This project deploys a Django-based blog application on AWS using various services such as EC2, RDS, S3, DynamoDB, CloudFront, and Route 53. The end result is a scalable and secure web application where users can upload pictures and videos on their blog pages, which are stored on an S3 bucket and recorded on a DynamoDB table.

• Project Github Repo

Introduction

In this blog post, we will walk through the steps to deploy a Django-based blog application on the AWS (Amazon Web Services) cloud infrastructure. This project encompasses a wide range of AWS services such as VPC (Virtual Private Cloud), EC2 (Elastic Compute Cloud), RDS (Relational Database Service), S3 (Simple Storage Service), DynamoDB, CloudFront, Certificate Manager, IAM (Identity and Access Management) and Route 53. The end result is a robust and scalable web application.

Project Description

The Blog Page Application deploys a web app using the Django Framework on AWS Cloud Infrastructure. This infrastructure includes an Application Load Balancer with an Auto Scaling Group of EC2 Instances and RDS on a defined VPC. Additionally, CloudFront and Route 53 manage traffic securely via SSL/TLS. Users can upload pictures and videos to their blog page, which are stored on an S3 Bucket. The object list of the S3 Bucket, containing movies and videos, is recorded on a DynamoDB table.

Project Skeleton

To successfully deploy the TechMust Blog Page Application on AWS infrastructure with the desired architecture, we will structure our project into several key components. This project skeleton will include:

1. Amazon Web Services (AWS)

• Amazon Virtual Private Cloud (VPC): We will configure a VPC with specific characteristics to isolate our application.

• Amazon Elastic Compute Cloud (EC2) Instances: These instances will host our Django web application, and we'll utilize Launch Templates to streamline the setup process.

• Amazon Relational Database Service (RDS): We'll set up an RDS instance to store user registration data using MySQL.

• Amazon Simple Storage Service (S3): S3 will serve as our storage solution for user-uploaded pictures and videos, and we will define two S3 buckets for regular use and failover.

• AWS Certificate Manager: We will use this service to create SSL certificates for secure connections, both on Application Load Balancer (ALB) and Amazon CloudFront.

• Amazon CloudFront: Configured as a cache server, CloudFront will efficiently manage content delivery from ALB.

• Amazon Route 53: It will be responsible for secure and reliable routing of traffic, allowing us to publish the website and ensuring failover in case of issues.

• Amazon DynamoDB: This NoSQL database will store an object list of S3 Bucket content, ensuring efficient data retrieval.

• AWS Lambda: A Python 3.8 Lambda function will be implemented to write objects from S3 to the DynamoDB table.

• AWS Identity and Access Management (IAM): We'll define IAM roles and policies to grant necessary permissions to EC2 instances, Lambda function, and other resources.

2. Configuration Components

• Security Groups: We will create and configure security groups for our ALB, EC2 instances, and RDS, ensuring secure traffic flow.

• NAT Instance or Bastion Host: Depending on your choice, we will set up the necessary components for secure access to private resources.

3. Project GitHub Repository

We will set up a project repository on GitHub to store the application code, infrastructure configurations, and other project-related files.

4. Developer Notes

We will follow the developer notes provided by the developer team to prepare the Django environment on EC2 instances, deploy the application, and configure RDS settings.

5. Requirements.txt

This file will include the required Python packages and dependencies for the Django application.

Setup

Step 1: Create dedicated VPC and whole components

• VPC

- Create VPC 
  .create a vpc named "aws_capstone-VPC" 
  .CIDR blok is "90.90.0.0/16" 
  .no ipv6 CIDR block 
  .tenancy: default 

- select "aws_capstone-VPC VPC", 
  click Actions
  enable DNS hostnames for the "aws_capstone-VPC"

• Subnets

##Create Subnets 
- Create a public subnet 
  .named "aws_capstone-public-subnet-1A" 
  .under the vpc aws_capstone-VPC 
  .in AZ "us-east-1a" with 90.90.10.0/24 

- Create a private subnet 
  .named "aws_capstone-private-subnet-1A" 
  .under the vpc "aws_capstone-VPC" 
  .in AZ us-east-1a with 90.90.11.0/24 

- Create a public subnet 
  .named aws_capstone-public-subnet-1B 
  .under the vpc aws_capstone-VPC 
  .in AZ us-east-1b with 90.90.20.0/24 

