DEV Community: SAFI-ULLAH SAFEER

End-to-End Deployment of a Two-Tier Application Using Docker, Kubernetes, Helm, and AWS

SAFI-ULLAH SAFEER — Thu, 01 Jan 2026 22:58:25 +0000

In modern cloud-native environments, deploying applications manually is no longer scalable or reliable. DevOps practices and container orchestration tools help us automate, standardize, and scale applications efficiently.

In this article, I’ll walk you through an end-to-end deployment of a Two-Tier Application using:

GitHub, Docker & DockerHub, Kubernetes, Helm & AWS.

This architecture represents a real-world DevOps workflow, commonly used in production systems.

Before diving deep into the project implementation or practical demonstration, it’s important to first understand the term "two-tier-application"

A Two-Tier Application Consists of:

Application Tier (Backend):

Flask-based backend service

Handles business logic

Processes API requests

Communicates with the database

This layer is responsible for how the application behaves and responds to user actions.

Database Tier:

MySQL database

Stores and manages application data

Handles queries from the backend

This tier ensures data persistence and consistency.

Deployment Approach

To keep things simple and structured, initially the deployment is done in two stages:

Dockerfile (Single Container Focus)

First, we containerize the Flask backend using a Dockerfile.
This helps us understand:

How Docker images are built

How application dependencies are managed

How a single service runs inside a container

Docker Compose (Multi-Container Setup)

Next, we use Docker Compose to run both tiers together:

Flask Backend container

MySQL Database container

Docker Compose allows both services to:

Run on the same network

Communicate using service names

Start and stop with a single command

This approach represents a real-world development setup and forms the foundation for moving toward Kubernetes in later stages.

First of All Launch an instance with “2-tier-App-DEPLOYMNET” with private key and “ubuntu os” make all the setting by default.
From EC2 Instance Connect option connect it the following screen will appear.

Installing Docker on Ubuntu

To install Docker on Ubuntu, you can use the following commands in your terminal:

Ls
Sudo apt update
Sudo apt install docker.io

To check running containers on docker we run docker ps initially we got error Permission denied while trying to connect to the docker daemon socket.
This happens because your user does not have permission to access the Docker daemon. Let’s see how to resolve it.

Error troubleshoot in just 2 seconds:

Check the user by “whoami”=>got “Ubuntu”
Sudo chown $USER /var/run/docker.sock
Now run “docker ps” command it will run successfully.

Now the next step is to clone the code from github:

Git clone https://github.com/SAFI-ULLAHSAFEER/two-tier-flask-app.git
cd two-tier-flask-app

Now from list “rm Dockerfile” and create your own Dockerfile from scratch.

Understanding the Dockerfile:

The first line in a Dockerfile usually starts with FROM. This specifies the base image for your container — essentially, the operating system with pre-installed software. For example:

FROM python:3.9-slim
Wheares 3.9 is the version of python and slim means image size lightweight

WORKDIR: Application run on a working directory
WORKDIR /app
RUN apt-get update –y \ =>update your conatiner
&& apt-get upgrade –y =>upgrade packages
&& apt-get install –y gcc default-libmysqlclient-dev pkg-config =>install client to run mysql
&& rm –rf /var/lib/apt/lists/*=>remove packages list

COPY requirements.txt >The file in which all the packages you need is written

Install Python packages

RUN pip install mysqlclient
RUN pip install -r requirements.txt

Copy application code into the container
COPY . .

Explanation:
The first dot (.) is the source — your local folder containing the code
The second dot (.) is the destination inside the container (/app)

Define the command to run the application
CMD ["python", "app.py"]

Docker file finally complete now press esc :wq to save the file in vim editor

Now to Build an Image from Docker file:
Docker build . –t flaskapp
Where . Is for current path and –t is for tag and flaskapp is the name of image.

After that we have to run mysql container:

after that we have to run flaskapp container:
To see docker images:
Docker images
T run container from image
Docker run –d –p 5000:5000 flaskapp:latest
-d=run images on background deatttached mode

Now you have to access your application at port 5000 now configure security group.

After that copy the public ip of your instance and search it on browser with adding 5000 port number at the end.

Docker Networking:

Docker network create twotier

The flaskapp image create container which enables at port 5000 network twotier and all the environment varaibles.

Key Point (Memorable)
“In a multi-container setup, Flask is application-level dependent on MySQL: the Flask app requires a live database connection to function properly at startup. Therefore, always start the MySQL container first, then the Flask container — otherwise the Flask app will crash even though it runs in a standalone container.”

Now to check conatiners on a docker network
docker inspect network twotier

Finally, your application is successfully deployed as a two-tier setup, with Flask running on the backend and MySQL managing the database.

Accessing a Docker Container:
Docker exec –it container-id bash
Mysql –u admin –p
Show databases;

message enter by me "AWS Cloud Club MUST" AND "AWS Student Community Day Mirpur 2025"

Here is inside the MySql Container:

Pushing Docker Image to Docker Hub

Docker login
After that tag flaskapp image for docker hub
Docker tag flaskapp:latest safi221/flaskapp

Finally, our image is successfully pushed to Docker Hub. This means it is publicly available, and anyone can pull and run the application from anywhere.

Docker Compose

Next, you might wonder: “How can I run both the backend and database containers simultaneously with a single command?”

This is where Docker Compose comes in — it allows you to define and run multi-container applications with ease.

Installing Docker Compose

First, install Docker Compose on your system
Once installed, you can create and edit the docker-compose.yml file:

YAML file is yet another markup language its syntax is in the form of key-value-pair.

Understanding the Docker Compose File (docker-compose.yml)

Docker Compose allows you to define and run multi-container applications. Let’s break down a typical docker-compose.yml for our two-tier Flask + MySQL app.

Why depends_on is important

The depends_on option ensures that the MySQL container starts before the Flask backend. Without this, Docker might start the backend first, causing connection errors because the database is not yet available. Using depends_on manages the startup order automatically.

Explanation:

volumes → Persist data even if the container stops or is removed. Here, mysql-data binds the container’s MySQL data to system storage.

./message.sql:/docker-entrypoint-initdb.d/message.sql → Initializes the database with tables or seed data on container startup. Docker automatically executes scripts in the /docker-entrypoint-initdb.d/ directory.

depends_on → Ensures the database container is ready before starting the backend.

💡 Tip: You can use an online YAML formatter to ensure proper indentation and readability.

Running the Application

Save the file (:wq in Vim).

Stop any previous containers: Now kill previous containers by using docker kill.

Start the application with Docker Compose:
docker-compose up -d

Final Deployment Through Docker-Compose:

After this, your two-tier Flask + MySQL application is fully deployed using Docker Compose.

End-to-End Two-Tier Application Deployment on Kubernetes (Flask + MySQL)

Deploying a two-tier application on Kubernetes requires understanding not only containers but also components of kubernetes Pods, Deployments, Services, and Persistent Storage.
In this article, we will deploy a two-tier Flask + MySQL application on a Kubernetes cluster created using kubeadm.

Before diving deep into the project, it’s important to understand the Kubernetes architecture first how is it works , as shown in the diagram below.

Kubernetes architecture defines how the control plane (Master) and worker nodes communicate to deploy, manage, scale, and heal applications automatically.

It separates cluster management (API Server, Scheduler, Controller, etcd) from application execution (Pods, Kubelet, Services), which ensures high availability, scalability, and fault tolerance.

Without understanding this architecture, it’s difficult to design reliable, production-ready Kubernetes deployments.

Kubernetes Architecture (Master & Node)

Before moving into the project implementation, it is important to understand the Kubernetes architecture, as shown in the image above. Kubernetes follows a master–worker (node) architecture, where the responsibilities are clearly divided to manage and run applications efficiently.

In Kubernetes, we mainly have two types of servers:

Master Server (Control Plane)

Node Server (Worker Node)

To understand this better, we can compare Kubernetes to a software company structure.

Master Server (Decision-Making Team)

The Master server acts like the administration or decision-making team in a software company. It does not run application containers directly; instead, it manages and controls the entire cluster.

Key components of the Master server are:

API Server

The API Server acts like a Team Lead. It is the central communication point of Kubernetes. All requests from users, kubectl, or internal components go through the API Server. It communicates with the Scheduler and Node components to decide where and how applications should run.

Scheduler

The Scheduler works like an HR team in an organization. Its job is to decide which node should run which Pod or container, based on available resources and constraints.

etcd

etcd is the database of Kubernetes. It stores all cluster data such as Pod states, node information, configurations, and secrets. Just like a company maintains records of employees and projects, Kubernetes stores all cluster information in etcd.

