Assignments

Module 02 : EC2  AND EFS ASSIGNMENT

TOPIC:EFS

Tasks To Be Performed:

Create an EFS and connect it to 3 different EC2 instances. Make sure that all instances have different operating systems. For instance, Ubuntu, Red Hat Linux and Amazon Linux 2.

Solutions

Module 3: IAM Users Assignment

TOPIC:IAM Users,Roles And Policies

Problem Statement:
You work for XYZ Corporation. To maintain the security of the AWS account and the resources you have been asked to implement a solution that can help easily recognize and monitor the different users.

Tasks To Be Performed:

1. Create 4 IAM users named “Dev1”, “Dev2”, “Test1”, and “Test2”.
2. Create 2 groups named “Dev Team” and “Ops Team”.
3. Add Dev1 and Dev2 to the Dev Team.
4. Add Dev1, Test1 and Test2 to the Ops Team.

Module 3: CloudWatch Alarms

Topics:Creation Cloud Watch Alarms
Problem Statement:
You work for XYZ Corporation. To maintain the security of the AWS account and the resources you have been asked to implement a solution that can help easily recognize and monitor the different users. Also, you will be monitoring the machines created by these users for any errors or misconfigurations.

Tasks to Be Performed:
1.Create a CloudWatch billing alarm that goes off when the estimated charges go above $500.
2.Create a CloudWatch alarm which goes off to an Alarm state when the CPU utilization of an EC2 instance goes above 65%. Also, add an SNS topic so that it notifies the person when the threshold is crossed.

Module 3: IAM Policies

Problem Statement:
You work for XYZ Corporation. To maintain the security of the AWS account and the resources you have been asked to implement a solution that can help easily recognize and monitor the different users.
Tasks To Be Performed:

Tasks To Be Performed:

1. Create policy number 1 which lets the users to:
   a. Access S3 completely
   b. Only create EC2 instances
   c. Full access to RDS
2. Create a policy number 2 which allows the users to:
   a. Access CloudWatch and billing completely
   b. Can only list EC2 and S3 resources
3. Attach policy number 1 to the Dev Team from task 1
4. Attach policy number 2 to Ops Team from task 1

Module 3: IAM Roles

Problem Statement:
You work for XYZ Corporation. To maintain the security of the AWS account and
the resources you have been asked to implement a solution that can help easily
recognize and monitor the different users.
Tasks To Be Performed:

1. Create a role which only lets user1 and user2 from task 1 to have complete access to VPCs and DynamoDB.
2. Login into user1 and shift to the role to test out the feature.

Module 4: ELB AND ROUTE 53

Problem Statement:
You work for XYZ Corporation which uses on-premise solutions and a limited number of systems. With the increase in requests in their application, the load also increases. So, to handle the load the corporation must buy more systems almost on a regular basis. Realizing the need to cut down the expenses on systems, they decided to move their infrastructure to AWS.

Tasks To Be Performed:

1. Manage the scaling requirements of the company by:
   a. Deploying multiple compute resources on the cloud as soon as the load increases and the CPU utilization exceeds 80%
   b. Removing the resources when the CPU utilization goes under 60%
2. Create a load balancer to distribute the load between compute resources.
3. Route the traffic to the company’s domain

Module 5:VPC AND PEERING

You work for XYZ Corporation and based on the expansion requirements of your corporation you have been asked to create and set up a distinct Amazon VPC for the production and development team. You are expected to perform the following tasks for the respective VPCs.

Production Network:
1.Design and build a 4-tier architecture.
2.Create 5 subnets out of which 4 should be private named app1, app2, dbcache and db and one should be public, named web.
3.Launch instances in all subnets and name them as per the subnet that they have been launched in.
4.Allow dbcache instance and app1 subnet to send internet requests.
5.Manage security groups and NACLs.

Development Network:
1.Design and build 2-tier architecture with two subnets named web and db and launch instances in both subnets and name them as per the subnet names.
2.Make sure only the web subnet can send internet requests.
3.Create peering connection between production network and development network.
4.Setup connection between db subnets of both production network and development network respectively.