- Create a private subnet 
  .named aws_capstone-private-subnet-1B 
  .under the vpc aws_capstone-VPC 
  .in AZ us-east-1b with 90.90.21.0/24

## Set auto-assign IP up for public subnets 
   - Select each public subnets and, 
   - click Modify "auto-assign IP settings" and, 
   - select "Enable auto-assign public IPv4 address"

• Internet Gateway

- Click Internet gateway section on left hand side 
  .create an internet gateway named "aws_capstone-IGW" and,
  .click create

- ATTACH the internet gateway "aws_capstone-IGW" to the newly created VPC "aws_capstone-VPC" 
  .Go to Internet Gateways tab and select newly created IGW and, 
  .click action ---> Attach to VPC ---> Select "aws_capstone-VPC" VPC

• Route Table

- Go to route tables on left hand side 
  .We have already one route table as main route table 
  .Change it's name as aws_capstone-public-RT 

- Create a route table and, 
  .give a name as "aws_capstone-private-RT" 

- Add a rule to "aws_capstone-public-RT" 
  .in which destination 0.0.0.0/0 (any network, any host) 
  .to target the internet gateway "aws_capstone-IGW" 
  .so that allow access to the internet. 

- Select the private route table, 
  .come to the subnet association subsection and,
  .add private subnets to this route table. 
  .Similarly, we will do it for public route table and public subnets

• Endpoint

- Go to the endpoint section on the left hand menu 

- select endpoint and click create endpoint 

- service name : "com.amazonaws.us-east-1.s3" 

- VPC : "aws_capstone-VPC" 

- Route Table : private route tables 

- Policy : Full Access 

- click Create

Step 2: Create Security Groups (ALB, EC2 , RDS, NAT)

1. ALB Security Group
Name            : aws_capstone_ALB_Sec_Group
Description     : ALB Security Group allows traffic HTTP and HTTPS ports from anywhere 
VPC             : AWS_Capstone_VPC
Inbound Rules
.HTTP(80)    ----> anywhere
.HTTPS (443) ----> anywhere

2. EC2 Security Groups
Name            : aws_capstone_EC2_Sec_Group
Description     : EC2 Security Groups only allows traffic coming from aws_capstone_ALB_Sec_Group Security Groups for HTTP and HTTPS ports. In addition, ssh port is allowed from anywhere
VPC             : AWS_Capstone_VPC
Inbound Rules
.HTTP(80)    ----> aws_capstone_ALB_Sec_Group
.HTTPS (443) ----> aws_capstone_ALB_Sec_Group
.ssh         ----> anywhere

3. RDS Security Groups
Name            : aws_capstone_RDS_Sec_Group
Description     : RDS Security Groups only allows traffic coming from aws_capstone_EC2_Sec_Group Security Groups for MYSQL/Aurora port. 
VPC             : AWS_Capstone_VPC
Inbound Rules
.MYSQL/Aurora(3306)  ----> aws_capstone_EC2_Sec_Group

4. NAT Instance Security Group
Name            : aws_capstone_NAT_Sec_Group
Description     : NAT Instance Security Group allows traffic HTTP and HTTPS and SSH ports from anywhere 
VPC             : AWS_Capstone_VPC
Inbound Rules
.HTTP(80)    ----> anywhere
.HTTPS (443) ----> anywhere
.SSH (22)    ----> anywhere

Step 3: Create RDS

1. First, we create a subnet group for our custom VPC. Click subnet Groups on the left-hand menu and click create DB Subnet Group

    Name               : aws_capstone_RDS_Subnet_Group
    Description        : aws capstone RDS Subnet Group
    VPC                : aws_capstone_VPC
    Add Subnets
    Availability Zones : Select 2 AZ in aws_capstone_VPC
    Subnets            : Select 2 Private Subnets in these subnets
   

2. Go to the RDS console and click create database button

    Choose a database creation method : Standart Create
    Engine Options  : Mysql
    Version         : 8.0.20
    Templates       : Free Tier
    Settings        : 
        - DB instance identifier : aws-capstone-RDS
        - Master username        : admin
        - Password               : TechMust1234 
    DB Instance Class            : Burstable classes (includes t classes) ---> db.t2.micro
    Storage                      : 20 GB and enable autoscaling(up to 40GB)
    Connectivity:
        VPC                      : aws_capstone_VPC
        Subnet Group             : aws_capstone_RDS_Subnet_Group
        Public Access            : No 
        VPC Security Groups      : Choose existing ---> aws_capstone_RDS_Sec_Group
        Availability Zone        : No preference
        Additional Configuration : Database port ---> 3306
    Database authentication ---> Password authentication
    Additional Configuration:
        - Initial Database Name  : database1
        - Backup ---> Enable automatic backups
        - Backup retention period ---> 7 days
        - Select Backup Window ---> Select 03:00 (am) Duration 1 hour
        - Maintance window : Select window    ---> 04:00(am) Duration:1 hour
    create instance
   

Step 4: Create two S3 Buckets and set one of these as a static website

Go to the S3 Console and let's create two buckets.

