Amazon VPC Lattice is a fully managed application networking service that you use to connect, secure, and monitor the services and resources for your application

VPC Lattice, you should be familiar with its key components.

• Service
  service can run on EC2 instances or ECS/EKS/Fargate containers, or as Lambda functions, within an account or a virtual private cloud (VPC). A VPC Lattice service has the following components: target groups, listeners, and rules.

• Resource
  Amazon Relational Database Service (Amazon RDS) database, an Amazon EC2 instance, an application endpoint, a domain-name target, or an IP address.

• Resource gateway
  A resource gateway is a point of ingress into the VPC in which resources reside.

• Resource configuration
  A resource configuration is a logical object that represents either a single resource or a group of resources. A resource can be an IP address, a domain-name target, or an Amazon RDS database.

• Service network
  A client can be in a VPC that is associated with the service network. Clients and services that are associated with the same service network can communicate with each other

• Service directory
  A central registry of all VPC Lattice services that you own or are shared with your account through AWS RAM.

• Auth policies
  create a policy for how a payment service running on an auto scaling group of EC2 instances should interact with a billing service running in AWS Lambda.

Auth-policies are not supported on resource configurations. Auth policies of a service-network are not applicable to resource configurations in the service network.

Features of VPC Lattice

You need not be concerned about overlapping IP addresses between VPCs.

• As the traffic is internal between VPCs, you do not need to modify the route table.

Here we go with the usecase - i have hosted 2 web server on 2 instance and make use of vpc lattice

• I have created 2 linux EC2-instance as webserver "poc-server1","poc-server2"

• Both have seperate vpc and security groups to access the port from 80 using http.

• Here are the servers

poc-server1

poc-server2

• request from local machine to verify the web server

VPC lattice connection between the webservers

• Go to VPC dashboard
  Click “Target groups” under the VPC Lattice section of the VPC Console.

• Click “Create target group“.

• Create the target group by instance type,protocol and VPC add the poc-server1 to the target group.

• Follow the same steps for the poc-server2.

Under the VPC Lattice section, click “Services”

• Need to create lattice service to associate the service with service network.

• create vpc lattice service.

• Click “Next”.

• Click “Next” on the next page (the Define routing page).

• Click “Next” on the next page (the Create network associations page).

• Click “Create VPC Lattice Service” on the next page (the Review and create page).

• Follow the same steps for the poc-server2.

VPC Console and click “Service networks” under the VPC Lattice section

• Click “Create service network”. Create a service network

• Under service association attach the services which we created as "poc-server1","poc-server2".

• Under VPC association attach the VPC and security group which we created for the web servers.

• Click “Create service network”

• Go to the "poc-server1" service overview and Click “Routing”

• Click “Add listener”

• Follow the same steps for the service "poc-server2".

• Return to the payment-svc overview and copy the domain name

• VPC Lattice configurations have been completed. Let’s see how the setup works

• Try to access the VPC Lattice domains from the EC2 instances

• VPC lattice Domain address

The following IAM policies use condition keys to create tag-based restriction.

• Before you use tags to control access to your AWS resources, you must understand how AWS grants access. AWS is composed of collections of resources. An Amazon EC2 instance is a resource. An Amazon S3 bucket is a resource. You can use the AWS API, the AWS CLI, or the AWS Management Console to perform an operation, such as creating a bucket in Amazon S3. When you do, you send a request for that operation. Your request specifies an action, a resource, a principal entity (user or role), a principal account, and any necessary request information.

• You can then create an IAM policy that allows or denies access to a resource based on that resource's tag. In that policy, you can use tag condition keys to control access to any of the following:

• Resource – Control access to AWS service resources based on the tags on those resources. To do this, use the_ aws:ResourceTag/key-name_ condition key to determine whether to allow access to the resource based on the tags that are attached to the resource.

ResourceTag condition key

Use the _aws:ResourceTag/tag-key _condition key to compare the tag key-value pair that's specified in the IAM policy with the key-value pair that's attached to the AWS resource. For more information, see Controlling access to AWS resources.