Controller Manager

The Controller Manager acts like a Project Manager. It continuously monitors the cluster and ensures that the desired state matches the actual state. If a Pod crashes, the Controller Manager makes sure a new one is created automatically.

Node Server (Worker / Execution Team)

The Node server, also called the Worker node, is like the Research and Development (R&D) team in a software company. This is where the actual application runs.

Key components of the Node server are:

Kubelet

Kubelet works like a reporting employee. It runs on every node and continuously reports the status of Pods and containers back to the API Server. It ensures that containers are running as instructed by the Master.

Service Proxy
Service Proxy acts as a network connector. It allows communication between Pods and enables access to the application from the outside world by routing traffic to the correct Pod.

Pods & Containers
Pods contain one or more containers where the actual application code runs.

kubectl & Networking

Kubectl acts like the CEO of the organization. It gives commands to the API Server to deploy, scale, or manage applications in the cluster.

CNI (Container Network Interface)

CNI (such as Calico or Weave Net) acts like the internal communication system of the company, enabling seamless networking between Pods across different nodes.

Understanding this architecture helps us design scalable, fault-tolerant, and production-ready Kubernetes applications

After that open the AWS login console and create two instances
one is k8s-master server and another one k8s-node server.

Add Rules to the Security Group:

Allow SSH Traffic (Port 22):

Type: SSH
Port Range: 22
Source: 0.0.0.0/0 (Anywhere) or your specific IP
Allow Kubernetes API Traffic (Port 6443):

Type: Custom TCP
Port Range: 6443
Source: 0.0.0.0/0 (Anywhere) or specific IP ranges
Save the Rules:

Click on Create Security Group to save the settings.

After that Connect or SSH Both Master and Node Server:

Install Kubernetes Prerequisites (Run on Both Master & Node)

Before initializing the Kubernetes cluster, we need to install the required Kubernetes components on both the Master and Worker (Node) servers.

Step 1: Update System & Install Required Packages

sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl gpg

Purpose:

This command prepares the system to securely download Kubernetes packages from external HTTPS repositories. It:

Enables HTTPS-based package downloads

Verifies SSL certificates to prevent compromised sources

Uses curl to fetch remote data

Allows GPG verification to ensure package authenticity

Step 2: Add Kubernetes GPG Signing Key

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.29/deb/Release.key | \
sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

Purpose:

This command downloads the official Kubernetes GPG key and stores it locally.
It ensures that only trusted and signed Kubernetes packages can be installed on the system.

Step 3: Add Kubernetes APT Repository:

echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] \
https://pkgs.k8s.io/core:/stable:/v1.29/deb/ /' | \
sudo tee /etc/apt/sources.list.d/kubernetes.list

Purpose:

This adds the official Kubernetes repository to the system’s APT sources and links it with the GPG key, ensuring secure and verified package installation.

Step 4: Update Again

sudo apt-get update

This updates the system package index so APT becomes aware of the newly added Kubernetes repository and can download Kubernetes packages.

Step 5: Install Kubernetes Components

sudo apt-get install -y kubelet kubeadm kubectl

Purpose:

This installs the core Kubernetes components:

kubelet – Runs on every node and manages Pods

kubeadm – Used to bootstrap and manage the Kubernetes cluster

kubectl – Command-line tool to interact with the Kubernetes cluster

Together, these components enable cluster initialization, node communication, and workload management.

After Executing all the commands the Master server will look like:

Then after that configure NodeServer also:

Now after that verfiy on Master by running "kubectl get nodes"

After that check on Node Server it will show that "This node has joined the cluster"

You can check out the complete documentation on how to install and run a** Kubernetes cluster using kubeadm** here:

👉 https://github.com/SAFI-ULLAHSAFEER/kubestarter/tree/main/Kubeadm_Installation_Scripts_and_Documentation

Concept of Pod in Kubernetes:

Pod

A Pod is where your Docker containers run.
It is the smallest unit of Kubernetes where your application is actually running.

Kubernetes uses the Container Runtime Interface (CRI) in the background, and internally it calls containerd to run containers.

A Pod acts like a house for containers. Inside a Pod, you can define:

Environment variables

Resource limits

Application configuration

All required resources are enclosed inside a Pod.

Containers cannot scale alone. In Kubernetes, we scale Pods, not individual containers.
Multiple containers run inside Pods, and creating multiple Pods is called scaling.

Clone the Application Repository:

git clone https://github.com/SAFI-ULLAHSAFEER/two-tier-flask-app.git

After cloning, move into the Kubernetes directory where all manifest files are present:

Now configure the "twotier-app-pod.yml" file:

press :wq and then press enter to save the file

After that run "Kubectl apply –f two-tier-app-pod.yml"

The pod is successfully configured now.

After that moving towards Deployment.

Deployment

A Deployment is used to manage and configure Pods.

In a Deployment:

We define a Pod template

Kubernetes creates multiple replicas of that Pod based on our requirement

In production, Deployments provide:

Auto-scaling

Auto-healing

High availability

If any Pod or container crashes, Kubernetes automatically creates a new one, ensuring the application runs smoothly.

Configure Deployment file "twotier-app-Deployment.yml :

after that press :wq and enter to save the

After that run "Kubectl apply –f two-tier-app-Deployment"
and then check pods by running "kubectl get pods"

Service

To give access to a Deployment from the outside world, we need a Service.

A Service provides a single, stable entry point to access the application.

When a user wants to access the application from outside, they cannot directly access Pods, because Pods are dynamic and each Pod has its own IP address.

Instead, the user first accesses the Service, and the Service then forwards the request to the Deployment.
Since a Deployment can have multiple Pods and multiple container IPs, the Service acts as a single logical node and load-balances traffic across all Pods.

These three components Pod, Deployment, and Service are very important to run a single-tier application in Kubernetes.

In a multi-tier application, such as when we also have a database layer, additional components like Persistent Volumes and Persistent Volume Claims are required.

Now Configure "twotier-app-svc.yml"

after that check it by "kubectl get service"

After that create a directory on path for persistent volume: /home/ubuntu/two-tier-flask-app/mysqldata

After that create two-tier-flask-app/k8s$ vim mysql-pv.yml

Now after that two-tier-flask-app/k8s$ vim mysql-pvc.yml

Persistent Volume vs Persistent Volume Claim

Persistent Volume (PV) is used to create or allocate storage at the cluster level.
Persistent Volume Claim (PVC) is used to request storage by specifying how much storage an application needs.
In simple terms:
PV provides the actual storage
PVC asks for the required amount of storage
Kubernetes automatically matches a PVC with an appropriate PV and attaches it to the pod.

Now after that run "kubectl apply -f twotier-app-pv.yml"
and "kubectl apply -f twotier-app-pvc.yml"

Now after that create vim mysql-deployment.yml

and then press :wq and then enter and then configured it by running "kubectl apply -f mysql-deployment.yml"

After that create /two-tier-flask-app/k8s$ vim mysql-svc.yml

after that verify all the nodes, pods and services

Now you can access your Flask app from browser:

Use any node’s IP (control-plane or worker). In my case:
Master node: ip-172-31-33-58
Worker node: ip-172-31-37-23

Combine it with the NodePort 30004 later i have updated 30007 with port 30004 you can also confiure it on anyport between (In Kubernetes, the default port range for a NodePort service is 30000-32767):

*Finally, the application is live and running successfully *

Wrapping Up

We’ve successfully taken a two-tier Flask + MySQL application from containerization with Docker and Docker Compose all the way to production-ready deployment on Kubernetes.

From building images and pushing them to Docker Hub to orchestrating services, scaling pods, and exposing the application via Kubernetes, this journey covered the complete modern DevOps workflow.

"How to Automate Spring Boot Deployment with Shell Script & Vagrant (Step-by-Step for Beginners)"

SAFI-ULLAH SAFEER — Sun, 01 Jun 2025 23:56:02 +0000

🎯 Level: Beginner-friendly

📂 Project Repo: https://github.com/SAFI-ULLAHSAFEER/Shell-Script

🛠️ Why Shell Script Automation?

Automating application deployments saves time and reduces human errors. In this blog, I’ll walk you through deploying a Spring Boot WAR app inside a Vagrant-managed Ubuntu machine using a Shell Script. All actions are visualized step-by-step with real screenshots. Perfect for beginners in DevOps, scripting, or system setup!

