TABLE OF CONTENTS.

S.NO DATE EXPERIMENT PG.NO TEACHER’S

SIGNATURE
1. INTRODUCTION TO AWS IAM.
2. BULID YOUR VPC AND LAUNCH A
WEB SERVER.
3. INTRODUCTION TO AMAZON
EC2.
4. WORKING WITH EBS.
5. BULID A DATABASE SERVER.
6. SCALE & LOAD BALANCE YOUR
ARCHITECTURE.
 EX.NO:1 INTRODUCTION TO AWS IAM.
DATE:

AIM:
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web
Services (AWS) customers to manage users and user permissions in AWS. With IAM, you can
centrally manage users, security credentials such as access keys, and permissions that
control which AWS resources users can access.

PROCEDURE:
Accessing the AWS Management Console:
1. At the top of these instructions, click Start Lab to launch your lab.
A Start Lab panel opens displaying the lab status.
2. Wait until you see the message "Lab status: ready", then click the X to close the Start
Lab panel.
3. At the top of these instructions, click AWS
This will open the AWS Management Console in a new browser tab. The system will
automatically log you in.
4. Arrange the AWS Management Console tab so that it displays along side these
instructions. Ideally, you will be able to see both browser tabs at the same time, to make it
easier to follow the lab steps.

Task 1: Explore the Users and Groups

In this task, you will explore the Users and Groups that have already been created for you in
IAM.
5. In the AWS Management Console, on the Services menu, click IAM.
6. In the navigation pane on the left, click Users.
The following IAM Users have been created for you:
o user-1
o user-2
o user-3
7. Click user-1.
This will bring to a summary page for user-1. The Permissions tab will be displayed.
8. Notice that user-1 does not have any permissions.
9. Click the Groups tab.
user-1 also is not a member of any groups.
10. Click the Security credentials tab.
user-1 is assigned a Console password
11. In the navigation pane on the left, click Groups.
The following groups have already been created for you:
Ο EC2-Admin
Ο EC2-Support
Ο S3-Support
12. Click the EC2-Support group.
This will bring you to the summary page for the EC2-Support group.
13. Click the Permissions tab.
This group has a Managed Policy associated with it, called AmazonEC2ReadOnlyAccess.
Managed Policies are pre-built policies (built either by AWS or by your administrators) that
can be attached to IAM Users and Groups. When the policy is updated, the changes to the
policy are immediately apply against all Users and Groups that are attached to the policy.
14. Under Actions, click the Show Policy link.
A policy defines what actions are allowed or denied for specific AWS resources. This policy is
granting permission to List and Describe information about EC2, Elastic Load Balancing,
CloudWatch and Auto Scaling. This ability to view resources, but not modify them, is ideal
for assigning to a Support role.
The basic structure of the statements in an IAM Policy is:
Ο Effect says whether to Allow or Deny the permissions.
Ο Action specifies the API calls that can be made against an AWS Service (eg
cloudwatch:ListMetrics).
Ο Resource defines the scope of entities covered by the policy rule (eg a specific
Amazon S3 bucket or Amazon EC2 instance, or which means any resource*).
15. Close the Show Policy window.
16. In the navigation pane on the left, click Groups.
17. Click the S3-Support group.
The S3-Support group has the AmazonS3ReadOnlyAccess policy attached.
18. Below the Actions menu, click the Show Policy link.
This policy has permissions to Get and List resources in Amazon S3.
19. Close the Show Policy window.
20. In the navigation pane on the left, click Groups.
21. Click the EC2-Admin group.
This Group is slightly different from the other two. Instead of a Managed Policy, it has an
Inline Policy, which is a policy assigned to just one User or Group. Inline Policies are typically
used to apply permissions for one-off situations.
22. Under Actions, click Show Policy to view the policy.
This policy grants permission to view (Describe) information about Amazon EC2 and also the
ability to Start and Stop instances.
23. At the bottom of the screen, click Cancel to close the policy.

Business Scenario
For the remainder of this lab, you will work with these Users and Groups to enable
permissions supporting the following business scenario:
Your company is growing its use of Amazon Web Services, and is using many Amazon EC2
instances and a great deal of Amazon S3 storage. You wish to give access to new staff
depending upon their job function.