You can use this condition key with the global aws:ResourceTag version and AWS services, such as ec2:ResourceTag. For more information, see Actions, resources, and condition keys for AWS services.

• The following IAM policy allows users to start, stop, and terminate instances that are in the test application tag

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:TerminateInstances"
            ],
            "Resource": "arn:aws:ec2:*:3817********:instance/*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/application": "test"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeTags"
                "ec2:Describedescribe-instance-status"
            ],
            "Resource": "*"
        }
    ]
}

Create the policy and attach the policy to user or role.

• Created 2 instance one is with application tag and other is non tagged.

You can see the tagged instance are able to perform Start and Stop action using the IAM resources tag condition.
non-tagged instance we are not able to perform the same.

• check the status of the instance

• perform the Termination action

reference commands

aws ec2 start-instances --instance-ids "instance-id"

aws ec2 stop-instances --instance-ids "instance-id"

aws ec2 describe-instance-status  --instance-ids "instance-id"

aws ec2 terminate-instances --instance-ids "instance-id"

String condition operators

String condition operators let you construct Condition elements that restrict access based on comparing a key to a string value.

• StringEquals - Exact matching, case sensitive

• StringNotEquals - Negated matching

• StringEqualsIgnoreCase - Exact matching, ignoring case

• StringNotEqualsIgnoreCase - Negated matching, ignoring case

• StringLike - Case-sensitive matching. The values can include multi-character match wildcards (*) and single-character match wildcards (?) anywhere in the string. You must specify wildcards to achieve partial string matches.
  Note
  If a key contains multiple values, StringLike can be qualified with set operators—ForAllValues:StringLike and ForAnyValue:StringLike.

• StringNotLike - Negated case-sensitive matching. The values can include multi-character match wildcards (*) or single-character match wildcards (?) anywhere in the string.

If we need to fetch the S3 bucket storage size we need to trace via individual bucket under metrics we get the storage size.
on one go use the below script to get the bucket name with storage size.

s3list=`aws s3 ls | awk  '{print $3}'`
for s3dir in $s3list
do
    echo $s3dir
    aws s3 ls "s3://$s3dir"  --recursive --human-readable --summarize | grep "Total Size" 
done

1. create the .sh file
2. copy the code on the file
3. Excecute the script to get the s3 bucket details

Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications.

• EC2 is that it deploys isolated VM instances with auto scaling support, and ECS deploys scalable clusters of managed Docker containers.

• Amazon Elastic Compute Service (ECS), Elastic Kubernetes Service (EKS), and AWS Fargate help deploy and manage containers

• AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.

Step-1. Create Cluster and task definition using AWS Fargate

Step-2. Create the services in the cluster.

• Create the service with the task definition family which we created for nginx.

• Once service created we can access the Public IP details from the Task tab.

• Now you able to access the Nginx on the browser with the Public IP.

AWS Lambda is a serverless, event-driven compute service that lets you run code for virtually any type of application or backend service without provisioning or managing servers.

• Lambda functions are efficient whenever you want to create a function that will only contain simple expressions

• Each Lambda function runs in its own container. When a function is created, Lambda packages it into a new container and then executes that container on a multi-tenant cluster of machines managed by AWS.

Step-1.Create the EC2 Instance.

Step-2. Create IAM Roles and policies.

• Create a policy > Select EC2 type >Access level -Write (Stop Instance).

• Add Specific ARN (Details of the EC2 Instance which we need to start/stop)

• We have created separate policy for start/stop the EC2 Instance.

• Create a Role > select entity (AWS Service)>select the use case as "Lambda".

• We have created separate Roles for start/stop the EC2 Instance.

Step-3. Create Lambda function.

• We can add the trigger rule "Event Bridge"

• The similar we create another lambda function for start the EC2 instance and schedule corn job using add trigger"Event bridge"

• It will start/stop EC2 instance using Lambda function.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.

• VPC peering connections are limited on the number of active and pending peering connections that you can have per VPC.

• VPC peering is a technique for securely connecting two or more virtual private clouds, or VPCs

Step-1. As per the above VPC Peering connection architect Create a VPC and subnet and Rout table.

• Associate the subnet with the route table.

