4

○ Microsoft Azure Virtual Machines - Offers scalable

computing resources hosted in Microsoft's data
centres.
○ Google Cloud Compute Engine - Allows users to run
virtual machines on Google's infrastructure.

2. Platform as a Service (PaaS) :-

● PaaS delivers a platform allowing customers to develop,

run, and manage applications without dealing with the
underlying infrastructure. It includes development tools,
databases, middleware, and more.
● Examples :
○ Heroku - Enables developers to build, run, and scale
applications using various programming languages.
○ Google App Engine - Provides a platform for building
and hosting web applications on Google's
infrastructure.
○ Microsoft Azure App Service - Offers a fully managed
platform for building, deploying, and scaling web
apps.

3. Software as a Service (SaaS) :-

● SaaS delivers software applications over the internet on a

subscription basis. Users access applications via a web
browser without needing to install or manage the software
locally.
● Examples :
○ Salesforce - Provides customer relationship
management (CRM) software accessible via the
web.
○ Google Workspace (formerly G Suite) - Offers a suite
of productivity and collaboration tools including
Gmail, Docs, Sheets, and more.
○ Microsoft 365 - Includes applications like Word,
Excel, PowerPoint, Outlook, etc., accessed through
the cloud.
 5

2. Introduction to AWS IAM

Ans :
● AWS Identity and Access Management (IAM) is a web service that
enables Amazon Web Services (AWS) customers to manage users and
user permissions in AWS. With IAM, you can centrally manage users,
security credentials such as access keys, and permissions that control
which AWS resources users can access.
● Topics Covered :-
➔ Exploring pre-created IAM Users and Groups
➔ Inspecting IAM policies as applied to the pre-created groups
➔ Following a real-world scenario, adding users to groups with
specific capabilities enabled
➔ Locating and using the IAM sign-in URL
➔ Experimenting with the effects of policies on service access

Accessing the AWS Management Console

1. Choose Start Lab to launch your lab.

2. Wait until you see the message "Lab status: ready", then click the X to
close the Start Lab panel
3. Choose AWS - This will open the AWS Management Console in a new
browser tab. The system will automatically log you in.
4. Arrange the AWS Management Console tab so that it displays
alongside these instructions.

Task 1 : Explore the Users and Groups

5. In the AWS Management Console, on the Services menu, select IAM.

6. In the navigation pane on the left, choose Users.
➔ The following IAM Users have been created for you :
● user-1
● user-2
● user-3
7. Choose user-1.
➔ This will bring to a summary page for user-1. The Permissions tab
will be displayed.
8. Notice that user-1 does not have any permissions.
9. Choose the Groups tab.
➔ user-1 also is not a member of any groups.
 6

10. Choose the Security credentials tab.

➔ user-1 is assigned a Console password
11. In the navigation pane on the left, choose User groups.
➔ The following groups have already been created for you :
● EC2-Admin
● EC2-Support
● S3-Support
12. Choose the EC2-Support group.
➔ This will bring you to the summary page for the EC2-Support
group.
13. Choose the Permissions tab.
14. Choose the plus (+) icon next to the
AmazonEC2ReadOnlyAccess policy to view the policy details.
➔ The basic structure of the statements in an IAM Policy is :
● Effect says whether to Allow or Deny the permissions.
● Action specifies the API calls that can be made against an
AWS Service (eg cloudwatch:ListMetrics).
● Resource defines the scope of entities covered by the
policy rule (eg a specific Amazon S3 bucket or Amazon
EC2 instance, or * which means any resource).
15. Choose the minus icon (-) to hide the policy details.
16. In the navigation pane on the left, choose User groups.
17. Choose the S3-Support group and then choose the Permissions
tab.
➔ The S3-Support group has the AmazonS3ReadOnlyAccess policy
attached.
18. Choose the plus (+) icon to view the policy details.
➔ This policy grants permissions to Get and List resources in
Amazon S3.
19. Choose the minus icon (-) to hide the policy details.
20. In the navigation pane on the left, choose User groups.
21. Choose the EC2-Admin group and then choose the Permissions
tab.
➔ This Group is slightly different from the other two. Instead of a
Managed Policy, it has an Inline Policy, which is a policy assigned
to just one User or Group. Inline Policies are typically used to
apply permissions for one-off situations.
22. Choose the plus (+) icon to view the policy details.
 7

➔ This policy grants permission to view (Describe) information about

Amazon EC2 and also the ability to Start and Stop instances.
23. Choose the minus icon (-) to hide the policy details.

Task 2 : Add Users to Groups

24. In the left navigation pane, choose User groups.

25. Choose the S3-Support group.
26. Choose the Users tab.
27. In the Users tab, choose Add users.
28. In the Add Users to S3-Support window, configure the following :
● Select user-1.
● At the bottom of the screen, choose Add Users.
29. In the Users tab you will see that user-1 has been added to the
group.

