Forem: Oladipupo Abeeb Olanrewaju

AWS: S3 Storage Classes

Oladipupo Abeeb Olanrewaju — Thu, 22 Aug 2024 03:47:51 +0000

Amazon S3 Standard (S3 Standard)

S3 Standard provides highly durable, available, and performant object storage for data that is accessed frequently. With its low latency and high throughput, S3 Standard is ideal for various applications such as cloud services, dynamic websites, content distribution, mobile and gaming apps, and big data analytics.

Key features:

General-purpose storage for frequently accessed data
Low latency and high throughput performance
Designed for 99.99% availability, with a (11 9's)% durability
More than 3 Availability Zones

Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is a storage class designed for data that is accessed less frequently but still requires rapid access when needed. It offers a lower cost compared to S3 Standard, while still maintaining high durability, availability, and performance. This makes S3 Standard-IA ideal for use cases like backups, disaster recovery, and long-term storage of data that doesn't need to be accessed often.

Key features:

Infrequently accessed data that needs millisecond access
Same low latency and high throughput performance of S3 Standard
Designed to deliver 99.9% , with a (11 9's)% durability
More than 3 Availability Zones

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) is a storage class tailored for infrequently accessed data that is non-critical and can be stored in a single Availability Zone. It offers a lower cost compared to the S3 Standard-IA class, as it doesn't replicate data across multiple zones. S3 One Zone-IA is well-suited for cost-sensitive use cases such as backups, disaster recovery copies, and other data that can be easily recreated if lost.

Key features:

Re-creatable infrequently accessed data
Same low latency and high throughput performance of S3 Standard
Designed to deliver 99.5%, with a (11 9's)% durability
With 1 Availability Zones

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering)

Amazon S3 Intelligent-Tiering (S3 Intelligent-Tiering) is a storage class designed to optimize costs by automatically moving data between two access tiers: frequent and infrequent access, based on changing access patterns. It provides the same high durability and low latency as other S3 classes, while reducing costs for data that isn't frequently accessed. S3 Intelligent-Tiering is ideal for workloads with unpredictable or changing access patterns, as it eliminates the need to manually manage data lifecycle transitions.

Key features:

Automatic cost savings for data with unknown or changing access patterns
Frequent and Infrequent Access tiers have the same low-latency and high-throughput performance of S3 Standard
Designed to deliver 99.9%, with a (11 9's)% durability
More than 3 Availability Zones

Amazon S3 Glacier Instant Retrieval

Amazon S3 Glacier Instant Retrieval is a storage class designed for data that is rarely accessed but needs to be retrieved immediately when requested. It combines the low cost of archival storage with the benefit of millisecond retrieval times. This makes it ideal for use cases like long-term data archiving, digital preservation, and backup storage, where rapid access is occasionally required without the need to pay for frequent access storage classes.

Key features:

Long-lived data that is accessed a few times per year with instant retrievals
Data retrieval in milliseconds with the same performance as S3 Standard
Designed to deliver 99.9%, with a (11 9's)% durability
More than 3 Availability Zones

Amazon S3 Glacier Flexible Retrieval

Amazon S3 Glacier Flexible Retrieval is a storage class designed for archival data that is infrequently accessed but requires flexible retrieval options. It offers low-cost storage with a range of retrieval times, from minutes to hours, depending on your needs. This class is ideal for use cases like long-term backups, data archiving, and regulatory compliance, where data can be stored at a low cost and retrieved within a specified time frame without the urgency of instant access.

Key features:

Backup and archive data that is rarely accessed and low cost
Designed to deliver 99.99%, with a (11 9's)% durability
More than 3 Availability Zones
Supports SSL for data in transit and encryption of data at rest
Ideal for backup and disaster recovery use cases when large sets of data occasionally need to be retrieved in minutes, without concern for costs
Configurable retrieval times, from minutes to hours, with free bulk retrievals

Amazon S3 Glacier Deep Archive

Amazon S3 Glacier Deep Archive is the lowest-cost storage class designed for long-term data archiving that is rarely accessed, with retrieval times ranging from 12 to 48 hours. It is ideal for data that needs to be retained for years or decades for compliance purposes or digital preservation but does not require immediate retrieval. This storage class is particularly suited for organizations looking to minimize storage costs for data that is unlikely to be accessed frequently.

