Accend Networks San Francisco Bay Area Full Service IT Consulting Company

Categories
Blogs

Setting Up a VPC Endpoint

Hands-on Demo: Setting Up a VPC Endpoint to Securely Access Amazon S3 bucket

Amazon Virtual Private Cloud (VPC) endpoints let you securely connect your VPC to AWS services, like S3, without using the public internet. This means you don’t need an internet gateway, NAT device, VPN, or Direct Connect to access these services. In this blog, I will walk you through how to set up a VPC endpoint to connect to Amazon S3 securely from within your VPC.

Why VPC Endpoint for S3

VPC Endpoint for S3 provides us a secure link to access resources stored on S3 without routing through the internet. AWS doesn’t charge anything for using this service.

In this hands-on lab, we will create a custom VPC with a public and private subnet, we will then Launch a private EC2 Instance in the private subnet and a public EC2 Instance in the public subnet. We will then create an S3 Gateway endpoint and test connection from the public and private EC2 Instances.

Step 1: Create VPC with public and private subnet

Log into the AWS Console and navigate to the VPC dashboard.

Click Create VPC

Fill in VPC details, select VPC only, then enter VPC CIDR under IPv4 CIDR, leave it at default tenancy then click Create VPC.

Select the created VPC, and click the actions drop-down button to go to VPC settings.

Under DNS settings, check the box on Enable DNS hostnames then click save.

Step 2: Create Internet Gateway and attach it to VPC

Select Internet Gateway on the left side of VPC UI, then click Create Internet Gateway.

Fill in the details then click Create Internet Gateway.

Click the attach button, select the VPC to attach the internet gateway then select attach internet gateway.

Step 3 create subnets

Select subnets in the Left side UI of the VPC dashboard then click Create Subnet.

Select the VPC you just created then scroll down.

Fill in subnet details, enter your preferred name then for subnet CIDR, enter 10.0.0.0/24, scroll down, and click Create subnet.

For the public subnet click the Action drop-down button, then navigate to subnet settings then select it. Tick the box enable-auto-assign public IP. Then click save.

Again, click Create subnet, and repeat the above process, but now for IPv4 CIDR enter 10.0.1.0/24, scroll down, and click Create subnet.

Two subnets were created as you can view them.

Create a Public route table, add a public route to the Internet, and associate the public route with the public subnet.

Under route tables, click Create route table.

Call it public Route table, select your VPC, then click Create route table.

Select the created route table navigate to the routes tab, click edit routes then add route.

Add the pubic route, 0.0.0.0/24, and destination select the internet gateway of the VPC you created then click save changes.

Navigate to the subnet association tab then click Edit associations.

Select the public route table then click Save Associations. The private subnet will be Implicitly associated with the main route table which routes traffic locally within the VPC, hence it’s private by default.

Step 4 create Gateway endpoint

On the left side of VPC UI, select endpoints then click Create Endpoint.

The service category is AWS service.

Under services search Gateway then select it. Under the service name select s3 as shown below. For VPC, select your VPC

Select all the route tables.

We will not create a custom policy, move with full access, scroll down, and click create endpoint.

Step 5: Create bucket and upload objects

In the console search bar, look for S3, then select it.

Click Create bucket.

Leave it at general purpose then fill in Bucket name. Block all public access, scroll down, and click Create bucket.

Upload objects to your bucket by Clicking the upload button,  

Step 6: Luanch two EC2 Instances, in the private and public subnet

We will begin by launching the private Instance. Navigate to the EC2 console and click Launch Instances.

Fill in the Instances details, then for OS select Amazon Linux since it comes with AWS CLI pre-installed.

Select t2. Micro instance

Select your key pairs.

Expand the networking tab, and under VPC select the VPC you just created. Then for subnet select your private subnet.

These are the only settings we need, review under the summary and click Launch Instance.

Repeat the same process for the Instance in the public subnet, the only difference is you will select the public subnet under the Networking tab.

Once the two virtual machines are up and running, connect to your instance in the public subnet.