Module 6:S3

Module 6: S3 Bucket Creation Assignment 1

Problem Statement:
You work for XYZ Corporation. Their application requires a storage service that
can store files and publicly share them if required. Implement S3 for the same.
Tasks To Be Performed:

1. Create an S3 Bucket for file storage.
2. Upload 5 objects with different file extensions.

Module 6: S3 Bucket Versioning Assignment 2

Problem Statement:
You work for XYZ Corporation. Their application requires a storage service that
can store files and publicly share them if required. Implement S3 for the same.
Tasks To Be Performed:

1. Enable versioning for the bucket created in task 1.
2. Re-upload any 2 files already uploaded to verify if versioning works.

Module 6: S3 Website Hosting Assignment 3

Problem Statement:
You work for XYZ Corporation. Their application requires a storage service that
can store files and publicly share them if required. Implement S3 for the same.
Tasks To Be Performed:

1. Use the created bucket in the previous task to host static websites, upload
   an index.html file and error.html page.
2. Add a lifecycle rule for the bucket:
   a. Transition from Standard to Standard-IA in 60 days
   b. Expiration in 200 days

Module 7: Aurora Assignment

Problem Statement:
You work for XYZ Corporation. Their application requires a SQL service that can store data which can be retrieved if required. Implement a suitable RDS engine for the same.

While migrating, you are asked to perform the following tasks:

1. Create an AuroraDB Engine based RDS Database.
2. Create 2 Read Replicas in different availability zones for better
   infrastructure availability.

Module 7: MariaDB Assignment

Problem Statement:
You work for XYZ Corporation. Their application requires a SQL service that can store data which can be retrieved if required. Implement a suitable RDS engine for the same.
While migrating, you are asked to perform the following tasks:

1. Create a MariaDB Engine based RDS Database.
2. Connect to the DB using the following ways:
   a. SQL Client for Windows
   b. Linux based EC2 Instance

Module 7: Redshift Assignment

Problem Statement:
You work for XYZ Corporation. Their application requires a database service that can store data which can be retrieved if required. Implement suitable service for the same.
While migrating, you are asked to perform the following tasks:

1. Create a Redshift data warehouse.
2. Using the query editor:
   a. Load some data
   b. Query the dataANSWER:

Module 8: Case Study - 1

Problem Statement:
You work for XYZ Corporation. Your corporation wants to launch a new
web-based application. The development team has prepared the code but it is
not tested yet. The development team needs the system admins to build a web
server to test the code but the system admins are not available.
Tasks To Be Performed:

1. Web tier: Launch an instance in a public subnet and that instance should
   allow HTTP and SSH from the internet.
2. Application tier: Launch an instance in a private subnet of the web tier and
   it should allow only SSH from the public subnet of Web Tier-3.
3. DB tier: Launch an RDS MYSQL instance in a private subnet and it should
   allow connection on port 3306 only from the private subnet of Application
   Tier-4.
4. Setup a Route 53 hosted zone and direct traffic to the EC2 instance.
   You have been also asked to propose a solution so that:
5. Development team can test their code without having to involve the system
   admins and can invest their time in testing the code rather than
   provisioning, configuring and updating the resources needed to test the
   code.
6. Make sure when the development team deletes the stack, RDS DB
   instances should not be deleted.

Module 8: SQS and SES Assignment

Problem Statement:
You work for XYZ Corporation. Your team is asked to deploy similar architecture multiple times for testing, development, and production purposes. Implement CloudFormation for the tasks assigned to you below. Tasks To Be Performed:
Tasks To Be Performed:

1. Create a FIFO SQS queue and test by sending messages.
2. Register your mail in SES and send a test mail to yourself.

Module 8: CloudFormation

Problem Statement:
You work for XYZ Corporation. Your team is asked to deploy similar architecture multiple times for testing, development, and production purposes.
Implement CloudFormation for the tasks assigned to you below.

Tasks To Be Performed:

1. Use the template from CloudFormation task 1.
2. Add Notification to the CloudFormation stack using SNS so that you get a notification via mail for every step of the stack creation process.

Module 9: Elastic Beanstalk

Problem Statement:
You work for XYZ Corporation. Your corporation wants to launch a new web-based application and they do not want their servers to be running all the time. It should also be managed by AWS. Implement suitable solutions.
Tasks To Be Performed:

1. Create an Elastic Beanstalk environment with the runtime as PHP.
2. Upload a simple PHP file to the environment once created.