Step-2. Create the Internet Gateway and attach the VPC.

• Edit and add the Internet Gateway in the route table.

Step-3. Create the EC2 Instance with VPC-A network settings and Publich IP enabled on the Subnet and Instance.

Step-4. As the above steps we have created another VPC, Subnet and Route table.

• Associate the Subnet on the route table and create EC2 Instance.

Step-5. We need to copy the .pem key from local and paste in the Primary VPC-A to get SSH access for another VPC-B.

• Not getting connect to the secondary VPC EC 2 Instance via SSH.

**Step-6. **Create a peering connection.

• Accept the Peer Request.

Step-7. Add the Secondary IPV4 CIDR range and select the peering connection and save on the Primary Route table.

Step-8. Add the Primary IPV4 CIDR range and select the peering connection and save on the Secondary Route table.

Step-9. Now we able to access the Secondary VPC EC2 Instance through the Primary VPC EC2 Instance via Peering connection.

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can specify an IP address range for the VPC, add subnets, add gateways, and associate security groups.

• users can avoid underutilizing their resources during periods of low demand or overloading their infrastructure during peak periods. Overall, the advantages of using VPC for your infrastructure include improved security, greater flexibility, and scalability.

• We are going to create a VPC on particular availability zone and differentiate with Public and private subnet/Route table as mentioned in the architect diagram.

Step-1. Create a VPC with tag of VPC-A

• Select and make range for IPV4 CIDR, select the No IPV6 CIDR Block.

Step-2. Create a Subnet with the VPC ID we created.

• verify the availability zone and IPV4 VPC CIDR and provide the range of subnet on IPV4 subnet CIDR to create the subnet.

Step-3.Create a Route table

• select the VPC and create the route table
  

• Once route table created associate the subnet with the table. and enable the "Auto assign public IP"

Step-4. Create an Internet gateway and attach it with the VPC which we created.

• Add the Internet gateway on the route table.

Step-5. Create an EC2 instance

• On Network settings select the VPC,subnet,and public IP enable.

• we are able to access the EC2 instance using public IP via SSH.

Step-6. Now we need to create the private subnet and route table, associate the private subnet on the route table.

Step-7. Create an EC2 instance

• On Network settings select the VPC,private subnet.

• Login to the Public VPC Instance and copy the .pem key from the local to get SSH access for the private instance.

• We are able to login public Instance and get connected to Private Instance via Local gateway.

• If we need to access internet on private instance to install any application need to create the NAT gateway.

Step-8.Create a NAT Gateway

• select the public instance subnet range and allocate the "Elastic IP".

Step-9. Add the NAT gateway on the private Route table to get internet access on the private Instance.

• We are successfully login to the public instance via SSH and from the public-EC2 we are able to login to private and access the internet.

kannan@kannan-PC:~$ ssh -i apache.pem ubuntu@13.201.97.155
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1017-aws x86_64)

ubuntu@ip-192-168-1-99:~$ ssh -i apache.pem ubuntu@192.168.2.221
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 6.2.0-1017-aws x86_64)

ubuntu@ip-192-168-2-221:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=1.90 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=1.55 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=50 time=1.56 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.546/1.671/1.904/0.164 ms
ubuntu@ip-192-168-2-221:~$ ping www.google.com
PING www.google.com (142.251.42.4) 56(84) bytes of data.
64 bytes from bom12s19-in-f4.1e100.net (142.251.42.4): icmp_seq=1 ttl=109 time=1.79 ms
64 bytes from bom12s19-in-f4.1e100.net (142.251.42.4): icmp_seq=2 ttl=109 time=1.58 ms

AWS Key Management Service (AWS KMS) lets you create, manage, and control cryptographic keys across your applications and AWS services.

• The service is integrated with other AWS services making it easier to encrypt data you store in these services and control access to the keys that decrypt it.