Add user-2 to the EC2-Support Group

30. Using similar steps to the ones above, add user-2 to the EC2-
Support group.
➔ user-2 should now be part of the EC2-Support group.

Add user-3 to the EC2-Admin Group

31. Using similar steps to the ones above, add user-3 to the EC2-
Admin group.
 8

➔ user-3 should now be part of the EC2-Admin group

32. In the navigation pane on the left, choose User groups.
➔ Each Group should now have a 1 in the Users column for the
number of Users in each Group.

Task 3: Sign-In and Test Users

33. In the navigation pane on the left, choose Dashboard.
➔ An IAM user's sign-in link is displayed on the right. It will look
similar to: https://123456789012.signin.aws.amazon.com/console
34. Copy the Sign-in URL for IAM users in this account to a text
editor.
35. Open a private (Incognito) window.
➔ Mozilla Firefox
● Choose the menu bars at the top-right of the screen
● Select New private window
➔ Google Chrome
● Choose the ellipsis at the top-right of the screen
● Select New Incognito Window
➔ Microsoft Edge
● Choose the ellipsis at the top-right of the screen
● Choose New InPrivate window
➔ Microsoft Internet Explorer
● Choose the Tools menu option
● Choose InPrivate Browsing
36. Paste the IAM users sign-in link into the address bar of your
private browser session and press Enter.
 9

➔ Next, you will sign-in as user-1, who has been hired as your
Amazon S3 storage support staff.
37. Sign-in with :
● IAM user name: user-1
● Password: Lab-Password1
38. In the Services menu, choose S3.
39. Choose the name of the bucket that exists in the account and
browse the contents.
40. In the Services menu, choose EC2.
41. In the left navigation pane, choose Instances.
➔ You will now sign-in as user-2, who has been hired as your
Amazon EC2 support person.
42. Sign user-1 out of the AWS Management Console by completing
the following actions :
➔ At the top of the screen, choose user-1
➔ Choose Sign Out
43. Paste the IAM users sign-in link into your private browser tab's
address bar and press Enter.
➔ Note : This link should be in your text editor.
44. Sign-in with :
● IAM user name: user-2
● Password: Lab-Password2
45. In the Services menu, choose EC2.
46. In the navigation pane on the left, choose Instances.
➔ Select the instance named LabHost.
47. In the Instance state menu above, select Stop instance.
48. In the Stop Instance window, select Stop.
49. Choose the X to close the Failed to stop the instance message.
➔ Next, check if user-2 can access Amazon S3.
50. In the Services, choose S3.
➔ You will see the message You don't have permissions to list
buckets because user-2 does not have permission to access
Amazon S3.
➔ You will now sign-in as user-3, who has been hired as your
Amazon EC2 administrator.
51. Sign user-2 out of the AWS Management Console by completing
the following actions :
➔ At the top of the screen, choose user-2
➔ Choose Sign Out
 10

52. Paste the IAM users sign-in link into your private window and
press Enter.
53. Paste the sign-in link into the address bar of your private web
browser tab again. If it is not in your clipboard, retrieve it from the text
editor where you stored it earlier.
54. Sign-in with :
● IAM user name: user-3
● Password: Lab-Password3
55. In the Services menu, choose EC2.
56. In the navigation pane on the left, choose Instances.
➔ As an EC2 Administrator, you should now have permissions to
Stop the Amazon EC2 instance.
➔ Select the instance named LabHost .
57. In the Instance state menu, choose Stop instance.
58. In the Stop instance window, choose Stop.
➔ The instance will enter the stopping state and will shut down.
59. Close your private browser window
 11

3. Build Your VPC and Launch a Web Server

Ans :

1. choose Start Lab to launch your lab.

2. see the message "Lab status: ready", then choose the X to close the
Start Lab panel.
3. At the top of these instructions, choose AWS
4. Arrange the AWS Management Console tab

Task 1: Create Your VPC

5. In the search box to the right of Services, search for and choose VPC to
open the VPC console.
6. Begin creating a VPC.
➔ In the top right of the screen, verify that N. Virginia (us-east-1) is
the region.
➔ Choose the VPC dashboard link which is also towards the top left
of the console.
➔ Next, choose Create VPC.
7. Configure the VPC details in the VPC settings panel on the left :
➔ Choose VPC and more.
➔ Under Name tag auto-generation, keep Auto-generate selected,
however change the value from project to lab.
➔ Keep the IPv4 CIDR block set to 10.0.0.0/16
➔ For Number of Availability Zones, choose 1.
➔ For Number of public subnets, keep the 1 setting.
➔ For Number of private subnets, keep the 1 setting.
➔ Expand the Customise subnets CIDR blocks section
● Change Public subnet CIDR block in us-east-1a to
10.0.0.0/24
● Change Private subnet CIDR block in us-east-1a to
10.0.1.0/24
 12

➔ Set NAT gateways to In 1 AZ.

