GYAN GANGA INSTITUTE OF TECHNOLOGY AND SCIENCES, JABALPUR

DEPARTMENT OF CSE- ARTIFICIAL INTELLIGENCE AND MACHINE

LEARNING

LAB MANUAL

Cloud Computing

(AL-604(A))

NAME:

ENROLLMENT NUMBER:

SESSION: 2024-25

Page 1 of 59
List of Experiment

Sr. Date of
No Experiment Perform Grade Signature Remark
. ance
Create a Linux Server in AWS EC2 and Connect to it
1 Securely

Deployment of website on Linux Server in AWS

3 EC2.

Create a Windows Server in AWS and connect to it

3 securely

Deployment Webpage on windows Server in AWS.

4
Create the web service using SOAP
5
Consume the Web Service in Web Based
6 Application in Microsoft Visual Studio

Create and manage users, security credentials

such as access keys, and permissions using AWS
7
Identity and Access Management (IAM)

Create and Manage code in S3 bucket and Deploy

8 it in EC2 Linux Server on AWS

9 Build your VPC and Launch a Web Server

Manage Scaling & Load Balance your Architecture

10
in AWS Cloud

Certificate - AWS Cloud Foundation

Page 2 of 59
 Evaluation Sheet

Student Name :

Student Roll No.:

Subject Name :

Subject Code:
Practical Record Execution & Record
Completion Result Viva Submission
(6 marks) (6 marks) (4 marks) (4 marks)
Record
Complete Record Proper Output Answer
with correct syntax 6 for all program 6 Correctly 4 submitted in 4 Total
S. time
Name of Experiment Complete Record Proper Output Answer Record not out of
No with improper 4 for some 4 Satisfactoril 2 submitted in 2 20
syntax program y time
Partially Complete Unable to Record Not
Record 2 Partial Output 2 Answer 0 Submitted 0
Output not
Incomplete Record 0 shown 0
Create a Linux Server in AWS
1 EC2 and Connect to it Securely

Deployment of website on Linux

2 Server in AWS EC2.

Create a Windows Server in

3 AWS and connect to it securely

Deployment Webpage on
4 windows Server in AWS.

Create the web service using

5 SOAP

Consume the Web Service in

6 Web Based Application in
Microsoft Visual Studio
Create and manage users,
security credentials such as
7 access keys, and permissions
using AWS Identity and Access
Management (IAM)
Create and Manage code in S3
8 bucket and Deploy it in EC2
Linux Server on AWS
Build your VPC and Launch a
9
Web Server

Manage Scaling & Load Balance

10
your Architecture in AWS Cloud

Grand Total

Marks out of 20

Page 3 of 59
 Experiment No.1
Create a Linux Server in AWS and Connect to it Securely

Lab overview and objectives

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides
resizable compute capacity in the cloud. It is designed to make web-scale cloud
computing easier for developers.

Amazon EC2's simple web service interface allows you to obtain and configure
capacity with minimal friction. It provides you with complete control of your
computing resources and lets you run on Amazon's proven computing
environment. Amazon EC2 reduces the time required to obtain and boot new
server instances to minutes, allowing you to quickly scale capacity, both up and
down, as your computing requirements change.

Amazon EC2 changes the economics of computing by allowing you to pay only for
capacity that you actually use. Amazon EC2 provides developers the tools to build
failure resilient applications and isolate themselves from common failure scenarios.

Page 4 of 59
 • Launch a web server with termination protection enabled

• Monitor Your EC2 instance

• Modify the security group that your web server is using to allow HTTP access

• Resize your Amazon EC2 instance to scale and enable stop protection

• Explore EC2 limits

• Test stop protection

• Stop your EC2 instance

Task 1: Launch Your Amazon EC2 Instance

In this task, you will launch an Amazon EC2 instance with termination protection and
stop protection. Termination protection prevents you from accidentally terminating
the EC2 instance and stop protection prevents you from accidentally stopping the
EC2 instance. You will also specify a User Data script when you launch the instance
that will deploy a simple web server.

4. In the AWS Management Console choose Services, choose Compute and

then choose EC2.

Note: Verify that your EC2 console is currently managing resources in the N.
Virginia (us-east-1) region. You can verify this by looking at the drop down
menu at the top of the screen, to the left of your username. If it does not
already indicate N. Virginia, choose the N. Virginia region from the region
menu before proceeding to the next step.

5. Choose the Launch instance menu and select Launch instance.

Step 1: Name and tags

6. Give the instance the name Web Server .

The Name you give this instance will be stored as a tag. Tags enable you to
categorize your AWS resources in different ways, for example, by purpose,

Page 5 of 59
 owner, or environment. This is useful when you have many resources of the
same type — you can quickly identify a specific resource based on the tags
you have assigned to it. Each tag consists of a Key and a Value, both of which
you define. You can define multiple tags to associate with the instance if you
want to.

In this case, the tag that will be created will consist of a key called Name with a
value of Web Server

Step 2: Application and OS Images (Amazon

Machine Image)
7. In the list of available Quick Start AMIs, keep the default Amazon Linux AMI
selected.
8. Also keep the default Amazon Linux 2023 AMI selected.

An Amazon Machine Image (AMI) provides the information required to

launch an instance, which is a virtual server in the cloud. An AMI includes:

o A template for the root volume for the instance (for example, an
operating system or an application server with applications)
o Launch permissions that control which AWS accounts can use the AMI
to launch instances
o A block device mapping that specifies the volumes to attach to the
instance when it is launched

The Quick Start list contains the most commonly-used AMIs. You can also
create your own AMI or select an AMI from the AWS Marketplace, an online
store where you can sell or buy software that runs on AWS.

Step 3: Instance type

9. In the Instance type panel, keep the default t2.micro selected.

Amazon EC2 provides a wide selection of instance types optimized to fit

different use cases. Instance types comprise varying combinations of CPU,
memory, storage, and networking capacity and give you the flexibility to
choose the appropriate mix of resources for your applications. Each instance

Page 6 of 59
 type includes one or more instance sizes, allowing you to scale your resources
to the requirements of your target workload.

The t2.micro instance type has 1 virtual CPU and 1 GiB of memory.

Step 4: Key pair (login)

10. For Key pair name - required, choose vockey.

Amazon EC2 uses public–key cryptography to encrypt and decrypt login

information. To ensure you will be able to log in to the guest OS of the
instance you create, you identify an existing key pair or create a new key pair
when launching the instance. Amazon EC2 then installs the key on the guest
OS when the instance is launched. That way, when you attempt to login to
the instance and you provide the private key, you will be authorized to
connect to the instance.

Step 5: Network settings

11. Next to Network settings, choose Edit.
12. For VPC, select Lab VPC.

The Lab VPC was created using an AWS CloudFormation template during the
setup process of your lab. This VPC includes two public subnets in two
different Availability Zones.

Note: Keep the default subnet PublicSubnet1. This is the subnet in which
the instance will run. Notice also that by default, the instance will be assigned
a public IP address.

13. Under Firewall (security groups), choose Create security group and
configure:
o Security group name: Web Server security group
o Description: Security group for my web server

A security group acts as a virtual firewall that controls the traffic for one
or more instances. When you launch an instance, you associate one or
more security groups with the instance. You add rules to each security
group that allow traffic to or from its associated instances. You can
modify the rules for a security group at any time; the new rules are

Page 7 of 59
 automatically applied to all instances that are associated with the
security group.

o Under Inbound security group rules, notice that one rule exists.
Remove this rule.