• Creating KMS key. KMS > Customer managed Keys > Create key

• Install the aws-encryption-cli to encrypt and decrypt the file via CLI.

sudo apt install python3-pip
sudo pip install aws-encryprion-sdk-cli
aws-encryption-cli --version

• AWS CLI commands to encrypt the file

kannan@kannan-PC:~$ aws kms encrypt \
    --key-id alias/kannan1 \
    --plaintext fileb://kms.txt \
    --output text \
    --query CiphertextBlob | base64 \
    --decode > kms_encrypt.txt
kannan@kannan-PC:~$ cat kms_encrypt.txt 
x����X�[���4u|��e�J�Q0X��U�
0f0d0_  `�He.0             p����gWI�u0s *�H��
              YU"�    I����2$y��|e!��l�\nų���5�%�����k�~d��~e�g=�+jI�N@g6ETkannan@kannan-PC:~$ 

• AWS CLI commands to decrypt the file

kannan@kannan-PC:~$ aws kms decrypt \
    --ciphertext-blob fileb://kms_encrypt.txt \
    --key-id alias/kannan1  \
    --output text \                            
    --query Plaintext | base64 \
    --decode > kms_decrypt.txt
kannan@kannan-PC:~$ cat kms_decrypt.txt 
Test line for kms key 

• create directory to store the encrypted and decrypted files

mkdir encrypt
mkdir decrypt

• create a variable to store the arn value which is genetrated for the KMS key

kannankey=arn:aws:kms:ap-south-1:155364343822:key/ef88420b-bbc5-4807-b1f3-c82eb5191c7f

kannan@kannan-PC:~$ cd encrypt/
kannan@kannan-PC:~/encrypt$ ls
example.txt.encrypted  kms.txt.encrypted
kannan@kannan-PC:~/encrypt$ cat kms.txt.encrypted 
xiCeJC�T��mb���w�����/'a8��_aws-crypto-public-keyDA9IoQRQ6f8U3WV8eoVxkQyhEZ1O/QXOXdr9L/Zx6bHP53ZEIfhYq26YJIshCIf8f8Q==aws-kmsLarn:aws:kms:ap-south-1:1550o0m0h��`�He.0���zp~0|-b*�H��807-b1f3-c82eb5191c7f�x4�u���l�\��?����<�Dya
              .�K�B�w
3����>����ǔXnL��U��cj9�1���g�%uray��߳�ɗ���x��0KYf�aE����6�j�@�Ϯ6�_k�!�Q�7x<�ǯ4u��V�6��G�������Vn�v<�%j��龎�����J��vz�u%aÌ�sg0e0b(��)!��
d9�G�Ɩ�.0$����%��
                 V�Ϗc;_���]��fl1�{
                                  o�檈R&\��\&��m6)L\,锌z!��S�<Ɪ,��kannan@kannan-PC:~/encrypt$ 
kannan@kannan-PC:~/encrypt$ cd ..
kannan@kannan-PC:~$ cd decrypt/
kannan@kannan-PC:~/decrypt$ ls
example.txt.encrypted.decrypted  kms.txt.encrypted.decrypted
kannan@kannan-PC:~/decrypt$ cat kms.txt.encrypted.decrypted 
Test line for kms key 

We can encrypt and decrypt the S3 bucket using the KMS key

• EC2 >EBS>Volumes >create volume >enable "Encrypt this volume".

• create an S3 bucket using CLI

kannan@kannan-PC:~$ aws s3 mb s3://kannandemo-bucket
make_bucket: kannandemo-bucket

• select the bucket > properties > edit default encryption

• select "Server-side encryption with AWS Key Management Service keys (SSE-KMS)"

• choose "Choose from your AWS KMS keys"

• It will auto encrypt and decrypt the objects inside the S3 bucket.

To delete the KMS key we need to schedule the key deletion it took minimum 7 day

• Amazon Relational Database Service (Amazon RDS) is a collection of managed services that makes it simple to set up, operate, and scale databases in the cloud. Choose from eight popular engines: Amazon Aurora PostgreSQL-Compatible Edition, Amazon Aurora MySQL-Compatible Edition, RDS for PostgreSQL, RDS for MySQL, RDS for MariaDB, RDS for SQL Server, RDS for Oracle, and RDS for Db2. Deploy on premises with Amazon RDS on AWS Outposts or with elevated access to the underlying operating system and database environment using Amazon RDS Custom.