USER. IN GROUP. PERMISSIONS.

user-1 S3-Support Read-Only access to Amazon S3
User-2 EC2-Support Read-Only access to Amazon EC-2
User-3 EC2-Support View , Start and Stop Amazon EC-2 instances

Task 2: Add Users to Groups

You have recently hired user-1 into a role where they will provide support for Amazon S3.
You will add them to the S3-Support group so that they inherit the necessary permissions via
the attached AmazonS3ReadOnlyAccess policy.
You can ignore any "not authorized" errors that appear during this task. They are caused by
your lab account having limited permissions and will not impact your ability to complete the
lab.
Add user-1 to the S3-Support Group
24. In the left navigation pane, click Groups.
25. Click the S3-Support group.
26. Click the Users tab.
27. In the Users tab, click Add Users to Group.
28. In the Add Users to Group window, configure the following:
 Select user-1.
 At the bottom of the screen, click Add Users.
In the Users tab you will see that user-1 has been added to the group.
Add user-2 to the EC2-Support Group
You have hired user-2 into a role where they will provide support for Amazon EC2.
29. Using similar steps to the ones above, add user-2 to the EC2-Support group.
user-2 should now be part of the EC2-Support group.
Add user-3 to the EC2-Admin Group
You have hired user-3 as your Amazon EC2 administrator, who manage your EC2 instances.
30. Using similar steps to the ones above, add user-3 to the EC2-Admin group.
user-3 should now be part of the EC2-Admin group.
31. In the navigation pane on the left, click Groups.
Each Group should have a 1 in the Users column for the number of Users in each Group.
If you do not have a 1 beside each group, revisit the above instructions above to ensure that
each user is assigned to a Group, as shown in the table in the Business Scenario section.

Task 3: Sign-In and Test Users

In this task, you will test the permissions of each IAM User.
32. In the navigation pane on the left, click Dashboard.
An IAM users sign-in link is displayed It will look similar to:
https://123456789012.signin.aws.amazon.com/console
This link can be used to sign-in to the AWS Account you are currently using.
33. Copy the IAM users sign-in link to a text editor.
34. Open a private window.
Mozilla Firefox
o Click the menu bars at the top-right of the screen
o Select New Private Window
Google Chrome
o Click the ellipsis at the top-right of the screen
o Click New incognito window
Microsoft Edge
o Click the ellipsis at the top-right of the screen
o Click New InPrivate window
Microsoft Internet Explorer
o Click the Tools menu option
o Click InPrivate Browsing
35. Paste the IAM users sign-in link into your private window and press Enter.
You will now sign-in as user-1, who has been hired as your Amazon S3 storage support staff.
36. Sign-in with:
 IAM user name: user-1
 Password: lab-password
37. In the Services menu, click S3.
38. Click the name of one of your buckets and browse the contents.
Since your user is part of the S3-Support Group in IAM, they have permission to view a list of
Amazon S3 buckets and their contents.
Now, test whether they have access to Amazon EC2.
39. In the Services menu, click EC2.
40. In the left navigation pane, click Instances.
You cannot see any instances! Instead, it says An error occurred fetching instance data: You
are not authorized to perform this operation.. This is because your user has not been
assigned any permissions to use Amazon EC2.
You will now sign-in as user-2, who has been hired as your Amazon EC2 support person.
41. Sign user-1 out of the AWS Management Console by configuring the following:
 At the top of the screen, click user-1
 Click Sign Out

