INTRODUCTION TO AMAZON EC2

Overview

In this exercise, we will initialize and learn the basic features of Amazon EC2. Then we
will connect and install a sample application called AWS User Management a simple
Nodejs CRUD application that allows user management (add, delete, edit, search) and
sharing to all other users. AWS User Management will be deployed on both Windows
and Linux.

The instructions in the article have been tested on Microsoft Windows Server
2022 and Amazon Linux 2.

Amazon Elastic Compute Cloud (EC2)

 Amazon EC2 is like a traditional physical or virtual server. EC2 has fast initialization,
strong resource scalability, and flexibility.
 Virtual server: splits the physical server into many virtual servers, the purpose is to
make better use of resources.
 Amazon EC2 can support workloads like web hosting, applications, databases,
authentication services, and anything else that a regular server can handle.

Amazon Elastic Compute Cloud (EC2) – Instance Type

Configuration of Amazon EC2 is not optional, but configuration choice through selection
of EC2 Instance types.

Instance type determines the following factors:

 CPU (Intel / AMD / ARM (Graviton 1/2/3) / GPU

  Memory
 Network
 Storage

Amazon Elastic Compute Cloud (EC2) – AMI / Backup / Key Pair

 Using AMI (Amazon Machine Image) can provision one or more EC2
Instances at the same time.
 AMI available from AWS, on AWS Market Place and custom AMI created
from EC2 Instances.
 AMI includes root OS volumes, AMI usage rights specify the AWS account to
be used, and mapping EBS volumes will be created and assigned to EC2
Instances.
 EC2 instance can be backup by creating snapshot.
 Key pair (public key and private key) used to encrypt login information for EC2
Instance

Preparation steps

In this lab, we use Microsoft Windows Server 2022 and Amazon Linux. We need to
prepare VPC and Security Group for both instances.

CREATE A LINUX VPC

Create VPC for Linux Instance

1. Go to AWS Management Console

o Find VPC
o Select VPC

2. In Your VPCs interface

o Select Create VPC
3. In the Create VPC interface
o Select VPC and more
o Name tag auto-generation, enter Linux
4. VPC endpoints: select None.
And then select Create VPC
 6. In the VPC interface
o Select Subnets

7. In the Subnets configuration interface:

 Select Public subnet

 Select Actions
 Select Edit subnet settings
 8. Select Enable auto-assign public IPv4 address
o Select Save

9. Configure public subnet successfully

Create VPC for Windows Instance

1. Go to the AWS Management Console

o Find and select VPC
o In the VPC interface, select Your VPCs
 o Select Create VPC

3. VPC endpoints: select None.

And then select Create VPC
 4. In the VPC interface
o Select Subnet

Lam tuong tu nhu voi Linux

5. Complete the public subnet configuration.

Create a Security Group for Linux Instance

1. Go to AWS Management Console

o Find and select VPC
o Select Security Group
2. In the Create security group interface
o Security group name: enter `Linux-SG
o Description: enter Security group for Linux instance
o VPC: select Linux-vpc just created

3. Configure Inbound rule: add seven Inbound rules by clicking Add rule and
creating as shown in the image below.
o SSH, port 22 to connect via PuTTY.
o All ICMP-IPv4
o All ICMP-IPv6
o HTTP, port 80
o HTTPS, port 443
o MySQL/Aurora, port 3306 used for Database MySQL.
o Custom TCP, port 5000 to run Nodejs application
1. Configure Outbound rules
o The tag section fills in the key and value
o Select Create security group
Create Security Group for Windows Instance

1. Continuing, we create Security Group for Windows Instance

In the interface Create security group

o Security group name: enter Windows-SG

o Description: enter Security group for Windows
o VPC: select Windows-vpc

2. Configure Inbound rules: add eight Inbound rules by clicking Add rule and
creating as shown in the image below.
o SSH, port 22
o HTTP, port 80
o HTTPS, port 443
o RDP, port 3389 for connection
o All ICMP-IPv4
o All ICMP-IPv6
o Custom TCP, port 5000 to run Nodejs app
o MYSQL/Aurora, port 3306 for Database MySQL
3. Configure Outbound rules
o In the tag section, enter the key and value
o Select Create security group
 LAUNCH WINDOWS INSTANCE
Launch Microsoft Windows Server 2022 instance
Initialize Microsoft Windows Server 2022 instance

1. Go to AWS Management Console

o Find EC2
o Select EC2
2. In the EC2 interface
o Select Instances
o Select Launch instances

3. Name: enter Windows-instance

4. In the AMI selection step
o Select Quick Start
o Select Windows
o AMI: select Microsoft Windows Server 2022 Base
5. Select Instance type and select Create new key pair
6. In the Create key pair interface
o Key pair name: enter kp-windows
o Private key file format: select .pem
o Select Create key pair to create a key pair and the key pair is stored on
your computer.