• Now we are going to create Mysql DB using RDS.we need to confirm the ports allowed in the Security groups of your AWS.

y

• install mysql-client on the local machine

sudo apt install mysql-client -y

Once DB is on available state select >modify >connectivity >public accessibility.

• we can access the DB via terminal with the endpoint id,port username and password

mysql -h demomysqldb.cg35jaodi4xh.ap-south-1.rds.amazonaws.com -P 3306 -u admin -p

kannan@kannan-PC:~$ mysql -h demomysqldb.cg35jaodi4xh.ap-south-1.rds.amazonaws.com -P 3306 -u admin -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 27
Server version: 8.0.33 Source distribution

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.02 sec)

• we can create a PostgreSQL DB with the "Easy create" method

sudo apt install postgresql-client

• Lets see the another method to create a DB with "Standard create"

• install postgresql-client on the local machine

sudo apt install postgresql-client -y

• we can access the DB via terminal with the endpoint id,port username and password

psql --host=database-1.cg35jaodi4xh.ap-south-1.rds.amazonaws.com --port=5432 --username=postgres --dbname=demodb --password

• Amazon Simple Storage Service (S3) Replication is an elastic, fully managed, low cost feature that replicates objects between buckets.

• To automatically replicate new objects as they are written to the bucket, use live replication, such as Cross-Region Replication (CRR). To replicate existing objects to a different bucket on demand, use S3 Batch Replication.

Step1. Now we create source S3 Bucket make sure to enable the versioning and upload one file.

Step2. Create a another Destination S3 bucket with versioning enabled.

Step3. Now on the source Bucket >management >Replication rules.
we need to create these replication rules on the source bucket.

• Choose the destination bucket on the replication rules.alternative you can choose the different AWS account/S3 Bucket to replicate.

• On the "IAM role" create new role for these job.

• Once replication rule has been created need to confirm either you need to replicate existing objects or not.

Step4. At "Create Batch operation job" we are disabling the "Generate completion report" and create new IAM role.

• The file which we uploaded on the source bucket is replicated on the Destination bucket using "Replication Rules".

Step5. If we upload new file/object on the source bucket it will automatically replicate on Destination bucket.

• Similar we can use Cross-Region Replication (CRR).
• To enable CRR, you add a replication configuration to your source bucket. The minimum configuration must provide the following:

The destination bucket or buckets where you want Amazon S3 to replicate objects

An AWS Identity and Access Management (IAM) role that Amazon S3 can assume to replicate objects on your behalf

Amazon S3 to store and retrieve any amount of data at any time, from anywhere.An object consists of a file and optionally any metadata that describes that file.

• Amazon S3 is object storage built to store and retrieve any amount of data from anywhere. S3 is a simple storage service that offers industry leading durability, availability, performance, security, and virtually unlimited scalability at very low costs.

• You can create up to 100 buckets in each of your AWS cloud accounts,If needed, you can request up to 1,000 more buckets by submitting a service limit increase.

• Lets see how to creat a S3 Bucket and upload file.

-On the above we have seen to view the upload files via presigned URL.

• Another way to view the files
  select the file > permissions > Uncheck block all public access.

• Bucket policy > edit bucket policy >Policy generator.

• Open as new tab to generate policy, we have select the s3 bucket policy followed by "Get Object" and copy the Amazon Resource Name(ARN) from the uploaded file.

• Once policy generated copy the policy and paste on the Bucket policy >policy >save.

• Via file "object URL" You can access the file on public.

• AWS S3 Object storage classes, by default comes with "Standard" you can modify via Action >Edit storage class.

• If you modified the local file and uploaded to S3 you want version basis need to enable "Bucket versioning" Properties > Bucket versioning >Edit.

• Once you enabled the versioning able suspend (not to disable)
  

• the file1.txt was edited locally and uploaded to S3 bucket to see the versioning.

Life cycle rule

• A lifecycle policy consists of one or more rules that determine which images in a repository should be expired.

• Lifecycle policies help manage and automate the life of your objects within S3, preventing you from leaving data unnecessarily available. They make it possible to select cheaper storage options if your data needs to be retained, while at the same time, adopting additional security control from Glacier.