42. Paste the IAM users sign-in link into your private window and press Enter.
This links should be in your text editor.
43. Sign-in with:
 IAM user name: user-2
 Password: lab-password
44. In the Services menu, click EC2.
45. In the navigation pane on the left, click Instances.
You are now able to see an Amazon EC2 instance because you have Read Only permissions.
However, you will not be able to make any changes to Amazon EC2 resources.
If you cannot see an Amazon EC2 instance, then your Region may be incorrect. In the top-
right of the screen, pull-down the Region menu and select the region that you noted at the
start of the lab (eg Oregon).
Your EC2 instance should be selected . If it is not selected, select it.
46. In the Actions menu, click Instance State > Stop.
47. In the Stop Instances window, click Yes, Stop.
You will receive an error stating You are not authorized to perform this operation. This
demonstrates that the policy only allows you to information, without making changes.
48. At the Stop Instances window, click Cancel.
Next, check if user-2 can access Amazon S3.
49. In the Services, click S3.
You will receive an Error Access Denied because user-2 does not permission to use Amazon
S3.
You will now sign-in as user-3, who has been hired as your Amazon EC2 administrator.
50. Sign user-2 out of the AWS Management Console by configuring the following:
 At the top of the screen, click user-2
 Click Sign Out
51. Paste the IAM users sign-in link into your private window and press Enter.
52. Paste the sign-in link into your web browser address bar again. If it is not in your
clipboard, retrieve it from the text editor where you stored it earlier.
53. Sign-in with:
 IAM user name: user-3
 Password: lab-password
54. In the Services menu, click EC2.
55. In the navigation pane on the left, click Instances.
As an EC2 Administrator, you should now have permissions to Stop the Amazon EC2
instance.
Your EC2 instance should be selected . If it is not, please select it.
If you cannot see an Amazon EC2 instance, then your Region may be incorrect. In the top-
right of the screen, pull-down the Region menu and select the region that you noted at the
start of the lab (eg Oregon).
56. In the Actions menu, click Instance State > Stop.
57. In the Stop Instances window, click Yes, Stop.
The instance will enter the stopping state and will shut down.
58. Close your private window.

OUTPUT:
RESULT:
Thus the AWS Identity and Access Management was successfully executed and the
output was verified.
 EX.NO:2 BULID YOUR VPC AND LAUNCH A WEB SERVER.
DATE:

AIM:
AWS Virtual Private Cloud (VPC) provides networking functionality to Compute Engine
virtual machine (VM) instances, Google Kubernetes Engine (GKE) clusters, and serverless
workloads. VPC provides networking for your cloud-based resources and services that is
global, scalable, and flexible.

PROCEDURE:
Accessing the AWS Management Console
1. At the top of these instructions, choose Start Lab to launch your lab.
A Start Lab panel opens displaying the lab status.
2. Wait until you see the message "Lab status: ready", then choose the X to close the
Start Lab panel.
3. At the top of these instructions, choose AWS
This will open the AWS Management Console in a new browser tab. The system will
automatically log you in.
Tip: If a new browser tab does not open, there will typically be a banner or icon at the top of
your browser indicating that your browser is preventing the site from opening pop-up
windows. Choose on the banner or icon and choose "Allow pop ups."
4. Arrange the AWS Management Console tab so that it displays along side these
instructions. Ideally, you will be able to see both browser tabs at the same time, to make it
easier to follow the lab steps.

Task 1: Create Your VPC

In this task, you will use the VPC Wizard to create a VPC an Internet Gateway and two
subnets in a single Availability Zone. An Internet gateway (IGW) is a VPC component that
allows communication between instances in your VPC and the Internet.
After creating a VPC, you can add subnets. Each subnet resides entirely within one
Availability Zone and cannot span zones. If a subnet's traffic is routed to an Internet
Gateway, the subnet is known as a public subnet. If a subnet does not have a route to the
Internet gateway, the subnet is known as a private subnet.
The wizard will also create a NAT Gateway, which is used to provide internet connectivity to
EC2 instances in the private subnets.
5. In the AWS Management Console, on the Services menu, choose VPC.
6. Choose Launch VPC Wizard
7. In the left navigation pane, choose VPC with Public and Private Subnets (the second
option).
8. Choose Select then configure:
o VPC name: Lab VPC
o Availability Zone: Select the first Availability Zone
o Public subnet name: Public Subnet 1
o Availability Zone: Select the first Availability Zone (the same as used above)
o Private subnet name: Private Subnet 1
o Elastic IP Allocation ID: Choose in the box and select the displayed IP address
9. Choose Create VPC
The wizard will create your VPC.
10. Once it is complete, choose OK
The wizard has provisioned a VPC with a public subnet and a private subnet in the same
Availability Zone, together with route tables for each subnet:
The Public Subnet has a CIDR of 10.0.0.0/24, which means that it contains all IP addresses
starting with 10.0.0.x.
The Private Subnet has a CIDR of 10.0.1.0/24, which means that it contains all IP addresses
starting with 10.0.1.x.

