AWS/RDS – Delete Instance

Background

For one of the projects we are standing up in AWS, I will like to test out different Instance configuration options.

Constraints

It has a big database and I did not want to continue eating the cost of standing up various instances.  It is time to stand down of some of the instances.

 

Instances

Current

Here is the current list of RDS Instances.

Image

Text

  1. dev
    • Development
  2. perf
    • Performance
  3. prod
    • Production

Delete Instance

We are not currently using Prod and so I am going to take it “permanently” down.

And, start running load test against Perf; which is the instance I brought up just yesterday.

 

Outline

  1. Access list of Database Instances
  2. Select instance targeted for deletion
  3. Choose the menu options Action/Delete
  4. If “Delete Protection” has been enabled for the Instance
    • We are prompted to “modify the database and disable deletion protection
  5. Access Instance
    • Review Instance’s “Deletion Protection”
    • Check off “Enable Deletion Protection
    • Save Changes
    • Scheduling of Modifications
      • By default changes are effected during next maintenance window
      • Choose to effect this specific change immediately
  6. Return to list of RDS Databases
  7. Choose to delete instance
    • Prompted as to whether we want to take a final snapshot
    • We made the following modifications
      • We chose not to take that final snapshot
      • Confirm deletion by entering “delete me
    • Advised that RDS Instance Deletion is being processed
  8. List of RDS Databases reflects deletion processed

Screen Images

RDS / Instances / List – 01

This database has deletion protection option enabled

 

Instance

Deletion Protection

 

Scheduling of Modifications

Apply During the Next Scheduled Maintenance Window

Apply Immediately

 

RDS / Instances / List – 02

RDS / Instances / Delete Instance ?

Initial

Final

 

RDS / Instances / Deleting Instance

RDS / Instances

AWS/EC2 – Instance – Metadata

Background

Continuing with our study on AWS/EC2.

Let us quickly cover how we go about querying the EC2 instance for rudimentary system information.

Environment

On the instance itself, please send a payload against Link-local address; specifically 169.254.169.254.  The full URL is http://169.254.169.254/latest/meta-data/

Tool

We are on MS Windows and we have browsers loaded and we will use them as simple HTTP Client.

if you are on Linux and all you have is a terminal mode connection, please use curl ( Client URL ).

Top Level

Here is our top level node.

Browser

Block Device Mapping

Lists Storage Devices; please note only block devices and not RAW Storage Devices.

Please also keep in mind detailed storage info is not available; merely names.

Images

Image-Block Device Mapping

hostname

Images

Image-hostname

instance-id

Images

Image-instance-id

instance-type

Images

Image-instance-type

hostname

Images

hostname

local-hostname

Images

Image-Localhostname

local-ipv4

Images

Image-Local IP4 Address

Mac

Please read further; specifically under Network\Interface\Macs.

Network

interface

Macs

Network Mac Addresses which can be fairly useful for network troubleshooting, etc.

Images
Network Mac -01

Placement

Availability Zone

Here we talk about Country/Region/Availability Group.

In our case we are in

  1. Country :- US
  2. Region :- East Coast
  3. Availability Zone :- 1C

Images

Image.us-east-1c

Security-Groups

Security Groups are the Security groups each instance is assigned.

In the screen shots below we have two distinct results.

First is workplace for AWS Workplace node and the second is one of our custom security groups.

Images

Image – workplace

Image – taskRunner

Summary

Quick summary.

Instance metadata allows a bit of introspection on each EC/2 instance.

Akin to Windows Management Interface, WMI, in MS Windows.

