allow access to VPC subnet"</span> <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <h3> 4. Revoke Client VPN Ingress (Optional) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws ec2 revoke-client-vpn-ingress <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> &lt;VPN_ENDPOINT_ID&gt; <span class="se">\</span> <span class="nt">--target-network-cidr</span> 192.168.1.0/24 <span class="se">\</span> <span class="nt">--revoke-all-groups</span> <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <h2> Deployment Script </h2> <p>To automate the deployment process, you can use a shell script. This script provides options to deploy an optional VPC and EC2 instance, deploy the Client VPN CloudFormation stack, automatically add the necessary security group rules, and includes a cleanup function to tear down the deployed resources. Make sure you have the <code>aws-client-vpn.yaml</code>, <code>vpc-ec2.yaml</code>, and <code>generate_certs.sh</code> files in the same directory as this script.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Variables (customize these)</span> <span class="nv">STACK_NAME</span><span class="o">=</span><span class="s2">"MyClientVPNStack"</span> <span class="nv">KEY_PAIR_NAME</span><span class="o">=</span><span class="s2">"YOUR_KEY_PAIR_NAME"</span> <span class="nv">SERVER_CERT_ARN</span><span class="o">=</span><span class="s2">"YOUR_SERVER_CERT_ARN"</span> <span class="nv">CLIENT_CERT_ARN</span><span class="o">=</span><span class="s2">"YOUR_CLIENT_CERT_ARN"</span> <span class="nv">REGION</span><span class="o">=</span><span class="s2">"ap-south-1"</span> <span class="nv">TARGET_NETWORK_CIDR</span><span class="o">=</span><span class="s2">"192.168.1.0/24"</span> <span class="c"># 1. Deploy CloudFormation Stack</span> <span class="nb">echo</span> <span class="s2">"Deploying CloudFormation stack..."</span> aws cloudformation deploy <span class="se">\</span> <span class="nt">--stack-name</span> <span class="k">${</span><span class="nv">STACK_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--template-file</span> aws-client-vpn.yaml <span class="se">\</span> <span class="nt">--capabilities</span> CAPABILITY_NAMED_IAM <span class="se">\</span> <span class="nt">--parameter-overrides</span> <span class="se">\</span> <span class="nv">KeyName</span><span class="o">=</span><span class="k">${</span><span class="nv">KEY_PAIR_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nv">ServerCertificateArn</span><span class="o">=</span><span class="k">${</span><span class="nv">SERVER_CERT_ARN</span><span class="k">}</span> <span class="se">\</span> <span class="nv">ClientCertificateArn</span><span class="o">=</span><span class="k">${</span><span class="nv">CLIENT_CERT_ARN</span><span class="k">}</span> <span class="se">\</span> <span class="nv">LatestAmiId</span><span class="o">=</span>/aws/service/ami-amazon-linux-2/latest/amzn2-ami-hvm-x86_64-gp2 <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"CloudFormation deployment failed. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"CloudFormation stack deployed successfully. Waiting for resources..."</span> aws cloudformation <span class="nb">wait </span>stack-create-complete <span class="nt">--stack-name</span> <span class="k">${</span><span class="nv">STACK_NAME</span><span class="k">}</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="c"># Ensure Client VPN endpoint is in available state</span> <span class="nb">echo</span> <span class="s2">"Waiting for VPN endpoint to become available..."</span> <span class="nb">sleep </span>15 <span class="c"># Get Client VPN Endpoint ID from stack outputs</span> <span class="nv">VPN_ENDPOINT_ID</span><span class="o">=</span><span class="si">$(</span>aws cloudformation describe-stacks <span class="se">\</span> <span class="nt">--stack-name</span> <span class="k">${</span><span class="nv">STACK_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"Stacks[0].Outputs[?OutputKey==</span><span class="se">\'</span><span class="s2">ClientVpnEndpointId</span><span class="se">\'</span><span class="s2">].OutputValue"</span> <span class="se">\</span> <span class="nt">--output</span> text <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">VPN_ENDPOINT_ID</span><span class="k">}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Could not retrieve Client VPN Endpoint ID. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Client VPN Endpoint ID: </span><span class="k">${</span><span class="nv">VPN_ENDPOINT_ID</span><span class="k">}</span><span class="s2">"</span> <span class="c"># 2. Authorize Client VPN Ingress Rule</span> <span class="nb">echo</span> <span class="s2">"Authorizing Client VPN ingress rule..."</span> aws ec2 authorize-client-vpn-ingress <span class="se">\</span> <span class="nt">--client-vpn-endpoint-id</span> <span class="k">${</span><span class="nv">VPN_ENDPOINT_ID</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--target-network-cidr</span> <span class="k">${</span><span class="nv">TARGET_NETWORK_CIDR</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--authorize-all-groups</span> <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"Allow access to VPC subnet"</span> <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to authorize client VPN ingress. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Client VPN ingress rule authorized successfully."</span> <span class="c"># 3. Get Security Group ID from stack outputs</span> <span class="nv">SECURITY_GROUP_ID</span><span class="o">=</span><span class="si">$(</span>aws cloudformation describe-stacks <span class="se">\</span> <span class="nt">--stack-name</span> <span class="k">${</span><span class="nv">STACK_NAME</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"Stacks[0].Outputs[?OutputKey==</span><span class="se">\'</span><span class="s2">SecurityGroupId</span><span class="se">\'</span><span class="s2">].OutputValue"</span> <span class="se">\</span> <span class="nt">--output</span> text <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">SECURITY_GROUP_ID</span><span class="k">}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Could not retrieve Security Group ID. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Security Group ID: </span><span class="k">${</span><span class="nv">SECURITY_GROUP_ID</span><span class="k">}</span><span class="s2">"</span> <span class="c"># 4. Get Client VPN CIDR Block</span> <span class="nv">CLIENT_VPN_CIDR</span><span class="o">=</span><span class="si">$(</span>aws ec2 describe-client-vpn-endpoints <span class="se">\</span> <span class="nt">--client-vpn-endpoint-ids</span> <span class="k">${</span><span class="nv">VPN_ENDPOINT_ID</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s2">"ClientVpnEndpoints[0].ClientCidrBlock"</span> <span class="se">\</span> <span class="nt">--output</span> text <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">CLIENT_VPN_CIDR</span><span class="k">}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Could not retrieve Client VPN CIDR Block. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Client VPN CIDR Block: </span><span class="k">${</span><span class="nv">CLIENT_VPN_CIDR</span><span class="k">}</span><span class="s2">"</span> <span class="c"># 5. Add Ingress Rule to EC2 Security Group</span> <span class="nb">echo</span> <span class="s2">"Adding ingress rule to EC2 Security Group..."</span> aws ec2 authorize-security-group-ingress <span class="se">\</span> <span class="nt">--group-id</span> <span class="k">${</span><span class="nv">SECURITY_GROUP_ID</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--protocol</span> tcp <span class="se">\</span> <span class="nt">--port</span> 22 <span class="se">\</span> <span class="nt">--cidr</span> <span class="k">${</span><span class="nv">CLIENT_VPN_CIDR</span><span class="k">}</span> <span class="se">\</span> <span class="nt">--description</span> <span class="s2">"Allow SSH from Client VPN"</span> <span class="se">\</span> <span class="nt">--region</span> <span class="k">${</span><span class="nv">REGION</span><span class="k">}</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to add ingress rule to security group. Exiting."</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Ingress rule added to security group successfully."</span> <span class="nb">echo</span> <span class="s2">"Deployment complete!"</span> </code></pre> </div> <p><strong>Usage:</strong></p> <ol> <li> Save the above script as <code>deploy_client_vpn.sh</code>.</li> <li> Make it executable: <code>chmod +x deploy_client_vpn.sh</code>.</li> <li> Customize the variables at the beginning of the script (<code>STACK_NAME</code>, <code>KEY_PAIR_NAME</code>, <code>SERVER_CERT_ARN</code>, <code>CLIENT_CERT_ARN</code>, <code>REGION</code>, <code>TARGET_NETWORK_CIDR</code>).</li> <li> Run the script: <code>./deploy_client_vpn.sh</code>.</li> </ol> <h2> Cleanup </h2> <p>To avoid incurring unnecessary costs, it is important to clean up the AWS resources created by these CloudFormation stacks when they are no longer needed. You can delete the stacks using the AWS CLI.</p> <h3> Deleting the Client VPN Stack </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation delete-stack <span class="se">\</span> <span class="nt">--stack-name</span> MyClientVPNStack <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <p>Wait for the stack deletion to complete:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation <span class="nb">wait </span>stack-delete-complete <span class="se">\</span> <span class="nt">--stack-name</span> MyClientVPNStack <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <h3> Deleting the VPC and EC2 Stack (if deployed) </h3> <p>If you deployed the optional VPC and EC2 stack, you should delete it as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation delete-stack <span class="se">\</span> <span class="nt">--stack-name</span> MyVPCAndEC2Stack <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <p>Wait for the stack deletion to complete:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws cloudformation <span class="nb">wait </span>stack-delete-complete <span class="se">\</span> <span class="nt">--stack-name</span> MyVPCAndEC2Stack <span class="se">\</span> <span class="nt">--region</span> ap-south-1 </code></pre> </div> <p><strong>Note:</strong> Ensure that any associated resources (like EC2 instances, security groups, etc.) are properly terminated before attempting to delete the VPC, as CloudFormation might not delete resources that have dependencies.</p> <h2> Conclusion </h2> <p>Setting up an AWS Client VPN provides a secure and flexible way to access your AWS resources remotely. Whether you prefer the infrastructure-as-code approach with CloudFormation or the direct control of AWS CLI, both methods allow you to establish a robust VPN solution. Remember the crucial step of updating the security group ingress rules to ensure proper connectivity from your VPN clients to your target resources. The provided deployment script automates this process, streamlining your setup.</p> <p>Happy VPNing!</p> <h2> Referrals </h2> <ul> <li><a href="https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/client-authentication.html#mutual" rel="noopener noreferrer">Authentication</a></li> <li><a href="https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/cvpn-getting-started.html" rel="noopener noreferrer">Getting started with Client VPN</a></li> <li>VPN Photo by <a href="https://unsplash.com/@privecstasy" rel="noopener noreferrer">@privecstasy</a> from <a href="https://unsplash.com/photos/CXlqHmQy3MY" rel="noopener noreferrer">unsplash</a> </li> </ul> Sri Sat, 22 Mar 2025 04:34:13 +0000 https://forem.com/aws-builders/my-aws-certified-security-specialty-certification-study-guide-2cio https://forem.com/aws-builders/my-aws-certified-security-specialty-certification-study-guide-2cio <p><em>Important: Having a solid foundation in AWS core services is essential. If you're new to AWS, I recommend completing the <a href="https://aws.amazon.com/certification/certified-solutions-architect-associate/" rel="noopener noreferrer">AWS Certified Solutions Architect - Associate</a> certification first.</em></p> <h6> 1. Study Guide for AWS Security Specialty </h6> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>No</th> <th>Course/Resource</th> <th>Time</th> <th>Status</th> <th>Comments</th> </tr> </thead> <tbody> <tr> <td>1</td> <td><a href="https://www.udemy.com/course/ultimate-aws-certified-security-specialty/" rel="noopener noreferrer">Stephane Maarek's Ultimate AWS Certified Security Specialty</a></td> <td>4 weeks</td> <td>Completed</td> <td>Comprehensive course with hands-on labs</td> </tr> <tr> <td>2</td> <td><a href="https://portal.tutorialsdojo.com/courses/aws-certified-security-specialty-practice-exams-scs-c02/" rel="noopener noreferrer">Tutorial Dojo Practice Exams</a></td> <td>2 weeks</td> <td>Completed</td> <td>Highly recommended for exam preparation</td> </tr> <tr> <td>3</td> <td><a href="https://explore.skillbuilder.aws/learn/courses/18291/exam-prep-standard-course-aws-certified-security-specialty-scs-c02-english" rel="noopener noreferrer">AWS Security Specialty Exam Readiness Course</a></td> <td>1 week</td> <td>Completed</td> <td>Essential AWS official prep material</td> </tr> <tr> <td>4</td> <td><a href="https://github.com/kasukur/AWS_CCP_Notes/blob/main/AWS%20Security%20Speciality/AWS_Certified_Security_Speciality.md" rel="noopener noreferrer">AWS Certified Security - Specialty Study Notes</a></td> <td>1 week</td> <td>Completed</td> <td>Comprehensive community study notes</td> </tr> </tbody> </table></div> <h6> 2. Essential AWS Security Workshops: </h6> <p>Practice hands-on with these official AWS workshops:</p> <ul> <li><a href="https://catalog.workshops.aws/security-hub/en-US" rel="noopener noreferrer">AWS Security Hub Workshop</a></li> <li><a href="https://catalog.workshops.aws/identity/en-US" rel="noopener noreferrer">AWS Identity Workshop</a></li> <li><a href="https://catalog.workshops.aws/networkfirewall/en-US" rel="noopener noreferrer">AWS Network Firewall Workshop</a></li> <li><a href="https://catalog.workshops.aws/waf/en-US" rel="noopener noreferrer">AWS WAF Workshop</a></li> </ul> <h6> 3. Key Focus Areas: </h6> <ol> <li> <p>Identity and Access Management (IAM)</p> <ul> <li>IAM policies and permissions</li> <li>IAM roles and federation</li> <li>AWS Organizations</li> <li>AWS SSO/IAM Identity Center</li> </ul> </li> <li> <p>Data Protection</p> <ul> <li>KMS and CloudHSM</li> <li>AWS Certificate Manager</li> <li>Secrets Manager</li> <li>AWS Shield and WAF</li> </ul> </li> <li> <p>Infrastructure Security</p> <ul> <li>VPC Security</li> <li>Network ACLs and Security Groups</li> <li>AWS Network Firewall</li> <li>AWS Security Hub</li> </ul> </li> <li> <p>Incident Response</p> <ul> <li>CloudWatch</li> <li>CloudTrail</li> <li>AWS Config</li> <li>Amazon Detective</li> </ul> </li> <li> <p>Compliance and Audit</p> <ul> <li>AWS Audit Manager</li> <li>AWS Control Tower</li> <li>AWS Artifact</li> <li>Amazon Macie</li> </ul> </li> </ol> <h6> FAQs: </h6> <blockquote> <ol> <li><p>How long does it take to prepare?<br> With prior AWS experience, expect 2-3 months of dedicated study. Without significant AWS security experience, 4-6 months might be more realistic.</p></li> <li><p>What prerequisites are recommended?<br> While not mandatory, having an AWS Associate-level certification (particularly Solutions Architect) provides a strong foundation for the security concepts.</p></li> <li><p>How is this exam different from Associate-level exams?<br> This is a specialty exam focusing deeply on security services and concepts. Questions are typically more scenario-based and require detailed understanding of security implementations.</p></li> <li><p>What's the exam format?<br> The exam consists of 65 questions to be completed in 170 minutes. Questions are multiple choice and multiple response.</p></li> </ol> </blockquote> <h6> Exam Tips: </h6> <blockquote> <ol> <li><p>Focus on understanding security services in-depth, particularly IAM, KMS, and security-related aspects of VPC.</p></li> <li><p>Practice with real-world scenarios through AWS workshops and labs.</p></li> <li><p>Pay special attention to compliance frameworks and AWS's shared responsibility model.</p></li> <li><p>Review AWS security whitepapers and best practices documentation.</p></li> <li><p>For non-native English speakers, you can request ESL+30 minutes accommodation through <a href="https://www.certmetrics.com/amazon/" rel="noopener noreferrer">certmetrics</a>.</p></li> </ol> </blockquote> <h6> Additional Resources: </h6> <ul> <li><a href="https://aws.amazon.com/blogs/security/" rel="noopener noreferrer">AWS Security Blog</a></li> <li><a href="https://docs.aws.amazon.com/security/" rel="noopener noreferrer">AWS Security Documentation</a></li> <li><a href="https://aws.amazon.com/architecture/security-identity-compliance/" rel="noopener noreferrer">AWS Security Best Practices</a></li> <li><a href="https://aws.amazon.com/whitepapers/?whitepapers-main.sort-by=item.additionalFields.sortDate&amp;whitepapers-main.sort-order=desc&amp;awsf.whitepapers-content-type=*all&amp;awsf.whitepapers-tech-category=tech-category%23security-identity-compliance" rel="noopener noreferrer">AWS Security Whitepapers</a></li> </ul> <p><em>Note: Keep in mind that AWS regularly updates its services and exam content. Always verify the latest exam guide from the official AWS Certification page before starting your preparation.</em></p> aws certification security Sri Wed, 01 Jan 2025 02:27:55 +0000 https://forem.com/aws-builders/deploying-a-simple-static-website-on-aws-with-cdk-and-typescript-oij https://forem.com/aws-builders/deploying-a-simple-static-website-on-aws-with-cdk-and-typescript-oij <p>You may have come across several blogs on hosting static websites on S3. This guide demonstrates how to create and deploy a simple static website using AWS CDK with TypeScript. The project will cover:</p> <ul> <li>Setting up a basic AWS CDK project structure.</li> <li>Defining infrastructure as code (IaC) with TypeScript.</li> <li>Creating AWS resources necessary for hosting a static website.</li> <li>Deploying the website to AWS.</li> </ul> <p>The website source code is hosted on GitHub: <a href="https://github.com/kasukur/cdk-s3-website" rel="noopener noreferrer">kasukur/cdk-s3-website</a>.</p> <h2> Table of Contents </h2> <ol> <li>Prerequisites</li> <li>Step 1: Initialize the Project</li> <li>Step 2: Create a Simple Website</li> <li>Step 3: Write CDK Code to Host the Website</li> <li>Step 4: Deploy the Website</li> <li>Full Command History</li> <li>Clean Up</li> <li>Conclusion</li> <li>Referrals</li> </ol> <h2> Prerequisites </h2> <p>Before starting, ensure you have the following installed:</p> <ul> <li> <strong>Node.js</strong> (&gt;= 14.x)</li> <li> <strong>AWS CLI</strong> (configured with credentials)</li> <li> <strong>AWS CDK</strong> (&gt;= 2.x)</li> </ul> <p>To install AWS CDK globally:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> aws-cdk </code></pre> </div> <h2> Step 1: Initialize the Project </h2> <ol> <li> <p><strong>Create a project directory</strong> and navigate to it:<br> </p> <pre class="highlight shell"><code> <span class="nb">mkdir </span>cdk-s3-website <span class="o">&amp;&amp;</span> <span class="nb">cd </span>cdk-s3-website </code></pre> </li> <li> <p><strong>Initialize a new CDK app</strong>:<br> </p> <pre class="highlight shell"><code> cdk init app <span class="nt">--language</span> typescript </code></pre> </li> <li> <p>Install dependencies for the CDK constructs we'll use:<br> </p> <pre class="highlight shell"><code> npm <span class="nb">install</span> @aws-cdk/aws-s3 @aws-cdk/aws-s3-deployment </code></pre> </li> <li> <p>Verify the setup by synthesizing the stack:<br> </p> <pre class="highlight shell"><code> cdk synth </code></pre> </li> </ol> <p>This command generates the CloudFormation template for your stack.