DEV Community: Git-Geetansh

Installing and Accessing Tomcat Web-App server in EC2 server

Git-Geetansh — Wed, 18 Sep 2024 14:50:09 +0000

Prerequisites

AWS Account: Ensure you have an active AWS account.
EC2 Instance: Launch an Ubuntu EC2 instance.
Security Group: Configure the security group to allow inbound traffic on port 22 (SSH) and port 8080 (Tomcat).
SSH Client: Have an SSH client like PuTTY or terminal for connecting to your EC2 instance.
Java Development Kit (JDK): Ensure you have JDK installed on your local machine for compiling Java code.

Safety Best Practices

Use IAM Roles: Assign an IAM role to your EC2 instance for secure access to AWS services.
Security Groups: Restrict access to your EC2 instance by configuring security group rules.
Regular Updates: Keep your system and software up to date with the latest security patches.
Backup: Regularly backup your data and configurations.

Steps to Install Tomcat on AWS EC2 Ubuntu Instance

Step 1: Launch an EC2 Instance

Log in to your AWS Management Console.
Navigate to the EC2 Dashboard and click on “Launch Instance”.
Choose the Ubuntu Server.
Select an instance type (e.g., t2.micro for free tier).
Configure instance details and add storage as needed.
Configure the security group to allow SSH (port 22) and HTTP (port 80) traffic.
Review and launch the instance. Download the key pair for SSH access.

Allow custom TCP rule for port 8080

Step 2: Connect to Your EC2 Instance

Open your terminal or SSH client.
Connect to your instance using the command:

ssh -i /path/to/your-key-pair.pem ubuntu@your-ec2-public-ip
(You can simply connect using EC2 instance connect )

Step 3: Update the System

Update the package lists:

sudo apt update

Upgrade the installed packages:

sudo apt upgrade -y

Step 4: Install Java

Install OpenJDK 11:

sudo apt install openjdk-11-jdk -y

Verify the installation:

java -version

Step 5: Install Tomcat

Download the latest version of Tomcat:

wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.95/bin/apache-tomcat-9.0.95.tar.gz
**
(see if version is updated)

Extract the Tomcat archive:

tar -xvzf apache-tomcat-9.0.95.tar.gz

Move the extracted folder to /opt:

sudo mv apache-tomcat-9.0.95 /opt/tomcat

Step 6: Configure Tomcat

Add execute permissions to the Tomcat scripts:

sudo chmod +x /opt/tomcat/bin/*.sh

Start the Tomcat server:

/opt/tomcat/bin/startup.sh

Step 7: Access Tomcat

Open your web browser.
Navigate to http://your-ec2-public-ip:8080.
You should see the Tomcat welcome page.

Conclusion

By following these steps, you have successfully installed and configured the Tomcat web application server on an AWS EC2 Ubuntu instance, created a simple Java servlet, and deployed it to Tomcat. You can now develop and deploy more complex Java web applications using this setup.

Working with AWS IAM Service

Git-Geetansh — Wed, 11 Sep 2024 13:35:10 +0000

Prerequisites

1.AWS Account: Ensure you have an active AWS account.

IAM Permissions: You need sufficient permissions to create IAM users, roles, and groups.
MFA Device: Set up Multi-Factor Authentication (MFA) for enhanced security.

Security Best Practices

Use MFA: Enable MFA for all IAM users to add an extra layer of security.
Least Privilege Principle: Grant only the permissions necessary for users to perform their tasks.
Regular Audits: Regularly review and remove unused IAM users, roles, and permissions.
Strong Password Policies: Enforce strong password policies for all IAM users.
Temporary Credentials: Use temporary credentials for applications and services instead of long-term access keys12.

Steps to Create IAM User, Role, and Group

1. Login to AWS Console

Navigate to the AWS Management Console.
Enter your credentials and complete MFA if enabled. 2. Create IAM Group
In the IAM dashboard, click on User Groups > Create New Group.
Enter a group name.
Attach policies to the group to define permissions.
Review and create the group.

Example Use Case: Create a group named Developers and attach the AmazonEC2FullAccess policy. Add all developer IAM users to this group to manage EC2 instances without needing to assign permissions individually.

3. Create IAM User

In the IAM Service, Click on Users > Add user.
Enter a username and select the type of access (Programmatic access, AWS Management Console access).
Set permissions by attaching policies directly or adding the user to a group.(Here we are adding user to the group created in the previous step)
Review and create the user. Download the .csv file with access keys if programmatic access is enabled.

