Lab 5 Adding EC2 Virtual Machines and Deploying the Web App
Amazon Elastic Compute Cloud (Amazon EC2) is a web-service that provide very secure and resizable compute capacity on the cloud, this is designed specially for cloud computing for easy developing. Amazon EC2 use optimize the cost and the time. You can deploy this instance in a few minutes, also allow to scale capacity for increasing or decreasing. You can also create a image called template for the specific instance. Security regarding for the login also very high level you have to use key per file to get a password for the login.
This lab Will cover following steps which is as bellow,
The main thing which I am going to do in this is to move a complete setup of the application to cloud and run that application usign cloud server. For this You have to follow some steps,
- Create Two Different IAM policy one is for DynamoDB and second is for SQS.
- Create new role and attach that two policy in to this role.
- Create two Windows base servers
- Install Some roles in to the first main server which is required for the application.
- Change in some code after uploading to cloud.
Step 1. First to create IAM policies click on the AWS service on the console page and click on IAM in the security, Identify & Compliance section,
Before going in IAM I want to say something about IAM :
IAM roles allow you to delegate access to users or services that normally don’t have access to your organization’s AWS resources. IAM users or AWS services can assume a role to obtain temporary security credentials that can be used to make AWS API calls. Using IAM, you can make and manage AWS customers and get-together, and use agrees to allow and deny their passage to AWS resources. By using IAM you can create user and group of users and give authentication or also request temporary security credentials to give user access. Total 100 groups we are able to create in one account and 5000 total users, 250 IAM roles. One user can only allow to add 10 different groups and only two access key assign tot he single user.
There are also some limitations for the character like how many characters are use for naming like for give a user name it must be under 64 character, for group and policy name it should be under 128 character.
After that you are in main IAM service things, click on Policies and hit on Create Policy,
Select policy generator to create new policy for the AWS,
Select Allow and then pick Amazon DynamoDB service from the drop down, select Actions: deleteitem, describetable, getitem, putitem, update-item and copy Amazon Resource Name (ARN) from YOUR DynamoDB ARN means go to the DynamoDB and show a details there is ANR details in Table Details option copy that and past in here,
Same thing for SQS Select Allow and then pick Amazon SQS select Actions: deletemessage, deletmessagebatch, getqueueurl, receivemessage, sendmessage, sendmessagebatch. Amazon Resource Name (ARN) copy ARN form your SQS services and past in here,
Step 2. To create a role and bind a new policy in to it to use this role in to creating Instance for EC2 further, Select a role in the same services IAM, click on Create New Role
Give a name over here which will use to select in other services,
After that select AWS Services Roles for EC2 because You create this role for EC2 instances,
Select the policy for dynamodbsqs which is created by you in the first step, and click on next.
Step 3. Creating EC2 instance, for this go to the services and select EC2 in the compute section and then click on Instance form the left side panel and click on Create New Instance. In here You have to create two different EC2 Instance with same specifications which is as bellow, but there is only one different for security group make a two different security group.
- Pick the free tier Microsoft Windows Server 2012 R2 Base
- General purpose t2.micro
- IAM role = WebServerRole
- Tag it with a name = dinostore
- Create a new security group with the name of WebRDPGroup
- Create a another new security group with the name of RDPGroup for the second EC2 Instance.
- RDP: source must be your location IP address or you can open it for all traffic
- HTTP: all traffic
N.B : WHEN YOU LAUNCH, REMEMBER TO SAVE YOUR PRIVATE KEY FILE IF YOU CREATE A NEW KEY PAIR
Select Windows Server 2012 R2 base,
Select Instance Type,
Select IAM role for the Instance,
Give a name of the Instance,
Create security group for the instance,
After creating this two Instance and make sure the status should be available, after that just download remote desktop file to connect instance and process with that private key to get a password for that instance,
After connection with the Remote with the Instance just go to the roles and features and install the following rules on it.
- IIS : Internet Information Services (IIS) is a flexible, general-purpose web server from Microsoft that runs on Windows systems to serve requested HTML pages or files.
- asp.NET 4.5 (including developer stuff)
- HTTP connectors : The HTTP Connector can send and receive HTTP and HTTPS requests over a selected host, port and address.
