adding materials for elb and cf

skrypty/create-ec2-in-vpc.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Set variables
+REGION="us-east-1"
+VPC_NAME="uam-bwc-vpc1"
+PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
+PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
+KEY_NAME="uam-bwc-key"
+SECURITY_GROUP_NAME="uam-bwc-sg"
+INSTANCE_TYPE="t2.micro"
+AMI_ID="ami-005fc0f236362e99f"
+
+# Get VPC ID
+VPC_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=$VPC_NAME" --region $REGION --query 'Vpcs[0].VpcId' --output text)
+echo "Found VPC ID: $VPC_ID for VPC Name: $VPC_NAME"
+
+# Get Private Subnet IDs
+PRIVATE_SUBNET1_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET1_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
+echo "Found Private Subnet 1 ID: $PRIVATE_SUBNET1_ID for Subnet Name: $PRIVATE_SUBNET1_NAME"
+
+PRIVATE_SUBNET2_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET2_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
+echo "Found Private Subnet 2 ID: $PRIVATE_SUBNET2_ID for Subnet Name: $PRIVATE_SUBNET2_NAME"
+
+# Create SSH Key Pair
+aws ec2 create-key-pair --key-name $KEY_NAME --query 'KeyMaterial' --output text > ${KEY_NAME}.pem
+chmod 400 ${KEY_NAME}.pem
+echo "Created SSH Key Pair: $KEY_NAME"
+
+# Create Security Group
+SG_ID=$(aws ec2 create-security-group --group-name $SECURITY_GROUP_NAME --description "Security group for HTTP and SSH access" --vpc-id $VPC_ID --region $REGION --query 'GroupId' --output text)
+echo "Created Security Group: $SG_ID"
+
+# Allow inbound access on port 80 (HTTP) and port 22 (SSH)
+aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 80 --cidr 0.0.0.0/0 --region $REGION
+aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 22 --cidr 0.0.0.0/0 --region $REGION
+echo "Configured Security Group to allow HTTP and SSH access"
+
+# User Data script
+USER_DATA=$(cat <<EOF
+#!/bin/bash
+apt-get update -y
+apt-get install -y apache2
+systemctl start apache2
+systemctl enable apache2
+echo "Hello from \$(uname -n)" > /var/www/html/index.html
+EOF
+)
+
+# Create EC2 instance in private subnet 1
+INSTANCE1_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET1_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
+aws ec2 create-tags --resources $INSTANCE1_ID --tags Key=Name,Value=uam-bwc-httpd1
+echo "Created EC2 instance in private subnet 1: $INSTANCE1_ID with name uam-bwc-httpd1"
+
+# Create EC2 instance in private subnet 2
+INSTANCE2_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET2_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
+aws ec2 create-tags --resources $INSTANCE2_ID --tags Key=Name,Value=uam-bwc-httpd2
+echo "Created EC2 instance in private subnet 2: $INSTANCE2_ID with name uam-bwc-httpd2"
+
+echo "EC2 instances setup complete"

