Geethanjali College of Engineering and Technology

(UGC AUTONOMOUS INSTITUTION)

(Accredited by NBA and NAAC with ‘A+’ grade, Approved by AICTE New Delhi and Affiliated to JNTUH)
Cheeryal (V), Keesara (M), Medchal (Dist), Telangana – 501 301.

CLOUD COMPUTING LAB

(20CS41L01)
Work Book

IV Year B.Tech.DS– I Semester

DEPARTMENT OF DATA SCIENCE

2023-2024

Lab -Incharge HOD-DS

Dr. L.Kiran Kumar Reddy

Cloud Computing Lab Page 1

 Geethanjali College of Engineering and Technology
(Autonomous)
Cheeryal (V), Keesara (M), Medchal District, Telangana State– 501 301
DEPARTMENT OF INFORMATION TECHNOLOGY

Name of the Cloud Computing Lab

(COURSE CODE: 20CS41L06 ) Programme: UG

Branch: DS Version No: 01

Year: IV Document Number : GCET/CSE/CN/16.1

Semester: I No. of Pages:98

Section: A

Classification status (Unrestricted/Restricted ) :

Distribution List:

Prepared by : Updated by :

1) Name : B.RAMAVATH 1)Name:

2) Designation: Asst.Prof 2)Designation:

3) Sign : 3) Sign :

4) Date : 18-07-2023 4) Date :

Verified by :*For Q.C only

1) Name : 1)Name :

2) Sign : 2) Sign :

3) Design : 3) Design :

4) Date : 4) Date :

Approved by (HOD) :

1) Name : Dr. L.Kiran Kumar Reddy

2) Sign : 3) Date :

Cloud Computing Lab Page 2

Geethanjali College of Engineering and Technology
(UGC AUTONOMOUS INSTITUTION)
(Accredited by NBA and NAAC with ‘A’ grade, Approved by AICTE New Delhi and Affiliated to JNTUH)
Cheeryal (V), Keesara (M), Medchal (Dist), Telangana – 501 301.

CERTIFICATE
This is to certify that Mr. / Miss ___________________________________

has satisfactorily completed________ number of experiments in the Cloud

Computing Laboratory.

Roll No: ____________ Branch: _______ Section: _____

Year: _______________ Academic Year: ______________

Head Faculty
Dept. of CSE In-charge

Internal Examiner External Examiner

Cloud Computing Lab Page 3

 LIST OF LAB EXERCISES

CLOUD COMPUTING LAB

1 Create a Virtual Machines using Open source software: VM Ware/Oracle

virtual Box.
2 Use Amazon EC2 to create a Virtual Machine.

3 Use Amazon S3 to create bucket and upload objects.

4
Install the simple Notification Service on Ubuntu.
5 Use Amazon Cloud front to create Distribution and Use Amazon Route53
to create a domain (example: .com, .in).
6
Study and Implement Cloud Security management by VPC
7 Building a “Hello world” app for the cloud by using AWS Lambda.
8 Installing and configuring python/java/PHP platform by using Google App
Engine.

Cloud Computing Lab

Additional Programs
1 Study on Cloud Security Management. CO5 PO1,PO2,PO4,
PO5,PO6,PO9,
PO11,PO12

2 Study on Elastic BeanStalk. CO4 PO1,PO2,PO4,

PO5,PO6,PO9,
PO11,PO12

Cloud Computing Lab Page 4

 VISION OF THE INSTITUTE

Geethanjali visualizes dissemination of knowledge and skills to students, who eventually

contribute to well-being of the people of the nation and global community.

MISSION OF THE INSTITUTE

o To impact adequate fundamental knowledge in all basic science and

engineering technical and Inter-Personals skills sostudents.

o To bring out creativity in students that would promote innovation, research

and entrepreneurship.

o To Preserve and promote cultural heritage, humanistic and spiritual values

promoting peace and harmony in society.

VISION OF THE DEPARTMENT

The department of Information Technology endeavors to bring out technically competent,

socially responsible technocrats through continuous improvement in teaching learning processes
and innovative research practices.

MISSIONOF THE DEPARTMENT

To be a center of excellence in instruction, innovation in research and scholarship, and service
to the stake holders, the profession, and the public.

1. To prepare graduates to enter a rapidly changing field as a competent computer science

engineer.

2. To prepare graduate capable in all phases of software development, possess a firm

understanding of hardware technologies, have the strong mathematical background
necessary for scientific computing, and be sufficiently well versed in general theory to allow
growth within the discipline as it advances.

3. To prepare graduates to assume leadership roles by possessing good communication skills,

the ability to work effectively as team members, and an appreciation for their social and
ethical responsibility in a global setting.

Cloud Computing Lab Page 1

 PROGRAM EDUCATIONAL OBJECTIVES
1. To provide graduates with a good foundation in mathematics, sciences and engineering
fundamentals required to solve engineering problems that will facilitate them to find
employment in industry and / or to pursue postgraduate studies with an appreciation for
lifelong learning.

2. To provide graduates with analytical and problem solving skills to design algorithms, other
hardware / software systems, and inculcate professional ethics, inter-personal skills to work in
a multi-cultural team.

3. To facilitate graduates to get familiarized with the art software / hardware tools, imbibing
creativity and innovation that would enable them to develop cutting-edge technologies of
multi-disciplinary nature for societal development.

PROGRAM OUTCOMES (POs)

Program Outcomes (POs) describe what students are expected to know and be able to do by the
time of graduation to accomplish Program Educational Objectives (PEOs). The Program
Outcomes for Computer Science and Engineering graduates are:
Engineering Graduates would be able to:
PO 1: Engineering knowledge: Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering
problems.

PO 2: Problem analysis: Identify, formulate, review research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of mathematics,
natural sciences, and engineering sciences.

PO 3: Design/development of solutions: Design solutions for complex engineering problems

and design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.

PO 4: Conduct investigations of complex problems: Use research-based knowledge and

research methods including design of experiments, analysis and interpretation of data, and
synthesis of the information to provide valid conclusions.

Cloud Computing Lab Page 2

PO 5: Modern tool usage: Create, select, and apply appropriate techniques, resources, and
modern engineering and IT tools including prediction and modeling to complex engineering
activities with an understanding of the limitations.

PO 6: The engineer and society: Apply reasoning informed by the contextual knowledge to
assess societal, health, safety, legal and cultural issues and the consequent responsibilities
relevant to the professional engineering practice.

PO 7: Environment and sustainability: Understand the impact of the professional engineering

solutions in societal and environmental contexts, and demonstrate the knowledge of, and need
for sustainable development.

PO 8: Ethics: Apply ethical principles and commit to professional ethics and responsibilities
and norms of the engineering practice.

PO 9: Individual and team work: Function effectively as an individual, and as a member or

leader in diverse teams, and in multidisciplinary settings.

PO 10: Communication: Communicate effectively on complex engineering activities with the

engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.

PO 11: Project management and finance: Demonstrate knowledge and understanding of the
engineering and management principles and apply these to one’s own work, as a member and
leader in a team, to manage projects and in multidisciplinary environments.

PO 12:Life-long learning: Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest context of technological change.

PROGRAM SPECIFIC OUTCOMES (PSOs)

PSO 1: To identify and define the computing requirements appropriate for its solution under
given constraints.

Cloud Computing Lab Page 3

PSO 2: To follow the best practices, namely, SEI-CMM levels and 6-sigma which varies from
time to time for software development projects using open-ended programming environments to
produce software deliverables as per customer needs.

Course Objectives and Course Outcomes

Lab Course Outcomes:

Cloud Computing Lab

Course Objectives:

Develop ability to

1. Understand different computing models.

2. Introduce various types of virtualizations and hypervisors.
3. Use and adopt Cloud Computing services and tools in their real life scenarios.
4. Explore some important cloud computing driven commercial systems such as Amazon
Web Services, Google cloud services, Microsoft Azure etc.
5. Describe the security aspects in cloud.