Once in the instance, run the aws configure command, fill in your details.

Once in the instance, run the aws configure command, and fill in your details.

aws s3 ls s3://<bucket-name>

running this command, we can see we can access the contents from our public Instance through the internet.

Let’s do the same for our Instance in the private with no internet access. Log in to your instance in the private subnet, you can use the EC2 Instance connect endpoint. Run the aws configure to configure your credentials.

Fill in your key details.

Try listing bucket contents, we can see we are accessing our bucket contents, remember we are now not using the public internet but accessing our bucket securely through our Gateway endpoint. That’s it.

Clean up.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].


Thank you!

Categories
Blogs

Using an Alias for Your AWS Account ID

Using an Alias for Your AWS Account ID

AWS (Amazon Web Services) account IDs are unique identifiers that serve as key elements when managing resources, executing services, or configuring security measures. But remembering a 12-digit number can be tough. As a result, AWS allows users to create nicknames (aliases) for their account ID, offering an easier way to reference an account. This guide explores the benefits and steps for setting up an alias for your AWS account ID.

Why Use an Alias for Your AWS Account ID?

Readability and Memorability: A 12-digit number can be hard to recall. An alias, on the other hand, is a user-friendly label that can be descriptive and easy to recognize.

Enhanced Collaboration: If you’re working in a team, sharing an alias (like “development-team-account” or “finance-dept”) makes it easier for others to understand whose account it is.

Organizational Clarity: In a large-scale AWS environment with multiple accounts under an organization, using aliases can simplify identifying accounts, especially in multi-account setups.

Security by Hiding Details: While the account ID is not sensitive by itself, using an alias may help obscure the raw ID when sharing AWS resources or working with third-party tools. Where AWS Account Aliases Are Useful

AWS account aliases are primarily used in these scenarios:

IAM Sign-in URLs: The default sign-in URL for IAM users is based on the AWS account ID. By creating an alias, you can replace the numeric ID with the alias for easier access

Setting Up an AWS Account Alias

Log into your AWS Management Console as an I am user with admin privileges or you must have the following, I am roles assigned to you.

  • iam:ListAccountAliases
  • iam: CreateAccountAlias

As we can see when you sign in as an I Am user, you must provide your AWS account ID which can be a daunting task to remember. This is where the account alias comes in handy.

Once logged in to your AWS account, type I AM in the search bar then select I AM under services.

In the I AM console on the left side of the navigation pane, select dashboard.

Scroll down to the AWS account section, where you will find the account Alias, then click Create.

Fill in your account alias keeping in mind it must always be unique then click Create.

Successfully created the account alias, and as can be seen, our sign-in URL is now using our account alias, copy the URL to your clipboard then open a new browser and paste it in there.

As can now be seen, in the account ID section is our account alias, fill in your required details.

We have successfully logged in to our AWS account using the account alias and if you check at the top-hand right corner, we can see our AWS account ID is not being displayed but our account alias.

Security Considerations

While using an alias for your AWS account ID is beneficial, keep in mind:

Not a Security Measure: An alias doesn’t provide additional security. It’s purely for convenience. Always ensure that your account is secured using strong IAM policies, MFA (Multi-Factor Authentication), and least-privileged access.

Unique Across AWS: Aliases are globally unique, which could result in name conflicts if your preferred alias is already in use.

Best Practices for AWS Account Aliases

Choose a Descriptive Alias: Your alias should make sense within your organization. Use department names, environments (e.g., development, production), or geographical regions to make the account easily identifiable.

Keep Aliases Short: Longer aliases can make the IAM URL cumbersome. A good balance is a short but meaningful name.

Conclusion

With just a few clicks, you can set an easily recognizable alias that replaces the default 12-digit numeric account ID in several key places.

That’s it, thanks for reading, and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].


Thank you!

