Mounting an Elastic File System using TLS on 2 EC2 instances

.gitignore

 ________  ________  ___  __    ___     
|\_____  \|\   __  \|\  \|\  \ |\  \    
 \|___/  /\ \  \|\  \ \  \/  /|\ \  \   
     /  / /\ \   __  \ \   ___  \ \  \  
    /  /_/__\ \  \ \  \ \  \\ \  \ \  \ 
   |\________\ \__\ \__\ \__\\ \__\ \__\
    \|_______|\|__|\|__|\|__| \|__|\|__|
                                                
                                        

Other cloud platforms such as GCP, Azure.

README.md

Mounting an Elastic File System using TLS on two EC2 instances - Hands-on

I'm currently preparing AWS Certified Solution Architect - Associate certificate.
The following gist is intended to AWS users to learn more about Amazon Elastic Compute Cloud.
I performed this setup on my Ubuntu 18.04.2 LTS.
To check your OS version, execute $ lsb_release -a in your Terminal.

Installations

None. Just log into your AWS management console, https://console.aws.amazon.com.
You'll need to perform several tasks in your CLI regarding SSH keygen, so make sure you check the following prerequisites.

Prerequisites

First, make sure Oracle jdk is installed. I recommend java 1.8.0
To uninstall effectively your current jdk, perform this:
$ sudo apt-get remove openjdk*
$ sudo apt-get remove --auto-remove openjdk*
$ sudo apt-get purge openjdk*
$ sudo apt-get purge --auto-remove openjdk*

To install java 1.8.0, open Terminal Ctrl+Alt+T and run the command:
$ sudo add-apt-repository ppa:webupd8team/java // adds PPA repository
$ sudo apt-get update // updates package list
$ sudo apt-get install openjdk-8-jdk // installs openjdk


$ javac -version // shows your new java version

Author

• Isaac Arnault - AWS Cloud series - Related tags: #EC2 #TLS #AWSCLI #Linux

EFS_EC2.md

With this tutorial we'll try to make two EC2 instances share the same EFS to launch a simple web server.

We can skip Part 1 if we have a User and Group already provisioned via IAM.

Part 1 : create a User and a Group using IAM

• We log into our AWS management console using $ https://console.aws.amazon.com.
  

I'm using MFA to secure my root account access coupled with Google Authenticator on my Android smartphone.

We can bypass this step and login normally to AWS Management Console.

🔴 See output

We go to Services > IAM > Users > Add user

User name : user-1

Access type : Programmatic access

🔴 See output

Next : Permissions > Create group

Group name : Developers

Administrator Access > Create group

🔴 See output

Next : Tags

Key: dev-1 | Value: name of the developer

Create user

🔴 See output

Download .csv (you're going to use these credentials later on in this tutorial)

• We write down our Access key ID and Secret access key > close the window
  

🔴 See output

• Now in Groups we should have one group named Developers which should list user-1.

🔴 See output

---

Part 2 : create an Elastic File System (EFS)

Sercices > Storage > EFS

Configure file system access

🔴 See output

Configure optional settings

Optional - We enable encryption of data at rest.

🔴 See output

Review and create

🔴 See output

---

Part 3 : deploy 2 EC2 instances using a custom script

Services > EC2

• In "Create Instance" section click on "Launch Instance"
  

We're going to choose 2 instances

• We welect Amazon Linux 2 AMI (HVM), SSD Volume Type
  

• Instance type: choose t2.micro (Free tier eligible). Instance comes with 1vCPU and 1 GiB (memory).
  

Next: Configure instance details

We choose to deploy 2 instances and we provision the Advanced details section with the following script:

🔵 See script

#!/bin/bash
yum update -y
yum install httpd -y
service httpd start
chkconfig httpd on
yum install amazon-efs-utils -y

• We leave all fields as they're by default, we just Enable termination protection.
  

🔴 See output

Next : Add Storage

• We leave all fields as they're by default.
  

