Merge pull request #223 from Lemoncode/aws-review

JaimeSalas · web-flow · commit 8ebce62fb87e · 2025-01-19T20:56:31.000+01:00
Aws review
diff --git a/04-cloud/aws/02-create-user/readme.md b/04-cloud/aws/02-create-user/readme.md
@@ -6,35 +6,35 @@ When we sign up to AWS for the first time a new root user is created. This root
 
 As user with elavated privilages (such as root), log into AWS Console, navigate to _IAM dashboard_ and select _Access management_ option, an inside click on _User groups_
 
-[Access user groups](./.resources/user-group/01.png)
+![Access user groups](./.resources/user-group/01.png)
 
 Click on `Create group`
 
-[Create user group](./.resources/user-group/02.png)
+![Create user group](./.resources/user-group/02.png)
 
 Set up group name `admins`
 
-[Config user group](./.resources/user-group/03.png)
+![Config user group](./.resources/user-group/03.png)
 
 Select `AdministratorAccess`
 
-[Add permissions to group](./.resources/user-group/04.png)
+![Add permissions to group](./.resources/user-group/04.png)
 
 Scroll down and click on `Create group`
 
-[Confirm group creation](./.resources/user-group/05.png)
+![Confirm group creation](./.resources/user-group/05.png)
 
 We have created a new group, notice that there are no users associated, lets change that next.
 
 ## Accessing to IAM and Creating a User
 
 From AWS console, search for `IAM` services
 
-[IAM access](./.resources/01-iam.png)
+![IAM access](./.resources/01-iam.png)
 
 Now that we're on `Identity and Access Management` service, select users:
 
-[users selection](./.resources/02-users.png)
+![users selection](./.resources/02-users.png)
 
 Click on `Create user`
 
@@ -44,22 +44,22 @@ Let's create a new user:
 2. Ensure that we grant access to AWS console.
 3. Select `I want to create an IAM user`
 
-[creaete user 1](./.resources/03-create-user-1.png)
+![creaete user 1](./.resources/03-create-user-1.png)
 
 As long as we're creating a new user with console access we need to provide a `password`. On real life, you will want that this is a one shot time password, but we're on demo time so check `Custom password` and deselect `User must create a new password at next sign-in`
 
-[creaete user 1](./.resources/04-create-user-2.png)
+![creaete user 1](./.resources/04-create-user-2.png)
 
 Click on `Next`
 
 Now we need to set up the permissions for the new user, in our case we're going to select `Add user to group` and check `admins`:
 
-[user group](./.resources/05-user-group.png)
+![user group](./.resources/05-user-group.png)
 
 Click on `Next`
 
 Lets have a look and check that everything looks good:
 
-[review](./.resources/06-review.png)
+![review](./.resources/06-review.png)
 
 Click on `Create user`. For last a summary page is shown to us, where we can see all our settings.
diff --git a/04-cloud/aws/03-user-key-access/readme.md b/04-cloud/aws/03-user-key-access/readme.md
@@ -6,28 +6,28 @@ Now that we've created a new user, we need to generate credentials in order to g
 
 Access `IAM` and select `Users`
 
-[IAM users](./.resources/01-iam-users.png)
+![IAM users](./.resources/01-iam-users.png)
 
 Select the previously created user and `click` on it.
 
-[Select user](./.resources/02-select-user.png)
+![Select user](./.resources/02-select-user.png)
 
 Now on this menu we can create a new `access key`
 
-[Access key option](./.resources/03-access-key-option.png)
+![Access key option](./.resources/03-access-key-option.png)
 
 Click on `Create access key`
 
 Pick use case `Command Line Interface (CLI)`
 
-[Create access key 1](./.resources/04-create-access-key-1.png)
+![Create access key 1](./.resources/04-create-access-key-1.png)
 
-[Create access key 2](./.resources/04-create-access-key-2.png)
+![Create access key 2](./.resources/05-create-access-key-2.png)
 