Course Outcomes (COs)

Upon successful completion of this course, students will be able to

CO1: Distinguish different types of Distributed Computing models and Identify different cloud
computing models and services provided by cloud providers.

CO2: Illustrate Cloud Applications and Paradigms.

CO3: Demonstrate virtualization of clusters and data centers.

CO4: Apply and design Cloud Resource Management.

CO5: Explain Storage models and security aspects of Cloud.

Mapping of Lab Course with Programme Educational Objectives

Course Course Code PEOs POs & PSOs

CLOUD 20CS32L07 - PEO1, PEO2, PO1,PO2,PO4,PO5,PO6,
COMPUTING
PEO3 PO9,PO11,PO12,PSO1,
PSO2

Cloud Computing Lab Page 4

 Mapping of Lab Course outcomes with Programme outcomes

Course Outcomes - Exp. Program Outcomes and Program Specific Outcomes

Cloud Computing No 1 2 3 4 5 6 7 8 9 10 11 12 PSO1 PSO2
(20CS32L07 )

CO1.Distinguish different
types of Distributed
Computing Models and 2,3,4,5,
Identify different cloud 2 3 1 1 3 1 2 1 - - 2 3 2 3
computing models and 6,7,8,9
services provided by
cloud providers.

CO2. Illustrate Cloud 3,8,9

Applications and
Paradigms. 3 2 2 2 3 1 2 1 - - 2 3 2 3

CO3.Demonstrate 1,2
Virtualization of clusters
and data centers. 2 3 3 2 3 1 2 1 - - 2 3 2 3

CO4. Apply and Design 2,3,4,5,

cloud Resource 8,9 2 3 2 1 3 1 2 1 - - 2 3 2 3
Management.

CO5. Explain the 2,3,4,

Storage models and 7, 10 3 3 2 2 3 3 3 1 - - 2 3 3 3
security aspects of cloud.

Cloud Computing Lab Page 5

Prerequisites:
1. Operating Systems Lab
2. Object Oriented Programming through Java Lab

INSTRUCTIONS TO THE STUDENTS:

1. Students are required to attend all labs.

2. Students should be dressed in formals when attending the laboratory sessions.
3. Students will work individually in computer laboratories.
4. While coming to the lab bring the observation book and Work book etc.
5. Before coming to the lab, prepare the pre-lab questions. Read through the lab
experiment to familiarize you.
6. Utilize 3 hours’ time properly to perform the experiment and noting down the
outputs.
7. If the experiment is not completed in the prescribed time, the pending work has to
be done in the leisure hour or extended hours.
8. You will be expected to submit the completed work book according to the
deadlines set up by your instructor.

INSTRUCTIONS TO LABORATORY TEACHERS:

1. Observation book and lab records submitted for the lab work are to be checked and
signed before the next lab session.
2. Students should be instructed to switch ON the power supply after the connections are
checked by the lab assistant / teacher.
3. The promptness of submission should be strictly insisted by awarding the marks
accordingly.
4. Ask viva questions at the end of the experiment.
5. Do not allow students who come late to the lab class.
6. Encourage the students to do the experiments innovatively.
7. Fill continuous Evaluation sheet, on regular basis.
8. Ensure that the students are dressed in formals

Cloud Computing Lab Page 6

List of exercises

1. Create Virtual machines using Open source software: VM Ware/ Oracle Virtual Box.
2. Use Amazon EC2 to create a Virtual machine.
3. Use Amazon S3 to create bucket and upload objects.
4. Install the Simple Notification Service on Ubuntu.
5. Use Amazon Cloud front to create Distribution and Use Amazon Route53 to create a domain
(example: .com, .in).
6. Study and Implement Cloud Security management by VPC.
7. Building a “Hello world” app for the cloud by using AWS Lambda
Scheme of Lab Exam Evaluation:

Evaluation of Internal Marks:

a) 15 Marks are awarded for day to day work

1) Record and Observation book --------- 5Marks

2) Attendance and behavior of student --------- 5 Marks

3) Viva and performance ----------------5 Marks

b) 15 Marks are awarded for conducting laboratory test as follows:

1) Write up and program--------5 Marks

2) Execution of Program ---------5 Marks

3) Viva and performance ----------------5 Marks

Evaluation of External Marks:

70 Marks are awarded for conducting laboratory test as follows:

1) Algorithm ------------------- 25 Marks.

2) Write up and program--------- 15 Marks

3) Execution of Program --------- 15 Marks

4) Viva ---------------------- 15 Marks

Cloud Computing Lab Page 7

PERFORMANCE INDICATOR
S.No Name of Experiment Date of Date of Marks Signature Remarks
. Exp. Submission

Cloud Computing Lab Page 8

 PERFORMANCE INDICATOR
S.No Name of Experiment Date of Date of Marks Signature Remarks
Exp. Submission

Cloud Computing Lab Page 9

 CLOUD COMPUTING LAB

Cloud Computing Lab Page 10

WEEK-1

Create a Virtual Machines using Open source software: VM Ware/Oracle virtual Box.

Objective:
Student will able to create a virtual machine using VM Ware/Oracle virtual Box.

Outcome:
Student gains the ability to launch a virtual machine using VM Ware/Oracle virtual Box.

Theory:

Virtual Box is a cross-platform virtualization application. For one thing, it installs on

your existing Intel or AMD-based computers, whether they are running Windows, Mac, Linux or
Solaris operating systems. Secondly, it extends the capabilities of your existing computer so that
it can run multiple operating systems (inside multiple virtual machines) at the same time. So, for
example, you can run Windows and Linux on your Mac, run Windows Server 2008 on your
Linux server, run Linux on your Windows PC, and so on, all alongside your existing
applications. You can install and run as many virtual machines as you like the only practical
limits are disk space and memory. Virtual Box is deceptively simple yet also very powerful. It
can run everywhere from small embedded systems or desktop class machines all the way up to
datacenter deployments and even Cloud environments.

The techniques and features that Virtual Box provides are useful for several scenarios:

Starting Virtual Box:

Cloud Computing Lab Page 11

Creating your first virtual machine:

Cloud Computing Lab Page 12

Cloud Computing Lab Page 13
Cloud Computing Lab Page 14
Running your virtual machine:

Cloud Computing Lab Page 15

Cloud Computing Lab Page 16
Cloud Computing Lab Page 17
WEEK-2
2. Use Amazon EC2 to create a Virtual Machine

Objective:
Students will able to create virtual machine by using Amazon EC2.
Outcome:
Student gains the ability to create a virtual machine using Amazon EC2.

Steps

Step 1:

Cloud Computing Lab Page 18

 Step 2:

Cloud Computing Lab Page 19

Cloud Computing Lab Page 20
Step 3: Create a Key Pair and Launch Your Instance

Cloud Computing Lab Page 21

Cloud Computing Lab Page 22
c. On the next screen, click View Instances to view the instance you have just created and see its
status.

Step 4: Connect to Your Instanc

Cloud Computing Lab Page 23

.

Cloud Computing Lab Page 24

Cloud Computing Lab Page 25
Step 5: Terminate Your Windows VM

You can easily terminate the Windows Server VM from the Amazon EC2 console. In fact, it is a
best practice to terminate instances you are no longer using so you don’t keep getting charged for
them.

a. Back on the EC2 Console, select the box next to the instance you created. Then click
the Actions button, navigate to Instante State, and click Terminate.

Cloud Computing Lab Page 26

Cloud Computing Lab Page 27
Week 3

Use Amazon S3 to create bucket and upload objects.

Objective:

Student will be able to develop java program using Amazon S3.

Outcome:

Student gains the ability to develop java program using Amazon S3.

Description:

The Java API for Amazon Web Services is provided by the AWS SDK.3

Create an S3 client. S3 access is handled by the class AmazonS3Client instantiated with the
account

credentials of the AWS user:

AmazonS3Client s3 = new AmazonS3Client(new BasicAWSCredentials("your_access_key",

"your_secret_key"));

The access and the secret keys can be found on the user’s AWS account homepage

Buckets:

An S3 bucket is analogous to a file folder or directory, and it is used to store S3 objects.