Key features:

Archive data that is very rarely accessed and very low cost
Designed to deliver 99.99% , with a (11 9's)% durability
More than 3 Availability Zones
Retrieval time within 12 hours

AWS S3 : Object ACLS and Bucket Policies

Oladipupo Abeeb Olanrewaju — Mon, 15 Jul 2024 14:38:58 +0000

In Amazon Web Services (AWS) Simple Storage Service (S3), managing access to your data involves two main components: object ACLs (Access Control Lists) and bucket policies.

Object ACLs (Access Control Lists)

Object ACLs are used to manage permissions at the individual object level within an S3 bucket. Each object can have its own set of permissions.

Types of Permissions:

READ: Allows grantee to read the object data and its metadata.
WRITE: Allows grantee to create, overwrite, and delete the object.
READ_ACP: Allows grantee to read the object ACL.
WRITE_ACP: Allows grantee to write the object ACL.
FULL_CONTROL: Grants READ, WRITE, READ_ACP, and WRITE_ACP permissions.
Grantees: ACLs can grant permissions to:
Canonical user: Specific AWS accounts.
AWS Account ID: Any AWS account.
Groups: Predefined Amazon S3 groups (e.g., AllUsers, AuthenticatedUsers, LogDelivery).
Default ACLs: When an object is created, the default ACL grants the owner (the AWS account that uploaded the object) full control.

How to Allow access to Bucket level and Individual Object level

1.Bucket Level: By default when creating a s3 Bucket, the public access is blocked or restricted meaning there is no access to that particular bucket.

To allow access, Click on the bucket name, navigate to permissions; and scroll down to a section named "Block public access".

Click on edit at the right-cornered, and click on Block all public access to allow access i.e allowing unrestricted access to that bucket. Save changes and confirm settings.

2.Individual Object Level (ACLs): To make an object individually public in S3 bucket, Go to Object Ownership under permissions in the bucket to enable Access Control Lists(ACLs). Click on edit, then click on ACLs enabled to allow access for other AWS accounts.

Save Changes.

Select the object you want to make public, click on Actions and scroll down to "Make Public using ACL"

Click it.

Click on Make public.

This is how Data Security works in AWS S3...

AWS : IAM : Root Account

Oladipupo Abeeb Olanrewaju — Sat, 22 Jun 2024 14:17:29 +0000

This article on DEV Community explains AWS Identity and Access Management (IAM) and its capabilities for managing users, groups, and permissions within AWS. It highlights how IAM allows creating users with unique credentials and assigning permissions through policies. The article includes examples of using Terraform to automate the creation of IAM users, access keys, and policies.

Link:WHAT IS IAM

IAM is a service that allows you to create and manage users and groups, and to assign permissions that control access to AWS resources.

The Root Account is the initial account created when you sign up for AWS. It has full administrative access to all AWS services and resources in the account. The root account is identified by the email address used during account creation.

Important: The root account should only be used for tasks requiring unique permissions. For everyday administrative tasks, create IAM users with the necessary permissions.

How to Secure the Root User

1. Enable Multi-Factor Authentication (MFA)

· Log in to the AWS Management Console using your root account.
· Navigate to the IAM service.
· In the left-hand navigation pane, click on Dashboard.
· Under the Activate MFA on your root account section, click on Manage MFA.
· Follow the instructions to set up MFA for your root account.

2. Create an admin group and assign the appropriate permission

Step-by-Step Guide to Creating an "Admins" Group in AWS IAM

Log in to AWS Management Console:

Open your web browser and go to the AWS Management Console. Log in with your credentials.

Navigate to IAM:

In the AWS Management Console, type "IAM" in the search bar and select IAM to open the Identity and Access Management dashboard.

Create a New Group:

In the left-hand navigation pane, click on User groups.
Click the Create group button.
Set Group Name:

On the Create user group page, enter a name for your group. For example, "Admins".
Click Next to proceed.

