Created
July 25, 2021 10:59
-
-
Save Millward2000/91981df9398c217929eaa96aa8169464 to your computer and use it in GitHub Desktop.
Rough notes on the setup to test out a sample webapp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ===AWS lab notes=== | |
| 1. Create an AWS Account by following the sign up procedure here: | |
| https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?refid=em_127222 | |
| - Be sure to read through the Free Tier program, and understand the pricing of the various services you would like to test out | |
| https://aws.amazon.com/free/?trk=ps_a134p000003yHmhAAE&trkCampaign=acq_paid_search_brand&sc_channel=PS&sc_campaign=acquisition_EEM&sc_publisher=Google&sc_category=Core&sc_country=EEM&sc_geo=EMEA&sc_outcome=acq&sc_detail=%2Baws%20%2Baccount&sc_content=Account_bmm&sc_segment=444219541886&sc_medium=ACQ-P|PS-GO|Brand|Desktop|SU|AWS|Core|EEM|EN|Text&s_kwcid=AL!4422!3!444219541886!b!!g!!%2Baws%20%2Baccount&ef_id=Cj0KCQjwl_SHBhCQARIsAFIFRVUAlWTtGczivDWEv6RygwNdCWkr-0CJUIcbG9y78Kfud28rByODiU8aAt9YEALw_wcB:G:s&s_kwcid=AL!4422!3!444219541886!b!!g!!%2Baws%20%2Baccount&all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc&awsf.Free%20Tier%20Types=*all&awsf.Free%20Tier%20Categories=*all#Learn_more_about_AWS_Free_Tier_Products | |
| - Configure a billing alert, so that you can get early notification of exceeding your monthly spend: | |
| https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/monitor_estimated_charges_with_cloudwatch.html#turning_on_billing_metrics | |
| - Lock down the Root user by applying Multi-Factor Authentication(MFA) - Remember it is best practice not to use Root but to rather create a separate admin user(see below) | |
| https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user_manage_mfa | |
| - Create a new Administrative user for your testing/labbing requiremets: | |
| https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html | |
| ========= | |
| IAM Role Policies for launching EC2 instance and testing (assign these to an IAM role) | |
| ==SSH-Connect Policy== | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Condition": { | |
| "StringEquals": { | |
| "ec2:osuser": "ec2-user" | |
| } | |
| }, | |
| "Action": [ | |
| "ec2-instance-connect:SendSSHPublicKey" | |
| ], | |
| "Resource": [ | |
| "arn:aws:ec2:*:*:instance/*" | |
| ], | |
| "Effect": "Allow" | |
| } | |
| ] | |
| } | |
| ==DynamoPolicy | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Action": [ | |
| "dynamodb:ListTables" | |
| ], | |
| "Resource": [ | |
| "arn:aws:dynamodb:<YOUR REGION HERE>:<YOUR ACCOUNT NUMBER HERE>:table/*" | |
| ], | |
| "Effect": "Allow" | |
| }, | |
| { | |
| "Action": [ | |
| "dynamodb:PutItem", | |
| "dynamodb:DeleteItem", | |
| "dynamodb:UpdateItem", | |
| "dynamodb:Scan" | |
| ], | |
| "Resource": [ | |
| "arn:aws:dynamodb:<YOUR REGION HERE>:<YOUR ACCOUNT NUMBER HERE>:table/Employees" | |
| ], | |
| "Effect": "Allow" | |
| } | |
| ] | |
| } | |
| ========= | |
| User Data for EC2 Instance launch running a sample application: | |
| ==userData | |
| #!/bin/bash -ex | |
| # Update yum | |
| yum -y update | |
| # Add node's source repo | |
| curl -sL https://rpm.nodesource.com/setup_15.x | bash - | |
| #Install nodejs1 | |
| yum -y install nodejs | |
| #Install Amazon Linux extras | |
| amazon-linux-extras install epel | |
| #Install stress tool (for load balancing testing) | |
| yum -y install stress | |
| # Create a dedicated directory for the application | |
| mkdir -p /var/app | |
| # Get the app from Amazon S3 | |
| wget https://aws-tc-largeobjects.s3-us-west-2.amazonaws.com/ILT-TF-100-TECESS-5/app/app.zip | |
| # Extract it into a desired folder | |
| unzip app.zip -d /var/app/ | |
| cd /var/app/ | |
| # Configure S3 bucket details | |
| export PHOTOS_BUCKET=MY-BUCKET-NAME-HERE | |
| # Configure default AWS Region | |
| export DEFAULT_AWS_REGION=<YOUR REGION HERE> | |
| # Enable admin tools for stress testing | |
| export SHOW_ADMIN_TOOLS=1 | |
| # Install dependencies | |
| npm install | |
| # Start your app | |
| npm start | |
| ========= | |
| S3 Bucket | |
| ==Bucket Policy | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "AllowS3ReadAccess", | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "arn:aws:iam::<YOUR ACCOUNT HERE>:role/EmployeeDirectoryAppRole" | |
| }, | |
| "Action": "s3:*", | |
| "Resource": [ | |
| "arn:aws:s3:::<YOUR BUCKET NAME HERE>", | |
| "arn:aws:s3:::<YOUR BUCKET NAME HERE>/*" | |
| ] | |
| } | |
| ] | |
| } | |
| ==corsPolicy | |
| [ | |
| { | |
| "AllowedHeaders": [ | |
| "*" | |
| ], | |
| "AllowedMethods": [ | |
| "PUT" | |
| ], | |
| "AllowedOrigins": [ | |
| "*" | |
| ], | |
| "ExposeHeaders": [] | |
| } | |
| ] | |
| ========= | |
| ==DynamoTable | |
| Create a table named Employees, with a partition(primary) key of 'id' | |
Nice notes, thanks a lot
Thanks a lot...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you