Bucket names must be globally unique, hence, it is advisable to check first to see whether the
name exists:

s3.doesBucketExist("bucket_name");

This function returns “true” if the name exists and “false” otherwise. Buckets can be created and
deletedeither directly from the AWS Management Console or programmatically as follows:

s3.createBucket("bucket_name");

s3.deleteBucket("bucket_name");

Cloud Computing Lab Page 28

S3 objects:

To upload an object in a bucket, we can use the AWS Management Console or,
programmatically,

a file local_ f ile_namecan be uploaded from the local machine to the bucket bucket_nameunder
the key keyusing

File f = new File("local_file_name");

s3.putObject("bucket_name", "key", f);

To access this object with key keyfrom the bucket bucket_nameuse:

To read this file, you must use the S3Object’s InputStream:

Batch upload/download:

Batch upload requires repeated calls of s3.putObject() while iterating over local files.

To view the keys of all objects in a specific bucket, use

Cloud Computing Lab Page 29

ObjectListing

Cloud Computing Lab Page 30

PROGRAM

Cloud Computing Lab Page 31

Cloud Computing Lab Page 32
Cloud Computing Lab Page 33
Week 4
Install the simple Notification Service on Ubuntu.

Objective:
Student will able to install simple Notification Service on Ubuntu.
Outcome:
Student gains the ability to install simple Notification Service on Ubuntu.

Description:
To install the SNS client the following steps must be taken:

1. Install Java in the root directory and then execute the commands:

Cloud Computing Lab Page 34

2. Download the SNS client, unzip the file, and change permissions:

3. Start the AWS Management Console and go to Security Credentials. Check the Access Key ID
and

the Secret Access Key and create a text file /root/credential.txt with the following content:

4. Edit the .bashrcfile and add:

Cloud Computing Lab Page 35

5. Reboot the system.

6. Enter on the command line:

sns.cmd

If the installation was successful, the list of SNS commands will be displayed.

Set Up Amazon SNS Notifications

Note

Alternatively, if you plan to create your CloudWatch alarm using the AWS Management
Console, you can skip this procedure because you can create the topic through the Create Alarm
Wizard.

Set Up an Amazon SNS Topic Using the AWS Management Console

Cloud Computing Lab Page 36

To create an SNS topic

To subscribe to an SNS topic:

Cloud Computing Lab Page 37

To publish a test message to an SNS topic

Set Up an SNS Topic Using the AWS CLI

To set up an SNS topic

Cloud Computing Lab Page 38

awssns subscribe --topic-arn arn:aws:sns:us-east-1:111122223333:my-topic --protocol
email --notification-endpoint my-email-address

awssns list-subscriptions-by-topic --topic-arn arn:aws:sns:us-east-1:111122223333:my-

topic

Cloud Computing Lab Page 39

awssns publish --message "Verification" --topic arn:aws:sns:us-east-1:111122223333:my-
topic

Cloud Computing Lab Page 40

 Week 5
Use Amazon Cloud front to create Distribution and Use Amazon Route53 to create a domain
(example: .com, .in).

Objective:

Student will be able to use other Amazon Cloud.

Outcome:
Student gains the ability about Amazon Cloud.

Configuring Amazon Route 53 to route traffic to a CloudFront distribution

To configure Amazon Route 53 to route traffic to a CloudFront distribution, perform the following
procedure.

To route traffic to a CloudFront distribution

1. Get the domain name that CloudFront assigned to your distribution and determine whether IPv6
is enabled:
a. Sign in to the AWS Management Console and open the CloudFront console at
b. in the ID column, select the linked name of the distribution that you want to route traffic to (not
the check box).
c. On the General tab, get the value of the Distribution domain name field.
d. On the General tab, in the Settings section, choose edit and scroll to check the IPv6 field to see
whether IPv6 is enabled for the distribution. If IPv6 is enabled, you'll need to create two alias
records for the distribution, one to route IPv4 traffic to the distribution, and one to route IPv6
traffic. Choose Cancel.
In the navigation pane, choose Hosted zones.
2. Choose the linked name of the hosted zone for the domain that you want to use to route traffic to
your CloudFront distribution.
3. Choose Create record.
You can use the wizard to create the records or choose Switch to quick create.
4. Specify the following values:
Routing policy
Choose the applicable routing policy..
Record name

Cloud Computing Lab Page 41

 Enter the domain name that you want to use to route traffic to your CloudFront
distribution. The default value is the name of the hosted zone.
For example, if the name of the hosted zone is example.com and you want to
use acme.example.com to route traffic to your distribution, enter acme.
Alias
If you are using the Quick create record creation method, turn on Alias.
Important
You must create an Alias record for the CloudFront distribution to work.
Value/Route traffic to
Choose Alias to CloudFront distributions. The us-east-1 Region is selected by
default. Choose the domain name that CloudFront assigned to the distribution when
you created it. This is the value that you got in step 1.
Record type
Choose A – IPv4 address.
If IPv6 is enabled for the distribution and you're creating a second record,
choose AAAA – IPv6 address.
Evaluate target health
Accept the default value of No.
5. Choose Create records.
6. If IPv6 is enabled for the distribution, repeat steps 6 through 8. Specify the same settings except
for the Record type field, as explained in step 7.

Study and Implement Cloud Security management by VPC

Verify permissions
Before you can use Amazon VPC, you must have the required permissions. For more
information, see Identity and access management for Amazon VPC and Amazon VPC policy
examples.

Cloud Computing Lab Page 42

Determine your IP address ranges
The resources in your VPC communicate with each other and with resources over the internet
using IP addresses. When you create VPCs and subnets, you can select their IP address ranges.
When you deploy resources in a subnet, such as EC2 instances, they receive IP addresses from
the IP address range of the subnet.

As you choose a size for your VPC, consider how many IP addresses you'll need across your
AWS accounts and VPCs. Ensure that the IP address ranges for your VPCs don't overlap with
the IP address ranges for your own network. If you need connectivity between multiple VPCs,
you must ensure that they have no overlapping IP addresses.

IP Address Manager (IPAM) makes it easier to plan, track, and monitor the IP addresses for

Select your Availability Zones

An AWS Region is a physical location where we cluster data centers, known as Availability
Zones. Each Availability Zone has independent power, cooling, and physical security, with
redundant power, networking, and connectivity. The Availability Zones in a Region are
physically separated by a meaningful distance, and interconnected through high-bandwidth, low-
latency networking. You can design your application to run in multiple Availability Zones to
achieve even greater fault tolerance.

Production environment

For a production environment, we recommend that you select at least two Availability Zones and
deploy your AWS resources evenly in each active Availability Zone.

Development or test environment

For a development or test environment, you might choose to save money by deploying your
resources in only one Availability Zone.

Plan your internet connectivity

Plan to divide each VPC into subnets based on your connectivity requirements. For example:

Cloud Computing Lab Page 43

 If you have web servers that will receive traffic from clients on the internet, create a subnet for
these servers in each Availability Zone.
 If you also have servers that will receive traffic only from other servers in the VPC, create a
separate subnet for these servers in each Availability Zone.
 If you have servers that will receive traffic only through a VPN connection to your network,
create a separate subnet for these servers in each Availability Zone.

 If your application will receive traffic from the internet, the VPC must have an internet
gateway. Attaching an internet gateway to a VPC does not automatically make your
instances accessible from the internet. In addition, the subnet route table must include a
route to the internet gateway, which turns the subnet from a private subnet to a public
subnet. The instances must also have a public IP address and be associated with a security
group with a rule that allows traffic from the internet over specific ports and protocols.

 Alternatively, register your instances with an internet-facing load balancer. The load
balancer receives traffic from the clients and distributes it across the registered instances
in one or more Availability Zones.

Create your VPC

After you've determined the number of VPCs and subnets that you need, what CIDR blocks to
assign to your VPCs and subnets, and how to connect your VPC to the internet, you are ready to
create your VPC. If you create your VPC using the AWS Management Console and include
public subnets in your configuration, we create a route table for the subnet and add the routes
required for direct access to the internet.

