DEV Community: Jully Achenchi

30 days of AWS - Part 6: AWS Security

Jully Achenchi — Fri, 19 Jul 2024 14:18:25 +0000

Ever heard of the saying, "A group is only as good as its weakest link?" So it goes security in the cloud. Your workloads are only as good as the security measures put around it.

Cloud security is a pillar of AWS. Under the shared responsibility model, AWS is responsible for the security of the cloud, and the customers are responsible for the security in the cloud.

In this module, we'll look at:

AWS Identity and Access Management (IAM)
AWS shared responsibility model
Securing a new AWS account
Securing data on AWS

AWS Shared responsibility model

AWS

Operates, manages, and controls the components from the software virtualization layer to the physical security of the facilities where AWS services operate.
AWS is responsible for protecting the infrastructure that runs all the services offered in AWS cloud. This is composed of the hardware, software, networking, and facilities that run the services.

The Customer

Responsible for the encryption of data at rest and in transit.
Responsible for the management of security credentials and logins.
Responsible for the configuration of security groups and configuration of the operating system that runs on compute instances that they launch.

AWS Identity and Access Management (IAM)

AWS IAM is a service/tool that lets you define individual user accounts with permissions across AWS resources. Such permissions include: launching, configuring, managing, and terminating resources.

IAM is a feature of your AWS account and it is offered at no additional charge.

Essential components of IAM

IAM User - A person or application that is defined in an AWS account.

IAM Group - A collection of IAM users. IAM groups are used to simplify and manage permissions to multiple users.

IAM Policy - A document that defines permissions to determine what users can do in the AWS account. It is written in JSON format.

IAM Role - It is a tool for granting temporary access to specific AWS resources in an AWS account.

Authentication and Authorization

Authentication
Authentication refers to proving your identity as a user to a system.
IAM users can be granted 1 of 2 types of access:

a. Programmatic access
Authentication is done using:

Access Key ID
Secret access key

b. AWS Management console
Authentication is done using:

12-digit account ID or alias
IAM User name
IAM password
If MFA is enabled, you'll be prompted to provide the MFA code.

Authorization
The process of determining what permissions a user, service, or application should be granted. This is achieved through the policies you have attached to a user or group.

By default, IAM users do not have permission to access any resources or data in an AWS account.

The principle of least privilege is a concept in computer security that promotes that you grant only the minimal user privileges needed to the user(s) based on need.

IAM Policies

IAM policies are of two types:
- Identity-based policies - Policies that you attach to a user, group, or role
- Resource-based policy - Policies that you attach to a resource such as an S3 bucket.

Securing a new AWS Account: Account Root User

Best practices

Step 1: Stop using the account root user as soon as possible

After creating a new AWS account, navigate to the IAM service and create an IAM user as yourself with AWS management console access enabled. Save the IAM access key and secret access key if needed.
Create an IAM group and give it full administration access. Add the created IAM user to the group.
Disable and remove your account root user access keys if they exist.
Sign in to your account using the IAM credentials.

Step 2: Enable Multi-factor Authentication
This is an additional layer of security to your AWS account.

Step 3: Use AWS CloudTrail

CloudTrail is a service that tracks user activity on your account.
Basic AWS CloudTrail event History is enabled by default at no cost.

Step 4: Enable a billing report, such as the Cost and Usage report

Billing reports provide information about your use of AWS resources and estimated costs for that use.
AWS delivers these reports to an S3 bucket of your choice.

Securing data on AWS

Encryption of data at rest

Data encryption - Taking data that is legible and encoding it so that it is unreadable to anyone who does not have access.

Data at rest is data that is physically stored on disk or on tape.

Encryption of data in transit

Data in transit is data moving across a network.

Encryption of data in transit is accomplished by using Transport Layer Security (TLS), which was formerly known as Secure Sockets Layer (SSL).

TLS/SSL - Certificates that are used to secure network communications and establish the identity of websites over the internet, and also resources on a private network.

AWS certificate manager

A service that enables you to provision, manage, and deploy SSL to TLS certificates
It also handles certificate renewals.