Attach Permissions Policies:

On the Attach permissions policies page, you need to add the policies that will define the permissions for the group.
Scroll through the list or use the search bar to find the policy named AdministratorAccess.
Check the box next to AdministratorAccess. This policy provides full access to AWS services and resources.

Review and Create the Group:

Review the group details, ensuring that the correct policy is attached.
Click Create Group.

3. Create a User account for admins

Navigate to the IAM service.
In the left-hand navigation pane, click on Users and then Create User.
Enter a username (e.g., UserAdmin).
Select Programmatic access and AWS Management Console access.
Set a custom password or allow the user to create one at first sign-in.
Click Next: Permissions.

In the policy list, search for AdministratorAccess.
Check the box next to AdministratorAccess and click Create group.

Ensure the new group is selected and click Next: Tags.
Add any tags if necessary and click Next: Review.
Review the details and click Create user.

4. Add users to the admin group

Navigate to User Groups, and click on the group name to add the user.

Scroll down and Click on Add Users.

Select the User to be added to the Admin group and the users will be added successfully to the group operating under the policies in that group.

By following these steps and best practices, you can ensure your AWS account is securely configured and that administrative access is managed appropriately.

AWS PRICING

Oladipupo Abeeb Olanrewaju — Sat, 13 Apr 2024 01:23:04 +0000

AWS enables quicker movement, lowered IT expenses, and global scalability by offering a wide range of global computing, storage, database, analytics, application, and deployment services. Cloud services, like AWS, empower you to efficiently adjust costs to align with your evolving requirements.

AWS provides a range of services designed to support the development of advanced applications, offering enhanced flexibility, scalability, and reliability. Whether you require computing power, database storage, content delivery, or other features, AWS allows you to pay solely for the specific services you require, for the duration of your usage, without dealing with intricate licensing structures. With over 160 cloud services, AWS presents diverse pricing models, ensuring that you only pay for the services you utilize. Additionally, once you discontinue usage, there are no extra costs or termination fees involved.

Fundamental of Pricing

There are three fundamental drivers of cost which are:
1.Compute resources: You are billed based on hourly or secondly usage starting from resource launch until termination, unless you've prearranged a reservation with predetermined costs.

2.Outbound data transfer : Data sent out from AWS services incurs a charge, while incoming data and transfers within the same Region are free. Confirm data transfer rates beforehand, as exceptions may apply. Outbound data transfer costs are combined across services and billed based on the outbound data transfer rate, listed as AWS Data Transfer Out on your monthly statement. The larger your data transfer, the lower the cost per gigabyte.

3.Storage resources : are data stored in the cloud, you pay per GB.

Pricing model Based on Product

AWS presents various pricing models based on the product you choose. These options include:

On-Demand Instances: Pay for compute or database capacity by the hour or second (minimum of 60 seconds) for the instances you use, without long-term commitments or upfront payments.
Savings Plans: This flexible pricing model offers reduced rates for Amazon EC2, Amazon SageMaker, AWS Lambda, and AWS Fargate usage in exchange for committing to a consistent usage level (measured in $/hour) for one or three years.
Spot Instances: Request spare computing capacity without upfront commitments, at a discounted hourly rate (up to 90% off the on-demand price) using the Amazon EC2 pricing mechanism.
Reservations: Secure a greater discount (up to 75%) by paying for capacity in advance with reservations.

AWS Free Tier

The AWS Free Tier provides an opportunity to explore over 60 AWS products without charge. It consists of the following free offer types:

Free Trials: These are temporary trials that start from the activation date of a specific service. Once the trial period ends, you'll switch to standard pay-as-you-go rates.
12 Months Free: This tier offers a year of free usage starting from your initial AWS signup date. After the 12-month period or if you exceed the allotted usage, standard pay-as-you-go rates apply.
Always Free: These offers remain free indefinitely and are accessible to all AWS customers.

AWS Pricing/TCO Tools

AWS provides complimentary pricing and migration tools at your disposal. Once you've determined the workload specifics and selected services, the AWS Pricing Calculator aids in estimating the overall cost of ownership. Additionally, the Migration Evaluator assists in inventorying your current environment, gathering workload details, and strategizing the design and planning of your AWS migration.