Deploy your application

After you've created your VPC, you can deploy your application.

Production environment
For a production environment, you can use one of the following services to deploy servers in
multiple Availability Zones, configure scaling so that you maintain the minimum number of
servers required by your application, and register your servers with a load balancer to distribute
traffic evenly across your servers.

Cloud Computing Lab Page 44

 Amazon EC2 Auto Scaling
 EC2 Fleet
 Amazon Elastic Container Service (Amazon ECS)
Development or test environment

For a development or test environment, you might choose to launch a single EC2 instance.

Getting started with Amazon SNS

This section helps you become more familiar with Amazon SNS by showing you how to manage
topics, subscriptions, and messages using the Amazon SNS console.

Topics

 Prerequisites
 Step 1: Create a topic
 Step 2: Create a subscription to the topic
 Step 3: Publish a message to the topic
 Step 4: Delete the subscription and topic

Prerequisites
Before you begin, complete the steps in Setting up access for Amazon SNS.

Step 1: Create a topic

1. Sign in to the Amazon SNS console.
2. In the left navigation pane, choose Topics.

Cloud Computing Lab Page 45

3. On the Topics page, choose Create topic.
4. By default, the console creates a FIFO topic. Choose Standard.
5. In the Details section, enter a Name for the topic, such as MyTopic.
6. Scroll to the end of the form and choose Create topic.
The console opens the new topic's Details page.

Step 2: Create a subscription to the topic

1. In the left navigation pane, choose Subscriptions.
2. On the Subscriptions page, choose Create subscription.
3. On the Create subscription page, choose the Topic ARN field to see a list of the topics in your
AWS account.
4. Choose the topic that you created in the previous step.
5. For Protocol, choose Email.
6. For Endpoint, enter an email address that can receive notifications.
7. Choose Create subscription.
The console opens the new subscription's Details page.
8. Check your email inbox and choose Confirm subscription in the email from AWS
Notifications. The sender ID is usually "[email protected]".
9. Amazon SNS opens your web browser and displays a subscription confirmation with your
subscription ID.

Step 3: Publish a message to the topic

1. In the left navigation pane, choose Topics.
2. On the Topics page, choose the topic that you created earlier, and then choose Publish message.
The console opens the Publish message to topic page.
3. (Optional) In the Message details section, enter a Subject, such as:

Hello from Amazon SNS!

4. In the Message body section, choose Identical payload for all delivery protocols, and then
enter a message body, such as:

Publishing a message to an SNS topic.

Cloud Computing Lab Page 46

5. Choose Publish message.
The message is published to the topic, and the console opens the topic's Details page.
6. Check your email inbox and verify that you received an email from Amazon SNS with the
published message.

Step 4: Delete the subscription and topic

1. On the navigation panel, choose Subscriptions.
2. On the Subscriptions page, choose a confirmed subscription and then choose Delete.
Note
You can't delete a pending confirmation. After 3 days, Amazon SNS deletes it automatically.
3. In the Delete subscription dialog box, choose Delete.
The subscription is deleted.
4. On the navigation panel, choose Topics.
5. On the Topics page, choose a topic and then choose Delete.
Important
When you delete a topic, you also delete all subscriptions to the topic.
6. On the Delete topic MyTopic dialog box, enter delete me and then choose Delete.
The topic is deleted.

Building a ”Hello World” app for the cloud by using AWS Lambda
Enter Lambda Console
When you click here, the AWS Management Console will open in a new browser
window, so you can keep this step-by-step guide open. In the top navigation bar, search
for Lambda and open the AWS Lambda Console.

Cloud Computing Lab Page 47

Select your Lambda Blue Print
Blueprints provide example code to do some minimal processing. Most blueprints
process events from specific event sources, such as Amazon S3, Amazon DynamoDB,
or a custom application.

a. In the AWS Lambda console, choose Create function.

Note: The console shows this page only if you do not have any Lambda functions
created. If you have created functions already, you will see the Lambda >
Functions page. On the list page, choose Create a function to go to the Create
function page.

Cloud Computing Lab Page 48

b. Select use a blueprint.
c. In the Filter box, enter hello-world-python and select the hello-world-
python blueprint.
d. Then choose Configure.

Cloud Computing Lab Page 49

 Configure and Create your Lambda Function
A Lambda function consists of code you provide, associated dependencies,
and configuration. The configuration information you provide includes the
compute resources you want to allocate (for example, memory), execution
timeout, and an IAM role that AWS Lambda can assume to execute your
Lambda function on your behalf.

a. You will now enter Basic information about your Lambda function.

Basic information:

 Name: You can name your Lambda function here. For this tutorial,
enter hello-world-python.
 Role: You will create an IAM role (referred to as the execution role) with the
necessary permissions that AWS Lambda can assume to invoke your
Lambda function on your behalf. Select Create a new role from AWS policy
templates.
 Role name: type lambda_basic_execution.

Lambda function code:

In this section, you can review the example code authored in Python.

b. Go to the bottom of the page and choose Create function.

Cloud Computing Lab Page 50

Cloud Computing Lab Page 51
 The console shows the hello-world-python Lambda function. You can now
test the function, verify results, and review the logs.

a. Select Configure Test Event from the drop-down menu called Test.

b. The editor pops up so you can enter an event to test your function.

 Select Create new event.

 Type in an event name like HelloWorldEvent.
 Retain default setting of Private for Event sharing settings.
 Choose hello-world from the template list.
 You can change the values in the sample JSON, but don’t change the
event structure. For this tutorial, replace value1 with hello, world!.

Select Create.

Cloud Computing Lab Page 52

c. Choose Test.

Cloud Computing Lab Page 53

 d. Upon successful execution, view the results in the console:

 The Execution results tab verifies that the execution succeeded.

 The Function Logs section will show the logs generated by the Lambda function
execution as well as key information reported in the Log output.

Cloud Computing Lab Page 54

Cloud Computing Lab Page 55
Cloud Computing Lab Page 56
Week 6
Study and Implement Cloud Security management by VPC

Objective

Student will able to learn about Cloud Security management.

Outcome

Student gains the ability about Cloud Security management.

Cloud Computing Lab Page 57

Cloud Computing Lab Page 58
Week 7

Building a “Hello world” app for the cloud by using AWS Lambda.

Objective

Student will able to learn about Google AWS Lambda.

Outcome

Student gains the ability about Google AWS Lambda.

Cloud Computing Lab Page 59

Cloud Computing Lab Page 60
Cloud Computing Lab Page 61
Week 8

Installing and configuring python/java/PHP platform by using Google App Engine.

Objective

Student will able to learn about Installing and configuring python/java/PHP platform by using
Google App Engine

Outcome

Student gains the ability to install and configuring python/java/PHP platform by using Google
App Engine.

App Engine standard environment

The App Engine standard environment is based on container instances running on Google's
infrastructure. Containers are preconfigured with one of several available runtimes.

The standard environment makes it easy to build and deploy an application that runs reliably
even under heavy load and with large amounts of data.

Applications run in a secure, sandboxed environment, allowing the standard environment to

distribute requests across multiple servers and scale servers to meet traffic demands. Your
application runs within its own secure, reliable environment that is independent of the hardware,
operating system, or physical location of the server.

Standard environment languages and runtimes

The standard environment supports the following languages:

Go

Java

Node.js

PHP

Python

Ruby

Instance classes

The instance class determines the amount of memory and CPU available to each instance, the
amount of free quota, and the cost per hour after your app exceeds the free quota.

Cloud Computing Lab Page 62

The memory limits vary by runtime generation. For all runtime generations, the memory limit
includes the memory your app uses along with the memory that the runtime itself needs to run
your app. The Java runtimes use more memory to run your app than other runtimes.

To override the default instance class, use the instance_class setting in your app's app.yaml file.

Second gen runtimesFirst gen runtimes

The second generation runtimes that use this specification are: Python 3, Java 11, Node.js, PHP
7, Ruby, and Go 1.12+.