➔ Set VPC endpoints to None.
➔ Keep both DNS hostnames and DNS resolution enabled.
8. In the Preview panel on the right, confirm the settings you have
configured.
● VPC: lab-vpc
● Subnets:
➔ us-east-1a
◆ Public subnet name: lab-subnet-public1-us-east-1a
◆ Private subnet name: lab-subnet-private1-us-east-1a
● Route tables
➔ lab-rtb-public
➔ lab-rtb-private1-us-east-1a
● Network connections
➔ lab-igw
➔ lab-nat-public1-us-east-1a
9. At the bottom of the screen, choose Create VPC
10. Once it is complete, choose View VPC

Task 2: Create Additional Subnets

11.
In the left navigation pane, choose Subnets.
12. ➔ First, you will create a second public subnet.
Choose Create subnet then configure :
● VPC ID: lab-vpc (select from the menu).
● Subnet name: lab-subnet-public2
 13

● Availability Zone: Select the second Availability Zone (for

example, us-east-1b)
● IPv4 CIDR block: 10.0.2.0/24
➔ The subnet will have all IP addresses starting with 10.0.2.x.
13. Choose Create subnet
➔ The second public subnet was created. You will now create a
second private subnet.
14. Choose Create subnet then configure :
● VPC ID: lab-vpc
● Subnet name: lab-subnet-private2
● Availability Zone: Select the second Availability Zone (for
example, us-east-1b)
● IPv4 CIDR block: 10.0.3.0/24
➔ The subnet will have all IP addresses starting with 10.0.3.x.
15. Choose Create subnet
➔ The second private subnet was created.
16. In the left navigation pane, choose Route tables
17. Select the lab-rtb-private1-us-east-1a route table.
18. In the lower pane, choose the Routes tab.
19. Choose the Subnet associations tab.
20. In the Explicit subnet associations panel, choose Edit subnet
associations
21. Leave lab-subnet-private1-us-east-1a selected, but also select
lab-subnet-private
22. Choose Save associations
23. Select the lab-rtb-public route table (and deselect any other
subnets).
24. In the lower pane, choose the Routes tab
25. Choose the Subnet associations tab.
26. In the Explicit subnet associations area, choose Edit subnet
association
27. Leave lab-subnet-public1-us-east-1a selected, but also select lab-
subnet-public2.
28. Choose Save associations
 14

Task 3: Create a VPC Security Group

29.
30. In the left navigation pane, choose Security groups.
Choose Create security group and then configure :
● Security group name: Web Security Group
● Description: Enable HTTP access
● VPC: choose the X to remove the currently selected VPC,
then from the drop down list choose lab-vpc
31. In the Inbound rules pane, choose Add rule.
32. Configure the following settings :
● Type: HTTP
● Source: Anywhere-IPv4
● Description: Permit web requests
33. Scroll to the bottom of the page and choose Create security group
➔ You will use this security group in the next task when launching
an Amazon EC2 instance.
 15

Task 4: Launch a Web Server Instance

34. In the search box to the right of Services, search for and choose
EC2 to open the EC2 console.
35. From the Launch instance menu choose Launch instance.
36. Name the instance :
➔ Give it the name Web Server 1
37. Choose an AMI from which to create the instance :
➔ In the list of available Quick Start AMIs, keep the default Amazon
Linux selected.
➔ Also keep the default Amazon Linux 2023 AMI selected.
● The type of Amazon Machine Image (AMI) you choose
determines the Operating System that will run on the EC2
instance that you launch.
38. Choose an Instance type :
➔ In the Instance type panel, keep the default t2.micro selected.
● The Instance Type defines the hardware resources
assigned to the instance.
39. Select the key pair to associate with the instance :
➔ From the Key pair name menu, select vockey
40. Configure the Network settings :
➔ Next to Network settings, choose Edit, then configure :
● Network: lab-vpc
● Subnet: lab-subnet-public2 (not Private!)
● Auto-assign public IP: Enable
 16

➔ Next, you will configure the instance to use the Web Security
Group that you created earlier.
● Under Firewall (security groups), choose Select existing
security group.
● For Common security groups, select Web Security Group.
This security group will permit HTTP access to the
instance.
41. In the Configure storage section, keep the default settings.
42. Configure a script to run on the instance when it launches :
➔ At the bottom of the Summary panel on the right side of the
screen choose Launch instance
43. At the bottom of the Summary panel on the right side of the
screen choose Launch instance
➔ You will see a Success message.
44. Choose View all instances
➔ Wait until Web Server 1 shows 2/2 checks passed in the Status
check column.
➔ Select Web Server 1.
45. Copy the Public IPv4 DNS value shown in the Details tab at the
bottom of the page.
46. Open a new web browser tab, paste the Public DNS value and
press Enter.
47. Choose End Lab at the top of this page and then choose Yes to
confirm that you want to end the lab.
48. Choose the X in the top right corner to close the panel.
 17

4. Introduction to Amazon EC2

Ans :

1. choose Start Lab to launch your lab.