Categories
Blogs

Understanding AWS Placement Groups

Understanding AWS Placement Groups: Maximizing Performance and Reliability in EC2 Deployments

AWS Placement Groups are a handy capability of Amazon Web Services (AWS) which allows users to enhance network optimization and fault tolerance of their EC2 instances. If you are running performance-intensive applications or controlling large distributed operating system domains, placement groups let you leverage how the EC2 instances are spread through the AWS deployment, allowing a better focus on networking, latency, and faults recovery.

What is a Placement Group?

A placement group is a way to control how your EC2 instances are placed on the underlying hardware in the AWS cloud. By influencing the physical location and network proximity of your instances,

All nodes within the placement group can talk to all other nodes within the placement group at a full line rate of 10 Gbps single traffic flow within the enclosure without any over-subscription-related delay.

Best Use Cases:

High-performance computing (HPC): Applications that require low latency, such as real-time data analytics or financial services.

Distributed machine learning: applications that need fast, low-latency communication between instances.

Benefits:

Low latency: The physical proximity of instances ensures minimal delay in communication.

High throughput: Instances can utilize high bandwidth for inter-instance data transfer.

Types of Placement Groups?

Cluster Placement Group

Packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly coupled node-to-node communication that is typical of HPC applications.

A cluster placement group is a logical grouping of instances within a single Availability Zone. A cluster placement group can span peered VPCs in the same region. Instances in the same cluster placement group enjoy a higher per-flow throughput limit of up to 10 Gbps for TCP/IP traffic and are placed in the same high-bisection bandwidth segment of the network.

Cluster Placement Groups are great for applications that require low latency or high throughput. They work best when most of the network traffic occurs between the instances in the group, making them ideal for workloads that depend on quick data exchange. If your application falls into this category, using a Cluster Placement Group can help improve performance significantly!

Partition Placement Group

Spread your instances across logical partitions such that groups of the cases in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.

Partition placement groups help reduce the likelihood of correlated hardware failures for your application. When partition placement groups are used, Amazon EC2 divides each group into logical segments called partitions.

Amazon EC2 ensures that each partition within a placement group has its own racks. Each rack has its own network and power source. No two partitions within a placement group share the same racks, allowing you to isolate the impact of a hardware failure within your application.

Each partition comprises multiple instances. The instances in a partition do not share racks with the instances in the other partitions, allowing you to contain the impact of a single hardware failure to only the associated partition.

Partition placement groups can be used to deploy large distributed and replicated workloads, such as HDFS, HBase, and Cassandra, across distinct racks.

Spread Placement Group

Strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

A spread placement group is a group of instances that are each placed on distinct racks, with each rack having its own network and power source.

Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other. Launching instances in a spread placement group reduces the risk of simultaneous failures that might occur when instances share the same racks.

Placement Group Rules and Limitations

General Rules and Limitations

  • The name that you specify for a placement group must be unique within your AWS account for the Region.
  • An instance can be launched in one placement group at a time; it cannot span multiple placement groups.
  • You can’t merge placement groups.
  • Instances with a tenancy of a host cannot be launched in placement groups.
  • On-demand capacity Reservation and zonal Reserved Instances provide a capacity reservation for EC2 instances in a specific Availability Zone. The capacity reservation can be used by instances in a placement group. However, it is not possible to explicitly reserve capacity for a placement group.

Conclusion

AWS Placement Groups are a useful way to make your EC2 performance better, depending on what your application needs for networking and availability. By picking the right type of placement group, you can find the best mix of performance, cost, and reliability for your tasks.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].


Thank you!

Categories
Blogs

Exploring AWS Data Migration Services

Exploring AWS Data Migration Services: Unlocking Seamless Cloud Transitions

Migrating data to the cloud is a critical part of any modern business transformation. Whether moving small datasets, large-scale workloads, or entire databases. Moving substantial amounts of data ranging from terabytes to petabytes presents unique challenges. AWS provides many data migration tools to help organizations transition smoothly and securely. In this blog, we’ll explore the most common AWS Data migration options, and help you decide which one is best suited for your choice.

OFFLINE DATA TRANSFER

The AWS Snow Family: simplifies moving data into and out of AWS using physical devices, bypassing the need for high-bandwidth networks. This makes them ideal for organizations facing bandwidth limitations or working in remote environments.

