adding materials for elb and cf

This commit is contained in:
Jan Helak 2024-11-29 14:07:24 +01:00
parent 069cd7098f
commit c899b847f0
3 changed files with 155 additions and 3 deletions

View File

@ -0,0 +1,59 @@
#!/bin/bash
# Set variables
REGION="us-east-1"
VPC_NAME="uam-bwc-vpc1"
PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
KEY_NAME="uam-bwc-key"
SECURITY_GROUP_NAME="uam-bwc-sg"
INSTANCE_TYPE="t2.micro"
AMI_ID="ami-005fc0f236362e99f"
# Get VPC ID
VPC_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=$VPC_NAME" --region $REGION --query 'Vpcs[0].VpcId' --output text)
echo "Found VPC ID: $VPC_ID for VPC Name: $VPC_NAME"
# Get Private Subnet IDs
PRIVATE_SUBNET1_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET1_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
echo "Found Private Subnet 1 ID: $PRIVATE_SUBNET1_ID for Subnet Name: $PRIVATE_SUBNET1_NAME"
PRIVATE_SUBNET2_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET2_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
echo "Found Private Subnet 2 ID: $PRIVATE_SUBNET2_ID for Subnet Name: $PRIVATE_SUBNET2_NAME"
# Create SSH Key Pair
aws ec2 create-key-pair --key-name $KEY_NAME --query 'KeyMaterial' --output text > ${KEY_NAME}.pem
chmod 400 ${KEY_NAME}.pem
echo "Created SSH Key Pair: $KEY_NAME"
# Create Security Group
SG_ID=$(aws ec2 create-security-group --group-name $SECURITY_GROUP_NAME --description "Security group for HTTP and SSH access" --vpc-id $VPC_ID --region $REGION --query 'GroupId' --output text)
echo "Created Security Group: $SG_ID"
# Allow inbound access on port 80 (HTTP) and port 22 (SSH)
aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 80 --cidr 0.0.0.0/0 --region $REGION
aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 22 --cidr 0.0.0.0/0 --region $REGION
echo "Configured Security Group to allow HTTP and SSH access"
# User Data script
USER_DATA=$(cat <<EOF
#!/bin/bash
apt-get update -y
apt-get install -y apache2
systemctl start apache2
systemctl enable apache2
echo "Hello from \$(uname -n)" > /var/www/html/index.html
EOF
)
# Create EC2 instance in private subnet 1
INSTANCE1_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET1_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
aws ec2 create-tags --resources $INSTANCE1_ID --tags Key=Name,Value=uam-bwc-httpd1
echo "Created EC2 instance in private subnet 1: $INSTANCE1_ID with name uam-bwc-httpd1"
# Create EC2 instance in private subnet 2
INSTANCE2_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET2_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
aws ec2 create-tags --resources $INSTANCE2_ID --tags Key=Name,Value=uam-bwc-httpd2
echo "Created EC2 instance in private subnet 2: $INSTANCE2_ID with name uam-bwc-httpd2"
echo "EC2 instances setup complete"