References

  1. Amazon
    • AWS Documentation » Amazon EC2 » User Guide for Windows Instances » Amazon EC2 Instances » Configuring Your Windows Instance
      • Instance Metadata and User Data
        Link
    • AWS Documentation » Amazon EC2 » User Guide for Windows Instances » Monitoring Amazon EC2 » Monitoring the Status of Your Instances
      • Scheduled Events for You
        Link
  2. Curl for Windows

AWS :- Elastic Compute Cloud ( EC2 ) and Elastic Block Store ( EBS ) :- Review Questions

Review Questions

  1. Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?
    • A. Run 12 Reserved Instances all of the time.
    • B. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month.
    • C. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month.
    • D. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.
  2. Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders?
    • A. Create more queues.
    • B. Deploy additional Spot Instances to assist in processing the orders. 
    • C. Deploy additional Reserved Instances to assist in processing the orders.
    • D. Deploy additional On-Demand Instances to assist in processing the orders.
  3. Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? (Choose 2 answers)
    • A. The Amazon EC2 instance ID
    • B. Password for the administrator account
    • C. Amazon EC2 instance type
    • D. Amazon Machine Image (AMI)
  4. You have purchased an m3.xlarge Linux Reserved instance in us-east-1a. In which ways can you modify this reservation? (Choose 2 answers)
    • A. Change it into two m3.large instances.
    • B. Change it to a Windows instance.
    • C. Move it to us-east-1b.
    • D. Change it to an m4.xlarge.
  5. Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance?
    • A. RDP and HTTP access from CIDR block 0.0.0.0/0
    • B. No traffic is allowed.
    • C. RDP and HTTP traffic from 72.14.0.0/16
    • D. RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0
  6. Which of the following are features of enhanced networking? (Choose 3 answers)
    • A. More Packets Per Second (PPS)
    • B. Lower latency
    • C. Multiple network interfaces
    • D. Border Gateway Protocol (BGP) routing
    • E. Less jitter
  7. You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers)
    • A. Use an instance type with 10 Gbps network performance.
    • B. Put the instances in a placement group. ( yes )
    • C. Use Dedicated Instances.
    • D. Enable enhanced networking on the instances.
    • E. Use Reserved Instances.
  8. Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures that your instances will not share a physical host with instances from any other AWS customer?
    • A. Amazon Virtual Private Cloud (VPC)
    • B. Placement groups
    • C. Dedicated Instances
    • D. Reserved Instances
  9. Which of the following are true of instance stores? (Choose 2 answers)
    • A. Automatic backups
    • B. Data is lost when the instance stops.
    • C. Very high IOPS
    • D. Charge is based on the total amount of storage provisioned. 
  10. Which of the following are features of Amazon Elastic Block Store (Amazon EBS) ?
    • A. Data stored on Amazon EBS is automatically replicated within an Availability Zone.
    • B. Amazon EBS data is automatically backed up to tape.
    • C. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.
    • D. Data on an Amazon EBS volume is lost when the attached instance is stopped
  11. You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume.  How long will the volume be unavailable?
    • A. It depends on the provisioned size of the volume.
    • B. The volume will be available immediately. 
    • C. It depends on the amount of data stored on the volume.
    • D. It depends on whether the attached instance is an Amazon EBS-optimized instance.
  12. You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot.  How long will it be before the data is available?
    • A. It depends on the provisioned size of the volume.
    • B. The data will be available immediately.
    • C. It depends on the amount of data stored on the volume.
    • D. It depends on whether the attached instance is an Amazon EBS-optimized instance.
  13. You have a workload that requires 15,000 consistent IOPS for data that must be durable.  What combination of the following steps do you need? (Choose 2 answers)
    • A. Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance. 
    • B. Use an instance store.
    • C. Use a Provisioned IOPS SSD volume. 
    • D. Use a magnetic volume.
  14. Which of the following can be accomplished through bootstrapping?
    • A. Install the most current security updates.
    • B. Install the current version of the application.
    • C. Configure Operating System (OS) services.
    • D. All of the above.
  15. How can you connect to a new Linux instance using SSH?
    • A. Decrypt the root password.
    • B. Using a certificate
    • C. Using the private half of the instance’s key pair
    • D. Using Multi-Factor Authentication (MFA)
  16. VM Import/Export can import existing virtual machines as: (Choose 2 answers)
    • A. Amazon Elastic Block Store (Amazon EBS) volumes
    • B. Amazon Elastic Compute Cloud (Amazon EC2) instances
    • C. Amazon Machine Images (AMIs)
    • D. Security groups
  17. Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? (Choose 2 answers)
    • A. Windows machine name
    • B. Public DNS name
    • C. Amazon EC2 instance ID
    • D. Elastic IP address
  18. Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason?
    • A. There is no security group rule that allows RDP access over port 3389 from your IP address. 
    • B. The instance is a Reserved Instance.
    • C. The instance is not using enhanced networking.
    • D. The instance is not an Amazon EBS-optimized instance.
  19. You have a workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload?
    • A. Use a Provisioned IOPS SSD volume at 3,000 IOPS.
    • B. Use an instance store.
    • C. Use a general-purpose SSD volume.
    • D. Use a magnetic volume.
  20. How are you billed for elastic IP addresses?
    • A. Hourly when they are associated with an instance
    • B. Hourly when they are not associated with an instance
    • C. Based on the data that flows through them
    • D. Based on the instance type to which they are attached