1. Blog Website's S3 Bucket

    Bucket Name             : awscapstone<YOUR NAME>blog
    Region                  : N.Virginia
    Block all public access : Unchecked
   
    #Other Settings are keep them as are
    #create bucket
   

2. S3 Bucket for a failover scenario

    - Click Create Bucket
   
    Bucket Name : www.<YOUR DNS NAME>
    Region      : N.Virginia
    Block all public access : Unchecked
    #Please keep other settings as are
    #create bucket
   
    - Selects created www.<YOUR DNS NAME> bucket 
      ---> Properties 
      ---> Static website hosting
   
    Static website hosting : Enable
    Hosting Type           : Host a static website
    Index document         : index.html
    #save changes
   
    - Select www.<YOUR DNS NAME> bucket 
      ---> select Upload and upload index.html and sorry.jpg files from given folder
      ---> Permissions ---> Grant public-read access 
      ---> Checked warning massage
   

Step 5: Copy files downloaded or cloned from alledevops/blog-page-app-django-on-aws repo on Github

Step 6: Prepare your Github repository

Create a private project repository on your Github and clone it on your local. Copy all files and folders which are downloaded from alledevops/blog-page-app-django-on-aws repo under this folder. Commit and push them on your_private_Repo on GitHub.

Step 7: Prepare the 'userdata' to be utilized in the Launch Template

#!/bin/bash
# Update the package lists for upgrades and new package installation
apt-get update -y
# Install git to clone the repository
apt-get install git -y
# Install Python 3.8
apt-get install python3.8 -y
# Change directory to the home directory
cd /home/ubuntu/
# Set the access token for private repository
TOKEN="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
# Clone the private repository using the access token
git clone https://$TOKEN@<YOUR PRIVATE REPO URL>
# Change directory to the cloned repository
cd /home/ubuntu/<YOUR PRIVATE REPO NAME>
# Install pip for Python package installation
apt-get install python3-pip -y
# Install Python development files and MySQL client development files
apt-get install python3.8-dev default-libmysqlclient-dev -y
# Install libjpeg development files
apt-get install libjpeg-dev -y
# Install Python packages and dependencies from requirements.txt
pip3 install -r requirements.txt
# Change directory back to the repository
cd /home/ubuntu/<YOUR PRIVATE REPO NAME>
# Collect static files for deployment
python3 manage.py collectstatic --noinput
# Create database migrations based on the models
python3 manage.py makemigrations
# Apply the database migrations
python3 manage.py migrate
# Run the Django application on port 80
python3 manage.py runserver 0.0.0.0:80

Step 8: Configure RDS and S3 in Settings File and Push to GitHub

Write the RDS database endpoint and S3 Bucket name into the settings file given by the Developer team and push your application into your public repo on Github Please follow and apply the instructions below:

1. Update the AWS_STORAGE_BUCKET_NAME and AWS_S3_REGION_NAME variables

   • Open the "/src/cblog/settings.py" file in your Django project.

   • Add the following lines to the file:

       AWS_STORAGE_BUCKET_NAME = 'awscapstones3<YOUR NAME>blog'
       AWS_S3_REGION_NAME = 'your_region_name'
     

2. Update the Database Connection Variables

   • Open the "/src/cblog/settings.py" file in your Django project.

   • Add the following lines to the file, replacing the placeholders with your RDS database information:

       NAME = 'database1'
       HOST = 'your_database_endpoint'
       PORT = '3306'
     

3. Configure the PASSWORD Variable

   • Create a new file named ".env" in the "/src/" directory of your Django project.

   • Add the following line to the ".env" file, replacing 'your_database_password' with your actual RDS database password:

       PASSWORD=your_database_password
     

After completing these steps, please check if this userdata is working or not by creating a new instance in a public subnet.

Step 9: Create NAT Instance in Public Subnet

To launch NAT instance, go to the EC2 console and click the create button.

