S3 Summary

* Remember that S3 is Object based i.e. allows you to upload files.

* Files can be from 0 Bytes to 5TB

* There is unlimited storage

* Files are stored Buckets

* S3 is a universal namespace, that is, names must be unique globally

* name - i.e. https://s3-eu-west-1.amazonaws.com/acloudgutu

* Read after Write consistency for PUTs of new Objects

* Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)

* S3 Storage Classes/Tiers

  : S3 (durable, immediately available, frequently accessed)

  : S3 - IA (durable, immediately available, infrequently accessed)

  : Reduced Redundancy Storage (data that is easily reproducible, such as thumb nails etc).

  : Glacier - Archived data, where you can wait 3 - 5 hours before accessing

* Remember the core fundamentals of S3

  : Key (name)

  : Value (data)

  : Version ID

  : Metadata

  : Access Control lists

* Object based storage only (for files)

* Not suitable to install an operating system on (***)

Versioning

* Stores all versions of an object (including all writes and even if you delete an object)

* Great backup tool

* Once enabled, Versioning cannot be disabled, only suspended.

* Integrates with Lifecycle rules

* Versioning's MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security

* Cross Region Replication, requires versioning enabled on the source bucket

Lifecycle Management

* Can be used in conjunction with versioning

* Can be applied to current versions and previous versions

* Following actions can now be done

  : Transition to the Standard-Infrequent Access Storage Class (128Kb and 30 days after the creation date)

  : Archive to the Glacier Storage Class (30 days after IA, if relevant)

  : Permanently Delete

CloudFront

* Edge Location - This is the location where content will be cached. This is separate to an AWS Region/AZ

* Origin - This is the origin of all the files that the CDN will distribute. This can be either an S3 Bucket, an EC2 Instance, an Elastic Load Balancer or Route53

* Distribution - This is the name given the CDN which consists of a collection of Edge Locations.

  : Web Distribution - Typically used for Websites

  : RTMP - Used for Media Streaming

* Edge locations are not just READ only, you can write to them too. (i.e. put an object on to them)

* Objects are cached for the life of the TTL (Time To Live)

* You can clear cached objects, but you will be charged.

Securing your buckets

* By default, all newly created buckets are PRIVATE

* You can setup access control to your buckets using

  : Bucket Policies

  : Access Control Lists

* S3 buckets can be configured to create access logs which log all requests made to the S3 bucket. This can be done to another bucket.

Encryption

* In Transit

  : SSL/TLS

* At Rest

  : Server Side Encryption

    - S3 Managed Keys - SSE-S3 (***)

    - AWS Key Management Service, Managed Keys - SSE-KMS (***)

    - Server Side Encryption With Customer Provided Keys - SSE-C (***)

* Client Side Encryption

Storage Gateway

* File Gateway - For flat files, stored directly on S3

* Volume Gateway

  : Stored Volumes - Entire Dataset is stored on site and is asynchronously backed up to S3.

  : Cached Volumes - Entire Dataset is stored on S3 and the most frequently accessed data is cached on site

* Gateway Virtual Tape Library (VTL)

  : Used for backup and uses popular backup applications like NetBackup, Backup Exec, Veam etc.

Snowball

* Snowball

* Snowball Edge

* Snowmobile

* Understand what Snowball is

* Understand what Import Export is

* Snowball Can

  : Import to S3

  : Export from S3

S3 Transfer Acceleration

* You can speed up transfers to S3 using S3 transfer acceleration. This costs extra, and has the greatest impact on people who are in far away location.

S3 Static Websites

* You can use S3 to host static websites

* Serverless

* Very cheap, scales automatically

* STATIC only, cannot host dynamic sites

CORS

* Cross Origin Resource Sharing

* Need to enable it on the resources bucket and state the URL for the origin that will be calling the bucket.

i.e. 

http://mybucketname.s3-website.eu-west-2.amazonaws.com - S3 Website

https://s3.eu-west-2.amazonaws/mybucketname      - Bucket

Last few tips

* Write to S3 - HTTP 200 code for a successful write

* You can load files to S3 much faster by enabling multipart upload

* Read the S3 FAQ before taking the exam. It comes up A LOT!

=====================================

S3 Quiz

* The minimum file size allowed on S3 is 0 bytes? True

* If you encrypt a bucket on S3 what encryption does AWS use? 

  ==> Advanced Encryption Standard (AES) 256

* You create a static hosting website in a bucket called "acloudguru" in Japan using S3. What would the new URL End Point be? 

  ==> http://acloudguru.s3-website-ap-northeast-1.amazonaws.com

* You are hosting a static website in an S3 bucket which uses Java script to reference assets in another S3 bucket. For some reason however these assets are not displaying when users browse to the site. What could be the problem?

  ==> You haven't enabled Cross Origin Resource Sharing (CORS) on the bucket where the assets are stored

* What is the HTTP code you would see if once you successfully place a file in an S3 bucket? ==> 200

* S3 provides unlimited storage. ==> True

* What is the maximum file size that can be stored on S3? ==> 5Tb

* What is the largest size file you can transfer to S3 using a PUT operation? 

  ==> The correct answer is 5Gb. After that you must use a multipart upload. This can be an exam question. Please remember this before going in to your exam. Correct! http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html

* If you want to enable a user to download your private data directly from S3, you can insert a pre-signed URL into a web page before giving it to your user. ==> True

* When you first create an S3 bucket, this bucket is publicly accessible by default. ==> False

S3 ( Simple Storage Service)

S3 provides developers and IT teams with secure, durable, highly-scalable object storage. Amazon S3 is easy to use, with a simple web services interface to store and retrieve any amount of data from anywhere on the web.

S3 is a safe place to store your files.

It is Object based storage.

The data is spread across multiple devices and facilities.

The Basics

- S3 is Object based i.e. allows you to upload files.

- Files can be from 0 Bytes to 5TB

- There is unlimited storage

- Files are stored in Buckets.

- S3 is a universal namespace, that is, names must be unique globally.

- https://s3-eu-west-1.amazonaws.com/acloudguru

- When you upload a file to S3 you will receive a HTTP 200 code if the upload was successful.

Data Consistency Model For S3 (***)

- Read after Write consistency for PUTS of new objects

- Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)

S3 is a simple key, value store

- S3 is Object based. Objects consist of the following

: Key (this is simply the name of the object)

: Value (This is simply the data and is made up of a sequence of bytes)

: Version ID (Important for versioning)

: Metadata (Data about the data you are storing)

: Subresources

  Access Control Lists

  Torrent

: Built for 99.99% availability for the S3 platform

: Amazon guarantees 99.999999999% durability for S3 information (Remember 11X9's)

: Tiered Storage Available

: Lifecycle Management

: Versioning

: Encryption

: Secure your data using Access Control Lists and Bucket Policies

Storage Tiers/Classes

: S3 - 99.99% availability, 99.999999999% durability, stored redundantly across multiple devices in multiple facilities and is designed to sustain the loss of 2 facilities concurrently

: S3 - IA (Infrequently Accessed) For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.

: Reduced Redundancy Storage - Designed to provide 99.99% durability and 99.99% availability of objects over a given year.

