Amazon Cloud Front

Automated Architecture

For this task, we need basic knowledge of three things

  1. EC2: Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction.
  2. S3: S3 is the only object storage service that allows you to block public access to all of your objects at the bucket or the account level with S3 Block Public Access. S3 maintains compliance programs, such as PCI-DSS, HIPAA/HITECH, FedRAMP, EU Data Protection Directive, and FISMA, to help you meet regulatory requirements.
  3. Cloud Front: Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

Task Description :

  1. Webserver configured on EC2 Instance.
  2. . Document Root(/var/www/html) made persistent by mounting on EBS Block Device.
  3. Static objects used in code such as pictures stored in S3.
  4. Setting up a Content Delivery Network using CloudFront and using the origin domain as an S3 bucket.
  5. Finally, place the Cloud Front URL on the web app code for security and low latency.

For the same, we create a key-pair, security group and launch an instance. We use the concept of remote login through ssh protocol and configure the webserver there. Create a html file using vi filename.html . We also create partitions after creating and attaching EBS volume to the instance. Next, we create an S3 bucket add an object in it . Used that object / image in html file. Next create the cloud front services to create a URL and use it to access the same file.

The given command creates a key and saves it in the .pem extension which is further required to remote login.

aws ec2 create-key-pair — key-name ‘myaws’ — query “KeyMaterial”— output text > myaws.pem

Use the given command for creating a security group. You can reach the command using AWS ec2 help option.

aws ec2 create-security-group — description “Allow 22 & 80 Ports” — group-name “awsecurity”

The security group needs specific rules to allow inbound traffic. Since we are working using ssh, HTTP protocols. Allow their respective port numbers in the rules.

SSh =22 HTTP = 80

aws ec2 authorize-security-group-ingress — group-name “awssecurity” — protocol “tcp” — port 22 — cidr “0.0.0.0/0”

aws ec2 authorize-security-group-ingress — group-name “awssecurity” — protocol “tcp” — port 80 — cidr “0.0.0.0/0”

use the above-created key and security group to launch an instance.

aws ec2 run-instances --image-id "ami-052c08d70def0ac62" --instance-type "t2.micro" --key-name "myaws" --security-groups "awssecurity"

Always remember to create the volume in the same region where the instance is launched.

aws ec2 create-volume --availability-zone "ap-south-1a" --size 1

It's necessary to attach the created volume to use it as external storage.

aws ec2 attach-volume — device “xvdb” — instance-id “i-06c8c6f22e54aa323” — volume-id “vol-0b3306753e956ac19”

To use any external storage we follow three basic steps 💾

  1. Partition
  2. formatting
  3. mount

For this purpose, we do remote login through ssh and create partitions.

For logging into ssh give access to your key by using

chmod 400 keyname.pem

ssh -i keyname.pem ec2-user@instance_public_ip

Once you landed remotely use sudo su — root. Install the following commands to configure the webserver.

# yum install httpd -y

Start the httpd service using the command 🍀

# systemctl status httpd

use fdisk -l command to check the hard disk. The highlighted harddisk is the attached volume which needs to be partitioned.

Format the storage using the below-mentioned command. Formatting creates an inode table that contains the basic data of the stored files.

[root@ip-172-31-42-171 ec2-user]# mkfs.ext4 /dev/xvdbb1

After formatting the volume mount it using the below command with directory /var/www/html where all the code of webpage .

mount /dev/xvdb1 /var/www/html

You can come out of remote login using exit.

aws s3 mb s3://bucketname

Now upload the data in your S3 bucket. Make sure to publicize the rules of the S3 bucket.

Create a cloud front to distribute this data image in my case to Edge locations.

aws cloudfront create-distribution — origin-domain-name bucketname.s3.amazomaws.com

This command creates the domain name. Place this domain name in the place of data in the html file created.

You can reach the customer easily without any content delay !!!

Cloud front service hence helps avoid latency by creating CDN content delivery network.

--

--

--

Are you reading ? Cause I am writing :)

Love podcasts or audiobooks? Learn on the go with our new app.

Google’s Place AutoComplete and Maps integration in iOS, Swift 4.

Agile Testing Days 2018: A Reflection

Important Linux Commands for general knowledge — 2

Golang parameter validation: drawbacks of go-playground/validator and its replacement checker

Git with no local master branch

Why I Taught My Daughter to Code

Internship on UI/UX with Zuri

Traefik as Reverse Proxy for Docker Services

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Divyanshu Sharma

Divyanshu Sharma

Are you reading ? Cause I am writing :)

More from Medium

Clone of Travelocity

CS371p Spring 2022 Blog Wk14: Cristian Astorga

Project 2

Android Application Security Assessment — A Quick Guide