Note: The Go 1.11 runtime has the same instance class specifications as the second generation runtimes.

Instance Class Memory Limit CPU Limit Supported Scaling Types

F1 (default) 384 MB 600 MHz automatic

F2 768 MB 1.2 GHz automatic

F4 1536 MB 2.4 GHz automatic

F4_1G 3072 MB 2.4 GHz automatic

B1 384 MB 600 MHz manual, basic

B2 (default) 768 MB 1.2 GHz manual, basic

B4 1536 MB 2.4 GHz manual, basic

B4_1G 3072 MB 2.4 GHz manual, basic

B8 3072 MB 4.8 GHz manual, basic

Python 3 Runtime Environment

Python 3.11 is now generally available.

The Python 3 runtime is the software stack responsible for installing your web service's code and
its dependencies and running your App Engine service.

The Python 3 runtime for App Engine in the standard environment is declared in
the app.yaml file:

Python 3.11Python 3.10Python 3.9Python 3.8Python 3.7

Cloud Computing Lab Page 63

 runtime: python311

Python 3 versions

The Python 3 runtime supports Python 2.7, Python 3.7, Python 3.8, Python 3.9, Python 3.10, and
Python 3.11 and uses the latest stable release of the version that is specified in your app.yaml file.
App Engine automatically updates to new patch release versions, but it will not automatically
update the minor version.

For example, your application might be deployed at Python 3.7.0 and later automatically updated
to Python 3.7.1, but it will not be automatically updated to the next minor version Python 3.8.0.

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how App Engine performs in real-
world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try App Engine free

The runtime's environment

App Engine runs Python 3 apps in a container secured by gVisor on an up-to-date Ubuntu Linux
distribution.

 Python 3.7, 3.8, and 3.9 run on Ubuntu 18.04

 Python 3.10 and 3.11 run on Ubuntu 22.04

Dependencies

During deployment, App Engine uses the Python package manager pip to install dependencies
defined in the requirements.txt metadata file located in your project's root directory. You do not
need to upload dependencies as App Engine performs a fresh install.

Dependency specification using the Pipfile/Pipfile.lock standard is currently not supported and
your project must not have these files present.

Application startup

The runtime starts your app by running the command you specify in the entrypoint field in
your app.yaml file. The entrypoint should start a web server that listens on the port specified by
the PORT environment variable. For example:

Cloud Computing Lab Page 64

 entrypoint:gunicorn-b :$PORT main:app

The web framework that your app uses is responsible for routing requests to the appropriate
handlers in your app.

If your app meets the following requirements, App Engine will start your app with
the gunicorn web server if you don't specify the entrypoint field:

 The root of your app directory contains a main.py file with a WSGI-compatible object called app.
 Your app does not contain Pipfile or Pipfile.lock files.

App Engine will also automatically add the gunicorn to your requirements.txt file if you don't
specify the entrypoint field.

Note: The default timeout of gunicorn is 30 seconds when the entrypoint field is specified. Workers silent
for more than this many seconds are killed and restarted. If your handler takes more than 30 seconds, you
may face [CRITICAL] WORKER TIMEOUT error. To ensure that the request successfully completes,
based on your use-case, you can use the -- timeout flag in the entrypoint field to increase the timeout.

Entrypoint best practices

 Do not include gunicorn in your requirements.txt file unless you are specifying the entrypoint.
 For the best performance, the entrypoint should be lightweight because it runs whenever a new
instance of your application is created.
 You can use the entrypoint field to tune the performance of your app. For example, if you
use gunicorn as your web server, you can use the --workers flag in the entrypoint field to configure
the number of workers serving your app.
The number of workers you specify should match the instance class of your App Engine app:

Instance class Workers

F1 2

F2 4

F4 8

F4_1G 8

B1 2

B2 4

B4 8

Cloud Computing Lab Page 65

 Instance class Workers

B4_1G 8

B8 8

This guidance serves as a starting point for selecting the number of workers. You may need to
use a different number of workers depending on your app's performance characteristics. The
example below shows an App Engine deployment that uses two gunicorn workers for serving
apps:

entrypoint:gunicorn-b :$PORT -w 2main:app

 We recommend that you configure your web server to listen and respond to HTTP requests on
the port specified by your $PORT environment variable. Using the default port 8080 prevents
App Engine from using its NGINX layer to compress HTTP responses. Note that if you use
port 8080, warnings about port 8080 and NGINX will show in your app's log files.

Other web frameworks

In addition to Django and Flask, you can use other web frameworks with App Engine, such
as uwsgi and Tornado. The following example shows how to use uwsgi with App Engine:

appengine/standard_python3/custom-server/app.yaml

View on GitHub

runtime: python39
entrypoint: uwsgi--http-socket :$PORT --wsgi-file main.py --callable app --master --processes 1 --threads 2
appengine/standard_python3/custom-server/requirements.txt

View on GitHub

uwsgi==2.0.21
flask==2.1.0

Environment variables

The following environment variables are set by the runtime:

Environment variable Description

Cloud Computing Lab Page 66

Environment variable Description

GAE_APPLICATION The ID of your App Engine application. This ID is prefixed with 'region
code~' such as 'e~' for applications deployed in Europe.

GAE_DEPLOYMENT_ID The ID of the current deployment.

GAE_ENV The App Engine environment. Set to standard.

GAE_INSTANCE The ID of the instance on which your service is currently running.

GAE_MEMORY_MB The amount of memory available to the application process, in MB.

GAE_RUNTIME The runtime specified in your app.yaml file.

GAE_SERVICE The service name specified in your app.yaml file. If no service name is
specified, it is set to default.

GAE_VERSION The current version label of your service.

GOOGLE_CLOUD_PROJECT The Google Cloud project ID associated with your application.

PORT The port that receives HTTP requests.

NODE_ENV (Only available in the Set to production when your service is deployed.
Node.js runtime)

You can define additional environment variables in your app.yaml file, but the above values
cannot be overridden, except for NODE_ENV.

HTTPS and forwarding proxies

App Engine terminates HTTPS connections at the load balancer and forwards requests to your
application. Some applications need to determine the original request IP and protocol. The user's
IP address is available in the standard X-Forwarded-For header. Applications that require this
information should configure their web framework to trust the proxy.

Filesystem

The runtime includes a full filesystem. The filesystem is read-only except for the location /tmp,
which is a virtual disk storing data in your App Engine instance's RAM.

Cloud Computing Lab Page 67

 Metadata server

Each instance of your application can use the App Engine metadata server to query information
about the instance and your project.

Note: Custom metadata is not supported in the standard environment.

You can access the metadata server through the following endpoints:

 http://metadata

 http://metadata.google.internal

Requests sent to the metadata server must include the request header Metadata-Flavor: Google.
This header indicates that the request was sent with the intention of retrieving metadata values.

The following table lists the endpoints where you can make HTTP requests for specific
metadata:

Metadata endpoint Description

/computeMetadata/v1/project/numeric-project-id The project number assigned to your project.

/computeMetadata/v1/project/project-id The project ID assigned to your project.

/computeMetadata/v1/instance/region The region the instance is running in.

/computeMetadata/v1/instance/service-
accounts/default/aliases

/computeMetadata/v1/instance/service- The default service account email assigned to your

accounts/default/email project.

/computeMetadata/v1/instance/service- Lists all the default service accounts for your project.
accounts/default/

/computeMetadata/v1/instance/service- Lists all the supported scopes for the default service
accounts/default/scopes accounts.

/computeMetadata/v1/instance/service- Returns the auth token that can be used to authenticate

accounts/default/token your application to other Google Cloud APIs.

For example, to retrieve your project ID, send a request

to http://metadata.google.internal/computeMetadata/v1/project/project-id.

Cloud Computing Lab Page 68

 Setup and requirements

Self-paced environment setup

1. Sign-in to the Google Cloud Console and create a new project or reuse an existing one. If you don't already
have a Gmail or Google Workspace account, you must create one.

