Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Mounting an Elastic File System using TLS on 2 EC2 instances
________ ________ ___ __ ___
|\_____ \|\ __ \|\ \|\ \ |\ \
\|___/ /\ \ \|\ \ \ \/ /|\ \ \
/ / /\ \ __ \ \ ___ \ \ \
/ /_/__\ \ \ \ \ \ \\ \ \ \ \
|\________\ \__\ \__\ \__\\ \__\ \__\
\|_______|\|__|\|__|\|__| \|__|\|__|
Other cloud platforms such as GCP, Azure.

Mounting an Elastic File System using TLS on two EC2 instances - Hands-on

Project Status: Concept – Minimal or no implementation has been done yet, or the repository is only intended to be a limited example, demo, or proof-of-concept.

I'm currently preparing AWS Certified Solution Architect - Associate certificate.
The following gist is intended to AWS users to learn more about Amazon Elastic Compute Cloud.
I performed this setup on my Ubuntu 18.04.2 LTS.
To check your OS version, execute $ lsb_release -a in your Terminal.

Installations

None. Just log into your AWS management console, https://console.aws.amazon.com.
You'll need to perform several tasks in your CLI regarding SSH keygen, so make sure you check the following prerequisites.

Prerequisites

First, make sure Oracle jdk is installed. I recommend java 1.8.0
To uninstall effectively your current jdk, perform this:
$ sudo apt-get remove openjdk*
$ sudo apt-get remove --auto-remove openjdk*
$ sudo apt-get purge openjdk*
$ sudo apt-get purge --auto-remove openjdk*

To install java 1.8.0, open Terminal Ctrl+Alt+T and run the command:
$ sudo add-apt-repository ppa:webupd8team/java // adds PPA repository
$ sudo apt-get update // updates package list
$ sudo apt-get install openjdk-8-jdk // installs openjdk

java-8.png
$ javac -version // shows your new java version

Author

  • Isaac Arnault - AWS Cloud series - Related tags: #EC2 #TLS #AWSCLI #Linux

With this tutorial we'll try to make two EC2 instances share the same EFS to launch a simple web server.

We can skip Part 1 if we have a User and Group already provisioned via IAM.

Part 1 : create a User and a Group using IAM

  • We log into our AWS management console using $ https://console.aws.amazon.com.

I'm using MFA to secure my root account access coupled with Google Authenticator on my Android smartphone.

We can bypass this step and login normally to AWS Management Console.

πŸ”΄ See output

isaac-arnault-AWS-1.jpg

We go to Services > IAM > Users > Add user

  • User name : user-1

  • Access type : Programmatic access

  • πŸ”΄ See output

    isaac-arnault-AWS-16.png

    Next : Permissions > Create group

  • Group name : Developers

  • Administrator Access > Create group

    πŸ”΄ See output

    isaac-arnault-AWS-17.png

    Next : Tags

  • Key: dev-1 | Value: name of the developer

  • Create user

    πŸ”΄ See output

    isaac-arnault-AWS-18.png

    Download .csv (you're going to use these credentials later on in this tutorial)

    • We write down our Access key ID and Secret access key > close the window
    πŸ”΄ See output

    isaac-arnault-AWS-28.png

    • Now in Groups we should have one group named Developers which should list user-1.
    πŸ”΄ See output

    isaac-arnault-AWS-20.png


    Part 2 : create an Elastic File System (EFS)

    Sercices > Storage > EFS

    Configure file system access

    πŸ”΄ See output

    isaac-arnault-AWS-37.png

    Configure optional settings

    Optional - We enable encryption of data at rest.

    πŸ”΄ See output

    isaac-arnault-AWS-38.png

    Review and create

    πŸ”΄ See output

    isaac-arnault-AWS-39.png


    Part 3 : deploy 2 EC2 instances using a custom script

    Services > EC2

    • In "Create Instance" section click on "Launch Instance"

    We're going to choose 2 instances

    • We welect Amazon Linux 2 AMI (HVM), SSD Volume Type

    • Instance type: choose t2.micro (Free tier eligible). Instance comes with 1vCPU and 1 GiB (memory).

    Next: Configure instance details

    We choose to deploy 2 instances and we provision the Advanced details section with the following script:

    πŸ”΅ See script

    #!/bin/bash
    yum update -y
    yum install httpd -y
    service httpd start
    chkconfig httpd on
    yum install amazon-efs-utils -y

    • We leave all fields as they're by default, we just Enable termination protection.
    πŸ”΄ See output

    isaac-arnault-AWS-40.png

    Next : Add Storage

    • We leave all fields as they're by default.