AWS Snowcone: The smallest member of the Snow Family, Snowcone, is a lightweight edge computing and data transfer device.

Features

  • Compact, rugged device ideal for harsh environments.
  • Used to collect, process, and move data to AWS by shipping the device back to AWS.
  • Pre-installed DataSync agent: This allows for seamless synchronization between Snowcone and AWS cloud services, making it easier to transfer data both offline and online.
  • 8 TB of usable storage.

Best Use Cases

Edge data collection: Gathering data from remote locations like oil rigs, ships, or military bases.

Lightweight compute tasks: Running simple analytics, machine learning models, or edge processing before sending data to the cloud.

AWS Snowball

Overview: A petabyte-scale data transport and edge computing device.

Available in two versions

Snowball Edge Storage Optimized: Designed for massive data transfers, offers up to 80 TB of storage.

Snowball Edge Compute Optimized: Provides additional computing power for edge workloads and supports EC2 instances, allowing data to be processed before migration.

Best Use Cases

Data center migration: When decommissioning a data center and moving large amounts of data to AWS.

Edge computing tasks: Processing data from IoT devices or running complex algorithms at the edge before cloud migration.

AWS Snowmobile

A massive exabyte-scale migration solution, designed for customers moving extraordinarily large datasets. The Snowmobile is a secure 40-foot shipping container.

Features

  • Can handle up to 100 PB per Snowmobile, making it ideal for hyperscale migrations.
  • Data is transferred in a highly secure container that is protected both physically and digitally.
  • Security features: Encryption with multiple layers of protection, including GPS tracking, 24/7 video surveillance, and an armed escort during transit.

Best Use Cases

Exabyte-scale migrations: Ideal for organizations with huge archives of video content, scientific research data, or financial records.

Disaster recovery: Quickly evacuating vast amounts of critical data during emergencies.

Hybrid and Edge Gateway
AWS Storage gateway

AWS Storage Gateway provides a hybrid cloud storage solution that integrates your on-premises environments with AWS cloud storage. It simplifies the transition to the cloud while enabling seamless data access.

Types of Storage Gateway:

File Gateway: Provides file-based access to objects in Amazon S3 using standard NFS and SMB protocols. Ideal for migrating file systems to the cloud.

Tape Gateway: Emulates physical tape libraries, archiving data to Amazon S3 and Glacier for long-term storage and disaster recovery.

Volume Gateway: Presents cloud-backed storage volumes to your on-premises applications. Supports EBS Snapshots, which store point-in-time backups in AWS.

Best Use Cases:

Seamless cloud integration: Extending on-premises storage workloads to AWS without disrupting existing workflows.

Archiving and backup: Cost-efficient tape replacement for data archiving and disaster recovery in Amazon S3 and Glacier.

Additional AWS Data Migration Services

Beyond physical devices, AWS offers several other tools for seamless and efficient data migration, each designed for different needs:

AWS Data Exchange: Simplifies finding, subscribing to, and using third-party data within the AWS cloud. Ideal for organizations that need external data for analytics or machine learning models.

Best Use Cases

Third-party data access: Easily acquire and use data for market research, financial analytics, or AI model training.

Conclusion

Migrating large volumes of data to the AWS cloud is a complex but manageable task with the right approach. By carefully selecting the appropriate tools and strategies, you can achieve a very smooth transition and successful outcome.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].


Thank you!

Categories
Blogs

Understanding AMI in AWS

Understanding AMI in AWS: A definitive guide to cloud resilience

Amazon Machine Image (AMI) and Snapshots play crucial roles in the storage, replication, and deployment of EC2 instances. This guide not only demystifies the significance of AMIs but also unveils effective AWS backup strategies, including the vital process of taking AMI backups.

What is an Amazon Machine Image (AMI)?

An Amazon Machine Image (AMI) is an image that provides the software that is required to set up and boot an Amazon EC2 instance. Each AMI also contains a block device mapping that specifies the block devices to attach to the instances that you launch.