Step 6: Configure storage

14. In the Configure storage section, keep the default settings.

Amazon EC2 stores data on a network-attached virtual disk called Elastic

Block Store.

You will launch the Amazon EC2 instance using a default 8 GiB disk volume.
This will be your root volume (also known as a 'boot' volume).

Step 7: Advanced details

15. Expand Advanced details.
16. For Termination protection, select Enable.

When an Amazon EC2 instance is no longer required, it can be terminated,

which means that the instance is deleted and its resources are released. A
terminated instance cannot be accessed again and the data that was on it
cannot be recovered. If you want to prevent the instance from being
accidentally terminated, you can enable termination protection for the
instance, which prevents it from being terminated as long as this setting
remains enabled.

17. Scroll to the bottom of the page and then copy and paste the code shown
below into the User data box:

#!/bin/bash
dnf install -y httpd
systemctl enable httpd
systemctl start httpd
echo '<html><h1>Hello From Your Web Server!</h1></html>' > /var/www/html/index.html
Step 8: Launch the instance

18. At the bottom of the Summary panel choose Launch instance

19. Choose View all instances

Page 8 of 59
 o In the Instances list, select Web Server.

o Review the information displayed in the Details tab. It includes

information about the instance type, security settings and network
settings.

The instance is assigned a Public IPv4 DNS that you can use to contact the instance
from the Internet.

To view more information, drag the window divider upwards.

At first, the instance will appear in a Pending state, which means it is being
launched. It will then change to Initializing, and finally to Running.

20. Wait for your instance to display the following:

o Instance State: Running

o Status Checks: 2/2 checks passed

2: Monitor Your Instance

Monitoring is an important part of maintaining the reliability, availability, and
performance of your Amazon Elastic Compute Cloud (Amazon EC2) instances and
your AWS solutions.

21. Choose the Status checks tab.

With instance status monitoring, you can quickly determine whether Amazon
EC2 has detected any problems that might prevent your instances from
running applications. Amazon EC2 performs automated checks on every
running EC2 instance to identify hardware and software issues.

Notice that both the System reachability and Instance reachability checks
have passed.

22. Choose the Monitoring tab.

This tab displays Amazon CloudWatch metrics for your instance. Currently,
there are not many metrics to display because the instance was recently
launched.

Page 9 of 59
 You can choose the three dots icon in any graph and select Enlarge to see an
expanded view of the chosen metric.

Amazon EC2 sends metrics to Amazon CloudWatch for your EC2 instances.
Basic (five-minute) monitoring is enabled by default. You can also enable
detailed (one-minute) monitoring.

23. In the Actions menu towards the top of the console, select Monitor and
troubleshoot Get system log.

The System Log displays the console output of the instance, which is a
valuable tool for problem diagnosis. It is especially useful for troubleshooting
kernel problems and service configuration issues that could cause an
instance to terminate or become unreachable before its SSH daemon can be
started. If you do not see a system log, wait a few minutes and then try
again.

24. Scroll through the output and note that the HTTP package was installed from

the user data that you added when you created the instance.
25. Choose Cancel.
26. Ensure Web Server is still selected. Then, in the Actions menu, select
Monitor and troubleshoot Get instance screenshot.
27. Choose Cancel.

Congratulations! You have explored several ways to monitor your instance.

Task 3: Update Your Security Group and

Access the Web Server
When you launched the EC2 instance, you provided a script that installed a web
server and created a simple web page. In this task, you will access content from the
web server.

28. Ensure Web Server is still selected. Choose the Details tab.
29. Copy the Public IPv4 address of your instance to your clipboard.
30. Open a new tab in your web browser, paste the IP address you just copied,
then press Enter.
31. Keep the browser tab open, but return to the EC2 Console tab.
Page 10 of 59
 32. In the left navigation pane, choose Security Groups.
33. Select Web Server security group.
34. Choose the Inbound rules tab.

The security group currently has no inbound rules.

35. Choose Edit inbound rules , select Add rule and then configure:
o Type: HTTP
o Source: Anywhere-IPv4
o Choose Save rules
36. Return to the web server tab that you previously opened and refresh the
page.

You should see the message Hello From Your Web Server!

Task 4: Resize Your Instance: Instance Type

and EBS Volume
As your needs change, you might find that your instance is over-utilized (too small)
or under-utilized (too large). If so, you can change the instance type. For example, if
a t2.micro instance is too small for its workload, you can change it to an m5.medium
instance. Similarly, you can change the size of a disk.

Stop Your Instance

Before you can resize an instance, you must stop it.

When you stop an instance, it is shut down. There is no runtime charge for a
stopped EC2 instance, but the storage charge for attached Amazon EBS volumes
remains.

37. On the EC2 Management Console, in the left navigation pane, choose
Instances and then select the Web Server instance.
38. In the Instance state menu, select Stop instance.
39. Choose Stop

Your instance will perform a normal shutdown and then will stop running.

Page 11 of 59
 40. Wait for the Instance state to display: Stopped.

Change The Instance Type and enable stop

protection
41. Select the Web Server instance, then in the Actions menu, select Instance
settings Change instance type, then configure:
o Instance Type: t2.small
o Choose Apply

When the instance is started again it will run as a t2.small, which has
twice as much memory as a t2.micro instance. NOTE: You may be
restricted from using other instance types in this lab.

42. Select the Web Server instance, then in the Actions menu , select Instance
settings Change stop protection. Select Enable and then Save the change.

When you stop an instance, the instance shuts down. When you later start
the instance, it is typically migrated to a new underlying host computer and
assigned a new public IPv4 address. An instance retains its assigned private
IPv4 address. When you stop an instance, it is not deleted. Any EBS volumes
and the data on those volumes are retained.

Resize the EBS Volume

43. With the Web Server instance still selected, choose the Storage tab, select
the name of the Volume ID, then select the checkbox next to the volume that
displays.
44. In the Actions menu , select Modify volume.

The disk volume currently has a size of 8 GiB. You will now increase the size
of this disk.

45. Change the size to: 10 NOTE: You may be restricted from creating Amazon
EBS volumes larger than 10 GB in this lab.
46. Choose Modify
47. Choose Modify again to confirm and increase the size of the volume.

Page 12 of 59
 Experiment No.2
Deployment of website on Linux Server in AWS.

Start the Resized Instance

1. You will now start the instance again, which will now have more memory and
more disk space.
2. In left navigation pane, choose Instances.
3. Select the Web Server instance.
4. In the Instance state menu, select Start instance.

Congratulations! You have successfully resized your Amazon EC2 Instance.

In this task you changed your instance type from t2.micro to t2.small. You
also modified your root disk volume from 8 GiB to 10 GiB.

Explore EC2 Limits

Amazon EC2 provides different resources that you can use. These resources include
images, instances, volumes, and snapshots. When you create an AWS account,
there are default limits on these resources on a per-region basis.

In the AWS Management Console, in the search box next to Services, search for
and choose Service Quotas

1. Choose AWS services from the navigation menu and then in the AWS
services Find services search bar, search for ec2 and choose Amazon Elastic
Compute Cloud (Amazon EC2).
2. In the Find quotas search bar, search for running on-demand , but do not
make a selection. Instead, observe the filtered list of service quotas that
match the criteria.