: Glacier - Very cheap, but used for archival only. It takes 3-5 hours to restore from Glacier

What is Glacier?

Glacier is an extremely low-cost storage service for data archival. Amazon Glacier stores data for as little as $0.01 per gigabyte per month, and is optimized for data that is infrequently accessed and for which retrieval times of 3 to 5 hours are suitable.

S3- Charges

-  Charged for

: Storage

: Requests

: Storage Management Pricing

: Data Transfer Pricing

: Transfer Acceleration

What is S3 Transfer Acceleration?

Amazon S3 Transfer Acceleration enables fast, easy and secure transfers of files over long distances between your end users and an S3 bucket.

Transfer Acceleration takes advantage of Amazon CloudFront's globally distributed edge location. As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.

Exam Tips for S3 101

- Remember that S3 is Object based i.e. allows you to upload files.

- Files can be from 0 Bytes to 5TB

- There is unlimited storage

- Files are stored in Buckets

- S3 is a universal namespace, that is, names must be unique globally.

- https://s3-eu-west-1.amazonaws.com/acloudguru

- Read after Write consistency for PUTS of new Objects

- Eventual Consistency for overwrite PUTS and DELETES (can take some time to propagate)

- S3 Storage Classes/Tiers

: S3 (durable, immediately available, frequently accessed)

: S3 - IA (durable, immediately available, infrequently accessed)

: S3 - Reduced Redundancy Storage (data that is easily reproducible, such as thumb nails etc)

: Glacier - Archived data, where you can wait 3-5 hours before accessing.

- Remember the core fundamentals of an S3 object

: key (name)

: value (data

: Version ID

: Metadata

: Subresources

  ACL

  Torrent

- object based storage only (for files) (*****)

- Not suitable to install an operating system on. (*****)

- Successful uploads will generate a HTTP 200 status code.

- Read the S3 FAQ before taking the exam It comes up A LOT! (*****)

================

S3 Essencial - 

Bucket is just folder where you can upload files

- Buckets are a universal name space

- Upload an object to S3 receive a HTTP 200 Code

- S3, S3 - IA, S3 Reduced Redundancy Storage

- Encryption

: Client Side Encryption

: Server Side Encryption

  Server side encryption with Amazon S3 Managed Keys (SSE-S3)

  Server side encryption with KMS (SSE-KMS)

  Server side encryption with Customer Provided Keys (SSE-C)

- Control access to buckets using either a bucket ACL or using Bucket Polices

- BY DEFAULT BUCKETS ARE PRIVATE AND ALL OBJECTS STORED INSIDE THEM ARE PRIVATE

===================

Create a S3 Website

Static page only, no dynamic page (PHP etc.)

Format of URL : bucketname.s3-website-region.amazonaws.com

===================

Cross Origin Resource Sharing (CORS)

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support in Amazon S3, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

EC2 - Summary & Exam TIps

From Cloud Guru lecture in udemy

* Know the differences (pricing models) between (***)

- On Demand 

- Spot

- Reserved

- Dedicated Hosts : 

==> Choose best pricing model for specific requests

* Remember with spot instances;

- If you terminate the instance, you pay for the hour

- if AWS terminates the spot instance, you get the hour it was terminated in for free.

* EC2 Instance Types

Making Sense of AWS EC2 Instance Type Pricing: ECU Vs. vCPU

EBS (Elastic Block Store) Consists of;

- SSD, General Purpose - GP2 (Up to 10,000 IOPS)

- SSD, Provisioned IOPS - I01 (More than 10,000 IOPS)

- HDD, THroughput Optimized - ST1 - frequently accessed workloads

- HDD, Cold - SC1 - less frequently accessed data.

- HDD, Magnetic - Standard - cheap, infrequently accessed storage

* You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS.

EC2 Lab Exam Tips

* Termination Protection is turned off by default, you must turn it on

* On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated

* Root volumnes cannot be encrypted by default, you need a third party tool (such as bit locker etc.) to encrypt the root volume.

* Additional volumes can be encrypted.

Volumes vs. Snapshots

* Volumes exist on EBS

- Virtual Hard Disk

* Snapshots exist on S3

* You can take a snapshot of a volume, this will store that volume on S3

* Snapshots are point in time copies of Volumes

* Snapshots are incremental, this means that only the blocks that have changed since your last snapshot are moved to S3

* If this is your first snapshot, it may take some time to create

Volumes vs. Snapshots - Security

* Snapshots of encrypted volumes are encrypted automatically

* Volumes restored from encrypted snapshots are encrypted automatically

* You can share snapshots, but only if they are unencrypted.

  - These snapshots can be shared with other AWS accounts or made public

Snapshots of Root Device Volume

* To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

EBS vs. Instance Store 

* Instance Store Volumes are sometimes called Ephemeral Storage.

* Instance store volumes cannot be stopped. If the underlying host fails, you will lose your data.

* EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped.

* You can reboot both, you will not lose your data.

* By default, both ROOT volumes will be deleted on termination, however with EBS volumes, you can tell AWS to keep the root device volume.

How can I take a snapshot of a RAID Array?

* Problem - Take a snapshot, the snapshot excludes data held in the cache by applications and the OS. This tends not to matter on a single volume, however using multiple volumes in a RAID array, this can be a problem due to interdependencies of the array.

* Solution - Take an application consistent snapshot

- Stop the application from writing to disk

- Flush all chaches to the disk.

- How can we do this?

  Freeze the file system

  Unmount the RAID Array

  Shutting down the associated EC2 instance.

Amazon Machine Images 

* AMI's are regional. You can only launch an AMI from the region in which it is stored. However you can copy AMI's to other regions using the console, command line or the Amazon EC2 API.

* Standard Monitoring = 5 Minutes

* Detailed Monitoring = 1 Minute

* CloudWatch is for performance monitoring

* CloudTrail is for auditing

What can I do with Cloudwatch?

* Dashboards - Creates awesome dashboards to see what is happening with your AWS environment

* Alarms - Allows you to set Alarms that notify you when particular thresholds are hit.

* Events - CloudWatch Events helps you to respond to state changes in your AWS resources.

* Logs - CloudWatch Logs helps you to aggregate, monitor, and store logs.

Roles Lab

* Roles are more secure than storing your access key and secret access key on individual EC2 instances.

* Roles are easier to manage

* Roles can be assigned to an EC2 instance AFTER it has been provisioned using both the command line and the AWS console.

* Roles are universal, you can use them in any region.

Instance Meta-data

* Used to get information about an instance (such as public ip)

* curl http://169.254.169.254/latest/meta-data/

* No such thing as user-data for an instance

EFS Features

* Supports the Network File System version 4 (NFSv4) protocol

* You only pay for the storage you use (no pre-provisioning required)

* Can scale up to the petabytes

* Can support thousands of concurrent NFS connections

* Data is stored across multiple AZ's within a region

* Read After Write consistency

What is Lambda?

* AWS Lambda is a compute service where you can upload your code and create a Lambda function. AWS Lambda takes care of provisioning and managing the servers that you use to run the code. You don't have to worry about operating systems, patching, scaling, etc. You can use Lambda in the following ways.