Task 2: Create Additional Subnets

In this task, you will create two additional subnets in a second Availability Zone. This is useful
for creating resources in multiple Availability Zones to provide High Availability.
11. In the left navigation pane, choose Subnets.
First, you will create a second Public Subnet.
12. Choose Create subnet then configure:
o VPC ID: Lab VPC
o Subnet name: Public Subnet 2
o Availability Zone: Select the second Availability Zone
o IPv4 CIDR block: 10.0.2.0/24
The subnet will have all IP addresses starting with 10.0.2.x.
13. Choose Create subnet
You will now create a second Private Subnet.
14. Choose Create subnet then configure:
o VPC ID: Lab VPC
o Subnet name: Private Subnet 2
o Availability Zone: Select the second Availability Zone
o CIDR block: 10.0.3.0/24
The subnet will have all IP addresses starting with 10.0.3.x.
15. Choose Create subnet
You will now configure the Private Subnets to route internet-bound traffic to the NAT
Gateway so that resources in the Private Subnet are able to connect to the Internet, while
still keeping the resources private. This is done by configuring a Route Table.
A route table contains a set of rules, called routes, that are used to determine where
network traffic is directed. Each subnet in a VPC must be associated with a route table; the
route table controls routing for the subnet.
16. In the left navigation pane, choose Route Tables.
17. Select the route table with Main = Yes and VPC = Lab VPC. (Expand the VPC ID
column if necessary to view the VPC name.)
18. In the Name column for this route table, choose the pencil then type Private Route
Table and choose Save
19. In the lower pane, choose the Routes tab.
Note that Destination 0.0.0.0/0 is set to Target nat-xxxxxxxx. This means that traffic destined
for the internet (0.0.0.0/0) will be sent to the NAT Gateway. The NAT Gateway will then
forward the traffic to the internet.
This route table is therefore being used to route traffic from Private Subnets. You will now
add a name to the Route Table to make this easier to recognize in future.
20. In the lower pane, choose the Subnet Associations tab.
You will now associate this route table to the Private Subnets.
21. Choose Edit subnet associations
22. Select both Private Subnet 1 and Private Subnet 2.
You can expand the Subnet ID column to view the Subnet names.
23. Choose Save associations
You will now configure the Route Table that is used by the Public Subnets.
24. Select the route table with Main = No and VPC = Lab VPC (and deselect any other
subnets).
25. In the Name column for this route table, choose the pencil then type Public Route
Table, and choose Save
26. In the lower pane, choose the Routes tab.
Note that Destination 0.0.0.0/0 is set to Target igw-xxxxxxxx, which is the Internet Gateway.
This means that internet-bound traffic will be sent straight to the internet via the Internet
Gateway.
You will now associate this route table to the Public Subnets.
27. Choose the Subnet Associations tab.
28. Choose Edit subnet associations
29. Select both Public Subnet 1 and Public Subnet 2.
30. Choose Save associations
Your VPC now has public and private subnets configured in two Availability Zones:

Task 3: Create a VPC Security Group

In this task, you will create a VPC security group, which acts as a virtual firewall. When you
launch an instance, you associate one or more security groups with the instance. You can
add rules to each security group that allow traffic to or from its associated instances.
31. In the left navigation pane, choose Security Groups.
32. Choose Create security group and then configure:
o Security group name: Web Security Group
o Description: Enable HTTP access
o VPC: Lab VPC
33. In the Inbound rules pane, choose Add rule
34. Configure the following settings:
o Type: HTTP
o Source: Anywhere-IPv4
o Description: Permit web requests
35. Scroll to the bottom of the page and choose Create security group
You will use this security group in the next task when launching an Amazon EC2 instance.
Task 4: Launch a Web Server Instance
In this task, you will launch an Amazon EC2 instance into the new VPC. You will configure the
instance to act as a web server.
39. On the Services menu, choose EC2.
40. Choose Launch Instance, and then choose Launch Instance
First, you will select an Amazon Machine Image (AMI), which contains the desired Operating
System.
41. In the row for Amazon Linux 2 (at the top), choose Select
The Instance Type defines the hardware resources assigned to the instance.
42. Select t2.micro (shown in the Type column).
43. Choose Next: Configure Instance Details
You will now configure the instance to launch in a Public Subnet of the new VPC.
44. Configure these settings:
o Network: Lab VPC
o Subnet: Public Subnet 2 (not Private!)
o Auto-assign Public IP: Enable
45. Expand the Advanced Details section (at the bottom of the page).
46. Copy and paste this code into the User data box:
!/bin/bash
# Install Apache Web Server and PHP
yum install -y httpd mysql php
# Download Lab files
wget https://aws-tc-largeobjects.s3.us-west-2.amazonaws.com/CUR-TF-100-ACCLFO-2/2-
lab2-vpc/s3/lab-app.zip
unzip lab-app.zip -d /var/www/html/
# Turn on web server
chkconfig httpd on
service httpd start
This script will be run automatically when the instance launches for the first time. The script
loads and configures a PHP web application.
47. Choose Next: Add Storage
You will use the default settings for storage.
48. Choose Next: Add Tags
Tags can be used to identify resources. You will use a tag to assign a Name to the instance.
49. Choose Add Tag then configure:
o Key: Name
o Value: Web Server 1
50. Choose Next: Configure Security Group
You will configure the instance to use the Web Security Group that you created earlier.
51. Select Select an existing security group
52. Select Web Security Group.
This is the security group you created in the previous task. It will permit HTTP access to the
instance.
53. Choose Review and Launch
54. When prompted with a warning that you will not be able to connect to the instance
through port 22, choose Continue
55. Review the instance information and choose Launch
56. In the Select an existing keypair dialog, select I acknowledge....
57. Choose Launch Instances and then choose View Instances
58. Wait until Web Server 1 shows 2/2 checks passed in the Status Checks column.
This may take a few minutes. Choose refresh in the top-right every 30 seconds for updates.
You will now connect to the web server running on the EC2 instance.
59. Select Web Server 1.
60. Copy the Public DNS (IPv4) value shown in the Description tab at the bottom of the
page.
61. Open a new web browser tab, paste the Public DNS value and press Enter.
You should see a web page displaying the AWS logo and instance meta-data values.
OUTPUT:
RESULT:
Thus the bulid your vpc and launch web server was successfully executed and the
output was verified.
 EX.NO:3 INTRODUCTION TO AMAZON EC2.
DATE:

AIM:
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable
compute capacity in the cloud. It is designed to make web-scale cloud computing easier for
developers. Amazon EC2's simple web service interface allows you to obtain and configure
capacity with minimal friction. It provides you with complete control of your computing
resources and lets you run on Amazon's proven computing environment.

PROCEDURE:
Accessing the AWS Management Console
1. At the top of these instructions, choose Start Lab to launch your lab. A Start Lab panel
opens displaying the lab status.
2. Wait until you see the message "Lab status: ready", then choose the X to close the Start
Lab panel.
3. At the top of these instructions, choose AWS This will open the AWS Management
Console in a new browser tab. The system will automatically log you in.
Tip: If a new browser tab does not open, there will typically be a banner or icon at the top of
your browser indicating that your browser is preventing the site from opening pop-up
windows. Choose on the banner or icon and choose "Allow pop ups."
4. Arrange the AWS Management Console tab so that it displays along side these
instructions. Ideally, you will be able to see both browser tabs at the same time, to make it
easier to follow the lab steps.

