DEV Community: Mohammed N Zubair

AWS Auto Scaling: Optimize Performance and Cost with Ease

Mohammed N Zubair — Thu, 20 Mar 2025 10:43:46 +0000

In today's dynamic cloud environment, ensuring application availability and cost efficiency is crucial. AWS Auto Scaling provides a seamless way to automatically adjust resources based on demand, optimizing performance while minimizing costs.

Auto Scaling options :

Dynamic
Predictive
Scheduled

Dynamic : Automatic scaling can be configured to be dynamic. For example, suppose that you have a web application that
currently runs on three instances. You do not want the CPU utilization of the auto scaling group to exceed 70
percent for more than 2 minutes. You can configure your auto scaling group to scale automatically to meet this
need. The policy type determines how the scaling action is performed.

Predictive : AWS also provides predictive scaling
Predictive scaling uses machine learning models to predict your expected traffic (and Amazon EC2 usage), including daily and weekly patterns. These predictions use data that is collected from your actual Amazon EC2 usage and data points that are drawn from your own observations. The model needs historical data from at least 1 day to start making predictions. The model is re-evaluated every 24 hours to create a forecast for the next 48 hours.

Scheduled : By scaling based on a schedule, you can scale your application in response to predictable load changes. For
example, suppose that every week, the traffic to your web application starts to increase on Wednesday, remains partially
high on Thursday, and starts to decrease by Friday. In these situations, you can plan your scaling activities based on the predictable traffic patterns of your web application.

Note : loadfile.txt (copy the file content and create .py file in EC2 and paste. Now run .py file to increase CPU utilization temporarily)

Click here to Download .pdf step-by-step file

Click here to Download temporary (python) file.

Connect to your Linux instance from AWS console.

Mohammed N Zubair — Tue, 21 Jan 2025 07:57:59 +0000

🚀 Launching an EC2 Instance
🔗 Connect to Your EC2 Instance (Practice Only)
🛑 Terminating Your Instance

Click here to Download .pdf step-by-step file

Launching an EC2 Instance with Boto3 in Python

Mohammed N Zubair — Fri, 23 Aug 2024 07:02:08 +0000

In this example, we'll use the AWS SDK for Python (Boto3) to programmatically launch an EC2 instance. This script demonstrates how to create a session with your AWS credentials and then use that session to start an EC2 instance in your specified region.

Key Steps:

Session Creation: We begin by creating a session with our AWS credentials.
EC2 Client: Using this session, we establish an EC2 client to interact with the EC2 service.
Launching an Instance: We then launch an EC2 instance by specifying the AMI ID, instance type, key pair, security group, and subnet.

import boto3

# Create a session using your credentials
session = boto3.Session(
    aws_access_key_id='access key need to paste', #replace wit your access key
    aws_secret_access_key='sec access key need to paste', #replace with your sec access key
    region_name='ap-southeast-1' # Replace with your region name
)

# Create an EC2 client
ec2_client = session.client('ec2')

# Launch an EC2 instance
response = ec2_client.run_instances(
    ImageId='ami-0a6b545f62129c495',  # Replace with your AMI ID
    InstanceType='t2.micro',          # Replace with your instance type
    MinCount=1,
    MaxCount=1,
    KeyName='sinapore-mac',      # Replace with your key pair name
    SecurityGroupIds=['sg-064b056b2a7650e76'],  # Replace with your security group ID
    SubnetId='subnet-08237211566f4e5f5'  # Replace with your subnet ID
)

# Print the instance ID
instance_id = response['Instances'][0]['InstanceId']
print(f'Launched instance with ID: {instance_id}')

Web server installation / configuration on Amazon Linux machine.

Mohammed N Zubair — Thu, 01 Aug 2024 11:56:51 +0000

What Is a Web Server?

File servers, database servers, mail servers, and web servers use different kinds of server software. Each of these applications can access files stored on a physical server and use them for various purposes.

The job of a web server is to serve websites on the internet. To achieve that goal, it acts as a middleman between the server and client machines. It pulls content from the server on each user request and delivers it to the web.

The biggest challenge of a web server is to serve many different web users at the same time each of whom is requesting different pages. Web servers process files written in different programming languages such as PHP, Python, Java, and others.

They turn them to static HTML files and serve these files in the browser for web users. When you hear the word web server, think of it as the tool responsible for the proper server-client communication.

To download installation command click here

Steps to connect with putty & convert .pem to .ppk

Connect your Linux instance from Windows, using "Putty".