Notice that there are limits on the number and types of instances that can
run in a region. For example, there is a limit on the number of Running On-
Demand Standard... instances that you can launch in this region. When
launching instances, the request must not cause your usage to exceed the
instance limits currently defined in that region.

Page 13 of 59
Task 6: Test Stop Protection
You can stop your instance when you do not need to access but you would still like
to retain it. In this task, you will learn how to use stop protection.

1. In the AWS Management Console, in the search box next to Services, search
for and choose EC2 to return to the EC2 console.
2. In left navigation pane, choose Instances.
3. Select the Web Server instance and in the Instance state menu, select Stop
instance.
4. Then choose Stop
a. Note that there is a message that says: Failed to stop the instance i-
1234567xxx. The instance 'i-1234567xxx' may not be stopped. Modify its
'disableApiStop' instance attribute and try again.
b. This shows that the stop protection that you enabled earlier in this lab
is now providing a safeguard to prevent the accidental stopping of an
instance. If you really want to stop the instance, you will need to
disable the stop protection.
5. In the Actions menu, select Instance settings Change stop protection.
6. Remove the check next to Enable.
7. Choose Save
a. You can now stop the instance.
8. Select the Web Server instance again and in the Instance state menu,
select Stop instance.
9. Choose Stop
10. After creating the instances
11. Goto EC2 and create linux instance
12. use following commands to deploy your code
sudo su -

yum update -y

yum install -y httpd

systemctl status httpd

systemctl enable httpd

systemctl start httpd

Page 14 of 59
 mkdir temp

cd temp

wget URL of Website (https://www.free-css.com/assets/files...)

unzip filename.zip (filename of your zip file)

mv * /var/www/html (Now move all your files from temp folder to root directory)

ls -lrt (to check files are moved from temp to root directory)

Copy public ip of your instance in URL to check your code is deployed in EC2.

Page 15 of 59
 Experiment No.3

Create a Windows Server in AWS and connect to it securely

Lab overview and objectives

• AWS account
• IAM user with EC2 permissions
• Key pair for RDP access

Step 1: Launch a Windows Server EC2 Instance

1. Log in to the AWS Console

Navigate to https://console.aws.amazon.com

2. Open the EC2 Dashboard

From the Services menu, choose EC2.

3. Launch Instance

o Click “Launch instance”

o Name the instance (e.g., Windows-Server-2022)

o Choose AMI:

1. Select Microsoft Windows Server 2022 Base (or desired version)

o Instance type:

1. e.g., t2.medium (minimum 2 GB RAM is recommended for

Windows)

o Key pair:

1. Choose existing or create a new key pair (used for decrypting

the admin password)

o Network settings:

1. Enable Auto-assign Public IP

2. Open port 3389 (RDP) only from your IP address (for security)

o Storage: Accept default (e.g., 30 GB gp2)

Page 16 of 59
 4. Launch instance

5. 🔑 Step 2: Connect to the Windows Server via RDP

6. Wait for the instance to be in “running” state.

7. Get Windows password:

o Select your instance → Click “Connect”

o Go to the RDP client tab

o Click “Get Password”

o Upload the .pem file from your key pair

o Click Decrypt Password

o Copy the username (usually Administrator) and decrypted password

8. Connect with RDP:

o Open Remote Desktop Connection (Windows) or use Microsoft

Remote Desktop (Mac/Linux)

o Hostname: Use the Public IPv4 DNS or IP

o Username: Administrator

o Password: Decrypted password from above

9. 🔐 Step 3: Secure the Instance

1. Restrict RDP (Port 3389):

o In Security Groups, edit inbound rules:

▪ Ensure port 3389 is only open to your IP

▪ Remove 0.0.0.0/0 unless temporarily needed

2. Enable Windows Firewall & Antivirus:

Page 17 of 59
 o Check firewall is enabled on the Windows Server

o Install and update antivirus/antimalware tools (e.g., Windows

Defender)

3. Regular maintenance:

o Apply Windows updates

o Enable CloudWatch for monitoring

o Take regular snapshots/backups

Page 18 of 59
 Experiment No.4
Deployment Webpage on windows Server in AWS.

Lab overview and objectives

• A running Windows Server EC2 instance (followed from earlier steps)

• RDP access
• A basic HTML file (e.g., index.html)

1. 🧰 Install IIS (Internet Information Services)

o Connect to your Windows Server via Remote Desktop.

o Open Server Manager.

o Click "Add roles and features".

o Proceed through the wizard:

o Choose "Role-based or feature-based installation"

o Select your local server

o Under Server Roles, check “Web Server (IIS)”

o Add required features when prompted

o Click Next → Complete the wizard and click Install.

o After installation, verify IIS is running:

o Open a browser on the server and go to http://localhost

o You should see the default IIS welcome page

2. 📁 Deploy Your Webpage

o Locate the web root folder:

o Default path: C:\inetpub\wwwroot

o Upload your website files:

Page 19 of 59
 o Copy your index.html (and other files like images, CSS, etc.) into
C:\inetpub\wwwroot

o Replace or rename the default iisstart.html

o Test the site locally:

o In the browser on the server: go to http://localhost

o You should see your custom webpage

3. 🔓 Configure Security Group for Public Access

o Go to the AWS EC2 Console

o Select your instance → Click Security → Security Groups

o Edit Inbound Rules:

o Add rule:

o Type: HTTP

o Port: 80

o Source: 0.0.0.0/0 (or restrict to your IP for testing)

o Save rules

4. 🌍 Access Webpage from Browser

o Open a browser on your local machine

o Enter:

o cpp

o CopyEdit

o http://<Public-IP-of-EC2-instance>

o Your webpage should load!

Page 20 of 59
 Experiment No.5
Create the web service using SOAP

Lab overview and objectives

What is a Web service?

I hope you know the meaning of web service before you execute the demo. A web
service is nothing but a software application that runs on the web having some
exposed web methods that other applications can use over HTTP/ HTTPS protocols
using technologies such as XML, SOAP, WSDL, and UDDI. Here in this demo, we will
create one such web service and we will try to use its web methods. We will do all of
this in a single web project but you can try it in different projects on the same
machines as well as different projects on different machines. It should work.

Step 1. Click on File >> New >> Project as given below.

Once you click on Project, you will see the following pop-up window.

Page 21 of 59
Step 2. Here, choose ASP.NET Web Application (.NET Framework) and give it a name
as I have given - WebServiceProject. Click on OK.

Select the Empty template.

It creates a solution having the following solution structure.

Right-click the project.

Page 22 of 59
Step 3. Once you click on the New Item, choose Web Service and give it a name as
given below.

Page 23 of 59
Step 4. Now, write the following code in WebService.asmx file.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
namespace WebServiceProject
{
/// <summary>
/// Summary description for WebService
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]

Page 24 of 59
 // To allow this Web Service to be called from script, using ASP.NET AJAX,
uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class WebService : System.Web.Services.WebService
{
[WebMethod]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
public int Add(List<int> listInt)
{
int result = 0;
for (int i = 0; i < listInt.Count; i++)
{
result = result + listInt[i];
}
return result;
}
}
}
Here, WebMethod HelloWorld comes by default when you create a web service.
You can change its implementation if you want. We have implemented another
method that can take a list of integers as input and will give you some of all the lists
of integers given as input.

