adding materials for elb and cf
This commit is contained in:
parent
069cd7098f
commit
c899b847f0
59
skrypty/create-ec2-in-vpc.sh
Normal file
59
skrypty/create-ec2-in-vpc.sh
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Set variables
|
||||||
|
REGION="us-east-1"
|
||||||
|
VPC_NAME="uam-bwc-vpc1"
|
||||||
|
PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
|
||||||
|
PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
|
||||||
|
KEY_NAME="uam-bwc-key"
|
||||||
|
SECURITY_GROUP_NAME="uam-bwc-sg"
|
||||||
|
INSTANCE_TYPE="t2.micro"
|
||||||
|
AMI_ID="ami-005fc0f236362e99f"
|
||||||
|
|
||||||
|
# Get VPC ID
|
||||||
|
VPC_ID=$(aws ec2 describe-vpcs --filters "Name=tag:Name,Values=$VPC_NAME" --region $REGION --query 'Vpcs[0].VpcId' --output text)
|
||||||
|
echo "Found VPC ID: $VPC_ID for VPC Name: $VPC_NAME"
|
||||||
|
|
||||||
|
# Get Private Subnet IDs
|
||||||
|
PRIVATE_SUBNET1_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET1_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
|
||||||
|
echo "Found Private Subnet 1 ID: $PRIVATE_SUBNET1_ID for Subnet Name: $PRIVATE_SUBNET1_NAME"
|
||||||
|
|
||||||
|
PRIVATE_SUBNET2_ID=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=$PRIVATE_SUBNET2_NAME" --region $REGION --query 'Subnets[0].SubnetId' --output text)
|
||||||
|
echo "Found Private Subnet 2 ID: $PRIVATE_SUBNET2_ID for Subnet Name: $PRIVATE_SUBNET2_NAME"
|
||||||
|
|
||||||
|
# Create SSH Key Pair
|
||||||
|
aws ec2 create-key-pair --key-name $KEY_NAME --query 'KeyMaterial' --output text > ${KEY_NAME}.pem
|
||||||
|
chmod 400 ${KEY_NAME}.pem
|
||||||
|
echo "Created SSH Key Pair: $KEY_NAME"
|
||||||
|
|
||||||
|
# Create Security Group
|
||||||
|
SG_ID=$(aws ec2 create-security-group --group-name $SECURITY_GROUP_NAME --description "Security group for HTTP and SSH access" --vpc-id $VPC_ID --region $REGION --query 'GroupId' --output text)
|
||||||
|
echo "Created Security Group: $SG_ID"
|
||||||
|
|
||||||
|
# Allow inbound access on port 80 (HTTP) and port 22 (SSH)
|
||||||
|
aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 80 --cidr 0.0.0.0/0 --region $REGION
|
||||||
|
aws ec2 authorize-security-group-ingress --group-id $SG_ID --protocol tcp --port 22 --cidr 0.0.0.0/0 --region $REGION
|
||||||
|
echo "Configured Security Group to allow HTTP and SSH access"
|
||||||
|
|
||||||
|
# User Data script
|
||||||
|
USER_DATA=$(cat <<EOF
|
||||||
|
#!/bin/bash
|
||||||
|
apt-get update -y
|
||||||
|
apt-get install -y apache2
|
||||||
|
systemctl start apache2
|
||||||
|
systemctl enable apache2
|
||||||
|
echo "Hello from \$(uname -n)" > /var/www/html/index.html
|
||||||
|
EOF
|
||||||
|
)
|
||||||
|
|
||||||
|
# Create EC2 instance in private subnet 1
|
||||||
|
INSTANCE1_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET1_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
|
||||||
|
aws ec2 create-tags --resources $INSTANCE1_ID --tags Key=Name,Value=uam-bwc-httpd1
|
||||||
|
echo "Created EC2 instance in private subnet 1: $INSTANCE1_ID with name uam-bwc-httpd1"
|
||||||
|
|
||||||
|
# Create EC2 instance in private subnet 2
|
||||||
|
INSTANCE2_ID=$(aws ec2 run-instances --image-id $AMI_ID --count 1 --instance-type $INSTANCE_TYPE --key-name $KEY_NAME --security-group-ids $SG_ID --subnet-id $PRIVATE_SUBNET2_ID --user-data "$USER_DATA" --region $REGION --query 'Instances[0].InstanceId' --output text)
|
||||||
|
aws ec2 create-tags --resources $INSTANCE2_ID --tags Key=Name,Value=uam-bwc-httpd2
|
||||||
|
echo "Created EC2 instance in private subnet 2: $INSTANCE2_ID with name uam-bwc-httpd2"
|
||||||
|
|
||||||
|
echo "EC2 instances setup complete"
|
87
skrypty/create-vpc.sh
Normal file
87
skrypty/create-vpc.sh
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Set variables
|
||||||
|