📦 Prerequisites

Installed: Git, Vagrant, VirtualBox

Basic knowledge of Linux terminal

A Spring Boot WAR file (included in the GitHub repo)

📁 Step 1: Clone the Project

Open the VS code

Type the following command git clone https://github.com/SAFI-ULLAHSAFEER/Shell-Script

📂 Step 4: Navigate to Your Spring Boot App Directory

Start the Vagrant Box

🛠️ This command will automatically create and configure a virtual Linux machine for you, .This command logs you into the virtual Ubuntu machine where everything will run.

As you can see the black console screen only we called it as a multi-user.target in linux.

Now Next Step is SSH Into the Machine

After that Navigate to Your Spring Boot App Directory
By default, Vagrant shares your local directory under /vagrant.

After that next step is Create setup.sh Script

Now the next step is to Make the Script Executable and Run

chmod +x setup.sh
sudo ./setup.sh

This will:

Update packages

Install Java and Tomcat

Deploy your WAR file

Restart Tomcat

Now the NeXT Step is Check the IP Address by running command:
ip a

The following ip address of machine will appear

Now the next Step is Access Your App in the Browser

then press enter and the following screen will appear

🚀 Congratulations! If everything worked—you’ll see your Spring Boot app live!

Exit and Destroy the Vagrant Machine (Cleanup)
After verifying the app in the browser, clean up your VM:

exit
vagrant destroy

This command:

Logs out of the VM

Prompts you to confirm destroying the environment

Frees up system resources

Final Thoughts ❤️

This hands-on guide is your stepping stone into automation with shell scripting. Share this with your peers and drop your questions below. Happy scripting!

Build a Secure Web Server on AWS: A Step-by-Step Guide Deploying a secure and scalable web application on AWS using AWS services

SAFI-ULLAH SAFEER — Sun, 24 Nov 2024 09:03:22 +0000

Deploying a secure and scalable web application on AWS may seem challenging, but with proper guidance, it’s achievable. This article follows a structured approach to set up a fully functional web server using AWS services like Amazon VPC, IAM, EC2, and Systems Manager.

Step 1: Design Your Architecture
Before jumping into implementation, take a moment to review the architecture diagram for your web application. It will guide you as we configure each AWS service.

Key points:

Create a VPC and Subnets

An Amazon VPC is a logically isolated virtual network you define, allowing you to launch AWS resources in a secure, isolated environment. We'll use the VPC wizard to quickly set up the entire virtual network for our web server, including subnets, routing, and other resources.

Set Up Security Groups

Security groups control inbound and outbound traffic for associated resources, like servers. Your VPC comes with a default security group, but you can create additional groups with custom inbound and outbound rules.

We'll create two security groups to secure our website. One will protect the resources in the public subnets, allowing only the necessary traffic. The other will specifically secure the web server instance.

Configure IAM Roles

AWS Identity and Access Management (IAM) is a service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access.

We'll configure IAM to tightly control which AWS resources our web server can access, granting only the necessary permissions.

Launch an EC2 Instance Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.

In the following section, we'll deploy our web server using Amazon EC2.

Manage Instance with AWS Systems Manager

Session Manager is a fully managed AWS Systems Manager capability. With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs).

We'll use Session Manager to securely access the web server for administrative purposes.

Create Application load Balancer

AWS offers several types of load balancers to distribute traffic across your infrastructure.

In this section, we'll be setting up an Application Load Balancer (ALB). With the ALB, we'll be able to route incoming web traffic to our single EC2 web server instance. The load balancer will handle the network configuration and security policies to enable secure communication between clients and the web server.

Create S3 Bucket and upload Files on it

Amazon Simple Storage Service (Amazon S3) is an object storage service offering industry-leading scalability, data availability, security, and performance. Millions of customers of all sizes and industries store, manage, analyze, and protect any amount of data for virtually any use case, such as data lakes, cloud-native applications, and mobile apps.

We'll store files in an Amazon S3 bucket, allowing users to access them directly from the website.

Test Your Setup

Browse to the website!

Let’s dive in!

Instructions

Navigate to the AWS Management Console and locate the VPC service.

Click on Create VPC Select VPC and more. This will start the VPC wizard.

**Great job! **You've successfully set up the network infrastructure for our new web server.

Now Browse to the Security Groups part of the Amazon EC2 service.

Now Create two Security Groups here with the following settings

The first one is Security group name Load Balancer Security Group

After defining all the rules click on create

Next, repeat the process to create a Security Group with the following settings.

Make sure to add this rule in the Second Group which is WebserverSecurityGroup

After that Confirm both the security groups have been created.

Great, we've created two new Security Groups to limit traffic to specific ports. We'll be using these later on in the setup.

Now We'll configure IAM to tightly control which AWS resources our web server can access, granting only the necessary permissions.

Create a new IAM role and associate it with the EC2 instance profile for the web server.
Select Roles, then click Create role.

Select EC2 Role for AWS Systems Manager and click Next

AWS Systems Manager is a service that allows you to securely administer and manage your EC2 instances, without needing to access them over the public Internet. This role will grant the necessary permissions for Systems Manager to connect to and manage our web server instance.

Confirm that the AmazonSSMManagedInstanceCore policy has been added to the role and click Next

Congratulations! You've created an IAM role which will be associated with the EC2 instance profile for our web server. This role provides the necessary permissions for the instance to access other AWS resources, as well as allowing secure administration through AWS Systems Manager, without needing to expose the instance directly to the public Internet.

Now we'll deploy our web server using Amazon EC2

Browse to the EC2 service.

Some points to be Remember while configuring EC2

Customers have the flexibility to launch Amazon EC2 instances with a wide selection of operating systems and pre-configured images.
For our simple web server, we'll select the Amazon Linux 2023 AMI (Amazon Machine Image) in the 64-bit (x86) architecture.

Normally, you'd create a key pair to enable secure SSH access to the EC2 instance. But in this case, we'll skip the key pair since we'll be using AWS Systems Manager to connect, rather than direct SSH.
Select Proceed without a key pair (Not recommended)

In Network settings, click the Edit button to configure the EC2 instance's networking. Associate the new instance with the Amazon VPC and private subnet we set up earlier.

Expand Advanced details

. Under** IAM instance profile, choose WebServerInstanceProfile.** This is the instance profile we created earlier, which will allow us to privately connect to the server.

We want the server to run a script on boot that installs the necessary PHP web server components. We can accomplish this by specifying user data.
Enter the code below into the user data field.

!/bin/bash

yum update -y

Install Session Manager agent

yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
systemctl enable amazon-ssm-agent

Install and start the php web server

dnf install -y httpd wget php-json php
chkconfig httpd on
systemctl start httpd
systemctl enable httpd

Install AWS SDK for PHP

wget https://docs.aws.amazon.com/aws-sdk-php/v3/download/aws.zip
unzip aws.zip -d /var/www/html/sdk
rm aws.zip

Install the web pages for our lab

if [ ! -f /var/www/html/index.html ]; then
rm index.html
fi
cd /var/www/html
wget https://ws-assets-prod-iad-r-iad-ed304a55c2ca1aee.s3.us-east-1.amazonaws.com/2aa53d6e-6814-4705-ba90-04dfa93fc4a3/index.php

Update existing packages

dnf update -y

After that Click Launch Instance to complete the configuration and launch the new web server.

Once the instance is launched, you'll see a success message. Click on the underlined Amazon EC2 instance ID to navigate back to the EC2 dashboard.

Excellent work! You've successfully created the web server, leveraging all the foundational components we set up previously.

Now We'll use Session Manager to securely access the web server for administrative purposes.
Session Manager is a fully managed AWS Systems Manager capability. With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs).

In the Amazon EC2 dashboard, select the web server instance. You'll notice it only has a private IP address, not a public one.

Now select your EC2 instance and click on Connect

Take a moment to marvel at the web server shell, then proceed to run the following commands:

echo -n 'Private IPv4 Address: ' && ifconfig enX0 | grep -i mask | awk '{print $2}'| cut -f2 -d: && \
echo -n 'Public IPv4 Address: ' && curl checkip.amazonaws.com

Now From the navigation menu, click on the Load Balancers link, then click Create load balancer.

The Application Load Balancer (ALB) operates at the application layer, providing advanced traffic routing capabilities, in contrast to other load balancer options like the Network Load Balancer which functions at the network layer.

Click Create under Application Load Balancer.

Configure the Application load balancer with the following basic and network settings:

A target group defines the targets (e.g. EC2 instances) that the load balancer will route traffic to. Configure the new target group with the following settings:

Select mywebserver and click include as pending below. This will configure the load balancer to route web traffic from the Internet to the EC2 web server instance.