</p> <h2> Step 2: Create a Simple Website </h2> <ol> <li><p><strong>Download the website tempalte from <a href="https://html5up.net/dimension/download" rel="noopener noreferrer">html5up.net</a></strong>:</p></li> <li><p>unzip the file, navigate to the folder and copy all the files to the website folder.<br> </p></li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp</span> <span class="nt">-r</span> ~/Downloads/html5up-dimension ~/Documents/cdk-s3-website/website/. </code></pre> </div> <h2> Step 3: Write CDK Code to Host the Website </h2> <p>Edit the <code>lib/cdk-s3-website-stack.ts</code> file to define the resources:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3deploy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3-deployment</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CdkS3WebsiteStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">);</span> <span class="c1">// Create an S3 bucket for website hosting</span> <span class="kd">const</span> <span class="nx">websiteBucket</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">WebsiteBucket</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">websiteIndexDocument</span><span class="p">:</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">,</span> <span class="na">publicReadAccess</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">removalPolicy</span><span class="p">:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">RemovalPolicy</span><span class="p">.</span><span class="nx">DESTROY</span><span class="p">,</span> <span class="c1">// Allow deletion of non-empty bucket</span> <span class="na">autoDeleteObjects</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="c1">// Automatically delete objects when bucket is removed</span> <span class="p">});</span> <span class="c1">// Deploy the website content to the S3 bucket</span> <span class="k">new</span> <span class="nx">s3deploy</span><span class="p">.</span><span class="nc">BucketDeployment</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">DeployWebsite</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3deploy</span><span class="p">.</span><span class="nx">Source</span><span class="p">.</span><span class="nf">asset</span><span class="p">(</span><span class="dl">'</span><span class="s1">./website</span><span class="dl">'</span><span class="p">)],</span> <span class="na">destinationBucket</span><span class="p">:</span> <span class="nx">websiteBucket</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Output the website URL</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nc">CfnOutput</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">WebsiteURL</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">websiteBucket</span><span class="p">.</span><span class="nx">bucketWebsiteUrl</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> Step 4: Deploy the Website </h2> <p>Run the following commands to deploy your website:</p> <ol> <li> <p><strong>Bootstrap the environment</strong>:<br> </p> <pre class="highlight shell"><code> cdk bootstrap </code></pre> </li> <li> <p>You might noticed the following error:<br> </p> <pre class="highlight shell"><code> Error: Cannot use <span class="s1">'publicReadAccess'</span> property on a bucket without allowing bucket-level public access through <span class="s1">'blockPublicAccess'</span> property. at new Bucket <span class="o">(</span>/Users/sridharkasukurthy/Documents/cdk-s3-website/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js:1:24460<span class="o">)</span> ... </code></pre> <p>Troubleshooting: The error occurs because the <code>publicReadAccess: true</code> property is used without explicitly allowing public access by disabling the <code>blockPublicAccess</code> feature. AWS CDK enforces stricter controls to prevent unintended public access.</p> <p>Solution: To fix this, we need to configure the bucket to allow public access explicitly by setting the <code>blockPublicAccess</code> feature.</p> <p>Updated Code:<br> </p> <pre class="highlight typescript"><code> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">cdk</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Construct</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">constructs</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="o">*</span> <span class="k">as</span> <span class="nx">s3Deploy</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">aws-cdk-lib/aws-s3-deployment</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">class</span> <span class="nc">CdkS3WebsiteStack</span> <span class="kd">extends</span> <span class="nc">cdk</span><span class="p">.</span><span class="nx">Stack</span> <span class="p">{</span> <span class="nf">constructor</span><span class="p">(</span><span class="nx">scope</span><span class="p">:</span> <span class="nx">Construct</span><span class="p">,</span> <span class="nx">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">props</span><span class="p">?:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">StackProps</span><span class="p">)</span> <span class="p">{</span> <span class="k">super</span><span class="p">(</span><span class="nx">scope</span><span class="p">,</span> <span class="nx">id</span><span class="p">,</span> <span class="nx">props</span><span class="p">);</span> <span class="c1">// Create an S3 bucket for the website with public access explicitly allowed</span> <span class="kd">const</span> <span class="nx">websiteBucket</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">s3</span><span class="p">.</span><span class="nc">Bucket</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">SriSriWebsiteBucket</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">websiteIndexDocument</span><span class="p">:</span> <span class="dl">'</span><span class="s1">index.html</span><span class="dl">'</span><span class="p">,</span> <span class="na">publicReadAccess</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">removalPolicy</span><span class="p">:</span> <span class="nx">cdk</span><span class="p">.</span><span class="nx">RemovalPolicy</span><span class="p">.</span><span class="nx">DESTROY</span><span class="p">,</span> <span class="c1">// Optional: Remove the bucket on stack deletion</span> <span class="na">blockPublicAccess</span><span class="p">:</span> <span class="nx">s3</span><span class="p">.</span><span class="nx">BlockPublicAccess</span><span class="p">.</span><span class="nx">BLOCK_ACLS</span><span class="p">,</span> <span class="c1">// Allows public access but blocks ACLs</span> <span class="p">});</span> <span class="c1">// Deploy website contents to the bucket</span> <span class="k">new</span> <span class="nx">s3Deploy</span><span class="p">.</span><span class="nc">BucketDeployment</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">DeployWebsite</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[</span><span class="nx">s3Deploy</span><span class="p">.</span><span class="nx">Source</span><span class="p">.</span><span class="nf">asset</span><span class="p">(</span><span class="dl">'</span><span class="s1">./website</span><span class="dl">'</span><span class="p">)],</span> <span class="na">destinationBucket</span><span class="p">:</span> <span class="nx">websiteBucket</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// Output the website URL</span> <span class="k">new</span> <span class="nx">cdk</span><span class="p">.</span><span class="nc">CfnOutput</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="dl">'</span><span class="s1">WebsiteURL</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">websiteBucket</span><span class="p">.</span><span class="nx">bucketWebsiteUrl</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </li> <li> <p><strong>Bootstrap the environment again</strong>:<br> </p> <pre class="highlight shell"><code> cdk bootstrap </code></pre> </li> <li> <p><strong>Deploy the stack</strong>:<br> </p> <pre class="highlight shell"><code> cdk deploy </code></pre> <blockquote> <p>Do you wish to deploy these changes (y/n)? y</p> </blockquote> </li> </ol> <p>During deployment, the CDK will output the URL for the hosted website. You can access your site using this URL.</p> <h2> Full Command History </h2> <p>Here’s a reference of all commands used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>1 <span class="nb">mkdir </span>cdk-s3-website <span class="o">&amp;&amp;</span> <span class="nb">cd </span>cdk-s3-website 2 cdk init app <span class="nt">--language</span> typescript 3 npm <span class="nb">install</span> @aws-cdk/aws-s3 @aws-cdk/aws-s3-deployment 4 git clone https://github.com/kasukur/s3-website.git website 5 cdk synth 6 cdk bootstrap 7 cdk deploy </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqxmdm4gc9aelk1nwg68.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqxmdm4gc9aelk1nwg68.png" alt="Image description" width="800" height="843"></a></p> <h2> Clean Up </h2> <p>To avoid incurring unnecessary charges, delete the stack. If the <code>cdk destroy</code> command fails due to non-empty buckets, empty the bucket manually or use the <code>autoDeleteObjects</code> property in your stack as shown above:</p> <ol> <li> <strong>Manually empty the bucket</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> aws s3 <span class="nb">rm </span>s3://&lt;bucket-name&gt; <span class="nt">--recursive</span> </code></pre> </div> <ol> <li> <strong>Destroy the stack</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> cdk destroy </code></pre> </div> <h2> Conclusion </h2> <p>This project demonstrated how to use AWS CDK with TypeScript to deploy a simple static website on AWS. The focus was on showcasing the CDK’s capabilities for infrastructure provisioning and deployment automation. You can now customize and expand upon this setup for more complex use cases.</p> <p><a></a></p> <h3> Referrals </h3> <ul> <li><a href="https://cdkworkshop.com/20-typescript/20-create-project/500-deploy.html" rel="noopener noreferrer">AWS CDK Create Project</a></li> <li><a href="https://stackoverflow.com/questions/60310575/how-to-add-s3-bucketpolicy-with-aws-cdk" rel="noopener noreferrer">How to Add S3 BucketPolicy with AWS CDK</a></li> <li><a href="https://stackoverflow.com/questions/62694166/how-to-force-delete-a-non-empty-s3-bucket-with-versioning-enabled" rel="noopener noreferrer">How to Force Delete a Non-Empty S3 Bucket with Versioning Enabled</a></li> <li><a href="https://debugthis.dev/cdk/2020-07-08-aws-cdk-errors/" rel="noopener noreferrer">Debugging AWS CDK Errors</a></li> <li>Cover Image by <a href="https://unsplash.com/@glenncarstenspeters" rel="noopener noreferrer">@glenncarstenspeters</a> from <a href="https://unsplash.com/photos/person-using-macbook-pro-npxXWgQ33ZQ" rel="noopener noreferrer">Unsplash</a> </li> </ul> aws cdk ts Sri Sat, 27 Apr 2024 12:56:10 +0000 https://forem.com/aws-builders/my-aws-devops-engineer-professional-study-guide-1p6c https://forem.com/aws-builders/my-aws-devops-engineer-professional-study-guide-1p6c <p><em>Important: Complete both the courses and study material suggested in the <a href="https://dev.to/kasukur/my-aws-sys-ops-associate-study-guide-1ogl">My AWS SysOps Associate study guide</a> and <a href="https://dev.to/aws-builders/my-aws-developer-associate-study-guide-298l">My AWS Developer Associate study guide</a> first as this has some overlap. After you have completed these, then follow the study guide below.</em></p> <p>Please review the following in addition to my <br> <a href="https://github.com/kasukur/AWS_CCP_Notes/blob/main/AWS_DevOps_Engineer_Professional.txt" rel="noopener noreferrer">AWS DevOps Engineer Professional Notes</a>.</p> <h6> 1. My Study Guide for AWS DevOps Engineer Professional </h6> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>No</th> <th>Course</th> <th>Time</th> <th>Status</th> <th>Comments</th> </tr> </thead> <tbody> <tr> <td>1</td> <td><a href="https://www.udemy.com/course/aws-certified-devops-engineer-professional-hands-on/?couponCode=NVDPPOT42722" rel="noopener noreferrer">Stephane's AWS Certified DevOps Engineer Professional</a></td> <td>15 days</td> <td>Completed</td> <td>Preferable if you have all three associate certifications</td> </tr> <tr> <td>2</td> <td><a href="https://tutorialsdojo.com/courses/aws-certified-devops-engineer-professional-practice-exams/" rel="noopener noreferrer">Tutorial Dojo Practice Exams</a></td> <td>7 days</td> <td>Completed</td> <td>Highly recommend</td> </tr> <tr> <td>3</td> <td><a href="https://www.udemy.com/course/aws-certified-devops-engineer-professional-practice-exam-dop/?couponCode=NVDPPOT42722" rel="noopener noreferrer">Stephane Maarek Practice Exams</a></td> <td>1 day</td> <td>Completed</td> <td>Highly recommend</td> </tr> <tr> <td>4</td> <td><a href="https://www.udemy.com/course/aws-certified-devops-engineer-professional-practice-exams-course/?couponCode=NVDPPOT42722" rel="noopener noreferrer">Neal Davis Practice Exams</a></td> <td>2 days</td> <td>Completed</td> <td>Highly recommend</td> </tr> <tr> <td>5</td> <td><a href="https://explore.skillbuilder.aws/learn/course/internal/view/elearning/16512/exam-prep-enhanced-course-aws-certified-devops-engineer-professional-dop-c02-english" rel="noopener noreferrer">AWS SkillBuilder - Exam Prep Standard Course: AWS Certified DevOps Engineer - Professional</a></td> <td>1 week</td> <td>Completed</td> <td>You MUST COMPLETE this course before taking the exam.</td> </tr> <tr> <td>6</td> <td><a href="https://wmx-api-production.s3.amazonaws.com/courses/56802/supplementary/AWS%20Exam%20Preparation%20Official%20Practice%20Question%20Sets%20Overview%20and%20Instructions.pdf" rel="noopener noreferrer">AWS SkillBuilder - AWS Exam Preparation Official Practice Question Sets Overview and Instructions.pdf</a></td> <td>1 hour</td> <td>Completed</td> <td>You MUST COMPLETE this course before taking the exam.</td> </tr> <tr> <td>7</td> <td><a href="https://www.whizlabs.com/aws-devops-certification-training/" rel="noopener noreferrer">Whizlabs - Hands-on Labs</a></td> <td>7 days</td> <td>some labs</td> <td>Optional</td> </tr> </tbody> </table></div> <h6> 2. AWS Workshops for DevOps: </h6> <p>AWS DevOps Engineer Professional Exam tests your hands on experience, So I highly recommend you gain some hands on experience using the following workshops:</p> <ul> <li><a href="https://catalog.us-east-1.prod.workshops.aws/workshops/752fd04a-f7c3-49a0-a9a0-c9b5ed40061b/en-US" rel="noopener noreferrer">Introduction to AWS Code Family</a></li> <li><a href="https://catalog.us-east-1.prod.workshops.aws/workshops/63320e83-6abc-493d-83d8-f822584fb3cb/en-US/" rel="noopener noreferrer">Building event-driven architectures on AWS</a></li> <li><a href="https://catalog.workshops.aws/cfn101/en-US" rel="noopener noreferrer">AWS CloudFormation Workshop</a></li> <li> <a href="https://catalog.workshops.aws/observability/en-US" rel="noopener noreferrer">One Observability Workshop</a> - Focus on AWS CloudWatch</li> </ul> <h6> FAQs: </h6> <blockquote> <ol> <li><p>Which video courses do I need to take?<br> If you haven't completed all three associate certifications, then I recommend completing Stephane's Sys Ops and Developer Associate courses first.</p></li> <li><p>How long does it take to prepare?<br> If you have completed Sys Ops and Developer Associate exams then probably a month or two. Otherwise you might need at least 4-6 months.<br> It took me six months in total (part time and a bit on and off due to some other activities).<br> I suggest taking the exam as soon as you can after completing the Associate level certifications as the concepts will be fresh in your mind and you would have built up the momentum to complete the next certification level.</p></li> <li><p>What if I do not feel confident to take the exam?<br> I didn't feel confident even after completing the practice exams, so I took <code>AWS SkillBuilder - Exam Prep Standard Course: AWS Certified DevOps Engineer - Professional</code> which helped me gain confidence. This course has precisely everything that is needed for the Professional exam (re:Invent videos, FAQs, blogs, etc.)</p></li> <li><p>How is the Professional exam different to an Associate exam?<br> The Professional exam is very different to the Associate exam as some of the questions are longer and some questions have two correct answers. It is important to pick the most appropriate answer based on the requirement in the question. Most importantly, AWS DevOps Engineer Professional exam tests your hands on experience.</p></li> <li><p>What happens if I don't pass the practice exams? <br> Try to score close to 70% in any practice exam in your first attempt. Don't be worried if you don't pass on your first attempt.</p></li> <li><p>What do I do if I discover that I still have some weak areas after doing the practice exams? <br> During the practice exams, if you find any areas that you seem to be weak in, then read more about those particular services in the AWS documentation.</p></li> <li><p>What tools do I get to use during the exam at the test centre?<br> I was given a pen and erasable sheet. </p></li> <li><p>Where should I take the exam - online or at the test centre?<br> You can take the exam anywhere but my preference is taking the test at a test center.</p></li> </ol> <p>Note: I haven't included white-papers, FAQ's and workshops in this guide as I completed them during my preparation for the Associate exam.</p> </blockquote> <h6> 3. AWS DevOps Engineer Professional Notes </h6> <div class="ltag-github-readme-tag"> <div class="readme-overview"> <h2> <img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev.to%2Fassets%2Fgithub-logo-5a155e1f9a670af7944dd5e12375bc76ed542ea80224905ecaf878b9157cdefc.svg" alt="GitHub logo"> <a href="https://github.com/kasukur" rel="noopener noreferrer"> kasukur </a> / <a href="https://github.com/kasukur/AWS_CCP_Notes" rel="noopener noreferrer"> AWS_CCP_Notes </a> </h2> <h3> AWS Certification Notes </h3> </div> <div class="ltag-github-body"> <div id="readme" class="md"> <div class="markdown-heading"> <h1 class="heading-element">AWS Certification Preparation Notes</h1> </div> <div class="markdown-heading"> <h2 class="heading-element">AWS Certified Cloud Practioner Notes</h2> </div> <div class="markdown-heading"> <h2 class="heading-element">AWS Solution Architect Associate Notes</h2> </div> <div class="markdown-heading"> <h2 class="heading-element">AWS Certified Developer Associate Notes</h2> </div> <div class="markdown-heading"> <h2 class="heading-element">AWS Solution Architect Professional Notes</h2> </div> <div class="markdown-heading"> <h2 class="heading-element">AWS DevOps Engineer Professional Notes</h2> </div> <div class="markdown-heading"> <h2 class="heading-element"><a href="https://start.me/p/1kjb2D/new-page" rel="nofollow noopener noreferrer">AWS Workshops/Labs</a></h2> </div> <p>More to follow...