 Click on `Next`
 
 Now we can provide a description tag
 
-[Create access key 2](./.resources/04-create-access-key-2.png)
+![Create access key 2](./.resources/06-create-access-key-3.png)
 
 Cick on `Create access key`.
diff --git a/04-cloud/aws/05-ec2-deploy/readme.md b/04-cloud/aws/05-ec2-deploy/readme.md
@@ -84,12 +84,12 @@ whoami
 Notice that our user is `ec2-user`, this is fine. By the way the user name, will depend on picked AMI. Lets try to install Docker and spin up an Nginx server.
 
 ```bash
-sudo dnf update
-sudo dnf install docker -y
+#!/bin/bash
+sudo yum update -y
+sudo yum install -y docker
 sudo systemctl start docker
 sudo systemctl enable docker
-sudo usermod -aG docker $USER 
-newgrp docker
+sudo usermod -aG docker $USER
 ```
 
 ```bash
diff --git a/04-cloud/aws/06-configuring-security-groups/01-creating-security-group.md b/04-cloud/aws/06-configuring-security-groups/01-creating-security-group.md
@@ -2,18 +2,18 @@
 
 You can find security group configuration under the EC2 service. To get there, select Services, types EC2, then go to the EC2 console. On the left-hand side under Network and Security, you'll see security groups. 
 
-[01](./.resources/01.png)
+![01](./.resources/01.png)
 
 This will show you the list of your security groups. When you're creating a rule, it will either be `inbound` or `outbound`. Here are some inbound rules that were already created for this security group, and there are also a couple of outbound rules. 
 
-[02](./.resources/02.png)
+![02](./.resources/02.png)
 
-[03](./.resources/03.png)
+![03](./.resources/03.png)
 
 To edit a rule, select the `Edit button`. 
 
 Let's add a rule to check out type, protocol, and port range. There are several common configurations listed under the Type menu, such as `SSH`, `HTTP`, and `RDP`. 
 
-When you select a type, the protocol and port range are automatically populated for you. This is helpful if you don't have all of the port numbers for different protocols memorized. I
+When you select a type, the protocol and port range are automatically populated for you. This is helpful if you don't have all of the port numbers for different protocols memorized. 
 
-f you need to create a custom rule, for example if you have an application running on port 8080 over TCP, you could select Custom TCP Rule, then put port 8080.
+If you need to create a custom rule, for example if you have an application running on port 8080 over TCP, you could select Custom TCP Rule, then put port 8080.
diff --git a/04-cloud/aws/06-configuring-security-groups/readme.md b/04-cloud/aws/06-configuring-security-groups/readme.md
@@ -0,0 +1,53 @@
+# Configuring Security Groups
+
+## Introduction
+
+A **security group is a virtual firewall for your EC2 instance**. It will control both the `inbound` and the `outbound` traffic **to and from your instance**.
+
+- Security groups belong to a VPC
+- Assigned at instance level
+- Can use same SG in different subnets in same VPC
+- Same subnet can have different security groups
+
+> Page 1
+
+### Traffic flow to instance
+
+1. Internet or VPN Gateway 
+2. Router 
+3. Route table 
+4. Network access control list (NACL) 
+5. Security Group
+
+> Page 2
+
+### Security Group vs. NACL
+
+|                             Security group                             |                        Network Access Control List                         |
+| :--------------------------------------------------------------------: | :------------------------------------------------------------------------: |
+|                             Instance level                             |                                Subnet level                                |
+|                            Allow rules only                            |                            Allow and deny rules                            |
+|               Evaluate all rules before allowing traffic               |                      Rules processed in numeric order                      |
+| Stateful: return traffic automatically allowed regardless of any rules |       Stateless: return traffic must be explicitly allowed by rules        |
+|       Applies to instance only if associate with security group        | Automatically applies to all instances in subnets associated with the NACL |
+
+### Security Groups Are Dynamic
+
+- Assign multiple security groups to an instance
+- Change the security group(s) assigned to an instance
+- Modify secuirty group rules
+- Changes to security group are applied immediately
+
+## Security Group Rules
+
+- Type: Pre-defined protocol / port combinations
+- Protocol: TCP, UDP, ICMP
+- Port Range: Which port are allowed as part of the rule
+
+## Source and Destination
+
+- Security Group
+  - ID of another security group
+- IP Address
+  - IPv4 or IPv6 CIDR block
+  - Single address (/32 or /128)
diff --git a/04-cloud/aws/07-ec2-access/readme.md b/04-cloud/aws/07-ec2-access/readme.md
@@ -37,7 +37,7 @@
 ## Outbound Access on EC2
 
 - Default security group allows all outbound access from EC2
-    - Access restricted if oubound rule is removed or changed
+    - Access restricted if outbound rule is removed or changed
 - Return response from http server or machine still works
     - Security group rules are stateful
         - Inbound rule allows port 80 so response is automatically allowed regardless of outbound rules
diff --git a/04-cloud/aws/08-managing-ips/readme.md b/04-cloud/aws/08-managing-ips/readme.md
@@ -12,6 +12,8 @@
 
 ## Create and Use a Bastion Server
 
+> Page 1
+
 [Demo: Create and Use a Bastion Server](./demos/01-bastion-server.md)
 
 ## Disable Auto-assign Public IP
diff --git a/04-cloud/aws/09-elb/demos/01-setup/readme.md b/04-cloud/aws/09-elb/demos/01-setup/readme.md
@@ -71,7 +71,11 @@ VPC_ID=$(aws ec2 create-vpc --cidr-block 172.31.0.0/16  \
   | jq -r '.Vpc."VpcId"')
 ```
 