Module 9: Lambda Assignment

Problem Statement:
You work for XYZ Corporation. Your corporation wants to launch a new web-based application and they do not want their servers to be running all the time. It should also be managed by AWS. Implement suitable solutions.
Tasks To Be Performed:

1. Create a sample Python Lambda function.
2. Set the Lambda Trigger as SQS and send a message to test invocations.

Problem Statement

Tasks To Be Performed:

You have been asked to:
● Pull ubuntu container
● Run this container, and map port 80 on the local
● Install apache2 on this container
● Check if you are able to access the apache page on your browser

Problem Statement

Tasks To Be Performed:

1. Save the image created in assignment 1 as a Docker image
2. Launch container from this new image and map the port to 81
3. Go inside the container and start the Apache2 service
4. Check if you are able to access it on the browser

Problem Statement

Tasks To Be Performed:

1. Use the saved image in the previous assignment
2. Upload this image on Docker Hub
3. On a separate machine pull this Docker Hub image and launch it on port 80
4. Start the Apache2 service
5. Verify if you are able to see the Apache2 service

Problem Statement

Tasks To Be Performed:

1. Create a Dockerfile with the following specs:
   ● Ubuntu container
   ● Apache2 installed
   ● Apache2 should automatically run once the container starts
2. Submit the Dockerfile for assignment completion

Problem Statement

Tasks To Be Performed:

1. Create a sample HTML file
2. Use the Dockerfile from the previous task
3. Replace this sample HTML file inside the Docker container with the default
   page

ANSIBLE

Tasks To Be Performed:

1. Setup Ansible cluster with 3 nodes
2. On slave 1 install Java
3. On slave 2 install MySQL server
   Do the above tasks using Ansible Playbooks

Tasks To Be Performed:

1. Create a script which can add text “This text has been added by custom
   script” to /tmp.1.txt
2. Run this script using Ansible on all the hosts

Tasks To Be Performed:

1. Create 2 Ansible roles
2. Install Apache2 on slave1 using one role and NGINX on slave2 using the
   other role
3. Above should be implemented using different Ansible roles

Tasks To Be Performed:

1. Use the previous deployment of Ansible cluster
2. Configure the files folder in the role with index.html which should be
   replaced with the original index.html
   All of the above should only happen on the slave which has NGINX installed
   using the role.

Tasks To Be Performed:

1. Create a new deployment of Ansible cluster of 5 nodes
2. Label 2 nodes as test and other 2 as prod
3. Install Java on test nodes
4. Install MySQL server on prod nodes
   Use Ansible roles for the above and group the hosts under test and prod.

Kubernetes

Tasks To Be Performed:

1. Deploy a Kubernetes cluster for 3 nodes
2. Create a NGINX deployment of 3 replicas

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

Tasks To Be Performed:

1. Use the previous deployment
2. Create a service of type NodePort for NGINX deployment
3. Check the NodePort service on a browser to verify

Tasks To Be Performed:

1. Use the previous deployment
2. Change the replicas to 5 for the deployment

Tasks To Be Performed:

1. Use the previous deployment
2. Change the service type to ClusterIP

Tasks To Be Performed:

1. Trigger a pipeline using Git when push on develop branch
2. Pipeline should pull Git content to a folder

Tasks To Be Performed:

1. Create a pipeline in Jenkins.
2. Once push is made to “develop” a branch in Git, trigger job “test”. This will
   copy Git files to test node.
3. If test job is successful, then prod job should be triggered.
4. Prod jobs should copy files to prod node.

Terraform

Tasks To Be Performed:

1. Create an EC2 service in the default subnet in the Ohio region

provider "aws" {
        region = "us-east-2"
        access_key = "AKIA4MI2JKFZN2JLGBJ7"
        secret_key = "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"
}

resource "aws_instance" "assignment-4" {
        ami = "ami-0cb91c7de36eed2cb"
        instance_type = "t2.micro"
        key_name = "docker"
        tags = {
        Name = "assignment-1"
        }
}

Tasks To Be Performed:

1. Destroy the previous deployment
2. Create a new EC2 instance with an Elastic IP

provider "aws" {
        region = "us-east-1"
        access_key = "AKIA4MI2JKFZN2JLGBJ7"
        secret_key = "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"
}
resource "aws_instance" "assignment-2" {
        ami = "ami-04b4f1a9cf54c11d0"
        instance_type = "t2.micro"
        key_name = "docker"
        tags = {
        Name = "assignment-2"
        }
}
resource "aws_eip" "eip" {
  vpc = true
}
resource "aws_eip_association" "eip_assoc" {
instance_id   = aws_instance.assignment-2.id
allocation_id = aws_eip.eip.id
}

Tasks To Be Performed:

1. Destroy the previous deployment
2. Create 2 EC2 instances in Ohio and N.Virginia respectively
3. Rename Ohio’s instance to ‘hello-ohio’ and Virginia’s instance to
   ‘hello-virginia’

provider "aws" {
        alias = "NV"
        region = "us-east-1"
        access_key = "AKIA4MI2JKFZN2JLGBJ7"
        secret_key = "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"
}
provider "aws" {
        alias = "Ohio"
        region = "us-east-2"
        access_key = "AKIA4MI2JKFZN2JLGBJ7"
        secret_key = "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"
}
resource "aws_instance" "assignment-3-1" {
        provider = aws.NV
        ami = "ami-04b4f1a9cf54c11d0"
        instance_type = "t2.micro"
        key_name = "docker"
        tags = {
        Name = "hello-virginia"
        }
}
resource "aws_instance" "assignment-3-2" {
        provider = aws.Ohio
        ami = "ami-0cb91c7de36eed2cb"
        instance_type = "t2.micro"
        key_name = "docker"
        tags = {
        Name = "hello-ohio"
        }
}

Tasks To Be Performed:

1. Destroy the previous deployments.
2. Create a VPC with the required components using Terraform.
3. Deploy an EC2 instance inside the VPC.

provider "aws"{
    region = "us-east-2"
    access_key = "AKIA4MI2JKFZN2JLGBJ7"
    secret_key = "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"
}
resource "aws_instance" "assignment-4"{
     ami = "ami-09040d770ffe2224f"
     instance_type = "t2.micro"
     associate_public_ip_address = true
     subnet_id = aws_subnet.assignment-4-subnet.id
     key_name = "docker"
     tags = {
     Name = "assignment-4"
     }
}


resource "aws_vpc" "assignment-4-vpc"{
        cidr_block = "10.10.0.0/16"
        tags = {
        Name = "assignment-4-vpc"
        }
}
resource "aws_internet_gateway" "gw" {
  vpc_id = aws_vpc.assignment-4-vpc.id

  tags = {
    Name = "main-gw"
  }
}

resource "aws_subnet" "assignment-4-subnet"{
          vpc_id = aws_vpc.assignment-4-vpc.id
          cidr_block = "10.10.0.0/18"
          map_public_ip_on_launch = true
          availability_zone = "us-east-2a"
          tags = {
          Name = "assignment-4-subnet"
          }
}
resource "aws_route_table" "public" {
  vpc_id = aws_vpc.assignment-4-vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.gw.id
  }

  tags = {
    Name = "public-rt"
  }
}

resource "aws_route_table_association" "public" {
  subnet_id      = aws_subnet.assignment-4-subnet.id
  route_table_id = aws_route_table.public.id
}

Tasks To Be Performed:

1. Destroy the previous deployments
2. Create a script to install Apache2
3. Run this script on a newly created EC2 instance
4. Print the IP address of the instance in a file on the local once deployed

provider "aws"{
    region = "us-east-2"
    access_key = "AKIA4MI2JKFZN2JLGBJ7"
    secret_key = "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"
}
resource "aws_instance" "assignment-5"{
     ami = "ami-09040d770ffe2224f"
     instance_type = "t2.micro"
     key_name = "docker"
     user_data = <<-EOF
         #!/bin/bash
         apt update -y
         apt-get install apache2 -y
         systemctl enable apache2
         EOF
     tags = {
     Name = "assignment-5"
     }
}
output "instance_ip"{
  value = aws_instance.assignment-5.public_ip
}
resource "local_file" "instance_ip_file"{
   content = aws_instance.assignment-5.public_ip
   filename = "${path.module}/instance_ip.txt"
}