30 days of AWS - Part 5: AWS Databases

Jully Achenchi — Fri, 19 Jul 2024 11:53:45 +0000

Welcome to part 5 of 8 of the 30 days of AWS challenge

Database- A collection of data that is stored digitally and can be accessed digitally.

AWS offers a wide range of Databases that a customer can choose from depending on their use case(s). AWS database services can be classified into two categories: Relational databases and non-relational databases.

Relational Databases

Relational databases work with structured data that is organized by tables, records, and columns.

Relational databases use Structured Query Language (SQL).

1. Amazon Relational Database Service (AWS RDS)

Amazon RDS is the major relational database offered by AWS.
It is a fully managed service.
Definition of managed - Scaling, fault tolerance, and availability are built into the service.

Under the shared responsibility model, AWS is responsible for:

OS installations and patches
Database software installation and patches
Database backups
Scalability
High availability
Racking and stacking of servers
Server maintenance

The customer is responsible for:

Application optimization

Amazon RDS supports the following 6 database engines: MySQL, Amazon Aurora, Microsoft SQL Server, PostgreSQL, MariaDB, and Oracle.

Features of Amazon RDS for Disaster Recovery

a. High availability with Multi-AZ deployment

This is one of the powerful features of Amazon RDS. The customer can configure their database(s) instance(s) for high availability with Multi-AZ deployment.

Once configured, Amazon RDS automatically generates a standby copy of the db instance in another Availability Zone within the same VPC.

After seeding (the process of uploading data that is already present in your main DB instance) the database copy, transactions are synchronously replicated to the standby copy.

In the event of failure of the main database instance in a Multi-AZ deployment, Amazon RDS automatically brings the standby database instance online as the new main instance.

Here's the basic architecture of the RDS multi-AZ deployment:

b. Amazon RDS read replicas

Read Replica - Operates as a database instance that allows only read-only connections

Amazon RDS supports the creation of read replicas for MySQL, MariaDB, PostgreSQL, and Amazon Aurora.

Features of read replicas

Offers asynchronous replication
A read replica can be promoted to a primary DB instance if need be.
Read replicas can be created in a different region than the primary database.

When to use read replicas

It is used for read-heavy database workloads
It is used to offload read queries

Use cases of Amazon RDS

1. Web and Mobile applications - It is suitable for applications that need a database with high throughput, massive storage scalability, and high availability.
2. E-commerce applications - For small and large e-commerce businesses, Amazon RDS offers a flexible, secure, and low-cost database solution for online sales and retailing.
3. Mobile and online games - Amazon RDS provides a platform with high throughput and availability.

2. Amazon Redshift

It is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools.

3. Amazon Aurora

Amazon Aurora is a MySQL and PostgreSQL relational database built for the cloud.

Amazon Aurora is a managed service.

Aurora is designed to automate time-consuming tasks like provisioning, patching, backup, recovery, failure detection, and repair.

Amazon Aurora is designed to be highly available: it stores copies of data in multiple AZs with continuous backups to Amazon S3.

Non-Relational Databases

A non-relational database is any database that does not follow the relational model that is provided by the relational database management systems.

Non-relational databases were developed to overcome the limitations of relational databases in handling variably structured data.

1. Amazon DynamoDB

DynamoDB is a fast and flexible fully managed NoSQL database service for all applications that need consistent single-digit millisecond latency.

With Amazon DynamoDB, you can:

Create tables and items
Add items to the table

The system automatically partitions your data and has table storage to meet workload requirements.

There is no practical limit to the number of items that you can store in a table.

Use cases of Amazon DynamoDB

a. Social media applications - Community-based applications, such as online gaming, and photo-sharing apps, have unpredictable usage patterns with the potential to go viral anytime. The elasticity and flexibility of Amazon DynamoDb make it suitable for such high-volume, variable workloads.

b.Serverless applications - DynamoDB provides a durable backend for storing data at any scale.

c. High volume special events - Such as electoral campaigns that are of relatively short duration and have variable workloads. Amazon DynamoDB lets you increase and decrease capacity as needed

2. Amazon DocumentDB

It is a fully managed document database service.

It is scalable, highly available, and compatible with MongoDB.

With it, you can store, index, and query JSON files.

