DEV Community: Quang Nam Nguyen The latest articles on DEV Community by Quang Nam Nguyen (@tsukpa). https://dev.to/tsukpa https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1057635%2Ff78eb740-70e9-4e30-af25-41f8dfcabdbf.png DEV Community: Quang Nam Nguyen https://dev.to/tsukpa en AWS workshop #2: Leveraging Amazon Bedrock to enhance customer service with AI-powered Automated Email Response Quang Nam Nguyen Sat, 21 Dec 2024 17:32:48 +0000 https://dev.to/tsukpa/leveraging-amazon-bedrock-to-enhance-customer-service-with-ai-powered-automated-email-response-1lm8 https://dev.to/tsukpa/leveraging-amazon-bedrock-to-enhance-customer-service-with-ai-powered-automated-email-response-1lm8 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnn7rgcja33t7yr5an5m.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffnn7rgcja33t7yr5an5m.png" alt="Image description" width="800" height="542"></a></p> <p>Leveraging Amazon Bedrock to enhance customer service with AI-powered Automated Email Response: Using serverless infrastructure to create an auto-reply email system.</p> <p>Benefits:</p> <ol> <li>Improved Customer Experience</li> <li>24/7 Support⏰: Immediate assistance, even outside business hours.</li> <li>Personalized Responses🎯 Tailored responses to individual needs.</li> <li><p>Faster Response Times🚀 Instant delivery, reducing customer wait times.</p></li> <li><p>Increased Efficiency &amp; Cost-Effectiveness</p></li> <li> <p>Scalability &amp; Cost-Efficiency</p> <ul> <li>📈 Automatic scaling, optimizing costs.</li> <li>💲 Pay-as-you-go pricing.</li> </ul> </li> <li><p>Reduced Manual Workload🤖 : Automates responses, freeing staff for strategic tasks.</p></li> <li><p>Increased Productivity📈: Efficiently handles high volumes of inquiries.</p></li> <li><p>Enhanced Operational Excellence</p></li> <li><p>Consistent Response Quality✅ : Ensures consistent and accurate responses.</p></li> <li><p>Data-Driven Insights📊: Gathers valuable data on customer behavior.</p></li> <li><p>Optimized Responses📈: Continuously improves response quality.</p></li> </ol> <p>By utilizing Amazon Bedrock's powerful AI capabilities within a serverless architecture, businesses can create efficient, cost-effective, and efficient customer service solutions and deliver exceptional customer experiences.</p> <p>Techstack:</p> <ul> <li>Amazon Bedrock</li> <li>SES</li> <li>Lambda function (NodeJS - Typescript SAM)</li> <li>SQS</li> <li>S3</li> <li>DynamoDB</li> <li>IaC (Terraform)</li> </ul> <p>Visit my workshop at:<br> <a href="https://002.tsukpa.blog/" rel="noopener noreferrer">https://002.tsukpa.blog/</a></p> aws bedrock lambda ses AWS workshop #1: Deploy static website to S3 using Github Action Quang Nam Nguyen Tue, 17 Sep 2024 08:06:17 +0000 https://dev.to/tsukpa/aws-workshop-1-deploy-static-website-to-s3-using-github-action-561a https://dev.to/tsukpa/aws-workshop-1-deploy-static-website-to-s3-using-github-action-561a <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fd9akteslg4v3w.cloudfront.net%2F001-deploy-static-site-to-s3%2Fimages%2Finfrastructure.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fd9akteslg4v3w.cloudfront.net%2F001-deploy-static-site-to-s3%2Fimages%2Finfrastructure.png" alt="alt" width="800" height="400"></a></p> <p>In this workshop, you’ll learn the basics and practice of Amazon S3, Cloudfront, using IAM OIDC STS with Github Action. Perform creating NextJs App with low latency.</p> <p>Check out my first workshop at:<br> <a href="https://d9akteslg4v3w.cloudfront.net/001-deploy-static-site-to-s3/" rel="noopener noreferrer">https://d9akteslg4v3w.cloudfront.net/001-deploy-static-site-to-s3/</a></p> <p>If you like this workshop, please comment for more content &lt;3</p> aws s3 nextjs githubactions How to Revoke STS Credentials for Leaked EC2 Instances Quang Nam Nguyen Sat, 03 Aug 2024 07:07:59 +0000 https://dev.to/tsukpa/how-to-revoke-sts-credentials-for-leaked-ec2-instances-15e7 https://dev.to/tsukpa/how-to-revoke-sts-credentials-for-leaked-ec2-instances-15e7 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbuafcjhkfl66zrvsch03.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbuafcjhkfl66zrvsch03.png" alt="https://tsukpa-docs.s3.ap-southeast-1.amazonaws.com/blog/images/aws_sts_ec2.png" width="800" height="513"></a></p> <p>This section will delve into the critical steps to take when an EC2 instance is compromised and its STS credentials are at risk. I'll cover methods to identify compromised instances, extract potential STS credentials, and most importantly, revoke those credentials to mitigate further damage.