AWS Pricing Calculator

The AWS Pricing Calculator, available online, empowers you to generate cost estimates tailored to your AWS scenarios. It serves as a valuable tool for both newcomers to AWS and those looking to optimize or expand their current usage.

With the AWS Pricing Calculator, you can delve into AWS services aligned with your use cases and create accurate cost projections. This allows you to conceptualize your solutions beforehand, understand the cost breakdown of your estimate, and explore instance types and contract terms that align with your requirements. These capabilities enable you to make well-informed decisions regarding your AWS usage, whether you're planning your costs and usage patterns or pricing out the setup of new instances and services.

It's worth noting that the AWS Pricing Calculator is free to use and provides an estimate of your AWS fees and charges (excluding taxes). However, it's important to remember that the pricing details provided are for informational purposes only.

Migration Evaluator

Migration Evaluator, formerly known as TSO Logic, is a free service designed to generate data-driven business cases for AWS Cloud planning and migration.

Crafting business cases independently can be a lengthy endeavor and may not always pinpoint the most cost-efficient deployment and purchasing strategies. Migration Evaluator expeditiously furnishes a business case, enabling informed decisions for AWS planning and migration. By leveraging Migration Evaluator, your organization gains access to AWS expertise, visibility into various cost-effective cloud migration scenarios, and insights on leveraging existing software licenses to further minimize costs.

Mastering AWS_IAM

Oladipupo Abeeb Olanrewaju — Mon, 03 Jul 2023 13:51:17 +0000

#Mastering Identity and Access Management (IAM): 
#Creating Users, Groups, Roles, and Policies"

resource "aws_iam_user" "Example" {
  name = "Tester"
  path = "/"
}

resource "aws_iam_access_key" "Key" {
  user = aws_iam_user.Example.name
}

resource "aws_iam_user_login_profile" "Profile" {
  user                    = aws_iam_user.Example.name
  password_length         = 15
  password_reset_required = true
}

resource "aws_iam_role" "TestRole" {
  name = "Testing"
  path = "/"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect = "Allow"
      Action = "sts:AssumeRole"
      Sid    = "AssumeRole"

      Principal = {
        Service = "ec2.amazonaws.com"
      }
    }, ]
  })

}
resource "aws_iam_group" "Group" {
  name = "DevGroup"
}

resource "aws_iam_group_membership" "Member" {
  name  = "Devs"
  users = [aws_iam_user.Example.name]
  group = aws_iam_group.Group.name
}

resource "aws_iam_policy" "Policy" {
  name = "TestPolicy"
  path = "/"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect   = "Allow"
      Action   = ["ec2:Describe*"]
      Resource = "*"
    }, ]
  })

}

resource "aws_iam_policy_attachment" "Attach" {
  name       = "test-attach"
  users      = [aws_iam_user.Example.name]
  roles      = [aws_iam_role.TestRole.id]
  groups     = [aws_iam_group.Group.name]
  policy_arn = aws_iam_policy.Policy.arn
}

This code is written in HashiCorp Configuration Language (HCL) and is using Terraform, an infrastructure as code tool, to manage Identity and Access Management (IAM) resources in Amazon Web Services (AWS). Let's break down the code and understand what each section does:

Aws_iam_user: This resource defines an IAM user named "Tester" with a specified path ("/"). The user resource is used to create and manage IAM users in AWS.
Aws_iam_access_key: This resource creates an access key for the IAM user defined in the previous resource. Access keys are used for programmatic access to AWS services and resources.
Aws_iam_user_login_profile: This resource creates a login profile for the IAM user. It specifies the user, password length, and sets the password reset requirement. The login profile allows the user to access AWS services using the AWS Management Console.

5.** Aws_iam_role:** This resource creates an IAM role named "Testing" with a specified path ("/"). The role is used to delegate permissions to AWS services or users.

