Build your AWS VPC, from scratch, in only 2 minutes
Hi there !!
I hope you guys are doing good.
It's been a long time since my last post and so much went on that I could spend hours here.
I ain't gonna do that, I will just go straight to the point which is: The cloud !
Yeah folks ! All I can tell you is that, if you have not gotten started yet, you should ! before you realize it's too late. There is no way back, you gotta know cloud.
Being AWS, Azure and GCP the big players at the moment, today we will talk about the one that leads the race: AWS.
I have a background in computer networking and windows server. I am not a dev guy but things started to change and now, I think you should learn some programming as this can make you a more valuable professional. Automation is incredibly desired nowadays and you should know both, infra and dev, in order to really be successful in the cloud.
When we decide to learn something new we generally start to get our hands dirty by setting up a lab. AWS gives you a chance to build a lab, for free, for up to 12 months (https://aws.amazon.com/free/?nc1=h_ls&all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc).
So, my goal today is to help you set up your environment in the cloud at a click of a button by leveraging one of the coolest feature AWS provides, which is: cloud formation. Cloud formation is the infrastructure as a code tool that AWS provides so you can script your cloud environment and save a lot of time building and maintaining your environment.
Once you set up your account you can use the console to build your environment (assuming you are not going to leverage the default stuff AWS puts in). Although is pretty cool and handy, you'd better know well how things work behind the scenes and build your VPC from scratch. Not using the default AWS puts in is a great way of doing that. Then you can use the console or have your cloud formation template. The difference is that it can take long if you go with the console option, not to mention that, by leveraging a template, when you are done, you can simply delete the whole thing , so you will not be billed for storage, for instance, and next time you want to use it, you use the template to build it back. It's pretty handy cloud formation. You should learn it.
Alright, enough said let me present my cloud formation template that will help you building a VPC which contains :
1) One /16 VPC
2) Two public subnets
3) One private subnet
4) One internet gateway with a default route to the internet
5) Three security groups restricting access so one public subnet (bastion) accepts SSH and RDP from the internet (I know it is not the most secure way opening to the whole internet, but remember, it's just a lab), another public subnet (web) that allows SSH and RDP from bastion subnet only and ping from bastion and internal subnet and finally, a private subnet which allows ping from bastion and web and RDP only from bastion (where the jump hosts are).
6) Two linux servers (one bastion host and one front end server)
7) Three windows hosts (one bastion, one front end and one back end). We can leverage user data to also deploy the applications while building the hosts but we are not going to do this today. This is for the next step.
Also, another thing that is required in order to access the virtual machines is a key pair. This template will not create a template. This step you need to manually perform, in the console, prior using the cloud formation template.
If you are new to AWS, you should follow below steps in order to get your environment working, otherwise, you can skip this and download the template, create your key pair and deploy it.
Assuming your account has been set up in AWS, switch to us-east1 (Virginia) region( the template has some hardcoded information that will only work if you choose us-east-1 region. Later on we will make it smarter so it can be used in any AWS region). Now, the first thing you need to do is create a folder on your machine where you will save everything related to your AWS lab. Then create a key pair and download it to this folder.
To create a key pair
-Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
-In the navigation pane, under Network & Security, choose Key Pairs.
-On the Key Pairs page, choose Create Key Pair.
-For Key pair name, name it MyLabKeyPair, and then choose Create.
-Download it to the folder you created earlier and secure the key pair;
If using non-windows:
-using shell to navigate to the folder where key pair is located
-type chmod 400 MyLabKeyPair.pem
If using Windows:
-locate the file in Windows Explorer
-right-click on it then select "Properties"
-navigate to the "Security" tab and click "Advanced"
-change the owner to you, disable inheritance and delete all permissions
-then grant yourself "Full control" and save the permissions
Once that is done, you should be able to SSH or RDP to your servers in AWS.
Alright folks, that was all I had to share today. I hope you have fun with it and, as always, feel free to send your comments, criticisms, suggestions.