 

Referenced Work

  1. AWS
    • Amazon EC2 Instance Types
      • Instance Features
        Link
    • Script
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Amazon EC2 Instances » Configuring Your Amazon Linux Instance » Running Commands on Your Linux Instance at Launch
        • Running Commands on Your Linux Instance at Launch
          Link
    • Amazon EC2 Instance Types
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage
        • Block Device Mapping
          Link
    • Elastic Block Store
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage » Amazon Elastic Block Store (Amazon EBS) » Amazon EBS Snapshots » Creating Amazon EBS Snapshots
        • Creating Amazon EBS Snapshots
          Link
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage » Amazon Elastic Block Store (Amazon EBS) » Amazon EBS Volumes
        • Restoring an Amazon EBS Volume from a Snapshot
          Link
    • Instance Store
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage
        • Amazon EC2 Instance Store
          Link
    • Enhanced Networking
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Network and Security
        • Enhanced Networking on Linux
          Link
    • EC2
      • EC/2 Instance
        • How do I move my EC2 instance to another subnet, Availability Zone, or VPC?
          Link
      • EC/2 Instance Metadata
        • EC2 Instance Metadata Query Tool
          Link
    • Elastic IP
      • Premium Support / Knowledge Center
        • Why am I being billed for Elastic IP addresses when all my instances are terminated?
          Link
    • AWS Compute Blog
      • Jeff Bartley
        • Recovering files from an Amazon EBS volume backup
          Link
  2. A Cloud Guru
    • A Cloud Guru > Course taking > Other
      • AWS EC2 Instance Store vs. EBS
        Link
  3. RightScale
    • RightScale Docs / Cloud Management / Dashboard User’s Guide / clouds / Amazon Web Services (AWS)
      • EC2 Elastic IPs
        Link
  4. Scale Your Code
    • Christophe Limpalair
      • Complete guide to launching your first free AWS EC2 instance
        Link

AWS / S3 & Glacier :- Study Guide

Background

Everyone around me got certified.

And, they said we will wait on you to celebrate.

The humility of this crowd humbles me.

And, so here we go, hopefully lock it down, ghost and study a bit.

 