Assume_role_policy: This block specifies the trust policy for the IAM role, which defines who can assume the role. In this case, the role can be assumed by the Amazon EC2 service (identified by "ec2.amazonaws.com").
Aws_iam_group: This resource creates an IAM group named "DevGroup". Groups are used to manage sets of IAM users and apply policies to the group as a whole.
Aws_iam_group_membership: This resource adds the IAM user defined earlier to the "DevGroup" group. The user is associated with the group using its name.
Aws_iam_policy: This resource creates an IAM policy named "TestPolicy" with a specified path ("/"). The policy allows the "ec2:Describe*" action on all resources. Policies are used to define permissions and access control for AWS resources.
Aws_iam_policy_attachment: This resource attaches the IAM policy created in the previous resource to various entities. It attaches the policy to the IAM user, IAM role, and IAM group defined earlier.

users: The IAM user to attach the policy to.
roles: The IAM role to attach the policy to.
groups: The IAM group to attach the policy to.
Policy_arn: The ARN (Amazon Resource Name) of the IAM policy to attach.

These resources and their configurations work together to create IAM users, groups, roles, and policies in AWS, and define the relationships between them.

AWS: Identity Access Management (IAM)

Oladipupo Abeeb Olanrewaju — Mon, 12 Jun 2023 14:40:41 +0000

IAM is a web service that enables AWS clients to manage users and their permissions in AWS. This services enables clients to create users with their own security credentials, controlled and billed to a single AWS account. Users can be created using IAM by the root User who owns the AWS account.

Users can be created using Terraform; Requirements are as follows :
Resources : [iam_user, access_key, user_policy]
data : [policy_document]

Resources code

resource "aws_iam_user" "example" {
  name = "example"
  path = "/System/"
  tags = {
    tag-key = "Valid Key"

  }
}

resource "aws_iam_access_key" "Key" {
  user = aws_iam_user.example.name
}

resource "aws_iam_user_policy" "example" {
  user   = aws_iam_user.example.name
  name   = "learn"
  policy = data.aws_iam_policy_document.Doc.json

Data Code

data "aws_iam_policy_document" "Doc" {
  statement {
    effect    = "Allow"
    actions   = ["ec2:describe*"]
    resources = ["*"]
  }

}

Run terraform apply -auto-approve to add the resources

AWS : Network ACL

Oladipupo Abeeb Olanrewaju — Sat, 25 Mar 2023 15:17:31 +0000

AWS Network ACL (Access Control List)

AWS Network ACL (Access Control List) is a security feature that controls inbound and outbound traffic to and from your Amazon Web Services (AWS) Virtual Private Cloud (VPC).

Network ACLs are stateless, which explicitly must allow both inbound and outbound traffic for each direction. Each subnets within a VPC can have separate network ACLs, and each network ACL can have multiple rules.

Network ACLs allow or deny traffic based on rules that defined. These rules can specify the source and destination IP addresses, ports, and protocols. Network ACLs are evaluated in order, starting with the lowest numbered rule, and the first rule that matches the traffic is applied. If no rules match the traffic, the default rule is applied.

Here is an example of an AWS Network ACL :

resource "aws_network_acl" "main_acl" {
  vpc_id = aws_vpc.main_vpc.id

  egress {
    protocol   = "tcp"
    rule_no    = 200
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 443
    to_port    = 443
  }

  ingress {
    protocol   = "tcp"
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 80
    to_port    = 80
  }

  tags = {
    Name = "main_acl"
  }
}

Network ACLs in conjunction with Security Groups to provide multiple layers of security for a VPC. While Network ACLs operate at the subnet level, Security Groups operate at the instance level.

AWS: Route Table Association & Security Group

Oladipupo Abeeb Olanrewaju — Sat, 11 Mar 2023 18:31:42 +0000

AWS ROUTE TABLE ASSOCIATION

AWS Route Table Association is the process of connecting a subnet in a Virtual Private Cloud (VPC) to a route table. A route table contains a set of rules called routes that are used to determine where network traffic is directed. When a subnet is associated with a route table, the routes in that table determine where the traffic to and from the subnet is routed.