Use cases of DocumentDB

Content and catalog management - This includes online publications, point-of-sale terminals, and digital archives.
Profile management - This includes user preferences, authentication profiles, and online transactions.

Other Non-relational databases offered by AWS include:

Amazon ElastiCache - It is a fully managed, in-memory data store. This service improves the performance of web applications.
Amazon Neptune - It is a fully managed graph database service.

30 days of AWS - Part 3: AWS Well-Architected Framework

Jully Achenchi — Tue, 02 Jul 2024 18:56:01 +0000

Definition

To put it simply, the AWS well-architected framework is a collection of best practices and guidelines for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud.

It is built upon 6 pillars. Namely:

Security
Cost optimization
Operational excellence
Reliability
Efficiency
Sustainability

Acronym to remember it by: S-C-O-R-E-S

Operational Excellence

Focus - Run and monitor systems to deliver business value. Continually improve and support processes and procedures.

Key Topics

Automating changes
Responding to events
Defining standards to maintain daily operations

Design Principles

Perform operations as code- Define the entire workload as code and update it with code.
Make frequent, small, reversible changes- Design workloads that can be updated regularly. Make provision for reversible changes in small increments.
Refine operations procedures frequently- Look for opportunities to improve operations procedures.
Anticipate failure- Identify potential failure sources so they can be removed or mitigated.
Learn from all operational failures-Drive improvement through lessons learnt from all operational events and failures.

Security

Focus- Protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Key topics

Protecting confidentiality and integrity of data
Identifying and managing who can do what
Protecting systems
Establishing controls to detect security events

Design Principles

Implement a strong identity foundation- Make use of the principle of least privilege. Enforce separation of duties with appropriate authorization. Centralize privilege management. Reduce or eliminate the use of long-term credentials.
Enable traceability- Monitor, alert, and audit actions and changes to your environment in real time. Integrate logs and metrics to automatically take action.
Apply security at all layers- Apply defense in depth and apply security controls to all layers of your architecture.
Automate security best practices- Automate security mechanisms to improve your ability to securely scale more rapidly and cost-effectively.
Protect data in transit and at rest- Classify your data into sensitivity levels and use mechanisms such as tokenization, encryption, and access control.
Keep people away from data- Create mechanisms and tools to reduce or eliminate direct data access.
Prepare for security events- Run incident response management simulations and use automation tools to increase your detection, investigation, and recovery speed.

Reliability Pillar

Focus- Ensure a workload performs its intended functionality correctly and consistently when it's expected to.

Key topics

Recovery planning
Handling change
Designing distributed systems

Design principles

Stop guessing capacity- Monitor demand and system usage, and automate the addition or removal of resources.
Manage change in automation- Use automation to make changes to infrastructure.
Scale horizontally to increase aggregate workload availability- Replace one large resource with multiple smaller resources and distribute requests across these resources.
Automatically recover from failure- Monitor systems for key performance indicators and configure your systems to trigger an automated recovery in case of a breach.
Test recovery procedures- Test how your systems fail and validate your recovery procedures.

Performance Efficiency pillar

Focus- Use IT and computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes.

Key topics

Selecting the right resource types and sizes based on workload requirements
Monitoring performance
Making informed decisions to maintain efficiency as business needs evolve.

Design Principles

Go global in minutes- Deploy systems in multiple regions to reduce latency and enhance customer experience at minimal cost.
Experiment more often- Perform comparative testing of different types of service configurations.
Use serverless architectures- Serverless architectures remove the operational burden of running and maintaining servers.
Democratize advanced technologies- Consume technologies as a service. This enables teams to focus on product development instead of resource provisioning and management.
Consider mechanical sympathy- Use the technology approach that aligns best to what you are trying to achieve.

Cost optimization pillar

Focus- Avoid unnecessary costs

Key topics

Understanding and controlling where money is being spent
Selecting the most appropriate and right number of resource types
Analysing spending over time
Scaling to meet business needs without overspending

Design principles

Implement cloud financial management- Build capability through knowledge building, programs, resources, and processes to become a cost-efficient organization.
Adopt a consumption model- Pay only for the computing resources that you require.
Measure overall efficiency- Measure the business output of the workload and costs that are associated with delivering it. Use this measure to know the gains that you make from increasing output and reducing costs.
Stop spending money on undifferentiated heavy lifting- Focus on your customers and business projects instead of the IT infrastructure such as racking, stacking, and powering services.
Analyse and attribute spending-

30 days of AWS - Part 4: AWS Storage

Jully Achenchi — Tue, 02 Jul 2024 12:55:18 +0000

Welcome to part 4 of 8 of the '30 days of AWS'.