Example Use Case: An IAM user named John-Doe is created for a new developer joining your team. This user is granted programmatic access to interact with AWS services via the AWS CLI.

4. Create an IAM Role

Open the IAM Console:
Create Role: In the navigation pane, choose Roles and then Create role.
Select Trusted Entity: Choose AWS service and select EC2.
Attach Policies: Choose Next: Permissions. Attach a policy like AmazonS3FullAccess.
Role Name: Enter a Role name (e.g., S3AccessRole) and choose Create role. this is how a policy looks like in JSON

5. Create an S3 bucket

Create an s3 bucket that we will access through the ec2 instance.
ACLs : Disabled
Unblock all public access.
Upload a few images to s3 bucket

6. accessing s3 bucket using ec2 instance

launch an ec2 instance that will be used to access the s3 bucket.
use an ssh agent like (Putty/Mobaxterm) to connect to you instance. (steps for the above are depicted in my other posts)
modify the IAM role of the instance by selecting the instance > security > modify IAM role attach the role we created earlier.

7. Install AWS CLI (if not already installed)

Install AWS CLI:
If the AWS CLI is not installed, you can install it using the following
commands:
sudo yum update -y
sudo yum install aws-cli -y
Configure AWS CLI:
You don’t need to configure the AWS CLI with access keys because the
instance will use the IAM role. However, you can verify the
configuration:

aws configure

Leave the access key and secret access key fields empty and set the
default region and output format.
Access the S3 Bucket
List Buckets:
Verify that you can list your S3 buckets:

aws s3 ls

Access Your Specific Bucket:
List the contents of your specific bucket:

aws s3 ls s3://your-bucket-name

You can also copy files to and from the bucket. For example, to copy a file from your bucket to your instance:

aws s3 cp s3://your-bucket-name/your-file.txt /path/to/destination

Conclusion

In this project, we successfully demonstrated how to manage AWS Identity and Access Management (IAM) by creating an IAM user, role, and group. We also explored how to assign an IAM role to an EC2 instance to enable it to access an S3 bucket. These tasks are fundamental for ensuring secure and efficient management of AWS resources, which is crucial for any cloud-based project.

Launching and Connecting to an AWS EC2 Ubuntu Instance Using PuTTY

Git-Geetansh — Mon, 09 Sep 2024 15:09:47 +0000

Prerequisites :-

Before starting, ensure you have the following:

AWS Account: Sign up for an AWS account if you don’t have one.
PuTTY and PuTTYgen: Download and install PuTTY and PuTTYgen from the official website.
Basic Knowledge: Familiarity with AWS Management Console and basic networking concepts.

Security Best Practices :-

Use IAM Roles: Assign least-privilege IAM roles to your instances.
Regular Updates: Keep your instance’s OS and applications updated.
Security Groups: Implement the least permissive rules for your security groups.
Encryption: Use encrypted EBS volumes and snapshots.
Key Management: Protect your EC2 key pairs and use strong passwords.

Steps to Launch and Connect to an EC2 Instance :-

Step 1: Sign In to AWS Management Console

Go to the AWS Management Console.
Sign in with your AWS credentials.

Step 2: Launch an EC2 Instance

Navigate to the EC2 Dashboard by selecting Services > EC2.
Click on Launch Instance.
Choose an Amazon Machine Image (AMI):
- Search for “Ubuntu” and select the desired version.
Choose an Instance Type:
- Select t2.micro for free tier eligibility.
Configure Instance Details:
Keep default settings unless specific configurations are needed.
Add Storage:
- Default is 8 GB SSD; adjust if necessary.
Add Tags:
- Add a tag with Key: Name and Value: MyUbuntuInstance.
Configure Security Group:
- Create a new security group with the following rule: Type: SSH Protocol: TCP Port Range: 22 Source: My IP
Review and Launch:
- Click Launch.
Select a Key Pair:
- Create a new key pair
- select RSA under key pair type
- select and download the .ppk file,and keep it secure.

Step 3 : Connect to Your Instance Using PuTTY

Open PuTTY.
In the Host Name field, copy and paste the public IP address of the instance that you launched.
In the Category pane, go to Connection > SSH > Auth > credentials
Browse and select your .ppk file.
Click Open to connect.

Conclusion

In this project, we learned how to:

Launch an Ubuntu EC2 instance on AWS.
Apply security best practices to ensure the instance is secure.
Connect to the EC2 instance using PuTTY.