REGION="us-east-1"
|
||||||
|
VPC_NAME="uam-bwc-vpc1"
|
||||||
|
VPC_CIDR="10.10.0.0/16"
|
||||||
|
IGW_NAME="uam-bwc-ig1"
|
||||||
|
PUBLIC_SUBNET1_CIDR="10.10.0.0/24"
|
||||||
|
PUBLIC_SUBNET2_CIDR="10.10.1.0/24"
|
||||||
|
PRIVATE_SUBNET1_CIDR="10.10.2.0/24"
|
||||||
|
PRIVATE_SUBNET2_CIDR="10.10.3.0/24"
|
||||||
|
PUBLIC_SUBNET1_NAME="uam-bwc-public-subnet1"
|
||||||
|
PUBLIC_SUBNET2_NAME="uam-bwc-public-subnet2"
|
||||||
|
PRIVATE_SUBNET1_NAME="uam-bwc-private-subnet1"
|
||||||
|
PRIVATE_SUBNET2_NAME="uam-bwc-private-subnet2"
|
||||||
|
NAT_GW_NAME="uam-bwc-nat1"
|
||||||
|
PUBLIC_RT_NAME="uam-bwc-public-rt1"
|
||||||
|
PRIVATE_RT_NAME="uam-bwc-private-rt1"
|
||||||
|
|
||||||
|
# Create VPC
|
||||||
|
VPC_ID=$(aws ec2 create-vpc --cidr-block $VPC_CIDR --region $REGION --query 'Vpc.VpcId' --output text)
|
||||||
|
aws ec2 create-tags --resources $VPC_ID --tags Key=Name,Value=$VPC_NAME
|
||||||
|
echo "Created VPC: $VPC_ID with name $VPC_NAME"
|
||||||
|
|
||||||
|
# Create Internet Gateway
|
||||||
|
IGW_ID=$(aws ec2 create-internet-gateway --region $REGION --query 'InternetGateway.InternetGatewayId' --output text)
|
||||||
|
aws ec2 create-tags --resources $IGW_ID --tags Key=Name,Value=$IGW_NAME
|
||||||
|
echo "Created Internet Gateway: $IGW_ID with name $IGW_NAME"
|
||||||
|
|
||||||
|
# Attach Internet Gateway to VPC
|
||||||
|
aws ec2 attach-internet-gateway --internet-gateway-id $IGW_ID --vpc-id $VPC_ID --region $REGION
|
||||||
|
echo "Attached Internet Gateway to VPC"
|
||||||
|
|
||||||
|
# Create Public Subnets
|
||||||
|
PUBLIC_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PUBLIC_SUBNET1_ID --tags Key=Name,Value=$PUBLIC_SUBNET1_NAME
|
||||||
|
echo "Created Public Subnet 1: $PUBLIC_SUBNET1_ID with name $PUBLIC_SUBNET1_NAME"
|
||||||
|
|
||||||
|
PUBLIC_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PUBLIC_SUBNET2_ID --tags Key=Name,Value=$PUBLIC_SUBNET2_NAME
|
||||||
|
echo "Created Public Subnet 2: $PUBLIC_SUBNET2_ID with name $PUBLIC_SUBNET2_NAME"
|
||||||
|
|
||||||
|
# Create Private Subnets
|
||||||
|
PRIVATE_SUBNET1_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET1_CIDR --availability-zone ${REGION}a --region $REGION --query 'Subnet.SubnetId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PRIVATE_SUBNET1_ID --tags Key=Name,Value=$PRIVATE_SUBNET1_NAME
|
||||||
|
echo "Created Private Subnet 1: $PRIVATE_SUBNET1_ID with name $PRIVATE_SUBNET1_NAME"
|
||||||
|
|
||||||
|
PRIVATE_SUBNET2_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_SUBNET2_CIDR --availability-zone ${REGION}b --region $REGION --query 'Subnet.SubnetId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PRIVATE_SUBNET2_ID --tags Key=Name,Value=$PRIVATE_SUBNET2_NAME
|
||||||
|
echo "Created Private Subnet 2: $PRIVATE_SUBNET2_ID with name $PRIVATE_SUBNET2_NAME"
|
||||||
|
|
||||||
|
# Create and Attach NAT Gateway
|
||||||
|
EIP_ALLOC_ID=$(aws ec2 allocate-address --domain vpc --region $REGION --query 'AllocationId' --output text)
|
||||||
|
NAT_GW_ID=$(aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET1_ID --allocation-id $EIP_ALLOC_ID --region $REGION --query 'NatGateway.NatGatewayId' --output text)
|
||||||
|
aws ec2 create-tags --resources $NAT_GW_ID --tags Key=Name,Value=$NAT_GW_NAME
|
||||||
|
echo "Created NAT Gateway: $NAT_GW_ID with name $NAT_GW_NAME"
|
||||||
|
|
||||||
|
# Wait for NAT Gateway to become available
|
||||||
|
aws ec2 wait nat-gateway-available --nat-gateway-ids $NAT_GW_ID --region $REGION
|
||||||
|
echo "NAT Gateway is now available"
|
||||||
|
|
||||||
|
# Create Route Tables
|
||||||
|
PUBLIC_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PUBLIC_RT_ID --tags Key=Name,Value=$PUBLIC_RT_NAME
|
||||||
|
echo "Created Public Route Table: $PUBLIC_RT_ID with name $PUBLIC_RT_NAME"