Study Guide

  1. In what ways does Amazon Simple Storage Service (Amazon S3) object storage differ from block and file storage? (Choose 2 answers)
    • A. Amazon S3 stores data in fixed size blocks.
    • B. Objects are identified by a numbered address.
    • C. Objects can be any size.
    • D. Objects contain both data and metadata.
    • E. Objects are stored in buckets.
  2. Which of the following are not appropriates use cases for Amazon Simple Storage Service (Amazon S3)? (Choose 2 answers)
    • A. Storing web content
    • B. Storing a file system mounted to an Amazon Elastic Compute Cloud (Amazon EC2)
      instance
    • C. Storing backups for a relational database
    • D. Primary storage for a database
    • E. Storing logs for analytics
  3. What are some of the key characteristics of Amazon Simple Storage Service (Amazon S3)? (Choose 3 answers)
    • A. All objects have a URL.
    • B. Amazon S3 can store unlimited amounts of data.
    • C. Objects are world-readable by default.
    • D. Amazon S3 uses a REST (Representational State Transfer) Application Program
      Interface (API).
    • E. You must pre-allocate the storage in a bucket.
  4. Which features can be used to restrict access to Amazon Simple Storage Service (Amazon S3) data? (Choose 3 answers)
    • A. Enable static website hosting on the bucket.
    • B. Create a pre-signed URL for an object.
    • C. Use an Amazon S3 Access Control List (ACL) on a bucket or object.
    • D. Use a lifecycle policy.
    • E. Use an Amazon S3 bucket policy.
  5. Your application stores critical data in Amazon Simple Storage Service (Amazon S3), which must be protected against inadvertent or intentional deletion. How can this data be protected? (Choose 2 answers)
    • A. Use cross-region replication to copy data to another bucket automatically.
    • B. Set a vault lock.
    • C. Enable versioning on the bucket.
    • D. Use a lifecycle policy to migrate data to Amazon Glacier.
    • E. Enable MFA Delete on the bucket.
  6. Your company stores documents in Amazon Simple Storage Service (Amazon S3), but it wants to minimize cost. Most documents are used actively for only about a month, then much less frequently. However, all data needs to be available within minutes when requested. How can you meet these requirements?( Link )
    • A. Migrate the data to Amazon S3 Reduced Redundancy Storage (RRS) after 30 days.
    • B. Migrate the data to Amazon Glacier after 30 days.
    • C. Migrate the data to Amazon S3 Standard – Infrequent Access (IA) after 30 days.
    • D. Turn on versioning, then migrate the older version to Amazon Glacier.
  7. How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability?
    • A. Data is automatically replicated to other regions.
    • B. Data is automatically replicated within a region.
    • C. Data is replicated only if versioning is enabled on the bucket.
    • D. Data is automatically backed up on tape and restored if needed.
  8. Based on the following Amazon Simple Storage Service (Amazon S3) URL, which one of the following statements is correct? ( https://bucket1.abc.com.s3.amazonaws.com/folderx/myfile.doc )
    • A. The object “myfile.doc” is stored in the folder “folderx” in the bucket “bucket1.abc.com.”
    • B. The object “myfile.doc” is stored in the bucket “bucket1.abc.com.”
    • C. The object “folderx/myfile.doc” is stored in the bucket “bucket1.abc.com.”
    • D. The object “myfile.doc” is stored in the bucket “bucket1″.
  9. What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)
    • A. You want a backup of your data in case of accidental deletion.
    • B. You have a set of users or customers who can access the second bucket with lower
      latency.
    • C. For compliance reasons, you need to store data in a location at least 300 miles away
      from the first region.
    • D. Your data needs at least five nines of durability
  10. Your company requires that all data sent to external storage be encrypted before being sent. Which Amazon  Simple Storage Service (Amazon S3) encryption solution will meet this requirement?
    • A. Server-Side Encryption (SSE) with AWS-managed keys (SSE-S3)
    • B. SSE with customer-provided keys (SSE-C)
    • C. Client-side encryption with customer-managed keys
    • D. Server-side encryption with AWS Key Management Service (AWS KMS) keys (SSEKMS)
  11. You have a popular web application that accesses data stored in an Amazon Simple Storage Service (Amazon S3) bucket. You expect the access to be very read-intensive, with expected request rates of up to 500 GETs per second from many clients. How can you increase the performance and scalability of Amazon S3 in this case?
    • A. Turn on cross-region replication to ensure that data is served from multiple locations.
    • B. Ensure randomness in the namespace by including a hash prefix to key names.
    • C. Turn on server access logging.
    • D. Ensure that key names are sequential to enable pre-fetch.
  12. What is needed before you can enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers) ( Link )
    • A. Enable versioning on the bucket.
    • B. Enable a lifecycle rule to migrate data to the second region.
    • C. Enable static website hosting.
    • D. Create an AWS Identity and Access Management (IAM) policy to allow Amazon S3 to replicate objects on your behalf.
  13. Your company has 100TB of financial records that need to be stored for seven years by law. Experience has shown that any record more than one-year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost efficient manner?
    • A. Store the data on Amazon Elastic Block Store (Amazon EBS) volumes attached to
      t2.micro instances.
    • B. Store the data on Amazon Simple Storage Service (Amazon S3) with lifecycle policies
      that change the storage class to Amazon Glacier after one year and delete the object