 The Project name is the display name for this project's participants. It is a character string not used by Google
APIs. You can update it at any time.
 The Project ID is unique across all Google Cloud projects and is immutable (cannot be changed after it has
been set). The Cloud Console auto-generates a unique string; usually you don't care what it is. In most
codelabs, you'll need to reference the Project ID (it is typically identified as PROJECT_ID). If you don't like the
generated ID, you may generate another random one. Alternatively, you can try your own and see if it's
available. It cannot be changed after this step and will remain for the duration of the project.
 For your information, there is a third value, a Project Number which some APIs use. Learn more about all
three of these values in the documentation.

Cloud Computing Lab Page 69

 Caution: A project ID is globally unique and cannot be used by anyone else after you've
selected it. You are the only user of that ID. Even if a project is deleted, the ID can never be used
again
Note: If you're using a Gmail account, you can leave the default location set to No organization.
If you're using a Google Workspace account, then choose a location that makes sense for your
organization.
2. Next, you'll need to enable billing in the Cloud Console to use Cloud resources/APIs. Running through this
codelab shouldn't cost much, if anything at all. To shut down resources so you don't incur billing beyond this
tutorial, you can delete the resources you created or delete the whole project. New users of Google Cloud are
eligible for the $300 USD Free Trial program.

Start Cloud Shell

While Google Cloud can be operated remotely from your laptop, in this codelab you will be using Cloud Shell,
a command line environment running in the Cloud.

Activate Cloud Shell

1. From the Cloud Console, click Activate Cloud Shell .

If you've never started Cloud Shell before, you're presented with an intermediate screen (below the fold)
describing what it is. If that's the case, click Continue (and you won't ever see it again). Here's what that one-
time screen looks like:

Cloud Computing Lab Page 70

 It should only take a few moments to provision and connect to Cloud Shell.

This virtual machine is loaded with all the development tools you need. It offers a persistent 5GB home
directory and runs in Google Cloud, greatly enhancing network performance and authentication. Much, if not
all, of your work in this codelab can be done with simply a browser or your Chromebook.

Once connected to Cloud Shell, you should see that you are already authenticated and that the project is
already set to your project ID.

2. Run the following command in Cloud Shell to confirm that you are authenticated:
gcloudauth list

Command output

Credentialed Accounts
ACTIVE ACCOUNT
* <my_account>@<my_domain.com>

To set the active account, run:

$ gcloudconfig set account `ACCOUNT`
Note: The gcloud command-line tool is the powerful and unified command-line tool in Google
Cloud. It comes preinstalled in Cloud Shell. You will notice its support for tab completion. For
more information, see gcloud command-line tool overview.
3. Run the following command in Cloud Shell to confirm that the gcloud command knows about your project:
gcloudconfig list project

Command output

[core]
project = <PROJECT_ID>

If it is not, you can set it with this command:

gcloudconfig set project <PROJECT_ID>

Command output

Updated property [core/project].

Cloud Computing Lab Page 71

3. Write the web app
After Cloud Shell launches, you can use the command line to invoke the Cloud SDK gcloud command or other
tools available on the virtual machine instance. You can use your $HOME directory in persistent disk storage to
store files across projects and between Cloud Shell sessions. Your $HOME directory is private to you and
cannot be accessed by other users.

Let's get started by creating a new folder in your $HOME directory for the application:

mkdir ~/helloworld
cd ~/helloworld

Create a file named main.py:

touch main.py

Edit the file with your preferred command line editor (nano, vim, or emacs) or by clicking the Cloud Shell
Editor button:

To directly edit the file with Cloud Shell Editor, use this command:

cloudshell edit main.py

main.py
import flask

# If `entrypoint` is not defined in app.yaml, App Engine will look for an app
# called `app` in `main.py`.
app=flask.Flask(__name__)

@app.get("/")
def hello():
"""Return a friendly HTTP greeting."""

Cloud Computing Lab Page 72

 return"Hello World!\n"
if __name__ =="__main__":
# Used when running locally only. When deploying to Google App
# Engine, a webserver process such as Gunicorn will serve the app. This
# can be configured by adding an `entrypoint` to app.yaml.
app.run(host="localhost", port=8080, debug=True)

Note: This web app is a simple web service responding to HTTP GET requests with the
message Hello World!.

4. Define the dependencies

To specify the dependencies of your web app, go back to the terminal and create a requirements.txt file in the
root directory of your project, with the exact version of Flask to use:

touch requirements.txt

To edit the file with Cloud Shell Editor, use this command:

cloudshell edit requirements.txt

requirements.txt
# https://pypi.org/project/Flask
Flask==2.2.3

5. Configure the deployment

To deploy your web app to App Engine, you need an app.yaml file. This configuration file defines your web
app's settings for App Engine.

From the terminal, create and edit the app.yaml file in the root directory of your project:

touchapp.yaml

To edit the file with Cloud Shell Editor, use this command:

cloudshell edit app.yaml

app.yaml
runtime: python311

Cloud Computing Lab Page 73

6. Deploy the web app
Note: A few steps are being skipped here. In a standard development cycle, before deploying,
you would first set up a local development environment, install the same dependencies locally,
and test the app locally. See Setting up a Python development environment.

From the terminal, check the content of your directory:

ls

You must have the 3 following files:

app.yaml main.py requirements.txt

Deploy your web app with the following command:

gcloud app deploy

The first time, you need to choose a deployment region:

Please choose the region where you want your App Engine application
located:

[1] asia-east2
...
[7] australia-southeast1
[8] europe-west
[9] europe-west2
...
[12] northamerica-northeast1
[13] southamerica-east1
...
[19] us-west4
...
Please enter your numeric choice:

Confirm to launch the deployment:

Creating App Engine application in project [PROJECT_ID] and region [REGION]....done.

Services to deploy:

descriptor: [~/helloworld/app.yaml]
source: [~/helloworld]
target project: [PROJECT_ID]
target service: [default]

Cloud Computing Lab Page 74

target version: [YYYYMMDDtHHMMSS]
target url: [https://PROJECT_ID.REGION_ID.r.appspot.com]

Do you want to continue (Y/n)?

Your app gets deployed:

Beginning deployment of service [default]...

Created .gcloudignore file. See `gcloud topic gcloudignore` for details.
Uploading 3 files to Google Cloud Storage
100%
File upload done.
Updating service [default]...done.
Setting traffic split for service [default]...done.
Deployed service [default] to [https://PROJECT_ID.REGION_ID.r.appspot.com]

Your web app is now ready to respond to HTTP requests on https://PROJECT_ID.REGION_ID.r.appspot.com.

7. Test the web app

Your web app is ready to respond to HTTP requests on https://PROJECT_ID.REGION_ID.r.appspot.com.

First, retrieve your web app hostname with the gcloud app describe command:

APPENGINE_HOSTNAME=$(gcloud app describe --format "value(defaultHostname)")

Test your web app with this simple HTTP GET request:

curl https://$APPENGINE_HOSTNAME

You should get the following answer:

Hello World!
Note: Your web app can be served via a custom domain, such as example.com, instead of the
default appspot.com address. See Mapping Custom Domains.

8. Update the web app

Modify your web app by changing the hello() function body in your main.py file.

To edit the file with Cloud Shell Editor, use this command:

cloudshell edit main.py

Cloud Computing Lab Page 75

main.py
import flask
# If `entrypoint` is not defined in app.yaml, App Engine will look for an app
# called `app` in `main.py`.
app=flask.Flask(__name__)
@app.get("/")
def hello():
"""Return a friendly HTTP greeting."""
# return "Hello World!\n" # ← Replace this line
who =flask.request.args.get("who","World")
returnf"Hello {who}!\n"
if __name__ =="__main__":
# Used when running locally only. When deploying to Google App
# Engine, a webserver process such as Gunicorn will serve the app. This
# can be configured by adding an `entrypoint` to app.yaml.
app.run(host="localhost", port=8080, debug=True)

Note: Flask's request context object is used here to handle an optional parameter in the HTTP
GET request.

From the terminal, redeploy to update your web app:

gcloud app deploy --quiet

Note: The --quiet flag disables the interactive prompt, which directly launches the deployment.

