DEV Community: arvind singharpuria

AWS Networking - VPC

arvind singharpuria — Wed, 14 Feb 2024 11:54:34 +0000

VPC Networking Components :

Subnet
Internet Gateway
Route Table
Security Group
NACL
DHCP Option Set
NAT Gateway
Egress only Internet Gateway
Elastic IP Addresses
VPC End Points
VPC Peering

Subnet

When you create a subnet, you specify the CIDE block for the subnet, which is a subset of the VPC CIDR block.
Each subnet must reside entirely within one Availability Zone and cannot span zones.

Internet Gateway

An Internet Gateway is a horizontally scaled, redundant and highly available VPC component that allows communication between instances in your VPC and the internet.
It is therefore imposes no availability risks or bandwidth constraints on your network traffic.

Route Table

A route table contains a set of rules, called routes, that are used to determine where network traffic is directed.

Security Group

A security group acts a s a virtual firewall for your instance to control inbound and outbound traffic.
When you launch an instance in a VPC, you can assign up to five security group to the instance.

NACL

A network access control list (ACL) is an optional layer of security for our VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

DHCP Option Set

The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network.

NAT Gateway

You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.

Egress only Internet Gateway

An Egress only Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet and prevents the internet from initiating an IPv6 connection with your instances.

Elastic IP Addresses

An Elastic IP Addresses is a static IPv4 address designed for dynamic cloud computing. An Elastic IP Addresses is associated with your AWS account.
With an Elastic IP Addresses, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.

VPC End Points

A VPC endpoint enables you to privately connect your VPC to supported AWs services.

VPC endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

VPC Peering

A VPC peering connection is a networking connection between wo VPCs that enables you to route traffic between them using private eIPv4 addresses or IPv6 addresses.
Instances in either VPC can communicate with each other as if they are within the same network.

Lets discuss some of this in more detailed way

Default VPC

172.31.0.0/16 CIDR block is assigned to the VPC.
- 65,536 private IPv4 addresses.
One subnet (size /20) per Availability Zone is created
- 4096 addresses per subnet
- 5 are reserved by AWS
Internet gateway is created and attached to the default VPC.
Default security group and associate it with your default VPC.
Default NACL and associate it with your default VPC.
Default DHCP options set for your AWs account with your default VPC.

Security Groups

Security Groups are firewall rules that are attached to the network interfaces of the AWS resources.
Rules:
- Inbound Rules
- Outbound Rule
SGs are stateful
The traffic that is allowed is automatically allowed to go out.
up to 5 Security Groups can be assigned to a resources.
You can't add a deny rules
All rules are evaluated for the traffic coming in.
If a packet does not match any rule, then a a packet is not allowed.

Network ACLs

Security features at the subnet level.
A NACL can be attached to multiple subnets.
A NACL has a numbered list of rules that are evaluated in the ascending order *lowest first)
Explicit Allow or Deny
Rules:
- Inbound
- Outbound
Once a packet matches a rule. no further rules are processed.
NaCL is stateless:
- You need inbound and outbound rules.
- This is because the NACLs operate at the OSI layer 4.

NAT Gateways

You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.

You will need a Public Subnet to put the NAT Gateway in.
You will need an Elastic IP address.
Update "Route Table" of the private subnet to direct the internet traffic to the NAT gateway.
Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone.

NAT Instance

Provides NAT service (like NAT Gateway).
Managed by customer as an EC2 instance, The performance depends on the size of the EC2 instance.
Not Highly Available.
Creating NAT instance -> Use Community AMI (search for NAT)
NAT instance in placed un the public subnet,
Update Route Table of the private subnet to direct the internet traffic to the NAT gateway.

Creating VPC Components Using AWS CLI

Things we are going to made :

VPC

2 or 3 subnets

Internet Gateway -associate it with one of the subnet to create public subnet

security group

EC 2 instance

SSH to EC2

create a VPC

aws ec2 create-vpc --cidr-block 192.168.0.0/16

copy VpcId from the output of previous command.

ex VpcId: ID = vpc-00d41a71782c5eef

Now create subnet :

aws ec2 create-subnet --vpc-id vpc-[ID] --cidr-block 192.168.0.0/24

and replace ID with 00d41a71782c5eef (something like this)

so , the command will become :

aws ec2 create-subnet --vpc-id vpc-00d41a71782c5eef --cidr-block 192.168.0.0/24

copy the subnetId from the output of the previous command.

