Linux Training in Coimbatore & Best Linux Server Administration Training Institute NUX SOFTWARE SOLUTIONS FREE DEMO CLASSES AVAILABLE Call us 096263 53489
Use AWS official architecture icons available here.
Write a short paragraph giving some background information about the services your lab will use. Reference the AWS Documentation or any other sources that you find online and deem valid.
Break this section into subsections explaining all steps needed to complete the lab. Use screenshots to create visual aids for readers that are new to AWS.
Identity-base polices, as the name suggests, are policies that can be attached to identities (users, groups, or roles). In the scenario for this lab there is an s3 bucket named lab016-bucket that needs to be shared among two users: Lukas and Anita. User Anita should not have access to the confidential folder.
Repeat steps 1 and 2 of lab-013, changing the name of the bucket to lab016-bucket. The bucket's ARN (Amazon Resource Name) should be: arn:aws:s3:::lab016-bucket. Create a folder called confidential and upload the following files using the console:
To create a policy go to IAM - Policies - Create policy.
If an identify has this policy it will have full access to the lab016-bucket s3 bucket. To create this policy you can use the AWS Policy Generator tool or just copy the Lab016BucketAllowAccess file.
If an identify has this policy it will be denied access to folder confidential lab016-bucket s3 bucket. To create this policy you can use the AWS Policy Generator tool or just copy the Lab016BucketAllowAccess file.
To create a user go to IAM - Users - Add user.
Note that only the Lab016BucketAllowAccess policy is attached to user Lukas. Also, make sure to download the credentials for each user and configure an AWS CLI named profile.
Note that both policies, Lab016BucketAllowAccess and Lab016BucketConfidentialFolderDenyAccess, are attached to user Anita.
Once the VPCs and subnets are created, the internet gateway and the EC2 instances are launched and configured, follow the steps described next.
First on the VPC A side:
Then on the VPC B side:
To test the setting, first ssh to the EC2 instance A (the one on VCP A). Then try to ssh to EC2 instance B (the on on VPC B) using its private IP address.
Fargate is a fully managed container service that automatically allocates computing resources to run containers with scaling capabilities. To best understand Amazon's Elastic Container Service let's break it into components:
Note that a cluster can contain tasks that are running on distinct containers.
To start this lab go to ECS and click on Get started. This lab will create a Fargate cluster using the sample-app template.
Select the sample-app container image which has definitions to run a web server using a single task.
For lab you can accept the default settings.
When the configuration is deployed, click on view service.
Benefits of connecting to an instance using Systems Manager:
Create a role named EC2RoleForSystemsManager to be attached to the EC2 instance so it can use the Systems Manager service. Go to IAM - Roles - Create Role. Select AWS Service as the trusted entity (i.e., the entity that can assume the role). Then choose EC2 as the use case. Click Next: Permissions. Next select AmazonSSMFullAccess policy and click Next: Tags and then Next: Review. Conclude by giving a name for your role (EC2RoleForSystemsManager) and a description. Make sure you save the role.
If you choose Amazon Linux 2 AMI it already comes with the SSM agent pre-installed. In step 3 (Configure Instance), make sure to select the IAM role you created previously. Therefore, your EC2 instance will have the ability to use the EC2RoleForSystemsManager role. Because we will be using Systems Manager to connect to our instance, we don't even have to enable ssh access this time.
Create two EC2 instances in different AZs (you can use public subnets). Create an NFS file system using EFS and mount it using one of the EC2 instances. Create some files for testing purposes. Then try to mount and access the file system from the other EC2 instance. Note that the access should work simultaneously.
Make sure your VPC is configured to enable mounting using DNS names. You can do that by going to your VPC's action menu and selecting Edit DNS Resolution and Edit DNS Hostnames. Make sure both are set to Yes.
Create a security group named nfs-access to allow access to the NFS file system to members of the security group.
First Create the security group. 
Then edit its inbound rule to allow access from members of the group. 
Launch two EC2 instances, each on its own AZ. Use the user-data.sh to install Amazon's EFS utility package. Make sure your instances are members of the nfs-access security group and are also accessed via ssh.
Go to Storage - EFS and click Create file sytem.
Copy the EFS file system ID.
Access one of the EC2 instances using ssh. Create a folder to be the mounting point (let's say data). Then using your EFS file system ID (mine was fs-9ee0b987) issue the command:
sudo mount -t efs fs-9ee0b987:/ data
You should be able to access the file system. Create a few testing files.