Next : Configure Security Group

• We create a new security group > Security group name: dev-group > Description : Developers Security Group > Review and launch > Launch > Create New Key Pair > Key Pair Name : EC2KP > Download Key Pair.

🔴 See output

Launch Instances > View Instances

• We rename both instances respectively to "EC2 - EFS - Instance 1" and "EC2 - EFS - Instance 2".
  

🔴 See output

• At this point of the tutorial, we should have one Elastic File System (EFS), two running EC2 instances, a User and a Group created via IAM.

---

Part 4 : use the Command Line Interface to connect to both EC2 instances

We should remember that we've downloaded an EC2KP.pem file earlier. We will now move this file to a newly created directory.

Ctrl + Alt + T to open a new CLI window

$ cd Desktop > $ mkdir SSH - Creates an SSH directory to store our Key Pair (credentials).

$ cd Downloads > $ sudo mv /home/zaki/Downloads/EC2KP.pem /home/zaki/Desktop>SSH

• Go to your SSH directory and check that the file persists there : $ cd Desktop/SSH > ls
  

• We change the permissions to .pem file, ie: $ chmod 400 EC2KP.pem.
  

🔴 See output

• We will now connect to both EC2 instances using our CLI : we open two seperate windows
  

• Use : $ ssh ec2-user@your-ipv4-public-address -i EC2KP.pem.
  

• Type "yes" when prompted by the CLI
  

🔴 See output

• Go in root mode : $ sudo su and use $ aws s3 ls. The last command should return "Unable to locate credentials. We can configure credentials by running "aws configure".
  

To use your provided credentials use : $ aws configure

Remember that we wrote down our Access Key ID and Secret access key when creating our EC2 Instances. We use the provided credentials.

• We connect to both EC2 instances using the following command:

$ ssh ec2-user@your-ipv4-address -i EC2KP.pem

• We provide Access Key ID > AWS Secret Access Key > Default region name (use the Availability Zone of our EC2 instance, ie : us-east-1) > default output format : we can use "text" or "json". In this tutorial we use "json".
  

🔴 See output

---

Important
If buckets do not show up, we can go to Users > Security credentials > Create a new access key. Or we can create a new EC2 instance and restart the procedure in our `AWS` CLI.

When you Create access key, you'll have to download a file "access.Keys.csv".

Part 5 : Mount the EFS on both EC2 instances

On EC2 - EFS - Instance 1 SSH, use :

$ ssh ec2-user@your-ipv4-address -i EC2KP.pem

$ sudo su

$ cd /var/www/html

$ mount -t efs -o tls fs-ID:/ /var/www/html

We're going to create a single web page in order to check later on if it appears on the other EC2 instance SSH.

$ cd html

echo "<html><h1>Hello World</h1></html>" > index.html

To verify that the web page was correctly created, we can perform a simple $ ls or we can connect to our EC2 - EFS - Instance 1 IPv4 Public IP in our browser.

🔴 See output

To check if EC2 - EFS - Instance 2 is sharing the same EFS as EC2 - EFS - Instance 1, we perform the following commands in our EC2 - EFS - Instance 2 SSH:

$ ssh ec2-user@your-ipv4-address -i EC2KP.pem

$ sudo su

$ cd /var/www/html

$ mount -t efs -o tls fs-ID:/ /var/www/html

Note that we did not create an index.html file. Perform a simple ls and check if the index.html created in EC2 - EFS - Instance 1 appears.

If the file appears, it means that both EC2 instances share the same EFS. To make sure everything went fine, we can perform in our EC2 - EFS - Instance 2 SSH:

$ echo "This tutorial works" > testfile.txt

🔴 See output

You can also use EC2 - EFS - Instance 1 and EC2 - EFS - Instance 2 IPv4 Public IP in your web browser. Both queries should append a unique index.html file and retrieve the same web page.

🔴 See output

---

I hoped you enjoyed this gist. Please fork it and feel free to spread the word about it. Thanks.