7. In the Network settings section, select Edit to configure the network

for instance

8. Proceed to configure the network for instance

1. VPC: select Windows-vpc
 2. Subnet: select public subnet
3. Auto-assign public IP: select Enable
4. Firewall (security groups): select Select existing security group
5. Common security groups: select Windows-SG

9. Double check and select Launch instance

10. Successful instance initialization. Proceed to view instance details by
selecting View all instances
 11. Wait 5 minutes, Status check will change to 2/2 checks passed and the status
of the instance Running

Connect from computer to Microsoft Windows Server 2022 instance

1. In the EC2 interface

o Select Instances
o Select Windows-instance
o Select Connect
2. In the Connect to instance interface
o Select RDP Client (port 3389)
o Select Download remote desktop file to your computer
o Select Get password to use password to connect

3. In the Get Windows password interface

o Select Browse
 o Select kp-windows.pem on the local computer
o Check private key and select Decrypt password

4. After Decrypt password is successful

 Copy password to use connection via port 3389

5. Continue the steps to connect as follows:

1. Open remote desktop file just downloaded to your device
2. The Remote Desktop Connection interface appears, select Connect
6. After completing the connection to the Microsoft Windows Server
2022 instance, the configuration information of the instance is displayed on the
screen.
 LAUNCH LINUX INSTANCE
Launch Amazon Linux 2 instances
Create Amazon Linux 2 instances

1. Go to AWS Management Console

o Find EC2
o Select EC2
o Select Instances
o Select Launch instances
2. Name: enter Linux-instance
3. In the AMI selection step
o Select Quick Start
o Select Amazon Linux
o AMI: select Amazon Linux 2 AMI

4. Select Instance type and select Create new key pair

5. In the Create key pair interface
 6. In the Network settings interface, we configure the network for the instance as
follows:
1. VPC: select Linux-vpc
2. Subnet: select public subnet
3. Auto-assign public IP: select Enable
4. Firewall (security groups): select Select existing security group
5. Common security groups: select Linux-SG
7. Check again and select Launch instance

8. Connect to ec2 linux instance :

AMAZON EC2 BASIC

Amazon EC2 Basic

This exercise provides an overview of working with Amazon EC2 objects and related
components. We will focus on basic tasks such as changing the configuration, creating
snapshots, building custom AMI, and accessing when key pair is lost.

Change EC2 Instance Type

Overview
  Configuration of Amazon EC2 is not optional, but configuration choice through
selection of EC2 Instance types.

Instance type determines the following factors:

 CPU (Intel / AMD / ARM (Gaviton 1/2/3) / GPU

 Memory
 Network
 Storage

Content

1. Go to AWS Management Console

o Find EC2
o Select EC2
o Select Instances
o Select Windows-instance
o Select Instance state
o Select Stop instance

2. Change the instance type

o Select Windows-instance
o Check Instance state is Stopped

 Select Actions
 Select Instance settings
 Select Change instance type
3. In the Change instance type interface
o Change the type from t2.micro to t3.medium
o Instance type, select t3.medium
o Select Apply

4. After changing the instance type

o Select Windows-instance
o Check instance type
o Select Instance state
 o Select Start instance

5. Wait about 5 minutes, Status check changes to 2/2 checks

passed and Instance state is Running

Create EC2 snapshot

1. Go to AWS Management Console

o Find EC2
o Select EC2
o In the EC2 interface, select Snapshot
o Select Create snapshot

2. In the Create snapshot interface

o Resource type: select Instance
o Select Windows-instance
3. In the Volumes section
o Copy tags from source volume: select Copy tags
o Select Create snapshot
Create Custom AMI

1. Access the interface AWS Management Console

o Find EC2
o Select EC2
o Select Instances
o Select Windows-instance
o Select Actions
o Select Image and templates

 Select Create image

2. Configure AMI
o Image name: enter Custom Windows AMI
o Image description: enter Custom Windows AMI
o No reboot: select Enable
 Select Create image
 In the EC2 interface
o Select AMIs
Launch an instance from a custom AMI.