</p> <div class="markdown-heading"> <h2 class="heading-element">Disclaimer:</h2> </div> <blockquote> <p>The information has been taken from the content in <a href="https://acloudguru.com/" rel="nofollow noopener noreferrer">acloudguru</a> for AWS Solution Architect Associate.</p> <p>I highly recommend you to purchase the course from <a href="https://acloudguru.com/" rel="nofollow noopener noreferrer">acloudguru</a></p> <p>The purpose of these notes is to help students with their revision prior to taking the certification.</p> </blockquote> </div> </div> <br> <div class="gh-btn-container"><a class="gh-btn" href="https://github.com/kasukur/AWS_CCP_Notes" rel="noopener noreferrer">View on GitHub</a></div> <br> </div> <br> <h6> 4. Exam Tips </h6> <blockquote> <ol> <li><p>During the exam, I marked the questions I was unsure of for review. At the end of the exam, I had about 20 questions for review, which made me feel slightly confident that I might pass the exam.</p></li> <li><p>Make sure that you don't leave any questions unanswered as there is no negative marking.</p></li> <li><p>It is also very important to know the basics, the exam will test you on the basics as well.</p></li> <li><p>DO NOT attempt to answer the questions based on key words alone, ensure you read all the answers as well.<br> For example: Whenever we see cost, we tend to think of 'Reserved' but that may not always be the case for some scenarios.<br> You will notice this when you do the live practice exams.</p></li> <li><p>If English is your second language, you can request for ESL+30 mins before booking the exam from <a href="https://www.certmetrics.com/amazon/" rel="noopener noreferrer">certmetrics</a> &gt; Request Exam Accomodations and wait for the approval. It might take a couple of days for the approval to come through.</p></li> </ol> </blockquote> <h6> 5. More AWS Labs </h6> <p><a href="https://start.me/p/1kjb2D/new-page" rel="noopener noreferrer">AWS Labs/Workshops</a></p> <blockquote> <ol> <li>This is a list of labs which you can use for further practice, using your own AWS account. This is optional as some of these labs are quite advanced.</li> </ol> </blockquote> aws devops certification Sri Sat, 14 Jan 2023 21:00:00 +0000 https://forem.com/aws-builders/auto-scale-ec2-using-sqs-306e https://forem.com/aws-builders/auto-scale-ec2-using-sqs-306e <h2> Table of Contents </h2> <ol> <li>Introduction</li> <li>Create an EC2 Instance Role</li> <li>Create a Key pair</li> <li>Create a Security Group</li> <li>Create an S3 Bucket</li> <li>Create an SQS queue</li> <li>Create a Cloud9 instance</li> <li>Create CloudWatch Alarms</li> <li>Create a Launch Template</li> <li>Create an Auto Scaling Group</li> <li>Verification and Monitoring</li> <li>Clean Up</li> <li>Summary</li> <li>Referrals</li> </ol> <p><a></a></p> <h3> Introduction </h3> <p>In this blog we are going to set up auto scaling of EC2 instances using the SQS ApproximateNumberOfMessagesVisible metric.</p> <p>AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to set up application scaling for multiple resources across multiple services in minutes.</p> <h4> Benefits </h4> <ul> <li>Set up Scaling quickly.</li> <li>Make SMART scaling decisions.</li> <li>Automatically maintain performance.</li> <li>Pay only for what you need.</li> </ul> <h3> Demo </h3> <p>Let's get started with the demo.</p> <p><a></a></p> <h4> Step 1. Create an EC2 Instance Role </h4> <ol> <li>Navigate to IAM &gt; Roles &gt; Click on <strong>Create role</strong>.</li> <li>Select <strong>EC2</strong> under Common use case and Click <strong>Next</strong>.</li> <li>Select <strong>AmazonS3ReadOnlyAccess</strong> and <strong>AmazonSQSFullAccess</strong> and Click <strong>Next</strong>.</li> <li>Enter Role name as <strong>EC2InstanceRoleForSQS</strong> and Click <strong>Create role</strong>.</li> </ol> <blockquote> <p>Note: you may create a custom policy for SQS with the required permissions instead of using the managed policy <strong>AmazonSQSFullAccess</strong> to provide the least amount of privileges.</p> </blockquote> <p><em>AmazonSQSFullAccess</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"sqs:*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><em>AmazonS3ReadOnlyAccess</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"s3:Get*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3:List*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3-object-lambda:Get*"</span><span class="p">,</span><span class="w"> </span><span class="s2">"s3-object-lambda:List*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><em>Trusted entities</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Principal"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Service"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ec2.amazonaws.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sts:AssumeRole"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a></a></p> <h4> Step 2. Create a key pair </h4> <ol> <li>Navigate to EC2 &gt; Key Pairs (under Network &amp; Security).</li> <li>Click <strong>Create key pair</strong>.</li> <li>Enter Name as <code>auto-scale</code>.</li> <li>Navigate to the folder where the key pair is downloaded and run. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">chmod </span>400 &lt;key_pair_name&gt;.pem </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcj672rfyzguxznfuwi2t.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcj672rfyzguxznfuwi2t.png" alt="Auto_Scale_Keypair" width="800" height="723"></a></p> <blockquote> <p>Auto_Scale_Keypair</p> </blockquote> <p><a></a></p> <h4> Step 3. Create a Security Group </h4> <ol> <li>We are going to create a Security Group for SSH.</li> <li>Navigate to EC2 &gt; Security Groups &gt; Create a new security group for your ALB, and set the following values: <ul> <li>Name: <code>MyIPSSH-SG</code>.</li> <li>Add an Inbound rule to allow <code>SSH (TCP 22)</code> traffic from <code>My IP</code>.</li> </ul> </li> <li>Click <strong>Create security group</strong>.</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbr62zaedgkg28yx8u12g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbr62zaedgkg28yx8u12g.png" alt="MyIPSSH-SG" width="800" height="530"></a></p> <blockquote> <p>MyIPSSH-SG</p> </blockquote> <p><a></a></p> <h4> Step 4. Create an S3 Bucket </h4> <ol> <li>Navigate to EC2 &gt; Click <strong>Create Bucket</strong> </li> <li>Enter the Bucket name as <code>autoscalescripts</code>, add some random numbers to make the bucket name unique.</li> <li>Leave the rest of the settings as default and click <strong>Create Bucket</strong> </li> <li>Download <code>sendMessages.sh</code> and <code>receiveMessages.sh</code> from the <a href="https://github.com/kasukur/auto-scale-ec2-using-sqs" rel="noopener noreferrer">github</a> and upload them to the S3 bucket.</li> </ol> <p><a></a></p> <h3> Step 5. Create an SQS queue </h3> <ol> <li>Navigate to <strong>Simple Queue Service</strong> and click <strong>Create queue</strong> </li> <li>Enter <strong>Name</strong> as <code>MyMessages</code>, leave the rest as defaults and click <strong>Create queue</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2840jonlzd6rcvmtlhjr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2840jonlzd6rcvmtlhjr.png" alt="SQS_1" width="800" height="618"></a></p> <blockquote> <p>SQS_1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0hc7eqa4g80wskip1i8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0hc7eqa4g80wskip1i8.png" alt="SQS_2" width="800" height="565"></a></p> <blockquote> <p>SQS_2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffsrlwh25smnutkqh6nw4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffsrlwh25smnutkqh6nw4.png" alt="SQS_3" width="800" height="209"></a></p> <blockquote> <p>SQS_3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cxuzg9jeq12ab6vi42x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cxuzg9jeq12ab6vi42x.png" alt="SQS_4" width="800" height="120"></a></p> <blockquote> <p>SQS_4</p> </blockquote> <p><a></a></p> <h3> Step 6. Create a Cloud9 instance </h3> <ol> <li>Navigate to <strong>Cloud9</strong> &gt; <strong>Create Environment</strong>.</li> <li>Enter <strong>Name</strong> as <code>awscli</code> and click <strong>Create</strong>.</li> <li>Click <strong>Open</strong> under <strong>AWS Cloud9</strong> &gt; <strong>Environments</strong>.</li> <li>When Cloud9 is ready, Click File &gt; Upload Local Files... and then upload <code>sendMessages.sh</code>.</li> <li> <p>Let's check the AWS CLI version.<br> </p> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>aws <span class="nt">--version</span> aws-cli/1.19.112 Python/2.7.18 Linux/4.14.301-224.520.amzn2.x86_64 botocore/1.20.112 </code></pre> </li> <li><p>The script uses <code>jq</code>, so we need to install <code>jq</code>.</p></li> <li><p>Open a Terminal and execute <code>sudo yum install jq -y</code>.</p></li> <li><p>Execute <code>chmod +x sendMessages.sh</code> to provide the execute permissions.</p></li> <li><p>Now run the script to send <strong>2000</strong> messages to <code>MyMessages</code> queue.</p></li> </ol> <blockquote> <p>Note: Alternatively you could use AWS CLI on your personal computer to send the messages.</p> </blockquote> <p><a></a></p> <h3> Step 7. Create CloudWatch Alarms </h3> <p>We are going to create a ScaleOut Alarm to launch new instances when the <strong>ApproximateNumberOfMessagesVisible</strong> is greater than <strong>500</strong>.</p> <ol> <li>Navigate to CloudWatch &gt; Alarms &gt; Click <strong>Create alarm</strong>.</li> <li>Click <strong>Select Metric</strong>, search for <strong>SQS</strong>, select <strong>SQS &gt; Queue Metrics</strong>.</li> <li>Select <strong>MyMessages &gt; ApproximateNumberOfMessagesVisible</strong> and Click <strong>Select Metric</strong>.</li> <li>Change <strong>Statistic</strong> to <strong>Sum</strong>, <strong>Period</strong> to <strong>1 minute</strong>. <ul> <li>Threshold type: <strong>Static</strong>.</li> <li>Whenever ApproximateNumberOfMessagesVisible is...: <strong>Greater</strong>.</li> <li>Define the threshold value: <strong>500</strong>.</li> </ul> </li> <li>Click <strong>Next</strong>.</li> <li>Click <strong>Remove</strong> under <strong>Notification</strong> and Click <strong>Next</strong>.</li> <li>Enter Alarm name as <strong>ScaleOut</strong> and Click <strong>Next</strong>.</li> <li>Click <strong>Create Alarm</strong>.</li> </ol> <p>Similar to ScaleOut, we also need to create a ScaleIn Alarm to launch new instances when the <strong>ApproximateNumberOfMessagesVisible</strong> is lesser than <strong>300</strong>.</p> <ol> <li>Select <strong>ScaleOut</strong> from CloudWatch &gt; Alarms, Click on <strong>Actions</strong> and <strong>Copy</strong>.</li> <li>Change the following: <ul> <li>Whenever ApproximateNumberOfMessagesVisible is...: <strong>Lower</strong>.</li> <li>Define the threshold value: <strong>300</strong>.</li> </ul> </li> <li>Click <strong>Next</strong>.</li> <li>Click <strong>Remove</strong> under <strong>Notification</strong> and Click <strong>Next</strong>.</li> <li>Enter Alarm name as <strong>ScaleIn</strong> and Click <strong>Next</strong>.</li> <li>Click <strong>Create Alarm</strong>.</li> </ol> <p>👉 It is important to not have the same value for scale-in and scale-out thresholds. We should leave a gap between them to prevent oscillation.<br> For example: let's say we have 3 instances, and the CPU goes to 60%, which triggers the +1 step scaling policy. If the load stays constant, it will now be distributed to all 4 instances and the average CPU will drop to around 45% and the scale-in alarm will go off. This will then keep happening in a loop until the load goes up or down sufficiently for one of the alarms to stay in the alarm state and the ASG to reache the min or max.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pt9c5atzk7rk9yg9bbo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F3pt9c5atzk7rk9yg9bbo.png" alt="ScaleOut_CreateAlarm1" width="800" height="320"></a></p> <blockquote> <p>ScaleOut_CreateAlarm1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl5u55wcnn7n4rl9uxdig.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl5u55wcnn7n4rl9uxdig.png" alt="ScaleOut_CreateAlarm2" width="800" height="600"></a></p> <blockquote> <p>ScaleOut_CreateAlarm2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes5938dpg564pac6jefl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fes5938dpg564pac6jefl.png" alt="ScaleOut_CreateAlarm3" width="800" height="391"></a></p> <blockquote> <p>ScaleOut_CreateAlarm3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Finxbaifgkcyyy0d6ara4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Finxbaifgkcyyy0d6ara4.png" alt="ScaleOut_CreateAlarm4" width="800" height="873"></a></p> <blockquote> <p>ScaleOut_CreateAlarm4</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk98eiuqaeibjpax72gmq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fk98eiuqaeibjpax72gmq.png" alt="ScaleOut_CreateAlarm5" width="800" height="646"></a></p> <blockquote> <p>ScaleOut_CreateAlarm5</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqcacp6l6siopwcwgbgds.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqcacp6l6siopwcwgbgds.png" alt="Image description" width="800" height="518"></a></p> <blockquote> <p>ScaleOut_CreateAlarm6</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhwue82oizjtbp6t6hx1x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhwue82oizjtbp6t6hx1x.png" alt="ScaleOut_CreateAlarm7" width="800" height="763"></a></p> <blockquote> <p>ScaleOut_CreateAlarm7</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe0iozatxchop2oyfbfbk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe0iozatxchop2oyfbfbk.png" alt="ScaleOut_CreateAlarm7.1" width="800" height="441"></a></p> <blockquote> <p>ScaleOut_CreateAlarm7.1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46ribyq66ddw5msbj1a3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46ribyq66ddw5msbj1a3.png" alt="ScaleIn_CreateAlarm1" width="800" height="920"></a></p> <blockquote> <p>ScaleIn_CreateAlarm1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffon9gl7kgyjmi05weo9k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffon9gl7kgyjmi05weo9k.png" alt="ScaleIn_CreateAlarm2" width="800" height="640"></a></p> <blockquote> <p>ScaleIn_CreateAlarm2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F15s0i1jkkbouohwxogt5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F15s0i1jkkbouohwxogt5.png" alt="ScaleIn_CreateAlarm3" width="800" height="521"></a></p> <blockquote> <p>ScaleIn_CreateAlarm3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb93zwazzvilpgs4twq8s.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb93zwazzvilpgs4twq8s.png" alt="ScaleIn_CreateAlarm4" width="800" height="763"></a></p> <blockquote> <p>ScaleIn_CreateAlarm4</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhrrxkco7eygw9d5am5i6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhrrxkco7eygw9d5am5i6.png" alt="ScaleIn_CreateAlarm4.1" width="800" height="448"></a></p> <blockquote> <p>ScaleIn_CreateAlarm4.1</p> </blockquote> <p><a></a></p> <h3> Step 8. Create a Launch Template </h3> <p>We can use a Launch Template or Launch Configurations. Launch Template is preferred over Launch Configurations as we can have different versions of the template. Also we can't modify a Launch Configuration after we have created it.</p> <p>Create a Launch Template that will be used by the Auto Scaling group. The Launch Template defines what the instances are and how they are created.</p> <ol> <li>Navigate to EC2 &gt; Instances &gt; Launch Templates.</li> <li>Create a new template, and name it <code>AutoScale-SQS</code>.</li> <li>Search for <code>AMI</code>, and pick the <code>Amazon Linux</code>.</li> <li>Set the instance type as <code>t2.micro</code>.</li> <li>Select <code>key pair</code> you created earlier.</li> <li>Select the <code>MyIPSSH-SG</code> security group you created earlier.</li> <li>Expand Advanced Details, and select <code>EC2InstanceRoleForSQS</code> Role under <strong>IAM instance profile</strong>.</li> <li>Paste the following script under <strong>User data</strong>. <ul> <li>Note: These are commands to install jq, AWS CLI, copy scripts from the S3 bucket and to execute receiveMessages.sh.</li> </ul> </li> <li>Click Create Launch Template.</li> <li>Click <strong>View Launch templates</strong>.</li> </ol> <p><strong>User data</strong></p> <blockquote> <p>Note: Please update the bucket name in the script.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># install jq</span> <span class="nb">sudo </span>yum <span class="nb">install </span>jq <span class="nt">-y</span> <span class="c"># Update aws cli version</span> <span class="nb">cd</span> /home/ec2-user curl <span class="s2">"https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"</span> <span class="nt">-o</span> <span class="s2">"awscliv2.zip"</span> unzip awscliv2.zip <span class="nb">sudo</span> ./aws/install <span class="nb">sudo</span> ./aws/install <span class="nt">--bin-dir</span> /usr/local/bin <span class="nt">--install-dir</span> /usr/local/aws-cli <span class="nt">--update</span> which aws <span class="nb">ls</span> <span class="nt">-l</span> /usr/local/bin/aws aws <span class="nt">--version</span> <span class="c"># copy sendMessages.sh and receiveMessages.sh from S3</span> aws s3 <span class="nb">cp </span>s3://sqssri/ <span class="nb">.</span> <span class="nt">--recursive</span> <span class="nt">--exclude</span> <span class="s2">"*"</span> <span class="nt">--include</span> <span class="s2">"*.sh"</span> <span class="nb">sudo chmod</span> +x /home/ec2-user/<span class="k">*</span>.sh <span class="nb">nohup</span> ./receiveMessages.sh &amp; </code></pre> </div> <p>👉 As Launch Templates with User data are slow, it is recommended to create an AMI with the required software to improve the speed of instance initialisation.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7xbrn9ucrk4ppmti5prl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F7xbrn9ucrk4ppmti5prl.png" alt="LaunchTemplate1" width="800" height="643"></a></p> <blockquote> <p>LaunchTemplate1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyjgeub5zdtzcro7p2g8v.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyjgeub5zdtzcro7p2g8v.png" alt="LaunchTemplate1.1" width="800" height="935"></a></p> <blockquote> <p>LaunchTemplate1.1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fye8vy4fvzxxjk6ujkhx7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fye8vy4fvzxxjk6ujkhx7.png" alt="LaunchTemplate1.2" width="800" height="1066"></a></p> <blockquote> <p>LaunchTemplate1.2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzq1oz6djdp5hundl6ceq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzq1oz6djdp5hundl6ceq.png" alt="LaunchTemplate1.3" width="800" height="271"></a></p> <blockquote> <p>LaunchTemplate1.3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2k1m4xq1xa827tyi67r3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2k1m4xq1xa827tyi67r3.png" alt="LaunchTemplate1.4" width="800" height="703"></a></p> <blockquote> <p>LaunchTemplate1.4</p> </blockquote> <p><a></a></p> <h3> Step 9. Create an Auto Scaling Group </h3> <ol> <li>Navigate to EC2 &gt; Auto Scaling &gt; Auto Scaling Groups</li> <li>Click <strong>Create Auto Scaling group</strong>.