1. Click on your bucket.
2. Click on Management tab.
3. Click on Create lifecycle rule.
4. First, give a name for the rule.
5. Then choose a rule scope. ...
6. If you choose to apply the rule to all objects then choose “Apply to all objects in the bucket”. ...
7. You can specify the transition for each option.

• Create a instance with Ubuntu OS and with instance type as t2.nano and selected the existing key pair and security group and set 2 instance to create and launch.

• Run the apdt update and install apache webserver and modify the index.html
  sudo apt update
sudo apt install apache2 -y
sudo rm /var/www/html/index.html
sudo vim /var/www/html/index.html
<h1>Auto Scaling Group with Load Balancer</h1>

• Go to Action >Image and Template > Create Image

• Create an image template by enabling noboot option.

Now create Target group and Load Balancer

• Target Groups was created as "demo-tg"

• Load balancer also created as "demo-lb"

• Launch template was created with the AMI Image.

• Create Auto scaling Group >Select the template >Select all network availability zone >Select Load balancing.

• On Load balancing setup select the "Attach to an existing Load Balancer"

• Group size >Desired capacity as 2 >Traget tracking scaling policies,Set Execute policy with CPU utilisation exceeds 50.

• Select instance maintance policy as "Launch before Terminating"

• Add Notification >Create a topic and provide name of the topic and email ID to send notification > Unselect "Fail to launch & Terminate"

• Auto Scaling group has been create and launch the Instance from the AMI Image Template. you can monitor on the Activity tab.

• Verfiy the instance status

• On Cloud watch > Alarms> verify the scaling target alarm in detail.

• Login to the 2 instance created by Auto Scaling groups and execute these commands to see the CPU utilisation and execute the cmd to exceed the CPU utilisation. top yes > /dev/null &

ubuntu@ip-172-31-1-56:~$ yes > /dev/null &
[1] 918
ubuntu@ip-172-31-1-56:~$ top

top - 15:16:41 up 18 min,  1 user,  load average: 0.08, 0.02, 0.01
Tasks: 101 total,   2 running,  99 sleeping,   0 stopped,   0 zombie
%Cpu(s): 75.0 us, 25.0 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
MiB Mem :    446.5 total,     24.5 free,    148.0 used,    274.0 buff/cache
MiB Swap:      0.0 total,      0.0 free,      0.0 used.    269.6 avail Mem 

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                            
    918 ubuntu    20   0    5764   1920   1920 R  93.8   0.4   0:05.42 yes                           

• It will exceed the CPU utilisation and trigger the ASG with Load balancer and create another instance.

• Cloud watch Alram Notification.

• To kill the cmd which we have run to exceed the CPU utilisation.Run the cmd with kill "PID".

ubuntu@ip-172-31-1-56:~$ kill 918
ubuntu@ip-172-31-1-56:~$ top

top - 15:33:28 up 35 min,  2 users,  load average: 0.85, 0.94, 0.68
Tasks:  98 total,   1 running,  97 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
MiB Mem :    446.5 total,     17.4 free,    152.4 used,    276.6 buff/cache
MiB Swap:      0.0 total,      0.0 free,      0.0 used.    265.1 avail Mem 

    PID USER      PR  NI    VIRT    RES    SHR S  %CPU  %MEM     TIME+ COMMAND                                            
      1 root      20   0  166200  11352   8280 S   0.0   2.5   0:04.58 systemd         

• Create a instance with Ubuntu OS and with instance type as t2.nano and selected the existing key pair and security group and set 2 instance to create and launch.

• Run the apdt update and install apache webserver and modify the index.html
  sudo apt update
sudo apt install apache2 -y
sudo rm /var/www/html/index.html
sudo vim /var/www/html/index.html
<h1>Testing for Auto Scaling Group</h1>

• Go to Action >Image and Template > Create Image

• set as noboot and create image

• Once image created Stop and Terminate the instance which we created

• Instance >Launch template >Create the launch template>Select AMI image.

• Instance type s t2.nano>select keypair >Existing security group> Advance Network Configuration >Enable "Auto Assign IP"

• Create Auto scaling Group >Select the template >Select all network availability zone >Select No Load balancing.