2. see the message "Lab status: ready", then choose the X to close the
Start Lab panel.choose AWS
3. This will open the AWS Management Console in a new browser tab.
The system will automatically log you in
4. Arrange the AWS Management Console tab

Task 1: Launch Your Amazon EC2 Instance

5. In the AWS Management Console choose Services, choose Compute

and then choose EC2.
6. Choose the Launch instance menu and select Launch instance.
 18

Step 1: Name and tags

7. Give the instance the name Web Server.

Step 2: Application and OS Images (Amazon Machine Image)

8. In the list of available Quick Start AMIs, keep the default Amazon Linux
AMI selected.
9. Also keep the default Amazon Linux 2023 AMI selected.
➔ An Amazon Machine Image (AMI) provides the information
required to launch an instance, which is a virtual server in the
cloud. An AMI includes :
In
10.the Instance type panel, keep the default t2.micro selected.

Step 3: Key pair (login)

11.
For Key pair name - required, choose vockey.

Step 4: Network settings

12. Next to Network settings, choose Edit.

13. For VPC, select Lab VPC.
14. Under Firewall (security groups), choose Create security group
and configure :
● Security group name: Web Server security group
● Description: Security group for my web server

Step 5: Configure storage

15. In the Configure storage section, keep the default settings.

➔ Amazon EC2 stores data on a network-attached virtual disk called
Elastic Block Store

Step 6: Advanced details

16. Expand Advanced details.

17. For Termination protection, select Enable.
18. Scroll to the bottom of the page and then copy and paste the
code shown below into the User data box:
 19

Step 7: Launch the instance

19. At the bottom of the Summary panel on the right side of the
screen choose Launch instance
20. Choose View all instances
➔ In the Instances list, select Web Server.
➔ Review the information displayed in the Details tab. It includes
information about the instance type, security settings and network
settings.
➔ The instance is assigned a Public IPv4 DNS that you can use to
contact the instance from the Internet.
➔ To view more information, drag the window divider upwards.
➔ At first, the instance will appear in a Pending state, which means
it is being launched. It will then change to Initializing, and finally to
Running.
21. Wait for your instance to display the following :
● Instance State: Running
● Status Checks: 2/2 checks passed

Task 2: Monitor Your Instance

22. Choose the Status checks tab.

23. Choose the Monitoring tab.
24. In the Actions menu towards the top of the console, select
Monitor and troubleshoot Get system log.
 20

25. Scroll through the output and note that the HTTP package was
installed from the user data that you added when you created the
instance.
26. Choose Cancel.
27. Ensure Web Server is still selected. Then, in the Actions menu,
select Monitor and troubleshoot Get instance screenshot.
28. Choose Cancel.

Task 3: Update Your Security Group and Access the Web Server

29. Ensure Web Server is still selected. Choose the Details tab.
30. Copy the Public IPv4 address of your instance to your clipboard. 31.
Open a new tab in your web browser, paste the IP address you
just copied, then press Enter
32. Keep the browser tab open, but return to the EC2 Console tab. 33. In
the left navigation pane, choose Security Groups.
34. Select Web Server security group.
35. Choose the Inbound rules tab.
➔ The security group currently has no inbound rules.
36. Choose Edit inbound rules, select Add rule and then configure :
● Type: HTTP
● Source: Anywhere-IPv4
● Choose Save rules
 21

37. Return to the web server tab that you previously opened and
refresh the page.
➔ You should see the message Hello From Your Web Server!

Task 4: Resize Your Instance

38. On the EC2 Management Console, in the left navigation pane,

choose Instances.
➔ Web Server should already be selected.
39. In the Instance State menu, select Stop instance.
40. Choose Stop
41. Wait for the Instance state to display: Stopped.

Change The Instance Type

42. In the Actions menu, select Instance settings Change instance

type, then configure :
● Instance Type: t2.small
● Choose Apply

Resize the EBS Volume

43. With the Web Server instance still selected, choose the Storage
tab, select the name of the Volume ID, then select the checkbox next to
the volume that displays.
44. In the Actions menu, select Modify volume.
➔ The disk volume currently has a size of 8 GiB. You will now
increase the size of this disk.
45. Change the size to: 10 NOTE: You may be restricted from
creating large Amazon EBS volumes in this lab.
46. Choose Modify
47. Choose Modify again to confirm and increase the size of the
volume.