</p> <h2> Part 1: Understanding STS </h2> <h3> What is STS? </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F76acr9jg6tuosw2djj5h.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F76acr9jg6tuosw2djj5h.png" alt="https://www.bitslovers.com/wp-content/uploads/sites/5/2022/10/20221026_054349_0000.png" width="800" height="400"></a></p> <p><strong>Security Token Service (STS)</strong> is a component of AWS that provides <strong>temporary</strong> security credentials. These credentials can be used to access AWS resources without exposing <strong>long-term</strong> credentials. STS is crucial for enhancing security and flexibility in managing access to your AWS environment.</p> <p>Unlike IAM, which manages long-term credentials and permissions, STS focuses on generating <strong>short-lived</strong> credentials for specific use cases.</p> <h3> Use Cases for STS </h3> <p>STS offers a wide range of applications within the AWS ecosystem:</p> <ul> <li>Similar to access keys</li> <li>Generates temporary credentials <strong>(sts:AssumeRole)</strong> </li> <li>Limited access</li> <li>Used to access AWS resources</li> <li>Requested by an identity <em>(AWS or External)</em> </li> </ul> <h2> Part 2: What happens if an EC2 instance is taken control by someone else? </h2> <p>The best practice for running AWS Resource is using <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html" rel="noopener noreferrer">IAM Roles</a>. This function attaches an IAM Role for a resource and provides them permission to access other AWS resources instead of using <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html" rel="noopener noreferrer">IAM Credentials</a></p> <p>In this blog, I will show you how to get credentials from an EC2 instance and use them with the <a href="https://aws.amazon.com/vi/cli/" rel="noopener noreferrer">cli</a>.</p> <h3> How to get credentials from EC2 instance </h3> <p>In this example, for simple i created a EC2 instance in a public subnet and allow anything in the security group.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8btpbf2azqytzzt9eorb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8btpbf2azqytzzt9eorb.png" alt="https://tsukpa-docs.s3.ap-southeast-1.amazonaws.com/blog/images/aws-sts-ec2-sg.png" width="800" height="378"></a></p> <p><code>Please specified needed policy with limited permissions in real world.</code></p> <p>And from the session console i use <a href="https://curl.se/" rel="noopener noreferrer">curl</a> to get information about <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html" rel="noopener noreferrer">EC2 metadata</a>. After created an EC2, i access to EC2 by that local IP address <code>169.254.169.254</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Get role name from metadata</span> curl http://169.254.169.254/latest/meta-data/iam/security-credentials <span class="c"># Get the credentials with role name</span> curl http://169.254.169.254/latest/meta-data/iam/security-credentials/REPLACE_ME </code></pre> </div> <p>The credentials is something like this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Code"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"Success"</span><span class="p">,</span><span class="w"> </span><span class="nl">"LastUpdated"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"2024-08-03T06:06:45Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Type"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"AWS-HMAC"</span><span class="p">,</span><span class="w"> </span><span class="nl">"AccessKeyId"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"ASIAWDEGI6ESSSXVEBFW"</span><span class="p">,</span><span class="w"> </span><span class="nl">"SecretAccessKey"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"KwN5anzRvzoxtqzW6k6poMSc0T8zVIk1lnAmr"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Token"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"IQoJb3JpZ2luX2VjELf//////////Wgh/dD4mbF4wRNTeW/qWkOWil0FuI6t5pcnBy/kUO7eOCQ=="</span><span class="p">,</span><span class="w"> </span><span class="nl">"Expiration"</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="s2">"2024-08-03T12:40:56Z"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>After get credentials, you can passing it into the local credentials of the AWS CLI using command <code>aws configure</code>. Then you can use <a href="https://www.terraform.io/" rel="noopener noreferrer">Terraform</a> to create a maximum instance type for mining bitcoin 👿.