/* AWS ROUTE TABLE ASSOCIATION */
resource "aws_route_table_association" "main_assoc" {
  subnet_id      = aws_subnet.main_publlc_subnet.id
  route_table_id = aws_route_table.main_route_table.id
}

Once a subnet is associated with a route table, the routes in that table determine where traffic is directed to and from the subnet. You can associate a subnet with only one route table at a time, and a route table can be associated with multiple subnets.

AWS SECURITY GROUP

An AWS Security Group acts as a virtual firewall that controls inbound and outbound traffic for one or more Amazon Elastic Compute Cloud (EC2) instances. It acts as a filter that allows certain traffic to enter or leave the EC2 instances while blocking all other traffic.

Each security group has a set of inbound and outbound rules that define the type of traffic that is allowed to enter or leave the associated EC2 instances. You can configure the rules to allow traffic based on the protocol, port number, and IP address range.

resource "aws_security_group" "main_security" {
  name        = "main_security"
  description = "Allow Main inbound Traffic"
  vpc_id      = aws_vpc.main_vpc.id

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

The ingress block is used to define the inbound rules while the egress block is used to define the outbound rules. This is not a secure configuration and should not be used in a production environment. In production, it is important to limit the traffic allowed by a security group to only the necessary protocols, ports, and IP addresses.

AWS Route Table & Route

Oladipupo Abeeb Olanrewaju — Sat, 04 Mar 2023 08:00:21 +0000

An AWS Route Table is a virtual table that contains a set of rules, called routes, that are used to determine where network traffic is directed. Route tables are associated with subnets in a VPC (Virtual Private Cloud) and are used to control the flow of traffic between subnets, the internet, and other networks.

Route tables can be modified to control the flow of traffic between subnets and to configure advanced network routing scenarios. For example, you can create a custom route that directs traffic to a virtual private gateway to enable communication between your VPC and an on-premises network.

Route tables are a critical component of AWS networking and are used to ensure that network traffic is directed to the correct destination.

AWS ROUTE

AWS Route is a service that enables you to create and manage routing rules for your Amazon Web Services (AWS) resources. AWS Route allows you to dynamically route incoming traffic to different AWS services or to external endpoints based on the content of the incoming request.

AWS Route is commonly used to manage traffic between different services within an AWS infrastructure, as well as between external endpoints and AWS services. For example, you can use AWS Route to route traffic to different EC2 instances based on the geographic location of the user requesting the content, or to direct traffic to different AWS services based on the type of request.

AWS ROUTE TABLE && ROUTE
Save the file and run terraform apply in the terminal to see the results.

/* AWS ROUTE TABLE */
resource "aws_route_table" "main_route_table" {
  vpc_id = aws_vpc.main_vpc.id

  tags = {
    Name = "main_rt"
  }
}
/* AWS ROUTE */
resource "aws_route" "main_route" {
  route_table_id         = aws_route_table.main_route_table.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id   =     aws_internet_gateway.main_internet_gateway.id
}

AWS: Subnet & Internet Gateway

Oladipupo Abeeb Olanrewaju — Wed, 22 Feb 2023 12:20:15 +0000

AWS SUBNET

This is a range of IP addresses in your VPC (Virtual Private Cloud) that you can use to isolate resources within your network. A subnet can be associated with a specific availability zone, which is an isolated data center within a region, and can contain resources such as EC2 instances, RDS databases, and more.

AWS INTERNET GATEWAY

This s a horizontally scalable, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It provides a target in your VPC route tables for internet-routable traffic, and performs network address translation (NAT) for instances that have been assigned public IP addresses.

When creating a subnet in AWS, associate it with an internet gateway, which allows instances in that subnet to access the internet otherwise if it is not associated with an internet gateway, there won't be an internet access, unless VPN or Direct Connect connection is being set up.