Click Create target group to finalize the setup, then close the browser tab to return to the load balancer configuration.

In the Listeners and routing section, click the refresh button and select the WebServerTargetGroup we just created.

Leave the remaining settings as default and click Create load balancer

Awesome! You have created an Application Load Balancer. For this workshop, it is configured to route incoming HTTP (port 80) web traffic from the Internet to your EC2 web server instance. In a production environment, you would want to configure the load balancer to use HTTPS for secure communication.

Navigate to the Listeners and Rules tab and click on the WebServerTargetGroup link. Verify that there is one healthy target listed.

Initially

Tip

If the load balancer is not fully provisioned or the target group doesn't show a healthy instance, give it a few minutes to sort itself out - it usually takes 3-5 minutes.

Finally there is one healthy target listed.

Now let's locate the public URL for the load balancer. You can find this under the DNS name on the Load Balancer page.

Copy the DNS name from the Load Balancer page and paste it into a new browser tab.

Now paste it into a new browser tab.

The following screen will appear** We have a functioning website!** You can browse to the load balancer's public DNS address from any device. When you do, you'll see the website with options to perform various actions. The first option is related to Amazon S3 storage, so let's continue by provisioning the necessary storage.

Now Browse to the Amazon S3 service.

Give a unique name to your bucket just like in this case I have used awslearningclubmust

Leave the other settings as the defaults, then click Create bucket.

Next, let's upload some files to the bucket. Download the required files,from here
[(https://ws-assets-prod-iad-r-iad-ed304a55c2ca1aee.s3.us-east-1.amazonaws.com/2aa53d6e-6814-4705-ba90-04dfa93fc4a3/UnzipAndUpload.zip)]
unarchive them locally.

Or you can upload your own files

After uploading the objects on your bucket now go your EC2 Connection tester the URL DNS paste it on your browser earlier put your bucket name like in this case awslearningclubmust and your region us-east-1

Click Browse. Interesting, it looks like an error occurred. Can you investigate and figure out what might be causing that?
And as expected you got the following error to access this page.

But don't worry here is the last twist
Browse to the IAM service.

Under Permission policies, click Add permissions and select Attach policies

Search for s3. Select the AmazonS3ReadOnlyAccess AWS managed policy and click Add permissions

Switch back to the website and try using the Amazon S3 bucket object browser again.

Fantastic work! You've completed the full implementation of the web server and S3 integration, showcasing your ability to deploy a AWS-powered web application. This hands-on experience has equipped you with valuable skills in areas like networking, security, compute, and storage.

Test your Knowledge

What is an Availability Zone and why use more than one?

An Availability Zone is a group of one or more data centers within an AWS Region. Using multiple Availability Zones provides redundancy and high availability for your resources, protecting against failures in a single location.

What's the maximum number of subnets in an Amazon VPC?

The VPC wizard has some limitations, but you can create up to 200 subnets per VPC if needed.

**What's the difference between an IAM role and an IAM permission?

**An IAM role is a container that holds IAM permissions, which define the specific allowed actions and resources, to be assumed by trusted entities.

What are the key benefits of using AWS Systems Manager to manage the web server instance?

The key benefit of using AWS Systems Manager is the ability to securely manage and maintain the web server instance without exposing management ports to the public Internet, along with a range of other administrative capabilities.

What security principle does the IAM setup we just completed aim to follow?

The security principle that IAM and the process we followed adheres to is the principle of least privilege; only granting the minimum permissions necessary for the EC2 instance to perform its required functions.

Approximately how many different Amazon EC2 instance types are available?

There are over 800 Amazon EC2 instance types to choose from, allowing you to select the right compute, memory, storage, and networking capabilities to match the requirements of your specific workloads.

What are the default inbound and outbound rules when creating a new Security Group?

By default, a newly created Security Group denies all inbound traffic and allows all outbound traffic.

Establishing a Site-to-Site VPN Connection on AWS: A Real-Time Project

SAFI-ULLAH SAFEER — Sat, 12 Oct 2024 10:19:29 +0000

When you launch instances into an Amazon Virtual Private Cloud (VPC), they cannot, by default, communicate with your on-premises network. To enable secure communication between your on-premises network and AWS resources, you need to establish a Site-to-Site VPN connection. This article will guide you through the key concepts involved in setting up a Site-to-Site VPN connection, ensuring secure and reliable connectivity.

Project Overview:
The goal is to create a secure communication channel between the AWS side in the Mumbai region and the customer end in Singapore through a site-to-site VPN. This connection enables seamless data transfer between an on-premises network and the AWS cloud. Below is a step-by-step guide for setting up this VPN connection using AWS services.

What is a VPN Connection?
A VPN connection creates a secure, encrypted communication channel between your on-premises equipment (such as servers or devices) and your AWS VPC. This connection enables your on-premises network and AWS to communicate securely over the internet, protecting sensitive data from exposure to public networks.

Understanding VPN Tunnel
A VPN tunnel is an encrypted link through which data can pass from the customer network to or from AWS. Each VPN connection includes two VPN tunnels that can be used simultaneously for high availability, ensuring that even if one tunnel fails, the other continues to function.

What is a Virtual Private Gateway?
A Virtual Private Gateway (VGW) is the AWS side of a VPN connection that acts as an entry point for traffic coming from an on-premises network via a Site-to-Site VPN. It's a critical component that enables communication between your VPC and your Customer Gateway (CGW), facilitating a secure connection.

Customer Gateway
The Customer Gateway is an AWS resource that provides information about your on-premises network, such as the public IP address, and facilitates the secure connection between the AWS and customer sides.

Step 1: Setting up the Singapore VPC (Customer End)
First, create a VPC in the Singapore region for the customer or on-premises end with CIDR 192.168.0.0/24. Be sure to attach a public subnet to this VPC.

EC2 Instance Configuration
Launch an EC2 instance in the Singapore region using AMI 2 Amazon Linux machine available under the free tier. And make sure you enable these three mentions protocols for security group ICMP,SSH,TCP

Now create another VPC on aws-side Mumbai region with CIDR 172.16.100.0/24

![Image description](https://dev-to-uploads.s3.amazonaws.com/uploads/articles/8ks8n4giytcp7g614396.png

After setting up both the VPC now the next step is to create virtual gateway on Mumbai region AWS-side

After the creation of virtual private gateway on Mumbai region attach it with your VPC which is in Mumbai region.

Now select you vpc from here which you have established in Mumbai region and attach to your virtual private gateway

After that create a customer gateway in your Mumbai region and allocate the public ip pf EC2 instance which is in Singapore region that we have recently created.

Give public ip of on premises instance which is in Singapore region at customer end

Copy it from here and provide to your customer gateway which is in aws-side Mumbai region

Paste it here

Now in Mumbai region create a site-to-site vpn connection

Select your virtual private gateway that you have created earlier and customer gateway

After that provide Routing: static
static ip prefix: Singapore region VPC CIDR as prefix which is 192.168.0.0/24. **
Also provide your AWS-side CIDR which is 172.16.100.0/24 on remote CIDR.** And provide your customer-end CIDR which is 192.168.0.0/24 on local CIDR block.

After the creation of vpn-site-site connection. wait for 2 to 3 minutes after the status become available and click on download configuration open it on your notepad. This configuration will help you all over this lab.

*Now the next step is to go to route table and edit route propagations on Mumbai region make sure to enable it
*

Make it enable by checking the box

Copy the ip of signapore EC2 instance for ssh

Now open your terminal from which you want to SSH I am using mobaxterm and it is friendly to use . Paste your public ip on remote host and specify user name ec2-user and check private key and provide your private key and click on okay

Now you have SSH your EC2 machine which is in Singapore region

At the end of the article i will attached all the Commands that will help you to established vpn-site-site.

First use sudo -i as a root user login to give admin rights
After that use yum install libreswan -y to install openswan vpn
Finally you have installed your vpn I have used the command yum install libreswan –y in my case.