|
||||||
|
|
||||||
|
PRIVATE_RT_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --region $REGION --query 'RouteTable.RouteTableId' --output text)
|
||||||
|
aws ec2 create-tags --resources $PRIVATE_RT_ID --tags Key=Name,Value=$PRIVATE_RT_NAME
|
||||||
|
echo "Created Private Route Table: $PRIVATE_RT_ID with name $PRIVATE_RT_NAME"
|
||||||
|
|
||||||
|
# Create Routes
|
||||||
|
aws ec2 create-route --route-table-id $PUBLIC_RT_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID --region $REGION
|
||||||
|
echo "Created route in Public Route Table to Internet Gateway"
|
||||||
|
|
||||||
|
aws ec2 create-route --route-table-id $PRIVATE_RT_ID --destination-cidr-block 0.0.0.0/0 --nat-gateway-id $NAT_GW_ID --region $REGION
|
||||||
|
echo "Created route in Private Route Table to NAT Gateway"
|
||||||
|
|
||||||
|
# Associate Route Tables with Subnets
|
||||||
|
aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET1_ID --region $REGION
|
||||||
|
aws ec2 associate-route-table --route-table-id $PUBLIC_RT_ID --subnet-id $PUBLIC_SUBNET2_ID --region $REGION
|
||||||
|
echo "Associated Public Route Table with Public Subnets"
|
||||||
|
|
||||||
|
aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET1_ID --region $REGION
|
||||||
|
aws ec2 associate-route-table --route-table-id $PRIVATE_RT_ID --subnet-id $PRIVATE_SUBNET2_ID --region $REGION
|
||||||
|
echo "Associated Private Route Table with Private Subnets"
|
||||||
|
|
||||||
|
echo "VPC setup complete"
|
12
zadania.md
12
zadania.md
@ -88,10 +88,16 @@ Content-Security-Policy-Report-Only: default-src 'none'; form-action 'none'; fra
|
|||||||
3. Przygotuj maszynę wirtualną EC2 w przygotowanym VPC w podsieci prywatnej.
|
3. Przygotuj maszynę wirtualną EC2 w przygotowanym VPC w podsieci prywatnej.
|
||||||
3. Zapoznaj się z możliwością połączenia [VPC za pomocą VPN](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html).
|
3. Zapoznaj się z możliwością połączenia [VPC za pomocą VPN](https://docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html).
|
||||||
|
|
||||||
|
## ELB + CloudFront
|
||||||
|
1. Przygotuj ALB w regionie *us-east-1* z dwoma instancjami EC2. Skonfiguruj ALB tak, aby przekierowywał ruch na EC2 na porcie 80. Wykorzystaj skrypty do przygotowania VPC oraz EC2 [create-vpc.sh](skrypty/create-vpc.sh) oraz [create-ec2-in-vpc.sh](skrypty/create-ec2-in-vpc.sh).
|
||||||
|
2. Wygeneruj self-signed certyfikat TLS za pomocą [tej strony](https://regery.com/en/security/ssl-tools/self-signed-certificate-generator). Dodaj listener dla ALB na porcie 443 z wykorzystaniem własnego certyfikatu TLS.
|
||||||
|
3. Zapoznaj się z możliwością hostowania strony za pomocą [CloudFront oraz S3](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GettingStarted.SimpleDistribution.html#GettingStartedCreateBucket)
|
||||||
|
4. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).
|
||||||
|
|
||||||
|
## Shield + WAF
|
||||||
|
WIP
|
||||||
|
|
||||||
## IAM
|
## IAM
|
||||||
1. Przygotuj nową maszynę EC2, do której dostęp będzie możliwy z konsoli AWS.
|
1. Przygotuj nową maszynę EC2, do której dostęp będzie możliwy z konsoli AWS.
|
||||||
2. Nadaj uprawnienia dla maszyny EC2 do odczytu danych z bucketu S3.
|
2. Nadaj uprawnienia dla maszyny EC2 do odczytu danych z bucketu S3.
|
||||||
|
|
||||||
## CloudFront
|
|
||||||
1. Przygotuj dystrybucję CloudFronta, która będzie serwować treści z bucketu S3. Przygotuj dodatkowo własną domenę dla dystrybucji CloudFronta wraz z certyfikatem TLS.
|
|
||||||
2. Zapoznaj się z [AWS Lambda @ Edge](https://aws.amazon.com/lambda/edge/) oraz [CloudFront Functions](https://aws.amazon.com/blogs/aws/introducing-cloudfront-functions-run-your-code-at-the-edge-with-low-latency-at-any-scale/).
|
|
Loading…
Reference in New Issue
Block a user