• Follow the instructions in AWS Documentation and create aws_capstone_nat_ami

• Then, continue with the below configuration of NAT instance.

- Select NAT Instance `aws_capstone_nat_ami` from My AMIs section 
Instance Type : t2.micro
Configure Instance Details  
    - Network : aws_capstone_VPC
    - Subnet  : aws_capstone-public-subnet-1A (Please select one of your Public Subnets)
    - Other features keep them as are
Storage ---> Keep it as is
Tags: 
- Key    :Name     
- Value  :AWS Capstone NAT Instance

Configure Security Group
- Select an existing security group: aws_capstone_NAT_Sec_Group
- Review and select our own pem.key
- Click create

!!!IMPORTANT!!!

• select the newly created NAT instance and enable the stop source/destination check

• go to the private route table and write a rule

    Destination : 0.0.0.0/0
    Target      : instance ---> Select the NAT Instance
    #Save
  

Step 10: Create a Launch Template and IAM role for it

• Go to the IAM role console click role on the right-hand menu then Create role.

Trusted entity  : EC2 as  ---> click Next:Permission
Policy          : AmazonS3FullAccess policy
Tags            : No tags
Role Name       : aws_capstone_EC2_S3_Full_Access
Description     : For EC2, S3 Full Access Role

• To create a Launch Template, go to the EC2 console and select Launch Template on the left-hand menu. Tab the Create Launch Template button.

    Launch template name                : aws_capstone_launch_template
    Template version description        : Blog Web Page version 1
    Amazon machine image (AMI)          : Ubuntu 18.04
    Instance Type                       : t2.micro
    Key Pair                            : mykey.pem
    Network Platform                    : VPC
    Security Groups                     : aws_capstone_EC2_sec_group
    Storage (Volumes)                   : keep it as is
    Resource tags                       : Key: Name   Value: aws_capstone_web_server
    Advance Details:
        - IAM instance profile          : aws_capstone_EC2_S3_Full_Access
        - Termination protection        : Enable
        - User Data
    #!/bin/bash
    apt-get update -y
    apt-get install git -y
    apt-get install python3.8 -y
    cd /home/ubuntu/
    TOKEN="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    git clone https://$TOKEN@<YOUR PRIVATE REPO URL>
    cd /home/ubuntu/<YOUR PRIVATE REPO NAME>
    apt-get install python3-pip -y
    apt-get install python3.8-dev default-libmysqlclient-dev -y
    apt-get install libjpeg-dev -y
    pip3 install -r requirements.txt
    cd /home/ubuntu/<YOUR PRIVATE REPO NAME>
    python3 manage.py collectstatic --noinput
    python3 manage.py makemigrations
    python3 manage.py migrate
    python3 manage.py runserver 0.0.0.0:80
  

• Click Create

Step 11: Create SSL/TLS certification for secure connection

Go to the certification manager console and click Request a certificate button.

Select Request a public certificate, then request a certificate 
- Fully qualified domain name: *.<YOUR DNS NAME>  
- DNS validation 
- No tag 
- Review 
- click confirm and request button 
#Then it takes a while to be activated

Step 12: Create ALB and Target Group

Go to the Load Balancer section on the left-hand side menu of EC2 console. Click create Load Balancer button and select Application Load Balancer

Step 1 - Basic Configs
Name                    : awscapstoneALB
Schema                  : internet-facing
Availability Zones      : 
    - VPC               : aws_capstone_VPC
    - Availability zones: 
        1. aws_capstone-public-subnet-1A
        2. aws_capstone-public-subnet-1B
Step 2 - Configure Security Settings
Certificate type ---> Choose a certificate from ACM (recommended)
    - Certificate name    : "*.<YOUR DNS NAME>" certificate
    - Security policy     : keep it as is
Step 3 - Configure Security Groups : aws_capstone_ALB_Sec_group
Step 4 - Configure Listners and Routing
- Create target group firts:
    - Target group        : New target group
    - Name                : awscapstoneTargetGroup
    - Target Type         : Instance
    - Protocol            : HTTP
    - Port                : 80
    - Protocol version    : HTTP1
    - Health Check        :
      - Protocol          : HTTP
      - Path              : /
      - Port              : traffic port
      - Healthy threshold : 5
      - Unhealthy threshold : 2
      - Timeout           : 5
      - Interval          : 30
      - Success Code      : 200
- Listeners:  
    ----> HTTPS: Select "awscapstoneTargetGroup" for HTTPS
    ----> HTTP : Redirect traffic from HTTP to HTTPS:
        - Redirect to HTTPS 443
        - Original host, path, query
        - 301 - permanently moved 
Step 5 - Register Targets
- Without register any target click Next: Review and click create.