This is how Aws Subnet & internet gateway are connected using Terraform on Vscode. Follow this link to learn how to set up AWS VPC

For AWS SUBNET

}
//AWS SUBNET 
resource "aws_subnet" "main_publlc_subnet" {
  vpc_id                  = aws_vpc.main_vpc.id
  map_public_ip_on_launch = true
  cidr_block              = "10.0.0.0/24"
  availability_zone       = "us-east-1a"

  tags = {
    Name = "main_subnet"
  }
}

In the code above, we defined the resource aws_subnet and set the name to "main_publlc_subnet" with the Vpc_id set to "aws_vpc.main_vpc.id", which is where we access our VPC. We also created a Subnet resource with the cidr_block set to 10.0.0.0/24, Availability zone set to "us-east-1a" where your resource is allocated and the Name tag set to main_subnet.

Save the file.

Open the terminal in VSCode and run the command terraform apply to create the Subnet. Terraform will show you a preview of the changes that will be made, and if you're happy with them, type yes to confirm and apply the changes or run the command terraform apply -auto-approve to confirm directly and apply changes.

AWS INTERNET GATEWAY (IGW)

//AWS INTERNET GATEWAY
resource "aws_internet_gateway" "main_internet_gateway" {
  vpc_id = aws_vpc.main_vpc.id

  tags = {
    Name = "main_igw"
  }
}

Save the file.

Open the terminal in VSCode and run the command terraform apply to create the Internet Gateway. Terraform will show you a preview of the changes that will be made, and if you're happy with them, type yes to confirm and apply the changes or run the command terraform apply -auto-approve to confirm directly and apply changes.

Once the command finishes executing, you will have a Internet gateway created on your AWS account or check your AWS CLI for internet gateway on the resources.
We hope that you found this blog helpful.

AWS: Create VPC using Terraform CLI

Oladipupo Abeeb Olanrewaju — Sun, 19 Feb 2023 10:25:44 +0000

Amazon Virtual Private Cloud (VPC)

Amazon Web Services (AWS) provides Virtual Private Cloud (VPC) as a service to create a private, isolated network within the AWS Cloud. Using a VPC, you can launch resources such as EC2 instances, RDS databases, and S3 buckets within a virtual network that you control. In this blog, we will walk you through creating an AWS VPC using Terraform on VSCode.

It is a private Network
It can launch resources like EC2 instances in VPC
VPC can isolate and protect resources
It spans across availability zones in a region

Configure Terraform CLI on VScode

Download the Terraform CLI from VScode extension or download it manually through this HashiCorp Terraform. After the installation; create a folder 📂 Terraform where all your terraform files will be accessed and saved on. In your folder, create a file named Providers.tf this is where your Aws resources will be accessed by Aws provider.
The region contains the location where your data center will be.
Profile is the name of your AWS account

After creating the file, run terraform init in your terminal to initialize Terraform configuration.

After this process; create a new file with the .tf extension, e.g., main.tf. In the file, write the Terraform code to create a VPC

In the code above, we defined the provider aws with the region set to us-east-1, which is the region where we want to create the VPC. We also created a VPC resource with the cidr_block set to 10.0.0.0/16 and the Name tag set to main_vpc.

Save the file.

Open the terminal in VSCode and run the command terraform apply to create the VPC. Terraform will show you a preview of the changes that will be made, and if you're happy with them, type yes to confirm and apply the changes.

Once the command finishes executing, you will have a VPC created on your AWS account.

We started by configuring the Terraform CLI and then created a new Terraform project to create a VPC. We hope that you found this blog helpful and that it serves as a starting point for creating more complex infrastructures on AWS using Terraform.

AWS: Using VScode to Create Bucket in AWS S3

Oladipupo Abeeb Olanrewaju — Sun, 29 Jan 2023 12:42:50 +0000

This section talks about creating a bucket in S3. These things are required of you to have:

AWS account
VScode installed

STEP 1:

Download AWS extension and connect your aws account to VScode using the AWS extension.

STEP 2:

On the AWS extension panel; A list of AWS services are listed out such as Lambda, Api Gateway, Cloudformation, S3 etc....
Click on S3 to create your bucket.

STEP 3:

To create a bucket under the S3, The name of the bucket must be unique (i.e the name of the bucket can't be found in that Availability zone).It must contain lowercase letters and number

STEP 4:

The Bucket created is now ready to upload files into it.

Note: Check your AWS Account to see the Bucket created