Key Pair is used to encrypt and decrypt credentials to the EC2 virtual server.

In case of losing key pair, we can perform the following steps to assign a new key pair.

1. In the EC2 interface

Select AMIs
o
Select Custom Windows AMI just created from Microsoft Windows Server
o
2022 instance
o Select Launch instance from AMI
2. Name: enter Windows Server AMI
3. In the AMI selector
o Select AMI from catalog
4. Next, select Instance type and select Create new key pair
5. In the Create key pair interface
o Key pair name, enter kp-windows2
o Private key file format, select .pem
o Select Create key pair

6. Then we configure the network for the new instance. In Network settings,
select Edit and then:
o VPC: select Windows-vpc
o Subnet: select public subnet
o Auto-assign public IP: select Enable
o Firewall (security group): select Select existing security group
o Common security groups: select Windows-SG
7. Finish creating a new instance, and select View all instance to see details about
the instance
 ACCESSING EC2-WINDOWS KEY PAIR
LOSS USING SSM
We will solve the problem of losing the access key pair

Key Pair is used to encrypt and decrypt credentials to the EC2 virtual server.

In case of losing key pair we can perform the following steps to reset key
pair using AWS Systems Manager service.
Request:

 EC2 needs Internet access to communicate with AWS Systems

Manager using public or NAT address.

 Otherwise EC2 needs to use VPC Endpoint to communicate with AWS

Systems Manager

1.In order for AWS Systems Manager to perform tasks on EC2, it is necessary
to check the status of SSM agent , in the EC2 interface

 Select Instances

 Select EC2 Windows-instance just created from Microsoft Windows Server

2022 AMI

 Select connect
1.1 If SSM agent is active & authorized, the Session Manager section will
bold Connect (Continue to step 2), if not, perform the assignment * role* (with SSM
permissions) on EC2.
1.2 Assign roles - have SSM permissions for EC2, In the IAM interface
Select Roles

Select Create role

1.3 Next, in the Select trusted entity interface

 Select AWS service

 Select EC2
 Select Next

1.4 In the section: Permissions policies:

 Type: AmazonSSMFullAccess, press enter

  Check green in the box AmazonSSMFullAccess
 Select Next

1.5 Next,

 In the Role name field, enter: Windows-instance

 Scroll to the bottom of the page, select Create role

1.6 In the EC2 interface,

 Select Instances
  Select EC2 Windows-instance
 Select Actions -> Security -> Modify IAM role

1.7 Next, in the Modify IAM role interface

 In the IAM role section, select the role you just created: Windows-instance
 Select Update IAM role

2. In the AWS Systems Manager interface

o Select Run Command
o Select Run a Command
3. In the AWS Systems Manager interface
o Type: AWSSupport-RunEC2RescueForWindowsTool
o Select AWSSupport-RunEC2RescueForWindowsTool
o Scroll down, in the Target selection section, select Choose instances
manually
o Select EC2 Windows-instance (If EC2 is not present, wait 5 minutes
for SSM agent to connect to AWS Systems Manager).
o Uncheck Enable an S3 bucket
o Select Run
5. In the AWS Systems Manager interface
o Select Parameter Store
o In the My parameters section, select /EC2Rescue/Passwords/i-
0d74ecb60bec551f2, corresponding to the EC2 that has just been reset key
pair

7. Copy to prepare for the EC2 login step.

8. In the EC2 interface
1. Select Instances
2. Select EC2 - Windows-instance
3. Select Connect
9. In the Connect to instance interface
o Select RDP client
o Select Connect using RDP client
o Select Download remote desktop file

10. Once downloaded, select Open

11. At the screen, Remote Desktop Connection, paste the password copied in
step 6, select ok, select yes
12. Check connection, IP public appears on Desktop screen corresponding to
EC2’s Public on console
 13. Congratulations on logging into EC2 with your Windows OS by reset password

