AWS Zero-to-Hero: Day2

AWS Zero-to-Hero: Day2

Getting Started with Amazon EC2

What is ec2?

Amazon Elastic Compute Cloud (EC2) is a web service provided by Amazon Web Services (AWS) that offers resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers by providing virtual servers, known as instances, which can be quickly provisioned and configured based on specific computing requirements.

Amazon EC2 is a fundamental building block of many cloud-based applications, providing the computing resources needed to run a wide range of workloads, from simple web applications to complex, high-performance computing tasks.

Features of Amazon EC2

Key features and aspects of Amazon EC2 include:

  1. Virtual Servers (Instances):

    • EC2 allows users to create and run virtual servers, known as instances, in the AWS cloud. Users have full control over the configuration of these instances, including the choice of operating system, instance type, and other parameters.
  2. Scalability:

    • EC2 instances can be easily scaled up or down based on demand. Users can add or remove instances to match the changing requirements of their applications.
  3. Variety of Instance Types:

    • AWS provides a variety of instance types optimized for different use cases, such as compute-optimized, memory-optimized, storage-optimized, and GPU instances. Users can choose the instance type that best suits their application's needs.
  4. Pricing Models:

    • EC2 offers various pricing models, including On-Demand Instances, Reserved Instances, and Spot Instances. This flexibility allows users to choose the pricing model that aligns with their budget and usage patterns.
  5. Elastic Load Balancing:

    • EC2 instances can be used in conjunction with Elastic Load Balancing (ELB) to distribute incoming application traffic across multiple instances. This enhances the availability and fault tolerance of applications.
  6. Amazon Machine Images (AMIs):

    • Users can create and use custom Amazon Machine Images, which are pre-configured templates containing software configurations, applications, and even a pre-baked operating system. This makes it easy to replicate and deploy instances with specific configurations.
  7. Security Groups and Virtual Private Cloud (VPC):

    • EC2 instances can be launched within a Virtual Private Cloud (VPC), providing network isolation. Security Groups allow users to define inbound and outbound traffic rules to control access to instances.
  8. Integration with Other AWS Services:

    • EC2 instances can seamlessly integrate with other AWS services, such as Amazon RDS (Relational Database Service), Amazon S3 (Simple Storage Service), AWS Lambda, and more.
  9. EC2 Auto Scaling:

    • Auto Scaling allows users to automatically adjust the number of EC2 instances in a group based on predefined conditions. This ensures that applications are responsive to varying levels of demand.

Access Amazon EC2

You can create and manage your Amazon EC2 instances using the following interfaces:

Amazon EC2 console

A simple web interface to create and manage Amazon EC2 instances and resources. If you've signed up for an AWS account, you can access the Amazon EC2 console by signing into the AWS Management Console and selecting EC2 from the console home page.

AWS Command Line Interface

Enables you to interact with AWS services using commands in your command-line shell. It is supported on Windows, Mac, and Linux. For more information about the AWS CLI , see https://docs.aws.amazon.com/cli/latest/userguide/.

AWS Tools for PowerShell

A set of PowerShell modules that are built on the functionality exposed by the AWS SDK for .NET. The Tools for PowerShell enable you to script operations on your AWS resources from the PowerShell command line. To get started, see the AWS Tools for Windows PowerShell User Guide. You can find the cmdlets for Amazon EC2, in the AWS Tools for PowerShell Cmdlet Reference.

AWS CloudFormation

Amazon EC2 supports creating resources using AWS CloudFormation. You create a template, in JSON or YAML format, that describes your AWS resources, and AWS CloudFormation provisions and configures those resources for you. You can reuse your CloudFormation templates to provision the same resources multiple times, whether in the same Region and account or in multiple Regions and accounts. For more information about supported resource types and properties for Amazon EC2, see EC2 resource type reference in the AWS CloudFormation User Guide.

Query API

Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.

Pricing for Amazon EC2

Amazon EC2 provides the following pricing options:

Free Tier

You can get started with Amazon EC2 for free. To explore the Free Tier options, see AWS Free Tier.

On-Demand Instances

Pay for the instances that you use by the second, with a minimum of 60 seconds, with no long-term commitments or upfront payments.

Savings Plans

You can reduce your Amazon EC2 costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years.

Reserved Instances

You can reduce your Amazon EC2 costs by making a commitment to a specific instance configuration, including instance type and Region, for a term of 1 or 3 years.

Spot Instances

Request unused EC2 instances, which can reduce your Amazon EC2 costs significantly.

Dedicated Hosts

Reduce costs by using a physical EC2 server that is fully dedicated for your use, either On-Demand or as part of a Savings Plan. You can use your existing server-bound software licenses and get help meeting compliance requirements.

On-Demand Capacity Reservations

Reserve compute capacity for your EC2 instances in a specific Availability Zone for any duration of time.

Per-second billing

Removes the cost of unused minutes and seconds from your bill.

For a complete list of charges and prices for Amazon EC2 and more information about the purchase models, see Amazon EC2 pricing

AWS EC2 Launch templates, Auto scaling group, Load balancers, and AWS WAF

EC2 Launch Templates

An ec2 launch template in simple terms is a set of pre-defined instructions to quickly spin up your ec2 instances. It consists of ami id, vpc, subnet, security groups, key-pair, user data script(if required), ebs volumes etc. It is a blueprint of how your ec2 is going to be once launched.

Launch Templates simplify and streamline the process of launching instances with specific configurations, making it easier to maintain consistency across your deployments

Auto Scaling Groups

An Auto Scaling Group (ASG) is a key feature provided by Amazon Web Services (AWS) that enables automatic scaling of EC2 instances based on predefined conditions. Auto Scaling Groups help ensure that the desired number of instances are available to handle varying levels of application demand while providing high availability and fault tolerance.

