Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.That means developers can increase or decrease capacity within minutes, and the application can automatically scale itself up and down depending on its needs because it is controlled with web service APIs. Amazon
You can only pay for the capacity that you only use, as result amazon Ec2 changes the economics of computing. Amazon EC2 provides developers with the tools to build failure resilient applications and isolate them from common failure scenarios.
The Task lists for the module 5:
- To create policy for the DynamoDB and SQS by using IAM services and Role for EC2 Instance
- To create Amazon Ec2 instance for web server and queue server
- To connect remotely to the Web Server and Install IIS, asp.NET 4.5 (including developer stuff), HTTP connectors and windows authentication role services
- To publish Dinostore application and move it from local machine to AWS Cloud Platform
The architecture of the project:
Steps for the task: To create policy for the DynamoDB and SQS by using IAM services and Role for EC2 Instance
In this task, You will create roles and policies for accessing amazon services using Amazon IAM so that applications running on EC2 instances don’t have to have credentials baked into the code
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources for your users. IAM features to securely give applications that run on EC2 instances the credentials that they need in order to access other AWS resources, like S3 buckets and RDS or DynamoDB databases. You can grant other people permission to administer and use resources in your AWS account without having to share your password or access key.
- In the IAM dashboard, Go to the policy. Click “Create Policy“
- Create a policy by selecting “Policy Generator“. You need to create a policy that allows DynamoDB to delete items, describable, get the item, put the item, update the item.
- Another role for Amazon SQS delete the message, delete message batch, get queue URL, receive the message, send the message, send message batch.
- After clicking next step, now you need to set policy name in the policy review page. Click “Create Policy” for creating the policy of DynamoSqsPolicy. Note: Policy Name must contain only alphanumeric characters and/or the following: +=,.@-_
- Now you need to create a role for Amazon EC2 Instance, and this role will be attached to the newly created policy. Go to the “Amazon IAM” dashboard and click “Roles“. Then click “Create new role“.
- Click “Next Step“. Select Role type = Amazon EC2.
- Now we will attach our newly created policy under the New role “WebServerRole“. Select the attach policy: “DynamosqsPolicy” and then click “Next Step”
- Now review the policy and click “Create role”.
Steps for the task: To create Amazon Ec2 instance for web server and queue server
In this step, I will demonstrate the two new instance for the web server and queue server. I will configure operating system windows server 2012 R2 for both instances.
- Go to EC2 from Services Menu in the Amazon Management Console. Click “Launch Instance”. Select “Microsoft Windows Server 2012 R2 Base” as Amazon Machine Image(AMI) and click on select.
- Put the IAM role that we made recently “WebServerRole” for this new EC2 instance while configuring.
- In this step, you need to configure a security group for your EC2 instance of Web server which will allow or deny inbound and outbound traffic in your network.
- Your new EC2 Instance for web server will be ready in a minute. Now you need to create another instance for handling your queue server. Queue server will handle the order processor application. The application will fetch the message from the queue and store it in the database after polling it.
- To create a new queue server, follow the previous same steps of the EC2 instance that we created for the web server. The only difference is the security group. You need to configure new security group for the Queue Server because this security will handle a different kind of traffic for inbound and outbound.
Steps for the task: To connect remotely to the Web Server and Install IIS, asp.NET 4.5 (including developer stuff), HTTP connectors and windows authentication role services
In this task, I will demonstrate how to login into the EC2 web server from your local machine. And I will install IIS, asp.NET 4.5 (including developer stuff), HTTP connectors and windows authentication role services components.
- From the Ec2 dashboard, Click Instance and select”dinostore webserver” Instance. Then click Connect. You will get “Connect to your Instance” Wizard. Now “Download Remote Desktop file” and In “Get Password“, upload your key pair and “Decrypt Password” for getting the password to login on the WebServer machine.
- Now login your web server instance with the decrypted password through RDP connection.
- In this step, we will install Web Server (IIS), ASP.NET 4.5, Windows Authentication from the windows server 2012 R2 Add roles and features configuration.
Steps for the task: To publish Dinostore application and move it from local machine to AWS Cloud Platform
In this task, I will show you how to publish Dinostore Project as a file to any folder. And this file will be retrieved from RDP into your web server. And I will expose the drive via the RDP setting where I stored the published web files.