</li> <li>Call the group <code>ASG-SQS</code>.</li> <li>Select Launch Template, and choose the template named <code>AutoScale-SQS</code>.</li> <li>We are using <code>default VPC</code>, which will be selected, so select <code>us-east-1a</code> as subnet.</li> <li>Click Next.</li> <li>Leave the default for Health checks, which is <code>EC2</code>.</li> <li>Leave the default for Configure advanced options and Click Next.</li> <li>For Group Size, enter the following values: <ul> <li>Desired Capacity: <code>1</code> </li> <li>Minimum Capacity: <code>1</code> </li> <li>Maximum Capacity: <code>4</code> </li> </ul> </li> <li>We will not be adding Scaling policies here, so leave the default <code>None</code> and Click Next.</li> <li>Click Next at <code>Add Notifications</code>.</li> <li>Click Next at <code>Add tags</code>.</li> <li>Click Create <code>Auto Scaling Group</code>.</li> <li>Navigate to EC2 &gt; Auto Scaling &gt; click <code>ASG-SQS</code> and then click <code>Automatic scaling</code> </li> <li>We are going to add two dynamic scaling policies, one for scale out and another one for scale in. Click <strong>Create dynamic scaling policy</strong> and enter the following values and then Click <strong>Create</strong>: <ul> <li>Policy type: <code>Simple Scaling</code> </li> <li>Scaling policy name: <code>ScaleOut</code> </li> <li>CloudWatch alarm: <code>ScaleOut</code> </li> <li>Take the action: <code>Add</code> with <code>1</code> capacity units</li> <li>And then wait <code>60</code> seconds before allowing another scaling activity</li> </ul> </li> <li>Click <strong>Create dynamic scaling policy</strong> and enter the following values and then Click <strong>Create</strong>: <ul> <li>Policy type: <code>Simple Scaling</code> </li> <li>Scaling policy name: <code>ScaleIn</code> </li> <li>CloudWatch alarm: <code>ScaleIn</code> </li> <li>Take the action: <code>Remove</code> with <code>1</code> capacity units</li> <li>And then wait <code>120</code> seconds before allowing another scaling activity</li> </ul> </li> </ol> <p>👉 It is best practice to scale up fast and scale down slow. Hence we used 60 seconds to scale out and 120 seconds to scale in.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frkzh595bvg4q44v9x4c3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frkzh595bvg4q44v9x4c3.png" alt="ASG1" width="800" height="837"></a></p> <blockquote> <p>ASG1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltpxo3028i289y907b3g.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fltpxo3028i289y907b3g.png" alt="ASG2" width="800" height="723"></a></p> <blockquote> <p>ASG2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj75emf9kpsq8ajqt6lup.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj75emf9kpsq8ajqt6lup.png" alt="ASG3" width="800" height="754"></a></p> <blockquote> <p>ASG3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhead3g2ex0o8v7wufxhg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhead3g2ex0o8v7wufxhg.png" alt="ASG4" width="800" height="762"></a></p> <blockquote> <p>ASG4</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fo8oixbltgppgi7l9j3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6fo8oixbltgppgi7l9j3.png" alt="ASG5" width="800" height="460"></a></p> <blockquote> <p>ASG5</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgakx52qryz95vejtd8e6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgakx52qryz95vejtd8e6.png" alt="ASG6" width="800" height="460"></a></p> <blockquote> <p>ASG6</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi2nczeve56mfsg5x3nm8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi2nczeve56mfsg5x3nm8.png" alt="ASG7" width="800" height="590"></a></p> <blockquote> <p>ASG7</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feo2i142vkuqlyd9j50el.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Feo2i142vkuqlyd9j50el.png" alt="ASG7.1" width="800" height="623"></a></p> <blockquote> <p>ASG7.1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5yrbf6c9s39z6q1us0uo.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5yrbf6c9s39z6q1us0uo.png" alt="ASG7.2" width="800" height="613"></a></p> <blockquote> <p>ASG7.2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94zljs854lutt51eu7vr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F94zljs854lutt51eu7vr.png" alt="ASG8" width="800" height="122"></a></p> <blockquote> <p>ASG8</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrmcytl7g9d0veax50x9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxrmcytl7g9d0veax50x9.png" alt="ASG8.1_ScaleOut" width="800" height="683"></a></p> <blockquote> <p>ASG8.1_ScaleOut</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fluk13ce7usne6sj96nxx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fluk13ce7usne6sj96nxx.png" alt="ASG8.2_ScaleIn" width="800" height="684"></a></p> <blockquote> <p>ASG8.2_ScaleIn</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswwi96gnopgfor4qtgsf.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fswwi96gnopgfor4qtgsf.png" alt="ASG8.3_Dynamic_Scaling" width="800" height="295"></a></p> <blockquote> <p>ASG8.3_Dynamic_Scaling</p> </blockquote> <p><a></a></p> <h3> Step 10. Verification and Monitoring </h3> <p>We have populated the queue with 2000 messages and have an auto scaling group launch with a maximum of 4 instances. We will now be verifying it using Cloud Watch Alarms and Auto Scaling group's Activity.</p> <ol> <li>Navigate to CloudWatch &gt; Alarms &gt; ScaleOut, the state of ScaleOut Alarm status will be <code>In alarm</code> and the ScaleIn Alarm status will be <code>OK</code>.</li> <li>After a period of 10 mins or so, you will notice 4 EC2 instances launched under EC2 &gt; Auto Scaling groups &gt; ASG-SQS &gt; Activity.</li> <li>Monitor the messages in <code>MyMessages</code> queue, the number of messages will reduce as they are processed by the EC2 instances.</li> <li>Navigate to CloudWatch &gt; Alarms &gt; ScaleIn, the state of ScaleIn Alarm status will be <code>In alarm</code> and the ScaleOut Alarm status will be <code>OK</code>.</li> <li>You will notice 3 EC2 instances terminated under EC2 &gt; Auto Scaling groups &gt; ASG-SQS &gt; Activity when the messages are less than <strong>300</strong>.</li> </ol> <h4> How to verify that the SQS messages are being processed </h4> <p>Log on to the EC2 Instance and then switch to the root user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>ec2-user@ip-172-31-47-21 ~]<span class="nv">$ </span><span class="nb">sudo </span>su - </code></pre> </div> <p>Execute the following command, which will show the log file name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ps xf </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">[</span>root@ip-172-31-47-21 ~]# <span class="nb">tail</span> <span class="nt">-f</span> /var/log/cloud-init-output.log Sleep <span class="k">for </span>1 second... Sleep <span class="k">for </span>1 second... Sleep <span class="k">for </span>1 second... Sleep <span class="k">for </span>1 second... ^C </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqdto7k32ruxcj43mroww.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqdto7k32ruxcj43mroww.png" alt="Messages_in_the_queue" width="800" height="110"></a></p> <blockquote> <p>Messages_in_the_queue</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d81ihvzv12obsxlmwz9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0d81ihvzv12obsxlmwz9.png" alt="ScaleOut_Alarm" width="800" height="431"></a></p> <blockquote> <p>ScaleOut_Alarm</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fegncwgp70ou8qpnr11hh.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fegncwgp70ou8qpnr11hh.png" alt="ScaleOut_Activity" width="800" height="374"></a></p> <blockquote> <p>ScaleOut_Activity</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4qgq4iooufewhoz5t9wr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4qgq4iooufewhoz5t9wr.png" alt="Processing_Messages" width="800" height="124"></a></p> <blockquote> <p>Processing_Messages</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6e3aspvrglespoihu5a.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fb6e3aspvrglespoihu5a.png" alt="ScaleIn_Alarm" width="800" height="447"></a></p> <blockquote> <p>ScaleIn_Alarm</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy4bwqzluwjoisbjyeaio.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy4bwqzluwjoisbjyeaio.png" alt="ScaleIn_Activity" width="800" height="326"></a></p> <blockquote> <p>ScaleIn_Activity</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxxfm2pjbazi7ene2j651.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxxfm2pjbazi7ene2j651.png" alt="Queue_is_Empty" width="800" height="111"></a></p> <blockquote> <p>Queue_is_Empty</p> </blockquote> <p>👉 Auto Scaling Group Tip: When you do not want to have instances running or for Disaster Recovery purposes or to save costs, you may set the following inputs to <strong>Zero</strong>.</p> <ul> <li>Desired Capacity: <code>0</code> </li> <li>Minimum Capacity: <code>0</code> </li> <li>Maximum Capacity: <code>0</code> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5u8aclozbbqtnp7whyg6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5u8aclozbbqtnp7whyg6.png" alt="ASG_Tip" width="800" height="495"></a></p> <blockquote> <p>ASG_Tip</p> </blockquote> <p><a></a></p> <h3> Clean Up </h3> <ol> <li>Terminate <code>Cloud9</code> EC2 instance.</li> <li>Delete <code>ASG-SQS</code> under <code>Auto Scaling groups</code>.</li> <li>Delete <code>AutoScale-SQS</code> under <code>Launch Templates</code> </li> <li>Delete <code>auto-scale</code> under <code>Key Pairs</code> </li> <li>Delete Security Group <code>MyIPSSH-SG</code>.</li> <li>Delete <code>EC2InstanceRoleForSQS</code> Role under IAM.</li> <li>Delete S3 bucket <code>autoscalescripts</code>.</li> <li>Delete SQS queue <code>MyMessages</code>.</li> </ol> <p><a></a></p> <h3> Summary </h3> <p>👉 It is important to not have the same value for scale-in and scale-out thresholds. We should leave a gap between them to prevent oscillation.<br> 👉 The best practice is to scale up fast, and scale down slow.<br> 👉 Launching an EC2 instance might be slow if we have to install software, configure..etc during the scale out. One way to speed up the process is by creating an AMI with all the required software and then use that AMI in the Launch template.</p> <p>Hope you learnt something new from the above demo.</p> <p>See you next time 👋</p> <p><a></a></p> <h3> Referrals </h3> <ul> <li><a href="https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html" rel="noopener noreferrer">Scaling based on Amazon SQS</a></li> </ul> opensource community discuss Sri Sat, 07 Jan 2023 22:00:00 +0000 https://forem.com/aws-builders/aws-simple-queue-service-sqs-101-with-a-demo-using-aws-cli-32dc https://forem.com/aws-builders/aws-simple-queue-service-sqs-101-with-a-demo-using-aws-cli-32dc <h2> Table of Contents </h2> <ol> <li>Introduction</li> <li>Standard vs FIFO Queue</li> <li>Queue Configuration</li> <li>Create a SQS queue</li> <li>Create a Cloud9 instance</li> <li>Challenge</li> <li>Summary</li> <li>Referrals</li> </ol> <p><a></a></p> <h3> Introduction </h3> <p>In this blog we are going to create a SQS queue using the AWS Console and then interact with it using <code>AWS CLI</code>, <code>bash</code> and <code>jq</code>.</p> <h3> What is SQS? </h3> <p>Amazon Simple Queue Service (SQS) lets you send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.</p> <p>Some of the use cases of SQS</p> <ul> <li>Increase application reliability and scale.</li> <li>Decouple microservices and process event-driven applications.</li> <li>Ensure work is completed cost-effectively and on time.</li> <li>Maintain message ordering with deduplication</li> </ul> <p><a></a></p> <h4> Standard vs FIFO Queue </h4> <p>SQS offers two types of queues – Standard &amp; FIFO queues<br> Some of the major differences between the standard and the FIFO queues are:</p> <p><a href="https://dev.to/aws-builders/sagemaker-and-amazon-stack-2jaa">https://dev.to/aws-builders/sagemaker-and-amazon-stack-2jaa</a></p> <h5> Message Order </h5> <ul> <li>Standard queues provide best-effort ordering which ensures that messages are generally delivered in the same order as they are sent. Occasionally (because of the highly-distributed architecture that allows high throughput), more than one copy of a message might be delivered out of order.</li> <li>FIFO queues offer first-in-first-out delivery and exactly-once processing: the order in which messages are sent and received is strictly preserved.</li> </ul> <h5> Delivery </h5> <ul> <li>Standard queues guarantees that a message is delivered at least once and duplicates can be introduced into the queue.</li> <li>FIFO queues ensure a message is delivered exactly once and remains available until a consumer processes and deletes it. The duplicates are not introduced into the queue.</li> </ul> <h5> Transactions Per Second (TPS) </h5> <ul> <li>Standard queues allow nearly-unlimited number of transactions per second.</li> <li>FIFO queues are limited to 300 transactions per second per API action. However It can be increased to 3000 by using batching.</li> </ul> <p><a></a></p> <h4> Queue Configuration </h4> <blockquote> <p>Note: The following is from AWS Console</p> </blockquote> <p><strong><em>Visibility timeout:</em></strong> Should be between 0 seconds and 12 hours (default: 30 seconds).</p> <ul> <li>Visibility timeout sets the length of time that a message received from a queue (by one consumer) will not be visible to the other message consumers.</li> <li>The visibility timeout begins when Amazon SQS returns a message. If the consumer fails to process and delete the message before the visibility timeout expires, the message becomes visible to other consumers. If a message must be received only once, your consumer must delete it within the duration of the visibility timeout.</li> <li>The default visibility timeout setting is 30 seconds. This setting applies to all messages in the queue. Typically, you should set the visibility timeout to the maximum time that it takes your application to process and delete a message from the queue.</li> </ul> <p><strong><em>Message retention period:</em></strong> Should be between 1 minute and 14 days (default: 4 days).</p> <ul> <li>The message retention period is the amount of time that Amazon SQS retains a message that does not get deleted. Amazon SQS automatically deletes messages that have been in a queue for more than the maximum message retention period. The default retention period is 4 days. The retention period has a range of 60 seconds to 1,209,600 seconds (14 days).</li> <li>The expiration of a message is always based on its original enqueue timestamp. When a message is moved to a dead-letter queue, the enqueue timestamp remains unchanged. For example, if a message spends 1 day in the original queue before being moved to a dead-letter queue, and the retention period of the dead-letter queue is set to 4 days, the message is deleted from the dead-letter queue after 3 days. For this reason, we recommend that you always set the retention period of a dead-letter queue to be longer than the retention period of the original queue.</li> </ul> <p><strong><em>Delivery delay:</em></strong> Should be between 0 seconds and 15 minutes (default: 0 seconds).</p> <ul> <li>If your consumers need additional time to process messages, you can delay each new message coming to the queue. The delivery delay is the amount of time to delay the first delivery of each message added to the queue. Any messages that you send to the queue remain invisible to consumers for the duration of the delay period. The default (minimum) delay for a queue is 0 seconds. The maximum is 15 minutes.</li> <li>For standard queues, the per-queue delay setting is not retroactive; changing the setting doesn't affect the delay of messages already in the queue.</li> <li>For FIFO queues, the per-queue delay setting is retroactive; changing the setting affects the delay of messages already in the queue.</li> </ul> <p><strong><em>Maximum message size:</em></strong> Should be between 1 KB and 256 KB (default: 256 KB).</p> <ul> <li>You can set the maximum message size for your queue. The smallest supported message size is 1 byte (1 character). The largest size is 262,144 bytes (256 KB). To send messages larger than 256 KB, you can use the Amazon SQS Extended Client Library for Java (<a href="https://github.com/awslabs/amazon-sqs-java-extended-client-lib" rel="noopener noreferrer">https://github.com/awslabs/amazon-sqs-java-extended-client-lib</a>). This library allows you to send an Amazon SQS message that contains a reference to a message payload in Amazon S3. The maximum payload size is 2 GB.</li> </ul> <p><strong><em>Receive message wait time:</em></strong> Should be between 0 and 20 seconds (default: 0 seconds).</p> <ul> <li>The receive message wait time is the maximum amount of time that polling will wait for messages to become available to receive. The minimum value is zero seconds and the maximum value is 20 seconds.</li> <li>Long polling helps reduce the cost of using Amazon SQS by eliminating the number of empty responses (when there are no messages available for a ReceiveMessage request) and false empty responses (when messages are available but aren't included in a response). If a receive request collects the maximum number of messages, it returns immediately. It does not wait for the polling to time out.</li> <li>If you set the receive message wait time to zero, the receive requests use short polling.</li> </ul> <h2> Demo </h2> <p>Let's get started with the demo.</p> <p><a></a></p> <h3> Create a SQS queue </h3> <ol> <li>Navigate to <strong>Simple Queue Service</strong> and click <strong>Create queue</strong> </li> <li>Enter <strong>Name</strong> as <code>MyMessages</code>, leave the rest as defaults and click <strong>Create queue</strong> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2840jonlzd6rcvmtlhjr.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2840jonlzd6rcvmtlhjr.png" alt="&gt; SQS_4" width="800" height="618"></a></p> <blockquote> <p>SQS_1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0hc7eqa4g80wskip1i8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0hc7eqa4g80wskip1i8.png" alt="SQS_2" width="800" height="565"></a></p> <blockquote> <p>SQS_2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffsrlwh25smnutkqh6nw4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffsrlwh25smnutkqh6nw4.png" alt="SQS_3" width="800" height="209"></a></p> <blockquote> <p>SQS_3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cxuzg9jeq12ab6vi42x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9cxuzg9jeq12ab6vi42x.png" alt="SQS_4" width="800" height="120"></a></p> <blockquote> <p>SQS_4</p> </blockquote> <p><a></a></p> <h3> Cloud9 </h3> <ol> <li>Navigate to <strong>Cloud9</strong> &gt; <strong>Create Environment</strong> </li> <li>Enter <strong>Name</strong> as <code>SQS</code> and click <strong>Create</strong> </li> <li>Click <strong>Open</strong> under <strong>AWS Cloud9</strong> &gt; <strong>Environments</strong> </li> </ol> <p>Let's check aws cli version.