You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mounting an Elastic File System using TLS on two EC2 instances - Hands-on
I'm currently preparing AWS Certified Solution Architect - Associate certificate.
The following gist is intended to AWS users to learn more about Amazon Elastic Compute Cloud.
I performed this setup on my Ubuntu 18.04.2 LTS.
To check your OS version, execute $ lsb_release -a in your Terminal.
Installations
None. Just log into your AWS management console, https://console.aws.amazon.com.
You'll need to perform several tasks in your CLI regarding SSH keygen, so make sure you check the following prerequisites.
Prerequisites
First, make sure Oracle jdk is installed. I recommend java 1.8.0
To uninstall effectively your current jdk, perform this: $ sudo apt-get remove openjdk* $ sudo apt-get remove --auto-remove openjdk* $ sudo apt-get purge openjdk* $ sudo apt-get purge --auto-remove openjdk*
To install java 1.8.0, open Terminal Ctrl+Alt+T and run the command: $ sudo add-apt-repository ppa:webupd8team/java // adds PPA repository $ sudo apt-get update // updates package list $ sudo apt-get install openjdk-8-jdk // installs openjdk
$ javac -version // shows your new java version
Author
Isaac Arnault - AWS Cloud series - Related tags: #EC2 #TLS #AWSCLI #Linux
With this tutorial we'll try to make two EC2 instances share the same EFS to launch a simple web server.
We can skip Part 1 if we have a User and Group already provisioned via IAM.
Part 1 : create a User and a Group using IAM
We log into our AWS management console using $ https://console.aws.amazon.com.
I'm using MFA to secure my root account access coupled with Google Authenticator on my Android smartphone.
We can bypass this step and login normally to AWS Management Console.
π΄ See output
We go to Services > IAM > Users > Add user
User name : user-1
Access type : Programmatic access
π΄ See output
Next : Permissions > Create group
Group name : Developers
Administrator Access > Create group
π΄ See output
Next : Tags
Key: dev-1 | Value: name of the developer
Create user
π΄ See output
Download .csv (you're going to use these credentials later on in this tutorial)
We write down our Access key ID and Secret access key > close the window
π΄ See output
Now in Groups we should have one group named Developers which should list user-1.
π΄ See output
Part 2 : create an Elastic File System (EFS)
Sercices > Storage > EFS
Configure file system access
π΄ See output
Configure optional settings
Optional - We enable encryption of data at rest.
π΄ See output
Review and create
π΄ See output
Part 3 : deploy 2 EC2 instances using a custom script
Services > EC2
In "Create Instance" section click on "Launch Instance"
We're going to choose 2 instances
We welect Amazon Linux 2 AMI (HVM), SSD Volume Type
Instance type: choose t2.micro (Free tier eligible). Instance comes with 1vCPU and 1 GiB (memory).
Next: Configure instance details
We choose to deploy 2 instances and we provision the Advanced details section with the following script:
π΅ See script
#!/bin/bash
yum update -y
yum install httpd -y
service httpd start
chkconfig httpd on
yum install amazon-efs-utils -y
We leave all fields as they're by default, we just Enable termination protection.
π΄ See output
Next : Add Storage
We leave all fields as they're by default.
Next : Configure Security Group
We create a new security group > Security group name: dev-group > Description : Developers Security Group > Review and launch > Launch > Create New Key Pair > Key Pair Name : EC2KP > Download Key Pair.
π΄ See output
Launch Instances > View Instances
We rename both instances respectively to "EC2 - EFS - Instance 1" and "EC2 - EFS - Instance 2".
π΄ See output
At this point of the tutorial, we should have one Elastic File System (EFS), two running EC2 instances, a User and a Group created via IAM.
Part 4 : use the Command Line Interface to connect to both EC2 instances
We should remember that we've downloaded an EC2KP.pem file earlier. We will now move this file to a newly created directory.
Ctrl + Alt + T to open a new CLI window
$ cd Desktop > $ mkdir SSH - Creates an SSH directory to store our Key Pair (credentials).
$ cd Downloads > $ sudo mv /home/zaki/Downloads/EC2KP.pem /home/zaki/Desktop>SSH
Go to your SSH directory and check that the file persists there : $ cd Desktop/SSH > ls
We change the permissions to .pem file, ie: $ chmod 400 EC2KP.pem.
π΄ See output
We will now connect to both EC2 instances using our CLI : we open two seperate windows
Use : $ ssh ec2-user@your-ipv4-public-address -i EC2KP.pem.
Type "yes" when prompted by the CLI
π΄ See output
Go in root mode : $ sudo su and use $ aws s3 ls. The last command should return "Unable to locate credentials. We can configure credentials by running "aws configure".
To use your provided credentials use : $ aws configure
Remember that we wrote down our Access Key ID and Secret access key when creating our EC2 Instances. We use the provided credentials.
We connect to both EC2 instances using the following command:
$ ssh ec2-user@your-ipv4-address -i EC2KP.pem
We provide Access Key ID > AWS Secret Access Key > Default region name (use the Availability Zone of our EC2 instance, ie : us-east-1) > default output format : we can use "text" or "json". In this tutorial we use "json".
π΄ See output
Important
If buckets do not show up, we can go to Users > Security credentials > Create a new access key. Or we can create a new EC2 instance and restart the procedure in our `AWS` CLI.
When you Create access key, you'll have to download a file "access.Keys.csv".
Part 5 : Mount the EFS on both EC2 instances
On EC2 - EFS - Instance 1 SSH, use :
$ ssh ec2-user@your-ipv4-address -i EC2KP.pem
$ sudo su
$ cd /var/www/html
$ mount -t efs -o tls fs-ID:/ /var/www/html
We're going to create a single web page in order to check later on if it appears on the other EC2 instance SSH.
To verify that the web page was correctly created, we can perform a simple $ ls or we can connect to our EC2 - EFS - Instance 1 IPv4 Public IP in our browser.
π΄ See output
To check if EC2 - EFS - Instance 2 is sharing the same EFS as EC2 - EFS - Instance 1, we perform the following commands in our EC2 - EFS - Instance 2 SSH:
$ ssh ec2-user@your-ipv4-address -i EC2KP.pem
$ sudo su
$ cd /var/www/html
$ mount -t efs -o tls fs-ID:/ /var/www/html
Note that we did not create an index.html file. Perform a simple ls and check if the index.html created in EC2 - EFS - Instance 1 appears.
If the file appears, it means that both EC2 instances share the same EFS. To make sure everything went fine, we can perform in our EC2 - EFS - Instance 2 SSH:
$ echo "This tutorial works" > testfile.txt
π΄ See output
You can also use EC2 - EFS - Instance 1 and EC2 - EFS - Instance 2IPv4 Public IP in your web browser. Both queries should append a unique index.html file and retrieve the same web page.
π΄ See output
I hoped you enjoyed this gist. Please fork it and feel free to spread the word about it. Thanks.