• Group size >Desired capacity as 1 >No scaling policies

• Select instance maintance policy as "Launch before Terminating"

• Add Notification >Create a topic and provide name of the topic and email ID to send notification > Unselect "Fail to launch & Terminate"

• Add Tag

• Once done Review all the settings and create a auto scaling group

• Verify the email and confirm the notification subscription

• Auto Scaling group has been create and launch the Instance from the AMI Image Template. you can monitor on the Activity tab.

• Verfiy the instance status

.

• If you stop the instance ASG-1 it will create the new instance using Auto scaling group monitor the process on the ASG Activity.

• These how auto scaling group works without load balancer.

Here We are going to see how to add volumes on the instance using Elastic Block Storage(EBS)

• Create a EC2 Instance with Ubuntu OS and with instance type as t2.nano and selected the existing key pair and security group to launch the instance.

• Go to Elastic Block store select volumes

• Create a Volume and set 10 GB as additional storage

• Once volume is created attach the volume on the instance which we created

• login to the instance via ssh and view the attached volume using list block "lsblk"and formate the file system type to "ext4"

kannan@kannan-PC:~$ ssh -i apache.pem ubuntu@3.110.83.63

ubuntu@ip-172-31-47-222:~$ df -Th
Filesystem     Type   Size  Used Avail Use% Mounted on
/dev/root      ext4   7.6G  1.6G  6.0G  21% /
tmpfs          tmpfs  224M     0  224M   0% /dev/shm
tmpfs          tmpfs   90M  832K   89M   1% /run
tmpfs          tmpfs  5.0M     0  5.0M   0% /run/lock
/dev/xvda15    vfat   105M  6.1M   99M   6% /boot/efi
tmpfs          tmpfs   45M  4.0K   45M   1% /run/user/1000
ubuntu@ip-172-31-47-222:~$ lsblk
NAME     MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0      7:0    0  24.6M  1 loop /snap/amazon-ssm-agent/7528
loop1      7:1    0  55.7M  1 loop /snap/core18/2790
loop2      7:2    0  63.5M  1 loop /snap/core20/2015
loop3      7:3    0 111.9M  1 loop /snap/lxd/24322
loop4      7:4    0  40.8M  1 loop /snap/snapd/20092
xvda     202:0    0     8G  0 disk 
├─xvda1  202:1    0   7.9G  0 part /
├─xvda14 202:14   0     4M  0 part 
└─xvda15 202:15   0   106M  0 part /boot/efi
xvdf     202:80   0    10G  0 disk 

ubuntu@ip-172-31-47-222:~$ sudo file -s /dev/xvdf
/dev/xvdf: data
ubuntu@ip-172-31-47-222:~$ sudo mkfs -t ext4 /dev/xvdf
mke2fs 1.46.5 (30-Dec-2021)
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: adc5036f-9501-4b72-951e-1cf30aa4bf72
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done 

• To mount the formatted volume we need to create a directory we can mount the volume with file name or UUID

ubuntu@ip-172-31-47-222:~$ sudo mkdir /data
ubuntu@ip-172-31-47-222:~$ sudo file -s /dev/xvdf
/dev/xvdf: Linux rev 1.0 ext4 filesystem data, UUID=adc5036f-9501-4b72-951e-1cf30aa4bf72 (extents) (64bit) (large files) (huge files)

ubuntu@ip-172-31-47-222:~$ sudo mount UUID=adc5036f-9501-4b72-951e-1cf30aa4bf72 /data
ubuntu@ip-172-31-47-222:~$ df -Th
Filesystem     Type   Size  Used Avail Use% Mounted on
/dev/root      ext4   7.6G  1.6G  6.0G  21% /
tmpfs          tmpfs  224M     0  224M   0% /dev/shm
tmpfs          tmpfs   90M  844K   89M   1% /run
tmpfs          tmpfs  5.0M     0  5.0M   0% /run/lock
/dev/xvda15    vfat   105M  6.1M   99M   6% /boot/efi
tmpfs          tmpfs   45M  4.0K   45M   1% /run/user/1000
/dev/xvdf      ext4   9.8G   24K  9.3G   1% /data

