Friday, July 31, 2020

How to properly create a server in aws?

AWS(Amazon Web Services ) is one of the leading cloud service providers. Amazon EC2 (Elastic Compute Cloud) is the most useful and popular service provided by AWS. EC2 is the SAAS (Server as a Service) offered by AWS. EC2 instances are the servers which are maintained by AWS, you need not worry about the underlying hardware and infrastructure, you can focus on configuring the server according to your need.

Today we will cover the following topics.
  1. Creating an IAM user
  2. Scheduling an EC2 instance
  3. Understanding Security Groups 
  4. Serve Static Pages using an EC2 instance
  5. Associate an Elastic IP with EC2 instance
How to create a server in aws

Creating an IAM user

AWS provides IAM (Identity and access management) to maintain user access. AWS strictly says that don't use your root account to perform any action except payment and bill management, also don't give any extra permissions to your user, give only the required ones. It helps to avoid any confusion or problem in case your keys are exposed to the world.
  • Login to your AWS account using your root credentials 
  • From the top menu under Services search for IAM and click on it

    services in aws
  • From the left menu click on Users

  • Click on Add User from the top bar and give your user a name and AWS Management Console access and click on Next:Permissions button.

    create user

  • Select Attach existing policies directly, and search for AmazonEC2FullAccess and attach this policy with your user.

    attach policies
  • Add tags if you want, this helps to categorize the entity later and click on theNext button. 
  • Review your user and click on create once you are satisfied. 
  • In the next screen, you will be able to see the credentials of the user you just created and the URL from which you can access the console. Download the future for future reference because you will not able to see this screen again.

    user credentials
    Congratulations you have successfully created your first AWS user 

Scheduling an EC2 instance 

Before scheduling an EC2 instance you have to understand that there are two types of services 
  1. Global Services: Global services are those which are not bounded in a region like IAM.
  2. Regional Services. : Regional services are those which are bounded to a specific region like EC2. 
In Regional Services selecting the proper region in important to reduce the latency. For example if you are targeting the audience in London and scheduling your server in India, you will face unnecessary delays and costs.
You can change your region from the top left corner

aws region

There are different types of EC2 instances and depending on CPU intensive tasks, memory-intensive tasks, etc and each EC2 instance has difference pricing model depending on the region and resource you are using.

  • Log in to the AWS account with the user you just created and search for EC2 from the services dropdown.
  • Click on Running Instances and then on Launch Instance.
  • In first step you have to select the OS(Operating System) for your server. I am selecting Ubuntu 18.04 but you are free to use any OS according to your need.

    os type
  • Next, you have to select the CPU and RAM required by your server. I am choosing t2.micro because this is the only option in the free tier, But you can choose any server according to your need.
  • Next, You can see the additional setting, review and click on add Storage
  • Then you can add Tags to categorize the server later.
  • Then you will have the most important part of this process Security Group this is the step which will decide the security of your application. For now, just give it a name and allow SSH from your IP only.

  • In free tier, AWS gives you 8 GB of SSD but you can increase it if necessary. Select storage and click on Review and Launch
  • Review the setting and click on Launch. You will be prompted with a popup to select keys.
    These are the keys required to access your server. Create new if you don't have any and remember to save it because you will not able to view these records again.
    And never never never... share it with anyone or make it publicly available.
    Click on launch once you are done.

  • Once you are done you will be able to view your server running in your dashboard.
Congratulations you have scheduled your server successfully 

Understanding Security Groups

Security Groups are the firewall of your server. It will decide what will go inside the server and what will come out from the server. It helps to restrict server access based on ports and IP.
Go to Security Groups from the left side menu and select the security group you just created.

 here you can see mainly two options 
Inbound rules: These are the rules define what type of request from where will go inside the server. Try to keep it as tight as possible. In general, allow port 80 (HTTP)  and 443(HTTPS) to listen from anywhere and open 1 SSH port to access the server and restrict it with your IP address.

Outbound rules: These rules define what will go outside of your server. You can leave it open for the world.

Serve Static pages using EC2 Instance

If you want to serve the static page you first have to access the server. If you are using Linux, Mac, or Windows 10 then it will be easy for you, because both of them support SSH. but if you are using windows prior to Windows 10 you have to use Putty.
 If you are using Linux, Windows 10, or Linux try the following steps to access the server.

Access the server

  • Go to the directory where you stored the keys you downloaded while launching the EC2 instance.
  • Open Terminal and type the following command to change the mode of your key (not required in windows).

    sudo chmod 400 your_key_name.pem

  • Go to your EC2 dashboard and select the instance and then click on Connect on the top 

    connect to ec2
    copy the string and run it in the terminal.
    If you face issues regarding timeout make sure that your current IP is added in the security group, because then only you can access the server.
If everything goes right you should be inside the server.

Running NGINX to serve static pages.

  • Run the following commands to update your EC2 server if you are using ubuntu

    sudo apt-get update
    sudo apt-get upgrade

  • Run the command to install NGINX, a web proxy

    sudo apt-get get install nginx

  • Once it is done you can test it by running the following command

    curl localhost

    if you and HTML page then congratulations, it's working.

  •  Go to the security group and allow HTTP access from anywhere

    allow http in security group
  • Once you are done with that you can access the page with the public IP provided by AWS

    public IP
  • Now to upload your website to the server I will use SCP(Server Copy Protocol)
    sudo scp -i your_key_name.pem -r


    sudo scp -i first_ec2.pem -r

  • Change the owner of file so that Nginx can access this file.

    sudo chown -R www-data:www-data folder_name/
  • Now edit the Nginx Config 

    sudo nano /etc/nginx/sites-available/default

  • Replace the root path to the path of your website folder

    nginx config

    save the changes by Ctrl+ O then Enter then Ctrl + X to exit
  • Restart the Nginx config by 

    sudo service nginx restart

    and its done, Congratulations you have served your website

Associate an Elastic IP with your EC2 instance

By default, the IP provided by AWS will change when you restart your server. AWS provides elastic IPs which are basically static IPs which when associated with an EC2 instance will not change the IPs of your EC2 instance 
AWS provides 5 elastic IPs in a region per account. You can always request more static IPs but if you need more than 5 elastic IPs you should reconsider your architecture.

Steps to associate elastic Ip
  • Go to Elastic IPs from the left menu and click on Associate Elastic Ip address.

Elastic Ips
  • Keep defaults and click on Allocate, to get a static IP
  • From the actions dropdown select Associate Elastic IP
  • From instance choose your AWS EC2 instance  

and its done, Congratulations now you can use this IP to access your website

Thank you for Reading