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>aws <span class="nt">--version</span> aws-cli/1.19.112 Python/2.7.18 Linux/4.14.301-224.520.amzn2.x86_64 botocore/1.20.112 </code></pre> </div> <p>jq is not installed by default on Cloud9.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>jq bash: jq: <span class="nb">command </span>not found </code></pre> </div> <p>Install jq by executing the following command.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>yum <span class="nb">install </span>jq <span class="nt">-y</span> </code></pre> </div> <p>How to check if jq is installed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>rpm <span class="nt">-qa</span>|grep jq jq-1.5-1.amzn2.0.2.x86_64 </code></pre> </div> <p>jq -help<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>jq jq - commandline JSON processor <span class="o">[</span>version 1.5] Usage: jq <span class="o">[</span>options] &lt;jq filter&gt; <span class="o">[</span>file...] jq is a tool <span class="k">for </span>processing JSON inputs, applying the given filter to its JSON text inputs and producing the filter<span class="s1">'s results as JSON on standard output. The simplest filter is ., which is the identity filter, copying jq'</span>s input to its output unmodified <span class="o">(</span>except <span class="k">for </span>formatting<span class="o">)</span><span class="nb">.</span> For more advanced filters see the jq<span class="o">(</span>1<span class="o">)</span> manpage <span class="o">(</span><span class="s2">"man jq"</span><span class="o">)</span> and/or https://stedolan.github.io/jq Some of the options include: <span class="nt">-c</span> compact instead of pretty-printed output<span class="p">;</span> <span class="nt">-n</span> use <span class="sb">`</span>null<span class="sb">`</span> as the single input value<span class="p">;</span> <span class="nt">-e</span> <span class="nb">set </span>the <span class="nb">exit </span>status code based on the output<span class="p">;</span> <span class="nt">-s</span> <span class="nb">read</span> <span class="o">(</span>slurp<span class="o">)</span> all inputs into an array<span class="p">;</span> apply filter to it<span class="p">;</span> <span class="nt">-r</span> output raw strings, not JSON texts<span class="p">;</span> <span class="nt">-R</span> <span class="nb">read </span>raw strings, not JSON texts<span class="p">;</span> <span class="nt">-C</span> colorize JSON<span class="p">;</span> <span class="nt">-M</span> monochrome <span class="o">(</span>don<span class="s1">'t colorize JSON); -S sort keys of objects on output; --tab use tabs for indentation; --arg a v set variable $a to value &lt;v&gt;; --argjson a v set variable $a to JSON value &lt;v&gt;; --slurpfile a f set variable $a to an array of JSON texts read from &lt;f&gt;; See the manpage for more options. </span></code></pre> </div> <p>Send a SQS message using AWS CLI</p> <p>In order to send a message to SQS, we need <code>queue-url</code>.<br> We could either hard code the <code>queue-url</code> or retreive the <code>queue-url</code> and then pass it to <code>send-message</code>, <code>receive-message</code> or <code>delete-message</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># queueurl is required to send or receive messages from SQS</span> <span class="c"># Note: AWS CLI and boto3 need to use legacy endpoint</span> <span class="c"># If we use the AWS CLI or SDK for Python, we need to use the legacy endpoints from https://docs.aws.amazon.com/general/latest/gr/sqs-service.html.</span> <span class="c"># Otherwise, you will get the following error</span> <span class="c"># botocore.exceptions.ClientError: An error occurred (InvalidAddress) when calling the ReceiveMessage operation: The address https://eu-central-1.queue.amazonaws.com/ is not valid for this endpoint.</span> <span class="nb">export </span><span class="nv">queueurl</span><span class="o">=</span><span class="si">$(</span>aws sqs get-queue-url <span class="nt">--queue-name</span> <span class="s2">"MyMessages"</span>|jq <span class="s2">".QueueUrl"</span>|sed <span class="s2">"s/sqs.us-east-1.amazonaws.com/queue.amazonaws.com/g"</span>|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"queueurl:"</span> <span class="nv">$queueurl</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>aws sqs send-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> <span class="nt">--message-body</span> Message <span class="nt">--region</span> us-east-1 <span class="o">{</span> <span class="s2">"MD5OfMessageBody"</span>: <span class="s2">"4c2a8fe7eaf24721cc7a9f0175115bd4"</span>, <span class="s2">"MessageId"</span>: <span class="s2">"614ec45a-82b8-4788-aed6-6f3d80051780"</span> <span class="o">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>aws sqs receive-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> <span class="o">{</span> <span class="s2">"Messages"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"Body"</span>: <span class="s2">"Message"</span>, <span class="s2">"ReceiptHandle"</span>: <span class="s2">"AQEBxxUZvU5S1OP2VFBIY5bpg267ZQvSkX3n7jfV505VumHa2JCHo5BR/trRSCKOlhcLSyvJzBUBhq9TPHlQ4F4nQu839HruurRMMYCaaZBiiEdFnADm3EwEi8+Hj9YsmmGf0YL4ftlTyMHnJFjL9l06e7qZZyV8lWKv+q/mnEU8v69AumtvcS7OhmgAtUzQUqG+4/enJgt3WrN1eJiJRlmiUbDpV3VCGr7wQbU5C+GAmYjVNs+vNrMSzOceKFs3XQH6vwhNnnp1d3dJZzn+JEjpfx8g6INrq1LYShgg6cTUVygc2jXuQNBoSHP4Jx6szscdLm2P4gUD515UJ948nX/Zlsu90GZtfyGY5S4wzgl9oYpJcPLRV7z6ISnte0WKuK9cHPCEzmyGeERS1yC7YKXRNA=="</span>, <span class="s2">"MD5OfBody"</span>: <span class="s2">"4c2a8fe7eaf24721cc7a9f0175115bd4"</span>, <span class="s2">"MessageId"</span>: <span class="s2">"614ec45a-82b8-4788-aed6-6f3d80051780"</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> </code></pre> </div> <p>👉 If you run the command again with in the Visibility timeout of 30 secs, SQS will not send the message again.<br> However if the message is not processed and deleted by the consumer, the message becomes visible to other consumers. If a message must be received only once, the consumer must delete it within the duration of the visibility timeout.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Sri:~/environment <span class="nv">$ </span>aws sqs receive-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> Sri:~/environment <span class="nv">$ </span> </code></pre> </div> <p>So in order to delete the message, we need to retreive the <code>receipt-handle</code> and then pass the <code>--receipt-handle</code> to <code>sqs delete-message</code><br> Since the output message is a JSON message and we only need <code>receipt-handle</code>, we can use <strong>jq</strong>, which is like sed for JSON data - you can use it to slice, filter, map and transform structured data in the same way that you would with sed, awk, grep and other linux tools.</p> <p>What does <code>get-queue-url</code> do?<br> It retreives <code>QueueUrl</code> and then replaces the endpoint with a legacy endpoint and also removes double quotes from the <code>QueueUrl</code>.</p> <p>The following code snippet retrieves and deletes the message.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">queueurl</span><span class="o">=</span><span class="si">$(</span>aws sqs get-queue-url <span class="nt">--queue-name</span> <span class="s2">"MyMessages"</span>|jq <span class="s2">".QueueUrl"</span>|sed <span class="s2">"s/sqs.us-east-1.amazonaws.com/queue.amazonaws.com/g"</span>|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"queueurl:"</span> <span class="nv">$queueurl</span> <span class="c"># receiptHandle is required to delete the message from SQS after the message is retreived</span> <span class="nb">export </span><span class="nv">receiptHandle</span><span class="o">=</span><span class="si">$(</span>aws sqs receive-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span>|jq .Messages[0].ReceiptHandle|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"receiptHandle:"</span> <span class="nv">$receiptHandle</span> <span class="c">#echo -e "aws sqs delete-message --queue-url $queueurl --receipt-handle $receiptHandle --region us-east-1"</span> aws sqs delete-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> <span class="nt">--receipt-handle</span> <span class="nv">$receiptHandle</span> <span class="nt">--region</span> us-east-1<span class="p">;</span> </code></pre> </div> <p>Let's send a 100 messages to the SQS queue, retrieve them and then delete the messages using bash scripts.<br> Open up two terminal windows on Cloud9 and use one to execute <code>./sendMessages.sh</code> and the other for <code>./receiveMessages.sh</code>.</p> <p><em>sendMessages.sh</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># queueurl is required to send or receive messages from SQS</span> <span class="c"># Note: AWS CLI and boto3 need to use legacy endpoint</span> <span class="c"># If we use the AWS CLI or SDK for Python, we need to use the legacy endpoints from https://docs.aws.amazon.com/general/latest/gr/sqs-service.html.</span> <span class="c"># Otherwise, you will get the following error</span> <span class="c"># botocore.exceptions.ClientError: An error occurred (InvalidAddress) when calling the ReceiveMessage operation: The address https://eu-central-1.queue.amazonaws.com/ is not valid for this endpoint.</span> <span class="nv">queueurl</span><span class="o">=</span><span class="si">$(</span>aws sqs get-queue-url <span class="nt">--queue-name</span> <span class="s2">"MyMessages"</span>|jq <span class="s2">".QueueUrl"</span>|sed <span class="s2">"s/sqs.us-east-1.amazonaws.com/queue.amazonaws.com/g"</span>|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"queueurl:"</span> <span class="nv">$queueurl</span> <span class="nb">echo</span> <span class="s2">"aws sqs send-message --queue-url </span><span class="nv">$queueurl</span><span class="s2"> --message-body Message --region us-east-1"</span> <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..100<span class="o">}</span> <span class="p">;</span> <span class="k">do </span>aws sqs send-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> <span class="nt">--message-body</span> <span class="s2">"Message-</span><span class="nv">$i</span><span class="s2">"</span> <span class="nt">--region</span> us-east-1 <span class="p">;</span> <span class="k">done</span><span class="p">;</span> </code></pre> </div> <p><em>receiveMessages.sh</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># queueurl is required to send or receive messages from SQS</span> <span class="c"># Note: AWS CLI and boto3 need to use legacy endpoint</span> <span class="c"># If we use the AWS CLI or SDK for Python, we need to use the legacy endpoints from https://docs.aws.amazon.com/general/latest/gr/sqs-service.html.</span> <span class="c"># Otherwise, you will get the following error</span> <span class="c"># botocore.exceptions.ClientError: An error occurred (InvalidAddress) when calling the ReceiveMessage operation: The address https://eu-central-1.queue.amazonaws.com/ is not valid for this endpoint.</span> <span class="nv">queueurl</span><span class="o">=</span><span class="si">$(</span>aws sqs get-queue-url <span class="nt">--queue-name</span> <span class="s2">"MyMessages"</span>|jq <span class="s2">".QueueUrl"</span>|sed <span class="s2">"s/sqs.us-east-1.amazonaws.com/queue.amazonaws.com/g"</span>|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"queueurl:"</span> <span class="nv">$queueurl</span> <span class="k">for </span>i <span class="k">in</span> <span class="o">{</span>1..100<span class="o">}</span><span class="p">;</span> <span class="k">do</span> <span class="c"># receiptHandle is required to delete the message from SQS after the message is retreived</span> <span class="nv">receiptHandle</span><span class="o">=</span><span class="si">$(</span>aws sqs receive-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span>|jq .Messages[0].ReceiptHandle|sed <span class="s1">'s/"//g'</span><span class="si">)</span> <span class="c">#echo "receiptHandle:" $receiptHandle</span> <span class="c">#echo -e "aws sqs delete-message --queue-url $queueurl --receipt-handle $receiptHandle --region us-east-1"</span> aws sqs delete-message <span class="nt">--queue-url</span> <span class="nv">$queueurl</span> <span class="nt">--receipt-handle</span> <span class="nv">$receiptHandle</span> <span class="nt">--region</span> us-east-1<span class="p">;</span> <span class="nb">echo</span> <span class="s2">"Sleep for 1 second..."</span> <span class="nb">sleep </span>1 <span class="k">done</span><span class="p">;</span> </code></pre> </div> <p><a></a></p> <h3> Challenge </h3> <p>There are some improvements which we can make to the above. I will leave this as a challenge for now.<br> Please let me know in the comments if you have managed to solve it.<br> I will provide an update in a comment at some point.</p> <ol> <li> <p>We can use <code>--max-number-of-messages (integer)</code>.</p> <blockquote> <p>The maximum number of messages to return. Amazon SQS never returns more messages than this value (however, fewer messages might be returned). Valid values: 1 to 10. Default: 1.</p> </blockquote> </li> <li><p>jq query in the command also need to be updated to retrieve an array of <code>--receipt-handle</code>.</p></li> <li><p>bash script also need to store the returned array and loop through the array to delete all the messages returned by <code>--max-number-of-messages</code>.</p></li> </ol> <p><a></a></p> <h4> Clean Up </h4> <ol> <li>Delete the <code>MyMessages</code> Queue.</li> <li>Terminate <code>Cloud9</code> EC2 instance.</li> </ol> <p><a></a></p> <h4> Summary </h4> <ul> <li>We learned about <code>SQS</code>.</li> <li>We also learned about <code>bash scripting</code> and <code>jq</code>.</li> </ul> <p>See you next time 👋</p> <p><a></a></p> <h3> Referrals </h3> <ul> <li><a href="https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sqs/index.html" rel="noopener noreferrer">Amazon SQS API Reference</a></li> <li><a href="https://stackoverflow.com/questions/74926354/botot3-with-sqs-the-address-queueurl-is-not-valid-for-this-endpoint" rel="noopener noreferrer">botot3 with sqs: the address 'QueueUrl' is not valid for this endpoint</a></li> <li><a href="https://docs.aws.amazon.com/general/latest/gr/sqs-service.html" rel="noopener noreferrer">Amazon Simple Queue Service endpoints and quotas</a></li> </ul> emptystring Sri Sat, 31 Dec 2022 23:00:00 +0000 https://forem.com/aws-builders/how-to-set-up-jenkins-and-a-pipeline-on-aws-2pak https://forem.com/aws-builders/how-to-set-up-jenkins-and-a-pipeline-on-aws-2pak <h2> Table of Contents </h2> <ol> <li>Introduction</li> <li>Create an IAM User</li> <li>Create a Key pair</li> <li>Create a Security Group</li> <li>Create an EC2 instance</li> <li>Install and Configure Jenkins</li> <li>Create a Pipeline</li> <li>Clean Up</li> <li>Summary</li> <li>Referrals</li> </ol> <p><a></a></p> <h3> Introduction </h3> <p>In this blog we are going to set up Jenkins on an EC2 instance and then set up a pipeline to copy a file from S3.<br> We are going to start something very basic and enhance it as we move along.</p> <h3> What is Jenkins? </h3> <p>Jenkins offers a simple way to set up a continuous integration or continuous delivery (CI/CD) environment for almost any combination of languages and source code repositories using pipelines, as well as automating other routine development tasks. While Jenkins doesn’t eliminate the need to create scripts for individual steps, it does give you a faster and more robust way to integrate your entire chain of build, test, and deployment tools than you can easily build yourself.</p> <h3> What is Jenkins Pipeline? </h3> <p>Jenkins Pipeline is a suite of plugins which supports implementing and integrating continuous delivery pipelines into Jenkins.</p> <p>Pipeline provides an extensible set of tools for modeling simple-to-complex delivery pipelines <code>as code</code> via the <a href="https://www.jenkins.io/doc/book/pipeline/syntax" rel="noopener noreferrer">Pipeline domain-specific language (DSL) syntax</a>.</p> <h3> Demo </h3> <p>Let's get started with the demo.</p> <p><a></a></p> <h4> Step 1. Create an IAM User </h4> <ol> <li>Navigate to IAM &gt; Users &gt; Click on <strong>Add users</strong> </li> <li>Enter User Name as JenkinsUser</li> <li>Select Access key - Programmatic access and Click <strong>Next: Permissions</strong> </li> <li>Click Attach existing policies directly and then <strong>Create policy</strong> </li> <li>In the Create policy window, Click on <strong>JSON</strong> and add the following <em>JenkinsEC2Policy</em> and save the policy as <strong>JenkinsEC2Policy</strong> </li> <li>Select AmazonS3ReadOnlyAccess and JenkinsEC2Policy under <strong>Attach existing policies directly</strong> </li> <li>Click <strong>Next:Tags</strong>, <strong>Next:Review</strong> and then <strong>Create user</strong> </li> <li> <p>Download the credentials <strong>.csv</strong> file as we will need this during Jenkins configuration at Step 6. </p> <p><em>JenkinsEC2Policy</em><br> </p> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Sid"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Stmt1312295543082"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"ec2:DescribeSpotInstanceRequests"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CancelSpotInstanceRequests"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:GetConsoleOutput"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:RequestSpotInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:RunInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:StartInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:StopInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:TerminateInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:CreateTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DeleteTags"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstances"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeInstanceTypes"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeKeyPairs"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeRegions"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeImages"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeAvailabilityZones"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeSecurityGroups"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:DescribeSubnets"</span><span class="p">,</span><span class="w"> </span><span class="s2">"iam:ListInstanceProfilesForRole"</span><span class="p">,</span><span class="w"> </span><span class="s2">"iam:PassRole"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ec2:GetPasswordData"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fga6tlhu1j86dq60kmvv0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fga6tlhu1j86dq60kmvv0.png" alt="IAM_JenkinsUser1" width="800" height="417"></a></p> <blockquote> <p>IAM_JenkinsUser1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr8ayag4dtjl9yxj45gg7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr8ayag4dtjl9yxj45gg7.png" alt="IAM_JenkinsUser2" width="800" height="673"></a></p> <blockquote> <p>IAM_JenkinsUser2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjvvvukxtn6q70ve32af9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjvvvukxtn6q70ve32af9.png" alt="IAM_JenkinsUser3" width="800" height="349"></a></p> <blockquote> <p>IAM_JenkinsUser3</p> </blockquote> <p><a></a></p> <h4> Step 2. Create a key pair </h4> <ol> <li>Navigate to EC2 &gt; Key Pairs (under Network &amp; Security).