After the installation of openswan use second comamnd Vim /etc/ipsec.conf For security configuration save file on vim:

After that press :wq and then press enter

now after coming to the main screen enter new command which is System control configuration command
Vim /etc/sysctl.conf

Paste this command on your file
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

*Then after that press escape button and write -> :wq then press enter
Press I to insert your command on next line then after that press escape *

After that use this command Restart network service:
service network restart

Also open your configuration on notepad that you have *downloaded from Mumbai region site-to-site vpn connection
*

Now in this configuration file you will see outside ip address and inside ip address.*outside ip address is public ip address of your customer end and aws end *

Now next step you have to do is you have making some chnges in your command for tunnel 1 to make it up available so for that take all your configuration for tunnel 1 and open separate in notepad just like below

Four changes you have to make on this notepad tunnel configuration file
First chnge provide left id:
Left id=customer gateway outside ip address which is in your configuration file.
Second change provide right id:
right=virtual private gateway outside ip address in configuration files
Third change: provide left subnet which is your Singapore region VPC IP customer end or on premises Left subnet is Singapore region customer or on-premises end subnet in this case 192.168.0.0/28
Fourth change: provide right subnet which is your Mumbai region VPC IP AWS-side.

*Make you your configuration is similar to this for tunnel 1 *

Paste in the terminal press :wq and then press enter

Now the next step is to make change in your next command three things we need in this first out customer gateway outside ip address and virtual gateway outside ip address that we used earlier. The new thing we need in this case pre-shared key. All these items are present in our Download configuration file just paste it here

*Copy the pre-shared key *

Now you just have to *paste these three inside your vim /etc/ipsec.d/aws-vpn.secrets
*

NOW After that enter these three commands one by one to make the vpn active and running and make your tunnel1 status up

Commands to enable/start ipsec service $ chkconfig ipsec on $ service ipsec start $ service ipsec status

END .....................

Finally site –to –site vpn connection is established active and running.

You can also check your tunnel is active and running. As there are two tunnel you can also configure second tunnel. The main of both tunnel is to make it available on every time and provide not any down time while connecting your customer end with aws side

Here is the list of commands that will be required to you to established this site-to-site vpn connection.

Commands for Installation of Openswan
i. Change to root user:
$ sudo su
ii. Install openswan:
$ yum install openswan -y
iii. In /etc/ipsec.conf uncomment following line if not already
uncommented:
include /etc/ipsec.d/*.conf
iv. Update /etc/sysctl.conf to have following
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
v. Restart network service:
$ service network restart
Command for /etc/ipsec.d/aws-vpn.conf
conn Tunnel1
authby=secret
auto=start
left=%defaultroute
leftid=Customer end Gateway VPN public IP
right=AWS Virtual private gateway ID- public IP
type=tunnel
ikelifetime=8h
keylife=1h
phase2alg=aes128-sha1;modp1024
ike=aes128-sha1;modp1024
keyingtries=%forever
keyexchange=ike
leftsubnet=Customer end VPN CIDR
rightsubnet=AWS end VPN CIDR
dpddelay=10
dpdtimeout=30
dpdaction=restart_by_peer
Contents for /etc/ipsec.d/aws-vpn.secrets
customer_public_ip aws_vgw_public_ip: PSK "shared secret"
Commands to enable/start ipsec service
$ chkconfig ipsec on
$ service ipsec start
$ service ipsec status
END .....................

Creating a WordPress Server on Azure App Service

SAFI-ULLAH SAFEER — Mon, 23 Sep 2024 05:25:20 +0000

Introduction
Microsoft Azure provides a scalable platform for deploying web applications, including popular content management systems (CMS) like WordPress. With Azure App Service, you can easily host a WordPress site without worrying about managing infrastructure. This article will guide you through setting up a WordPress server on Azure.

Prerequisites
Azure Account: If you don't have one, sign up for a free account here.
Basic Understanding of Web Hosting: Familiarity with WordPress and hosting concepts.

Step 1: Log in to the Azure Portal
Head over to portal.azure.com and log in with your credentials. Once logged in, you'll have access to the Azure dashboard.

Step 2: Create a New Resource
In the Azure portal, click on Create a Resource from the left-hand sidebar. Type WordPress in the search bar and select the WordPress option under Web App.

Step 3: Configure WordPress App Service
You'll be prompted to configure your new WordPress web app:

Subscription: Select your Azure subscription.
Resource Group: Create a new resource group or use an existing one. A resource group is a container with related resources for an Azure solution.

App Name: Choose a unique name for your WordPress application (this will be the domain name for your app, such as yourapp.azurewebsites.net)

Step 4: Set Up Database
WordPress requires a MySQL database for its backend. Azure provides the Azure Database for MySQL service, which is automatically suggested when creating a WordPress site. You will need to:

Database Provider: Select MySQL in-app or Azure Database for MySQL.
Database Name: Azure generates one for you, but you can customize it.
For production workloads, it's recommended to use Azure Database for MySQL, as it offers better performance and reliability.

Step 5: Choose a Hosting Plan
Azure App Service Plan determines the pricing tier and features for your WordPress site:

Pricing Tier: Select the plan that fits your needs. For testing or low-traffic websites, the free or shared plans (like B1) work well. For larger websites, consider a Standard or Premium plan, which offers scaling options and better performance.

Step 6: Deploy WordPress
After selecting your database and pricing plan, click Review + Create. Azure will validate the configuration, and once it passes, click Create to deploy your WordPress application. This may take a few minutes.

Configure WordPress

When you open the site URL, the WordPress installation screen appears. You'll need to configure the basic settings:

Language: Select your preferred language.
Database Name: Azure should already pre-configure the database details.
Admin Username and Password: Choose your WordPress admin credentials.
Site Title: Give your site a title (you can change this later).
Click Install WordPress to complete the installation.

** Access Your WordPress Site**
Once deployment is complete, navigate to the App Service resource you just created. You can access your WordPress site by clicking on the URL in the app service overview.

Paste your domain URL into the browser:

eastus2-01.azurewebsites.net

Here is your WordPress website home page

You can make changes to it from the pages option

You can also make changes on the main page

Like this one, I have added my bio to this page

So finally you have created a WordPress server using Azure's default domain and you have made chnges to it you can upload pictures or other changes you want to make

I have prepared comprehensive notes for the Microsoft Azure AZ-900 exam using various resources and updated Azure documentation

SAFI-ULLAH SAFEER — Sun, 22 Sep 2024 18:26:59 +0000

Cloud Computing
Cloud computing is the delivery of computing services over the Internet. These services include essential IT infrastructure such as virtual machines, storage, databases, and networking. Moreover, cloud computing enhances traditional IT services by incorporating technologies like the Internet of Things (IoT), machine learning (ML), and artificial intelligence (AI).
One of the main advantages of cloud computing is its scalability, which allows users to rapidly increase their IT infrastructure without the constraints of physical data centers.

Cloud Service Providers

SOME POPULAR CLOUD SERVICE PROVIDERS ARE:
AWS(AMAZON WEB SERVICE). (launched in 2006)
MICROSOFT AZURE. (launched in feb 2010)
GCP(GOOGLE CLOUD PLATFORM).

What is Azure

Azure is Microsoft’s cloud computing platform with an ever expanding set of services to help you build solutions to meet your business goals.
Azure supports Infrastructure platforms and software as a service computing with services such as virtual machines running in the cloud website and database hosting and advanced computing services like Artificial intelligence machine learning and IOT.
Most of the azure services are pay-as-you-go you only pay for the computing time that you use.

The Shared Responsibility Model
In traditional corporate data centers, organizations are responsible for managing physical infrastructure, security, and maintaining server operations. With the shared responsibility model in the cloud, responsibilities are divided between the cloud provider and the consumer.
The cloud provider is responsible for physical infrastructure (such as data centers, power, cooling, and network connectivity), while consumers are responsible for their data, access management, and security settings. This model ensures that cloud services are secure and reliable.

Cloud Service Models

There are several cloud service models, each offering different levels of control, flexibility, and management:

Infrastructure as a Service (IaaS): Provides virtualized computing resources over the internet, allowing businesses to manage their applications and data but leaving infrastructure maintenance to the cloud provider.

Platform as a Service (PaaS): Enables users to build, manage, and deploy applications without worrying about the underlying infrastructure.

Software as a Service (SaaS): Delivers software applications over the internet, where the cloud provider manages both the application and infrastructure.

Cloud Deployment Models

Azure supports several cloud deployment models, allowing businesses to choose the best setup for their needs:

Public Cloud: Resources are owned and operated by a third-party cloud provider like Azure.

Private Cloud: Resources are used exclusively by a single organization and can be hosted on-premises or by a third-party provider.

Hybrid Cloud: Combines public and private clouds, allowing for data and applications to be shared between them.

Azure Physical Infrastructure

As a global cloud provider, Azure has data centers around the world. However, these individual data centers aren’t directly accessible. Datacenters are grouped into Azure Regions or Azure Availability Zones that are designed to help you achieve resiliency and reliability for your business-critical workloads.