An Amazon Machine Image (AMI) is a template that contains the information required to launch an EC2 instance, it is the encapsulation of server configuration. Each AMI also contains a block device mapping that specifies the block devices to attach to the instances that you launch.

You can launch multiple instances from a single AMI when you require multiple instances with the same configuration. You can use different AMIs to launch instances when you require instances with different configurations, as shown in the following diagram.

You can launch multiple instances from a single AMI when you require multiple instances with the same configuration. You can use different AMIs to launch instances when you require instances with different configurations, as shown in the following diagram.

Key Components of an AMI:

Root Volume: Contains the operating system and software configurations that make up the instance.

Launch Permissions: Determine who can use the AMI to launch instances.

Block Device Mapping: Specifies the storage devices attached to the instance when it’s launched.

AMIs can be public or private:

Public AMIs: Provided by AWS or third-party vendors, offering pre-configured OS setups and applications.

Private AMIs: Custom-built by users to suit specific use cases, ensuring that their application and infrastructure requirements are pre-installed on the EC2 instance.

Types of AMIs:

EBS-backed AMI: Uses an Elastic Block Store (EBS) volume as the root device, allowing data to persist even after the instance is terminated.

Instance store-backed AMI: Uses ephemeral storage, meaning data will be lost once the instance is stopped or terminated.

Why Use an AMI?

Faster Instance Launch: AMIs allow you to quickly launch EC2 instances with the exact configuration you need.

Scalability: AMIs enable consistent replication of instances across multiple environments (e.g., dev, test, production).

Backup and Recovery: Custom AMIs can serve as a backup of system configurations, allowing for easy recovery in case of failure.

Creating an AMI

Let’s now move on to the hands-on section, where we’ll configure an existing EC2 instance, install a web server, and set up our HTML files. After that, we’ll create an image from the configured EC2 instance, terminate the current configuration server, and launch a production instance using the image we created. Here’s how we’ll proceed:

Step 1: Configuring the instance as desired

Log in to the AWS Management Console with a user account that has admin privileges, and launch an EC2 instance.

I’ve already launched an Ubuntu machine, so next, I’ll configure Apache webserver and host my web files on the instance.

SSH into your machine using the SSH command shown below.

Update your server repository.

Install and enable Apache.

Check the status of the Apache web server.

Now navigate to the HTML directory using the below command.

Use the vi editor to edit and add your web files to the HTML directory, run sudo vi index.html

Exit and save the vi editor.

We’ve successfully configured our EC2 instance to host the web application. Now, let’s test it by copying the instance’s IP address and pasting it into your web browser.

Our instance is up and running, successfully hosting and serving and serving our web application.

Step 2: Creating an image of the instance

Select the running EC2 Instance, select the actions drop-down button, and navigate to Image and Templates then click Create Image.

Provide details for your Image

Select tag Image and snapshots together then scroll down and click Create Image.

Once the Image is available and ready for use, you can now proceed and delete your setup server.

Step 3: Launch new EC2 instance from the created Image.

We will now use the created Image to launch a new EC2 instance, we will not do any configuration since the application has our app already configured.

Let’s proceed and launch our EC2 instance, click launch Instance from the EC2 dashboard.

Under Applications and OS, select my AMI, then select owned by me.

Select t2. Micro, then scroll down.

Select your key pairs.

Configure your security groups

Review and click Create Instance.

Step 4: Test our application.

Once our application is up and running, grab the public IP and paste it into your browser.

We have created an EC2 instance from an AMI with an already configured application. Application achieved.

Clean up. This brings us to the end of this article.

Conclusion

Amazon Machine Images (AMIs) are fundamental tools in managing EC2 instances. Understanding how to effectively use AMIs can help optimize your AWS environment, improving disaster recovery, scaling capabilities, and data security.

Thanks for reading and stay tuned for more.

If you have any questions concerning this article or have an AWS project that requires our assistance, please reach out to us by leaving a comment below or email us at [email protected].


Thank you!