Background

The Level-Up Bank wants to move its website and online banking platform to the cloud to improve scalability, reliability, and security. The bank would like to use AWS for its cloud services.

Why would the bank move from an on-prem Linux server to EC2?

Scalability — On-premises infrastructure can be difficult and expensive to scale. By moving its app to an EC2 instance on AWS, the bank can take advantage of the cloud’s scalability. EC2 instances can be easily scaled up or down depending on demand, allowing the bank to handle spikes in traffic without having to invest in additional hardware or infrastructure. This means that the bank can quickly respond to changes in customer demand and avoid the risk of under provisioning or overprovisioning resources.

Reliability — AWS offers a highly reliable infrastructure with multiple availability zones and automatic failover capabilities. By moving its app to AWS, the bank can ensure that it is highly available and that customers can access it at all times. AWS’s infrastructure is designed to be fault-tolerant, which means that the bank’s app can continue to function even if there is an issue with a server or availability zone. This helps to minimize downtime and ensure that customers can access the bank’s services whenever they need them.

Security — Banks are a prime target for cyber attacks, and securing customer data is paramount. AWS provides robust security features, such as encryption, access controls, and network security, that can help the bank improve the security of its app and customer data. AWS also offers compliance certifications for various industry standards, which can help the bank meet regulatory requirements and protect against legal and reputational risks.

Cost savings — Maintaining on-premises infrastructure can be expensive, requiring significant upfront investment in hardware, software, and personnel. By using AWS, the bank can take advantage of pay-as-you-go pricing and avoid the upfront costs of purchasing and maintaining hardware. This means the bank can focus its resources on improving its app and services rather than managing and maintaining infrastructure. Additionally, AWS offers cost optimization tools and resources to help the bank optimize its infrastructure and reduce costs over time.

Flexibility — The banking industry is constantly evolving, and banks need to be able to adapt quickly to changing market conditions and customer needs. Moving its app to AWS gives the bank the flexibility to quickly spin up new instances, test new features, and experiment with different configurations. This can help the bank innovate and respond more quickly to changing market conditions, giving it a competitive advantage.

Solution

I will create a t2.micro EC2 instance selecting an Amazon Machine Image (AMI) with Amazon Linux as the OS. For more details on a manual install of an EC2 and install of Apache please see my article here. This article will focus on the ease of applying scripting during the install of an EC2 to aid in efficiency of AWS instances in a real-world environment.

Let’s Get Started!

As I mentioned earlier, I will not go into the details of creating an EC2 instance and will focus on the ease of utilizing Bash scripting during the install. I will incorporate a small script in the AWS user data section on the AWS Console while launching an EC2 instance.

What is User Data?

When you launch an Amazon EC2 instance, you can pass user data to the instance that is used to perform automated configuration tasks, or to run scripts after the instance starts. More

User data can be very useful in configuring in an automated fashion vs. manually having to enter those steps which allows you to create the instance, update the repository, install/enable Apache webservices all while creating the instance.

#!/bin/bash

yum update -y # Update all packages
yum install httpd -y # Install Apache
systemctl start httpd # Start Apache service
systemctl enable httpd # Enable Apache service to start on boot

Launch instance.

Congratulations, you have created a preconfigured AWS EC2 instance. This saves you time as Cloud Engineer that you can launch and configure an EC2 instance in one step vs. manually configuring after launch.

Project Scenario

This week we used our fictitious Level Up Bank again. With the ever growing and evolving IT infrastructure, particularly in managing user access and ensuring data security within the growing organization. It highlights the need for a secure user management system to facilitate efficient operations across departments, protect sensitive data, ensure privacy and comply with regulations. We will create the basic folder structure, group creation and user permissions in Linux with the following requirements.

Requirements

As the root user:

1. Create 3 directories: Development, Operations, Analytics

• Add several blank dummy files to each directory using the appropriate commands. Do not use a text editor.

2. Create 3 Groups in Linux: Developers, Operations, Data Analysts

3. Each group should only have view and access to their respective directory.

• Use the chown command to change the owner of each directory to their respective group.
• Use the chmod command to modify the permissions to the directory so that only the owner of the group can read, write and execute. Users should not be able to access the directory if they are not in the correct group.

4. Create the following users with the associated information

• Jess Waller, username= jwaller, email=jwaller@‌levelupbank.com, group= Developers
• Blake Dorsey, username= bdorsey, email=bdorsey@‌levelupbank.com, group= Operations
• Joey Ewart, username= jewart, email=jewart@levelupbank.com, group= Data Analysts

5. Switch to each newly created user and verify they are only able to see the directories associated with their Group and that they are able to view and open the files in the directory.