Now, if you run this project and point the URL to WebService.asmx, then you will
get the following result, which indicates that your web service has been created.

Page 25 of 59
 Now you can find all the descriptions of services written on this page having
the list of methods which are available via this web service. You can also see the
service description to get a better picture. If you will click methods, then you will see
its soap request response structures and for simple generic methods, you will also
see an option to invoke methods.

Page 26 of 59
 Experiment No.6
Consume the Web Service in Web Based Application in Microsoft Visual Studio

Lab overview and objectives

How to consume this Web service?

There are multiple ways to do that. We will here try to use it via a web reference
method. We will add a Web reference for this service in our project for
consumption.

How to add web service references to the Project?

To add a Web reference of this service in the project, right-click on the project and
click "Add Service Reference". Once you do that you will see the following popup
window.

So here we have entered the path to the web service and once you click on Go you
will see the service structure like this. You can also see methods exposed by clicking
on Web Service over here. Just give it a namespace name that you want to use. For

Page 27 of 59
us, we are using ServiceReference1. Click OK and it will add a service reference of
this web service in your project.

How to use this web service?

For this, I will add a webform page to our project. Here I have added WebForm.aspx
having a button and a label. What I want to do here is on click of a button in this
webform I should get the sum of an integer list using our web service method. So
the code looks like below in WebForm.aspx.

<%@ Page Language="C#" AutoEventWireup="true"

CodeBehind="WebForm.aspx.cs" Inherits="WebServiceProject.WebForm" %>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Button ID="Button1" runat="server" Text="Button" OnClick="Button1_Click" style="height:
26px" />
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</div>
</form>
</body>
</html>
In WebForm.aspx.cs, I have written a handler like this.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using WebServiceProject.ServiceReference1;
namespace WebServiceProject
{
public partial class WebForm : System.Web.UI.Page
{

Page 28 of 59
 protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
WebService webService = new WebService();
List<int> lstIntegers = new List<int> { 5, 6, 7 };
Label1.Text = "Output of WebService: " + webService.Add(lstIntegers).ToString();
} }}
So now, if you run this project and point to this webform, you will get the sum of all
these hardcoded 3 integers' lists using the Add method. The output of this comes
as below after clicking the button on the page.

Page 29 of 59
 Experiment No.7

Create and manage users, security credentials such as access keys, and
permissions using AWS Identity and Access Management (IAM)

Lab overview and objectives

Lab 1: Introduction to AWS IAM

AWS Identity and Access Management (IAM) is a web service that enables
Amazon Web Services (AWS) customers to manage users and user permissions in
AWS. With IAM, you can centrally manage users, security credentials such as
access keys, and permissions that control which AWS resources users can access.

Lab overview and objectives

• Exploring pre-created IAM Users and Groups

• Inspecting IAM policies as applied to the pre-created groups
• Following a real-world scenario, adding users to groups with specific
capabilities enabled
• Locating and using the IAM sign-in URL
• Experimenting with the effects of policies on service access

Page 30 of 59
AWS Identity and Access Management
AWS Identity and Access Management (IAM) can be used to:

• Manage IAM Users and their access: You can create Users and assign them
individual security credentials (access keys, passwords, and multi-factor
authentication devices). You can manage permissions to control which
operations a User can perform.
• Manage IAM Roles and their permissions: An IAM Role is similar to a User,
in that it is an AWS identity with permission policies that determine what the
identity can and cannot do in AWS. However, instead of being uniquely
associated with one person, a Role is intended to be assumable by anyone
who needs it.
• Manage federated users and their permissions: You can enable identity
federation to allow existing users in your enterprise to access the AWS
Management Console, to call AWS APIs and to access resources, without the
need to create an IAM User for each identity.

Accessing the AWS Management Console

1. At the top of these instructions, choose Start Lab.
o The lab session starts.
o A timer displays at the top of the page and shows the time remaining
in the session.

Tip: To refresh the session length at any time, choose Start Lab again
before the timer reaches 0:00.

o Before you continue, wait until the circle icon to the right of the AWS
link in the upper-left corner turns green.

2. To connect to the AWS Management Console, choose the AWS link in the
upper-left corner.
o A new browser tab opens and connects you to the console.

Tip: If a new browser tab does not open, a banner or icon is usually at
the top of your browser with the message that your browser is
preventing the site from opening pop-up windows. Choose the banner
or icon, and then choose Allow pop-ups.

Page 31 of 59
 3. Arrange the AWS Management Console tab so that it displays along side
these instructions. Ideally, you will be able to see both browser tabs at the
same time, to make it easier to follow the lab steps.

Task 1: Explore the Users and Groups

In this task, you will explore the Users and Groups that have already been created
for you in IAM.

4. In the search box to the right of Services, search for and choose IAM to open
the IAM console.
5. In the navigation pane on the left, choose Users.

The following IAM Users have been created for you:

user-1
o
o user-2
o user-3
6. Choose the user-1 link.

This will bring to a summary page for user-1. The Permissions tab will be
displayed.

Notice that user-1 does not have any permissions.

7. Choose the Groups tab.

user-1 also is not a member of any groups.

8. Choose the Security credentials tab.

user-1 is assigned a Console password.

9. In the navigation pane on the left, choose User groups.

The following groups have already been created for you:

o EC2-Admin
o EC2-Support

Page 32 of 59
 oS3-Support
10. Choose the EC2-Support group link.

This will bring you to the summary page for the EC2-Support group.

11. Choose the Permissions tab.

This group has a Managed Policy associated with it, called

AmazonEC2ReadOnlyAccess. Managed Policies are pre-built policies (built
either by AWS or by your administrators) that can be attached to IAM Users
and Groups. When the policy is updated, the changes to the policy are
immediately apply against all Users and Groups that are attached to the
policy.

13. Choose the plus (+) icon next to the AmazonEC2ReadOnlyAccess policy to
view the policy details.

The basic structure of the statements in an IAM Policy is:

oEffect says whether to Allow or Deny the permissions.

o Action specifies the API calls that can be made against an AWS Service
(eg cloudwatch:ListMetrics).
o Resource defines the scope of entities covered by the policy rule (eg a
specific Amazon S3 bucket or Amazon EC2 instance, or * which means
any resource).
14. Choose the minus icon (-) to hide the policy details.

15. In the navigation pane on the left, choose User groups.

16. Choose the S3-Support group link and then choose the Permissions tab.

The S3-Support group has the AmazonS3ReadOnlyAccess policy attached.

17. Choose the plus (+) icon to view the policy details.

This policy grants permissions to Get and List resources in Amazon S3.

18. Choose the minus icon (-) to hide the policy details.

19. In the navigation pane on the left, choose User groups.

Page 33 of 59
 20. Choose the EC2-Admin group link and then choose the Permissions tab.

This Group is slightly different from the other two. Instead of a Managed
Policy, it has an Inline Policy, which is a policy assigned to just one User or
Group. Inline Policies are typically used to apply permissions for one-off
situations.

21. Choose the plus (+) icon to view the policy details.

This policy grants permission to view (Describe) information about Amazon

EC2 and also the ability to Start and Stop instances.