87
skrypty/create-vpc.sh Normal file
View File

@ -0,0 +1,87 @@
#!/bin/bash
# Set variables
REGION="us-east-1"
VPC_NAME="uam-bwc-vpc1"
VPC_CIDR="10.10.0.0/16"
IGW_NAME="uam-bwc-ig1"
PUBLIC_SUBNET1_CIDR="10.10.0.0/24"
PUBLIC_SUBNET2_CIDR="10.10.1.0/24"
PRIVATE_SUBNET1_CIDR="10.10.2.0/24"
PRIVATE_SUBNET2_CIDR="10.10.3.0/24"
PUBLIC_SUBNET1_NAME="uam-bwc-public-subnet1"
PUBLIC_SUBNET2_NAME="uam-bwc-public-subnet2"
PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
NAT_GW_NAME="uam-bwc-nat1"
PUBLIC_RT_NAME="uam-bwc-public-rt1"
PRIVATE_RT_NAME="uam-bwc-private-rt1"
# Create VPC
VPC_ID=$(aws ec2 create-vpc --cidr-block $VPC_CIDR --region $REGION --query 'Vpc.VpcId' --output text)
aws ec2 create-tags --resources $VPC_ID --tags Key=Name,Value=$VPC_NAME
echo "Created VPC: $VPC_ID with name $VPC_NAME"
# Create Internet Gateway
IGW_ID=$(aws ec2 create-internet-gateway --region $REGION --query 'InternetGateway.InternetGatewayId' --output text)
aws ec2 create-tags --resources $IGW_ID --tags Key=Name,Value=$IGW_NAME
echo "Created Internet Gateway: $IGW_ID with name $IGW_NAME"
# Attach Internet Gateway to VPC
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id $VPC_ID --region $REGION
echo "Attached Internet Gateway to VPC"
# Create Public Subnets
PUBLIC_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
aws ec2 create-tags --resources $PUBLIC_SUBNET1_ID --tags Key=Name,Value=$PUBLIC_SUBNET1_NAME
echo "Created Public Subnet 1: $PUBLIC_SUBNET1_ID with name $PUBLIC_SUBNET1_NAME"
PUBLIC_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
aws ec2 create-tags --resources $PUBLIC_SUBNET2_ID --tags Key=Name,Value=$PUBLIC_SUBNET2_NAME
echo "Created Public Subnet 2: $PUBLIC_SUBNET2_ID with name $PUBLIC_SUBNET2_NAME"
# Create Private Subnets
PRIVATE_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
aws ec2 create-tags --resources $PRIVATE_SUBNET1_ID --tags Key=Name,Value=$PRIVATE_SUBNET1_NAME
echo "Created Private Subnet 1: $PRIVATE_SUBNET1_ID with name $PRIVATE_SUBNET1_NAME"
PRIVATE_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
aws ec2 create-tags --resources $PRIVATE_SUBNET2_ID --tags Key=Name,Value=$PRIVATE_SUBNET2_NAME
echo "Created Private Subnet 2: $PRIVATE_SUBNET2_ID with name $PRIVATE_SUBNET2_NAME"
# Create and Attach NAT Gateway
EIP_ALLOC_ID=$(aws ec2 allocate-address --domain vpc --region $REGION --query 'AllocationId' --output text)
NAT_GW_ID=$(aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET1_ID --allocation-id $EIP_ALLOC_ID --region $REGION --query 'NatGateway.NatGatewayId' --output text)
aws ec2 create-tags --resources $NAT_GW_ID --tags Key=Name,Value=$NAT_GW_NAME
echo "Created NAT Gateway: $NAT_GW_ID with name $NAT_GW_NAME"
# Wait for NAT Gateway to become available
aws ec2 wait nat-gateway-available --nat-gateway-ids $NAT_GW_ID --region $REGION
echo "NAT Gateway is now available"
# Create Route Tables
PUBLIC_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
aws ec2 create-tags --resources $PUBLIC_RT_ID --tags Key=Name,Value=$PUBLIC_RT_NAME
echo "Created Public Route Table: $PUBLIC_RT_ID with name $PUBLIC_RT_NAME"
PRIVATE_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
aws ec2 create-tags --resources $PRIVATE_RT_ID --tags Key=Name,Value=$PRIVATE_RT_NAME
echo "Created Private Route Table: $PRIVATE_RT_ID with name $PRIVATE_RT_NAME"
# Create Routes
aws ec2 create-route --route-table-id $PUBLIC_RT_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID --region $REGION
echo "Created route in Public Route Table to Internet Gateway"
aws ec2 create-route --route-table-id $PRIVATE_RT_ID --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NAT_GW_ID --region $REGION
echo "Created route in Private Route Table to NAT Gateway"
# Associate Route Tables with Subnets
aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET1_ID --region $REGION
aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET2_ID --region $REGION
echo "Associated Public Route Table with Public Subnets"
aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET1_ID --region $REGION
aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET2_ID --region $REGION
echo "Associated Private Route Table with Private Subnets"
echo "VPC setup complete"

View File

@ -88,10 +88,16 @@ Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; fra
3. Przygotuj maszynę wirtualną EC2 w przygotowanym VPC w podsieci prywatnej. 3. Przygotuj maszynę wirtualną EC2 w przygotowanym VPC w podsieci prywatnej.
3. Zapoznaj się z możliwością połączenia [VPC za pomocą VPN](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html). 3. Zapoznaj się z możliwością połączenia [VPC za pomocą VPN](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html).
## ELB + CloudFront
1. Przygotuj ALB w regionie *us-east-1* z dwoma instancjami EC2. Skonfiguruj ALB tak, aby przekierowywał ruch na EC2 na porcie 80. Wykorzystaj skrypty do przygotowania VPC oraz EC2 [create-vpc.sh](skrypty/create-vpc.sh) oraz [create-ec2-in-vpc.sh](skrypty/create-ec2-in-vpc.sh).
2. Wygeneruj self-signed certyfikat TLS za pomocą [tej strony](https://regery.com/en/security/ssl-tools/self-signed-certificate-generator). Dodaj listener dla ALB na porcie 443 z wykorzystaniem własnego certyfikatu TLS.
3. Zapoznaj się z możliwością hostowania strony za pomocą [CloudFront oraz S3](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.SimpleDistribution.html#GettingStartedCreateBucket)
4. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).
## Shield + WAF
WIP
## IAM ## IAM
1. Przygotuj nową maszynę EC2, do której dostęp będzie możliwy z konsoli AWS. 1. Przygotuj nową maszynę EC2, do której dostęp będzie możliwy z konsoli AWS.
2. Nadaj uprawnienia dla maszyny EC2 do odczytu danych z bucketu S3. 2. Nadaj uprawnienia dla maszyny EC2 do odczytu danych z bucketu S3.
## CloudFront
1. Przygotuj dystrybucję CloudFronta, która będzie serwować treści z bucketu S3. Przygotuj dodatkowo własną domenę dla dystrybucji CloudFronta wraz z certyfikatem TLS.
2. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).