Step 13: Create Auto Scaling Group with Launch Template

Go to the Autoscaling Group on the left-hand side menu. Click create Autoscaling group.

• Choose a launch template or configuration

Auto Scaling group name         : aws_capstone_ASG
Launch Template                 : aws_capstone_launch_template

• Configure settings

Instance purchase options       : Adhere to launch template
Network                         :
    - VPC                       : aws-capstone-VPC
    - Subnets                   : Private 1A and Private 1B

• Configure advanced options

- Load balancing                                : Attach to "awscapstoneALB" load balancer
- Choose from your load balancer target groups  : awscapstoneTargetGroup
- Health Checks
    - Health Check Type             : ELB
    - Health check grace period     : 300

• Configure group size and scaling policies

Group size
    - Desired capacity  : 2
    - Minimum capacity  : 2
    - Maximum capacity  : 4
Scaling policies
    - Target tracking scaling policy
        - Scaling policy name       : Target Tracking Policy
        - Metric Type               : Average CPU utilization
        - Target value              : 70

• Add notifications

Create new Notification
    - Notification1
        - Send a notification to    : aws-capstone-SNS
        - with these recipients     : your_email.com
        - event type                : select all

Step 14: Create Cloudfront in front of ALB

Go to the Cloudfront menu and click Create Distribution.

• Origin Settings

Origin Domain Name          : aws-capstone-ALB-1947210493.us-east-2.elb.amazonaws.com
Origin Path                 : Leave empty (this means, define for root '/')
Protocol                    : Match Viewer
HTTP Port                   : 80
HTTPS                       : 443
Minimum Origin SSL Protocol : Keep it as is
Name                        : Keep it as is
Add custom header           : No header
Enable Origin Shield        : No
Additional settings         : Keep it as is

• Default Cache Behavior Settings

Path pattern                                : Default (*)
Compress objects automatically              : Yes
Viewer Protocol Policy                      : Redirect HTTP to HTTPS
Allowed HTTP Methods                        : GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Cached HTTP Methods                         : Select OPTIONS
Cache key and origin requests
- Use legacy cache settings
  Headers     : Include the following headers
    Add Header
    - Accept
    - Accept-Charset
    - Accept-Datetime
    - Accept-Encoding
    - Accept-Language
    - Authorization
    - Cloudfront-Forwarded-Proto
    - Host
    - Origin
    - Referrer
Forward Cookies                         : All
Query String Forwarding and Caching     : All
Other stuff                             : Keep them as are

• Distribution Settings

Price Class                             : Use all edge locations (best performance)
Alternate Domain Names                  : www.<Your_Domain_Name>
SSL Certificate                         : Custom SSL Certificate (example.com) ---> Select your certificate created before
Other stuff                             : Keep them as are

Step 15: Create Route 53 with Failover settings

Come to the Route53 console and select Health Checks on the left-hand menu.

• Click Create Health Check and start to configure

    Name                : aws capstone health check
    What to monitor     : Endpoint
    Specify endpoint by : Domain Name
    Protocol            : HTTP
    Domain Name         : Write cloudfront domain name
    Port                : 80
    Path                : leave it blank
    Other stuff         : Keep them as are
  

• Click Hosted Zones on the left-hand menu

• Create <your_domain_name> hosted zone and click it

    Name: <your_domain_name>
    Type: Public Hosted Zone
    Tag : No tag
  

• Click Create Record to create a Failover scenario

    Configure records
  
    Record name             : www.<YOUR DNS NAME>
    Record Type             : A - Routes traffic to an IPv4 address and some AWS resources
    TTL                     : 300
  
    ---> First we'll create a primary record for cloudfront
  
    Failover record to add to your DNS ---> Define failover record
  
    Value/Route traffic to  : Alias to cloudfront distribution
                              - Select created cloudfront DNS
    Failover record type    : Primary
    Health check            : aws capstone health check
    Record ID               : Cloudfront as Primary Record
    ----------------------------------------------------------------
  
    ---> Second we'll create secondary record for S3
  
    Failover another record to add to your DNS ---> Define failover record
  
    Value/Route traffic to  : Alias to S3 website endpoint
                              - Select Region
                              - Your created bucket name emerges ---> Select it
    Failover record type    : Secondary
    Health check            : No health check
    Record ID               : S3 Bucket for Secondary record type
  

• click create records

Step 16: Create DynamoDB Table

Go to the DynamoDB table and click the Create Table button.