- As an event-driven compute service where AWS Lambda runs your code in response to events. These events could be changes to data in an Amazon S3 bucket or an Amazon DynamoDB table.

- As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs. This is what we use at A Cloud Guru

Quiz

- The default region for an SDK is "US-EAST-1"

- AWS SDK supports Python, Ruby, Node.JS, PHO, JAVA (not C++)

- HTTP 5XX is a server side error

- HTTP 4XX is a client side error

- HTTP 3XX is a redirection

- HTTP 2XX is the request was successful

- To find out both private IP address and public IP address of EC2 instance

  => Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/

- To retrieve instance metadata or userdata you will need to use this IP address

  => http://169.254.169.254

- In order to enable encryption at rest using EC2 and Elastic Block Store you need to

  => Configure encryption when creating the EBS volume

 http://aws.amazon.com/about-aws/whats-new/2014/05/21/Amazon-EBS-encryption-now-available/

- You can have multiple SSL certificates on an Elastic Load Balancer

- Elastic Load Balancers are chargeable

* Elastic Load Balancer (Exam Tips)

Elastic Load Balancer FAQs

Classic Load Balancer

General

Application Load Balancer

Network Load Balancer

1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ ssh ec2-user@34.228.166.148 -i EC2KeyPair.pem.txt 

Last login: Mon Oct 16 23:10:59 2017 from 208.185.161.249

       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2017.03-release-notes/

13 package(s) needed for security, out of 33 available

Run "sudo yum update" to apply all updates.

Amazon Linux version 2017.09 is available.

[ec2-user@ip-172-31-24-42 ~]$ sudo su

[root@ip-172-31-24-42 ec2-user]# service httpd status

httpd (pid  8282) is running...

[root@ip-172-31-24-42 ec2-user]# service httpd start

Starting httpd: 

[root@ip-172-31-24-42 ec2-user]# chkconfig httpd on

[root@ip-172-31-24-42 ec2-user]# service httpd status

httpd (pid  8282) is running...

[root@ip-172-31-24-42 ec2-user]# cd /var/www/html

[root@ip-172-31-24-42 html]# ls -l

total 4

-rw-r--r-- 1 root root 185 Sep 10 23:38 index.html

[root@ip-172-31-24-42 html]# nano healthcheck.html

[root@ip-172-31-24-42 html]# ls -l

total 8

-rw-r--r-- 1 root root  28 Oct 16 23:14 healthcheck.html

-rw-r--r-- 1 root root 185 Sep 10 23:38 index.html

[root@ip-172-31-24-42 html]# 

Go to EC2 in aws.amazon.com and click on Load Balancers in left panel.

Classic Load Balancer

Next -> Select Security Group, Configure Security Settings (Next) -> 

Add Tag -> Review -> Close ->

(Edit Instance if there is no State)

- Create Application Load Balancer

-> Almost same as Classic Load Balancer.

-> Provisioning state will be turn to active after a couple of mins.

- Application Load Balancer : Preferred for HTTP/HTTPS (****)

- Classic Load Balancer (*****)

1 subnet = 1 availability zone

- Instances monitored by ELB are reported as ;

  InService, or OutofService

- Health Checks check the instance health by talking to it

- Have their own DNS name. You are never given an IP address.

- Read the ELB FAQ for Classic Load Balancers ***

- Delete Load Balancers after complete the test. (It would be paid service)

* SDK's - Exam Tips

https://aws.amazon.com/tools/

- Android, iOS, JavaScript (Browser)

- Java

- .NET

- Node.js

- PHP

- Python

- Ruby

- Go

- C++

Default Region - US-EAST-1

Some have default regions (JAVA)

Some do not (Node.js)

* Lambda (*** - Several questions)

Data Center - IAAS - PAAS - Containers - Serverless

The best way to get started with AWS Lambda is to work through the Getting Started Guide, part of our technical documentation. Within a few minutes, you will be able to deploy and use a AWS Lambda function.

What is Lambda?

- Data Centers

- Hardware

- Assembly Code/Protocols

- High Level Languages

- Operating System

- Application Layer/AWS APIs

- AWS Lambda 

AWS Lambda is a compute service where you can upload your code and create a Lambda function. AWS Lambda takes care of provisioning and managing the servers that you use to run the code. You don't have to worry about operating systems, patching, scaling, etc. You can use Lambda in the following ways.

- As an event-driven compute service where AWS Lambda runs your code in response to events. These events could be changes to data in an Amazon S3 bucket or an Amazon DynamoDB table.

- As a compute service to run our code in response to HTTP requests using Amazon API Gateway or API calls made using AWS SDKs. 

How to user Lambda -> refer to my articles for Alexa Skill development

http://coronasdk.tistory.com/931

What Languages?

Node.js

Java

Python

C#

How is Lambda Priced?

- Number of requests

   First 1 million requests are free. $0.20 per 1 million requests thereafter.

- Duration

  Duration is calculated from the time your code begins executing until it returns or otherwise terminates, rounded up to the nearest 100ms. The price depends on the amount of memory you allocate to your function. You are charged $0.00001667 for every GB-second used.

Why is Lambda cool?

- No Servers!

- Continuous Scaling

- Super cheap!

Lambda - Exam Tips

Lambda scales out (not up) automatically

Lambda functions are independent, 1 event = 1 function

Lambda is serverless

Know what services are serverless! (S3, API Gateway, Lambda Dynamo DB etc. ) -EC2 is not serverless.-

Lambda functions can trigger other lambda functions, 1 event can = x functions if functions trigger other functions

Architectures can get extremely complicated, AWS X-ray allows you to debug what is happening

Lambda can do things globally, you can use it to back up S3 buckets to other S3 buckets etc.

Know your triggers

(Duration time is Maximum 5 mins)

* Bash Script

Auto execute scripts when create instance

- Enter script in Advanced Details text box when you create an instance

In this case, system will execute all these scripts when create the instance.

#!/bin/bash

yum update -y

yum install httpd -y

service httpd start

checkconfig httpd on

cd /var/www/html

aws s3 cp s3://mywebsitebucket-changsoo/index.html /var/www/html

: Update system, install Apache, start httpd server and copy index.html from s3 to /var/www/html folder of the Instance

* Install PHP and create php page

Enter scripts below to Advanced Details when you create an instance

#!/bin/bash

yum update -y

yum install httpd24 php56 git -y

service httpd start

chkconfig httpd on

cd /var/www/html

echo "<?php phpinfo();?>" > test.php

git clone https://github.com/acloudguru/s3

navigate to 'public IP address'/test.php in your browser then you can see PHP INFO page

Access to the server through Terminal

1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ ssh ec2-user@54.89.219.112 -i EC2KeyPair.pem.txt 

.....................

[root@ip-172-31-80-161 ec2-user]# cd /var/www/html

[root@ip-172-31-80-161 html]# ls -l

total 8

drwxr-xr-x 3 root root 4096 Oct 12 23:52 s3

-rw-r--r-- 1 root root   19 Oct 12 23:52 test.php

[root@ip-172-31-80-161 html]# 

==> there is a test.php and downloaded s3 folder from cloudguru's GitHub repository

https://docs.aws.amazon.com/aws-sdk-php/v3/guide/getting-started/installation.html

Installing via Composer

Using Composer is the recommended way to install the AWS SDK for PHP. Composer is a dependency management tool for PHP that allows you to declare the dependencies your project needs and installs them into your project.