Task 1: Launch Your Amazon EC2 Instance

In this task, you will launch an Amazon EC2 instance with termination protection.
Termination protection prevents you from accidentally terminating an EC2 instance. You will
deploy your instance with a User Data script that will allow you to deploy a simple web
server.
5. In the AWS Management Console choose Services, choose Compute and then choose EC2.
Note:
Verify that your EC2 console is currently managing resources in the N. Virginia (us-east-1)
region. You can verify this by looking at the drop down menu at the top of the screen, to the
left of your username. If it does not already indicate N. Virginia, choose the N. Virginia
region from the region menu before proceeding to the next step.
6. Choose the Launch instance menu and select Launch instance.
Step 1: Name and tags
7. Give the instance the name Web Server.
The Name you give this instance will be stored as a tag. Tags enable you to categorize your
AWS resources in different ways, for example, by purpose, owner, or environment. This is
useful when you have many resources of the same type — you can quickly identify a specific
resource based on the tags you have assigned to it. Each tag consists of a Key and a Value,
both of which you define. You can define multiple tags to associate with the instance if you
want to.
In this case, the tag that will be created will consist of a key called Name with a value of Web
Server

Step 2: Application and OS Images (Amazon Machine Image)

8. In the list of available Quick Start AMIs, keep the default Amazon Linux AMI selected.
9. Also keep the default Amazon Linux 2023 AMI selected. An Amazon Machine Image (AMI)
provides the information required to launch an instance, which is a virtual server in the
cloud.
An AMI includes:
o A template for the root volume for the instance (for example, an operating system or an
application server with applications)
o Launch permissions that control which AWS accounts can use the AMI to launch instances
o A block device mapping that specifies the volumes to attach to the instance when it is
launched
The Quick Start list contains the most commonly-used AMIs. You can also create your own
AMI or select an AMI from the AWS Marketplace, an online store where you can sell or buy
software that runs on AWS.

Step 3: Instance type

10. In the Instance type panel, keep the default t2.micro selected.
Amazon EC2 provides a wide selection of instance types optimized to fit different use cases.
Instance types comprise varying combinations of CPU, memory, storage, and networking
capacity and give you the flexibility to choose the appropriate mix of resources for your
applications. Each instance type includes one or more instance sizes, allowing you to scale
your resources to the requirements of your target workload.
The t2.micro instance type has 1 virtual CPU and 1 GiB of memory.
Note: You may be restricted from using other instance types in this lab.

Step 4: Key pair (login)

11. For Key pair name - required, choose vockey.
Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. To
ensure you will be able to log in to the guest OS of the instance you create, you identify an
existing key pair or create a new key pair when launching the instance.
Amazon EC2 then installs the key on the guest OS when the instance is launched. That way,
when you attempt to login to the instance and you provide the private key, you will be
authorized to connect to the instance.
Note: In this lab you will not actually use the key pair you have specified to log into your
instance.

Step 5: Network settings

12. Next to Network settings, choose Edit.
13. For VPC, select Lab VPC. The Lab VPC was created using an AWS CloudFormation
template during the setup process of your lab. This VPC includes two public subnets in two
different Availability Zones.
Note: Keep the default subnet. This is the subnet in which the instance will run. Notice also
that by default, the instance will be assigned a public IP address.
14. Under Firewall (security groups), choose Create security group and configure:
o Security group name: Web Server security group
o Description: Security group for my web server
A security group acts as a virtual firewall that controls the traffic for one or more instances.
When you launch an instance, you associate one or more security groups with the instance.
You add rules to each security group that allow traffic to or from its associated instances.
You can modify the rules for a security group at any time; the new rules are automatically
applied to all instances that are associated with the security group.
o Under Inbound security group rules, notice that one rule exists. Remove this rule.

Step 6: Configure storage

15. In the Configure storage section, keep the default settings.
Amazon EC2 stores data on a network-attached virtual disk called Elastic Block Store.
You will launch the Amazon EC2 instance using a default 8 GiB disk volume. This will be your
root volume (also known as a 'boot' volume).