Let’s get started!

I will create the Linux environment using Amazon Web Services (AWS) by launching an EC2 instance with an Ubuntu Amazon Machine Image (AMI) utilizing a t2.micro Instance type.

I will start with creating the following 3 directories: Development, Operations, Analytics with the mkdir command using the -p option. The -p option will allow me to create all three directories at once making them all parent directories.

sudo mkdir -p Development Operations Analytics

Next, we move on to the “dummy” file creation for each folder.

sudo touch Analytics/AnaDummy1 Analytics/AnaDummy2 Analytics/AnaDummy3
sudo touch Development/DevDummy1 Development/DevDummy2 Development/DevDummy3
sudo touch Operations/OpDummy1 Operations/OpDummy2 Operations/OpDummy3

We can now move on to the Group creation: Developers, Operations, Data Analysts

I will create the groups with the following command:

sudo addgroup groupname

To view the newly created groups, I used the cat command with the following syntax:

Next, we will update the permissions for each directory to match their respective group.

sudo chown :data_analysts Analytics
sudo chown :developers Development
sudo chown :operations Operations

Next, we use the chmod command to modify the permission for each directory so that only the owner of the group can read, write and execute. Users should not be able to access the directory if they are not in the correct group.

Octal Notation Explanation:

• 7 (Owner): The owner of the directory has read (r), write (w), and execute (x) permissions.
• 7 (Group): Members of the group have read (r), write (w), and execute (x) permissions.
• 0 (Others): No permissions for users who are not the owner or in the group.

Using the following commands, I was able to change the permissions for the directories:

sudo chmod 770 Analytics/
sudo chmod 770 Development/
sudo chmod 770 Operations/

Next will create the users with the following information:

1. Jess Waller, username= jwaller, email=jwaller@‌levelupbank.com, group= Developers
2. Blake Dorsey, username= bdorsey, email=bdorsey@‌levelupbank.com, group= Operations
3. Joey Ewart, username= jewart, email=jewart@levelupbank.com, group= Data Analysts

Using the adduser command I created the users with the following code:

sudo adduser jwaller --gecos "Jess Waller, , , jwaller@levelupbank.com" --ingroup developers
sudo adduser bdorsey --gecos "Blake Dorsey, , , bdorsey@levelupbank.com" --ingroup operations
sudo adduser jewart --gecos "Joey Ewart, , , jewart@levelupbank.com" --ingroup data_ analysts

Syntax Explanation:

• sudo adduser username: Adds the user with the given username.
• — gecos “Full Name, Room Number, Work Phone, Home Phone”: The — — gecos flag allows you to set additional user information like the full name, which can include email information.
• — ingroup groupname: Adds the user to the specified group. If the group name has spaces (like “Data Analysts”), make sure to put it in quotes.

User Access(verification)

Earlier I created the 3 directories in the home directory and I will need to move them to a directory (Project) in the root directory. This will allow the respective users access to their own directory.

Congratulations! You have now created a basic user folder structure utilizing security best practices and least privileges.

Project Description

As a junior cloud engineer at Level Up Bank, your team has been tasked with creating a new web server using Amazon Linux 2, an open-source Linux distribution widely used for web servers.

The web server will host the bank’s website, providing information about its services and allowing customers to access their accounts online.

Background

What is an Apache Web Server?

Apache Web Server, commonly called “Apache,” is free, open-source software that hosts websites and web applications. It is one of the world’s most widely used web server software, powering over half of the websites on the Internet.

Apache is known for its flexibility and ability to run on various operating systems, including Linux, Windows, and macOS. It supports various programming languages, including PHP, Perl, and Python, and can be configured to work with various database systems, such as MySQL and PostgreSQL.

Apache is designed to be highly customizable, with a modular architecture that allows administrators to add or remove features as needed. It also includes a wide range of security features, such as SSL/TLS encryption and support for digital certificates, to help protect websites and web applications from potential security threats.

Overall, Apache is a reliable and powerful web server software that provides a secure and efficient platform for hosting websites and web applications.

The Why

Here are some common reasons on why a bank may use an Apache web server on Linux for:

• Stability: Reliable for critical applications.
• Performance: Scalable to handle high traffic.
• Security: Strong security features and support.
• Flexibility: Customizable with plug-ins and modules.
• Cost: Open-source and free, lowering IT costs.

Using an Apache web server on Linux allows a bank to take advantage of these benefits and provide a secure, high-performance platform for its online applications and services.