</li> <li>Click <code>Create key pair</code>.</li> <li>Navigate to the folder where the key pair is downloaded and run. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">chmod </span>400 &lt;key_pair_name&gt;.pem </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvv4s38p2f973r366acce.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvv4s38p2f973r366acce.png" alt="Jenkins_Keypair" width="800" height="717"></a></p> <blockquote> <p>Jenkins_Keypair</p> </blockquote> <p><a></a></p> <h4> Step 3. Create a Security Group </h4> <ol> <li>We are going to create a Security Group for SSH and Jenkins web access.</li> <li>Navigate to EC2 &gt; Security Groups &gt; Create a new security group for your ALB, and set the following values: <ul> <li>Name: <code>JenkinsSG</code>.</li> <li>Add an Inbound rule to allow <code>SSH (TCP 22)</code> traffic from <code>My IP</code>.</li> <li>Add another Inbound rule to allow <code>Custom (TCP 8080)</code> traffic from <code>My IP</code>.</li> </ul> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiyd59lgalp2vw509nhhm.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiyd59lgalp2vw509nhhm.png" alt="Jenkins_SG" width="800" height="385"></a></p> <blockquote> <p>Jenkins_SG</p> </blockquote> <p><a></a></p> <h4> Step 4. Create an EC2 instance </h4> <ol> <li>Navigate to EC2 &gt; EC2 Dashboard &gt; Click on <strong>Launch instance</strong>.</li> <li>Launch an instance with the following values as shown in the screenshots.</li> <li>When the instance state is Running, select the instance and click on Connect and then copy the connections details.</li> <li> <p>Connect to the instance.<br> </p> <pre class="highlight shell"><code>ssh <span class="nt">-i</span> <span class="s2">"Jenkins-Keypair.pem"</span> ec2-user@ec2-54-211-70-130.compute-1.amazonaws.com </code></pre> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqrb3o7w58bcsmhsj5o0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fkqrb3o7w58bcsmhsj5o0.png" alt="Jenkins_EC1" width="800" height="849"></a></p> <blockquote> <p>Jenkins_EC1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvoh8taye0u2m7cupxf9w.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvoh8taye0u2m7cupxf9w.png" alt="Jenkins_EC2" width="800" height="690"></a></p> <blockquote> <p>Jenkins_EC2</p> </blockquote> <p><a></a></p> <h4> Step 5. Install and Configure Jenkins </h4> <h5> Install Jenkins </h5> <ol> <li> <p>Ensure that the software packages are up to date on the instance by executing the following command:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo yum update –y </code></pre> </li> <li> <p>Add the Jenkins repo using the following command:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo </code></pre> </li> <li> <p>Import a key file from Jenkins-CI to enable installation from the package:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key [ec2-user ~]$ sudo yum upgrade </code></pre> </li> <li> <p>Install Java:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo amazon-linux-extras install java-openjdk11 -y </code></pre> </li> <li> <p>Install Jenkins:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo yum install jenkins -y </code></pre> </li> <li> <p>Enable Jenkins service to auto start at boot:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo systemctl enable jenkins </code></pre> </li> <li> <p>Start Jenkins as a service:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo systemctl start jenkins </code></pre> </li> <li> <p>You can check the status of the Jenkins service using the command:<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo systemctl status jenkins </code></pre> </li> <li> <p>Just in case we ever need to restart Jenkins during this setup/configuration.<br> </p> <pre class="highlight plaintext"><code>[ec2-user ~]$ sudo systemctl restart jenkins </code></pre> </li> </ol> <h5> Configure Jenkins </h5> <ol> <li>Copy the <strong>Public IPv4 DNS</strong> of EC2 instance and paste the URL as following in the browser For Example: <a href="http://ec2-54-211-70-130.compute-1.amazonaws.com:8080" rel="noopener noreferrer">http://ec2-54-211-70-130.compute-1.amazonaws.com:8080</a> </li> <li> <p>Enter the initialAdminPassword from <code>/var/lib/jenkins/secrets/initialAdminPassword</code> and Click <strong>Continue</strong><br> </p> <pre class="highlight plaintext"><code>[ec2-user@ip-172-31-89-157 ~]$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword 671x0x5x3xxx46xxxxxx099x1xf0149x </code></pre> </li> <li><p>Select Install suggested plugins.</p></li> <li><p>Once the installation is complete, Create First Admin User will open. Enter your information, and then select <strong>Save</strong> and <strong>Continue</strong>.</p></li> <li><p>Click <strong>Dashboard</strong>, select <strong>Manage Jenkins</strong>, and then select <strong>Manage Plugins</strong>.</p></li> <li><p>Click <strong>Available plugins</strong>, Search and Select <strong>Amazon EC2</strong> and then <em>**Install without restart</em>*</p></li> <li><p>Once the installation is complete, Navigate back to <strong>Dashboard</strong>, select <strong>Manage Jenkins</strong>, select <strong>Manage nodes and clouds</strong> and then click on <strong>Configure Clouds</strong>.</p></li> <li><p>Select <strong>Add a new cloud</strong>, and select <strong>Amazon EC2</strong>. A new pop up window opens with more fields.</p></li> <li> <p>Click Add under Amazon EC2 Credentials and Select <strong>Jenkins</strong></p> <ul> <li>From the <strong>Jenkins Credentials Provider: Jenkins</strong>, select <strong>AWS Credentials</strong> as the Kind.</li> <li>Enter <strong>Access Key ID</strong>, <strong>Secret Access Key</strong> from the key pair and Click <strong>Add</strong>.</li> </ul> </li> <li><p>Scroll down to Region and select your Region.</p></li> <li> <p>Click Add under <strong>EC2 Key Pair's Private Key</strong> and Select <strong>Jenkins</strong>.</p> <ul> <li>From the <strong>Jenkins Credentials Provider: Jenkins</strong>, select <code>SSH Username with private key</code> as the Kind and set the Username to <code>ec2-user</code>.</li> <li>Select <code>Enter Directly</code> under <strong>Private Key</strong>, then select Add.</li> <li>Open the private key pair you created in the creating a key pair step and paste in the contents from <code>-----BEGIN RSA PRIVATE KEY-----</code> to <code>-----END RSA PRIVATE KEY-----</code>. Select <strong>Add</strong> when completed.</li> </ul> </li> <li><p>Scroll down to <strong>Test Connection</strong> and ensure it states <code>Success</code> and then Click <strong>Save</strong>.</p></li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft07lvv80n4ojez5dbexg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft07lvv80n4ojez5dbexg.png" alt="Jenkins_Configure1" width="800" height="589"></a></p> <blockquote> <p>Jenkins_Configure1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcy8tzfxlohsgh547fl7k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcy8tzfxlohsgh547fl7k.png" alt="Jenkins_Configure2" width="800" height="591"></a></p> <blockquote> <p>Jenkins_Configure2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjbtt6p7u5zqbn2yo5xww.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjbtt6p7u5zqbn2yo5xww.png" alt="Jenkins_Configure3" width="800" height="587"></a></p> <blockquote> <p>Jenkins_Configure3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpfwtd3drjvixrcz2gfq0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpfwtd3drjvixrcz2gfq0.png" alt="Jenkins_Configure4" width="800" height="586"></a></p> <blockquote> <p>Jenkins_Configure4</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcz56xkuvt3j8rjexotux.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcz56xkuvt3j8rjexotux.png" alt="Jenkins_Configure5" width="800" height="588"></a></p> <blockquote> <p>Jenkins_Configure5</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futg05l3slf9ehvy709i1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Futg05l3slf9ehvy709i1.png" alt="Jenkins_Configure6" width="800" height="589"></a></p> <blockquote> <p>Jenkins_Configure6</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiirlukkodtzj843zkbtu.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fiirlukkodtzj843zkbtu.png" alt="Jenkins_Configure7" width="800" height="406"></a></p> <blockquote> <p>Jenkins_Configure7</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lijcvyowwk1x6mmkrxk.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4lijcvyowwk1x6mmkrxk.png" alt="Jenkins_Configure8" width="800" height="425"></a></p> <blockquote> <p>Jenkins_Configure8</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmjoqh28y1ujnjsrbnju0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmjoqh28y1ujnjsrbnju0.png" alt="Jenkins_Configure9" width="596" height="345"></a></p> <blockquote> <p>Jenkins_Configure9</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffcdie7hgad701yxct5ry.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffcdie7hgad701yxct5ry.png" alt="Jenkins_Configure10" width="800" height="313"></a></p> <blockquote> <p>Jenkins_Configure10</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fekadyu6on2j1er4orw46.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fekadyu6on2j1er4orw46.png" alt="Jenkins_Configure10.1" width="800" height="385"></a></p> <blockquote> <p>Jenkins_Configure10.1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwpaxchqzq9aeez6tv63c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwpaxchqzq9aeez6tv63c.png" alt="Jenkins_Configure10.2" width="800" height="319"></a></p> <blockquote> <p>Jenkins_Configure10.2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe93se75zqsxrwan4zzgp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fe93se75zqsxrwan4zzgp.png" alt="Jenkins_Configure11" width="800" height="306"></a></p> <blockquote> <p>Jenkins_Configure11</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F41ta102qob85j999xaf3.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F41ta102qob85j999xaf3.png" alt="Jenkins_Configure11.1" width="800" height="309"></a></p> <blockquote> <p>Jenkins_Configure11.1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fly7937rs78c1pw9fhgmy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fly7937rs78c1pw9fhgmy.png" alt="Jenkins_Configure11.2" width="800" height="357"></a></p> <blockquote> <p>Jenkins_Configure11.2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz98zpohy6nheunwc8kjx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fz98zpohy6nheunwc8kjx.png" alt="Jenkins_Configure12" width="800" height="621"></a></p> <blockquote> <p>Jenkins_Configure12</p> </blockquote> <p><a></a></p> <h4> Step 6. Create a Pipeline </h4> <ol> <li>Navigate to <strong>Dashboard</strong> &gt; <strong>Manage Jenkins</strong> and copy the <strong>ID</strong> of <strong>IAM User</strong> created in Step 1, which we need to replace <code>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</code> with the <strong>ID</strong>.</li> <li>Navigate to <strong>Dashboard</strong> &gt; <strong>Manage Jenkins</strong> &gt; <strong>Plugin Manager</strong> &gt; Click on <strong>Available plugins</strong> </li> <li>Search for <strong>AWS Steps</strong> and <strong>Install without restart</strong>.</li> <li>Navigate to <strong>Dashboard</strong> &gt; <strong>New Job</strong> &gt; Enter <code>download-a-file-from-s3</code> &gt; Select <strong>Pipeline</strong> and Click <strong>OK</strong>.</li> <li>Scroll down to <strong>Pipeline</strong>, add the following <code>Pipeline script</code> and Click <strong>Save</strong> </li> <li>Create an S3 bucket and copy some files to the bucket.</li> <li>Replace the <code>s3bucket</code> with your bucket name and <code>filename</code> with one of the files in your S3 bucket.</li> <li>Navigate to <strong>Dashboard</strong> &gt; <strong>download-a-file-from-s3</strong> and Click on <strong>Build Now</strong>.</li> <li> <p>Navigate to the latest <strong>Build History</strong> link and check out the <strong>Console Output</strong>.<br> </p> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'S3download'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withAWS</span><span class="o">(</span><span class="nl">region:</span><span class="s1">'us-east-1'</span><span class="o">,</span><span class="nl">credentials:</span><span class="s1">'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'</span><span class="o">)</span><span class="err">\</span> <span class="o">{</span> <span class="n">s3Download</span><span class="o">(</span><span class="nl">file:</span> <span class="s2">"filename"</span><span class="o">,</span> <span class="nl">bucket:</span> <span class="s1">'s3bucket'</span><span class="o">,</span> <span class="nl">path:</span> <span class="s1">''</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffr298gqzb3rppfo0gx3m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffr298gqzb3rppfo0gx3m.png" alt="Jenkins_Pipeline1" width="800" height="425"></a></p> <blockquote> <p>Jenkins_Pipeline1</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F18iubvi3jnsvrtqa20es.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F18iubvi3jnsvrtqa20es.png" alt="Jenkins_Pipeline2" width="800" height="327"></a></p> <blockquote> <p>Jenkins_Pipeline2</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8xax56wosfjrma4tfr5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft8xax56wosfjrma4tfr5.png" alt="Jenkins_Pipeline3" width="800" height="538"></a></p> <blockquote> <p>Jenkins_Pipeline3</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft516tiu5jkr7arapavwx.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft516tiu5jkr7arapavwx.png" alt="Jenkins_Pipeline4" width="800" height="528"></a></p> <blockquote> <p>Jenkins_Pipeline4</p> </blockquote> <p>The following is the console log, which shows the pipeline has been successful. ✅<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Started by user Sri [Pipeline] Start of Pipeline [Pipeline] node Running on Jenkins in /var/lib/jenkins/workspace/download-a-file-from-s3 [Pipeline] { [Pipeline] stage [Pipeline] { (S3download) [Pipeline] withAWS Constructing AWS CredentialsSetting AWS region us-east-1 [Pipeline] { [Pipeline] s3Download Downloading s3://s3bucket/ to file:/var/lib/jenkins/workspace/download-a-file-from-s3/receiveMessages.sh Finished: Downloading from s3bucket/ Download complete [Pipeline] } [Pipeline] // withAWS [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS </code></pre> </div> <p>The file that was copied from S3 to the EC2 instance. ✅<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ec2-user@ip-172-31-89-157 ~]$ ls -lrt /var/lib/jenkins/workspace/download-a-file-from-s3/ total 0 drwxr-xr-x 2 jenkins jenkins 55 Dec 31 03:45 receiveMessages.sh </code></pre> </div> <p>Let's run the build again, this time the build has failed with the following error ❓<br> The error message suggests to use <code>set force=true</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Started by user Sri [Pipeline] Start of Pipeline [Pipeline] node Running on Jenkins in /var/lib/jenkins/workspace/download-a-file-from-s3 [Pipeline] { [Pipeline] stage [Pipeline] { (S3download) [Pipeline] withAWS Constructing AWS CredentialsSetting AWS region us-east-1 [Pipeline] { [Pipeline] s3Download Downloading s3://s3bucket/ to file:/var/lib/jenkins/workspace/download-a-file-from-s3/receiveMessages.sh/ Download failed due to existing target file; set force=true to overwrite target file [Pipeline] } [Pipeline] // withAWS [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline java.lang.RuntimeException: Target exists: file:/var/lib/jenkins/workspace/download-a-file-from-s3/receiveMessages.sh/ at de.taimos.pipeline.aws.S3DownloadStep$Execution.run(S3DownloadStep.java:146) at de.taimos.pipeline.aws.S3DownloadStep$Execution.run(S3DownloadStep.java:113) at org.jenkinsci.plugins.workflow.steps.SynchronousNonBlockingStepExecution.lambda$start$0(SynchronousNonBlockingStepExecution.java:47) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Finished: FAILURE </code></pre> </div> <p>So we need to add <code>force:true</code> as per the <a href="https://plugins.jenkins.io/pipeline-aws/#plugin-content-s3download" rel="noopener noreferrer">Pipeline: AWS Steps documentation</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'S3download'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withAWS</span><span class="o">(</span><span class="nl">region:</span><span class="s1">'us-east-1'</span><span class="o">,</span><span class="nl">credentials:</span><span class="s1">'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'</span><span class="o">)</span><span class="err">\</span> <span class="o">{</span> <span class="n">s3Download</span><span class="o">(</span><span class="nl">file:</span> <span class="s2">"filename"</span><span class="o">,</span> <span class="nl">bucket:</span> <span class="s1">'s3bucket'</span><span class="o">,</span> <span class="nl">path:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">force:</span><span class="kc">true</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>The build succeeded after adding <code>force:true</code> and now we can run the build multiple times.</p> <h5> Now let's parameterise the destination foldername. </h5> <ol> <li>Navigate to Dashboard &gt; download-a-file-from-s3 and click on <strong>Configure</strong> </li> <li>Select <strong>This project is parameterised</strong> and then Add <strong>String</strong> parameter</li> <li>Enter <strong>Name</strong> as <code>foldername</code>, <strong>Default Valu</strong> as <code>foldername</code> and <strong>Save</strong> </li> <li>Click <strong>Build with Parameters</strong> </li> <li>Navigate to the latest <strong>Build History</strong> link and check out the <strong>Console Output</strong>. </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight groovy"><code><span class="n">pipeline</span> <span class="o">{</span> <span class="n">agent</span> <span class="n">any</span> <span class="n">stages</span> <span class="o">{</span> <span class="n">stage</span><span class="o">(</span><span class="s1">'S3download'</span><span class="o">)</span> <span class="o">{</span> <span class="n">steps</span> <span class="o">{</span> <span class="n">withAWS</span><span class="o">(</span><span class="nl">region:</span><span class="s1">'us-east-1'</span><span class="o">,</span><span class="nl">credentials:</span><span class="s1">'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'</span><span class="o">)</span><span class="err">\</span> <span class="o">{</span> <span class="n">echo</span> <span class="s2">"${foldername}"</span> <span class="n">s3Download</span><span class="o">(</span><span class="nl">file:</span> <span class="s2">"${foldername}"</span><span class="o">,</span> <span class="nl">bucket:</span> <span class="s1">'s3bucket'</span><span class="o">,</span> <span class="nl">path:</span> <span class="s1">''</span><span class="o">,</span> <span class="nl">force:</span><span class="kc">true</span><span class="o">)</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1xyk8yztvoehas13a3r7.