</p> <h3> Solutions </h3> <p><code>Remember, you can not manually invalidate temporary credentials</code>. They only expire when they expire. But because changing the permissions policy affects everyone, you can add a condition element to it denying anyone access to AWS who assumed the role before a certain date and time.</p> <p>And then you can go to the IAM Role then choose the last tab <code>Revoke sessions</code> and revoke them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2012-10-17"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Statement"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"Effect"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Deny"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Action"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Resource"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="s2">"*"</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"Condition"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"DateLessThan"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"aws:TokenIssueTime"</span><span class="p">:</span><span class="w"> </span><span class="s2">"[policy creation time]"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdkx1su0cktmk31otldy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzdkx1su0cktmk31otldy.png" alt="https://tsukpa-docs.s3.ap-southeast-1.amazonaws.com/blog/images/aws-sts-ec2-revoke.png" width="800" height="377"></a></p> <p>After that, all temporary credentials will be invalid, you can go back to EC2, and now you can not access to the EC2 instance. To resolve this, we can stop and start the ec2 instance again to get the new temporary credentials.</p> aws sts ec2 Deploy Laravel project to Amazon EC2 Quang Nam Nguyen Sun, 04 Jun 2023 03:11:23 +0000 https://dev.to/tsukpa/deploy-laravel-project-to-amazon-ec2-1dk0 https://dev.to/tsukpa/deploy-laravel-project-to-amazon-ec2-1dk0 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgbengaoni.com%2Fimages%2F1__cHw6zbAivDFI__aZkeN1mjg.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgbengaoni.com%2Fimages%2F1__cHw6zbAivDFI__aZkeN1mjg.png" title="DEPLOY LARAVEL PROJECT TO AMAZON EC2" alt="DEPLOY LARAVEL PROJECT TO AMAZON EC2" width="800" height="323"></a></p> <h2> Deploy Laravel project to Amazon EC2 </h2> <p>Hello guys, today i'll show you how to deploy Laravel project to Amazon EC2</p> <h2> 1. Prerequisite </h2> <ul> <li>EC2 instance (installed Ubuntu, Nginx)</li> <li>VPC setup for EC2 instance can access ssh</li> <li>RDS for mysql (check to the option "Connect to exist EC2 instance")</li> </ul> <h2> 2. Install environment for Laravel </h2> <h3> 2.1. Connect to EC2 instance via <strong>ssh</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ssh <span class="nt">-i</span> <span class="s2">"&lt;examplekey.pem&gt;"</span> &lt;username&gt;@&lt;EC2 Address&gt; </code></pre> </div> <h3> 2.2. Copy source code to EC2 instance </h3> <ul> <li>Clone from github repository </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> git clone &lt;<span class="nb">link </span>github repository&gt; </code></pre> </div> <ul> <li> <p>(Optional) Copy source from local using <strong>scp</strong></p> <ul> <li>Install <strong>zip, unzip</strong> from local machine </li> </ul> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>zip </code></pre> <ul> <li>Compress source files using zip command: </li> </ul> <pre class="highlight shell"><code>zip <span class="nt">-r</span> &lt;zipfilename.zip&gt; &lt;folderpath&gt; </code></pre> <ul> <li>Copy source from local to EC2 instance using <strong>scp</strong> command: </li> </ul> <pre class="highlight shell"><code>scp <span class="nt">-i</span> <span class="s2">"&lt;examplekey.pem&gt;"</span> &lt;zipfilename.zip&gt; &lt;username&gt;@&lt;EC2 Address&gt;:&lt;pathtosave&gt; </code></pre> <ul> <li>Extract source files using <strong>unzip</strong> command: </li> </ul> <pre class="highlight shell"><code>unzip &lt;zipfilename.zip&gt; </code></pre> </li> </ul> <h3> 2.3. Install PHP dependencies based on your project. For example </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>add-apt-repository ppa:ondrej/php <span