-> Enable DNS hostnames from console
+> Enable DNS hostnames from console or using AWS CLI as follows:
+
+```bash
+aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-hostnames "{\"Value\":true}"
+```
 
 ### Create web tier subnets
 
@@ -193,6 +197,8 @@ IMAGE_ID=ami-0302f42a44bf53a45
 
 ### Create web instances
 
+> Ensure that `devops_trainer_key` is created in the desired region
+
 ```bash
 aws ec2 run-instances \
     --image-id $IMAGE_ID \
@@ -202,7 +208,7 @@ aws ec2 run-instances \
     --security-group-ids $WEBSG \
     --associate-public-ip-address \
     --private-ip-address 172.31.1.21 \
-    --tag-specifications ResourceType=instance,Tags='[{Key=name,Value=web1}]'
+    --tag-specifications ResourceType=instance,Tags='[{Key=Name,Value=web1}]'
 ```
 
 ```bash
@@ -214,7 +220,7 @@ aws ec2 run-instances \
     --security-group-ids $WEBSG \
     --associate-public-ip-address \
     --private-ip-address 172.31.2.22 \
-    --tag-specifications ResourceType=instance,Tags='[{Key=name,Value=web2}]'
+    --tag-specifications ResourceType=instance,Tags='[{Key=Name,Value=web2}]'
 ```
 
 ```bash
diff --git a/04-cloud/aws/09-elb/demos/02-user-data/readme.md b/04-cloud/aws/09-elb/demos/02-user-data/readme.md
@@ -6,8 +6,8 @@ Create `install-docker.txt`
 
