AWS

Import Free-Tier EC2 instance configuration in CloudFormation

Step 1. Create the CloudFormation YAML file AWSTemplateFormatVersion: '2010-09-09' Description: My Free Tier Parameters: KeyPair: Description: Select KeyPair Name. Type: AWS::EC2::KeyPair::KeyName Resources: DefaultVPC: Type: 'AWS::EC2::VPC' DeletionPolicy: Retain Properties: CidrBlock: '172.31.0.0/16' Tags: - Key: 'Name' Value: 'atlex00-default-VPC' DefaultSubnet: Type: 'AWS::EC2::Subnet' DeletionPolicy: Retain Properties: CidrBlock: '172.31.0.0/20' Tags: - Key: 'Name' Value: 'atlex00-default-subnet' VpcId: !Ref DefaultVPC FreeEC2Instance: Type: 'AWS::EC2::Instance' DeletionPolicy: Delete Properties: ImageId: "ami-05d34d340fb1d89e5" InstanceType: t2.micro SubnetId: !Ref DefaultSubnet BlockDeviceMappings: - DeviceName: '/dev/xvda' Ebs: VolumeType: 'gp2' VolumeSize: 8 Tags: - Key: 'Name' Value: 'free-tier' SecurityGroupIds: - !

CloudFormation - Tutorial with an EC2 instance

Important terminology Stack A stack is a collection of AWS resources that you can manage as a single unit. In other words, you can create, update, or delete a collection of resources by creating, updating, or deleting stacks. Resource Unbreakable components, like an EC2 instances, a routing table, VPC, Lambda function, etc. The form of template file The official document was quite comprehensive for me. Parameters: myparam: Type: String Default: foo .

Terraform - Tutorial

I need to review Terraform sometimes, so I left a tutorial+terminology so that I can recall it quickly. Install https://www.terraform.io/downloads https://learn.hashicorp.com/tutorials/terraform/install-cli On Ubuntu 21: sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add - sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" sudo apt-get update && sudo apt-get install terraform Check: ➜ terraform --version Terraform v1.1.2 on linux_amd64 Configure tab completion.

DynamoDB - quick review of concept and tutorial (hands-on with Python)

Concept TL;DR: DB consists of tables, and items in table have sort of “kay-value”. The main contents (attributes, ~values of key-value) is json. Table In table, we put items. Each items has “attributes”. Every items must have a “partition key (or primary key)” attribute. Each items could have “sort key” attribute. “We can think of the parition as a folder/bucket which contains items. And the sort key orders the items within the folder/bucket.

AWS - Intro with EC2

Install AWS CLI 2 On MacOS https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html#cliv2-mac-install-cmd-all-users % curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" % sudo installer -pkg AWSCLIV2.pkg -target / % aws --version aws-cli/2.0.18 Python/3.7.4 Darwin/19.5.0 botocore/2.0.0dev22 On Linux (Ubuntu) https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html $ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" $ unzip awscliv2.zip $ sudo ./aws/install $ aws --version aws-cli/2.4.6 Python/3.8.8 Linux/5.15.5-76051505-generic exe/x86_64.*** prompt/off ### When you want to update the CLI version ### Download the latest version (zip) and cd ./aws sudo ./install --update Create a CLI access key Login, and go IAM console.

Small tip: Multi aws-cli environment

Motivation If you use multi AWS accounts in your work environment, I hightly recommend to configure your “aws-cli profile” so that you can easily change your aws-cli account. The only thing you need to do when you want to change your aws-cli environment is the option --profile. Very simple. How to configure https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html Check under ~/.aws/. You can configure multi profile.

AWS Network for dummy (me)

Reference I found the good slide which contains good figures to understand AWS network. https://de.slideshare.net/AmazonWebServicesLATAM/aws-vpc-fundamentals-webinar Physical location From the slide 10/58. Region consists of multi AZs (Availability Zone) An AZ consists of AZ-a, AZ-b, AZ-c, etc. AZx (x=a,b,c) consists of data centers The latency within the Region is ~2ms. Logical network VPC: A private network like 172.31.0.0/16 across AZs (AZa, AZb, AZc). VPC subnet: Each AZx is assiend a subnet, like 172.

Cognito - tutorial

First thing you should decide We should decided “User pool” or “Identity pool”. Here is the official blog post about the differences. https://aws.amazon.com/de/premiumsupport/knowledge-center/cognito-user-pools-identity-pools/ In a nut shell, User pools are for authentication (identify verification), and Identity pools are for authorization (access control). I’ll try an User pool. Future scope: integrate with AppSync. Tutorial 1. Create an User pool I followed the link. Very easy. https://docs.aws.amazon.com/cognito/latest/developerguide/tutorial-create-user-pool.html Choose Manage User Pools. Manage User Pools.

AppSync - Tutorial

Getting started Set up Go to AppSync Page. Create API. Getting Started. Customize your API or import from Amazon DynamoDB -> Create with wizard Click Start Create model Model Name: Atlex00Model Configure model fields: Name: uid, Type: ID, Required. Name: first_name: Type: String Name: last_name: Type: String Name: gender: Type: Int Name: age: Type: Int Name: email: Type: Email Configure model table (optional) Table Name: Atlex00ModelTable Primary Key: uid, Sort key: first_name Create resources API configuration API name: atlex00AppSync Your API is almost ready… Updating the schema.

API Gateway as S3 proxy

Overview of the task Here is the official tutorial page. Here is an overview of the tasks. Create a role contains two policies. AmazonAPIGatewayPushToCloudWatchLogs AmazonS3ReadOnlyAccess Create paths with {} braces. This part is regarded as variable. E.g. {folder}. Create method request for the paths. Authorization: using AWS_IAM. request path: {folder} Pre-setting up You should make your own IAM Role which contains two policies below. AmazonAPIGatewayPushToCloudWatchLogs AmazonS3ReadOnlyAccess AmazonAPIGatewayPushToCloudWatchLogs { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Resource": "*" } ] } AmazonS3ReadOnlyAccess