NODEJS APPLICATION ON EC2 LINUX

Deploy an AWS User Management Application on Amazon Linux 2

 AWS User Management is built with Node.js, Express, Express-Handlebars, and

MySQL
 We will install LAMP web server on Amazon Linux 2 to use MySQL database
(MariaDB).
 Create database, table, insert item on phpMyAdmin interface
 Also install Nodejs Runtime Environment
 Deploy the application and experience the application’s view, add, delete, edit,
search features (CRUD)

INSTALL LAMP WEB SERVER

Install LAMP web server on Amazon Linux 2

In this lab, installing LAMP web server makes use of MySQL database, in addition to
installing LAMP Web Server, you can use it to host *WordPress website *

Prepare LAMP Server

After connecting to the Amazon Linux 2 instance, we deploy the application.

 1. To ensure that all your software packages are up to date, execute the following
command:

sudo yum update –y

2. Install lamp-mariadb10.2-php7.2 and php7.2 , use Amazon Linux Extras to

download the latest version of LAMP MariaDB and PHP packages for Amazon
Linux 2.

sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2

If you receive the error message sudo: amazon-linux-extras: command not
found, your instance was not launched with the Amazon Linux 2 AMI (you
are probably using the Amazon Linux AMI instead).
You can view your Amazon Linux instance with the following command.
cat /etc/system-release

3. Install the Apache web server, MariaDB and PHP packages.

 Use the yum install command to install multiple software packages and all
related dependencies at once.

sudo yum install -y httpd mariadb-server

 4. Start the Apache web server

sudo systemctl start httpd && sudo systemctl enable httpd

5. You can verify that httpd is on by running the following command:

sudo systemctl is-enabled httpd

6. In the EC2 interface

 Select Instances
 Select Linux-instance
 Copy Public IPv4 address
7. Paste Public IPv4 address into your browser to test Apache
o Use IP Public

 Use DNS

8. Execute some commands to grant permissions

o Add your user (in this case ec2-user) to the apache group

sudo usermod -a -G apache ec2-user

  Change ownership of group /var/www and its contents to apache group

sudo chown -R ec2-user:apache /var/www

 To add group write permissions and set group IDs on future subdirectories,
change the directory permissions of /var/www and its subdirectories.

sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;

 To add group write permissions, recursively change the permissions for the
file /var/www and its subdirectories:

find /var/www -type f -exec sudo chmod 0664 {} \;

TEST LAMP SERVER

Check LAMP server

1. We perform a test of the LAMP server. Create a PHP file.

echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

 2. In the EC2 interface
o Select Instances
o Select Linux-instance
o Copy Public IPv4 DNS
3. Paste the following command into the browser:

4. Verify the installed packages again with the following command:

sudo yum list installed httpd mariadb-server php-mysqlnd

5. Delete the file phpinfo.php

rm /var/www/html/phpinfo.php
 CONFIGURING THE DATABASE SERVER
Database server security configuration

The mysql_secure_installation command will guide you through the process of setting
a root password and removing unsafe features from your installation.

1. Start the MariaDB server.

sudo systemctl start mariadb

2. Run mysql_secure_installation

sudo mysql_secure_installation

 By default, the root account is not password set. Press Enter.

 Enter Y to set password and enter password. Example here using

password 123Admin

In addition, you should note the following:

 Enter Y to remove anonymous user accounts.

 Enter Y to disable remote root login.

 Enter Y to remove the test database.

 Type Y to reload privilege tables and save your changes.

 3. Complete security configuration for the database server

INSTALLING PHPMYADMIN
Install phpMyAdmin

phpMyAdmin is a web-based database management tool that you can use to view and
edit MySQL databases on your EC2 instances. Follow the steps below to install and
configure phpMyAdmin on your Amazon Linux instance.