22. Choose the minus icon (-) to hide the policy details.

You wish to give access to new staff depending upon their job function:

User In Group Permissions

user-1 S3-Support Read-Only access to Amazon S3
user-2 EC2-Support Read-Only access to Amazon EC2
user-3 EC2-Admin View, Start and Stop Amazon EC2 instances

Task 2: Add Users to Groups

You have recently hired user-1 into a role where they will provide support for
Amazon S3. You will add them to the S3-Support group so that they inherit the
necessary permissions via the attached AmazonS3ReadOnlyAccess policy.

Add user-1 to the S3-Support Group

23. In the left navigation pane, choose User groups.
24. Choose the S3-Support group link.
25. Choose the Users tab.
26. In the Users tab, choose Add users.
27. In the Add Users to S3-Support window, configure the following:
o Select user-1.
o At the bottom of the screen, choose Add users.

In the Users tab you will see that user-1 has been added to the group.

Page 34 of 59
Add user-2 to the EC2-Support Group
You have hired user-2 into a role where they will provide support for Amazon EC2.

28. Using similar steps to the ones above, add user-2 to the EC2-Support group.

user-2 should now be part of the EC2-Support group.

Add user-3 to the EC2-Admin Group

You have hired user-3 as your Amazon EC2 administrator, who manage your EC2
instances.

29. Using similar steps to the ones above, add user-3 to the EC2-Admin group.

user-3 should now be part of the EC2-Admin group.

30. In the navigation pane on the left, choose User groups.

Each Group should now have a 1 in the Users column, indicating the number
of Users in each Group.

If you do not have a 1 beside each group, revisit the above instructions above
to ensure that each user is assigned to a User group, as shown in the table in
the Business Scenario section.

Task 3: Sign-In and Test Users

In this task, you will test the permissions of each IAM User.

31. In the navigation pane on the left, choose Dashboard.

A Sign-in URL for IAM users in this account link is displayed on the right. It
will look similar to: https://123456789012.signin.aws.amazon.com/console

This link can be used to sign-in to the AWS Account you are currently using.

32. Copy the Sign-in URL for IAM users in this account to a text editor.
33. Open a private (Incognito) window.

Page 35 of 59
 Mozilla Firefox

o Choose the menu bars at the top-right of the screen

o Select New private window

Google Chrome

o Choose the ellipsis at the top-right of the screen

o Select New Incognito Window

Microsoft Edge

o Choose the ellipsis at the top-right of the screen

o Choose New InPrivate window

Microsoft Internet Explorer

o Choose the Tools menu option

o Choose InPrivate Browsing
34. Paste the IAM users sign-in link into the address bar of your private browser
session and press Enter.

Next, you will sign-in as user-1, who has been hired as your Amazon S3
storage support staff.

35. Sign-in with:

o IAM user name: user-1
o Password: Lab-Password1
36. In the search box to the right of Services, search for and choose S3 to open
the S3 console.
37. Choose the name of the bucket that exists in the account and browse the
contents.

Since your user is part of the S3-Support Group in IAM, they have permission
to view a list of Amazon S3 buckets and the contents.

Note: The bucket does not contain any objects.

Now, test whether they have access to Amazon EC2.

Page 36 of 59
 38. In the search box to the right of Services, search for and choose EC2 to open
the EC2 console.
39. In the left navigation pane, choose Instances.

You cannot see any instances. Instead, you see a message that states You are
not authorized to perform this operation. This is because this user has not
been granted any permissions to access Amazon EC2.

You will now sign-in as user-2, who has been hired as your Amazon EC2
support person.

40. Sign user-1 out of the AWS Management Console by completing the
following actions:
o At the top of the screen, choose user-1
o Choose Sign Out

41. Paste the IAM users sign-in link into your private browser tab's address bar
and press Enter.

Note: This link should be in your text editor.

42. Sign-in with:

o IAM user name: user-2
o Password: Lab-Password2
43. In the search box to the right of Services, search for and choose EC2 to open
the EC2 console.
44. In the navigation pane on the left, choose Instances.

Page 37 of 59
 You are now able to see an Amazon EC2 instance because you have Read
Only permissions. However, you will not be able to make any changes to
Amazon EC2 resources.

If you cannot see an Amazon EC2 instance, then your Region may be
incorrect. In the top-right of the screen, pull-down the Region menu and
select the region that you noted at the start of the lab (for example, N.
Virginia).

o Select the instance named LabHost.

45. In the Instance state menu above, select Stop instance.
46. In the Stop Instance window, select Stop.
47. Choose the X to close the Failed to stop the instance message.

Next, check if user-2 can access Amazon S3.

48. In the search box to the right of Services, search for and choose S3 to open
the S3 console.

You will see the message You don't have permissions to list buckets
because user-2 does not have permission to access Amazon S3.

You will now sign-in as user-3, who has been hired as your Amazon EC2
administrator.

49. Sign user-2 out of the AWS Management Console by completing the
following actions:
o At the top of the screen, choose user-2
o Choose Sign Out

Page 38 of 59
 50. Paste the IAM users sign-in link into your private window and press Enter.
51. Paste the sign-in link into the address bar of your private web browser tab
again. If it is not in your clipboard, retrieve it from the text editor where you
stored it earlier.
52. Sign-in with:
o IAM user name: user-3
o Password: Lab-Password3
53. In the search box to the right of Services, search for and choose EC2 to open
the EC2 console.
54. In the navigation pane on the left, choose Instances.

As an EC2 Administrator, you should now have permissions to Stop the

Amazon EC2 instance.

Select the instance named LabHost .

If you cannot see an Amazon EC2 instance, then your Region may be
incorrect. In the top-right of the screen, pull-down the Region menu and
select the region that you noted at the start of the lab (for example, N.
Virginia).

55. In the Instance state menu, choose Stop instance.

56. In the Stop instance window, choose Stop.

The instance will enter the stopping state and will shutdown.

57. Close your private browser window.

Page 39 of 59
 Experiment No.8

Create and Manage code in S3 bucket and Deploy it in EC2 Linux Server on
AWS

Lab overview and objectives

Step1 - Firstly Create S3 bucket put your code in S3 bucket and copy the URL.

Step2- Goto EC2 and create linux instance

Step 3- use following commands to deploy your code

1. sudo su -

2. yum update -y

3. yum install -y httpd

4. systemctl status httpd

5. systemctl enable httpd

6. systemctl start httpd

7. mkdir temp

8. cd temp

9. wget URL of S3 (https://www.free-css.com/assets/files...)

10. unzip filename.zip (filename of your zip file)

11. ls -lrt (To check your unzip files are deployed in temp folder)

12. mv * /var/www/html (Now move all your files from temp folder to root
directory)

13. ls -lrt (to check files are moved from temp to root directory)

13. cd complex (Goto Your folder, Here complex is my folder's name, Code is
deployed to EC2 instance )

14. Copy public ip of your instance in URL to check your code is deployed in EC2.

Page 40 of 59
 Experiment No.9

Build your VPC and Launch a Web Server

Architecture Amazon Virtual Private Cloud (Amazon VPC) enables you to launch
Amazon Web Services (AWS) resources into a virtual network that you defined. This
virtual network closely resembles a traditional network that you would operate in
your own data center, with the benefits of using the scalable infrastructure of AWS.
You can create a VPC that spans multiple Availability Zones.

After completing this lab, you should be able to do the following:

Create a VPC.
Create subnets.
Configure a security group.
Launch an EC2 instance into a VPC.