A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.
When you deploy a resource in Azure, you'll often need to choose the region where you want your resource deployed.
Availability Zones:

Availability zones are physically separate data centers within an Azure region. Each availability zone is made up of one or more data centers equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Region pairs
Most Azure regions are paired with another region within the same geography (such as the US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect an entire region. For example, if a region in a pair was affected by a natural disaster, services would automatically failover to the other region in its region pair.

Content Delivery Network

To frequently access data in a few countries Azure has made an Edge server.
It stores Frequently access resources in cache memory and provides to the customer

Describe the consumption-based model:

When comparing IT infrastructure models, there are two types of expenses to consider. Capital expenditure (CapEx) and operational expenditure (OpEx).

CapEx is typically a one-time, up-front expenditure to purchase or secure tangible resources. A new building, repaving the parking lot, building a data center, or buying a company vehicle are examples of CapEx.

In contrast, OpEx is spending money on services or products over time. Renting a convention center, leasing a company vehicle, or signing up for cloud services are all examples of OpEx.

Cloud computing falls under OpEx because cloud computing operates on a consumption-based model. With cloud computing, you don’t pay for the physical infrastructure, the electricity, the security, or anything else associated with maintaining a data center. Instead, you pay for the IT resources you use. If you don’t use any IT resources this month, you don’t pay for any IT resources.
This consumption-based model has many benefits, including:
No upfront costs.
No need to purchase and manage costly infrastructure that users might not use to its fullest potential.
The ability to pay for more resources when they're needed.
The ability to stop paying for resources that are no longer needed.

Describe the benefits of using cloud services

High availability

When you’re deploying an application, a service, or any IT resources, the resources must be available when needed. High availability focuses on ensuring maximum availability, regardless of disruptions or events that may occur.
When you’re architecting your solution, you’ll need to account for service availability guarantees. Azure is a highly available cloud environment with uptime guarantees depending on the service. These guarantees are part of the service-level agreements (SLAs).

Scalability

The other benefit of scalability is that you aren't overpaying for services. Because the cloud is a consumption-based model, you only pay for what you use. If demand drops off, you can reduce your resources and thereby reduce your costs.
Scaling generally comes in two varieties: vertical and horizontal. Vertical scaling is focused on increasing or decreasing the capabilities of resources. Horizontal scaling is adding or subtracting the number of resources.

Vertical scaling
With vertical scaling, if you were developing an app and you needed more processing power, you could vertically scale up to add more CPUs or RAM to the virtual machine. Conversely, if you realized you had over-specified the needs, you could vertically scale down by lowering the CPU or RAM specifications.

Horizontal scaling

With horizontal scaling, if you suddenly experience a steep jump in demand, your deployed resources could be scaled out (either automatically or manually). For example, you could add additional virtual machines or containers, scaling out. In the same manner, if there was a significant drop in demand, deployed resources could be scaled in (either automatically or manually), scaling in.

Reliability or Fault Tolerance

Reliability is the ability of a system to recover from failures and continue to function. It's also one of the pillars of the Microsoft Azure Well-Architected Framework.

The cloud, by its decentralized design, naturally supports a reliable and resilient infrastructure. With a decentralized design, the cloud enables you to have resources deployed in regions around the world.

With this global scale, even if one region has a catastrophic event other regions are still up and running. You can design your applications to automatically take advantage of this increased reliability.

In some cases, your cloud environment itself will automatically shift to a different region for you, with no action needed on your part.

Disaster Recovery:
Azure provides built-in disaster recovery solutions by enabling the replication of data across regions, ensuring minimal downtime during disruptions.

MICROSOFT AZURE FAMOUS CERTIFICATIONS:

YOU CAN EXPLORE MORE CERTIFICATION HERE

Azure Training + Certification Guide (microsoft.com)
https://aka.ms/AzureTrainCertDeck?WT.mc_id=Azure_BoM-wwl

Summary:

Learning objectives
You should now be able to:
Define cloud computing.
Describe the shared responsibility model.
Define cloud models, including public, private, and hybrid.
Identify appropriate use cases for each cloud model.
Describe the consumption-based model.
Compare cloud pricing models
Describe Azure Global Infrastructure
Different Azure Certification and roles.

Visualize Data using Amazon Quick Sight

SAFI-ULLAH SAFEER — Sun, 15 Sep 2024 06:37:06 +0000

In today's world of big data, it's crucial to use clear and effective visualizations to make smart decisions. Amazon Quick Sight, a tool from Amazon Web Services (AWS), helps turn complex data into easy-to-understand visual reports. This project explores how to use Amazon Quick Sight to analyze a large dataset of Amazon best sellers, demonstrating how AWS services can handle and make sense of large amounts of data.

The dataset, comprised of 50,000 records detailing Amazon's top-selling products, was initially sourced from Bright Data. This rich collection of information offers a snapshot of consumer preferences and market trends. To facilitate analysis, the dataset was first stored in an Amazon S3 bucket, a secure and scalable storage solution provided by AWS. Amazon Quick Sight was then employed to create interactive dashboards and visualizations, enabling a deeper understanding of the data.
Step-by-Step Procedure for Visualizing Data with Amazon Quick Sight:

Download and Prepare the Dataset:
**
Obtain the CSV dataset file from Bright Data, containing 50,000 Amazon best seller records.
Here is the link of Bright data:
https://docs.brightdata.com/introduction
Ensure the dataset is clean and formatted correctly for analysis.
**Upload the Dataset to Amazon S3:

Create a new S3 bucket or select an existing one.
Upload the CSV file to the S3 bucket, ensuring proper access permissions are set.

Here both the file has been uploaded to our Bucket name (visualizedata-using-amazon-quicksightproject)

Now the the next step is copy the Bucket name and paste it on manifest.json

so the follwing update will appear in manifest.jason file.

Now after setup S3 the next step is :

Set Up Amazon Quick Sight:

Access Amazon Quick Sight from the AWS Management Console.
Sign up or log in to your Quick Sight account.
Configure necessary permissions and settings for your Quick Sight environment.

Now for sign up provide your gmail and also select S3 Bucket to allow access

Now select the Bucket you want Quick sight to be able to access

Now after creating account the following screen will appear

Now the next step is:
Create a New Data Source in QuickSight:

In Quick Sight, go to the “Datasets” section and choose to create a new dataset.
Select “S3” as the data source.
Provide the S3 bucket path where your CSV file is stored.
Configure the dataset options, such as file format and delimiter, if require

Now the next step is provide data-source name and provide the url of your manfiest.json file you have uploaded on Bucket

Now click on visualize to finish dataset creation

Now select the format interactive sheet and click on create

Now you can ready to do different visulaizations like in this case

So the first visualization we have do in this case on word cloud Best Amazon selling products brands

We can also compare the price of different selling brands

and in the last we can also compare with availability

After completing the project make sure you have terminate the Quick sight the following screen will appear after terminating your Quick sight account

AWS Global Infrastructure: The Backbone of Modern Cloud Computing

SAFI-ULLAH SAFEER — Sun, 16 Jun 2024 04:33:10 +0000

Key Components of AWS Global Infrastructure

AWS Regions
AWS divides its global operations into geographical regions. Each region is a separate geographic area, and every region consists of multiple, isolated locations known as Availability Zones (AZs). As of 2024, AWS has 31 regions worldwide, with several more announced or under development.
Availability Zones
An Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity housed in separate facilities. Each region contains multiple AZs, allowing customers to design resilient and fault-tolerant applications. By deploying applications across multiple AZs, businesses can achieve high availability and disaster recovery.
Edge Locations
Edge locations are part of AWS’s content delivery network (CDN) known as Amazon CloudFront. They cache copies of your data closer to users, reducing latency and improving performance for content delivery. AWS has over 400 edge locations globally, ensuring fast content delivery to users regardless of their location.
Local Zones
AWS Local Zones are extensions of AWS regions that place compute, storage, database, and other select AWS services closer to large population and industry centers. This reduces latency and improves performance for applications that require single-digit millisecond latencies. Local Zones are particularly beneficial for real-time gaming, live video streaming, and machine learning.
Wavelength Zones
AWS Wavelength Zones embed AWS compute and storage services within telecommunications providers’ data centers at the edge of the 5G network. This allows developers to build applications that require ultra-low latency, such as IoT devices, machine learning inference at the edge, and augmented reality.