The new version of your app gets deployed:

Beginning deployment of service [default]...

Uploading 1 file to Google Cloud Storage
...
Deployed service [default] to [https://PROJECT_ID.REGION_ID.r.appspot.com]
Note: The new version is transparently deployed and traffic is automatically routed to it (if
successfully deployed).

Test the new version of your web app, exactly as you did previously:

curl https://$APPENGINE_HOSTNAME

You should get the same answer:

Hello World!

Cloud Computing Lab Page 76

 ADDITIONAL PROGRAMS

Cloud Computing Lab Page 77

 1. Study on Cloud Security management

Objective

Student will able to learn the importance of cloud security management from application point of
view.

Outcome

Student gains the ability to know importance of cloud security management for different
applications.

Theory:

Cloud computing security is the set of control-based technologies and policies designed to
adhere to regulatory compliance rules and protect information, data applications and
infrastructure associated with cloud computing use. Because of the cloud's very nature as a
shared resource, identity management, privacy andaccess control are of particular concern. With
more organizations using cloud computing and associated cloud providers for data operations,
proper security in these and other potentially vulnerable areas have become a priority for
organizations contracting with a cloud computing provider.
Cloud computing security processes should address the security controls the cloud provider will
incorporate to maintain the customer's data security, privacy and compliance with necessary
regulations. The processes will also likely include a business continuity and databackup plan in
the case of a cloud security breach.

Physical security
Cloud service providers physically secure the IT hardware (servers, routers, cables etc.) against
unauthorized access, interference, theft, fires, floods etc. and ensure that essential supplies (such
as electricity) are sufficiently robust to minimize the possibility of disruption. This is normally
achieved by serving cloud applications from 'world-class' (i.e. professionally specified, designed,
constructed, managed, monitored and maintained) data centers.

Personnel security
Various information security concerns relating to the IT and other professionals associated with
cloud services are typically handled through pre-, para- and post-employment activities such as
security screening potential recruits, security awareness and training programs, proactive security
monitoring and supervision, disciplinary procedures and contractual obligations embedded in
employment contracts, service level agreements, codes of conduct, policies etc.
Cloud Computing Lab Page 78
Application security
Cloud providers ensure that applications available as a service via the cloud (SaaS) are secure by
specifying, designing, implementing, testing and maintaining appropriate application security
measures in the production environment. Note that - as with any commercial software - the
controls they implement may not necessarily fully mitigate all the risks they have identified, and
that they may not necessarily have identified all the risks that are of concern to customers.
Consequently, customers may also need to assure themselves that cloud applications are
adequately secured for their specific purposes, including their compliance obligations.

Procedure:
Security using MFA(Multi Factor Authentication) device code:
1) Goto aws.amazon.com
2) Click on "My Account"
3) Select "AWS management console" and click on it
4) Give Email id in the required field if you are registering first time then select "I am a new
user" radio button.
5) Click on "sign in using our secure server" button
6) Follow the instruction and complete the formalities
(Note: do not provide any credit card details or bank details) sign out from
7) Again goto "My Account" select "AWS management console" and click on it Sign in again
by entering the user name and valid password ( Check "I am returning user and my password is"
radio button)
Now you are logged in as a Root User
All AWS project can be viewed by you, but you can’t make any changes in it or you can’t create
new thing as you are not paying any charges to Amazon (for reason refer step:6)
To create the user in a root user follow the steps mentioned below:
1) Click on "Identity and Access Management" in security and identity project
2) Click in "Users" from dashboard
It will take you to "Create New Users"

Cloud Computing Lab Page 79

click on create new user button
enter the "User Name"
(select "Generate and access key for each user" checkbox, it will create a user with a specific
key)
click on "Create" button at right bottom
3) Once the user is created click on it
4) Goto security credentials tab
5) Click on "Create Access Key", it will create an access key for user.
6) Click on "Manage MFA device" it will give you one QR code displayed on the screen you
need to scan that QR code on your mobile phone using barcode scanner (install it in mobile
phone)you also need to install "Google Authenticator" in your mobile phone to generate the
MFA code
7) Google authenticator will keep on generating a new MFA code after every 60 seconds that
code you will have to enter while logging as a user.
Hence, the security is maintained by MFA device code...one cannot use your AWS account even
if it may have your user name and password, because MFA code is on your MFA device (mobile
phone in this case) and it is getting changed after every 60 seconds.

Permissions in user account:

After creating the user by following above mentioned steps; you can give certain permissions to
specific user
1) click on created user
2) goto "Permissions" tab
3) click on "Attach Policy" button
4) select the needed policy from given list and click on apply.

Result:

Cloud Computing Lab Page 80

Step 1 : Goto aws.amazon.com

Step 2 : Click on "My Account". Select "AWS management console" and click on it. Give Email
id in the required field

Cloud Computing Lab Page 81

Cloud Computing Lab Page 82
 Step 3: Addition of security features

Step 4: Sign in to an AWS account

Cloud Computing Lab Page 83

Step 5: Creation of users

Cloud Computing Lab Page 84

 Step 6: Adding users to group

Step 7: Creating Access key

Cloud Computing Lab Page 85

Cloud Computing Lab Page 86
 Step 8 : Setting permissions to users

Cloud Computing Lab Page 87

Cloud Computing Lab Page 88
 2. Study on Elastic Beanstalk
Objective
Student will able to learn about Elastic Beanstalk.
Outcome
Student gains the ability to learn about Elastic Beanstalk.

Description
Getting Started Using Elastic Beanstalk

The following tasks help you get started with AWS Elastic Beanstalk to create, view, deploy, and
update your application, and edit and terminate your environment. You use the AWS
Management Console, a point-and-click web-based interface, to complete these tasks.

Sections

 Step 1: Sign up for the Service

 Step 2: Create an Application
 Step 3: View Information about Your Environment
 Step 4: Deploy a New Application Version
 Step 5: Change Configuration
 Step 6: Clean Up
 Where to Go Next

Step 1: Sign up for the Service

If you're not already an AWS customer, you need to sign up. Signing up enables you to
access Elastic Beanstalk and other AWS services that you need, such as Amazon Elastic
Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and Amazon
Simple Notification Service (Amazon SNS).

To sign up for an AWS account

1. Open the Elastic Beanstalk console.

2. Follow the instructions shown.

Cloud Computing Lab Page 89

Step 2: Create an Application

Next, you create and deploy a sample application. For this step, you use a sample application that
is already prepared.

Elastic Beanstalk is free to use, but the AWS resources that it provides are live (and not running
in a sandbox). You incur the standard usage fees for these resources until you terminate them in
the last task in this tutorial. The total charges are minimal (typically less than a dollar). For
information about how you might minimize any charges, see AWS Free Tier.

To create a sample application

1. Open the Elastic Beanstalk console with this preconfigured

link: https://console.aws.amazon.com/elasticbeanstalk/home#/gettingStarted?application
Name=getting-started-app
2. Choose a platform, and then choose Create application.

To run a sample application on AWS resources, Elastic Beanstalk takes the following actions.
These take about five minutes to complete:

 Creates an Elastic Beanstalk application named getting-started-app.

 Launches an environment named GettingStartedApp-env with the following AWS
resources:

Cloud Computing Lab Page 90

o EC2 instance – An Amazon Elastic Compute Cloud (Amazon EC2) virtual machine
configured to run web apps on the platform you choose.
Each platform runs a different set of software, configuration files, and scripts to
support a specific language version, framework, web container, or combination
thereof. Most platforms use either Apache or nginx as a reverse proxy that sits in
front of your web app, forwards requests to it, serves static assets, and generates
access and error logs.
o Instance security group – An Amazon EC2 security group configured to allow ingress on
port 80. This resource lets HTTP traffic from the load balancer reach the EC2 instance
running your web app. By default, traffic is not allowed on other ports.
o Amazon S3 bucket – A storage location for your source code, logs, and other artifacts that
are created when you use Elastic Beanstalk.
o Amazon CloudWatch alarms – Two CloudWatch alarms that monitor the load on the
instances in your environment and are triggered if the load is too high or too low. When an
alarm is triggered, your Auto Scaling group scales up or down in response.
o AWS CloudFormation stack – Elastic Beanstalk uses AWS CloudFormation to launch the
resources in your environment and propagate configuration changes. The resources are
defined in a template that you can view in the AWS CloudFormation console.
o Domain name – A domain name that routes to your web app in the
formsubdomain.region.elasticbeanstalk.com.
 Creates a new application version named Sample Application, which refers to the
default Elastic Beanstalk sample application file.
 Deploys the sample application code to GettingStartedApp-env.
During the environment creation process, the console tracks its progress and displays events, as
shown.

