Reference no: EM133697567
Cloud Computing
Practical Test
Objective: The assignment aim is to set up an EC2 instance in a Virtual Private Cloud (VPC), connect it to an Amazon Simple Storage Service (S3) bucket, and work with bucket contents. Note: Try to use your first name or student ID when naming your VPC, EC2, S3 Bucket, etc.
Note: Set your region to Asia Pacific (Sydney)
Create a VPC and a public subnet (use instructions from Lab 3)
Create a VPC with Internet gateway, plus a public subnet and a public Route table. Include your first name in all of them. Associate Route table with the public Subnet.
Take a full and clear screenshot of your VPC's entire Resource map
Launch an EC2 instance based on Amazon Linux inside your new VPC and public subnet. Note: Make sure your account is eligible for the Free Tier, and that you use Free Tier eligible services when launching the instance.
Connect to the EC2 instance using SSH client.
Take a full screenshot of the Linux prompt upon successful connection
Create a S3 bucket (instructions from Lab 4, until bucket is created)
Go to S3 dashboard to create a bucket. Include your first name in the bucket name.
Under the bucket Permissions, use the Bucket policy previously discussed in Lab 4.
Upload a blank .txt file named with your first name (e.g., name.txt) into the S3 bucket.
Create an endpoint using the VPC dashboard
Open the Amazon VPC dashboard.
In the navigation pane, choose Endpoints. Then choose Create endpoint.
For Service category, choose AWS services.
In Services, filter for Type= Gateway and select the option com.amazonaws.region.s3 Note: If your region is Asia Pacific (Sydney), region would be ap-southeast-2
For VPC, and Route table, select the VPC and public subnet you created in step 1.
For Policy, select Full access to allow all operations by all principals on all resources over the VPC endpoint.
Choose Create endpoint.
Take another screenshot of VPC's Resource Map showing the new endpoint (4 marks)
Create an IAM instance profile that grants access to Amazon S3
Open the IAM dashboard.
Choose Roles, and then choose Create role.
Select AWS Service and then choose EC2 under Use Case.
Select Next to go to Add permissions.
Search and select AmazonS3FullAccess policy to allow EC2 access your S3 buckets.
Next, enter a Role name and include your first name in it, e.g., name-EC2-role.
Take a screenshot of the Role details showing the Role name, and Description
Attach the IAM instance profile to the EC2 instance
Open the Amazon EC2 dashboard and navigate to instances.
Select the EC2 instance created in step 1. Attach the IAM role created in step 4 using:
Choose the Actions tab, choose Security, and then choose Modify IAM role.
Select the IAM role that you just created, and then Update IAM role. The IAM role is assigned to your EC2 instance.
Update your bucket policy to restrict bucket permissions to your EC2 instance
For the bucket created in step 2, under the bucket permissions edit Bucket policy, and change the policy code to the code shown below, and then save changes.
Note: Replace your-bucket-name with the name of your S3 bucket and vpce-xxxxxxxxxx with the ID of the VPC endpoint (created in step 3) that attached to your EC2 instance.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*", "Resource": [
"arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*"
],
"Condition": { "StringEquals": {
"aws:SourceVpce": "vpce-xxxxxxxxxx"
}
}
}
]
}
Take a full and clear screenshot of your bucket policy (4 marks)
Explain briefly in your report, what are the TWO main differences between the updated bucket policy in step 6, and the previous policy that was used in step 2 (4 marks)
Access your S3 from the EC2 instance, in Lunix prompt
Use the Linux command below to list all S3 buckets, including the one created in step 2:
aws s3 ls
List file (or files) in the new bucket created in step 2:
aws s3 ls s3://your-bucket-name
List any EC2 files:
ls
Get the file in the bucket created in step 2 (e.g., name.txt):
aws s3 cp s3://your-bucket-name/name.txt .
Then again list the files in EC2:
ls -l
Finally delete the file from EC2:
rm name.txt
Take a full screenshot of the prompt showing all 6 commands and their results (5 marks)
Note: if the commands execute but do not return results, you may review the traffic rules in the Security group or Network ACL (assigned to the instance and subnet, respectively).
Completion
Terminate the EC2.
Submit a WORD report containing the screenshots and descriptions via Moodle LMS. Include a one liner caption on the top of each screenshot, to describe its contents.
Number the captions (e.g. Screenshot 1. VPC Resource map showing etc etc...)