Start the Resized Instance

48. In the left navigation pane, choose Instances.

49. Select the Web Server instance.
50. In the Instance state menu, select Start instance.
 22

Task 5: Explore EC2 Limits

51. In the AWS Management Console, in the search box next to

Services, search for and choose Service Quotas
52. Choose AWS services from the navigation menu and then in the
AWS services Find services search bar, search for ec2 and choose
Amazon Elastic Compute Cloud (Amazon EC2).
53. In the Find quotas search bar, search for running on-demand, but
do not make a selection. Instead, observe the filtered list of service
quotas that match the criteria.

Task 6: Test Termination Protection

54. In the AWS Management Console, in the search box next to

Services, search for and choose EC2 to return to the EC2 console.
55. In the left navigation pane, choose Instances.
56. Select the Web Server instance and in the Instance state menu,
select Terminate instance.
57. Then choose Terminate
58. In the Actions menu, select Instance settings Change termination
protection.
59. In the Actions menu, select Instance settings Change termination
protection.
60. Remove the check next to Enable.
61. Choose Save
➔ You can now terminate the instance.
62. Select the Web Server instance again and in the Instance state
menu, select Terminate instance.
63. Choose Terminate
64. Choose End Lab at the top of this page and then choose Yes to
confirm that you want to end the lab.
65. Choose the X in the top right corner to close the panel.
 23

5. a) Explain about AWS EBS and AWS S3 and what their uses
Ans :
Amazon EBS (Elastic Block Store) :-

Purpose :

● Amazon EBS provides persistent block-level storage volumes that can

be attached to Amazon EC2 instances. These volumes act like hard
drives and are used for storing data that requires frequent and low-
latency access within AWS infrastructure.

Key Features and Uses :

● Block Storage - EBS offers block-level storage volumes that can be

attached to EC2 instances. These volumes can be formatted with a file
system and used like physical hard drives.
● Persistence - Data stored in EBS volumes persists even after the
associated EC2 instance is stopped or terminated.
● Snapshots - EBS allows users to create point-in-time snapshots of
volumes for backup, replication, and disaster recovery purposes.
● Use Cases - EBS is commonly used for databases, applications that
require specific I/O performance, and situations where data needs to
persist beyond the life of an EC2 instance.

Amazon EBS (Elastic Block Store) :-

 24

Purpose :

● Amazon S3 is an object storage service designed to store and retrieve

large amounts of unstructured data from anywhere on the web. It's
highly scalable, durable, and accessible via HTTP/HTTPS.

Key Features and Uses :

● Object Storage - S3 stores data as objects in buckets. Each object

consists of the data itself, metadata, and a unique key.
● Scalability and Durability - S3 offers high scalability and durability,
making it suitable for storing vast amounts of data reliably.
● Various Storage Classes - S3 provides different storage classes, such
as Standard, Infrequent Access (IA), Glacier, etc., each optimized for
different access patterns and cost requirements.
● Use Cases - S3 is used for data backup, archival, data lakes, content
distribution, hosting static websites, as well as being a storage backend
for applications that require scalable and durable storage.

b) Difference between AWS S3 and AWS EBS Ans

:

AWS S3 AWS EBS

The AWS S3 Full form is Amazon The AWS EBS full form is Amazon
Simple Storage Service Elastic Block Store
AWS S3 is an object storage service It is easy to use.
that helps the industry in scalability,
data availability, security, etc.
AWS S3 is used to store and protect It has high-performance block
any amount of data for a range of storage at every scale
use cases.
AWS S3 can be used to store data It is scalable.
lakes, websites, mobile applications,
backup and restore big data
 25

analytics. , enterprise applications,

IoT devices, archives etc.
AWS S3 also provides management It is also used to run relational or
features NoSQL databases

6. Build Your DB Server and Interact With Your DB Using an App

Ans :
1. choose Start Lab to launch your lab.
2. see the message "Lab status: ready", then choose the X to close the
Start Lab panel.
3. choose AWS
➔ This will open the AWS Management Console in a new browser
tab.
4. Arrange the AWS Management Console tab so that it displays
alongside these instructions.