class="nb">sudo </span>apt-get update <span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> php7.3 </code></pre> </div> <h3> 2.4. Install <em>mysql</em> client to connect RDS instance </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>mysql-client-core-8.0 </code></pre> </div> <ul> <li>Connect to RDS instance from EC2 via <strong>mysql</strong> client by following command and type your password </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> mysql <span class="nt">-h</span> &lt;RDS Address Instance&gt; <span class="nt">-P</span> &lt;port | 3306&gt; <span class="nt">-u</span> &lt;masteruser&gt; <span class="nt">-p</span> </code></pre> </div> <ul> <li>Create your database name based on the project </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code> <span class="k">CREATE</span> <span class="k">DATABASE</span> <span class="o">&lt;</span><span class="n">databasename</span><span class="o">&gt;</span><span class="p">;</span> <span class="n">EXIT</span><span class="p">;</span> </code></pre> </div> <h3> 2.5. Config your environment file to match your RDS server </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code>... APP_URL=&lt;URL of your EC2 instance&gt; APP_DEBUG=false DB_CONNECTION=mysql DB_HOST=&lt;RDS Address link&gt; DB_PORT=3306 DB_DATABASE=&lt;databasename&gt; DB_USERNAME=&lt;master username&gt; DB_PASSWORD=&lt;password&gt; ... </code></pre> </div> <h3> 2.6. Install <strong>Composer</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> composer </code></pre> </div> <h3> 2.7. Go to project directory and install dependencies </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>composer update composer <span class="nb">install</span> </code></pre> </div> <h3> 2.8. Generate application key </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>php artisan key:generate </code></pre> </div> <h3> 2.9. Copy directory to <em>/var/www/</em> </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cp</span> &lt;foldername&gt; /var/www/ </code></pre> </div> <h3> 2.10. Update permissions </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo chown</span> <span class="nt">-R</span> www-data:www-data /var/www/&lt;foldername&gt; <span class="nb">sudo chmod</span> <span class="nt">-R</span> 755 &lt;foldername&gt; </code></pre> </div> <h2> 3. Setting up Nginx </h2> <h3> 3.1. Configure Nginx to serve the content </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>vi /etc/nginx/sites-available/&lt;foldername&gt; </code></pre> </div> <ul> <li>Then you can enter the following setting: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">&lt;server_domain_or_IP&gt;</span><span class="p">;</span> <span class="kn">root</span> <span class="n">/var/www/&lt;foldername&gt;/public</span><span class="p">;</span> <span class="kn">//</span> <span class="s">Focus</span> <span class="s">this</span> <span class="s">log</span> <span class="s">if</span> <span class="s">you</span> <span class="s">see</span> <span class="s">error</span> <span class="s">access_log</span> <span class="n">/var/log/nginx/laravel-access.log</span><span class="p">;</span> <span class="kn">error_log</span> <span class="n">/var/log/nginx/laravel-error.log</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">X-XSS-Protection</span> <span class="s">"1</span><span class="p">;</span> <span class="kn">mode=block"</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span><span class="p">;</span> <span class="kn">index</span> <span class="s">index.html</span> <span class="s">index.htm</span> <span class="s">index.php</span><span class="p">;</span> <span class="kn">charset</span> <span class="s">utf-8</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="n">/index.php?</span><span class="nv">$query_string</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/favicon.ico</span> <span class="p">{</span> <span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span> <span class="kn">log_not_found</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/robots.txt</span> <span class="p">{</span> <span class="kn">access_log</span> <span class="no">off</span><span class="p">;</span> <span class="kn">log_not_found</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> <span class="kn">error_page</span> <span class="mi">404</span> <span class="n">/index.php</span><span class="p">;</span> <span class="kn">location</span> <span class="p">~</span> <span class="sr">\.php$</span> <span class="p">{</span> <span class="kn">fastcgi_pass</span> <span class="s">unix:/var/run/php/php7.4-fpm.sock</span><span class="p">;</span> <span class="kn">fastcgi_index</span> <span class="s">index.php</span><span class="p">;</span> <span class="kn">fastcgi_param</span> <span class="s">SCRIPT_FILENAME</span> <span class="nv">$realpath_root$fastcgi_script_name</span><span class="p">;</span> <span class="kn">include</span> <span class="s">fastcgi_params</span><span class="p">;</span> <span class="p">}</span> <span class="kn">location</span> <span class="p">~</span> <span class="sr">/\.