Cloud Infrastructure
A brief overview of cloud infrastructure, including Amazon EC2, Amazon S3, and AWS IAM.
Cloud Infrastructure
For Cloud Infrastructure, we will cover three topics:
Amazon EC2
Amazon EC2 (Elastic Compute Cloud) provides scalable computing capacity in the AWS cloud. An EC2 instance can be created, which is a virtual server running on AWS. An EC2 instance can do the following:
- host websites
- run applications
- perform various compute tasks
Log into AWS Academy > AWS Management Console > Services > EC2 > Open the EC2 Dashboard
How to launch, or create, and instance:
- Click on "Launch Instance"
- Create Name
- Choose Application and OS Image
- previously have used Amazon Linux and Red Hat
- Choose Instance Type
- previously have used t2.micro
- Create or Select Key Pair (login)
- Choose Network Settings
- Create or Select Security Group
- Configure Storage
- Verify the Summary (and Number of Instances)
- "Launch Instance"
After launching the EC2 instance, you can do the following once connecting:
- install software
- upload files
- perform tasks directly on the instance
Verify the instance is working properly:
uname -a: shows the name, OS version, and other information about your system
df -h: shows the file systems and available space on them
Amazon S3
Amazon S3 (Simple Storage Service) is a highly scalable and durable object storage service. S3 is commonly used for:
- data backup
- static website hosting
- storing large volumes of data
Log into AWS Academy > AWS Management Console > Services > S3 > Open the S3 Dashboard
How to create a bucket:
- Click on "Create Bucket"
- Create Name
- Choose Object Ownership
- Choose Public Access Settings
- uncheck the options to allow public access to the bucket (which is useful for web hosting)
- Choose Bucket Versioning
- Select Tags (Optional)
- Choose Default Encryption
- "Create Bucket"
Modify the bucket policy to allow anyone to have access:
Click on Bucket > Permissions > Edit Bucket Policy > paste the following and save changes:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
Verify that the permissions have been set properly:
Objects > Upload > Add Files > add a simple text file or image > Upload > Close
Objects > Choose File/Image > Copy URL > test access in the browser (private or incognito)
AWS IAM
AWS IAM (Identity and Access Management) allows you to manage access to AWS services securely. You can create and manage users, groups, and roles, as well as define permissions to control who can access what in your AWS environment.
Log into AWS Academy > AWS Management Console > Services > IAM > Open the IAM Dashboard
How to create a user:
- Click on "Users", then "Add User"
- Create a user with console access.
- can also create a user with programmatic access (needed for API/CLI access) for an application or tool you are using/creating
- AWS will generate an Access Key ID and Secret Access Key - store securely
- can also create a user with programmatic access (needed for API/CLI access) for an application or tool you are using/creating
- Choose custom password and set a secure password.
- uncheck the "users must create a new password at next sign-in" to not require the change
- Choose permissions.
- "Create User"