1. Install Composer

   curl -sS https://getcomposer.org/installer | php
   

2. Run the Composer command to install the latest stable version of the SDK:

   php composer.phar require aws/aws-sdk-php
   

3. Require Composer's autoloader:

   <?php
   require 'vendor/autoload.php';
   

You can find out more on how to install Composer, configure autoloading, and other best-practices for defining dependencies at getcomposer.org.

[root@ip-172-31-80-161 html]# pwd

/var/www/html

[root@ip-172-31-80-161 html]# curl -sS https://getcomposer.org/installer | php

curl: (35) Network file descriptor is not connected

[root@ip-172-31-80-161 html]# curl -sS https://getcomposer.org/installer | php

All settings correct for using Composer

Downloading...

Composer (version 1.5.2) successfully installed to: /var/www/html/composer.phar

Use it: php composer.phar

[root@ip-172-31-80-161 html]# php composer.phar require aws/aws-sdk-php

Do not run Composer as root/super user! See https://getcomposer.org/root for details

Using version ^3.36 for aws/aws-sdk-php

./composer.json has been created

Loading composer repositories with package information

Updating dependencies (including require-dev)

Package operations: 6 installs, 0 updates, 0 removals

  - Installing mtdowling/jmespath.php (2.4.0): Downloading (100%)         

  - Installing psr/http-message (1.0.1): Downloading (100%)         

  - Installing guzzlehttp/psr7 (1.4.2): Downloading (100%)         

  - Installing guzzlehttp/promises (v1.3.1): Downloading (100%)         

  - Installing guzzlehttp/guzzle (6.3.0): Downloading (100%)         

  - Installing aws/aws-sdk-php (3.36.26): Downloading (100%)         

guzzlehttp/guzzle suggests installing psr/log (Required for using the Log middleware)

aws/aws-sdk-php suggests installing aws/aws-php-sns-message-validator (To validate incoming SNS notifications)

aws/aws-sdk-php suggests installing doctrine/cache (To use the DoctrineCacheAdapter)

Writing lock file

Generating autoload files

[root@ip-172-31-80-161 html]# ls -l

total 1844

-rw-r--r-- 1 root root      62 Oct 13 00:04 composer.json

-rw-r--r-- 1 root root   12973 Oct 13 00:04 composer.lock

-rwxr-xr-x 1 root root 1852323 Oct 13 00:04 composer.phar

drwxr-xr-x 3 root root    4096 Oct 12 23:52 s3

-rw-r--r-- 1 root root      19 Oct 12 23:52 test.php

drwxr-xr-x 8 root root    4096 Oct 13 00:04 vendor

[root@ip-172-31-80-161 html]# cd vendor

[root@ip-172-31-80-161 vendor]# ls -l

total 28

-rw-r--r-- 1 root root  178 Oct 13 00:04 autoload.php

drwxr-xr-x 3 root root 4096 Oct 13 00:04 aws

drwxr-xr-x 2 root root 4096 Oct 13 00:04 bin

drwxr-xr-x 2 root root 4096 Oct 13 00:04 composer

drwxr-xr-x 5 root root 4096 Oct 13 00:04 guzzlehttp

drwxr-xr-x 3 root root 4096 Oct 13 00:04 mtdowling

drwxr-xr-x 3 root root 4096 Oct 13 00:04 psr

[root@ip-172-31-80-161 vendor]# vi autoload.php

<?php

// autoload.php @generated by Composer

require_once __DIR__ . '/composer/autoload_real.php';

return ComposerAutoloaderInit818e4cd87569a511144599b49f2b1fed::getLoader();

* Using the PHP to access to S3

[root@ip-172-31-80-161 s3]# ls -l

total 24

-rw-r--r-- 1 root root 796 Oct 12 23:52 cleanup.php

-rw-r--r-- 1 root root 195 Oct 12 23:52 connecttoaws.php

-rw-r--r-- 1 root root 666 Oct 12 23:52 createbucket.php

-rw-r--r-- 1 root root 993 Oct 12 23:52 createfile.php

-rw-r--r-- 1 root root 735 Oct 12 23:52 readfile.php

-rw-r--r-- 1 root root 193 Oct 12 23:52 README.md

[root@ip-172-31-80-161 s3]# vi createbucket.php 

<?php

//copyright 2015 - A Cloud Guru.

//connection string

include 'connecttoaws.php';

// Create a unique bucket name

$bucket = uniqid("acloudguru", true);

// Create our bucket using our unique bucket name

$result = $client->createBucket(array(

    'Bucket' => $bucket

));

//HTML to Create our webpage

echo "<h1 align=\"center\">Hello Cloud Guru!</h1>";

echo "<div align = \"center\"><img src=\"https://acloud.guru/images/logo-small-optimised.png\"></img></div>";

echo "<h2 align=\"center\">You have successfully created a bucket called {$bucket}</h2>";

echo "<div align=\"center\"><a href=\"createfile.php?bucket=$bucket\">Click Here to Continue</a></div>";

?>

[root@ip-172-31-80-161 s3]# vi connecttoaws.php 

<?php

// Include the SDK using the Composer autoloader

require '/var/www/html/vendor/autoload.php';

$client = new Aws\S3\S3Client([

    'version' => 'latest',

    'region'  => 'us-east-1'

]);

?>

[root@ip-172-31-80-161 s3]# vi createfile.php 

<?php

//Copyright 2015 A Cloud Guru

//Connection string

include 'connecttoaws.php';

/*

Files in Amazon S3 are called "objects" and are stored in buckets. A specific

object is referred to by its key (or name) and holds data. In this file

we create an object called acloudguru.txt that contains the data

'Hello Cloud Gurus!'

and we upload/put it into our newly created bucket.

*/

//get the bucket name

$bucket = $_GET["bucket"];

//create the file name

$key = 'cloudguru.txt';

//put the file and data in our bucket

$result = $client->putObject(array(

    'Bucket' => $bucket,

    'Key'    => $key,

    'Body'   => "Hello Cloud Gurus!"