Step 7: Advanced details

16. Expand Advanced details.
17. For Termination protection, select Enable.
When an Amazon EC2 instance is no longer required, it can be terminated, which means that
the instance is deleted and its resources are released.
A terminated instance cannot be accessed again and the data that was on it cannot be
recovered. If you want to prevent the instance from being accidentally terminated, you can
enable termination protection for the instance, which prevents it from being terminated as
long as this setting remains enabled.
18. Scroll to the bottom of the page and then copy and paste the code shown below into the
User data box:
#!/bin/bash
dnf install -y httpd
systemctl enable httpd
systemctl start httpd echo 'Hello From Your Web Server!' > /var/www/html/index.html
When you launch an instance, you can pass user data to the instance that can be used to
perform automated installation and configuration tasks after the instance starts.
Your instance is running Amazon Linux 2023. The shell script you have specified will run as
the root guest OS user when the instance starts. The script will:
o Install an Apache web server (httpd)
o Configure the web server to automatically start on boot o Run the Web server once it has
finished installing
o Create a simple web page

Step 8: Launch the instance

19. At the bottom of the Summary panel on the right side of the screen choose Launch
instance
You will see a Success message.
20. Choose View all instances
o In the Instances list, select Web Server.
o Review the information displayed in the Details tab. It includes information about the
instance type, security settings and network settings.
The instance is assigned a Public IPv4 DNS that you can use to contact the instance from the
Internet.
To view more information, drag the window divider upwards.
At first, the instance will appear in a Pending state, which means it is being launched. It will
then change to Initializing, and finally to Running.
21. Wait for your instance to display the following:
o Instance State: Running
o Status Checks: 2/2 checks passed
Congratulations! You have successfully launched your first Amazon EC2 instance.

Task 2: Monitor Your Instance

Monitoring is an important part of maintaining the reliability, availability, and performance
of your Amazon Elastic Compute Cloud (Amazon EC2) instances and your AWS solutions.
22. Choose the Status checks tab.
With instance status monitoring, you can quickly determine whether Amazon EC2 has
detected any problems that might prevent your instances from running applications.
Amazon EC2 performs automated checks on every running EC2 instance to identify hardware
and software issues.
Notice that both the System reachability and Instance reachability checks have passed.
23. Choose the Monitoring tab. This tab displays Amazon CloudWatch metrics for your
instance. Currently, there are not many metrics to display because the instance was recently
launched. You can choose the three dots icon in any graph and select Enlarge to see an
expanded view of the chosen metric. Amazon EC2 sends metrics to Amazon CloudWatch for
your EC2 instances. Basic (five-minute) monitoring is enabled by default. You can also enable
detailed (one minute) monitoring.
24. In the Actions menu towards the top of the console, select Monitor and troubleshoot
Get system log. The System Log displays the console output of the instance, which is a
valuable tool for problem diagnosis. It is especially useful for troubleshooting kernel
problems and service configuration issues that could cause an instance to terminate or
become unreachable before its SSH daemon can be started. If you do not see a system log,
wait a few minutes and then try again.
25. Scroll through the output and note that the HTTP package was installed from the user
data that you added when you created the instance.
26. Choose Cancel.
27. Ensure Web Server is still selected. Then, in the Actions menu, select Monitor and
troubleshoot Get instance screenshot. This shows you what your Amazon EC2 instance
console would look like if a screen were attached to it. If you are unable to reach your
instance via SSH or RDP, you can capture a screenshot of your instance and view it as an
image. This provides visibility as to the status of the instance, and allows for quicker
troubleshooting.
28. Choose Cancel. Congratulations! You have explored several ways to monitor your
instance.
Task 3: Update Your Security Group and Access the Web Server
When you launched the EC2 instance, you provided a script that installed a web server and
created a simple web page. In this task, you will access content from the web server.
29. Ensure Web Server is still selected. Choose the Details tab.
30. Copy the Public IPv4 address of your instance to your clipboard.
31. Open a new tab in your web browser, paste the IP address you just copied, then press
Enter.
Question: Are you able to access your web server? Why not?
You are not currently able to access your web server because the security group is not
permitting inbound traffic on port 80, which is used for HTTP web requests. This is a
demonstration of using a security group as a firewall to restrict the network traffic that is
allowed in and out of an instance.
To correct this, you will now update the security group to permit web traffic on port 80.
32. Keep the browser tab open, but return to the EC2 Console tab.
33. In the left navigation pane, choose Security Groups.
34. Select Web Server security group.
35. Choose the Inbound rules tab. The security group currently has no inbound rules.
36. Choose Edit inbound rules, select Add rule and then configure:
o Type: HTTP
o Source: Anywhere-IPv4
o Choose Save rules
37. Return to the web server tab that you previously opened and refresh the page.
You should see the message Hello From Your Web Server!
Congratulations! You have successfully modified your security group to permit HTTP traffic
into your Amazon EC2 Instance.