      after seven years.
    • C. Store the data in Amazon DynamoDB and run daily script to delete data older than
      seven years.
    • D. Store the data in Amazon Elastic MapReduce (Amazon EMR).
  14. Amazon Simple Storage Service (S3) bucket policies can restrict access to an Amazon S3 bucket and objects by which of the following? (Choose 3 answers)  LinkA. Company name
    • B. IP address range
    • C. AWS account
    • D. Country of origin
    • E. Objects with a specific prefix
  15. Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system.  For what kinds of operations is it possible to get stale data as a result of eventual consistency? (Choose 2 answers)
    • A. GET after PUT of a new object
    • B. GET or LIST after a DELETE
    • C. GET after overwrite PUT (PUT to an existing key)
    • D. DELETE after PUT of new object
  16. What must be done to host a static website in an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 3 answers)
    • A. Configure the bucket for static hosting and specify an index and error document.
    • B. Create a bucket with the same name as the website.
    • C. Enable File Transfer Protocol (FTP) on the bucket.
    • D. Make the objects in the bucket world-readable.
    • E. Enable HTTP on the bucket.
  17. You have valuable media files hosted on AWS and want them to be served only to authenticated users of your web application. You are concerned that your content could be stolen and distributed for free. How can you protect your content?
    • A. Use static web hosting.
    • B. Generate pre-signed URLs for content in the web application.
    • C. Use AWS Identity and Access Management (IAM) policies to restrict access.
    • D. Use logging to track your content.
  18. Amazon Glacier is well-suited to data that is which of the following? (Choose 2 answers)( Link )
    • A. Is infrequently or rarely accessed
    • B. Must be immediately available when needed
    • C. Is available after a three- to five-hour restore period
    • D. Is frequently erased within 30 days
  19. Which statements about Amazon Glacier are true? (Choose 3 answers)
    • A. Amazon Glacier stores data in objects that live in archives.
    • B. Amazon Glacier archives are identified by user-specified key names.
    • C. Amazon Glacier archives take three to five hours to restore.
    • D. Amazon Glacier vaults can be locked.
    • E. Amazon Glacier can be used as a standalone service and as an Amazon S3 storage
      class.
  20. What are some reasons to enable cross-region replication on an Amazon Simple Storage Service (Amazon S3) bucket? (Choose 2 answers)
    • A. You want a backup of your data in case of accidental deletion.
    • B. You have a set of users or customers who can access the second bucket with lower latency.
    • C. For compliance reasons, you need to store data in a location at least 300 miles away from the first region.
    • D. Your data needs at least five nines of durability

AWS/S3 – Static Web Site – Troubleshooting – Day 01

Background

Wanted to talk a bit about errors one can encounter trying to configure static websites via AWS/S3.

Errors

Error List

  1. 404 – Not Found
    • Code: NoSuchWebsiteConfiguration
  2. 403 – Forbidden
    • Access Denied

 

Error.404

NoSuchWebSiteConfiguration

Image

Textual

404 Not Found
Code: NoSuchWebsiteConfiguration
Message: The specified bucket does not have a website configuration
BucketName: cloudacademylabswebsitestaticexamplebyda
RequestId: 996E0FC2478E245E
HostId: hK067xGc9U4xpKKudGtTzM9Ww2ug77WB5Yo8ysThNRECOnij74dNwwQc5cAgqXx3RW/tIziutdE=

Explanation

  1. Connotes that bucket has not been configured for static web site hosting
  2. To re-mediate please do the following
    • Access S3 Bucket
    • Access S3 Bucket Property
    • Change from current option of “Disable web hosting” to “Use this bucket to host a website

 

Remedy

Current

Revise

 