Cloud Computing Lab Page 91

When all of the resources finish launching and the EC2 instances running the application pass
health checks, the environment's health changes to Ok and the website becomes ready for use.

Step 3: View Information about Your Environment

After you create the Elastic Beanstalk application, you can view information about the
application you deployed and its provisioned resources by going to the environment dashboard in
the AWS Management Console. The dashboard shows the health of your application's
environment, the running version, and the environment's platform version (configuration).

While Elastic Beanstalk creates your AWS resources and launches your application, the
environment is in a Pending state. Status messages about launch events are displayed in the
environment's dashboard.

If you are not currently viewing the dashboard, return to it now.

To view the dashboard

1. Open the Elastic Beanstalk console.

2. Choose GettingStartedApp-env.

Cloud Computing Lab Page 92

The dashboard shows a subset of useful information about your environment. This includes its
URL, its current health status, the name of the currently deployed application version, its five
most recent events, and the platform version (configuration) on which the application runs.

At the top right corner of the dashboard, next to the Actions menu, you can find the
environment's URL. This is the URL of the web application that the environment runs. Choose
this URL to get to the application's Congratulations page.

On the left side of the console is a navigation pane that links to other pages, which contain more
detailed information about your environment and provide access to additional features. Explore
the following pages to see the current state of your environment:

Cloud Computing Lab Page 93

  The Configuration page shows the resources provisioned for this environment, such as
Amazon EC2 instances that host your application. This page also lets you configure some
of the provisioned resources.
 The Health page shows the status and detailed health information about the EC2
instances running your application.
 The Monitoring page shows the statistics for the environment, such as average latency
and CPU utilization. You also use this page to create alarms for the metrics that you are
monitoring.
 The Events page shows any informational or error messages from services that this
environment is using.
 The Tags page shows tags — key-value pairs that are applied to resources in the
environment. You use this page to manage your environment's tags.

Step 4: Deploy a New Application Version

You can deploy a new version of your application at any time, as long as no other update
operations are currently in progress on your environment.

The application version you are running now is labeled Sample Application.

To update your application version

1. Download one of the following sample applications that match the configuration for your
environment:
 Single Container Docker – docker-singlecontainer-v1.zip
 Multicontainer Docker – docker-multicontainer-v2.zip
 Preconfigured Docker (Glassfish) – docker-glassfish-v1.zip
 Preconfigured Docker (Python 3) – docker-python-v1.zip
 Preconfigured Docker (Go) – docker-golang-v1.zip
 Go – go-v1.zip
 Java SE – java-se-jetty-gradle-v3.zip
 Tomcat (default) – java-tomcat-v3.zip
 Tomcat 7 – java7-tomcat7.zip
 .NET – dotnet-asp-v1.zip
 Node.js – nodejs-v1.zip
 PHP – php-v1.zip
 Python – python-v1.zip

Cloud Computing Lab Page 94

  Ruby (Passenger Standalone) – ruby-passenger-v3.zip
 Ruby (Puma) – ruby-puma-v3.zip
2. Open the Elastic Beanstalk console.
3. From the Elastic Beanstalk applications page, choose getting-started-app, and then
chooseGettingStartedApp-env.
4. In the Overview section, choose Upload and Deploy.
5. Select Choose File and upload the sample source bundle that you downloaded.

6. The console automatically fills in the Version label based on the name of the archive that
you uploaded. For future deployments, you must type a unique version label if you use a
source bundle with the same name.
7. Choose Deploy.

Elastic Beanstalk now deploys your file to your Amazon EC2 instances. You can view the status
of your deployment on the environment's dashboard. The Environment Health status turns gray
while the application version is updated. When the deployment is complete, Elastic Beanstalk
performs an application health check. The status returns to green when the application responds
to the health check. The environment dashboard will show the new Running Version as Sample
Application Second Version (or whatever you provided as the Version label).

Cloud Computing Lab Page 95

Your new application version is also uploaded and added to the table of application versions. To
view the table, choose My First Elastic Beanstalk Application, and then choose Application
Versions.

Step 5: Change Configuration

You can customize your environment to better suit your application. For example, if you have a
compute-intensive application, you can change the type of Amazon EC2 instance that is running
your application.

Some configuration changes are simple and happen quickly. Some changes require Elastic
Beanstalk to delete and recreate AWS resources, which can take several minutes. Elastic
Beanstalk will warn you about possible application downtime when changing configuration
settings.

In this task, you edit your environment's capacity settings. You configure a load-balanced,
automatically scaling environment that has between two and four instances in its Auto Scaling
group, and then verify that the change occurred. Two Amazon EC2 instances get created and are
associated with the environment's load balancer. These instances replace the single instance that
Elastic Beanstalk created initially.

To change your environment configuration

1. Open the Elastic Beanstalk console.

2. Navigate to the management page for your environment.
3. Choose Configuration.
4. On the Capacity configuration card, choose Modify.

5. In the Auto Scaling Group section, change Environment type to Load balanced.

Cloud Computing Lab Page 96

 6. At the Instances row, change Max to 4, and then change Min to 2.
7. At the bottom of the Modify capacity page, choose Save.
8. At the bottom of the Configuration overview page, choose Apply.
9. A warning appears. It tells you that the migration replaces all your current instances.
Choose Confirm.

The environment update might take a few minutes. When the environment is ready, you can go
to the next task to verify your changes.

To verify changes to load balancers

1. In the navigation pane, choose Events.

You will see the event successfully deployed new configuration to environment in the
events list. This confirms that the Auto Scaling minimum instance count has been set to
2. A second instance is launched automatically.

2. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

3. In the navigation pane, under LOAD BALANCING, choose Load Balancers.
4. Repeat the next two steps until you identify the load balancer with the instance name you
want.
5. Choose a load balancer in the list of load balancers.
6. Choose the Instances tab in the Load balancer: <load balancer name> pane, and then
look at the Name in the Instances table.

The information shows that two instances are associated with this load balancer,
corresponding to the increase in EC2 instances.

Cloud Computing Lab Page 97

Step 6: Clean Up

Congratulations! You have successfully deployed a sample application to the cloud, uploaded a
new version, and modified its configuration to add a second Auto Scaling instance. To ensure
that you're not charged for any services you don't need, delete any unwanted applications and
environments from Elastic Beanstalk and AWS services.

To completely delete the application

1. Delete all application versions.

a. Open the Elastic Beanstalk console.
b. From the Elastic Beanstalk applications page, choose the getting-started-
appapplication.
c. On the navigation pane, choose Application versions.
d. On the Application Versions page, select all application versions that you want
to delete, and then choose Delete.
e. Confirm the versions that you are deleting, and then choose Delete.
f. Choose Done.
2. Terminate the environment.
a. To go back to the environment dashboard, click getting-started-app, and then
clickGettingStartedApp-env.
b. Choose Actions, and then choose Terminate Environment.
c. Confirm that you are terminating GettingStartedApp-env, and then
choose Terminate.
3. Delete the getting-started-app Elastic Beanstalk application.
a. Choose Elastic Beanstalk at the upper left to return to the main dashboard.
b. From the Elastic Beanstalk applications page, choose Actions for the getting-
started-app application, and then choose Delete application.
c. Confirm that you are deleting getting-started-app, and then choose Delete.

Cloud Computing Lab Page 98