gaspersic/devops-exercises
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a couple of AWS exercises

Browse Source 
Questions as well were added.
This commit is contained in:
abregman
2021-11-12 14:05:05 +02:00
parent af7e1a9007
commit 43d714fa12
15 changed files with 971 additions and 545 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
exercises/aws/solutions/budget_setup.md Normal file
View File

@ -0,0 +1,18 @@
## AWS - Budget Setup
### Objectives
Setup a cost budget in your AWS account based on your needs.
### Solution
1. Go to "Billing"
2. Click on "Budgets" in the menu
3. Click on "Create a budget"
4. Choose "Cost Budget" and click on "Next"
5. Choose the values that work for you. For example, recurring monthly budget with a specific amount
6. Insert a budget name and Click on "Next"
7. Set up an alert but clicking on "Add an alert threshold"
1. Set a threshold (e.g. 75% of budgeted amount)
2. Set an email where a notification will be sent
8. Click on "Next" until you can click on "Create a budget"

21
exercises/aws/solutions/ec2_iam_roles.md Normal file
View File

@ -0,0 +1,21 @@
## AWS EC2 - IAM Roles
### Requirements
1. Running EC2 instance without any IAM roles (so you if you connect the instance and try to run AWS commands, it fails)
2. IAM role with "IAMReadOnlyAccess" policy
### Objectives
1. Attach a role (and if such role doesn't exists, create it) with "IAMReadOnlyAccess" policy to the EC2 instance
2. Verify you can run AWS commands in the instance
### Solution
#### Console
1. Go to EC2 service
2. Click on the instance to which you would like to attach the IAM role
3. Click on "Actions" -> "Security" -> "Modify IAM Role"
4. Choose the IAM role with "IAMReadOnlyAccess" policy and click on "Save"
5. Running AWS commands now in the instance should work fine (e.g. `aws iam list-users`)

39
exercises/aws/solutions/launch_ec2_web_instance.md Normal file
View File

@ -0,0 +1,39 @@
## AWS - Launch EC2 Web Instance
### Objectives
Launch one EC2 instance with the following requirements:
1. Amazon Linux 2 image
2. Instance type: pick up one that has 1 vCPUs and 1 GiB memory
3. Instance storage should be deleted upon the termination of the instance
4. When the instance starts, it should install:
1. Install the httpd package
2. Start the httpd service
3. Make sure the content of /var/www/html/index.html is `I made it! This is is awesome!`
5. It should have the tag: "Type: web" and the name of the instance should be "web-1"
6. HTTP traffic (port 80) should be accepted from anywhere
### Solution
1. Choose a region close to you
2. Go to EC2 service
3. Click on "Instances" in the menu and click on "Launch instances"
4. Choose image: Amazon Linux 2
5. Choose instance type: t2.micro
6. Make sure "Delete on Termination" is checked in the storage section
7. Under the "User data" field the following:
```
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>I made it! This is is awesome!</h1>" > /var/www/html/index.html
```
8. Add tags with the following keys and values:
* key "Type" and the value "web"
* key "Name" and the value "web-1"
9. In the security group section, add a rule to accept HTTP traffic (TCP) on port 80 from anywhere
10. Click on "Review" and then click on "Launch" after reviewing.
11. If you don't have a key pair, create one and download it.

21
exercises/aws/solutions/no_application.md Normal file
View File

@ -0,0 +1,21 @@
## No Application :'(
### Objectives
Explain what might be possible reasons for the following issues:
1. Getting "time out" when trying to reach an application running on EC2 instance
2. Getting "connection refused" error
### Solution
1. 'Time out' Can be due to one of the following:
* Security group doesn't allow access
* No host (yes, I know. Not the first thing to check and yet...)
* Operating system firewall blocking traffic
2. 'Connection refused' can happen due to one of the following:
* Application didn't launch properly or has some issue (doesn't listens on the designated port)
* Firewall replied with a reject instead of dropping the packets

55
exercises/aws/solutions/security_groups.md Normal file
View File

@ -0,0 +1,55 @@
## AWS EC2 - Security Groups
### Requirements
For this exercise you'll need:
1. EC2 instance with web application
2. Security group inbound rules that allow HTTP traffic
### Objectives
1. List the security groups you have in your account, in the region you are using
2. Remove the HTTP inbound traffic rule
3. Can you still access the application? What do you see/get?
4. Add back the rule
5. Can you access the application now?
### Solution
#### Console
1. Go to EC2 service - > Click on "Security Groups" under "Network & Security"
You should see at least one security group. One of them is called "default"
2. Click on the security group with HTTP rules and click on "Edit inbound rules".
Remove the HTTP related rules and click on "Save rules"
3. No. There is a time out because we removed the rule allowing HTTP traffic.
4. Click on the security group -> edit inbound rules and add the following rule:
* Type: HTTP
* Port range: 80
* Source: Anywhere -> 0.0.0.0/0
5. yes
#### CLI
1. `aws ec2 describe-security-groups` -> by default, there is one security group called "default", in a new account
2. Remove the rule:
```
aws ec2 revoke-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
```
3. No. There is a time out because we removed the rule allowing HTTP traffic.
4. Add the rule we remove:
```
aws ec2 authorize-security-group-ingress \
--group-name someHTTPSecurityGroup
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
```
5. yes