Error.403 – Forbidden

Access Denied

Image

Textual

403 Forbidden
Code: AccessDenied
Message: Access Denied
RequestId: AF38AC49C1396730
HostId: zRoAu4cGBlB6ANftEHbDqKHgAKcOpmr4DEHwi2ORYECMQFRobpdjk3pjMXxMXHyZ3f/75UHZxoc=
An Error Occurred While Attempting to Retrieve a Custom Error Document
Code: AccessDenied
Message: Access Denied

Explanation

  1. States that Access is denied
  2. To re-mediate please do the following
    • Access S3 Bucket
    • Access S3 Bucket Property
    • Permissions
      • Block Public Access
        • Ensure that “Block Public Access” is not enforced
      • Access Control List ( ACL )
        • Principals
          • Allow access to everyone
          • Or access to specific Canonical IDs
        • Permission Set
          • List Objects
          • Read Object Permission
      • Bucket Policy
        • Design and enter Bucket Policy

Images

Block Public Access

Access Control List ( ACL )

Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadForGetBucketObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::{bucket}/*"
        }
    ]
}

 

Summary

More later as we develop our own static web sites and intentionally break things.

AWS/S3 – Static Web Site

 

Background

Reading through AWS/S3 documentation and wanted to see possible gotchas with its Static Website functionality.

 

Outline

  1. Preparation
    • Prepare Static Web Files
      • As this is a sample, we will rip off someone’s work
        • Specifically, “Static website to use with Cloud Academy labs” ( Link )
  2. Amazon/AWS
    • S3
      • Create S3 Bucket
      • Configure
        • Static Web Site
        • Permissions
          • Access Control List
            • Public Access/Everyone
              • List Objects
              • Read Permissions
          • Bucket Policy
            • Enter a generic bucket policy that grants read object permission to the object and its contents
      • Upload Artifacts
        • Using S3 Client upload website files to S3 Bucket

Preparation

Introduction

In most cases, one will thoroughly develop original website artifacts.

Carefully put together HTML, Cascading Style Sheet ( CSS ), Image, and JavaScript Files.

 

Stolen Web Site

This is not one one of those times as I lack any originality bone.

Went online and wasted a couple of hours looking for static web sites.

 

Cloud Academy

The best one I found is :-

cloudacademy/static-website-example
Link

Download Artifacts

Download the artifact

Extract

The artifact is a compressed zip file.

Using 7-Zip extracted the files.

 

Amazon/AWS

Console

Using a web browser, connected to the AWS Console.

S3

From the list of services, chose S3.

S3 Bucket

S3 Bucket – Create

Created a new S3 Bucket.

S3 Bucket – Create – Outline
  1. Tab :- Name and Region
    • Please offer a unique bucket name
    • Please choose the region
  2. Tab :- Configure Options
    • Versioning
      • Versioning is left at default of OFF
        • Test Site, no need for versioning
        • For actual site, will use GitHub for Development purpose
    • Server Access Logging
      • Server Access Logging is left at default of OFF
      • If actual site, will enable to track usage
    • Tags
      • Tagging is useful, but definitely not essential
      • Lone Tag
        • Usage –> website
  3. Tab :- Permissions
    • Public Access
      • Turn off block “Public Access
  4. Tab :- Review
    • Review options
S3 Bucket – Name

Please keep in mind that there are some hard rules in terms of naming a bucket.

Some of those rules are :-

  1. The bucket name has to be world unique
  2. It can not contain any upper case character
S3 Bucket – Region

Please choose a region that is proximate to other services that you will be hosting and to your customers.

 

Images

Image – Create Bucket – Tab – Name and Region

 

Image – Create Bucket – Tab – Configure Options

 

Image – Create Bucket – Tab – Set Permissions

 

Image – Create Bucket – Tab – Review

S3 Bucket – Property

Image

Here is our properties upon creating a new bucket with the choices we chose.

S3 Bucket – Property – Static website Hosting

Please choose the “Static website hosting” choice.