Task 1: Create a Security Group for the RDS DB Instance

5. In the AWS Management Console, on the Services menu, choose VPC. 6.

In the left navigation pane, choose Security Groups.
7. Choose Create security group and then configure :
● Choose Create security group and then configure:Security group
name: DB Security Group
● Description: Permit access from Web Security Group
● VPC: Lab VPC
8. In the Inbound rules pane, choose Add rule
9. Configure the following settings :
● Type: MySQL/Aurora (3306)
● CIDR, IP, Security Group or Prefix List: Type sg and then select
Web Security Group.
10. Choose Create security group
 26

➔ You will use this security group when launching the Amazon RDS
database

Task 2 : Create a DB Subnet Group

11. On the Services menu, choose RDS.

12. In the left navigation pane, choose Subnet groups.
13. Choose Create DB Subnet Group then configure :
● Name: DB-Subnet-Group
● Description: DB Subnet Group
● VPC: Lab VPC
14. Scroll down to the Add Subnets section.
15. Expand the list of values under Availability Zones and select the
first two zones: us-east-1a and us-east-1b.
16. Expand the list of values under Subnets and select the subnets
associated with the CIDR ranges 10.0.1.0/24 and 10.0.3.0/24.
➔ These subnets should now be shown in the Subnets selected
table.
17. Choose Create
 27

Task 3 : Create an Amazon RDS DB Instance

18. In the left navigation pane, choose Databases.

19. Choose Create database
➔ If you see Switch to the new database creation flow at the top of
the screen, please choose it.
20. Select MySQL under Engine Options.
21. Under Templates choose Dev/Test.
22. Under Availability and durability choose Multi-AZ DB instance.
23. Under Settings, configure:DB instance identifier: lab-db
● Master username: main
● Master password: lab-password
● Confirm password: lab-password
24. Under DB instance class, configure :
➔ Select Burstable classes (includes t classes).
➔ Select db.t3.micro
25. Under Storage, configure :
● Storage type: General Purpose (SSD)
● Allocated storage: 20
Under Connectivity, configure :
26.
● Virtual Private Cloud (VPC): Lab VPC
27. Under Existing VPC security groups, from the dropdown list :
➔ Choose DB Security Group.
➔ Deselect default.
Expand Additional configuration, then configure :
28.
● Initial database name: lab
 28

● Uncheck Enable automatic backups.

● Uncheck Enable encryption
● Uncheck Enable Enhanced monitoring.
29. Choose Create database
30. Choose lab-db (choose the link itself).
31. Wait until Info changes to Modifying or Available.
32. Scroll down to the Connectivity & security section and copy the
Endpoint field.
33. Paste the Endpoint value into a text editor. You will use it later in
the lab.

Task 4 : Interact with Your Database

34. To copy the WebServer IP address, choose on the Details drop
down menu above these instructions, and then choose Show.
35. Open a new web browser tab, paste the WebServer IP address
and press Enter.
➔ The web application will be displayed, showing information about
the EC2 instance.
36. Choose the RDS link at the top of the page.
➔ You will now configure the application to connect to your
database.
37. Configure the following settings :
● Endpoint: Paste the Endpoint you copied to a text editor
earlier
● Database: lab
● Username: main
● Password: lab-password
 29

● Choose Submit
➔ A message will appear explaining that the application is running a
command to copy information to the database. After a few
seconds the application will display an Address Book.
➔ The Address Book application is using the RDS database to store
information.
38. Test the web application by adding, editing and removing
contacts.
➔ The data is being persisted to the database and is automatically
replicating to the second Availability Zone.
39. Choose End Lab at the top of this page and then choose Yes to
confirm that you want to end the lab.
40. Choose the X in the top right corner to close the panel

7. Scale and Load Balance Your Architecture Ans

:
1. choose Start Lab to launch your lab.
2. see the message "Lab status: in creation", then choose the X to close
the Start Lab panel.
3. At the top of these instructions, choose AWS
➔ This will open the AWS
4. Arrange the AWS Management Console tab so that it displays
alongside these instructions.

Task1 : Create an AMI for Auto Scaling

5. In the AWS Management Console, in the search box next to Services ,

search for and select EC2.
6. In the left navigation pane, choose Instances
 30

7. Wait until the Status Checks for Web Server 1 displays 2/2 checks
passed. If necessary, choose refresh to update the status.
8. Select Web Server 1.
9. In the Actions menu, choose Image and templates > Create image, then
configure :
● Image name: WebServerAMI
● Image description: Lab AMI for Web Server
10. Choose Create image
➔ A confirmation banner displays the AMI ID for your new AM

Task 2 : Create a Load Balancer

11.
In the left navigation pane, choose Target Groups.
● Choose Create target group
● Choose a target type: Instances
● Target group name, enter: LabGroup
● Select Lab VPC from the VPC drop-down menu.
12. Choose Next. The Register targets screen appears.
13. Review the settings and choose Create target group
14. In the left navigation pane, choose Load Balancers.
15. At the top of the screen, choose Create load balancer.
➔ Several different types of load balancer are displayed. You will be
using an Application
Under Application Load Balancer, choose Create
16.
Under Load balancer name, enter: LabELB
17.
Scroll down to the Network mapping section, then :
18.
 31