Cloud storage is a critical component in cloud computing because it holds information that is accessed by your applications. Cloud storage is typically more reliable, secure, and scalable than on-premise alternatives.

AWS cloud storage offers storage options in 3 categories:

Object storage i.e S3
Block storage i.e EBS
File storage i.e EFS

The most common form of storage is object storage

Cloud storage types

1. Object storage

Data is managed as individual objects.
Each object includes the data itself, the metadata, and a globally unique identifier.
The object storage service in AWS is AWS Simple Storage Service (AWS s3)

2. Block storage

Block storage breaks up data into blocks and then stores those blocks as separate pieces, each with a unique identifier.
Block storage is typically more expensive than object storage and file storage but it provides the following:

low latency
High and consistent performance

The block storage service in AWS is the AWS Elastic Block Storage (EBS).

3. File storage

In file storage, data is stored in files and the files are organized in folders, and the folders are organized under a hierarchy of directories and subdirectories.
The file storage service in AWS is the AWS Elastic File System (AWS EFS).

Let's delve deeper into each one of them.

AWS Simple Secure Storage (s3)

Amazon s3, as mentioned earlier, is an object-level storage option.
Amazon s3 stores data within resources called *buckets *

Amazon s3 features

S3 is designed to deliver 99.999999999% (yap, 11 9's) durability for objects stored in the service and
S3 supports multiple security and compliance certifications.
You can store any type of file in s3

Use cases of S3

1. Backup and Disaster Recovery
The Cross Region Replication (CRR) feature in AWS s3 automatically replicates data across regions while maintaining maximum durability and availability.

Amazon S3 versioning feature, when enabled, automatically keeps multiple variants of an object in the same bucket. This makes it easier to recover these files or older versions.

2. Big data and analytics
S3 offers an in-place querying functionality, which is used to run analytics on data stored in S3.

3. Content distribution
S3 can be used to store static content, such as images, videos, and downloadable files. This content can be distributed globally to users by leveraging Amazon CloudFront, a content delivery network (CDN).

4. Data Archiving
Amazon S3 offers several storage class tiers, including the Amazon S3 Glacier, a durable and cost-effective archiving solution.

AWS S3 storage classes

Amazon s3 offers 7 different storage classes that are designed for different use cases.

These classes include:
a. Amazon S3 standard

it supports frequently accessed data that requires low latency and high throughput.
It is designed for high durability, availability, and performance
Use cases include: hosting dynamic websites, content distribution, mobile and gaming applications, and big data analytics.

b. Amazon S3 Intelligent-Tiering

This storage class is designed to optimize costs by automatically moving data to the most cost-effective tier, without affecting performance impact.
S3 monitors access patterns of the objects in S3 intelligent-tiering and if objects have not been accessed for 30 consecutive days, the objects are moved to the infrequent access tier (IA).
If an object in the IA tier is accessed, it is automatically moved back to the frequent access tier.

c. Amazon S3 standard Infrequent-Access (S3-standard-IA)

It is used for data that is accessed less frequently but requires rapid access when needed.

d. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

It is used for data that is accessed less frequently but requires rapid access when needed.
The difference between this and S3 standard IA is that S3 One Zone-IA stores data in a single availability zone.

e. Amazon S3 Glacier Instant Retrieval

It is a secure, durable, and low-cost storage class for data archiving.
This storage class can retrieve objects within a few milliseconds.
There is a trade-off to the low-cost storage: Retrieving data from the Glacier Instant Retrieval incurs a higher cost per GB compared to the s3 standard.

f. Amazon S3 Glacier Flexible Retrieval

It is a low-cost storage designed for data archiving
This storage class retrieves objects within a few minutes to hours.

g. Amazon S3 Glacier Deep Archive

This is the lowest-cost storage class for Amazon S3.
It supports long-term retention and digital preservation of data that might be accessed once or twice a year.
All objects stored here are replicated and stored across 3 geographically dispersed AZs.
These objects can be restored within 12 hours.