));

//HTML to create our webpage

echo "<h2 align=\"center\">File - $key has been successfully uploaded to $bucket</h2>";

echo "<div align = \"center\"><img src=\"https://acloud.guru/images/logo-small-optimised.png\"></img></div>";

echo "<div align = \"center\"><a href=\"readfile.php?bucket=$bucket&key=$key\">Click Here To Read Your File</a></div>";

?>

[root@ip-172-31-80-161 s3]# vi readfile.php 

<?php

//connection string

include 'connecttoaws.php';

//code to get our bucket and key names

$bucket = $_GET["bucket"];

$key = $_GET["key"];

//code to read the file on S3

$result = $client->getObject(array(

    'Bucket' => $bucket,

    'Key'    => $key

));

$data = $result['Body'];

//HTML to create our webpage

echo "<h2 align=\"center\">The Bucket is $bucket</h2>";

echo "<h2 align=\"center\">The Object's name is $key</h2>";

echo "<h2 align=\"center\">The Data in the object is $data</h2>";

echo "<div align = \"center\"><img src=\"https://acloud.guru/images/logo-small-optimised.png\"></img></div>";

echo "<div align = \"center\"><a href=\"cleanup.php?bucket=$bucket&key=$key\">Click Here To Remove Files & Bucket</a></div>";

?>

curl http://169.254.169.254/latest/meta-data/ (*****)

How to get the public IP address (Exam *****)

[root@ip-172-31-80-161 s3]# curl http://169.254.169.254/latest/meta-data/

ami-id

ami-launch-index

ami-manifest-path

block-device-mapping/

hostname

iam/

instance-action

instance-id

instance-type

local-hostname

local-ipv4

mac

metrics/

network/

placement/

profile

public-hostname

public-ipv4

public-keys/

reservation-id

security-groups

[root@ip-172-31-80-161 s3]# curl http://169.254.169.254/latest/meta-data/public-ipv4

54.89.219.112[root@ip-172-31-80-161 s3]# 

[root@ip-172-31-80-161 s3]# yum install httpd php php-mysql

[root@ip-172-31-80-161 s3]# service httpd start

Starting httpd: 

[root@ip-172-31-80-161 s3]# yum install git

[root@ip-172-31-80-161 s3]# cd /var/www/html

[root@ip-172-31-80-161 html]# git clone https://github.com/acloudguru/metadata

Cloning into 'metadata'...

remote: Counting objects: 9, done.

remote: Total 9 (delta 0), reused 0 (delta 0), pack-reused 9

Unpacking objects: 100% (9/9), done.

[root@ip-172-31-80-161 s3]# cd /var/www/html

[root@ip-172-31-80-161 html]# git clone https://github.com/acloudguru/metadata

Cloning into 'metadata'...

remote: Counting objects: 9, done.

remote: Total 9 (delta 0), reused 0 (delta 0), pack-reused 9

Unpacking objects: 100% (9/9), done.

[root@ip-172-31-80-161 html]# ls -l

total 1848

-rw-r--r-- 1 root root      62 Oct 13 00:04 composer.json

-rw-r--r-- 1 root root   12973 Oct 13 00:04 composer.lock

-rwxr-xr-x 1 root root 1852323 Oct 13 00:04 composer.phar

drwxr-xr-x 3 root root    4096 Oct 13 00:34 metadata

drwxr-xr-x 3 root root    4096 Oct 13 00:15 s3

-rw-r--r-- 1 root root      19 Oct 12 23:52 test.php

drwxr-xr-x 8 root root    4096 Oct 13 00:08 vendor

[root@ip-172-31-80-161 html]# cd metadata

[root@ip-172-31-80-161 metadata]# ls -l

total 8

-rw-r--r-- 1 root root 676 Oct 13 00:34 curlexample.php

-rw-r--r-- 1 root root  11 Oct 13 00:34 README.md

[root@ip-172-31-80-161 metadata]# vi curlexample.php

<?php

        // create curl resource

        $ch = curl_init();

        $publicip = "http://169.254.169.254/latest/meta-data/public-ipv4";

        // set url

        curl_setopt($ch, CURLOPT_URL, "$publicip");

        //return the transfer as a string

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

        // $output contains the output string

        $output = curl_exec($ch);

        // close curl resource to free up system resources

        curl_close($ch);

        // close curl resource to free up system resources

        curl_close($ch);

        //Get the public IP address

        echo "The public IP address for your EC2 instance is $output";

?>

AWS Command Line Interface

- Getting Started

- CLI Reference

- GitHub Project

- Community Forum

* Terminate Instance from Terminal

1178578-C02NW6G1G3QD:AWS_SSH changsoopark$ ssh ec2-user@IP Address -i EC2KeyPair.pem.txt 

The authenticity of host 'IP address (IP address)' can't be established.

ECDSA key fingerprint is SHA256:..........

Are you sure you want to continue connecting (yes/no)? yes 

Warning: Permanently added '54.175.217.183' (ECDSA) to the list of known hosts.

       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/

No packages needed for security; 1 packages available

Run "sudo yum update" to apply all updates.

[ec2-user@ip-172-31-89-170 ~]$ sudo su

[root@ip-172-31-89-170 ec2-user]# aws s3 ls

Unable to locate credentials. You can configure credentials by running "aws configure".

==> can't access to s3. 

[root@ip-172-31-89-170 ec2-user]# aws configure

AWS Access Key ID [None]: 

==> Open CSV file you downloaded and enter AWS Access Key ID and AWS Secret.

==> Enter region name

==> type aws s3 ls ==> will display list

==> aws s3 help ==> display all commands

cd ~ -> home directory

ls

cd .aws

ls

nano credentials ==> Access_key_id , secret_access_key

aws ec2 describe-instances ==> display all instances in JSON format

copy instance id of running instance

aws ec2 terminate-instances --instance-ids 'instance id'

==> terminated

When access_key_id and secret_access_key is accidently open to public -> Resolution is Delete the user and re-create it

* Using Role instead of Access Key

------ Identity Access Management Roles Lab -------

- IAM - Create a Role   with S3 full access policy

*** All Roles are for Global (*******) - No need to select Region

- Create EC2 Instance : Assign above role to this instance

==> You can replace Role of existing instance

: Actions - Instance Settings - Attach/Replace IAM role

now was s3 ls works

[root@ip-172-31-81-181 ec2-user]# aws s3 ls

[root@ip-172-31-81-181 ec2-user]#

CLI Commands - Developer Associate Exam

[ec2-user@ip-172-31-81-181 ~]$ sudo su

[root@ip-172-31-81-181 ec2-user]# aws s3 ls

[root@ip-172-31-81-181 ec2-user]# cd ~

[root@ip-172-31-81-181 ~]# ls

[root@ip-172-31-81-181 ~]# cd .aws

bash: cd: .aws: No such file or directory

[root@ip-172-31-81-181 ~]# aws configure

AWS Access Key ID [None]: 

AWS Secret Access Key [None]: 

Default region name [None]: us-east-1

Default output format [None]: 

[root@ip-172-31-81-181 ~]# cd .aws

[root@ip-172-31-81-181 .aws]# ls

config

[root@ip-172-31-81-181 .aws]# cat config

[default]

region = us-east-1

[root@ip-172-31-81-181 .aws]# 

==> Shutting down the instance in AWS console

============ CLI Commands For The Developer Exam

IAM - Create a Role - MyEC2Role - administrator access

Launch new instance - assign the role

ssh ec2-user.......

sudo su

aws configure (enter region only)

docs.aws.amazon.com/cli/latest/reference/ec2/index.html

(*****)

aws ec2 describe-instances

aws ec2 describe-images  - enter image id

aws ec2 run-instances

was ec2 start-instances

(*****)

Do not confuse START-INSTANCES with RUN-INSTANCES

START-INSTANCES - START AND STOP INSTANCE

RUN-INSTANCES - CREATE A NEW INSTANCE

========================

-----S3 CLI & REGIONS

Launch new instance

Create S3 buckets (3 buckets)

Upload a file to one of above bucket

go to another bucket and upload other file.

go to another bucket and upload other file.