    Next : Configure Security Group

    • We create a new security group > Security group name: dev-group > Description : Developers Security Group > Review and launch > Launch > Create New Key Pair > Key Pair Name : EC2KP > Download Key Pair.
    πŸ”΄ See output

    isaac-arnault-AWS-21.png

    Launch Instances > View Instances

    • We rename both instances respectively to "EC2 - EFS - Instance 1" and "EC2 - EFS - Instance 2".
    πŸ”΄ See output

    isaac-arnault-AWS-42.png

    • At this point of the tutorial, we should have one Elastic File System (EFS), two running EC2 instances, a User and a Group created via IAM.

    Part 4 : use the Command Line Interface to connect to both EC2 instances

    We should remember that we've downloaded an EC2KP.pem file earlier. We will now move this file to a newly created directory.

    Ctrl + Alt + T to open a new CLI window

    $ cd Desktop > $ mkdir SSH - Creates an SSH directory to store our Key Pair (credentials).

    $ cd Downloads > $ sudo mv /home/zaki/Downloads/EC2KP.pem /home/zaki/Desktop>SSH

    • Go to your SSH directory and check that the file persists there : $ cd Desktop/SSH > ls

    • We change the permissions to .pem file, ie: $ chmod 400 EC2KP.pem.

    πŸ”΄ See output

    isaac-arnault-AWS-23.png

    • We will now connect to both EC2 instances using our CLI : we open two seperate windows

    • Use : $ ssh ec2-user@your-ipv4-public-address -i EC2KP.pem.

    • Type "yes" when prompted by the CLI

    πŸ”΄ See output

    isaac-arnault-AWS-24.png

    • Go in root mode : $ sudo su and use $ aws s3 ls. The last command should return "Unable to locate credentials. We can configure credentials by running "aws configure".

    To use your provided credentials use : $ aws configure

    Remember that we wrote down our Access Key ID and Secret access key when creating our EC2 Instances. We use the provided credentials.

    • We connect to both EC2 instances using the following command:

    $ ssh ec2-user@your-ipv4-address -i EC2KP.pem

    • We provide Access Key ID > AWS Secret Access Key > Default region name (use the Availability Zone of our EC2 instance, ie : us-east-1) > default output format : we can use "text" or "json". In this tutorial we use "json".
    πŸ”΄ See output

    isaac-arnault-AWS-43.png


    Important
    If buckets do not show up, we can go to Users > Security credentials > Create a new access key. Or we can create a new EC2 instance and restart the procedure in our `AWS` CLI.

    When you Create access key, you'll have to download a file "access.Keys.csv".

    Part 5 : Mount the EFS on both EC2 instances

    On EC2 - EFS - Instance 1 SSH, use :

    $ ssh ec2-user@your-ipv4-address -i EC2KP.pem

    $ sudo su

    $ cd /var/www/html

    $ mount -t efs -o tls fs-ID:/ /var/www/html

    We're going to create a single web page in order to check later on if it appears on the other EC2 instance SSH.

    $ cd html

    echo "<html><h1>Hello World</h1></html>" > index.html

    To verify that the web page was correctly created, we can perform a simple $ ls or we can connect to our EC2 - EFS - Instance 1 IPv4 Public IP in our browser.

    πŸ”΄ See output

    isaac-arnault-AWS-44.png

    To check if EC2 - EFS - Instance 2 is sharing the same EFS as EC2 - EFS - Instance 1, we perform the following commands in our EC2 - EFS - Instance 2 SSH:

    $ ssh ec2-user@your-ipv4-address -i EC2KP.pem

    $ sudo su

    $ cd /var/www/html

    $ mount -t efs -o tls fs-ID:/ /var/www/html

    Note that we did not create an index.html file. Perform a simple ls and check if the index.html created in EC2 - EFS - Instance 1 appears.

    If the file appears, it means that both EC2 instances share the same EFS. To make sure everything went fine, we can perform in our EC2 - EFS - Instance 2 SSH:

    $ echo "This tutorial works" > testfile.txt

    πŸ”΄ See output

    isaac-arnault-AWS-46.png

    You can also use EC2 - EFS - Instance 1 and EC2 - EFS - Instance 2 IPv4 Public IP in your web browser. Both queries should append a unique index.html file and retrieve the same web page.

    πŸ”΄ See output

    isaac-arnault-AWS-46.png


    I hoped you enjoyed this gist. Please fork it and feel free to spread the word about it. Thanks.

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    You can’t perform that action at this time.