Mohammed N Zubair — Thu, 01 Aug 2024 11:42:18 +0000

Verify that the instance is ready
Install PuTTY on your local computer
Convert your private .pem key to .ppk using PuTTYgen

Kindly use this link to download step-by-step process .pdf file

Scenario based practices for securing an AWS S3 bucket.

Mohammed N Zubair — Sun, 07 Jul 2024 10:57:48 +0000

Scenario:

You have an AWS S3 bucket named my-example-bucket where you store sensitive documents. You want to ensure the bucket is secure according to AWS S3 best practices.

Solution Steps:

1. Enable Versioning:
Versioning helps protect against accidental deletion or modification of objects.

Action: Enable versioning on the my-example-bucket.
How: Using AWS Management Console:
Navigate to the S3 console.
Select my-example-bucket.
Click on the Properties tab.
Under Advanced settings, select Versioning.
Click Enable versioning.

2. Configure Bucket Policies:

Implement a bucket policy to restrict access based on the principle of least privilege.

Action: Create a bucket policy that allows only specific IAM users or roles to access the bucket.
Example Policy (replace my-example-bucket and arn:aws:iam::123456789012:user/authorized-user with your actual bucket name and IAM user ARN):

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/authorized-user"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::my-example-bucket/*"
]
}
]
}

How: Using AWS Management Console:
Navigate to the S3 console.
Select my-example-bucket.
Click on the Permissions tab.
Click Bucket Policy.
Paste the JSON policy above, modifying it with your specific IAM user ARN and bucket name.

3. Enable Server-Side Encryption (SSE):

Encrypt data at rest to protect sensitive information stored in the bucket.

Action: Enable SSE for objects uploaded to my-example-bucket.
How: Using AWS Management Console:
Navigate to the S3 console.
Select my-example-bucket.
Click on the Properties tab.
Under Default encryption, click Edit.
Select AES-256 (SSE-S3) or AWS-KMS (SSE-KMS).
Click Save.

4. Enable Logging and Monitoring:
Enable access logging to track requests made to my-example-bucket.

Action: Enable logging to record access requests for audit and compliance purposes.
How: Using AWS Management Console:
Navigate to the S3 console.
Select my-example-bucket.
Click on the Properties tab.
Under Server access logging, click Edit.
Select Enable logging.
Specify a target bucket and prefix for storing log files.
Click Save.

5. Regular Audits and Reviews:
Regularly review access permissions, policies, and configurations for my-example-bucket to ensure security best practices are maintained.

Action: Schedule periodic audits to review bucket policies, IAM roles, and access logs.
How: Manually or using AWS Config and AWS CloudTrail for automated monitoring and auditing.

Summary:
By following these steps, you've implemented several AWS S3 security best practices for my-example-bucket:

Ensured data protection with versioning and encryption.
Controlled access with a bucket policy based on least privilege.
Enhanced visibility and accountability with access logging.

These practices help secure your sensitive documents stored in AWS S3 and mitigate risks associated with unauthorized access or accidental data loss.

Best Practices for S3 Security

Mohammed N Zubair — Sun, 07 Jul 2024 09:05:05 +0000

Bucket Policies: Restrict access using the principle of least privilege.
Encryption: Always enable SSE for data at rest. Use SSE-S3 or SSE-KMS based on your security and compliance requirements.
Access Logging: Enable logging to track access and monitor for unauthorized activities.
Versioning: Enable versioning to protect against accidental deletion or overwrite.
IAM: Use IAM roles and policies to control who can create, modify, or delete S3 resources.
Monitoring: Use Amazon CloudWatch for monitoring S3 access patterns and set up alerts for unusual activities.
Regular Audits: Conduct regular security audits and reviews of your S3 configurations.

Amazon VPC (Virtual Private Cloud)

Mohammed N Zubair — Sun, 31 Dec 2023 11:03:16 +0000

Amazon VPC is your network environment in the cloud. With Amazon VPC, you can launch AWS resources into a virtual network that you have defined.

VPCs deploy into one of the AWS Regions and can host resources from any Availability Zone within its Region.

Amazon VPC is designed to provide greater control over the isolation of your environments and their resources. With Amazon VPC, you can:

Select your own IP address range
Create subnets
Configure route tables and network gateways

_Following diagram will help to understand VPC and components with Login activity by DBA (database Admin) and normal user accessing website and database.
_

Note : To know step-by-step process Kindly click here “DOWNLOAD”