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1xyk8yztvoehas13a3r7.png" alt="Jenkins_Pipeline_Parameter" width="800" height="393"></a></p> <blockquote> <p>Jenkins_Pipeline_Parameter</p> </blockquote> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpg9btgp61wxrp4u2e5lq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpg9btgp61wxrp4u2e5lq.png" alt="Jenkins_Pipeline_Build-with-Parameters" width="800" height="328"></a></p> <blockquote> <p>Jenkins_Pipeline_Build-with-Parameters</p> </blockquote> <p>The following is the console log, which shows the pipeline has been successful. ✅<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Started by user Sri [Pipeline] Start of Pipeline [Pipeline] node Running on Jenkins in /var/lib/jenkins/workspace/download-a-file-from-s3 [Pipeline] { [Pipeline] stage [Pipeline] { (S3download) [Pipeline] withAWS Constructing AWS CredentialsSetting AWS region us-east-1 [Pipeline] { [Pipeline] echo s3files [Pipeline] s3Download Downloading s3://s3bucket/ to file:/var/lib/jenkins/workspace/download-a-file-from-s3/s3files Finished: Downloading from sqssri/ Download complete [Pipeline] } [Pipeline] // withAWS [Pipeline] } [Pipeline] // stage [Pipeline] } [Pipeline] // node [Pipeline] End of Pipeline Finished: SUCCESS </code></pre> </div> <p>The files were copied to <strong>s3files</strong> directory on the EC2 instance. ✅<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[ec2-user@ip-172-31-89-157 ~]$ ls -lrt /var/lib/jenkins/workspace/download-a-file-from-s3/s3files total 8 -rw-r--r-- 1 jenkins jenkins 952 Dec 31 03:40 receiveMessages.sh -rw-r--r-- 1 jenkins jenkins 646 Dec 31 03:40 sendMessages.sh </code></pre> </div> <p><a></a></p> <h4> Clean Up </h4> <ol> <li>Delete the <code>EC2</code> instance.</li> <li>Delete the <code>JenkinsUser</code>.</li> <li>Delete the <code>key pair</code>.</li> <li>Delete the Security Group <code>JenkinsSG</code>.</li> </ol> <p><a></a></p> <h4> Summary </h4> <ul> <li>We learned how to install and configure Jenkins.</li> <li>We also learned about setting up the pipeline.</li> </ul> <p><a></a></p> <h3> Referrals </h3> <ul> <li><a href="https://www.jenkins.io/doc/#jenkins-user-documentation" rel="noopener noreferrer">Jenkins User Documentation</a></li> <li><a href="https://plugins.jenkins.io/pipeline-aws/#plugin-content-s3download" rel="noopener noreferrer">Pipeline: AWS Steps</a></li> </ul> productivity writing Sri Sun, 25 Dec 2022 12:42:41 +0000 https://forem.com/aws-builders/elastic-beanstalk-demo-auto-scaling-with-a-shared-load-balancer-5n4 https://forem.com/aws-builders/elastic-beanstalk-demo-auto-scaling-with-a-shared-load-balancer-5n4 <h2> Table of Contents </h2> <ol> <li>Introduction</li> <li>Create a Security Group</li> <li>Create an Application Load Balancer</li> <li>Create Elastic Beanstalk Admin App</li> <li>Create Elastic Beanstalk Forum App</li> <li>Auto Scaling Verification</li> <li>Clean Up</li> <li>Summary</li> <li>Referrals</li> </ol> <p><a></a></p> <h3> Introduction </h3> <p>One of the users of the AWS Certified Global Community had this query which caught my attention and made me want to check it out and see If I could help solve their problem. While doing this, I actually learned about shared load balancer with Elastic Beanstalk application and found it quite interesting, so I would like to share my learning with you.</p> <p>With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. However, it becomes a bit difficult when we need to customise configurations such as Application Load Balancer, Listeners...etc</p> <p>The user wanted to deploy two Elastic Beanstalk applications, let's say one for an <strong>Admin</strong> application and another one for <strong>Forum</strong> application. The problem the user was facing was particularly during auto-scaling - there seemed to be two instances created instead of one when she terminated one instance.</p> <p>I'd like to share the demo below to show how to configure two different elastic Beanstalk applications using a shared load balancer and verify auto-scaling.</p> <blockquote> <p>Note: We can only have a maximum of <strong>5</strong> Target Groups per Action per Application Load Balancer.</p> </blockquote> <h2> Demo </h2> <p>Let's get started with the demo.</p> <p><a></a></p> <h3> Step 1. Create a Security Group </h3> <ol> <li><p>We are going to create a Security Group for Elastic Beanstalk</p></li> <li> <p>Navigate to EC2 &gt; Security Groups &gt; Create a new security group for your ALB, and set the following values:</p> <ul> <li>Name: <code>EBSSG</code> </li> <li>Add two Inbound rules to allow <code>HTTP</code> traffic from <code>0.0.0.0/0</code> (IPV4) and <code>::/0</code> (IPV6)</li> </ul> <p><em>EBS Security Group</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ow00nvk1llzwfa3u5ng.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6ow00nvk1llzwfa3u5ng.png" alt="EBS-ALB-SG"></a></p> </li> </ol> <h3> Step 2. Create an Application Load Balancer </h3> <ol> <li>Navigate to EC2 &gt; Load Balancers.</li> <li>Click Create Load Balancer.</li> <li>Click the Create button under the Application Load Balancer and set the following values: <ul> <li>Name: <code>SharedALB</code> </li> <li>Scheme: <code>internet-facing</code> </li> <li>IP address type: <code>ipv4</code> </li> <li>Load Balancer Protocol: <code>HTTP</code> </li> <li>Port: <code>80</code> </li> <li>Leave the default <code>VPC</code>.</li> <li>Select <code>us-east-1a</code> and <code>us-east-1b</code> AZs.</li> </ul> </li> <li>Click Next: Configure Security Settings. <ul> <li>Note: Ignore the warning as we are not using HTTPS.</li> </ul> </li> <li>Select <code>EBSALB</code> and Click Next</li> <li>Configure Routing, enter the following values and then Click Next: <ul> <li>Name: <code>EBS-TG</code> </li> <li>Target type: <code>Instance</code> </li> <li>Protocol: <code>HTTP</code> </li> <li>Port: <code>80</code> </li> <li>Path: <code>/index.html</code> </li> </ul> </li> <li>Click Next: Register Targets.</li> <li>Click Next: Review.</li> <li>Click Create</li> <li> <p>Wait until the Application Load Balancer <code>SharedALB</code> is Active.</p> <p><em>Shared Application Load Balancer</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frruj98wd3fxifag1ni37.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frruj98wd3fxifag1ni37.png" alt="Shared_ALB"></a></p> <p><em>Configure Security Options</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fymp205xhhv8dku2refev.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fymp205xhhv8dku2refev.png" alt="EBS-Admin2"></a></p> <p><em>Configure Security Groups</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0b75en00vzk8cly5f2kp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0b75en00vzk8cly5f2kp.png" alt="EBS-Admin3"></a></p> <p><em>Configure Routing</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dept3yz5bifvhu6dv32.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5dept3yz5bifvhu6dv32.png" alt="EBS-Admin4"></a></p> <p><em>Register Targets</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0og2wte1ux6q9g3o6iw.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy0og2wte1ux6q9g3o6iw.png" alt="Image description"></a></p> <p><em>Review</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzunhyvwm94xct1v6912a.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzunhyvwm94xct1v6912a.png" alt="EBS-Admin6"></a></p> <p><em>Application Load Balancer is Active</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frkbdrfldc0964t31c9rv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Frkbdrfldc0964t31c9rv.png" alt="ALB_Active"></a></p> <p><em>Initial Listener Rules</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9fg5rpvlppp07cqztsm7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9fg5rpvlppp07cqztsm7.png" alt="Initial_Listener_Rules"></a></p> </li> </ol> <p><a></a></p> <h3> Step 3. Create Elastic Beanstalk Admin App </h3> <ol> <li>Navigate to Elastic Beanstalk &gt; Environments.</li> <li>Click <code>Create a new environment</code>.</li> <li>Select <code>Web server environment</code> </li> <li>Enter the following values: <ul> <li>Name: <code>Admin</code> </li> <li>Platform: <code>Node.js</code> </li> <li>Select <code>Upload your code</code> and upload <a href="https://github.com/kasukur/elasticbeanstalk-demo/blob/main/nodejs_admin.zip" rel="noopener noreferrer">nodejs_admin.zip</a> </li> </ul> </li> <li>Click <code>Configure more options</code> <ul> <li>Note: Step 6, 7 and 8 should be done in the same order.</li> </ul> </li> <li>Select <code>High availability</code> under <code>Presets</code>.</li> <li>Click <code>Edit</code> next to <code>Network</code> and select same two <code>Availability Zones</code> for <code>Load Balancer</code>, <code>Instance settings</code> and <code>Database settings</code>.</li> <li>Click <code>Edit</code> next to <code>Load Balancer</code> <ul> <li>Load balancer type: <code>Application Load Balancer</code> </li> <li>Type: <code>Shared</code> </li> <li>Load balancer ARN: Select the ARN of <code>SharedALB</code> </li> <li>Select <code>default</code> under Processes and click <code>Actions</code> &gt; <code>Edit</code> &gt; enter Path as <code>/admin.html</code> and click <code>Save</code> </li> <li>Click <code>Add Rule</code> under <code>Rules</code>, Enter <code>Name</code> as <code>admin</code>, <code>PathPattern</code> as <code>/*</code>, <code>Process</code> as <code>default</code> and click <code>Add</code> </li> </ul> </li> <li>Click <code>Save</code>.</li> <li>Click <code>Create Environment</code>.</li> <li>Wait for the environment to be create and then click on the application URL.</li> </ol> <blockquote> <p>Note: If you need to make any changes to the code and create a zip on a Mac OS</p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cd</span> /nodejs_admin zip ../nodejs_admin <span class="nt">-r</span> <span class="k">*</span> .[^.]<span class="k">*</span> </code></pre> </div> <p><em>EBS Admin 1</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6732crlvx8mlh13k5a31.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6732crlvx8mlh13k5a31.png" alt="EBS_Admin1"></a></p> <p><em>EBS Admin 2.1</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsmjlbadqkl839fo8mrd.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjsmjlbadqkl839fo8mrd.png" alt="EBS_Admin2.1"></a></p> <p><em>EBS Admin 2.2</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl1lwmhzcfsv88utykmh4.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl1lwmhzcfsv88utykmh4.png" alt="EBS_Admin2.2"></a></p> <p><em>EBS Admin 3.1</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo9d67h2hvq6x7czo3wwa.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo9d67h2hvq6x7czo3wwa.png" alt="EBS_Admin3.1"></a></p> <p><em>EBS_Admin 3.2</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0ogdh9zck0hzti8o61l.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff0ogdh9zck0hzti8o61l.png" alt="EBS_Admin3.2"></a></p> <p><em>EBS_Admin 3.3</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl0lrjkntsat52ccmo9kj.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl0lrjkntsat52ccmo9kj.png" alt="EBS_Admin3.3"></a></p> <p><em>EBS Admin 4.1</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftlspioc97hzlb5pgef75.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftlspioc97hzlb5pgef75.png" alt="EBS_Admin4.1"></a></p> <p><em>EBS Admin 4.2</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fux9s752o75et8g7g3qu3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fux9s752o75et8g7g3qu3.png" alt="EBS_Admin4.2"></a></p> <p><em>you might notice this error if you do not select the shared load balancer</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfowpm7zjbu1h2afrq7l.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fnfowpm7zjbu1h2afrq7l.png" alt="Caution_Error"></a></p> <p><a></a></p> <h3> Step 4. Create Elastic Beanstalk Forum App </h3> <ol> <li>Navigate to Elastic Beanstalk &gt; Environments.</li> <li>Click <code>Create a new environment</code>.</li> <li>Select <code>Web server environment</code> </li> <li>Enter the following values: <ul> <li>Name: <code>Forum</code> </li> <li>Platform: <code>Node.js</code> </li> <li>Select <code>Upload your code</code> and upload <a href="https://github.com/kasukur/elasticbeanstalk-demo/blob/main/nodejs_forum.zip" rel="noopener noreferrer">nodejs_forum.zip</a> </li> </ul> </li> <li>Click <code>Configure more options</code> <ul> <li>Note: Step 6, 7 and 8 should be done in the same order.</li> </ul> </li> <li>Select <code>High availability</code> under <code>Presets</code>.</li> <li>Click <code>Edit</code> next to <code>Network</code> and select same two <code>Availability Zones</code> for <code>Load Balancer</code>, <code>Instance settings</code> and <code>Database settings</code>.</li> <li>Click <code>Edit</code> next to <code>Load Balancer</code> <ul> <li>Load balancer type: <code>Application Load Balancer</code> </li> <li>Type: <code>Shared</code> </li> <li>Load balancer ARN: Select the ARN of <code>SharedALB</code> </li> <li>Select <code>default</code> under Processes and click <code>Actions</code> &gt; <code>Edit</code> &gt; enter Path as <code>/forum.html</code> and click <code>Save</code> </li> <li>Click <code>Add Rule</code> under <code>Rules</code>, Enter <code>Name</code> as <code>admin</code>, <code>PathPattern</code> as <code>/*</code>, <code>Process</code> as <code>default</code> and click <code>Add</code> </li> </ul> </li> <li>Click <code>Save</code>.</li> <li>Click <code>Create Environment</code>.</li> <li>Wait for the environment to be create and then click on the application URL.</li> </ol> <blockquote> <p>Note: If you need to make any changes to the code and create a zip on a Mac OS</p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">cd</span> /nodejs_forum zip ../nodejs_forum <span class="nt">-r</span> <span class="k">*</span> .[^.]<span class="k">*</span> </code></pre> </div> <p><em>EBS Forum 4.3</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcdqha83enxj22ty7ov1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fhcdqha83enxj22ty7ov1.png" alt="EBS_Forum4.3"></a></p> <p><a></a></p> <h3> Step 5. Auto Scaling Verification </h3> <ol> <li>Navigate to <code>EC2</code> &gt; <code>Instances</code> </li> <li>Select <code>Admin-env instance</code> </li> <li>Click <code>Actions</code> &gt; <code>Instance State</code> and <code>Terminate</code> </li> <li>Wait for a few minutes, the auto scaling group will launch a new instance for Admin application, which can be checked under <code>Auto Scaling Groups</code> &gt; <code>Activity</code> Note: There should only be one instance launched but not two.</li> <li>Similarly <code>Terminate</code> the <code>Forum-env</code> and there should new instance created in a few minutes.</li> </ol> <p><em>EBS Environments</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcagtajdm2vj85gftnarp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcagtajdm2vj85gftnarp.png" alt="EBS-Envs"></a></p> <p><em>EBS Admin Application</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4trpqxzq3rd3t8s15lzv.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4trpqxzq3rd3t8s15lzv.png" alt="EBS-Admin"></a></p> <p><em>EBS Admin Application</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2klp6jc2ddse395t0nza.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2klp6jc2ddse395t0nza.png" alt="EBS-Forum"></a></p> <p><em>Application Load Balancer Listener Rules</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F51mpd425gomme4bg6pes.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F51mpd425gomme4bg6pes.png" alt="ALB-Listener-Rules"></a></p> <p><em>EC2 Instances</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fga2384u4i4pq3otoau3b.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fga2384u4i4pq3otoau3b.png" alt="EC2_Instances"></a></p> <p><em>EBS Admin Auto Scaling Activity</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46dt2dhh2rmr4plkgi5g.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F46dt2dhh2rmr4plkgi5g.png" alt="EBS-Admin-AS-1"></a></p> <p><em>EBS Forum Auto Scaling Activity</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy135lt2z9amox1513eze.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy135lt2z9amox1513eze.png" alt="EBS-Admin-AS-2"></a></p> <p><em>EC2 Instances: Only one new Admin instance</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi7mtg181ord9j2v869sf.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi7mtg181ord9j2v869sf.png" alt="EBS-Admin-AS-3"></a></p> <p><em>EC2 Instances: Forum Instance terminated manually and new instance created by Auto Scaling</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63qeuqr53n9dhcjoqmwx.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F63qeuqr53n9dhcjoqmwx.png" alt="EBS-Admin-AS-4"></a></p> <p><em>EBS Forum Auto Scaling Activity</em><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy5yegdqkobwgv4umcfyn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy5yegdqkobwgv4umcfyn.png" alt="EBS-Admin-AS-5"></a></p> <p><a></a></p> <h3> Clean Up </h3> <ol> <li>Select each environment under <code>Elastic Beanstalk</code> &gt; <code>Environments</code>, Select <code>Actions</code> &gt; <code>Terminate Environment</code>.</li> <li>Select each application under <code>Elastic Beanstalk</code> &gt; <code>Applications</code>, Select <code>Actions</code> &gt; <code>Delete Application</code>.</li> <li>Delete <code>SharedALB</code> under <code>Load Balancers</code> </li> <li>Delete Security Group <code>EBSSG</code>.</li> <li>After both environments are terminated, Empty and Delete S3 bucket prefixed with <code>elasticbeanstalk-us-east-1-...</code> </li> </ol> <p><a></a></p> <h3> Summary </h3> <ul> <li>We learned how to deploy and configure different settings using Elastic Beanstalk.</li> <li>We also learned about shared application load balancer, which can save costs.</li> </ul> <p><a></a></p> <h3> Referrals </h3> <ul> <li><a href="https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/environments-cfg-alb-shared.html" rel="noopener noreferrer">Configuring a shared Application Load Balancer using the Elastic Beanstalk console</a></li> <li>The application code is from <a href="https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/samples/nodejs.zip" rel="noopener noreferrer">Tutorials and samples</a> and I have added admin.html and forum.html.</li> </ul> aws elasticbeanstalk tutorial Sri Mon, 19 Dec 2022 13:00:00 +0000 https://forem.com/aws-builders/aws-community-builders-christmas-and-new-year-2023-oil https://forem.com/aws-builders/aws-community-builders-christmas-and-new-year-2023-oil <h2> What surprises you most about the community builders program? </h2> <p>I always knew that it was an honour to be selected to the Community Builders program, but what really surprised me were the many benefits of being a part of this program such as access to learning resources, support and most importantly, networking and learning from other community builders.</p> <h2> What’s your background and your experience with AWS? </h2> <p>About two years ago, there was a cloud project at work that I really wanted to be a part of, however I didn't have any cloud skills and therefore couldn't be considered for this role. As AWS was a pioneer as a cloud provider, I decided that I wanted to learn as much I could about AWS.