Let’s Get Started!

Task Summary

Set up an AWS EC2 instance with an Amazon Linux 2 server image. Next, set up the server to allow inbound HTTP traffic. SSH into the server to update and install Apache, then start the service. Confirm successful installation by accessing the server with the public IP in a web browser to get the Apache welcome screen to show a successful installation and completion.

As always when working with EC2 instances they must be created in AWS using the AWS console.

We will continue with the default t2.micro Instance type and don't forget to create a new key pair in order to SSH into the instance.

Next, we will move to the Network settings.

You can now launch your instance and move to connecting to your new server with SSH.

You should see the following screen when you connect with SSH.

The first order of business is to upgrade the Apache software utilizing the yum command with option -y.

sudo yum install httpd -y

Next, we will install Apache with the following command:

sudo yum install httpd -y

Once installed we must start the Apache service on the server with the next command:

sudo systemctl start httpd

Navigate back to the AWS console and copy your public IP and paste into your web browser. Make sure to use HTTP vs HTTPs or your page will not display

Congratulations!

You have successfully launched an AWS EC2 instance with an Amazon Linux 2 server image running Apache as your web server.

Secure Remote Administration of EC2 Instances

The Business Problem

Level Up Corporation, a mid-sized tech company, leverages the power of Amazon Web Services (AWS) Elastic Compute Cloud (EC2) to host both its Linux and Windows applications. The company currently has 100+ EC2 instances running simultaneously. Level Up has a dedicated IT team located globally to handle the administration and maintenance of these instances. However, due to the absence of a reliable, secure, and direct remote administration tool, the IT team faces significant challenges in efficiently managing, troubleshooting, and maintaining these servers, leading to prolonged downtime, decreased productivity, and potential security risks.

Proposed Solution

Implement SSH (Secure Shell) for Linux EC2 instances and RDP (Remote Desktop Protocol) for Windows EC2 instances. Both SSH and RDP provide secure, encrypted channels for remote administration, allowing the IT team to effectively manage and troubleshoot servers, regardless of their geographical location.

Benefits of the Solution

• Improved Productivity and Efficiency: SSH and RDP provide direct access to EC2 instances. This enables the IT team to promptly respond to server issues, reducing downtime and improving overall operational efficiency.
• Enhanced Security: Both SSH and RDP provide secure, encrypted channels for communication. This helps to prevent unauthorized access and data breaches, maintaining the integrity and confidentiality of the company’s data.
• Cost Savings: By reducing server downtime and enhancing IT team efficiency, the company can decrease operational costs. In addition, a fast response to issues can prevent potential financial losses associated with severe server malfunctions or security breaches.
• Easy Administration and Troubleshooting: SSH and RDP enable the execution of commands and access to server resources, simplifying server management, configuration, and troubleshooting. This allows the IT team to provide better support and maintenance.
• Scalability: As Level Up expands and the number of EC2 instances increases, having a robust, secure remote access tool is crucial for managing a larger server infrastructure.

Summary Steps

I will walk you through the creation of both EC2 instances with the AWS console. Log in to instances respectfully with SSH and RDP. With the focus on the outlined benefit solutions

1st EC2 instance (Linux)

• Deploy a Linux EC2 with keypair
• Create a Security Group to allow SSH
• SSH into the deployed EC2
• Run the “whoami” command to verify entry of the EC2instance

2nd EC2 instance (Windows)

• Deploy Windows EC2
• Create a Security Group to allow RDP
• RDP into your deployed Windows EC2

Let’s Get Started!

Create the first EC2(Linux) instance by logging into the AWS Console and searching for EC2 in the search bar.

Launch Instance from either location

Next, we will Name our Instance (Linux Project EC2) and select the Amazon Linux instance image.

1. Select the t2.micro (free tier) Instance type.

2. In order to connect to our instance via SSH will need to establish a “Key Pair” for access.

1. Name your Key Pair (i.e. LinuxKeyPair)
2. Use the default key pair type “RSA”
3. .pem for the private key format to use with SSH
4. Select “Create key pair”

By default, the .pem file will be located in your download folder.

Next, we will create a security group that will only access via SSH

We can now select “Launch instance”

You should have received the “Success” menu bar upon completion!

When your instance is created you should show “Running” for the Instance state and “2/2 checks passed” for the status check. We now can move to connecting to the instance with SSH.

Next launch a command prompt from your desktop and navigate to the “Downloads” directory. Earlier we created the Keypair and download to our Downloads folder. Here is where we will run the SSH to login.

Now lets connect!