Outline
  1. Endpoint
  2. We have the following choices for Static website hosting
    • Use this bucket to host a website
      • The choice we want
    • Redirect Requests
      • Forward HTTP requests to another URL
    • Disable website hosting
      • Default Choice
Image
Image – Disable website hosting

Image – Use this bucket to host a website ( before filling out data )

Image – Use this bucket to host a website ( data filled out )

S3 Bucket – Permissions – Access Control List ( ACL )

S3 Bucket – Permissions – Outline
  1. Within the Bucket, please choose Permissions
  2. Within the Permissions, please choose Access Control List’
  3. Please access the “Public access” Group
  4.  Public Access Group
    • On the “Everyone” group, please check radio button
    • Everyone Group
      • In the “Access the Objects” group-box
        • Check the “List Objects” option
        • Leave the “Write Objects” option off
      • In the “Buckets ACL” group-box
        • Check the “Read buckets permissions” option
        • Leave the “Write buckets permissions” option off
S3 Bucket – Permissions – Images
S3 Bucket – Permissions – Access Control List – No Public Access

 

S3 Bucket – Permissions – Access Control List – Everyone ( Initial )

 

S3 Bucket – Permissions – Access Control List – Access to Objects

 

S3 Bucket – Permissions – Access Control List – Access to Bucket’s ACL

 

S3 Bucket – Permissions – Bucket Policy

Outline
  1. Within the Bucket, please choose Permissions
  2. Within the Permissions, please choose Bucket Policy
  3. Please paste a generic bucket policy
    • Ensure that the bucket’s name is explicitly noted
Policy
Actual Policy

Here is the policy we used :-


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadForGetBucketObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::cloudacademylabswebsitestaticexamplebyda/*"
        }
    ]
}

 

Explanation
  1. Version :- 2012-10-17
  2. Statement
    • Sid :-
      • Statement ID
      • Sample :- PublicReadForGetBucketObjects
    • Effect
      • Syntax :- Allow
    • Principal
      • Syntax :- *
    • Action :-
      • Syntax :- s3:GetObject
    • Resource :-
      • Syntax :- arn:aws:s3:::[bucket-name]/*
      • Sample :- arn:aws:s3:::cloudacademylabswebsitestaticexamplebyda/*
Images
Image – Policy Empty

 

Image – Policy Entered

 

S3 Bucket – Upload Material

Using an S3 Client please upload the website artifacts.

S3 Browser

Our quick tool for S3 Bucket management is S3 Browser.

Launched it and uploaded the extracted files.

Please keep in mind to maintain the folder structure.

S3Browser.01.20190527.1112AM.PNG

Summary

Again, no work here.

Stole code from Cloud Academy ( https://github.com/cloudacademy/static-website-exampleLink ).

References

  1. AWS
    • AWS Documentation » Amazon Simple Storage Service (S3) » Developer Guide » Hosting a Static Website on Amazon S3 » Example Walkthroughs – Hosting Websites on Amazon S3 »
      • Example: Setting up a Static Website
        Link
    • AWS Documentation » Amazon Simple Storage Service (S3) » Developer Guide » Managing Access Permissions to Your Amazon S3 Resources » Using Bucket Policies and User Policies » Bucket Policy Examples
      • Bucket Policy Examples
        Link
    • AWS Security Blog
      • Kai Zhao
        • IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
          Link

SQL Server Agent on AWS/RDS

Background

There is quite a bit of SQL Server management surface area that is not available when running on AWS/RDS.

 

Surface Area

For instance with SQL Server Agent :-

  1. SQL Server Agent
    • Category
      • Add new category
        • API
          • sp_add_category
        • Error
          • Msg 229, Level 14, State 5, Procedure msdb.dbo.sp_add_category
          • The EXECUTE permission was denied on the object ‘sp_add_category’, database ‘msdb’, schema ‘dbo’.
    • Job Step
      • Fetch Job Steps
        • API
          • SELECT * FROM msdb.dbo.sysjobsteps
        • Error
          • Msg 229, Level 14, State 5, Line 71
          • The SELECT permission was denied on the object ‘sysjobsteps’, database ‘msdb’, schema ‘dbo’.

 

Scripting

In terms of scripting, SQL Server Agent is not accessible in an AWS/RDS Environment.