This project demonstrates the practical steps involved in setting up and securing a cloud-based server, which is a valuable skill in today’s tech landscape.

Creating a Highly-Available website in AWS

Git-Geetansh — Thu, 02 May 2024 17:55:09 +0000

1.Prerequisites:

AWS Account: You'll need an active AWS account with appropriate permissions to create EC2 instances, Application Load Balancers, Auto Scaling Groups, and related resources.

Basic Knowledge of AWS Services: Familiarity with EC2, Auto Scaling, Application Load Balancer, and related AWS services is recommended.

2.Aim:

The aim of this project is to create a highly available website infrastructure using AWS services including EC2 instances, Application Load Balancer, and Auto Scaling Group.

Ensure that the website remains accessible and responsive even during high traffic loads or in the event of instance failures.

Implement auto-scaling to automatically adjust the number of EC2 instances based on demand, optimizing costs and performance.

3.Resources Used: VPC(subnets, internet gateway, route tables) EC2, Security Groups, Load Balancer, Template, Auto Scaling Group.

4.Steps:

Set up VPC (Virtual Private Cloud): Create a VPC (Select an appropriate region of your choice ) to isolate your resources and provide network security.

points to remember:
When creating a VPC you will have two options - VPC only and VPC and more.
In a VPC-only scenario:
You create the VPC itself, but it doesn’t automatically include any subnets, internet gateways, or route tables.

You have to manually add subnets to the VPC, allocate IP addresses, and configure routing.

Here, we will be manually adding all the resources so as to get the underlying concepts and working of our architecture.

No internet gateway is automatically created, so instances within the VPC cannot directly access the internet.

VPC with More Options:
When you choose to create a VPC with more options, AWS automatically sets up additional components along with the VPC
You need to set up custom route tables to define how traffic flows within the VPC.

Create Subnets: Create subnets, one in each availability zone of the region selected.
points to remember -
CIDR block of the subnets should not overlap with each other, or it will show an error. you can use online available subnet calculator tool or simple use the arrows highlighted.

Create an Internet gateway and attach the gateway to the above vpc created.

Create Route tables:
create a route table and associate it with all 3 subnets that you created earlier.

also edit routes

Creating Security Groups:
Security Group for Application Load Balancer.
inbound rules:

Security group for EC2 fleet.
inbound rules

only inbound rules for security group for ec2 fleet is that it will receive traffic from security group of your load balancer.

Launch EC2 Instances:

Launch an EC2 instance, select the same region, VPC, any 1 subnet, Security group for EC2, and enable auto-allocation of public IP.

in the use data script, add the following script.

Create a template from the EC2 created, this template will be used to create your Auto Scaling group.

Create Application Load Balancer (ALB): Set up an ALB to distribute incoming traffic across multiple EC2 instances.

points to remember:
select security group created for ALB
select all the subnets
for target groups create a target group, add the created instance in the target group.

check your Elastic load balancer by copying its DNS name and pasting it to a browser, preferably in a new Cognito window.
your should see the Hello world page, along with private IP of your instance

Create Auto Scaling Group (ASG):
Configure an ASG to automatically adjust the number of EC2 instances based on demand
points to remember:
select the template we created earlier.
select the VPC and all the subnets

select the elastic load balancer option, and select the target group created above.

check the activity tab of your auto scaling group, it shows alerts regarding....well it's activities. instances will spin up in accordance with your Desired capacities.

refresh the tab where you pasted the DNS name. you should see the change in private ip addresses, that means the load balancer is working and distributing load to all EC2 instances.

Test High Availability: Conduct tests to ensure that your website remains accessible and responsive even during instance failures or high traffic loads.

try terminating instances, auto scaling group will automatically spin up more to take its place.

5.Conclusion:

By implementing the above steps, you have successfully created a highly available website infrastructure on AWS using EC2 instances, Application Load Balancer, and Auto Scaling Group.
Your website is now capable of handling varying levels of traffic and instances failures without affecting user experience.
Regular monitoring and optimization of your infrastructure will help ensure continued high availability and performance.

6.Clean-Up:

Once you have completed testing and are finished with your project, remember to clean up all resources to avoid unnecessary costs.
Terminate EC2 instances, delete Auto Scaling Group, remove Application Load Balancer, and delete any other associated resources.
Optionally, you may also want to delete the VPC and related networking resources if they are no longer needed.