</p> <p>I started my journey with AWS Certified Cloud Practitioner. On completing this certification, I felt encouraged to try my hand at other certifications. I decided to pursue all the Associate certifications and then continue on to the Solution Architect Professional.</p> <p>Since I have started my journey, I have grown significantly in my AWS skills. I feel very happy that I have been able to mentor people in the community who are just starting out in the cloud and are looking for support, like I was two years ago. On the work front, I made a presentation to my team about how they could get certified. I am also part of the Cloud Champion Network in my company.</p> <h2> What’s the biggest benefit you see from the program? </h2> <p>The biggest benefit is having access to the Slack channel and to builders worldwide.<br> The best part about having access to other builders is the promptness in replying to questions we post.</p> <h2> What’s the next swag item that you would like to get? </h2> <p>I would love to request an AWS Skill Builder subscription-based access, if possible.</p> <h2> What are you eating for dinner today? Share the recipe! </h2> <p><strong>Kale salad</strong></p> <ul> <li>Chop up kale and massage it with some salt, lime and apple cider vinegar.</li> <li>Add some dried cranberries.</li> <li>Slice a green apple and add it to the salad and enjoy! 🥗</li> </ul> <h2> Is there anything else you would like to say about the community builders program in 2022? </h2> <p>It is a one of a kind program and I absolutely love being part of this program.</p> cbchristmas2022 Sri Sun, 18 Dec 2022 01:38:37 +0000 https://forem.com/aws-builders/challenge-display-ec2-instances-from-all-regions-using-python-and-boto3-409 https://forem.com/aws-builders/challenge-display-ec2-instances-from-all-regions-using-python-and-boto3-409 <p>This was an idea from the AWS Certified Global Community to create challenges by breaking a certain part of code, so the users can learn by fixing the code.</p> <p>I have written this second challenge for the AWS Certified Global Community and have also used it to mentor some of my mentees.<br> I thought that it might be a good idea to share this with the broader community as well.</p> <p><strong>Boto3</strong> is the name of the Python SDK for AWS. It allows you to directly create, update, and delete AWS resources from your Python scripts.</p> <p>I agree that we have <strong>EC2 Global View</strong>, which shows what we are trying to achieve. However this is more of a programming challenge on how to code using Python and Boto3.</p> <p>Let's start the challenge!</p> <p><strong>Pre-Requisites:</strong></p> <ul> <li>Lambda with Python 3.9</li> <li>Lambda Execution role with access to EC2 and CloudWatch access (IAM)</li> <li>It is preferable to have at least one EC2 instance in any of the regions (not mandatory though)</li> </ul> <p><strong>Step 1. Create an IAM Policy:</strong></p> <p>You could either let Lambda create an execution role and add the <strong>AmazonEC2ReadOnlyAccess</strong> policy or you could create the following IAM policy and a role.</p> <blockquote> <p>Note: Replace [Region], [LambdaFunctionName] and [AccountID] in the Policy</p> </blockquote> <p>IAM Policy with the following access:</p> <p><strong>AWSLambdaBasicExecution</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"logs:CreateLogGroup"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:logs:[Region]:[AccountID]:*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"logs:CreateLogStream"</span><span class="p">,</span><span class="w"> </span><span class="s2">"logs:PutLogEvents"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>AmazonEC2ReadOnlyAccess</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ec2:Describe*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"elasticloadbalancing:Describe*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"cloudwatch:ListMetrics"</span><span class="p">,</span><span class="w"> </span><span class="s2">"cloudwatch:GetMetricStatistics"</span><span class="p">,</span><span class="w"> </span><span class="s2">"cloudwatch:Describe*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"autoscaling:Describe*"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Step 2. Create a role for Lambda and attach the policy created in Step 1</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">Trusted</span><span class="w"> </span><span class="err">entities:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Allow"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Principal"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Service"</span><span class="p">:</span><span class="w"> </span><span class="s2">"lambda.amazonaws.com"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="s2">"sts:AssumeRole"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Step 3. Broken Code:</strong> Create a Lambda function with the following code and execute the function.</p> <blockquote> <p>Note: Please increase the Lambda Function <strong>Timeout</strong> under <strong>General Configuration</strong> from <strong>3 sec</strong> to <strong>2 min</strong> or more as required.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="n">ec2list</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Get list of regions </span> <span class="n">ec2</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">regions</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="n">describe_regions</span><span class="p">().</span><span class="n">get</span><span class="p">(</span><span class="s">'Regions'</span><span class="p">,[]</span> <span class="p">)</span> <span class="c1"># Iterate over regions </span> <span class="k">for</span> <span class="n">region</span> <span class="ow">in</span> <span class="n">regions</span><span class="p">:</span> <span class="k">print</span> <span class="p">(</span><span class="s">"* Checking region -- %s "</span> <span class="o">%</span> <span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">])</span> <span class="n">reg</span><span class="o">=</span><span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">]</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">reg</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">describe_instances</span><span class="p">()</span> <span class="k">for</span> <span class="n">reservation</span> <span class="ow">in</span> <span class="n">response</span><span class="p">[</span><span class="s">"Instances"</span><span class="p">]:</span> <span class="k">for</span> <span class="n">instance</span> <span class="ow">in</span> <span class="n">reservation</span><span class="p">[</span><span class="s">"Instances"</span><span class="p">]:</span> <span class="k">print</span> <span class="p">(</span><span class="s">" ---- Instance %s in %s"</span> <span class="o">%</span> <span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="s">'InstanceId'</span><span class="p">],</span> <span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">]))</span> <span class="n">ec2list</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="s">'InstanceId'</span><span class="p">])</span> <span class="k">return</span> <span class="p">{</span> <span class="s">"statusCode"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="s">"body"</span><span class="p">:</span> <span class="n">ec2list</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note: <strong>DO NOT</strong> forget to deploy the Lambda function every time you make a change.</p> </blockquote> <p><strong>First Error:</strong> We get the following error when we execute the code❓<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">Response</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"errorMessage"</span><span class="p">:</span><span class="w"> </span><span class="s2">"name 'boto3' is not defined"</span><span class="p">,</span><span class="w"> </span><span class="nl">"errorType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"NameError"</span><span class="p">,</span><span class="w"> </span><span class="nl">"requestId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"6926f216-e0e8-4f25-bb16-761ada972e3f"</span><span class="p">,</span><span class="w"> </span><span class="nl">"stackTrace"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">" File </span><span class="se">\"</span><span class="s2">/var/task/lambda_function.py</span><span class="se">\"</span><span class="s2">, line 8, in lambda_handler</span><span class="se">\n</span><span class="s2"> ec2 = boto3.client('ec2')</span><span class="se">\n</span><span class="s2">"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Hint 1:</strong><br> The first one is easy to solve by executing the code in Lambda, the hint appears in the error message.</p> <p><strong>Second Error:</strong> We get the following error after fixing the first one❓<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">Response</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"errorMessage"</span><span class="p">:</span><span class="w"> </span><span class="s2">"'Instances'"</span><span class="p">,</span><span class="w"> </span><span class="nl">"errorType"</span><span class="p">:</span><span class="w"> </span><span class="s2">"KeyError"</span><span class="p">,</span><span class="w"> </span><span class="nl">"requestId"</span><span class="p">:</span><span class="w"> </span><span class="s2">"c78a6211-1d73-4d72-b83a-4c51bfd4e181"</span><span class="p">,</span><span class="w"> </span><span class="nl">"stackTrace"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">" File </span><span class="se">\"</span><span class="s2">/var/task/lambda_function.py</span><span class="se">\"</span><span class="s2">, line 21, in lambda_handler</span><span class="se">\n</span><span class="s2"> for reservation in response[</span><span class="se">\"</span><span class="s2">Instances</span><span class="se">\"</span><span class="s2">]:</span><span class="se">\n</span><span class="s2">"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><strong>Hint 2:</strong></p> <p>Please refer to the Response Syntax of describe_instances(**kwargs) at <a href="https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ec2.html?highlight=describe_instances#EC2.Client.describe_instances">Boto3 Documentation</a></p> <p><strong>Step 4. Final Code:</strong> ✅<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="nn">json</span> <span class="kn">import</span> <span class="nn">boto3</span> <span class="n">ec2list</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">def</span> <span class="nf">lambda_handler</span><span class="p">(</span><span class="n">event</span><span class="p">,</span> <span class="n">context</span><span class="p">):</span> <span class="c1"># Get list of regions </span> <span class="n">ec2</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">)</span> <span class="n">regions</span> <span class="o">=</span> <span class="n">ec2</span><span class="p">.</span><span class="n">describe_regions</span><span class="p">().</span><span class="n">get</span><span class="p">(</span><span class="s">'Regions'</span><span class="p">,[]</span> <span class="p">)</span> <span class="c1"># Iterate over regions </span> <span class="k">for</span> <span class="n">region</span> <span class="ow">in</span> <span class="n">regions</span><span class="p">:</span> <span class="k">print</span> <span class="p">(</span><span class="s">"* Checking region -- %s "</span> <span class="o">%</span> <span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">])</span> <span class="n">reg</span><span class="o">=</span><span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">]</span> <span class="n">client</span> <span class="o">=</span> <span class="n">boto3</span><span class="p">.</span><span class="n">client</span><span class="p">(</span><span class="s">'ec2'</span><span class="p">,</span> <span class="n">region_name</span><span class="o">=</span><span class="n">reg</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="n">describe_instances</span><span class="p">()</span> <span class="k">for</span> <span class="n">reservation</span> <span class="ow">in</span> <span class="n">response</span><span class="p">[</span><span class="s">"Reservations"</span><span class="p">]:</span> <span class="k">for</span> <span class="n">instance</span> <span class="ow">in</span> <span class="n">reservation</span><span class="p">[</span><span class="s">"Instances"</span><span class="p">]:</span> <span class="k">print</span> <span class="p">(</span><span class="s">" ---- Instance %s in %s"</span> <span class="o">%</span> <span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="s">'InstanceId'</span><span class="p">],</span> <span class="n">region</span><span class="p">[</span><span class="s">'RegionName'</span><span class="p">]))</span> <span class="n">ec2list</span><span class="p">.</span><span class="n">append</span><span class="p">(</span><span class="n">instance</span><span class="p">[</span><span class="s">'InstanceId'</span><span class="p">])</span> <span class="k">return</span> <span class="p">{</span> <span class="s">"statusCode"</span><span class="p">:</span> <span class="mi">200</span><span class="p">,</span> <span class="s">"body"</span><span class="p">:</span> <span class="n">ec2list</span> <span class="p">}</span> </code></pre> </div> <p><strong>Output</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"statusCode"</span><span class="p">:</span><span class="w"> </span><span class="mi">200</span><span class="p">,</span><span class="w"> </span><span class="nl">"body"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"I-[instanceid]"</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="err">START</span><span class="w"> </span><span class="err">RequestId:</span><span class="w"> </span><span class="err">f</span><span class="mi">6</span><span class="err">a</span><span class="mi">1</span><span class="err">c</span><span class="mi">381-51e2-43</span><span class="err">c</span><span class="mi">9-8490</span><span class="err">-a</span><span class="mi">62</span><span class="err">b</span><span class="mi">8</span><span class="err">a</span><span class="mi">6394</span><span class="err">dd</span><span class="w"> </span><span class="err">Version:</span><span class="w"> </span><span class="err">$LATEST</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">eu-north</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-south</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">eu-west</span><span class="mi">-3</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">eu-west</span><span class="mi">-2</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">eu-west</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-northeast</span><span class="mi">-3</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-northeast</span><span class="mi">-2</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-northeast</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">sa-east</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ca-central</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-southeast</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">ap-southeast</span><span class="mi">-2</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">eu-central</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">us-east</span><span class="mi">-1</span><span class="w"> </span><span class="err">----</span><span class="w"> </span><span class="err">Instance</span><span class="w"> </span><span class="p">[</span><span class="err">instanceid</span><span class="p">]</span><span class="w"> </span><span class="err">in</span><span class="w"> </span><span class="err">us-east</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">us-east</span><span class="mi">-2</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">us-west</span><span class="mi">-1</span><span class="w"> </span><span class="err">*</span><span class="w"> </span><span class="err">Checking</span><span class="w"> </span><span class="err">region</span><span class="w"> </span><span class="err">--</span><span class="w"> </span><span class="err">us-west</span><span class="mi">-2</span><span class="w"> </span><span class="err">END</span><span class="w"> </span><span class="err">RequestId:</span><span class="w"> </span><span class="err">f</span><span class="mi">6</span><span class="err">a</span><span class="mi">1</span><span class="err">c</span><span class="mi">381-51e2-43</span><span class="err">c</span><span class="mi">9-8490</span><span class="err">-a</span><span class="mi">62</span><span class="err">b</span><span class="mi">8</span><span class="err">a</span><span class="mi">6394</span><span class="err">dd</span><span class="w"> </span><span class="err">REPORT</span><span class="w"> </span><span class="err">RequestId:</span><span class="w"> </span><span class="err">f</span><span class="mi">6</span><span class="err">a</span><span class="mi">1</span><span class="err">c</span><span class="mi">381-51e2-43</span><span class="err">c</span><span class="mi">9-8490</span><span class="err">-a</span><span class="mi">62</span><span class="err">b</span><span class="mi">8</span><span class="err">a</span><span class="mi">6394</span><span class="err">dd</span><span class="w"> </span><span class="err">Duration:</span><span class="w"> </span><span class="mf">15667.85</span><span class="w"> </span><span class="err">ms</span><span class="w"> </span><span class="err">Billed</span><span class="w"> </span><span class="err">Duration:</span><span class="w"> </span><span class="mi">15668</span><span class="w"> </span><span class="err">ms</span><span class="w"> </span><span class="err">Memory</span><span class="w"> </span><span class="err">Size:</span><span class="w"> </span><span class="mi">128</span><span class="w"> </span><span class="err">MB</span><span class="w"> </span><span class="err">Max</span><span class="w"> </span><span class="err">Memory</span><span class="w"> </span><span class="err">Used:</span><span class="w"> </span><span class="mi">90</span><span class="w"> </span><span class="err">MB</span><span class="w"> </span><span class="err">Init</span><span class="w"> </span><span class="err">Duration:</span><span class="w"> </span><span class="mf">246.67</span><span class="w"> </span><span class="err">ms</span><span class="w"> </span></code></pre> </div> <blockquote> <p>Note: The actual instance id is replaced with [instanceid] in the output.</p> </blockquote> <p>So what have I done to break the code</p> <ul> <li>I removed <code>import boto3</code> at <code>line no 2</code> </li> <li>Replaced <code>response["Reservations"]:</code> with <code>response["Instances"]:</code> at <code>line no 21</code> </li> </ul> <p>Hope you liked the challenge! Please let me know your thoughts in the comments section.</p> <blockquote> <p>Tip: Please do check out the reference link as you will learn something about global services too with Boto3. 👇</p> </blockquote> <p>See you next time 👋</p> <h3> References: </h3> <p>I learnt this from stackoverflow when I asked a question about <a href="https://stackoverflow.com/questions/72837445/retrieve-list-of-buckets-from-all-regions-using-boto3">Retrieve list of buckets from all regions using boto3</a></p> <p>Hope you have also learnt something about retrieving S3 buckets from all regions using Boto3. </p> aws boto3 ec2 lambda