Accessing the AWS Management Console

To connect to the AWS Management Console, choose the AWS link in the upper-left
corner.

Task 1: Create Your VPC

In this task, you will use the VPC and more option in the VPC console to create
multiple resources, including a VPC, an Internet Gateway, a public subnet and a
private subnet in a single Availability Zone, two route tables, and a NAT Gateway.

Page 41 of 59
In the search box to the right of Services, search for and choose VPC to open the
VPC console.

(a) Begin creating a VPC.

(b) In the top right of the screen, verify that N. Virginia (us-east-1) is the
region.
(c) Choose the VPC dashboard link which is towards the top left of the
console.
(d) Next, choose Create VPC.

Note: If you do not see a button with that name, choose the Launch
VPC Wizard button instead.

(e) Configure the VPC details in the VPC settings panel on the left:
(f) Choose VPC and more.
(g) Under Name tag auto-generation, keep Auto-generate selected,
however change the value from project to lab .
(h) Keep the IPv4 CIDR block set to 10.0.0.0/16
(i) For Number of Availability Zones, choose 1.
(j) For Number of public subnets, keep the 1 setting.
(k) For Number of private subnets, keep the 1 setting.
(l) Expand the Customize subnets CIDR blocks section
(m) Change Public subnet CIDR block in us-east-1a to
10.0.0.0/24
(n) Change Private subnet CIDR block in us-east-1a to
10.0.1.0/24
(o) Set NAT gateways to In 1 AZ.
(p) Set VPC endpoints to None.
(q) Keep both DNS hostnames and DNS resolution enabled.
(r) In the Preview panel on the right, confirm the settings you have configured.
(s) VPC: lab-vpc
(t) Subnets:
(u) us-east-1a
(v) Public subnet name: lab-subnet-public1-us-east-1a
(w) Private subnet name: lab-subnet-private1-us-east-
1a
(x) Route tables
(y) lab-rtb-public
(z) lab-rtb-private1-us-east-1a
(aa) Network connections

Page 42 of 59
 (bb) lab-igw
(cc) lab-nat-public1-us-east-1a

12. At the bottom of the screen, choose Create VPC

The VPC resources are created. The NAT Gateway will take a few minutes to
activate.

Please wait until all the resources are created before proceding to the next
step.

Once it is complete, choose View VPC

The wizard has provisioned a VPC with a public subnet and a private subnet
in one Availability Zone with route tables for each subnet. It also created an
Internet Gateway and a NAT Gateway.

To view the settings of these resources, browse through the VPC console
links that display the resource details. For example, choose Subnets to view
the subnet details and choose Route tables to view the route table details.
The diagram below summarizes the VPC resources you have just created and
how they are configured.

An Internet gateway is a VPC resource that allows communication between

EC2 instances in your VPC and the Internet.

The lab-subnet-public1-us-east-1a public subnet has a CIDR of

10.0.0.0/24, which means that it contains all IP addresses starting with

Page 43 of 59
 10.0.0.x. The fact the route table associated with this public subnet routes
0.0.0.0/0 network traffic to the internet gateway is what makes it a public
subnet.

A NAT Gateway, is a VPC resource used to provide internet connectivity to any

EC2 instances running in private subnets in the VPC without those EC2
instances needing to have a direct connection to the internet gateway.

The lab-subnet-private1-us-east-1a private subnet has a CIDR of

10.0.1.0/24, which means that it contains all IP addresses starting with
10.0.1.x.

Task 2: Create Additional Subnets

In this task, you will create two additional subnets for the VPC in a second
Availability Zone. Having subnets in multiple Availability Zones within a VPC is useful
for deploying solutions that provide High Availability.

After creating a VPC as you have already done, you can still configure it further, for
example, by adding more subnets. Each subnet you create resides entirely within
one Availability Zone.

In the left navigation pane, choose Subnets.

First, you will create a second public subnet.

1. Choose Create subnet then configure:

1. VPC ID: lab-vpc (select from the menu).
2. Subnet name: lab-subnet-public2
3. Availability Zone: Select the second Availability Zone (for example, us-
east-1b)
4. IPv4 CIDR block: 10.0.2.0/24

The subnet will have all IP addresses starting with 10.0.2.x.

2. Choose Create subnet

The second public subnet was created. You will now create a second private
subnet.

3. Choose Create subnet then configure:

Page 44 of 59
 1. VPC ID: lab-vpc
2. Subnet name: lab-subnet-private2
3. Availability Zone: Select the second Availability Zone (for example, us-
east-1b)
4. IPv4 CIDR block: 10.0.3.0/24

The subnet will have all IP addresses starting with 10.0.3.x.

4. Choose Create subnet

The second private subnet was created.

You will now configure this new private subnet to route internet-bound traffic
to the NAT Gateway so that resources in the second private subnet are able
to connect to the Internet, while still keeping the resources private. This is
done by configuring a Route Table.

A route table contains a set of rules, called routes, that are used to determine
where network traffic is directed. Each subnet in a VPC must be associated
with a route table; the route table controls routing for the subnet.

5. In the left navigation pane, choose Route tables.

6. Select the lab-rtb-private1-us-east-1a route table.
7. In the lower pane, choose the Routes tab.

Note that Destination 0.0.0.0/0 is set to Target nat-xxxxxxxx. This means

that traffic destined for the internet (0.0.0.0/0) will be sent to the NAT
Gateway. The NAT Gateway will then forward the traffic to the internet.

This route table is therefore being used to route traffic from private subnets.

8. Choose the Subnet associations tab.

You created this route table in task 1 when you chose to create a VPC and
multiple resources in the VPC. That action also created lab-subnet-private-1
and associated that subnet with this route table.

Now that you have created another private subnet, lab-subnet-private-2, you
will associate this route table with that subnet as well.

9. In the Explicit subnet associations panel, choose Edit subnet associations

Page 45 of 59
 1. Leave lab-subnet-private1-us-east-1a selected, but also select lab-subnet-
private2.
2. Choose Save associations

You will now configure the Route Table that is used by the Public Subnets.

3. Select the lab-rtb-public route table (and deselect any other subnets).
4. In the lower pane, choose the Routes tab.

Note that Destination 0.0.0.0/0 is set to Target igw-xxxxxxxx, which is an

Internet Gateway. This means that internet-bound traffic will be sent straight
to the internet via this Internet Gateway.

You will now associate this route table to the second public subnet you
created.

5. Choose the Subnet associations tab.

6. In the Explicit subnet associations area, choose Edit subnet associations
7. Leave lab-subnet-public1-us-east-1a selected, but also select lab-subnet-
public2.
8. Choose Save associations

Your VPC now has public and private subnets configured in two Availability
Zones. The route tables you created in task 1 have also been updated to
route network traffic for the two new subnets.

Task 3: Create a VPC Security Group

In this task, you will create a VPC security group, which acts as a virtual firewall.
When you launch an instance, you associate one or more security groups with the

Page 46 of 59
instance. You can add rules to each security group that allow traffic to or from its
associated instances.

In the left navigation pane, choose Security groups.