● For VPC, choose Lab VPC

● You will now specify which subnets the Load Balancer should
use. The load balancer will be internet facing, so you will select
both Public Subnets.
● Choose the first displayed Availability Zone, then select Public
Subnet 1 from the Subnet drop down menu that displays beneath
it.
● Choose the second displayed Availability Zone, then select Public
Subnet 2 from the Subnet drop down menu that displays beneath
it.
○ You should now have two subnets selected: Public Subnet
1 and Public Subnet 2.
19. In the Security groups section :
● Choose the Security groups drop down menu and select Web
Security Group
● Below the drop down menu, choose the X next to the default
security group to remove it.
○ The Web Security Group security group should now be the
only one that appears.
20. For the Listener HTTP:80 row, set the Default action to forward to
LabGroup.
21. Scroll to the bottom and choose Create load balancer
➔ The load balancer is successfully created.
● Choose View load balancer
○ The load balancer will show a state of provisioning. There
is no need to wait until it is ready. Please continue with the
next task.
 32

Task 3 : Create a Launch Template and an Auto Scaling Group

22. In the left navigation pane, choose Launch Templates.

23. Choose Create launch template
24. Configure the launch template settings and create it :
● Launch template name: LabConfig
● Under Auto Scaling guidance, select Provide guidance to help me
set up a template that I can use with EC2 Auto Scaling
● In the Application and OS Images (Amazon Machine Image) area,
choose My AMIs.
● Amazon Machine Image (AMI): choose Web Server AMI
● Instance type: choose t2.micro
● Key pair name: choose vockey
● Firewall (security groups): choose Select existing security group
● Security groups: choose Web Security Group
● Scroll down to the Advanced details area and expand it.
● Scroll down to the Detailed CloudWatch monitoring setting. Select
Enable
○ Note: This will allow Auto Scaling to react quickly to
changing utilization.
● Choose Create launch template
○ Next, you will create an Auto Scaling group that uses this
launch template.
25. In the Success dialog, choose the LabConfig launch template.
26. From the Actions menu, choose Create Auto Scaling group
27. Configure the details in Step 1 (Choose launch template or
configuration) :
● Auto Scaling group name: Lab Auto Scaling Group
● Launch template: confirm that the LabConfig template you
just created is selected.
● Choose Next
28. Configure the details in Step 2 (Choose instance launch options) :
● VPC: choose Lab VPC
● Availability Zones and subnets: Choose Private Subnet 1
and then choose Private Subnet 2.
● Choose Next
29. Configure the details in Step 3 (Configure advanced options) :
● Choose Attach to an existing load balancer
○ Existing load balancer target groups: select LabGroup.
 33

● In the Additional settings pane:

○ Select Enable group metrics collection within CloudWatch
● This will capture metrics at 1-minute intervals, which allows Auto
Scaling to react quickly to changing usage patterns.
● Choose Next
30. Configure the details in Step 4 (Configure group size and scaling
policies - optional) :
● Under Group size, configure :
○ Desired capacity: 2
○ Minimum capacity: 2
○ Maximum capacity: 6
■ This will allow Auto Scaling to automatically
add/remove instances, always keeping between 2
and 6 instances running.
● Under Scaling policies, choose Target tracking scaling policy and
configure :
○ Scaling policy name: LabScalingPolicy
○ Metric type: Average CPU Utilization
○ Target value: 60
■ This tells Auto Scaling to maintain an average CPU
utilization across all instances at 60%. Auto Scaling
will automatically add or remove capacity as required
to keep the metric at, or close to, the specified target
value. It adjusts to fluctuations in the metric due to a
fluctuating load pattern.
● Choose Next
31. Configure the details in Step 5 (Add notifications - optional) :
➔ Auto Scaling can send a notification when a scaling event takes
place. You will use the default settings.
◆ Choose Next
32. Configure the details in Step 6 (Add tags - optional) :
➔ Tags applied to the Auto Scaling group will be automatically
propagated to the instances that are launched.
● Choose Add tag and Configure the following :
○ Key: Name
○ Value: Lab Instance
33. Configure the details in Step 6 (Review) :
➔ Review the details of your Auto Scaling group
● Choose Create Auto Scaling group
 34

○ Your Auto Scaling group will initially show an

instance count of zero, but new instances will be
launched to reach the Desired count of 2 instances.