IAM - Create a new Role (S3 full access)

EC2 - public IP address

terminal

ssh ec2-user@....

sudo su

aws s3 ls - will not work

attach the role to the EC2 instance

attach/replace IAM role (WEB)

go back to terminal

aws s3 ls -> will display

aws s3 cp --recursive s3://bucket1_name /home/bucket2_name

ls

copy file to bucket

* Security Group

- Virtual Firewall

- 1 instance can have multiple security groups

chkconfig httpd on - Apache will turn on when reboot automatically

EC2 - Left Menu - Security Group - Select WebDMZ

Inbound Rules - Delete HTTP rule -> can not access to public IP http://34.228.166.148

*****

Outbound - All traffics - Delete -> can access to public IP address

Edit Inbound Rule -> automatically Edit Outbound Rule

Actions -> Networking - Change Security Group -> can select multiple security group

Tip

- All Inbound Traffic is Blocked By Default

- All Outbound Traffic is Allowed

- Changes to Security Groups take effect immediately

- You can have any number of EC2 instances within a security group.

- you can have multiple security groups attached to EC2 Instances

- Security Groups are STATEFUL (*****) (whereas network access control Lists - Stateless)

  : If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again

  : You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists (VPC section)

- You can specify allow rules but not deny rules. (*****)

* Upgrading EBS Volume Types 1

Magnetic Storage

lsblk

[root@ip-172-31-19-244 ec2-user]# lsblk

NAME    MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

xvda    202:0    0   8G  0 disk 

└─xvda1 202:1    0   8G  0 part /

xvdb    202:16   0   8G  0 disk 

[root@ip-172-31-19-244 ec2-user]# mkfs -t ext4 /dev/xvdb

mke2fs 1.42.12 (29-Aug-2014)

Creating filesystem with 2097152 4k blocks and 524288 inodes

Filesystem UUID: 1a4f0040-89b5-4ac0-8345-15ceb7c868fb

Superblock backups stored on blocks: 

32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            

Writing inode tables: done                            

Creating journal (32768 blocks): done

Writing superblocks and filesystem accounting information: done 

[root@ip-172-31-19-244 ec2-user]# mkdir /changsoopark

[root@ip-172-31-19-244 ec2-user]# mount /dev/xvdb /changsoopark

[root@ip-172-31-19-244 ec2-user]# lsblk

NAME    MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

xvda    202:0    0   8G  0 disk 

└─xvda1 202:1    0   8G  0 part /

xvdb    202:16   0   8G  0 disk /changsoopark

[root@ip-172-31-19-244 ec2-user]# cd /changsoopark

[root@ip-172-31-19-244 changsoopark]# ls -l

total 16

drwx------ 2 root root 16384 Oct  5 00:05 lost+found

[root@ip-172-31-19-244 changsoopark]# nano test.html

[root@ip-172-31-19-244 changsoopark]# ls -l

total 20

drwx------ 2 root root 16384 Oct  5 00:05 lost+found

-rw-r--r-- 1 root root    19 Oct  5 00:07 test.html

[root@ip-172-31-19-244 changsoopark]# 

unmount the volume - umount /dev/xvdb

[root@ip-172-31-19-244 /]# cd /

[root@ip-172-31-19-244 /]# umount /dev/xvdb

[root@ip-172-31-19-244 /]# cd /changsoopark

[root@ip-172-31-19-244 changsoopark]# ls -l

total 0

[root@ip-172-31-19-244 changsoopark]# 

mount it again and check the folder

[root@ip-172-31-19-244 changsoopark]# cd /

[root@ip-172-31-19-244 /]# mount /dev/xvdb /changsoopark

[root@ip-172-31-19-244 /]# cd /changsoopark

[root@ip-172-31-19-244 changsoopark]# ls -l

total 20

drwx------ 2 root root 16384 Oct  5 00:05 lost+found

-rw-r--r-- 1 root root    19 Oct  5 00:07 test.html

[root@ip-172-31-19-244 changsoopark]# 

unmount it again

[root@ip-172-31-19-244 changsoopark]# cd /

[root@ip-172-31-19-244 /]# umount /dev/xvdb

[root@ip-172-31-19-244 /]# cd /changsoopark

[root@ip-172-31-19-244 changsoopark]# ls -l

total 0

[root@ip-172-31-19-244 changsoopark]# 

- aws.amazon.com : Detach Volume  and Create Snapshot - Create Volume : Select Volume Type

Attach Volume - Select instance and Attach button --> Go to Console

[root@ip-172-31-19-244 changsoopark]# lsblk

NAME    MAJ:MIN RM SIZE RO TYPE MOUNTPOINT

xvda    202:0    0   8G  0 disk 

└─xvda1 202:1    0   8G  0 part /

xvdf    202:80   0   8G  0 disk               ====> New Volume (partition)

[root@ip-172-31-19-244 changsoopark]# file -s /dev/xvdf

/dev/xvdf: Linux rev 1.0 ext4 filesystem data, UUID=1a4f0040-89b5-4ac0-8345-15ceb7c868fb (extents) (large files) (huge files)

[root@ip-172-31-19-244 changsoopark]# mount /dev/xvdf /changsoopark

[root@ip-172-31-19-244 changsoopark]# cd /changsoopark

[root@ip-172-31-19-244 changsoopark]# ls -l

total 20

drwx------ 2 root root 16384 Oct  5 00:05 lost+found

-rw-r--r-- 1 root root    19 Oct  5 00:07 test.html

Create Volume, Set MySql to volume, mount, unmount, attach, detach, snapshot, remount 

Steps can be in exam

* Upgrading EBS Volume Types 2

Delete Instance - Delete volume and Delete Snapshot seperatly

Exam Tips

- EBS Volumes can be changed on the fly (except for magnetic standard)

- Best practice to stop the EC2 instance and then change the volume

- You can change volume types by taking a snapshot and then using the snapshot to create a new volume

- If you change a volume on the fly you must wait for 6 hours before making another change

- You can scale EBS Volumes up only

- Volumes must be in the same AZ as the EC2 instances

* EFS (Elastic File System) Lab

What is EFS

Amazon Elastic File System (Amazon EFS) is a file storage service for Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

- Supports the Network File System version 4 (NFSv4) protocol

- You only pay for the storage you use (no pre-provisioning required)

- Can scale up to the petabytes

- Can support thousands of concurrent NFS connections

- Data is stored across multiple AZ's within a region

- Read After Write Consistency

- EFS block based storage vs. S3 object based storage

aws.amazon.com

EFS - Create File system - Configure file system access

: VPC - An Amazon EFS file system is accessed by EC2 instances running inside one of your VPCs. Instances connect to a file system by using a network interface called a mount target. Each mount target has an IP address, which we assign automatically or you can specify.

: Create mount targets - Instances connect to a file system by using mount targets you create. We recommend creating a mount target in each of your VPC's Availability Zones so that EC2 instances across your VPC can access the file system.

