Reference no: EM133763014
Cloud Computing
Create a VPC and a public subnet (use instructions from Lab 3)
Create a VPC with Internet gateway, plus a public subnet and a public Route table. Include your first name in all of them. Associate Route table with the public Subnet.
Take a full and clear screenshot of your VPC's entire Resource map (5 marks)
Launch an EC2 instance based on Amazon Linux inside your new VPC and public subnet. Note: Make sure your account is eligible for the Free Tier, and that you use Free Tier eligible services when launching the instance.
Connect to the EC2 instance using SSH client.
Take a full screenshot of the Linux prompt upon successful connection (5 marks)
Create a S3 bucket (instructions from Lab 4, until bucket is created)
Go to S3 dashboard to create a bucket. Include your first name in the bucket name.
Under the bucket Permissions, use the Bucket policy previously discussed in Lab 4.
Create an endpoint using the VPC dashboard
Open the Amazon VPC dashboard.
In the navigation pane, choose Endpoints. Then choose Create endpoint.
For Service category, choose AWS services.
In Services, filter for Type= Gateway and select the option com.amazonaws.region.s3 Note: If your region is Asia Pacific (Sydney), region would be ap-southeast-2
For VPC, and Route table, select the VPC and public subnet you created in step 1.
For Policy, select Full access to allow all operations by all principals on all resources over the VPC endpoint.
Choose Create endpoint.
Take another screenshot of VPC's Resource Map; show the new endpoint (4 marks)
Create an IAM instance profile that grants access to Amazon S3
Open the IAM dashboard.
Choose Roles, and then choose Create role.
Select AWS Service and then choose EC2 under Use Case.
Select Next to go to Add permissions.
Search and select AmazonS3FullAccess policy to allow EC2 access your S3 buckets.
Next, enter a Role name and include your first name in it, e.g., name-EC2-role.
Take a screenshot of the Role details to show Role name and Description (4 marks)
Attach the IAM instance profile to the EC2 instance
Open the Amazon EC2 dashboard and navigate to instances.
Select the EC2 instance created in step 1. Attach the IAM role created in step 4 using:
Choose the Actions tab, choose Security, and then choose Modify IAM role.
Select the IAM role that you just created, and then Update IAM role. The IAM role is assigned to your EC2 instance.
Update your bucket policy to restrict bucket permissions to your EC2 instance
For the bucket created in step 2, under the bucket permissions edit Bucket policy, and change the policy code to the code shown below, and then save changes.
Note: Replace your-bucket-name with the name of your S3 bucket and vpce-xxxxxxxxxx with the ID of the VPC endpoint (created in step 3) that attached to your EC2 instance.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*", "Resource": [
"arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*"
],
"Condition": { "StringEquals": {
"aws:SourceVpce": "vpce-xxxxxxxxxx"
}
}
}
]
}
Take a full and clear screenshot of your bucket policy (4 marks)
Explain briefly in your report, what are the TWO main differences between the updated bucket policy in step 6, and the previous policy that was used in step 2 (4 marks)
Access your S3 from the EC2 instance, in Lunix prompt
Use the Linux command below to list all S3 buckets, including the one created in step 2:
aws s3 ls
List file (or files) in the new bucket created in step 2:
aws s3 ls s3://your-bucket-name
List any EC2 files:
ls
Get the file in the bucket created in step 2 (e.g., name.txt):
aws s3 cp s3://your-bucket-name/name.txt .
Then again list the files in EC2:
ls -l
Finally delete the file from EC2:
rm name.txt
Completion
Terminate the EC2. Submit a PDF copy of answers containing the screenshots and descriptions via Moodle LMS. Include a one liner caption on the top of each screenshot, to describe its contents. Number the captions (e.g. Screenshot 1. VPC Resource map) etc etc.