EC2 - User data

User data


Functionality in EC2 service is important and very handy tool. This allows us to execute script right after EC2 instance creation phase. By that we can execute,install any program we want or update, upgrade operating system on that virtual machine. User data functionality will run once just after completion of the instance creation sequence.

  1.  First we need to create an EC2 instance with extra steps. Choose Amazon Linux OS so we don't have to install aws-cli tool which we will need in the next steps.





      
  2. Click to advanced options and add script below also tick the metadata options as well. With new metadata service it is not possible to send request to metadata service without secret key. That is why we need to use old metadata service for the demonstration purposes.
    Script is at the end of the page !!!







  3. We need one more thing to do, since by default all the ports are closed state. We need to add firewall allow line to open port 80 to serve our page to the public web.
    Click to the security tab of the EC2 instance you just created. 






  4. Add port 80 open to anywhere line like the below.






  5. And that is it. Navigate to the public IP address like this  http://PUBLIC_IP



    Bash script  used to create this page :



    #!/bin/bash

    # Update the package index
    sudo yum update -y

    # Install Apache HTTP server
    sudo yum install -y httpd

    # Start the Apache service
    sudo systemctl start httpd

    # Enable Apache to start on boot
    sudo systemctl enable httpd

    # Retrieve the instance's availability zone
    AVAILABILITY_ZONE=$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)

    # Retrieve the instance's public IP address
    PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)

    # Create a simple HTML webpage
    cat <<EOL > /var/www/html/index.html
    <!DOCTYPE html>
    <html>
    <head>
        <title>Instance Metadata</title>
    </head>
    <body>
        <h1>Instance Metadata</h1>
        <p><strong>Availability Zone:</strong> $AVAILABILITY_ZONE</p>
        <p><strong>Public IP Address:</strong> $PUBLIC_IP</p>
    </body>
    </html>
    EOL

    # Restart the Apache service to apply changes
    sudo systemctl restart httpd







Comments

Post a Comment

Popular posts from this blog

Identity Access Management - How to create user in IAM ?!

Image
Introduction IAM stands for Identity and Access Management. IAM is essential component of AWS allows you to create and manage access of user, role, application and control authentication/authorization. There are 4 essential components of IAM :  Users - are individuals or applications want to access to your AWS resources. Groups - are collection of users. By this you can assign permissions to group instead individual users. Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view. Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles. Hands on IAM exercises :  Login to your AWS account and search for IAM :  After clicking IAM icon, you wil
Read more

AWS pricing fundamentals

Image
When using Amazon Web Services (AWS), there are three primary factors that determine your costs: Compute : This includes the amount of resources such as CPU and RAM you use, as well as the duration for which you use them. Data Storage : The quantity of data stored or allocated. Outbound Data Transfer : The amount of data transferred out from all services. It's important to be cautious and monitor your usage to avoid unexpected costs. AWS Pricing Models On Demand (Pay as you Go) The On Demand model allows you to: Easily adapt to changing business needs. Adjust based on your requirements. Reduce the risk of paying for unused capacity. Reserved Instance (Save When You Reserve) By investing in reserved capacity, such as with EC2 or RDS, you can: Ensure you have resources available for unexpected scenarios like web traffic spikes. Reserve resources for 1-3 years, which can lead to significant discounts. Save up to 75% compared to the Pay-as-you-Go model. The more you pay upfront, the gr
Read more

IAM - Roles

Image
IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us
Read more