AWS Cloud

  NACL (Network Access Control List) NACL and the security group both act as a firewall . NACL is used on the Subnet level and Security Group on the instance level. Ø   NACL allows or denies ( Stateless ) specific inbound or outbound traffic at the subnet level. You can use the default network ACL for your VPC, or you can create a custom network ACL for your VPC with rules similar to the rules for your security groups to add an additional layer of security to your VPC.   Ø   Each subnet in your VPC must be associated with a network ACL. You can associate a network ACL with multiple subnets . However, a subnet can be associated with only one network ACL at a time . The previous association is removed when you associate a network ACL with a subnet.   Ø   A network ACL has inbound rules and outbound rules . Each rule can either allow or deny traffic. Each rule has a number from 1 to 32766 . evaluate the network ACL rules when traffic ente...

  VPC Endpoint VPC Endpoint issue in place of NAT gateway because when we use NAT gateway services, charges are higher as AWS charge for NAT gateway, Download and Upload data charge. VPC Endpoint is free and AWS charges nominal for services access. 1.        Create VPC 2.        Create Two subnets: one for public IP and one for private IP. 3.        Create an IGW gateway 4.        Attach IGW gateway with VPC. 5.        Create a Route Table 6.        Define the IGW gateway path in the route table. 7.          Define the path for the public subnet to go to the internet i.e. Subnet association select subnet which have public access. 8.        Create two EC2 instances: one with Public IP in one subnet and one with private IP ...

  Site-to-Site VPN Connection   For Site-to-site VPN Connection   We required one AWS site and one Client site (On-premises or on AWS but in other regions). AWS Site (Mumbai Region) 1.        Create VPC and put CIDR 10. 1 .0.0/16      - VPC > Create VPC >VPC Name (Ex: AWS_site_VPC_Mumbai) 2.        Create Subnet and put CIDR 10.1.0.0/24     - Subnet >Create Subnet > Subnet Name (Ex: AWS_site_subnet_Mumbai) 3.        Create Internet Gateways     - VPC > Internet Gateways >Name (Ex: AWS_Site_IGW_Mumbai) 4.        Attach Internet Gateways to VPC (Ex: vpc-01e23b4b87c5c2586 | AWS_Site_VPC_Mumbai ) 5.        Create Route Table    - VPC > Route Table > Create Route Table > Tag Name and Select VPC(Ex: AWS_Site_RT_Mumbai) 6.  ...

            Peering Connection 2 VPC within a Region or another region 1.     Create VPC-1 2.     Create a Subnet for VPC-1 3.     Create IGW for VPC-1 4.     Attach IGW with VPC-1 5.     Define the Route Table for VPC-1 and add Rule for IGW and Peering Connection (VPC-2) . 6.     Associate subnet with VPC-1 7.     Create EC2 Instance for VPC-1 and enable public IP 8.     Create VPC-2 9.     Create a Subnet for VPC-2 10.            Create IGW for VPC-2 11.            Attach IGW with VPC-2 12.            Define the Route Table for VPC-2 and add Rule for IGW and Peering Connection (VPC-1) . 13.       ...

  Configure custom VPC create 2 subnet one is private,  and one is  public. 1. 1 1 . Create VPC 2.    2 . Create Subnet and attach with VPC (Ex: Web-Subnet, DB-Subnet) 3.   3 . Create an Internet Gateway (Ex: igw-pTools) 4.   4 . Create a Route Table and subnet associations . 5.        Route Table-- Define the Destination point (Word Wide Access ip 0.0.0.0/0 ) 6.   5. Create EC2 Server (Ex: Web-Server, DB-Server)- During creation attach VPC and Enable or Disable public access. 7.     6. Access EC2 -Web-Server with public key 8.        For Access Web server to DB Server internally (local) 9.     7 . Create a pair key in Web-Server              [root@ip-10-0-0-160 ec2-user]# vi pTools_ Mumbai_Key.pem                               ...

                                                                 Cross Account Access of S3 1. Login into the  Root Account   URL: https://signin.aws.amazon.com/signin?redirect_uri=https%3A%2F%2Fap-northeast-1.console.aws.amazon.com%2Fconsole%2Fhome%3FhashArgs%3D%2523%26isauthcode%3Dtrue%26region%3Dap-northeast-1%26state%3DhashArgsFromTB_ap-northeast-1_bd682a7e73e1b5fc&client_id=arn%3Aaws%3Asignin%3A%3A%3Aconsole%2Fcanvas&forceMobileApp=0&code_challenge=lDm7WaCJ6pO8nxyAVOEZy424BsqTJSnoP8RoqTySBBU&code_challenge_method=SHA-256 Username: Email id Password: *********** 2. Create a Bucket and upload an object . EX: Bucket: ec2tos3bucket       Object: Hello1.jpg             Hello2.doc 3. Create User IAM Username:...

                                                       Mount EC2, Role with S3 Bucket   1. Create EC2 2. Create a Bucket 3. Create a Role   4. Attach Role with EC2  5. Run Command              yum install automake fuse fuse-devel gcc-c++ git libcurl-devel libxml2-devel make openssl-devel   6. Clone s3fs source code from git.           git clone https://github.com/s3fs-fuse/s3fs-fuse.git  7. Now change to source code directory, and compile and install the code with the following commands:            1 cd s3fs-fuse            2 ./autogen.sh            3 ./configure --prefix=/usr --with-openssl       ...