Naming conventions of S3 buckets

Names MUST be unique across all AWS accounts; within and without your organization. In other words, there aren't 2 S3 buckets that share a name in AWS.
Names must be 3 to 63 characters in length
Names can only contain lowercase letters, numbers, and hyphens

Amazon S3 pricing

You pay for what you use which includes:

GBs per month (Storage class)
Transfer OUTs to other regions
PUT, COPY, POST, GET, and LIST requests

Amazon Elastic Block Storage (EBS)

Amazon EBS provides persistent block storage volumes for use with Amazon EC2 instances.

Persistent storage - It is any data storage device that retains data after power to that device is shut off.

Features of Amazon EBS

Amazon EBS is automatically replicated within its Availability Zone.
EBS offers consistent and low-latency performance needed to run workloads.
EBS volume data persists independently of the life of the instance attached to it.
You can attach multiple EBS volumes to an instance.
EBS volumes must be in the same Availability Zone as the instances they are attached to.

A backup of an Amazon EBS is called a snapshot. The first snapshot is called the baseline snapshot

Any other snapshot after the baseline snapshot captures only what is different from the previous snapshot.

Amazon EBS volume types

The volume types differ in performance characteristics and price.

Volume types
1. Solid-state drive (SSD) volumes

Optimized for transactional workloads involving frequent read/write operations.
They are usually preferred in cases where high Input/Output Operations per Second (IOPS) is required.
SSD-backed volume types include:General purpose SSD and Provisioned IOPS SSD

2. Hard Disk Drive (HDD)

Are optimized for large streaming workloads where the dominant performance attribute is throughput

What is throughput? - It is a measure of the amount of data transferred to and from a storage device per second.

HDD volume types include: Throughput optimized HDD and Cold HDD

Use Cases of Amazon EBS

a. Boot volumes and storage for Amazon EC2 instances.
b. Database hosts
c. Data storage with a file system

Amazon Elastic File System (EFS)

EFS provides simple, scalable, and elastic file storage for use with AWS services.
EFS uses the Network File System (NFS) protocol

What is a Network File System (NFS) protocol?
It is a file system protocol that allows a user on a client computer to access files over a network the same way they would access a local storage file.

Features of Amazon EFS

It is built to dynamically scale on demand without causing disruptions.
It is well suited for big data and analytics, web serving, media processing workflows, and home directories.
It can scale up to petabytes
By default, you can create up to 10 file systems per AWS account.
It can concurrently be connected to 1 to 1000s of EC2 instances from multiple AZs.

Use cases of EFS volumes

Web serving and content management
Media and entertainment
Shared and home directories
Database backups
Big data analytics

Creating an EFS

An EFS is created within an Amazon Virtual Private Cloud (VPC) and must be attached to an EC2 instance within the same VPC.

The VPC, EC2 instance, and EFS itself must all reside in the same region.

The EFS file system is mounted on the VPC using the NFS versions 4.0 and 4.1

There are 2 categories of file systems:

Regional file systems - It stores data redundantly across multiple AZs. You can create a mount target in each AZ in the region.
One zone file systems - It stores data redundantly within a single AZ. Only a single mount target is created.

What is a mount target? - IIt is an elastic network interface that 'exposes' the EFS to your VPC. Your client accesses the EFS by connecting to the mount target(s).

Amazon EFS infrastructure

In the illustration above, the VPC spans across 3 AZs and each Availability Zone has one mount target created in it.

Accessing the file system from a mount target within the same AZ is recommended for performance and cost reasons.

One of the Availability Zones has 2 subnets. However, a mount target is created in only one of the subnets.

Contents of the file system

a. Mount target

The mount target ID
The subnet ID for the subnet where it was created
The file system ID
An IP address where the file system is mounted
The mount target state

b. Tags

Key-value pair

Thank You for making it to the end 🍾🍾
See you in the next one.