1. Choose Create security group and then configure:

1. Security group name: Web Security Group
2. Description: Enable HTTP access
3. VPC: choose the X to remove the currently selected VPC, then from the
drop down list choose lab-vpc
2. In the Inbound rules pane, choose Add rule
3. Configure the following settings:
1. Type: HTTP
2. Source: Anywhere-IPv4
3. Description: Permit web requests
4. Scroll to the bottom of the page and choose Create security group

You will use this security group in the next task when launching an Amazon
EC2 instance.

Task 4: Launch a Web Server Instance

In this task, you will launch an Amazon EC2 instance into the new VPC. You will
configure the instance to act as a web server.

In the search box to the right of Services, search for and choose EC2 to open the
EC2 console.

1. From the Launch instance menu choose Launch instance.

2. Name the instance:
1. Give it the name Web Server 1

When you name your instance, AWS creates a tag and associates it
with the instance. A tag is a key value pair. The key for this pair is
*Name*, and the value is the name you enter for your EC2 instance.

3. Choose an AMI from which to create the instance:

1. In the list of available Quick Start AMIs, keep the default Amazon Linux
selected.
2. Also keep the default Amazon Linux 2023 AMI selected.

Page 47 of 59
 The type of Amazon Machine Image (AMI) you choose determines the
Operating System that will run on the EC2 instance that you launch.

4. Choose an Instance type:

1. In the Instance type panel, keep the default t2.micro selected.

The Instance Type defines the hardware resources assigned to the

instance.

5. Select the key pair to associate with the instance:

1. From the Key pair name menu, select vockey.

The vockey key pair you selected will allow you to connect to this
instance via SSH after it has launched. Although you will not need to
do that in this lab, it is still required to identify an existing key pair, or
create a new one, or choose to proceed without a key pair, when you
launch an instance.

6. Configure the Network settings:

1. Next to Network settings, choose Edit, then configure:
1. Network: lab-vpc
2. Subnet: lab-subnet-public2 (not Private!)
3. Auto-assign public IP: Enable
2. Next, you will configure the instance to use the Web Security Group that
you created earlier.
1. Under Firewall (security groups), choose Select existing
security group.
2. For Common security groups, select Web Security Group.

This security group will permit HTTP access to the instance.

7. In the Configure storage section, keep the default settings.

8. Configure a script to run on the instance when it launches:
1. Expand the Advanced details panel.
2. Scroll to the bottom of the page and then copy and paste the code
shown below into the User data box:

#!/bin/bash
# Install Apache Web Server and PHP
dnf install -y httpd wget php mariadb105-server
# Download Lab files

Page 48 of 59
 wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-ACCLFO-2/2-
lab2-vpc/s3/lab-app.zip
unzip lab-app.zip -d /var/www/html/
# Turn on web server
chkconfig httpd on
service httpd start

This script will run with root user permissions on the guest OS of the
instance. It will run automatically when the instance launches for the
first time. The script installs a web server, a database, and PHP
libraries, and then it downloads and installs a PHP web application on
the web server.

9. At the bottom of the Summary panel on the right side of the screen choose
Launch instance

You will see a Success message.

Choose View all instances

Wait until Web Server 1 shows 2/2 checks passed in the Status check
column.

This may take a few minutes. Choose the refresh icon at the top of the page
every 30 seconds or so to more quickly become aware of the latest status of
the instance.

You will now connect to the web server running on the EC2 instance.

10. Select Web Server 1.

11. Copy the Public IPv4 DNS value shown in the Details tab at the bottom of
the page.
12. Open a new web browser tab, paste the Public DNS value and press Enter.

Page 49 of 59
 Experiment No.10

Manage Scaling & Load Balance your Architecture in AWS Cloud

Elastic Load Balancing automatically distributes incoming application traffic across

multiple Amazon EC2 instances. It enables you to achieve fault tolerance in your
applications by seamlessly providing the required amount of load balancing
capacity needed to route application traffic.

Auto Scaling helps you maintain application availability and allows you to scale
your Amazon EC2 capacity out or in automatically according to conditions you
define. You can use Auto Scaling to help ensure that you are running your desired
number of Amazon EC2 instances. Auto Scaling can also automatically increase the
number of Amazon EC2 instances during demand spikes to maintain performance
and decrease capacity during lulls to reduce costs. Auto Scaling is well suited to
applications that have stable demand patterns or that experience hourly, daily, or
weekly variability in usage.

• Create an Amazon Machine Image (AMI) from a running instance.

• Create a load balancer.
• Create a launch template and an Auto Scaling group.
• Automatically scale new instances
• Create Amazon CloudWatch alarms and monitor performance of your
infrastructure.

Page 50 of 59
Task 1: Create an AMI for Auto Scaling

In this task, you will create an AMI from the existing Web Server 1. This will save the
contents of the boot disk so that new instances can be launched with identical
content.

4. In the AWS Management Console, in the search box next to Services ,

search for and select EC2.
5. In the left navigation pane, choose Instances.

First, you will confirm that the instance is running.

6. Wait until the Status Checks for Web Server 1 displays 2/2 checks passed. If
necessary, choose refresh to update the status.

You will now create an AMI based upon this instance.

7. Select Web Server 1.

8. In the Actions menu, choose Image and templates > Create image, then
configure:
o Image name: WebServerAMI
o Image description: Lab AMI for Web Server
9. Choose Create image

A confirmation banner displays the AMI ID for your new AMI.

You will use this AMI when launching the Auto Scaling group later in the lab.

Page 51 of 59
Task 2: Create a Load Balancer

In this task, you will first create a target group and then you will create a load
balancer that can balance traffic across multiple EC2 instances and Availability
Zones.

10. In the left navigation pane, choose Target Groups.

Analysis: Target Groups define where to send traffic that comes into the Load
Balancer. The Application Load Balancer can send traffic to multiple Target
Groups based upon the URL of the incoming request, such as having
requests from mobile apps going to a different set of servers. Your web
application will use only one Target Group.

oChoose Create target group

o Choose a target type: Instances
o Target group name, enter: LabGroup
o Select Lab VPC from the VPC drop-down menu.
11. Choose Next. The Register targets screen appears.

Note: Targets are the individual instances that will respond to requests from
the Load Balancer.

You do not have any web application instances yet, so you can skip this step.

12. Review the settings and choose Create target group

13. In the left navigation pane, choose Load Balancers.
14. At the top of the screen, choose Create load balancer.
15. Under Application Load Balancer, choose Create
16. Under Load balancer name, enter: LabELB
17. Scroll down to the Network mapping section, then:
o For VPC, choose Lab VPC

You will now specify which subnets the Load Balancer should use. The
load balancer will be internet facing, so you will select both Public
Subnets.

o Choose the first displayed Availability Zone, then select Public Subnet
1 from the Subnet drop down menu that displays beneath it.

Page 52 of 59
 o Choose the second displayed Availability Zone, then select Public
Subnet 2 from the Subnet drop down menu that displays beneath it.

You should now have two subnets selected: Public Subnet 1 and
Public Subnet 2.

18. In the Security groups section:

o Choose the Security groups drop down menu and select Web Security
Group
o Below the drop down menu, choose the X next to the default security
group to remove it.

The Web Security Group security group should now be the only one
that appears.

19. For the Listener HTTP:80 row, set the Default action to forward to
LabGroup.
20. Scroll to the bottom and choose Create load balancer

The load balancer is successfully created.

o Choose View load balancer

The load balancer will show a state of provisioning. There is no need to

wait until it is ready. Please continue with the next task.