Name            : awscapstoneDynamo
Primary key     : id
Other Stuff     : Keep them as are
#click create

Step 17: Create Lambda Function

• Before we create our Lambda function, we should create IAM role that we'll use for Lambda function. Go to the IAM console and select role on the left-hand menu, then create role button

Select Lambda as trusted entity ---> click Next:Permission
Choose: - LambdaS3fullaccess, 
        - Network Administrator
        - AWSLambdaVPCAccessExecutionRole
        - DynamoDBFullAccess
No tags
Role Name           : aws_capstone_lambda_Role
Role description    : This role give a permission to lambda to reach S3 and DynamoDB on custom VPC

• Then, go to the Lambda Console and click the Create function

Function Name           : awscapsitonelambdafunction
Runtime                 : Python 3.8
Select exist. IAM role  : aws_capstone_lambda_Role

Advance Setting:
- Enable VPC: 
    - VPC               : aws-capstone-VPC
    - Subnets           : Select all subnets
    - Security Group    : Creaete "aws_capstone_lambda_sg"
                        ---> select all traffic (0.0.0.0/0) for inbound
                             and outbound rules

• Select the awscapstonelambdafunction lambda Function and click add trigger on the Function Overview.

• For defining a trigger for creating objects

Trigger configuration   : S3
Bucket                  : awscapstonec3<name>blog
Event type              : All object create events
Check the warning message and click add ---> sometimes it says overlapping situation. When it occurs, try refresh page and create a new trigger or remove the s3 event and recreate again. then again create a trigger for lambda function

• For defining a trigger for deleting objects

Trigger configuration   : S3
Bucket                  : awscapstonec3<name>blog
Event type              : All object delete events
Check the warning message and click add ---> sometimes it says overlapping situation. When it occurs, try refresh page and create a new trigger or remove the s3 event and recreate again. then again create a trigger for lambda function

• Go to the code part and select lambda_function.py ---> remove the default code and paste the code below. If you give DynamoDB a different name, please make sure to change it in the code.

import json
import boto3

def lambda_handler(event, context):
    s3 = boto3.client("s3")

    if event:
        print("Event: ", event)
        filename = str(event['Records'][0]['s3']['object']['key'])
        timestamp = str(event['Records'][0]['eventTime'])
        event_name = str(event['Records'][0]['eventName']).split(':')[0][6:]

        filename1 = filename.split('/')
        filename2 = filename1[-1]

        dynamo_db = boto3.resource('dynamodb')
        dynamoTable = dynamo_db.Table('awscapstoneDynamo')

        dynamoTable.put_item(Item = {
            'id': filename2,
            'timestamp': timestamp,
            'Event': event_name,
        })

    return "Lammda success"

• Click deploy and all set. go to the website and add a new post with a photo, then control if their record is written on DynamoDB.

• WE ALL SET!

• Congratulations!! You have finished your AWS Capstone Project!

Outcome

Clean Up

It's essential to clean up the AWS resources you've created during your project to avoid incurring additional costs and maintain good resource management practices. Follow these steps to delete the resources you've created:

1. Delete Auto Scaling Group and EC2 Instances

   • Go to the Amazon EC2 console.

   • Navigate to "Auto Scaling Groups" and select the "aws_capstone_ASG" group.

   • Click on the "Actions" button and select "Delete."

   • Confirm the termination of all associated EC2 instances when prompted.

2. Delete Load Balancer

   • In the Amazon EC2 console, go to the "Load Balancers" section.

   • Select the "awscapstoneALB" load balancer.

   • Click on "Actions" and choose "Delete."

3. Delete DynamoDB Table

   • Access the Amazon DynamoDB console.

   • Click on "Tables" on the left-hand menu.

   • Select the "awscapstoneDynamo" table.

   • Choose the "Delete table" option.

4. Remove RDS Database

   • Navigate to the Amazon RDS console.

   • Click on the RDS instance named "aws-capstone-RDS."

   • In the "Instance actions" menu, select "Delete."

   • Confirm the deletion of the RDS instance and snapshots.