Task 4 : Verify that Load Balancing is Working

34.
In the left navigation pane, choose Instances.
➔ You should see two new instances named Lab Instance. These
were launched by Auto Scaling.
➔ If the instances or names are not displayed, wait 30 seconds and
choose refresh in the top-right.
➔
Next, you will confirm that the new instances have passed their
Health Check.
35. In the left navigation pane, choose Target Groups.
36. Select LabGroup
37. Choose the Targets tab.
➔ Two target instances named Lab Instance should be listed in the
target group.
38. Wait until the Status of both instances transitions to healthy.
➔ Choose Refresh in the upper-right to check for updates if
necessary.
➔ Healthy indicates that an instance has passed the Load
Balancer's health check. This means that the Load Balancer will
send traffic to the instance.
➔ You can now access the Auto Scaling group via the Load
Balancer.
 35

39. In the left navigation pane, choose Load Balancers.

40. Select the LabELB load balancer.
41. In the Details pane, copy the DNS name of the load balancer,
making sure to omit "(A Record)".
➔ It should look similar to: LabELB-1998580470.us-west-
2.elb.amazonaws.com
42. Open a new web browser tab, paste the DNS Name you just
copied, and press Enter.
➔ The application should appear in your browser. This indicates that
the Load Balancer received the request, sent it to one of the EC2
instances, then passed back the result.

Task 5 : Test Auto Scaling

43. Return to the AWS Management Console, but do not close the
application tab - you will return to it soon.
44. In the search box next to Services , search for and select
CloudWatch.
45. In the left navigation pane, choose All alarms.
● On the Services menu, choose EC2.
○ In the left navigation pane, choose Auto Scaling Groups.
○ Select Lab Auto Scaling Group.
○ In the bottom half of the page, choose the Automatic
Scaling tab.
○ Select LabScalingPolicy.
○ Choose Actions and Edit.
○ Change the Target Value to 50.
○ Choose Update
○ On the Services menu, choose CloudWatch.
○ In the left navigation pane, choose All alarms and verify you
see two alarms.
46. Choose the OK alarm, which has AlarmHigh in its name.
47. Return to the browser tab with the web application.
48. Choose Load Test beside the AWS logo.
49. Return to the browser tab with the CloudWatch console.
➔ In less than 5 minutes, the AlarmLow alarm should change to OK
and the AlarmHigh alarm status should change to In alarm.
50. Wait until the AlarmHigh alarm enters the In alarm state.
51. In the search box next to Services , search for and select EC2.
52. In the left navigation pane, choose Instances.
 36

Task 6 : Terminate Web Server 1

53. Select Web Server 1 (and ensure it is the only instance selected).
54. In the Instance state menu, choose Instance State > Terminate
Instance.
55. Choose Terminate
56. Choose End Lab at the top of this page and then choose Yes to
confirm that you want to end the lab.
➔ A panel will appear, indicating that "DELETE has been initiated...
You may close this message box now."
57. Choose the X in the top right corner to close the panel.
 37

8. Static Website
Ans :

● Creating a static website on AWS involves a few steps. In this example,

I'll guide you through the process of hosting a simple static website
using Amazon S3 (Simple Storage Service) and using Amazon Route
53 for domain registration and management. Here's a step-by-step
guide :

1. Create an S3 Bucket for Your Website :-

● Sign in to the AWS Management Console :

○ Navigate to the AWS Management Console.
○ Sign in or create an AWS account if you don't have one.
● Go to Amazon S3 :
○ In the AWS Management Console, find the "S3" service.
● Create a new bucket :
○ Click the "Create bucket" button.
○ Choose a unique name for your bucket (this will be part of
your website's URL).
○ Select a region for your bucket.
 38

● Configure options :
○ Set the bucket properties, such as versioning, logging, and
tags.
● Set permissions :
○ Configure bucket permissions. For a public website, you'll
need to make your bucket and its contents public.
○ Go to the "Permissions" tab and add a bucket policy
allowing public access. Example policy:

2. Upload Your Website Files to the S3 Bucket :-

● Go to the bucket :
○ Once the bucket is created, go to the "Overview" tab.
● Upload your website files :
○ Click the "Upload" button.
○ Add your HTML, CSS, JS, and other files.
● Make files public :
○ Select all files, click "Actions," and then choose "Make
public."

3. Configure S3 Bucket for Static Website Hosting :-

● In the S3 console, go to the "Properties" tab :

○ Under the "Static website hosting" section, click "Edit."
○ Enable "Static website hosting."
● Set the index document :
○ Specify the index document (e.g., index.html).
● Save changes.
4. Set Up a Domain with Amazon Route 53 (Optional) :-

● Go to Route 53 :
○ In the AWS Management Console, find the "Route 53"
service.
● Register a domain (if you haven't already) :
○ Follow the steps to register a new domain.
● Create a record set :
○ In your hosted zone, create a new record set.
○ Choose "Alias" and select your S3 bucket endpoint from
the list.
 39

● Save changes.
5. Access Your Static Website :-

● Once everything is set up, your static website should be

accessible using the domain name you registered (if you chose to
use Route 53). If you didn't use Route 53, you can find the
endpoint URL for your S3 bucket in the "Static website hosting"
section.
● Keep in mind that it might take some time for DNS changes to
propagate.
● That's it! You've successfully created and hosted a static website
on AWS.