Task 3: Create a Launch Template and an Auto Scaling

Group
In this task, you will create a launch template for your Auto Scaling group. A launch
template is a template that an Auto Scaling group uses to launch EC2 instances.
When you create a launch template, you specify information for the instances such
as the AMI, the instance type, a key pair, and security group.

21. In the left navigation pane, choose Launch Templates.

22. Choose Create launch template

23. Configure the launch template settings and create it:

Page 53 of 59
 o Launch template name: LabConfig
o Under Auto Scaling guidance, select Provide guidance to help me set up
a template that I can use with EC2 Auto Scaling
o In the Application and OS Images (Amazon Machine Image) area,
choose My AMIs.
o Amazon Machine Image (AMI): choose Web Server AMI
o Instance type: choose t2.micro
o Key pair name: choose vockey
o Firewall (security groups): choose Select existing security group
o Security groups: choose Web Security Group
o Scroll down to the Advanced details area and expand it.
o Scroll down to the Detailed CloudWatch monitoring setting. Select
Enable
o Choose Create launch template

Next, you will create an Auto Scaling group that uses this launch
template.

24. In the Success dialog, choose the LabConfig launch template.

25. From the Actions menu, choose Create Auto Scaling group
26. Configure the details in Step 1 (Choose launch template or configuration):
o Auto Scaling group name: Lab Auto Scaling Group
o Launch template: confirm that the LabConfig template you just
created is selected.
o Choose Next
27. Configure the details in Step 2 (Choose instance launch options):
o VPC: choose Lab VPC
o Availability Zones and subnets: Choose Private Subnet 1 and then
choose Private Subnet 2.
o Choose Next
28. Configure the details in Step 3 (Configure advanced options):
o Choose Attach to an existing load balancer
▪ Existing load balancer target groups: select LabGroup.
o In the Additional settings pane:
▪ Select Enable group metrics collection within CloudWatch
o Choose Next

Page 54 of 59
 29. Configure the details in Step 4 (Configure group size and scaling policies -
optional):
o Under Group size, configure:
▪ Desired capacity: 2
▪ Minimum capacity: 2
▪ Maximum capacity: 6
o Under Scaling policies, choose Target tracking scaling policy and
configure:
▪ Scaling policy name: LabScalingPolicy
▪ Metric type: Average CPU Utilization
▪ Target value: 60

This tells Auto Scaling to maintain an average CPU utilization

across all instances at 60%. Auto Scaling will automatically add or
remove capacity as required to keep the metric at, or close to,
the specified target value. It adjusts to fluctuations in the metric
due to a fluctuating load pattern.

o Choose Next
30. Configure the details in Step 5 (Add notifications - optional):

Auto Scaling can send a notification when a scaling event takes place. You will
use the default settings.

o Choose Next
31. Configure the details in Step 6 (Add tags - optional):

Tags applied to the Auto Scaling group will be automatically propagated to

the instances that are launched.

o Choose Add tag and Configure the following:

▪ Key: Name
▪ Value: Lab Instance
o Choose Next
32. Configure the details in Step 6 (Review):
o Review the details of your Auto Scaling group
o Choose Create Auto Scaling group

Page 55 of 59
Task 4: Verify that Load Balancing is Working
In this task, you will verify that Load Balancing is working correctly.

33. In the left navigation pane, choose Instances.

You should see two new instances named Lab Instance. These were
launched by Auto Scaling.

If the instances or names are not displayed, wait 30 seconds and choose
refresh in the top-right.

Next, you will confirm that the new instances have passed their Health
Check.

34. In the left navigation pane, choose Target Groups.

35. Select LabGroup
36. Choose the Targets tab.

Two target instances named Lab Instance should be listed in the target
group.

37. Wait until the Status of both instances transitions to healthy.

Choose Refresh in the upper-right to check for updates if necessary.

Healthy indicates that an instance has passed the Load Balancer's health
check. This means that the Load Balancer will send traffic to the instance.

You can now access the Auto Scaling group via the Load Balancer.

38. In the left navigation pane, choose Load Balancers.

39. Select the LabELB load balancer.
40. In the Details pane, copy the DNS name of the load balancer, making sure to
omit "(A Record)".

It should look similar to: LabELB-1998580470.us-west-2.elb.amazonaws.com

Page 56 of 59
 41. Open a new web browser tab, paste the DNS Name you just copied, and
press Enter.

The application should appear in your browser. This indicates that the Load
Balancer received the request, sent it to one of the EC2 instances, then
passed back the result.

Task 5: Test Auto Scaling

You created an Auto Scaling group with a minimum of two instances and a
maximum of six instances. Currently two instances are running because the
minimum size is two and the group is currently not under any load. You will now
increase the load to cause Auto Scaling to add additional instances.

42. Return to the AWS Management Console, but do not close the application tab
— you will return to it soon.
43. in the search box next to Services , search for and select CloudWatch.
44. In the left navigation pane, choose All alarms.

Two alarms will be displayed. These were created automatically by the Auto
Scaling group. They will automatically keep the average CPU load close to
60% while also staying within the limitation of having two to six instances.

Note: Please follow these steps only if you do not see the alarms in 60
seconds.

o On the Services menu, choose EC2.

o In the left navigation pane, choose Auto Scaling Groups.
o Select Lab Auto Scaling Group.
o In the bottom half of the page, choose the Automatic Scaling tab.
o Select LabScalingPolicy.
o Choose Actions and Edit.
o Change the Target Value to 50 .
o Choose Update
o On the Services menu, choose CloudWatch.
o In the left navigation pane, choose All alarms and verify you see two
alarms.

Page 57 of 59
 45. Choose the OK alarm, which has AlarmHigh in its name.

If no alarm is showing OK, wait a minute then choose refresh in the top-right
until the alarm status changes.

The OK indicates that the alarm has not been triggered. It is the alarm for
CPU Utilization > 60, which will add instances when average CPU is high. The
chart should show very low levels of CPU at the moment.

You will now tell the application to perform calculations that should raise the
CPU level.

46. Return to the browser tab with the web application.

47. Choose Load Test beside the AWS logo.

This will cause the application to generate high loads. The browser page will
automatically refresh so that all instances in the Auto Scaling group will
generate load. Do not close this tab.

48. Return to browser tab with the CloudWatch console.

In less than 5 minutes, the AlarmLow alarm should change to OK and the
AlarmHigh alarm status should change to In alarm.

You can choose Refresh in the top-right every 60 seconds to update the
display.

You should see the AlarmHigh chart indicating an increasing CPU

percentage. Once it crosses the 60% line for more than 3 minutes, it will
trigger Auto Scaling to add additional instances.

49. Wait until the AlarmHigh alarm enters the In alarm state.

You can now view the additional instance(s) that were launched.

50. In the search box next to Services , search for and select EC2.
51. In the left navigation pane, choose Instances.

More than two instances labeled Lab Instance should now be running. The
new instance(s) were created by Auto Scaling in response to the CloudWatch
alarm.

Page 58 of 59
Task 6: Terminate Web Server 1
In this task, you will terminate Web Server 1. This instance was used to create the
AMI used by your Auto Scaling group, but it is no longer needed.

52. Select Web Server 1 (and ensure it is the only instance selected).
53. In the Instance state menu, choose Instance State > Terminate Instance.
54. Choose Terminate

Page 59 of 59