Use this command to describe your route table

aws ec2 describe-route-tables --route-table-id rtb-XXXXX

it will look like this : "SubnetId" : "subnet-XXXXXXXXXX"

Now, create another subnet using same command and copy its SubnetId.

Now create internet gateway :

aws ec2 create-internet-gateway

And copy the InternetGatewayId. It is looking something like this "igw-XXXXXXXXXXXX"

Currently our IGW is in detached mode. Now attach it to VPC. For doing that we need vpc id and internet gateway id

aws ec2 aatch-internet-gateway --vpc-id vpc-XXXXXX --internet-gateway-id --igw-XXXXXX

now, create a routing table

aws ec2 create-route-table --vpc-id vpc-XXXXXXXXXXX

Now, you will see 2 routing table in Route Tables section, the first one is the default one, don't delete that.

copy the RouteTableId from the output. It looks like this rtb-XXXXXXXX

aws ec2 create-route --route-table-id rtb-XXXX --destination0cidr-block 0.0.0.0./0 --gateway-id igw-XXXXXX

You will get two routes, one is local route. (it is maintained by AWS). And other is the route we just created for IGW for connecting it to internet.

Now assoicate this particular route table to desired subnet.

aws ec2 associate-route-table --subnet-id subnet-XXXXX123 --route-table-id rtb-XXXXX

You will get this as output

{
 "AssociationId": "rtbassoc-XXXXX"
}

This command associate the route table with subnet and will make subnet-XXXXX123 a public subnet.

Now assign a public ip address to that subnet id.

aws ec2 modify-subnet-attribute --subnet-id subnet-XXXXX123 --map-public-ip-on-launch

Now create a security group :

aws ec2 create-security-group --group-name SG_SSHAccess --description "SSH access" --vpc-id vpc-XXXX

You will get something this like this in output

{
"GroupId": "sg-XXXXX"
}

Copy that GroupId and save it.

Now we will add inbound rules to this security group to allow ssh.

aws ec2 authorize-security-group-ingress --group-id sg-XXXXX --protocol tcp --port 22 --cidr 0.0.0.0/0

Now create a EC2 instance.

aws ec2 run-instances --image-id ami-XXXXXX --count 1 --instance-type t2.micfro --key-name [your-aws-ssh-key] --security-group-ids sg-XXXXX --subnet-id subnet-XXXX

Copy InstanceId from the output.

Run this command to describe your ec2 instance.

aws ec2 describe-instances --instance-id XXXXXX

Express.js deployment in AWS Lambda

arvind singharpuria — Mon, 11 Jul 2022 17:12:19 +0000

We are using this express code snippet:

'use strict'

const express = require('express')
const app = express()

app.get('/', (req, res) => res.send('Hello world!'))

const port = process.env.PORT || 3000
app.listen(port, () =>
  console.log(`Server is listening on port ${port}.`)
)

If you save that code snippet as app.js in a new folder, you are just three steps away from having a simple Express app:

Create a new Node.js project. To do this, run the npm init -y command in your terminal. Just make sure you navigated to the folder that contains app.js first.
Install the Express module from NPM by running the npm install express --save command from terminal.
Run the node app.js command, and you should see “Server is listening on port 3000.” as a response.

Your express app is ready now. Go to http://localhost:3000

Application deployment

We are going to deply or application in aws lambda.