The template can be found here : https://github.com/vjpsouza/MyCloudStuff
Cheers,
Valmir Souza
I hope you guys are doing good.
It's been a long time since my last post and so much went on that I could spend hours here.
I ain't gonna do that, I will just go straight to the point which is: The cloud !
Yeah folks ! All I can tell you is that, if you have not gotten started yet, you should ! before you realize it's too late. There is no way back, you gotta know cloud.
Being AWS, Azure and GCP the big players at the moment, today we will talk about the one that leads the race: AWS.
I have a background in computer networking and windows server. I am not a dev guy but things started to change and now, I think you should learn some programming as this can make you a more valuable professional. Automation is incredibly desired nowadays and you should know both, infra and dev, in order to really be successful in the cloud.
When we decide to learn something new we generally start to get our hands dirty by setting up a lab. AWS gives you a chance to build a lab, for free, for up to 12 months (https://aws.amazon.com/free/?nc1=h_ls&all-free-tier.sort-by=item.additionalFields.SortRank&all-free-tier.sort-order=asc).
So, my goal today is to help you set up your environment in the cloud at a click of a button by leveraging one of the coolest feature AWS provides, which is: cloud formation. Cloud formation is the infrastructure as a code tool that AWS provides so you can script your cloud environment and save a lot of time building and maintaining your environment.
Once you set up your account you can use the console to build your environment (assuming you are not going to leverage the default stuff AWS puts in). Although is pretty cool and handy, you'd better know well how things work behind the scenes and build your VPC from scratch. Not using the default AWS puts in is a great way of doing that. Then you can use the console or have your cloud formation template. The difference is that it can take long if you go with the console option, not to mention that, by leveraging a template, when you are done, you can simply delete the whole thing , so you will not be billed for storage, for instance, and next time you want to use it, you use the template to build it back. It's pretty handy cloud formation. You should learn it.
Alright, enough said let me present my cloud formation template that will help you building a VPC which contains :
1) One /16 VPC
2) Two public subnets
3) One private subnet
4) One internet gateway with a default route to the internet
5) Three security groups restricting access so one public subnet (bastion) accepts SSH and RDP from the internet (I know it is not the most secure way opening to the whole internet, but remember, it's just a lab), another public subnet (web) that allows SSH and RDP from bastion subnet only and ping from bastion and internal subnet and finally, a private subnet which allows ping from bastion and web and RDP only from bastion (where the jump hosts are).
6) Two linux servers (one bastion host and one front end server)
7) Three windows hosts (one bastion, one front end and one back end). We can leverage user data to also deploy the applications while building the hosts but we are not going to do this today. This is for the next step.
If you are new to AWS, you should follow below steps in order to get your environment working, otherwise, you can skip this and download the template, create your key pair and deploy it.
Assuming your account has been set up in AWS, switch to us-east1 (Virginia) region( the template has some hardcoded information that will only work if you choose us-east-1 region. Later on we will make it smarter so it can be used in any AWS region). Now, the first thing you need to do is create a folder on your machine where you will save everything related to your AWS lab. Then create a key pair and download it to this folder.
To create a key pair
-Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
-In the navigation pane, under Network & Security, choose Key Pairs.
-On the Key Pairs page, choose Create Key Pair.
-For Key pair name, name it MyLabKeyPair, and then choose Create.
-Download it to the folder you created earlier and secure the key pair;
If using non-windows:
-using shell to navigate to the folder where key pair is located
-type chmod 400 MyLabKeyPair.pem
If using Windows:
-locate the file in Windows Explorer
-right-click on it then select "Properties"
-navigate to the "Security" tab and click "Advanced"
-change the owner to you, disable inheritance and delete all permissions
-then grant yourself "Full control" and save the permissions
Once that is done, you should be able to SSH or RDP to your servers in AWS.
Alright folks, that was all I had to share today. I hope you have fun with it and, as always, feel free to send your comments, criticisms, suggestions.
The template can be found here : https://github.com/vjpsouza/MyCloudStuff
Cheers,
Valmir Souza
Comments
Post a Comment