Benefits of AWS Global Infrastructure

High Availability and Fault Tolerance
AWS's infrastructure is designed for high availability. By using multiple AZs within a region, businesses can ensure their applications remain available even if one AZ fails. Regions are also isolated from one another, providing an additional layer of fault tolerance.
Global Reach
With regions and edge locations spread across the globe, AWS provides businesses with a global footprint. This extensive reach enables companies to serve their customers with low latency and high performance, no matter where they are located.
Scalability and Flexibility
AWS infrastructure allows businesses to scale their applications seamlessly. Whether you need to scale up for a global event or down during off-peak times, AWS provides the flexibility to adjust your resources according to your needs.
Security and Compliance
AWS places a strong emphasis on security. Each AWS region and AZ is built to the highest security standards, with multiple layers of physical and network security. AWS also complies with numerous global regulatory standards and certifications, making it a trusted platform for industries with stringent compliance requirements.
Performance Optimization
The global infrastructure is optimized for performance. By strategically placing data centers and edge locations, AWS minimizes latency and maximizes throughput. Services like AWS Direct Connect provide dedicated network connections to AWS, further enhancing performance for critical applications.

Innovations and Continuous Expansion
AWS continuously innovates and expands its infrastructure to meet the growing demands of its customers. Recent developments include new regions in strategic locations, additional edge locations to improve content delivery, and specialized infrastructure such as Local Zones and Wavelength Zones to cater to emerging technological needs.

New Regions and AZs
AWS frequently announces new regions and AZs to expand its global presence. These additions provide more options for data residency and disaster recovery planning, allowing customers to deploy their applications closer to their user base.

Green Energy Initiatives
AWS is committed to sustainability and aims to power its global infrastructure with 100% renewable energy by 2025. AWS has already made significant investments in solar and wind projects around the world, reducing the carbon footprint of its operations.

Conclusion
The AWS global infrastructure is a cornerstone of its cloud services, providing the foundation for high availability, scalability, and security. By leveraging a vast network of regions, availability zones, edge locations, local zones, and wavelength zones, AWS ensures that businesses can deliver high-performance applications to users worldwide. As AWS continues to innovate and expand, its global infrastructure will remain a critical asset for organizations looking to harness the power of cloud computing.

AWS Global Infrastructure: The Backbone of Modern Cloud Computing

SAFI-ULLAH SAFEER — Sun, 16 Jun 2024 04:33:07 +0000

Key Components of AWS Global Infrastructure

AWS Regions
AWS divides its global operations into geographical regions. Each region is a separate geographic area, and every region consists of multiple, isolated locations known as Availability Zones (AZs). As of 2024, AWS has 31 regions worldwide, with several more announced or under development.
Availability Zones
An Availability Zone is one or more discrete data centers with redundant power, networking, and connectivity housed in separate facilities. Each region contains multiple AZs, allowing customers to design resilient and fault-tolerant applications. By deploying applications across multiple AZs, businesses can achieve high availability and disaster recovery.
Edge Locations
Edge locations are part of AWS’s content delivery network (CDN) known as Amazon CloudFront. They cache copies of your data closer to users, reducing latency and improving performance for content delivery. AWS has over 400 edge locations globally, ensuring fast content delivery to users regardless of their location.
Local Zones
AWS Local Zones are extensions of AWS regions that place compute, storage, database, and other select AWS services closer to large population and industry centers. This reduces latency and improves performance for applications that require single-digit millisecond latencies. Local Zones are particularly beneficial for real-time gaming, live video streaming, and machine learning.
Wavelength Zones
AWS Wavelength Zones embed AWS compute and storage services within telecommunications providers’ data centers at the edge of the 5G network. This allows developers to build applications that require ultra-low latency, such as IoT devices, machine learning inference at the edge, and augmented reality.

Benefits of AWS Global Infrastructure

High Availability and Fault Tolerance
AWS's infrastructure is designed for high availability. By using multiple AZs within a region, businesses can ensure their applications remain available even if one AZ fails. Regions are also isolated from one another, providing an additional layer of fault tolerance.
Global Reach
With regions and edge locations spread across the globe, AWS provides businesses with a global footprint. This extensive reach enables companies to serve their customers with low latency and high performance, no matter where they are located.
Scalability and Flexibility
AWS infrastructure allows businesses to scale their applications seamlessly. Whether you need to scale up for a global event or down during off-peak times, AWS provides the flexibility to adjust your resources according to your needs.
Security and Compliance
AWS places a strong emphasis on security. Each AWS region and AZ is built to the highest security standards, with multiple layers of physical and network security. AWS also complies with numerous global regulatory standards and certifications, making it a trusted platform for industries with stringent compliance requirements.
Performance Optimization
The global infrastructure is optimized for performance. By strategically placing data centers and edge locations, AWS minimizes latency and maximizes throughput. Services like AWS Direct Connect provide dedicated network connections to AWS, further enhancing performance for critical applications.

Understanding AWS Identity and Access Management (IAM)

SAFI-ULLAH SAFEER — Sun, 16 Jun 2024 04:17:40 +0000

This article explores the key features, benefits, and best practices of AWS IAM, illustrating how it can help organizations manage their AWS environments securely and efficiently.

What is AWS IAM?
AWS Identity and Access Management (IAM) is a web service that enables you to manage access to AWS services and resources securely. With IAM, you can create and manage AWS users and groups and use permissions to allow or deny their access to AWS resources. IAM helps you manage identities (users, groups, roles, and policies) and provides fine-grained access control.

Key Features of AWS IAM

User Management
IAM allows you to create individual user accounts for people within your organization. Each user gets unique security credentials, which they can use to interact with AWS resources.
Groups
You can create groups in IAM and add users to these groups. This allows you to assign permissions to a group rather than to each individual user, simplifying permission management.
Roles
IAM roles provide a way to delegate access with temporary credentials. Roles can be assumed by users, applications, or services that need to perform actions on AWS resources.
Policies
Policies are JSON documents that define permissions. They specify what actions are allowed or denied for which resources. You attach policies to users, groups, or roles to define their permissions.
Multi-Factor Authentication (MFA)
MFA adds an extra layer of security by requiring users to provide a second form of authentication in addition to their password.
Federated Access
IAM supports federated access, allowing users to access AWS resources using existing corporate credentials or through identity providers.

Benefits of AWS IAM

Enhanced Security
IAM helps ensure that the right people have the appropriate access to your resources, reducing the risk of unauthorized access and potential security breaches.
Granular Control
With IAM policies, you can specify detailed permissions, providing precise control over who can access what resources and what actions they can perform.
Scalability
IAM scales with your AWS environment, allowing you to manage access for a growing number of users and resources without sacrificing control or security.
Centralized Management
IAM provides a centralized way to manage user access across all AWS services, simplifying administrative tasks and enhancing oversight.
Compliance and Auditing
IAM helps meet compliance requirements by providing detailed logs and auditing capabilities, ensuring that access is monitored and can be reviewed.

Best Practices for Using AWS IAM

Least Privilege Principle
Always follow the principle of least privilege, granting users only the permissions they need to perform their tasks.
Use Groups for Permissions
Assign permissions to groups rather than individual users to simplify management and ensure consistency.
Enable MFA
Enable MFA for all users, especially for users with privileged access, to add an extra layer of security.
Regularly Review IAM Policies
Regularly review and update IAM policies to ensure they reflect the current needs and security posture of your organization.
Use Roles for Applications and Services
Use IAM roles instead of storing credentials in applications. This enhances security by leveraging temporary credentials.
Monitor and Audit IAM Activity
Utilize AWS CloudTrail to monitor and log IAM activity. Regularly review these logs to detect and respond to suspicious activities.

Conclusion
AWS Identity and Access Management (IAM) is a critical service for managing access to your AWS resources securely and efficiently. By leveraging IAM's robust features and following best practices, organizations can ensure that their cloud environment is secure and that access to resources is appropriately controlled. IAM's ability to provide fine-grained permissions, support for multi-factor authentication, and integration with existing identity systems makes it an essential tool for any organization using AWS.

Unlocking Opportunities: The Microsoft Learn Student Ambassadors Program 2024

SAFI-ULLAH SAFEER — Sat, 15 Jun 2024 07:58:49 +0000

In the ever-evolving world of technology, staying ahead of the curve is paramount for aspiring tech professionals. The Microsoft Learn Student Ambassadors (MLSA) program has been a beacon of opportunity for students worldwide, offering a unique blend of learning, leadership, and networking. As we step into 2024, the MLSA program continues to empower students with an even more robust platform to grow, innovate, and lead.