==> AZ, Subnet, IP address, Security groups

- Tag and Create FIle System -> Done

Create New Instance

Step 1, Step 2 - Default

Step 3 - Default except Subnet => Select the created Submet when Create EFS above

Step 4 - Add Storage

Create another Instance - Select Load Balancer

VPS, Subnet

Define Load Balancer

==> Check EFS

Copy from alexa.design/standout

PDF file : 

GuideStandoutSkillFinal.pdf

In this guide, we will dive deeper into each quality and provide guidance on how you can incorporate it into your skill. We will also share exemplary skills that you can explore and model after. Leverage these insights to build standout skills that your customers will love.

Once you’ve got an idea for your skill’s name, say the invocation name out loud, just as a customer would. See if it’s intuitive and easy to say. Let’s take the example of the Sleep and Relaxation Sounds skill. The customer will say something like:

Beta testers (or even friends or colleagues) can also help grade the strength of your skill’s name. Ask them what they expect the skill to do based on the name alone. Use their responses to determine whether your skill name clearly articulates your skill’s capabilities and value. After your skill is published, read the customer reviews to identify any gaps between the skill name and the skill experience.

Try: Set Clear Expectations Using Our Code Sample

Some information, like physical address, is now available via the permissions framework grows, account-linking flows should be limited to authentication scenarios only and not personalization. If you use account linking in your skill, be sure to follow best practices to minimize friction and ensure a smooth customer experience.

Learn more : 10 Tips for Successfully Adding Account Linking to Your Alexa Skill

You can also build engagement over time by remembering what your users were doing last.

Storing data in Amazon DynamoDB allows you to add this memory and context to your skill.

Persistence allows you to pause games or guide users through a step-by-step process like creating a recipe, tackling a DIY project, or a playing a game. For example, a game skill with memory enables customers to pause, come back, and pick up right where they left off.

Learn more: 5 Ways to Level Up Your Skill with AWS

Additional Resources

Voice Design Guide

Documentation

Shortcut Start a Skill Now

Today I am going to create my Amazon EC2 instance (Amazon Linux), install Apache web server in the instance and create my public web pate.

You can create your own as well. just follow the steps below.

Refer to A Cloud Guru A Certified Developer - Associate lectures for more details.

[AWS Certificate] 로 시작하는 글들은 제가 AWS Certified Developer - Associate  을 준비하면서 배운 내용들을 메모해 두는 글입니다.

이번 글은 EC2 instance 와 어디서나 접근할 수 있는 나의 웹 페이지를 만드는 방법을 정리했습니다.

따라하시면 무료로 리눅스 서버와 개인 홈페이지 공간을 얻을 수 있습니다.

- Navigate to EC2 page. https://console.aws.amazon.com/ec2 And Click on Launch Instance button 

- Select AMI (Amazon Machine Image) as Amazon Linux

Amazon Machine Image

An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud ("EC2"). It serves as the basic unit of deployment for services delivered using EC2.

Amazon Machine Images (AMI)

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

An AMI includes the following:

- Select the default t2.micro  and Click on Next:Configure Instance Details button

- Set Defaults and Click on Next: Add Storage button

Subnet : 1 Subnet is always equal to 1 Availability (******) Exam

- Set as default and Click on Next: Add Tags button

You can Add Amazon EBS Volume Types here.

Amazon EBS Volume Types

Amazon EBS provides the following volume types, which differ in performance characteristics and price, so that you can tailor your storage performance and cost to the needs of your applications. The volumes types fall into two categories:

- Add Tags as much as you need and Click on Next: Configure Security Group button

- Enter Security group Name and Description

- Add HTTP and HTTPS Types

- Click on Review and Launch Button

Security Groups for Your VPC

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC could be assigned to a different set of security groups. If you don't specify a particular group at launch time, the instance is automatically assigned to the default security group for the VPC.

For each security group, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. This section describes the basic things you need to know about security groups for your VPC and their rules.

You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. For more information about the differences between security groups and network ACLs, see Comparison of Security Groups and Network ACLs.

- Review your configurations and Click on Launch button

- Select 'Create a new key pair' in dropdown menu

- Enter Name the Key pair name

- Click on Download Key Pair

- Click on Launch Instance

- Click on View Instance button

- Now your instance is running

You can see your instance details here.

Not I am going to access to my instance and create my web page.

Open your Terminal (Mac) or Console window (Windows).

and Navigate to the folder where the downloaded key pare file is.

The EC2KeyPair.pem.txt is the one I downloaded now.

MyEC2KeyPair.pem.txt is old one what I've used.

change permission of EC2KeyPair.pem.txt file

CHMOD 400 EC2KeyPair.pem.txt 

Type ssh ec2-user@'your IPv4 Public IP' -I EC2KeyPair.pem.txt

Type yes

and then you can log in to your Amazon Linux Instance

Type sudo su 

You are now with super user permission.

Type yum update -y to update Operation System

Type yum install httpd -y to install Apache Server

navigate to Web root page

cd /var/www/html

There is no file in the folder now.

I am going to my web page now.

Type nano index.html (or vi index.html)

I have created the web page as below to display my blog.

<html>

<h1> iframe - Changsoo's Blog - </h1>

<iframe id="blog"

    title="Changsoo's Blog"

    width="100%"

    height="100%"

    src="http://coronasdk.tistory.com">

</iframe>    

</html>

Now I can see the index.html file in the folder.

I will start my Apache server.

service http start

Now enter 34.228.166.148 in URL bar in your browser then you can see the page below.

You can type my Public DNS (IPv4) to get the page in your browser as well.

http://ec2-34-228-166-148.compute-1.amazonaws.com/

Now I have my Amazon Linux server (EC2 instance) and public web page.

Termination Protection is turned off by default, you must turn it on.

If you want to terminate the instance then

1. Action - Instance Settings - Change Termination Protection

2. Click on Yes, Enable button.

On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.

EBS Root Volumes of your DEFAULT AMI's cannot be encrypted.

You can also use a third party tool (such as bit locker etc.) to encrypt the root volume, or this can be done when creating AMI's (lab to follow) in the AWS console or using the API.

EC2 (Elastic Compute Cloud)

What is EC2?

Provides resizable compute capacity in the Cloud Designed to make web-scale cloud computing easier A true virtual computing environment Launch instances with a variety of operating systems Run as many or few systems as you desire.

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.

Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change. Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use. Amazon EC2 provides developers the tools to build failure resilient applications and isolate them from common failure scenarios.

* EC2 Options (***)

On Demand Instances - Pay for compute capacity by the hour with no long-term commitments or upfront payments

With On-Demand instances, you pay for compute capacity by the hour with no long-term commitments or upfront payments. You can increase or decrease your compute capacity depending on the demands of your application and only pay the specified hourly rate for the instances you use. 

On-Demand instances are recommended for:

• Users that prefer the low cost and flexibility of Amazon EC2 without any up-front payment or long-term commitment
• Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted
• Applications being developed or tested on Amazon EC2 for the first time

Reserved Instances- Provide you with a significant discount (up to 75%) compared to On-Demand Instance pricing

Reserved Instances provide you with a significant discount (up to 75%) compared to On-Demand instance pricing. In addition, when Reserved Instances are assigned to a specific Availability Zone, they provide a capacity reservation, giving you additional confidence in your ability to launch instances when you need them.