30 Days of AWS- Part 2: AWS Compute

Jully Achenchi — Thu, 13 Jun 2024 17:53:55 +0000

Welcome to part 2 of 8 of this series "30 days of AWS". While each article delves into a different aspect of AWS, rest assured that they are all interconnected and are building blocks to any given solution.

AWS compute is powered by several services that accomplish different tasks. These services are:

Amazon Elastic Cloud Compute (EC2)
AWS Lambda
AWS Elastic Beanstalk
Amazon EC2 Auto Scaling
Amazon Elastic Container Registry
Amazon Elastic Container Services
Amazon Fargate
Amazon Elastic Kubernetes Services
Amazon Lightsail

In this article, my focus will be on Amazon EC2 and we will look at:

EC2 instances - Types, pricing, and use cases.
AWS global infrastructure - Regions, Availability zones, and edge locations
Provisioning 2 EC2 instances in different availability zones in the same region

What is an EC2 instance?

An EC2 instance is a virtual server that allows users to run applications in the AWS cloud.

What is a server?
A server is a computer program or device that provides a service to another computer program and its users, also known as the client

Types of EC2 instances

EC2 instances are divided into 5 categories.

The table below summarizes the instance types, their characteristics, and examples.

Instance type	Characteristics	Instance families
1. General purpose instances	- The computation, memory, and networking resources in general-purpose instances are balanced	M7, M6, M5, Mac, T2 and T3 families
2. Compute-optimized instances	- Great for compute-intensive tasks that require high-performance processor
	Suitable for applications that demand high CPU power.	C5, C6, and C7 families
3. Memory-optimized instances	- These instances are geared for workloads that need huge datasets to be processed in memory. Memory here means RAM which allows us to do multiple tasks at the same time.	X1, X2, High Memory, R5, R6, R7, and R8 families.
4. Storage optimized instances	- Great for storage-intensive tasks that require high, sequential read and write access to huge datasets	I4, I3, D2, D3, and H1
5. Accelerated computing	- These instances provide the highest performance in Amazon EC2 for deep learning and high-performance computing (HPC).	P2, P3, P4, P5, G3, G4, G5, G6, Trn1, Inf1, Inf2, DL1, DL2q, F1, and VT1

Amazon EC2 pricing models

1. On-demand instances

You pay for what you use
It has the highest cost and no upfront payment is made.
It is recommended for short-term and un-interrupted workloads, where you can’t predict how an application will behave

2. Reserved instances

Reserved instances are a flexible pricing option and help reduce costs compared to On-Demand prices by committing to a specified amount of usage for a 1 or 3-year term.
You can save up to 72% compared to On-Demand prices with the discounted savings plan rate.
Recommended for steady-state usage application.

3. Spot instances

Spot instances allow you to use unused EC2 capacity in the AWS cloud and can offer up to 90% off on-demand prices.
Instances run as long as they are available and they can be interrupted at any time by AWS.
It is best used for workloads that can withstand interruptions. You are given a 2-minute notice before interruptions.

4. Dedicated hosts

This is a physical server with an EC2 instance capacity fully dedicated to your use

AWS Global Infrastructure

The AWS Global Cloud Infrastructure is the underlying structure that allows AWS to serve cloud computing services to customers all over the world.

It is segmented into AWS regions, availability zones, and edge locations

AWS Regions

An AWS Region is a physical location in the world where we have multiple Availability Zones

Currently, there are 33 regions across the globe, with 6 regions in the works.source

Availability zones

Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.

Availability zones are many miles apart to reduce the risk of correlated failures.

This page gives a comprehensive live of the AZs in the different regions.

Currently, there are 105 availability zones and plans for 18 more. source

Edge locations

Edge locations are used for content delivery- Static content is replicated to those locations in order to reduce latency. There is no computing that goes on in Edge Locations, just storage of data.

Key services that leverage AWS Edge Locations include Amazon CloudFront, and Amazon Route 53.