Task 4: Resize Your Instance: Instance Type and EBS Volume

Stop Your Instance
Before you can resize an instance, you must stop it.
When you stop an instance, it is shut down. There is no runtime charge for a stopped EC2
instance, but the storage charge for attached Amazon EBS volumes remains.39. In the
Instance State menu, select Stop instance.
40. Choose Stop Your instance will perform a normal shutdown and then will stop running.
41. Wait for the Instance state to display: Stopped.

Change The Instance Type

42. In the Actions menu, select Instance settings Change instance type, then configure:
o Instance Type: t2.small
o Choose Apply
When the instance is started again it will run as a t2.small, which has twice as much memory
as a t2.micro instance.
NOTE: You may be restricted from using other instance types in this lab.

Resize the EBS Volume

43. With the Web Server instance still selected, choose the Storage tab, select the name of
the Volume ID, then select the checkbox next to the volume that displays.
44. In the Actions menu, select Modify volume.
The disk volume currently has a size of 8 GiB.
You will now increase the size of this disk. EBS volumes in this lab.
45. Change the size to: 10
NOTE: You may be restricted from creating large Amazon
46. Choose Modify
47. Choose Modify again to confirm and increase the size of the volume. Start the Resized
You will now start the instance again, which will now have more memory and more disk
space.
49. In left navigation pane, choose Instances.
50. Select the Web Server instance.
51. In the Instance state menu, select Start instance.
Congratulations! You have successfully resized your Amazon EC2 Instance.
In this task you changed your instance type from t2.micro to t2.small. You also modified your
root disk volume from 8 GiB to 10 GiB.

Task 5: Explore EC2 Limits

Amazon EC2 provides different resources that you can use. These resources include images,
instances, volumes, and snapshots. When you create an AWS account, there are default
limits on these resources on a per-region basis.
52. In the AWS Management Console, in the search box next to Services, search for and
choose Service Quotas
53. Choose AWS services from the navigation menu and then in the AWS services Find
services search bar, search for ec2 and choose Amazon Elastic Compute Cloud (Amazon EC2).
54. In the Find quotas search bar, search for running on-demand, but do not make a
selection. Instead, observe the filtered list of service quotas that match the criteria.
Notice that there are limits on the number and types of instances that can run in a region.
For example, there is a limit on the number of Running On-Demand Standard... instances
that you can launch in this region.
When launching instances, the request must not cause your usage to exceed the instance
limits currently defined in that region. You can request an increase for many of these limits.

Task 6: Test Termination Protection

You can delete your instance when you no longer need it. This is referred to as terminating
your instance. You cannot connect to or restart an instance after it has been terminated. In
this task, you will learn how to use termination protection.
55. In the AWS Management Console, in the search box next to Services, search for and
choose EC2 to return to the EC2 console.
56. In left navigation pane, choose Instances.
57. Select the Web Server instance and in the Instance state menu, select Terminate
instance.
58. Then choose Terminate Note that there is a message that says: Failed to terminate the
instance i 1234567xxx.
The instance 'i-1234567xxx' may not be terminated.
Modify its 'disableApiTermination' instance attribute and try again. This is a safeguard to
prevent the accidental termination of an instance.
If you really want to terminate the instance, you will need to disable the termination
protection.
59. In the Actions menu, select Instance settings Change termination protection.
60. Remove the check next to Enable.
61. Choose Save You can now terminate the instance.
62. Select the Web Server instance again and in the Instance state menu, select Terminate
instance.
63. Choose Terminate
Congratulations! You have successfully tested termination protection and terminated your
instance.
OUTPUT:
RESULT:
Thus the introduction to EC2 instance was successfully executed and output was verified.