- windows authentication role services : Windows authentication is a secure form of authentication because the user name and password are hashed before being sent across the network. When you enable Windows authentication, the client browser sends a strongly hashed version of the password in a cryptographic exchange with your Web server.
Step 4. After Installation all the roles in to the instance just go to the Visual Studio and right click on your main project folder which is NET702.DinoStore and click on public option,
Give a name of that file,
Select a path or destination where you want to save that application,
After click on public wait till you saw the message of success in the bottom,
After getting success just copy the folder form your system and past in the Instance on the given path which is as bellow,
Step 5. After copy that folder in the given path just open IIS in that server and convert that folder to the application,
Give NET702.DinoStore as a Alias.
For the next go to the VPN and add in inbound rule to All Traffic Protocol also for All do it for both group as bellow,
Step 6. After changing in security group just open Instance again and go to that folder which is for application and open web.config file using notepad. Remove AWSAccessKey and AWSSecretKey from <appsetting> and also from DynamoDBSessionStoreProvider.
NB: the SDK gets these automatically as part of the role we set up earlier. Open a browser and run this URL
You should see temporary credentials, but these are from the _role_ you created.
After this step just go tot he ISS and browse Default,aspx on the cloud.
Open local browser and copy a DNS of the Instance and past in the URL follow by the folder name,
After that again go to the Visual Studio and right click on NET702.DinoStore.OrderProcessor and make it public,
Give a destination path where you want to save that application,
After that just copy all files and folders from your local system, and past to the cloud instance,
After copy on the cloud, create a shortcut for the setup file,
After run that application which connect to the AWS DinoStore database and note what is in the orders table. There may be at least one order from earlier.
After this browse a complete application again and make all the step to show all the process will running properly on cloud or not,
After login you would see a list of the item which is in table, do a further process using checkout button,
Enter a fake Details for the payment as I did,
You can see a message that your Payment would be succeed,
Now We would like to see a Database entry related to last item purchased, so you could able to see a last item using same payment method details as bellow,
In this lab finally You are going to put every thing from local to on cloud. For this there is some basic requirement like some policies for IAM and also create Instances for use, some roles install in the server. At the end you will see how the application use for world wild and how to make it in public. At that time you feels so excited because your application will be access from anywhere.
Basically for Amazon EC2, there are no any basic charges for the creating only charges will be apply what ever you use. There are four different types of EC2 instances which is as bellow,
- Reserved Instances
- Sport Instances
- Dedicated Hosts
On-Demand Instance if we take one Instance with 24 hour usage with windows OS with t2.micro type they will charge $14.64 per month. Also include 1 elastic IP and 5 GB data transfer IN and 3 GB data transfer OUT with 2 Elastic Load balancer. For hour £0.02 per hour but to transfer data from EC2 to outside internet they will charge $0.140 per GB fro next 10 GB per month.
Reserved Instance in here they will provide for a contract like for one or more then a year. With the All Upfront option, you pay for the entire Reserved Instance term with one upfront payment. This option provides you with the largest discount compared to On-Demand instance pricing. With the Partial Upfront option, you make a low upfront payment and are then charged a discounted hourly rate for the instance for the duration of the Reserved Instance term. The No Upfront option does not require any upfront payment and provides a discounted hourly rate for the duration of the term. For example about t2.micro in All Upfront is $140 no monthly payment and you will save 20% as compare to on-demand. In Partial Upfront the charges is $74 and each month $5.84 that means every hour you will charge $0.017 and you will save 18% as compare to On-Demand. IN No UpFront nothing to give just pay for every month and you will save 5%.
Stop Instance are set by Amazon EC2 and fluctuate periodically depending on the supply of and demand for Spot instance capacity also available at a discount of up to 90% compared to On-Demand pricing. For t2.micro they will charge you $0.0046 per hour for Linux and for Windows $0.0061 per hour.
Dedicated Hosts fluctuates by occasion family, area, and installment alternative. Despite the amount or the measure of occurrences that you dispatch on a specific Dedicated Host you pay hourly for every dynamic Dedicated Host, and you are not charged for example utilization.