5. Delete S3 Buckets

   • Access the Amazon S3 console.

   • Choose the "awscapstones3<your_name>blog" and "www.<your_domain>" buckets.

   • Select "Empty" and delete all objects in both buckets.

   • Now, choose the "Delete" option for each bucket.

6. Delete CloudFront Distribution

   • Go to the Amazon CloudFront console.

   • Select the "awscapstoneALB" distribution.

   • Click on "Distribution Settings" and choose "Delete."

7. Delete Route 53 Records

   • Visit the Amazon Route 53 console.

   • In your hosted zone, delete the Route 53 records associated with your DNS name and ALB.

8. Remove Lambda Function

   • Open the AWS Lambda console.

   • Select the "awscapstonelambdafunction."

   • Click on "Delete" and confirm the deletion.

9. Detach and Delete Internet Gateway

   • In the Amazon VPC console, navigate to "Internet Gateways."

   • Select "aws_capstone-IGW" and choose "Actions" > "Detach from VPC."

   • Once detached, select the "aws_capstone-IGW" again and click "Actions" > "Delete."

10. Delete NAT Instance

    • Go to the Amazon EC2 console.

    • In the "Instances" section, select the AWS Capstone NAT Instance

    • Click on "Instance State" > "Terminate Instance."

11. Delete Endpoints

    • Access the VPC console.

    • In the "Endpoints" section, select the created endpoints.

    • Choose "Actions" > "Delete Endpoints."

12. Delete VPC

    • In the Amazon VPC console, choose "Your VPCs."

    • Select "aws_capstone-VPC" and click "Actions" > "Delete VPC."

    • Confirm the deletion when prompted

13. Delete SSL/TLS Certificate

    • In the AWS Certificate Manager console, select the certificate created for SSL/TLS.

    • Click on the certificate, then choose "Actions" > "Delete certificate."

    • Confirm the deletion when prompted.

Conclusion

In conclusion, this capstone project has empowered you with a diverse skill set essential for success in cloud computing and web development. You've learned to construct VPC environments, manage databases, employ web programming skills, and apply serverless computing through AWS Lambda functions. The project has honed your infrastructure configuration abilities and proficiently introduced you to version control using Git and GitHub. With this comprehensive knowledge, you are well-prepared to tackle real-world challenges in cloud technology and web development, setting a strong foundation for your career in the ever-evolving tech industry.

References

• Nat Instance - AWS Documentation

Ready to level up your AWS skills? Click and get started with AWS General Immersion Day – a comprehensive training program offering hands-on experience across various AWS modules. --NO SIGN UP!!-- --PRACTICE LABS FOR FREE!!!--

• Explore compute, network, security, monitoring, database, storage, and provisioning. Get practical with labs covering EC2, VPC, IAM, CloudWatch, RDS, S3, EFS, CloudFormation, web app optimization, and cost management.

• Gain proficiency in AWS services, resource management, security, monitoring, database, storage, and more. No matter your skill level, dive into AWS expertise with AWS General Immersion Day.

Don't miss out – start your AWS journey now!

Introduction

Are you ready to take your AWS skills to the next level? Look no further than AWS General Immersion Day, a comprehensive training program designed to provide you with hands-on experience across various AWS modules. In this blog post, we will delve into the details of this immersive training program, covering the modules, hands-on labs, and the skills you can expect to gain. --NO REGISTRY FEE!!--

Basic Modules

1. Compute - Amazon EC2

• Launch and manage EC2 instances with ease

• Explore auto-scaling capabilities for efficient resource management

• Connect to EC2 instances on Linux and Windows operating systems

2. Network - Amazon VPC

• Create and configure virtual private networks (VPCs)

• Set up subnets, security groups, and routing tables

• Utilize Amazon API Gateway for building and deploying APIs

3. Security - AWS IAM

• Understand the fundamentals of AWS Identity and Access Management (IAM)

• Create IAM identities and assign roles for secure access to resources

• Test access permissions to ensure robust security measures

4. Monitoring - Amazon CloudWatch

• Set up monitoring and alarms using Amazon CloudWatch

• Gain insights into resource utilization and performance metrics

• Ensure optimal performance and availability of your AWS resources

5. Database - Amazon RDS

• Launch and configure RDS instances for MySQL and SQL Server databases

• Access RDS instances from EC2 instances for seamless data management

• Learn advanced tasks like snapshot creation and instance modification

6. Storage - Amazon S3 & EFS

• Create buckets in Amazon S3 and manage objects

• Configure features like versioning and lifecycle policies for efficient storage management