1. Select “SSH client” tab
2. Copy the example to run in the command prompt.

Once you have completed the steps you should see the following screen.

Congratulations you have connected to your EC2 instance using SSH!

Creation of the 2nd EC2 instance (Windows)

Next, we will create a 2nd EC2 instance but using a Windows image. Then use RDP (Remote Desktop Protocol) to remote into the Window’s instance.

Select a t2.micro type.

Create your Key pair.

Your Security group settings will default to allow RDP traffic.

Select the Windows instance then select “Connect”.

Select the RDP Client tab and select download remote desktop file.

After the download, launch the RDP file. You will need to select the “Get password” for the Administrator password.

Upload your private key from the download folder and decrypt. Paste the now decrypted password to connect to your Windows instance.

Congratulations you have now remoted into your Windows EC2 instance!

Hello everyone, as promised I am publishing my first completed project with Level Up in Tech, please enjoy the read.

Level Up Bank is a fictitious fintech startup that offers digital banking services to customers. The company’s website is the primary means of acquiring new customers, providing them with information about the services offered, and serving as a platform for them to interact with the bank. Currently, the website is hosted on an on-premises server, which requires a dedicated IT team to manage and maintain it. This creates additional costs for the company, and also adds a level of complexity to the infrastructure. To address these challenges, Level Up Bank has decided to move its website to AWS S3.

Assist the client Level Up Bank with lifting their on-prem hosted website to the Cloud utilizing Amazon’s S3 service.

What is Amazon S3?

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. Customers of all sizes and industries can use Amazon S3 to store and protect any amount of data for a range of use cases, such as data lakes, websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. Amazon S3 provides management features so that you can optimize, organize, and configure access to your data to meet your specific business, organizational, and compliance requirements. More on this topic can be found at What is Amazon S3? — Amazon Simple Storage Service

What are the benefits from this decision

1. Cost savings: Hosting a static website on AWS S3 is more cost-effective compared to using an EC2 or on-premises server. This is because AWS S3 charges only for the amount of storage used, and the cost of data transfer is also minimal. On the other hand, an EC2 instance requires additional expenses for compute power, storage, and data transfer.
2. Improved scalability: AWS S3 provides automatic scalability without requiring any additional effort from the company. If the website receives more traffic, AWS S3 can easily handle the increased load without any downtime.
3. High availability: AWS S3 offers high availability and durability, ensuring that the website is accessible to users at all times. This is achieved through the use of multiple availability zones and redundancy.
4. Reduced management overhead: Since AWS S3 is a fully managed service, Level Up Bank can reduce the burden of managing and maintaining the website. This frees up the company’s IT team to focus on more critical tasks, such as developing new banking features and improving customer experience.

Let’s Get Started!

Brief overview of what the client needs

1. Create an S3 bucket using the AWS Console
2. Upload the index.html file
3. Modify the S3 bucket to host a static website to be reachable through the internet

S3 Bucket Creation for Static website hosting

Step 1. Login to your AWS account

Step 2. Select Create bucket to create your first S3 Bucket

This should take you to the Amazon S3 > Buckets screen.

Select to Create bucket to create your first S3 Bucket

Step 3. Create your Bucket Name

Continue with the bucket creation with the default selections.

Step 4. Enabling your S3 bucket to host your static website

Scroll to the bottom of the Properties page select Edit to Enable Static website hosting and select Bucket hosting then save your updates.

You will then return to the Amazon S3 > Buckets screen with your newly created S3 Bucket listed. To allow S3 to host your static website we need to enable this feature in the Properties menu of the newly created S3 bucket.

Step 3. Select the Properties menu and scroll to the bottom of the Properties page select Edit to Enable Static website hosting than save.

Scroll to the bottom of the Properties page select Edit to Enable Static website hosting than save.

Next we adjust the Block public access setting under the Permissions section.

Edit the Block public access by clearing the Block all public access box and save the changes.

Step 4. Adding a bucket policy to make your bucket content publicly available.

After you edit S3 Block Public Access settings, you can add a bucket policy to grant public read access to your bucket. When you grant public read access, anyone on the internet can access your bucket.

Under Bucket policy paste the following code that allows the public read access to your website.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::Bucket-Name/*"
            ]
        }
    ]
}

Make sure you save your changes.

Step 5. Upload your index.html file for your website homepage.

We have now added the index.html into S3 bucket to host the website.

Select the index.html file showing and view the object

Copy the Object URL to paste in a separate browser to test.

Congratulations you have completed the task of hosting a static website in the cloud using AWS S3!