 ```bash
 #!/bin/bash
-sudo dnf update
-sudo dnf install docker -y
+sudo yum update -y
+sudo yum install -y docker
 sudo systemctl start docker
 sudo systemctl enable docker
 sudo usermod -aG docker $USER
@@ -59,7 +59,7 @@ With this we're finally ready to try to start our instance with user data:
 > NOTE: We have taken the image id from region AMI Catalog
 
 ```bash
-aws ec2 run-instances --image-id ami-07355fe79b493752d \
+aws ec2 run-instances --image-id ami-0ef0975ebdd78b77b \
  --count 1 --instance-type t3.micro \
  --key-name dublin_key --subnet-id $SUBNET --security-group-ids $SSHSG \
  --region eu-west-1 \
diff --git a/04-cloud/aws/09-elb/demos/03-web-tier-deploy/readme.md b/04-cloud/aws/09-elb/demos/03-web-tier-deploy/readme.md
@@ -1,6 +1,6 @@
 # Demo
 
-We're going to SSH into web1 and deploy the web front end using `Docker`. We're then going to browse directly to web1's public IP address and verify that the web front end is actually working. 
+We're going to SSH into web1 and deploy the web front end using `Docker`. We're then going to browse directly to web1's public IP address and verify that the web frontend is actually working. 
 
 - SSH into `web1`
 - Deploy the front end using Docker
diff --git a/04-cloud/aws/09-elb/demos/10-provisioning-db/readme.md b/04-cloud/aws/09-elb/demos/10-provisioning-db/readme.md
@@ -9,11 +9,12 @@ ssh -i "your_key" ec2-user@<public_dns>
 Install Docker
 
 ```bash
-sudo dnf update
-sudo dnf install docker -y
+# Install Docker
+sudo yum update -y
+sudo yum install -y docker
 sudo systemctl start docker
 sudo systemctl enable docker
-sudo usermod -aG docker $USER 
+sudo usermod -aG docker $USER
 newgrp docker
 ```
 
@@ -30,7 +31,7 @@ docker run -d -p 27017:27017 \
 
 Connect to an app tier instance, for example `app1`
 
-Ping to db instance
+Ping to db instance using the private DNS
 
 ```bash
 nslookup ip-172-31-101-99.eu-west-3.compute.internal
@@ -51,7 +52,7 @@ Check Mongo connectivity. Test Mongo connectivity. From EC2 Dashboard, we can ch
 - 172.31.101.99
 
 ```bash
-sudo dnf -y install telnet
+sudo yum -y install telnet
 telnet ip-172-31-101-99.eu-west-3.compute.internal 27017
 ```
 
diff --git a/04-cloud/aws/09-elb/readme.md b/04-cloud/aws/09-elb/readme.md
@@ -50,6 +50,26 @@ Right now, we need to SSH into each machine to install Docker. We can avoid this
 
 ## Creating and HTTP Target Group
 
+### What is a Target Group?
+
+A target group in AWS is a key component of Elastic Load Balancing (ELB) that serves as a logical grouping of targets to which traffic can be routed. Here are the main points about target groups:
+
+1. Purpose: Target groups are used to distribute incoming traffic across multiple targets, such as EC2 instances, IP addresses, or Lambda functions.
+
+2. Load Balancer Association: They are associated with Application Load Balancers, Network Load Balancers, or Gateway Load Balancers to define where traffic should be directed.
+
+3. Health Checks: Target groups allow you to configure health checks to ensure that traffic is only routed to healthy targets.
+
+4. Routing Rules: You can create routing rules in your load balancer to direct specific types of requests to different target groups.
+
+5. Auto Scaling Integration: Target groups can be used with Auto Scaling groups to automatically register or deregister instances as they are launched or terminated.
+
+6. Flexibility: You can register the same target with multiple target groups, allowing for flexible traffic distribution strategies.
+
+7. Attributes: Target groups have configurable attributes such as deregistration delay, load balancing algorithm, and stickiness settings.
+
+8. Monitoring: They provide metrics and health status information for your targets, helping you monitor the performance of your application.
+
 ### Supported Protocols
 
 - HTTP
@@ -117,11 +137,11 @@ We're going to deploy the web front end on `web2` and `web3` and add those insta
 
 ### Stickiness Duration
 
-- How long load balancer will maintain sticky session between clinet and target
+- How long load balancer will maintain sticky session between client and target
 - Load balancer sets a browser cookie with a unique, encrypted value
 - Client sends back the cookie with each subsequent request
 - Between 1 second and 7 days
 
 [Demo: Sticky Sessions](./demos/11-sticky-session/readme.md)
 
-[Demo: Idle Timeout]()
+[Demo: Idle Timeout](./demos/12-idle-timeout.md/readme.md)