- Go to your Microsoft Visual Studio. Open your DinoStore Project. Click the right point of your mouse on “NET701 Dinostore” in the Solution explorer. select “publish“.
- Now select the publish method “File system” and give a specific target location in the connection setup. Note: Make sure you expose the drive(via the RDP settings) where you stored the published web files.
- After your file is published, you need to copy it to the web server instance into C:\inetpub\wwwroot folder.
- In this step, IIS access the file that you published from your Visual Studio and It will be entered into your web server. Copy the file from the location where you published and paste it “C:\inetpub\wwwroot” on the web server.
- Go to Windows IIS. In IIS right click on your newly copied folder in “C:\inetpub\wwwroot“, and select ‘Convert to Application’
- Now You need to delete Access key and your secret key from your source code’ We.Config file” because it is not a good idea to put access key in the code. If you put your access key to your code, anyone can get those key and access your confident data. It is the vulnerable idea for security.
- Paste the following link into your browser to the web server. (http://169.254.169.254/latest/meta-data/iam/security-credentials/WebServerRole ). Notice that your code is able to get automatic access key or not!
- Go to your Web Server on the cloud.open the IIS Manager,. Highlight your website in the connections pane and Go into ‘Content View’. Then Right click on ‘Default.aspx‘, and browse. Remember your website should now be running on your server.
- Test out the various aspects: inspect elements (should show S3 source), add an item to your cart (uses DynamoDB).
- Now We will test our website over the Internet. Copy the public DNS string of your web server and paste it into the browser of your local machines. Now add ‘/YOUR WEBSITE NAME/’ E.g. /NET702.DinoStore/ to the generic URL above and you should now see your DinoStore website. Note the IP of the server on the top left – this matches your internal address of your web server instance.
Now I will show to move Queue Server in the AWS.First of all, You need to publish the Net702 Order Processor project file from Visual Studio. The work procedure is the same like Net702 Dinostore.
- Go to your Visual Studio.Release the project before publishing from the top of visual studio.
- Now publish the NET702.DinoStore.OrderProcessor right clicks on your mouse from Solution explorer location.
- .After published, copy the published file from your local location to any location of queue server. Then Make a shortcut of your setup.exe file. You need to create a shortcut of your setup.exe file and copy the shortcut to C:\ProgramData\Microsoft\Windows\Start Menu\Programs location of your queue server. Note: In general, this order processor publish file would be set up as a windows service, but in this case, we are just running it as an application at startup.
- In this step, You need to Run the application. In MySQL, connect to the AWS DinoStore database and check your order table. There may be your previous order list from earlier.
- Now you need to open up your cloud websites, add some dinosaurs to your cart and check out dinosaurs with your card details. Note: Check whether your RDP session is ready to access the web server or not! As you see in the following snapshot, one session is ready when I add the item to my cart.
- If you check your queue application, You will able to see your queue application fetching your request message and deleting it from the queue and store the data in the item table in your MySQL database. You should have seen the ‘Queue messages received: count is 1’ and then the ‘Queue message(s) deleted’ lines come up on the console.
- Now you can view that the details about our recent selling (Check out) are updated into the database automatically. Execute a select SQL query on the order of your MySQL database.
Congratulations! Your locally developed website is moved to the cloud system after complete this module. Now you can publicly access your website from any machines in the world if that machine has Internet service.
Problem and solution:
Problem 1: If you come across the following error that I show the following snapshot, You just need to follow some steps.
Solutions: You need to install “ASP.NET 4.5” and “.NET extensibility” from Add Roles and Features from your WebServer Windows 2012 R2. I hope the problem will be solved. You also need to Active session state for your Internet Information Services (IIS) manager. It will help you to solve any session related error when you will run your website first time in the cloud.
Problem 2: If your order processing application fails to pull up the message from the queue and delete it from the queue. Or you get the following screenshot Runtime Error. Check the following solution.
Solution: Check your security group rules setup for inbound traffic for Web Server security and Queue Server. Define the Inbound rules for all traffics that will be shared between each other.
You can visit youtube LAB 5 Screencast
The next Module I will discuss “Creating and using AMIs”
Thank you 🙂