(?!well-known).*</span> <span class="p">{</span> <span class="kn">deny</span> <span class="s">all</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3.2. To activate the new virtual host configuration file, create a symbolic link to <em>foldername</em> in sites-enabled </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/&lt;foldername&gt; /etc/nginx/sites-enabled/ </code></pre> </div> <h3> 3.3. To confirm that the configuration doesn’t contain any syntax errors, you can use </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nginx <span class="nt">-t</span> </code></pre> </div> <h3> 3.4. To apply the changes, reload Nginx with </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl reload nginx </code></pre> </div> <h2> 4. (Optional) Fix some error when configuring </h2> <h3> 4.1. By default, EC2 ubuntu not enabled php-fpm, run following command to enable </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>a2enmod proxy_fcgi setenvif <span class="nb">sudo </span>service nginx restart </code></pre> </div> <p>Check that package PHP-FPM is exist<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>vi /etc/php/&lt;version&gt;/fpm/pool.d/www.conf </code></pre> </div> <p>Then you find this line and check that path is correct (file .sock must exists in the folder <em>/var/run/php/</em>)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>listen <span class="o">=</span> /var/run/php/php&lt;version&gt;-fpm.sock </code></pre> </div> <p>Restart the service<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>service php&lt;version&gt;-fpm restart </code></pre> </div> <h2> Setting EC2, RDS </h2> <h2> 1. Create EC2 </h2> <ul> <li>AMI: Ubuntu</li> <li>Instance type: t2.micro (free tier)</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fks4rfodwry724mbf5oyh.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fks4rfodwry724mbf5oyh.PNG" alt="Create EC2" width="800" height="577"></a></p> <ul> <li>Select existing security group or you can change later</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivek8cypjsktui7ypy9n.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fivek8cypjsktui7ypy9n.PNG" alt="Select SG" width="800" height="578"></a></p> <h2> 2. Create Security Group </h2> <p>We allow SSH, ICMP and TCP from anywhere and in Outbound we allow anything</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8ezy82pphwxxsz6l5h1.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8ezy82pphwxxsz6l5h1.PNG" alt="Create Security Group" width="800" height="353"></a></p> <h2> 3. Create Route table </h2> <p>Route the traffic to the internet gateway (igw)</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprav76fsswa3xlzrzuyn.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fprav76fsswa3xlzrzuyn.PNG" alt="Create Route table" width="800" height="316"></a></p> <h2> 4. Create RDS </h2> <p>Create database for our application</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzq8qv55oq5m58nagf3ed.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzq8qv55oq5m58nagf3ed.PNG" alt="Create database for our application" width="800" height="557"></a></p> <p>Choose your DB instance type</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6o09rp66ald2euugx8fx.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6o09rp66ald2euugx8fx.PNG" alt="Choose your DB instance type" width="800" height="600"></a></p> <p>Check the option connection to the EC2 instance</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr92u1p01gxe3z0uq4snx.PNG" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fr92u1p01gxe3z0uq4snx.PNG" alt="Check the option connection to the EC2 instance" width="800" height="585"></a></p> <h3> After all you can access your application by enter your public IP EC2 address in the browser. Enjoy it 😉 </h3> aws php ec2 laravel