• If we reboot the instance the attached volume will not detected to keep detect after reboot or restart the instance we need to backup the volume file.

ubuntu@ip-172-31-47-222:~$ sudo cp /etc/fstab /etc/fstab.backup
ubuntu@ip-172-31-47-222:~$ sudo vi /etc/fstab

• make an volume file entry on the "sudo vim /etc/fstab"

on the above path we can use either path or UUID of the volume.
Mount the Volume file

ubuntu@ip-172-31-47-222:~$ sudo mount -a
ubuntu@ip-172-31-47-222:~$ df -Th
Filesystem     Type   Size  Used Avail Use% Mounted on
/dev/root      ext4   7.6G  1.6G  6.0G  21% /
tmpfs          tmpfs  224M     0  224M   0% /dev/shm
tmpfs          tmpfs   90M  844K   89M   1% /run
tmpfs          tmpfs  5.0M     0  5.0M   0% /run/lock
/dev/xvda15    vfat   105M  6.1M   99M   6% /boot/efi
tmpfs          tmpfs   45M  4.0K   45M   1% /run/user/1000
/dev/xvdf      ext4   9.8G   24K  9.3G   1% /data

Now the Volume file were mounted permanently.

We are going to see how to create a Elastic Load Balancer(ELB)

Step 1. we need to create and launch the instance with Ubuntu OS and with instance type as t2.nano and selected the existing key pair and security group and set 2 instance to create and launch.

Step 2. Edit the name as app_server-1 and app_server-2 for identification.
login via ssh using the public IP of each instance and do the "sudo apt update","sudo spt install apache2 -y" remove the index.html file and create and edit new index.html file.
Enable & verify the status of the service using "sudo systemctl enable apache2", "sudo systemctl status apache2".
verify the apache application by running "curl @(pubilc IP of EC2-Instance)"

kannan@kannan-PC:~$ ssh -i apache.pem ubuntu@13.234.122.186

ubuntu@ip-172-31-35-171:~$ sudo apt update

ubuntu@ip-172-31-35-171:~$ sudo apt install apache2 -y

ubuntu@ip-172-31-35-171:~$ sudo rm /var/www/html/index.html 
ubuntu@ip-172-31-35-171:~$ sudo vi /var/www/html/index.html 

ubuntu@ip-172-31-35-171:~$ sudo systemctl enable apache2
Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2
ubuntu@ip-172-31-35-171:~$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-11-27 13:37:55 UTC; 1min 37s ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 2249 (apache2)
      Tasks: 55 (limit: 517)
     Memory: 6.4M
        CPU: 39ms
     CGroup: /system.slice/apache2.service
             ├─2249 /usr/sbin/apache2 -k start
             ├─2251 /usr/sbin/apache2 -k start
             └─2252 /usr/sbin/apache2 -k start

Nov 27 13:37:55 ip-172-31-35-171 systemd[1]: Starting The Apache HTTP Server...
Nov 27 13:37:55 ip-172-31-35-171 systemd[1]: Started The Apache HTTP Server.

ubuntu@ip-172-31-35-171:~$ curl @13.234.122.186
<h1>Application running on server-1</h2>

Step 3.Follow the above same procedure for the second instance and verify.

ubuntu@ip-172-31-34-163:~$ sudo rm /var/www/html/index.html 
ubuntu@ip-172-31-34-163:~$ sudo vi /var/www/html/index.html 
ubuntu@ip-172-31-34-163:~$ curl @13.109.139.153
<h1>Application running on server-2</h1>

Now 2 apache application is running on the two instance.

Step 4. Create a Target group

Step 5. Create a Load Balancer

Step 6.Select and create Application load balancer type.

Step 7.Set the basic configuration

Step 8. Set Network mapping

Step 9. Set security group and select the target groups which we have created.

Step 10. On the summary tab we need to verify the settings and create the load balancer. it took approx 5 mins for provisioning.

Step 11. Once the ELB has been active open and copy the DNS and verify on the browser for every refresh it will change the instance using ELB.