skrypty/create-vpc.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+# Set variables
+REGION="us-east-1"
+VPC_NAME="uam-bwc-vpc1"
+VPC_CIDR="10.10.0.0/16"
+IGW_NAME="uam-bwc-ig1"
+PUBLIC_SUBNET1_CIDR="10.10.0.0/24"
+PUBLIC_SUBNET2_CIDR="10.10.1.0/24"
+PRIVATE_SUBNET1_CIDR="10.10.2.0/24"
+PRIVATE_SUBNET2_CIDR="10.10.3.0/24"
+PUBLIC_SUBNET1_NAME="uam-bwc-public-subnet1"
+PUBLIC_SUBNET2_NAME="uam-bwc-public-subnet2"
+PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
+PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
+NAT_GW_NAME="uam-bwc-nat1"
+PUBLIC_RT_NAME="uam-bwc-public-rt1"
+PRIVATE_RT_NAME="uam-bwc-private-rt1"
+
+# Create VPC
+VPC_ID=$(aws ec2 create-vpc --cidr-block $VPC_CIDR --region $REGION --query 'Vpc.VpcId' --output text)
+aws ec2 create-tags --resources $VPC_ID --tags Key=Name,Value=$VPC_NAME
+echo "Created VPC: $VPC_ID with name $VPC_NAME"
+
+# Create Internet Gateway
+IGW_ID=$(aws ec2 create-internet-gateway --region $REGION --query 'InternetGateway.InternetGatewayId' --output text)
+aws ec2 create-tags --resources $IGW_ID --tags Key=Name,Value=$IGW_NAME
+echo "Created Internet Gateway: $IGW_ID with name $IGW_NAME"
+
+# Attach Internet Gateway to VPC
+aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id $VPC_ID --region $REGION
+echo "Attached Internet Gateway to VPC"
+
+# Create Public Subnets
+PUBLIC_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
+aws ec2 create-tags --resources $PUBLIC_SUBNET1_ID --tags Key=Name,Value=$PUBLIC_SUBNET1_NAME
+echo "Created Public Subnet 1: $PUBLIC_SUBNET1_ID with name $PUBLIC_SUBNET1_NAME"
+
+PUBLIC_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
+aws ec2 create-tags --resources $PUBLIC_SUBNET2_ID --tags Key=Name,Value=$PUBLIC_SUBNET2_NAME
+echo "Created Public Subnet 2: $PUBLIC_SUBNET2_ID with name $PUBLIC_SUBNET2_NAME"
+
+# Create Private Subnets
+PRIVATE_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
+aws ec2 create-tags --resources $PRIVATE_SUBNET1_ID --tags Key=Name,Value=$PRIVATE_SUBNET1_NAME
+echo "Created Private Subnet 1: $PRIVATE_SUBNET1_ID with name $PRIVATE_SUBNET1_NAME"
+
+PRIVATE_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
+aws ec2 create-tags --resources $PRIVATE_SUBNET2_ID --tags Key=Name,Value=$PRIVATE_SUBNET2_NAME
+echo "Created Private Subnet 2: $PRIVATE_SUBNET2_ID with name $PRIVATE_SUBNET2_NAME"
+
+# Create and Attach NAT Gateway
+EIP_ALLOC_ID=$(aws ec2 allocate-address --domain vpc --region $REGION --query 'AllocationId' --output text)
+NAT_GW_ID=$(aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET1_ID --allocation-id $EIP_ALLOC_ID --region $REGION --query 'NatGateway.NatGatewayId' --output text)
+aws ec2 create-tags --resources $NAT_GW_ID --tags Key=Name,Value=$NAT_GW_NAME
+echo "Created NAT Gateway: $NAT_GW_ID with name $NAT_GW_NAME"
+
+# Wait for NAT Gateway to become available
+aws ec2 wait nat-gateway-available --nat-gateway-ids $NAT_GW_ID --region $REGION
+echo "NAT Gateway is now available"
+
+# Create Route Tables
+PUBLIC_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
+aws ec2 create-tags --resources $PUBLIC_RT_ID --tags Key=Name,Value=$PUBLIC_RT_NAME
+echo "Created Public Route Table: $PUBLIC_RT_ID with name $PUBLIC_RT_NAME"
+
+PRIVATE_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
+aws ec2 create-tags --resources $PRIVATE_RT_ID --tags Key=Name,Value=$PRIVATE_RT_NAME
+echo "Created Private Route Table: $PRIVATE_RT_ID with name $PRIVATE_RT_NAME"
+
+# Create Routes
+aws ec2 create-route --route-table-id $PUBLIC_RT_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID --region $REGION
+echo "Created route in Public Route Table to Internet Gateway"
+
+aws ec2 create-route --route-table-id $PRIVATE_RT_ID --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NAT_GW_ID --region $REGION
+echo "Created route in Private Route Table to NAT Gateway"
+
+# Associate Route Tables with Subnets
+aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET1_ID --region $REGION
+aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET2_ID --region $REGION
+echo "Associated Public Route Table with Public Subnets"
+
+aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET1_ID --region $REGION
+aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET2_ID --region $REGION
+echo "Associated Private Route Table with Private Subnets"
+
+echo "VPC setup complete"

zadania.md

@@ -88,10 +88,16 @@ Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; fra
 3. Przygotuj maszynę wirtualną EC2 w przygotowanym VPC w podsieci prywatnej.
 3. Zapoznaj się z możliwością połączenia [VPC za pomocą VPN](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html).
 
+## ELB + CloudFront
+1. Przygotuj ALB w regionie *us-east-1* z dwoma instancjami EC2. Skonfiguruj ALB tak, aby przekierowywał ruch na EC2 na porcie 80. Wykorzystaj skrypty do przygotowania VPC oraz EC2 [create-vpc.sh](skrypty/create-vpc.sh) oraz [create-ec2-in-vpc.sh](skrypty/create-ec2-in-vpc.sh).
+2. Wygeneruj self-signed certyfikat TLS za pomocą [tej strony](https://regery.com/en/security/ssl-tools/self-signed-certificate-generator). Dodaj listener dla ALB na porcie 443 z wykorzystaniem własnego certyfikatu TLS.
+3. Zapoznaj się z możliwością hostowania strony za pomocą [CloudFront oraz S3](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.SimpleDistribution.html#GettingStartedCreateBucket)
+4. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).
+
+## Shield + WAF
+WIP
+
 ## IAM
 1. Przygotuj nową maszynę EC2, do której dostęp będzie możliwy z konsoli AWS.
 2. Nadaj uprawnienia dla maszyny EC2 do odczytu danych z bucketu S3.
 
-## CloudFront
-1. Przygotuj dystrybucję CloudFronta, która będzie serwować treści z bucketu S3. Przygotuj dodatkowo własną domenę dla dystrybucji CloudFronta wraz z certyfikatem TLS.
-2. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).