Now we need to do some changes in code to make it production ready. You need to export your app instead of starting the server using app.listen. Your app.js should look like the following code listing:

'use strict'

const express = require('express')

const app = express()
app.get('/', (req, res) => res.send('Hello world!'))

module.exports = app

That would break a local Express server, but you can add app.local.js file with the following content:

'use strict'

const app = require('./app')
const port = process.env.PORT || 3000
app.listen(port, () =>
  console.log(`Server is listening on port ${port}.`)
)

And then run the local server using the following command:

node app.local.js

Now make a AWS Lambda wrapper for your Express app. With Claudia, you can do so by running this code in your terminal:

claudia generate-serverless-express-proxy --express-module app

This step generated a file named lambda.js, with the following content:

'use strict'
const awsServerlessExpress = require('aws-serverless-express')
const app = require('./app')
const binaryMimeTypes = [
  'application/octet-stream',
  'font/eot',
  'font/opentype',
  'font/otf',
  'image/jpeg',
  'image/png',
  'image/svg+xml'
]
const server = awsServerlessExpress
  .createServer(app, null, binaryMimeTypes)
exports.handler = (event, context) =>
  awsServerlessExpress.proxy(server, event, context
)

Now you only need to deploy your Express app (with lambda.js file) to AWS Lambda and API Gateway using the claudia create command.

claudia create --handler lambda.handler --deploy-proxy-api --region eu-central-1

After a few moments, the command finished and printed the following response:

{
  "lambda": {
    "role": "awesome-serverless-expressjs-app-executor",
    "name": "awesome-serverless-expressjs-app",
    "region": "eu-central-1"
  },
  "api": {
    "id": "iltfb5bke3",
    "url": "https://iltfb5bke3.execute-api.eu-central-1.amazonaws.com/latest"
  }
}

And if you visit the link from that response in your browser, it prints “Hello world!” It worked! 🙀

Awesome. This is your Serverless Express app deployed now.

How to deploy react website in AWS S3 in 7 Steps

arvind singharpuria — Mon, 11 Jul 2022 16:53:14 +0000

In this tutorial, we will host a React website in AWS S3

Create a react application locally

To create a react application, you have to install node and npm first. To install both:

Downloads: https://nodejs.org

Once installed, open your terminal or vscode terminal and write:

npx create-react-app my-app
cd my-app
npm start

Then open localhost:3000

Step 2: Build website to deploy

Now run this command to make production builds :

npm run build

We actually deploy this build folder in production environment.

Create an AWS account

Create aws acount aws.amazon.com or go to your aws account.

Create an S3 bucket

If you are planning to use domain name for your website, be sure to create bucket with same name.

Enter a bucket name and click “Create”.

Step 5: Configure static website hosting in S3

Go to S3 bucket properties and enable “Static Website Hosting”. Select “Use this bucket to host a website”. Give “index.html” as the index document and error document.

Make a note of your endpoint. This is the URL using which you can access your website. Once you are done, click Save.

Set S3 bucket read permissions to public

Now go to bucker ‘Permissions” and paste the below code :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::<your_bucket_name>/*"
        }
    ]
}

Upload website contents to S3

Now you have to upload the contents of your build folder to your S3 bucket.

Open your S3 bucket and click “Upload”.

Drag and drop the contents of your build folder to the upload window. Check if all the contents of your build folder is present, including sub-folders and files. Once your verify this, click “Upload”.

Awesome. Your website is live now.

high level design vs low level design.

arvind singharpuria — Wed, 23 Dec 2020 14:41:50 +0000

Lets talk about high level design vs low level design.

high level design

it refers to the overall system design. It includes the description of system architecture, database design, services, platforms and relationship among modules. It is created first before low level design

low level design

it refers to component level design process. It describes detailed information of each and every module which means it includes actual logic for every system component and it goes into each module specification. it is created after high level design.

features of High level design

overall system design
shows brief functionality of each module
it is created by solution architect
input criteria is software requirement specifications
output criteria is database design, functional design and review record.

features of low level design

component level design process
shows detailed functional logic of the module
it is created by designers and developers
input criteria is high level design
output criteria is program specification and unit test plan.

Low level design is very useful for going to next level of becoming a good developer. This is helpful when you are looking at requirement and you're actually thinking about how to code them out. There will be ordering, cache eviction and much more.

While high level design gives a brief overview for whole implementation process. Simply it converts the business/client requirement into high level solution.