An Auto Scaling Group requires a launch configuration or a launch template, which specifies the configuration details for the instances, such as the Amazon Machine Image (AMI), instance type, key pair, security groups, and more

The size of an Auto Scaling group depends on the number of instances that you set as the desired capacity. You can adjust its size to meet demand, either manually or by using automatic scaling.

Load Balancers

Load balancers play a crucial role in distributing incoming network traffic across multiple servers to ensure that no single server is overwhelmed, thereby improving the availability, fault tolerance, and scalability of web applications. In the context of Amazon Web Services (AWS), there are different types of load balancers, including:

1. Elastic Load Balancer (ELB):

  • Description: ELB is a fully managed load balancing service that automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses, in one or more Availability Zones.

  • Types:

    • Application Load Balancer (ALB): Works at the application layer and is best suited for routing HTTP/HTTPS traffic. Supports content-based routing, host-based routing, and path-based routing.

    • Network Load Balancer (NLB): Operates at the transport layer (TCP/UDP) and is ideal for handling high volumes of traffic. Supports static IP addresses and preserves the source IP of the client.

2. Classic Load Balancer:

  • Description: The Classic Load Balancer is the predecessor to the Application Load Balancer and Network Load Balancer. It provides basic load balancing across multiple Amazon EC2 instances and operates at both the application and transport layers.

  • Note: While existing Classic Load Balancers continue to be supported, AWS recommends using ALB or NLB for new applications.

Key Features of AWS Load Balancers:

  1. High Availability:

    • Load balancers distribute traffic across multiple instances, ensuring that no single instance is overwhelmed and providing high availability.
  2. Auto Scaling Integration:

    • Load balancers seamlessly integrate with Auto Scaling groups, allowing for automatic adjustment of the number of instances based on demand.
  3. Security:

    • Load balancers enhance security by enabling SSL termination, which offloads SSL/TLS decryption from backend instances to the load balancer.
  4. Health Checks:

    • Load balancers regularly perform health checks on registered instances and automatically route traffic away from unhealthy instances.
  5. Content-Based Routing (ALB):

    • Application Load Balancers support advanced routing based on content, allowing for flexible routing decisions based on the content of the request.
  6. WebSockets and HTTP/2 Support (ALB):

    • ALB supports WebSockets and HTTP/2, making it suitable for modern web applications that require real-time communication.
  7. Target Groups (ALB and NLB):

    • Target groups allow you to route requests to different sets of instances based on rules. This enhances flexibility and enables more sophisticated routing scenarios.

Web Application Firewall

AWS Web Application Firewall (WAF) is a managed service that protects web applications against common web exploits. It allows you to create rules to filter and monitor HTTP/HTTPS traffic between a web application and the internet. AWS WAF is commonly used in conjunction with Amazon CloudFront (CDN) and Application Load Balancers to secure web applications. Here are key features and aspects of AWS WAF:

Key Features:

  1. Rules and Conditions:

    • AWS WAF allows you to define rules and conditions to control access to your web applications. Rules can be based on IP addresses, HTTP headers, HTTP body, or other custom conditions.
  2. Managed Rule Sets:

    • AWS provides managed rule sets for common security threats, such as SQL injection, cross-site scripting (XSS), and known malicious IP addresses. These rule sets are regularly updated to address emerging threats.
  3. Custom Rules:

    • You can create custom rules tailored to your application's specific security requirements. This includes defining conditions and actions based on your application's unique characteristics.
  4. IP Reputation Lists:

    • AWS WAF can block requests from IP addresses known for malicious activities by using IP reputation lists.
  5. Rate Limiting:

    • Implement rate-limiting rules to protect against brute force attacks or other types of abuse by limiting the number of requests from a single IP address within a specified time frame.
  6. Integration with CloudFront and Load Balancers:

    • AWS WAF can be integrated with Amazon CloudFront distributions, Application Load Balancers, and API Gateway to protect the edge locations.
  7. Logging and Monitoring:

    • AWS WAF provides detailed logging of web requests, allowing you to monitor and analyze traffic patterns. You can integrate WAF logs with Amazon CloudWatch for further analysis.
  8. WebACL (Web Access Control List):

    • A WebACL is a collection of rules that define the conditions under which a web request is allowed or blocked. You associate a WebACL with a CloudFront distribution or an Application Load Balancer.

Task For Day 2

Deploy a sample web application on an EC2 instance in your AWS account and create an AWS WAF web ACL to define rules for blocking malicious requests. Generate test requests to the web application, including requests that match the defined WAF rules

Architecture Setup for highly available web application with WAF setup to block malicious cyber attack

Requirements :

  1. Create an autoscaling group

    • Navigate to the EC2 Dashboard.

    • Click on "Auto Scaling Groups" in the left navigation pane.

    • Click "Create Auto Scaling group" and follow the steps to configure your Auto Scaling Group.

  2. Create an Application Load balancer

    • Navigate to the EC2 Dashboard.

    • Click on "Load Balancers" in the left navigation pane.

    • Click "Create Load Balancer" and follow the steps to configure your Application Load Balancer

  3. Create a WAF

    • Navigate to the AWS WAF & Shield console.

    • Create a WebACL and define the rules and conditions.

    • Associate the WebACL with your CloudFront distribution or Application Load Balancer.

For Detailed explanation pls follow me on GitHub : https://github.com/rk237/aws-zero-hero