1. Install the required dependency

sudo yum install php-mbstring php-xml –y

 2. Restart Apache

sudo systemctl restart httpd

3. Restart php-fpm.

sudo systemctl restart php-fpm

 4. Navigate to the Apache document root at /var/www/html.

cd /var/www/html

5. Download phpMyAdmin

wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-
languages.tar.gz

6. Create a folder phpMyAdmin and extract it with the following command.

mkdir phpMyAdmin && tar -xvzf phpMyAdmin-latest-all-languages.tar.gz -C

phpMyAdmin --strip-components 1
7. Remove phpMyAdmin-latest-all-languages.tar.gz tarball.

rm phpMyAdmin-latest-all-languages.tar.gz

8. If the MySQL server is not running, start it

sudo systemctl start mariadb

9. In the EC2 interface

o Select Instances
o Select Linux-instance
o Copy Public IPv4 DNS

http://ec2-54-255-148-96.ap-southeast-1.compute.amazonaws.com/
phpMyAdmin/
 You will see the phpMyAdmin login page.
 Proceed to login with user name: root and password: 123Admin
 Select Login

11. In the phpMyAdmin interface

o Create a new database by selecting New
 Enter database name as awsuser
 Then select Create

13. Finish creating a database

14. Perform step SQL Schema to create a table user to manage user information for
the database. Execute the following SQL query:

CREATE TABLE `awsuser`.`user` (

`id` INT NOT NULL AUTO_INCREMENT ,

`first_name` VARCHAR(45) NOT NULL ,

`last_name` VARCHAR(45) NOT NULL ,

`email` VARCHAR(45) NOT NULL ,

`phone ` VARCHAR(45) NOT NULL ,

`comments` TEXT NOT NULL ,

`status` VARCHAR(10) NOT NULL DEFAULT 'active' ,

PRIMARY KEY (`id`)

) ENGINE = InnoDB;

 Select awsuser database just created

 Select SQL
 Paste the code SQL query in
 Select Format to customize the format of SQL
 Then select Go
 INSTALL NODEJS ON LINUX
Install Nodejs on Amazon Linux 2

In the lab, we use Node.js with the SDK for JavaScript to set up and run the Node.js
web application on Amazon Elastic Compute Cloud (Amazon EC2).

You must configure Security Group to allow SSH (port 22), HTTP (port 80), HTTPS
(port 443) and app using Nodejs (port 5000)

1. Install node version manager (nvm) ) by typing the following in the following command
line:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash

Note: We will use nvm to install Node.js because nvm can install multiple versions of
Node.js and allows you to switch between them.
 2. Enable nvm by typing the following in the command line:

. ~/.nvm/nvm.sh

3. Use nvm to install the latest version of Node.js by typing the following in the
command line.

nvm install 16

4. Test installed nodejs successfully

node –v

npm –v

DEPLOYING APPLICATION ON LINUX

INSTANCE
Deploy applications on Linux

1. We use git to clone the source code. First of all, install git with the following command:

sudo yum install git

2. Check successful git installation with command

git version

3. Clone repository application code

cd ~ec2-user

git clone https://github.com/First-Cloud-Journey/000004-EC2.git

4. Go to the lab directory 000004-EC2 and check the files

cd 000004-EC2

ls

5. NPM stands for Node package manager and is a tool to create and manage
Javascript programming libraries for Node.js. Using npm init to initialize the
project will generate a sample package.json file.

npm init

NOTE : You proceed to configure the application’s information and it is saved in the
file package.json
6. Next we do dependencies installation

 express
 Dotenv
 express-handlebars
 body-parser
 mysql

npm install express dotenv express-handlebars body-parser mysql

npm audit fix

7. Check the installed dependencies. The node_modules folder appears.

8. Create file .env

touch .env
9. Use vi to edit the .env file. We perform the database configuration:

DB_HOST = 'localhost'

DB_NAME = ‘awsuser'

DB_USER = 'root'

DB_PASS = '123Admin'
11. Restart Express server. Use Nodemon to save time

npm install --save-dev nodemon

12. Start local server

npm start

13. In the EC2 interface

 Select Instances
 Select Linux-instance
 Copy Public IPv4 DNS address
14. Paste Public DNS IPv4 address into the browser and port 5000. Observe
the AWS FCJ Management interface

15. In the phpMyAdmin interface, we execute SQL Dummy Data

 Select awsuser database

 Select SQL
 Paste the SQL query code in the infouser.txt

 Select Format
 Select Go

16. Refresh the application interface

17. View the user

18. Edit users

19. Add users
20. Search for users

21. Database after inserting the item

22. The interface of the instance when starting the local server