For applications that have steady state or predictable usage, Reserved Instances can provide significant savings compared to using On-Demand instances. See How to Purchase Reserved Instances for more information.

Reserved Instances are recommended for:

• Applications with steady state usage
• Applications that may require reserved capacity
• Customers that can commit to using EC2 over a 1 or 3 year term to reduce their total computing costs

Spot Instances - Purchase compute capacity with no upfront commitment and at hourly rates usually lower than the On-Demand rate

Amazon EC2 Spot instances allow you to bid on spare Amazon EC2 computing capacity for up to 90% off the On-Demand price. Learn More.

Spot instances are recommended for:

• Applications that have flexible start and end times
• Applications that are only feasible at very low compute prices
• Users with urgent computing needs for large amounts of additional capacity

Dedicated Hosts Instances - 

A Dedicated Host is a physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to your license terms), and can also help you meet compliance requirements. Learn more.

• Can be purchased On-Demand (hourly).
• Can be purchased as a Reservation for up to 70% off the On-Demand price.

* EC2 Instance Types (*****)

- General Purpose

T2 : Low Cost EC2 Instances with Burstable Performance.

      T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline. The baseline performance and ability to burst are governed by CPU Credits. Each T2 instance receives CPU Credits continuously at a set rate depending on the instance size.  T2 instances accrue CPU Credits when they are idle, and use CPU credits when they are active.  T2 instances are a good choice for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (e.g. web servers, developer environments and databases). For more information see Burstable Performance Instances.

M4 : M4 instances are the latest generation of General Purpose Instances. This family provides a balance of compute, memory, and network resources, and it is a good choice for many applications.

M3 : This family includes the M3 instance types and provides a balance of compute, memory, and network resources, and it is a good choice for many applications.

- Compute Optimized

C4 : Highest Compute Performance on Amazon EC2.

       C4 instances are the latest generation of Compute-optimized instances, featuring the highest performing processors and the lowest price/compute performance in EC2.

C3 : Features:

• High Frequency Intel Xeon E5-2680 v2 (Ivy Bridge) Processors
• Support for Enhanced Networking
• Support for clustering
• SSD-backed instance storage

- Memory Optimized

X1 : X1 Instances are optimized for large-scale, enterprise-class, in-memory applications and have the lowest price per GiB of RAM among Amazon EC2 instance types.

R4 : R4 instances are optimized for memory-intensive applications and offer better price per GiB of RAM than R3.

R3 : R3 instances are optimized for memory-intensive applications and offer lower price per GiB of RAM.

- Accelerated Computing

P2 : P2 instances are intended for general-purpose GPU compute applications. 

G3 : G3 instances are optimized for graphics-intensive applications.

F1 : F1 instances offer customizable hardware acceleration with field programmable gate arrays (FPGAs).

- Storage Optimized

I3 : High I/O Instances

This family includes the High Storage Instances that provide Non-Volatile Memory Express (NVMe) SSD backed instance storage optimized for low latency, very high random I/O performance, high sequential read throughput and provide high IOPS at a low cost.

D2 : D2 instances feature up to 48 TB of HDD-based local storage, deliver high disk throughput, and offer the lowest price per disk throughput performance on Amazon EC2.

Prerequisite concept

What is EBS?

Amazon Elastic Block Store (EBS)

Amazon Elastic Block Store is an AWS block storage system that is best used for storing persistent data. Often incorrectly referred to as Elastic Block Storage, Amazon EBS provides highly available block level storage volumes for use with Amazon EC2 instances.

* Amazon EBS Volume Types

- General Purpose SSD (GP2)

- Provisioned IOPS SSD (IO1)

- Throughput Optimized HDD (ST1)

- Cold HDD (SC1)

- Magnetic (Standard) : can boot OS, Lowest cost per gigabyte

- EBS Consists of;

: SSD, General Purpose - GP2 - (Up to 10,000 IOPS)

: SSD, Provisioned IOPS - I01 - (More than 10,000 IOPS)

: HDD, Throughput Optimized - ST1 - frequently accessed workloads

: HDD, Cold - SC1 - less frequently accessed data.

: HDD, Magnetic - Standard - cheap, infrequently accessed storage

- You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS.

* IOPS 

Input/output operations per second (IOPS, pronounced eye-ops) is an input/output performance measurement used to characterize computer storage devices like hard disk drives (HDD), solid state drives (SSD), and storage area networks (SAN). Frequently mischaracterized as a 'benchmark', IOPS numbers published by storage device manufacturers do not relate to real-world application performance.^[1][2]

아이옵스(Input/Output Operations Per Second, IOPS)는 HDD, SSD, SAN 같은 컴퓨터 저장 장치를 벤치마크하는 데 사용되는 성능 측정 단위다. IOPS는 보통 인텔에서 제공하는 Iometer 같은 벤치마크 프로그램으로 측정된다.

IOPS 측정값은 벤치마크 프로그램에 따라 다르다. 구체적으로는 임의 접근과 순차 접근 여부, 벤치마크 프로그램의 쓰레드 갯수와 큐의 크기, 데이터 블록 크기, 읽기 명령과 쓰기 명령의 비중 등에 따라 달라지며, 이외에도 많은 변수들이 있다. 일반적으로는 종합 IOPS, 임의 접근 읽기(Random Access Read) IOPS, 임의 접근 쓰기(Random Access Write) IOPS, 순차 접근 읽기(Sequential Access Read) IOPS, 순차 접근 

* SSD 

반도체를 이용하여 정보를 저장하는 장치이다. 하드디스크드라이브에 비하여 속도가 빠르고 기계적 지연이나 실패율, 발열·소음도 적으며, 소형화·경량화할 수 있는 장점이 있다.

솔리드 스테이트 드라이브(Solid State Drive)의 영문 머리글자를 딴 약자이다. 하드 디스크 드라이브(HDD)와 비슷하게 동작하면서도 기계적 장치인 HDD와는 달리 반도체를 이용하여 정보를 저장한다. 임의접근을 하여 탐색시간 없이 고속으로 데이터를 입출력할 수 있으면서도 기계적 지연이나 실패율이 현저히 적다. 또 외부의 충격으로 데이터가 손상되지 않으며, 발열·소음 및 전력소모가 적고, 소형화·경량화할 수 있는 장점이 있다.

플래시 방식의 비휘발성 낸드플래시메모리(nand flash memory)나 램(RAM) 방식의 휘발성 DRAM을 사용한다. 플래시 방식은 RAM 방식에 비하면 느리지만 HDD보다는 속도가 빠르며, 비휘발성 메모리를 사용하여 갑자기 정전이 되더라도 데이터가 손상되지 않는다. 반면 DRAM 방식은 빠른 접근이 장점이지만 제품 규격이나 가격, 휘발성이라는 문제점이 있다. 따라서 데이터 저장과 안전성이 높은 플래시메모리 기반의 SSD를 주로 사용한다.

대용량 SSD가 개발되면서 노트북PC나 데스크톱PC에도 활용할 수 있게 되었다.

* Instance Store vs. Amazon EBS

* Amazon EBS

Persistent block level storage volumes

Magnetic

General Purpose(SSD)

Provisioned IOPS(SSD)

data independent of instance lifecycle