What is the MLSA Program?
The MLSA program is a prestigious initiative by Microsoft designed to cultivate a global community of students passionate about technology. It aims to provide these students with the tools, resources, and support they need to develop their skills and contribute meaningfully to the tech community. By joining the program, students become part of an elite network of like-minded individuals, gaining access to exclusive events, mentorship opportunities, and cutting-edge learning resources.

Why Join the MLSA Program?

Comprehensive Learning Resources:
The MLSA program offers unparalleled access to Microsoft’s extensive suite of learning tools. Participants can dive into a myriad of topics ranging from cloud computing with Azure to the intricacies of AI and machine learning. With resources like Microsoft Learn, students can tailor their learning paths to suit their career goals and interests.

Leadership Development:
Becoming an MLSA is not just about acquiring technical knowledge; it’s also about honing leadership skills. Ambassadors are encouraged to lead local tech communities, organize events, and share their knowledge through workshops and webinars. This hands-on experience in community building and public speaking is invaluable for personal and professional growth.

Networking Opportunities:
The program offers a unique platform to connect with industry professionals, Microsoft experts, and fellow students from around the globe. These connections can lead to collaborations on projects, internships, and even job opportunities. The global network of MLSA alumni is a testament to the program's ability to foster meaningful professional relationships.

My recent MLSA Event Recording
Recording Url: https://youtu.be/clMZ7Ip0gUU?si=XzdxmOh-HxnOWnXx

Exclusive Events and Challenges:
MLSA participants gain access to exclusive events such as Microsoft Build, Ignite, and various hackathons. These events provide firsthand insights into the latest technological advancements and trends. Additionally, challenges and competitions within the program offer a chance to test skills and earn recognition.

Success Stories from the MLSA Community
Many MLSA alumni have gone on to achieve remarkable success in their careers. For instance, Jane Doe, an MLSA from the class of 2020, leveraged her experience to secure a position as a Software Engineer at a leading tech firm. Her journey highlights how the program’s resources and networking opportunities can pave the way for significant career advancements.

How to Apply for the 2024 Cohort
Applying to the MLSA program is a straightforward process designed to identify passionate and driven students. Here’s a step-by-step guide:

Eligibility Check:
Ensure you are enrolled in an accredited academic institution and are at least 16 years old.

Application Form:
Fill out the online application form available on the Microsoft Learn Student Ambassadors website. Be prepared to share your academic background, technical skills, and reasons for wanting to join the program.

Video Submission:
Create a short video (1-2 minutes) explaining why you would make a great Student Ambassador. Highlight your passion for technology and any relevant experiences or projects.
My MlSA Application video
Video Url: https://youtu.be/fKepaLvFZgg?si=SKabg2YZgeNMTsbc

Submit and Await Results:
Submit your application and wait for the review process. Successful candidates will be notified and inducted into the program.

A Comprehensive Guide to Amazon Simple Storage Service AWS S3

SAFI-ULLAH SAFEER — Thu, 22 Feb 2024 21:14:42 +0000

Introduction

Data is the key to success in today's digital environment for companies of all sizes. It's critical to safely and efficiently manage enormous volumes of data. This is the situation where AWS S3 is useful. Because of its unmatched scalability, dependability, and performance, AWS S3 (Amazon Simple Storage Service) is the preferred option for data storage and protection in a wide range of applications and sectors.

Understanding the Basics of AWS S3

What is AWS S3?
Amazon Web Services (AWS) offers object storage through its AWS S3 service, which is short for Amazon Simple Storage Service. It provides performance, security, availability of data, and scalability that dominate the industry.

Key Features of AWS S3

Scalability: With no upfront costs or setup required, AWS S3 can grow to handle any volume of data, from gigabytes to petabytes and beyond.
Data Availability: High availability and durability are ensured by AWS S3 by replicating data across several availability zones within a region.
Security: To protect data from unwanted access and breaches, AWS S3 offers strong security features including encryption, access control methods, and compliance certifications.
Performance: Low latency performance from Amazon S3 makes it possible to access data quickly and reliably from any location in the world. Storage Classes Offered by AWS S3 AWS S3 provides a range of storage types designed for various use cases and patterns of access. Let's explore some of the key storage classes:

1.## S3 Intelligent-Tiering
According to usage patterns, S3 Intelligent-Tiering dynamically divides data across frequent and typically access tiers to optimize storage costs.

2. S3 Standard

S3 Standard is ideal for frequently accessed data that requires low-latency access times and high throughput.

3. S3 Express One Zone

Applications that need low latency and high availability for data access inside a single AWS availability zone can use S3 Express One Zone.

4. S3 Standard-Infrequent Access (S3 Standard-IA)

S3 Standard-IA is suitable for data that is accessed less frequently but requires immediate access when needed.

5. S3 One Zone-Infrequent Access (S3 One Zone-IA)

S3 One Zone-IA provides inexpensive storage for rarely accessed data, much like S3 regular-IA. However, because it only stores data in one availability zone, it is less durable than the regular IA class.

6. S3 Glacier Instant Retrieval

S3 Glacier Instant Retrieval is designed for archive data that requires immediate access. It offers fast retrieval times for archived data.

7. S3 Glacier Flexible Retrieva

This storage type, formerly known as S3 Glacier, is appropriate for long-term data that is infrequently accessed and does not need to be accessible right away.

8. Amazon S3 Glacier Deep Archive

For long-term archiving and digital preservation, Amazon S3 Glacier Deep Archive is the best solution for cost-effective storage with hourly retrieval times.
you can also get more details about storage of S3 on AWS Official Documentation. Here is the link below.
https://aws.amazon.com/s3/storage-classes/.
Optimizing Data Management with AWS S3
In order to optimize expenses and fully enjoy the advantages of AWS S3, efficient data management is essential. Here are some best practices:

1.Organize Data Efficiently
Properly organizing data within AWS S3 buckets and folders ensures easy accessibility and maintenance. Implement a logical structure that reflects your organization's data hierarchy and access requirements.

2.Configure Access Controls
To efficiently manage user access and permissions, make advantage of AWS Identity and Access Management (IAM). Establish precise access controls to limit access to private information and stop illegal activity.

3.Implement Lifecycle Policies
Use AWS S3 lifecycle rules to automate data management activities like archiving and removing old data and switching between storage classes. This helps optimize storage costs and compliance.

4.Monitor and Analyze Storage Usage
Regularly monitor AWS S3 usage metrics and analyze storage patterns to identify opportunities for optimization. Use AWS Cost Explorer to visualize storage costs and identify areas for cost savings.

5.Secure Data with Encryption
To safeguard data stored in AWS S3, enable encryption both in transit and at rest. For increased security and regulatory compliance, use server-side encryption using AWS Key Management Service (KMS).

Frequently Asked Questions (FAQs)
How is the availability and durability of data ensured by AWS S3?
By duplicating data across many geographically separated data centers within a region, AWS S3 ensures redundancy and fault tolerance while achieving excellent durability and availability.

*Can I limit who has access to the data I save on Amazon S3? *
Yes, you may create granular permissions and access restrictions with AWS S3's comprehensive access control methods, which include bucket rules, access control lists (ACLs), and IAM roles.

What financial effects come with utilizing AWS S3?
Pay-as-you-go pricing is available for AWS S3, meaning you only have to pay for the data transmission and storage services you actually use. Data transmission speeds, storage capacity, and storage class all affect storage costs.

What distinguishes AWS S3 Glacier Deep Archive from other types of storage?
The least expensive storage solution for long-term data retention and digital preservation is provided by Amazon S3 Glacier Deep Archive. For archival data, retrieval times are greater than for other storage types, but the cost reductions are substantial.

Can I move my current data to S3 on Amazon?
Indeed, AWS offers a number of services and tools, like AWS Snowball, AWS DataSync, and AWS Transfer Family, to make it easier to move data from on-premises storage systems and other cloud platforms to AWS S3.

Is it OK to store static websites on Amazon S3?
Yes, static websites can be hosted effectively and affordably using AWS S3. S3 buckets may be configured to host websites, and you can take use of capabilities like website redirection.

Conclusion
To sum up, Amazon S3 is a flexible and strong object storage solution that enables businesses to efficiently handle, store, and safeguard their data. Businesses looking for dependable and secure storage solutions choose Amazon S3 because of its extensive feature set, scalable design, and affordable price. Organizations may promote innovation in the digital age, cut costs, and improve data management efficiency by utilizing AWS S3 to its fullest potential and adhering to best practices.