Differences between edge locations and availability zones

Edge locations	Availability zones
Edge locations are used for caching content and delivering it at low latency and high performance	Availability zones are used to ensure high availability and fault tolerance of services by providing physically separate data centers within a region.
Edge locations are spread out geographically and are separate from AWS regions	AWS availability zones are distinct, physically separate data centers within a specific AWS Region

Launch an EC2 instance

Onto the sweeter part

We are going to launch 2 instances in two different availability zones in the same region

To choose your region:

On the top right corner of the AWS management console, right before your account name, there is a drop-down to choose your preferred region to launch your instance.
I'll be using the 'us-east-1' region and availability zones 'us-east-1a and us-east-1b'

Steps to launch an EC2 instance

Login to your AWS management console
On the top right corner, in the search bar search EC2. It should come up. This is the EC2 dashboard

Click on the "Launch Instance" button on the dashboard

The next page will be as follows. This is where you give the specifics of your instance such as:

The name of your instance e.g my_first_instance
The Amazon Machine Image - This is a template that contains the software configuration required to launch your instance such as the operating system, application server, and applications. There are thousands of AMIs to choose from. You are spoilt for choice. However, keep in mind that whatever AMI you choose comes with a bill. For this demo, we'll go with 'Amazon Linux 2023 AMI'. It's well within the free-tier umbrella.

Instance type - The choice of instance will depend on your preference and workload. Each instance comes with a different combination of CPU, and memory. For this demo, we'll use the t2.micro

Key -pair. A key pair is what is used to connect to an instance. For now, we'll select 'proceed without a key pair'
Network settings such as VPC, subnets, and security groups (there is an in-depth explanation in part 5 of this series).

VPC - A VPC (Virtual Private Cloud) is a virtual networking environment

Subnet - A subnet is a range of IP addresses in your VPC. A subnet resides in a single Availability zone. This is how you're able to have multiple instances in different AZs in the same region

Security group - An AWS security group acts as a virtual firewall for your EC2 instance(s) to control incoming and outgoing traffic.

Click on the "Edit" button in network settings
In the subnet dropdown, choose the subnet that resides in your desired AZ, in this case, us-east-1a as shown below.

Storage - T2.micro allows for a maximum of 30GB of storage

That's it. Click the "Launch instance" button. Viola! your first instance in region us-east-1 and AZ us-east-1a is up and running.

To launch a second instance in AZ us-east-1b, give your instance a name, choose the AMI, the instance type, and choose a subnet in AZ us-east-1b as shown below

Final results:

Thank you for making it to the end. I hope you've learnt a thing or two.

See you in the next one.

30 days of AWS- Part 1: Introduction

Jully Achenchi — Thu, 13 Jun 2024 17:47:07 +0000

Have you ever noticed this particular AWS logo looks like a cartoon smiling 😂? Quite disarming

Hello there, welcome to part 1 of 8 of this series: 30 days of AWS as inspired by the cozy cloud crew.

The breakdown of the challenge can be found here.

The tasks for this segment are:

Create a free tier AWS account
Set up billing preferences and budget alerts

Let's get to it.

Create a free tier AWS account

AWS is gracious enough to offer a free tier option that lasts for 12 months from the date of your account creation.

The free tier option is robust enough but does not give access to all their products and services.

Before coming across this challenge, I already had an AWS account. Creating an AWS account is easy peasy. This YouTube video gives clear and detailed steps to follow in creating one.

Set up billing preferences and budget alerts

Money isn’t everything, but it’s right up there with oxygen.
~ Zig Ziglar

Billing preferences and budget alerts are used to:

Set a monthly or yearly budget of what you are willing to spend on AWS
Alert you when you are about to reach your budget or when you exceed your budget.
Track your overall spending.

How to set up billing preferences and create budget alerts

Step 1
From the AWS management console, navigate to the Billing and cost management tool

Step 2
Click on the "Create budget" button on the top right corner

This takes you to the create budget menu. By default, a simplified template is selected of the type "zero spend budget". This budget notifies you once your spending exceeds $0.01, the free tier limit. It ensures you stay under the provisions of the free tier.

Step 3

Give your "zero spend budget" a name. You can stick to the default name given or give it a unique name like "Free Tier Budget"

Step 4
Give the email address that AWS will notify you with if you exceed the free tier limit. That is the budget alert.

Click the "create budget" button and viola, you have a set budget of $0.01 and a defined budget alert.

Let the learning begin!!!