Step 1. Create the CloudFormation YAML file AWSTemplateFormatVersion: '2010-09-09' Description: My Free Tier Parameters: KeyPair: Description: Select KeyPair Name. Type: AWS::EC2::KeyPair::KeyName Resources: DefaultVPC: Type: 'AWS::EC2::VPC' DeletionPolicy: Retain Properties: CidrBlock: '172.31.0.0/16' Tags: - Key: 'Name' Value: 'atlex00-default-VPC' DefaultSubnet: Type: 'AWS::EC2::Subnet' DeletionPolicy: Retain Properties: CidrBlock: '172.31.0.0/20' Tags: - Key: 'Name' Value: 'atlex00-default-subnet' VpcId: !Ref DefaultVPC FreeEC2Instance: Type: 'AWS::EC2::Instance' DeletionPolicy: Delete Properties: ImageId: "ami-05d34d340fb1d89e5" InstanceType: t2.micro SubnetId: !Ref DefaultSubnet BlockDeviceMappings: - DeviceName: '/dev/xvda' Ebs: VolumeType: 'gp2' VolumeSize: 8 Tags: - Key: 'Name' Value: 'free-tier' SecurityGroupIds: - !
Important terminology Stack A stack is a collection of AWS resources that you can manage as a single unit. In other words, you can create, update, or delete a collection of resources by creating, updating, or deleting stacks.
Resource Unbreakable components, like an EC2 instances, a routing table, VPC, Lambda function, etc.
The form of template file The official document was quite comprehensive for me.
Parameters: myparam: Type: String Default: foo .
I need to review Terraform sometimes, so I left a tutorial+terminology so that I can recall it quickly.
Install https://www.terraform.io/downloads https://learn.hashicorp.com/tutorials/terraform/install-cli
On Ubuntu 21:
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install terraform Check:
➜ terraform --version Terraform v1.1.2 on linux_amd64 Configure tab completion.
Concept TL;DR: DB consists of tables, and items in table have sort of “kay-value”. The main contents (attributes, ~values of key-value) is json.
Table In table, we put items. Each items has “attributes”. Every items must have a “partition key (or primary key)” attribute. Each items could have “sort key” attribute. “We can think of the parition as a folder/bucket which contains items. And the sort key orders the items within the folder/bucket.
Install AWS CLI 2 On MacOS https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html#cliv2-mac-install-cmd-all-users
% curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" % sudo installer -pkg AWSCLIV2.pkg -target / % aws --version aws-cli/2.0.18 Python/3.7.4 Darwin/19.5.0 botocore/2.0.0dev22 On Linux (Ubuntu) https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" $ unzip awscliv2.zip $ sudo ./aws/install $ aws --version aws-cli/2.4.6 Python/3.8.8 Linux/5.15.5-76051505-generic exe/x86_64.*** prompt/off ### When you want to update the CLI version ### Download the latest version (zip) and cd ./aws sudo ./install --update Create a CLI access key Login, and go IAM console.
Motivation If you use multi AWS accounts in your work environment, I hightly recommend to configure your “aws-cli profile” so that you can easily change your aws-cli account.
The only thing you need to do when you want to change your aws-cli environment is the option --profile. Very simple.
How to configure https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html
Check under ~/.aws/. You can configure multi profile.
Reference I found the good slide which contains good figures to understand AWS network.
https://de.slideshare.net/AmazonWebServicesLATAM/aws-vpc-fundamentals-webinar
Physical location From the slide 10/58.
Region consists of multi AZs (Availability Zone) An AZ consists of AZ-a, AZ-b, AZ-c, etc. AZx (x=a,b,c) consists of data centers The latency within the Region is ~2ms.
Logical network VPC: A private network like 172.31.0.0/16 across AZs (AZa, AZb, AZc). VPC subnet: Each AZx is assiend a subnet, like 172.
First thing you should decide We should decided “User pool” or “Identity pool”.
Here is the official blog post about the differences.
https://aws.amazon.com/de/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/
In a nut shell, User pools are for authentication (identify verification), and Identity pools are for authorization (access control).
I’ll try an User pool.
Future scope: integrate with AppSync.
Tutorial 1. Create an User pool I followed the link. Very easy.
https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html
Choose Manage User Pools. Manage User Pools.
Getting started Set up Go to AppSync Page. Create API. Getting Started. Customize your API or import from Amazon DynamoDB -> Create with wizard Click Start Create model Model Name: Atlex00Model Configure model fields: Name: uid, Type: ID, Required. Name: first_name: Type: String Name: last_name: Type: String Name: gender: Type: Int Name: age: Type: Int Name: email: Type: Email Configure model table (optional) Table Name: Atlex00ModelTable Primary Key: uid, Sort key: first_name Create resources API configuration API name: atlex00AppSync Your API is almost ready… Updating the schema.
Install AWS CLI My environment WSL Python is installed wiht pyenv. Install aws-cli.
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install Check.
$ aws --version aws-cli/2.0.61 Python/3.7.3 Linux/4.19.104-microsoft-standard exe/x86_64.ubuntu.20 Issue AWS access key Log in to Dashboard. Navigate to IAM. In the left pane, “Access management” -> “Users” Click an user, and go to tab “Security credentials” Access keys -> Create access key. You can get credentials, and don’t forget to save “Secret access key,” or download CSV.