• Create and mount Elastic File System (EFS) drives across EC2 instances for shared storage

7. Provisioning - AWS CloudFormation

• Discover the power of infrastructure as code with AWS CloudFormation

• Create VPCs, launch EC2 instances, and manage resources using templates

• Gain hands-on experience in automating infrastructure provisioning

Advanced Modules

1. Web Application

• Explore advanced topics like network, compute, database, and storage in the context of web applications

• Deploy auto-scaling web services and connect them with databases

• Gain insights into optimizing resources for high-performance web applications

2. Cost Monitoring and Observability

• Learn how to effectively manage costs and optimize resources using AWS Cost Management Tools

• Set up cost reports, budgets, and cost anomaly detection for better cost control

• Gain visibility into resource usage and make informed decisions for cost optimization

Hands-On Labs: Get Your Hands Dirty with AWS

In addition to the comprehensive modules mentioned above, AWS General Immersion Day provides participants with the opportunity to gain practical experience through hands-on labs. These labs are designed to reinforce the concepts learned in the modules and allow participants to apply their knowledge in real-world scenarios. Let's take a closer look at some of the hands-on labs you can expect to encounter during the program:

!!!Click on the links to ACCESS LABS directly and easily!!!

Lab 1: Launching and Managing EC2 Instances

In this lab, you will have the chance to launch and manage Amazon EC2 instances. You will learn how to choose the appropriate instance type, configure security groups, and connect to EC2 instances using both Linux and Windows operating systems. By the end of this lab, you will have a solid understanding of how to provision and manage EC2 instances efficiently.

Lab 2: Building Scalable Architectures with EC2 Auto Scaling

You'll explore the power of EC2 Auto Scaling on AWS. This hands-on lab guides you through creating an Amazon Machine Image (AMI) using CloudFormation, setting up a Launch Template, and configuring an Auto Scaling group with an Application Load Balancer (ALB). By the end of this lab, you'll have a clear understanding of how to design resilient architectures that can dynamically scale based on CPU utilization, ensuring your applications remain highly available and performant under varying workloads.

Lab 3: Creating and Configuring VPCs

This lab focuses on creating and configuring Amazon Virtual Private Clouds (VPCs). You will learn how to set up subnets, security groups, and routing tables to establish secure and isolated network environments. Additionally, you will explore the capabilities of Amazon API Gateway for building and deploying APIs, enabling controlled access to your applications.

Lab 4: Building a Dynamic House Price Calculator API

In this hands-on lab, you'll walk through the process of building a dynamic API using AWS API Gateway and Lambda functions to calculate house prices based on square footage. You'll start by deploying a pre-defined lambda function and setting up the API infrastructure. Through core sections and optional segments, you'll learn about message transformation, request validation, authentication, and deployment, while also exploring advanced features such as message caching, usage plans, and throttling. By the end of the lab, you'll have a comprehensive understanding of building and optimizing APIs on AWS.

Lab 5: Implementing IAM for Secure Access

In this lab, you will dive into AWS Identity and Access Management (IAM) and learn how to implement secure access controls. You will create IAM identities for different user groups and assign roles and permissions accordingly. Through practical exercises, you will gain hands-on experience in testing access permissions and ensuring robust security measures for your AWS resources.

Lab 6: Monitoring and Alarming with CloudWatch

CloudWatch is a powerful monitoring service offered by AWS, and this lab will guide you through its features and functionalities. You will set up monitoring and alarms using CloudWatch, gaining insights into resource utilization and performance metrics. Through hands-on exercises, you will learn how to proactively monitor your infrastructure and resolve issues before they impact your services.

Lab 7: Managing Databases with Amazon RDS

This lab focuses on managing databases using Amazon RDS. You will launch and configure RDS instances for MySQL and SQL Server databases, and learn how to access and manage them from your EC2 instances. Advanced tasks such as snapshot creation and instance modification will also be covered, providing you with the skills needed to efficiently manage your databases.

Lab 8: Efficient Storage Management with S3 and EFS

In this lab, you will explore Amazon S3 and Elastic File System (EFS) for efficient storage management. You will create S3 buckets, manage objects, and configure features like versioning and lifecycle policies. Additionally, you will create and mount EFS drives across your EC2 instances, enabling seamless collaboration and data sharing among your development teams.

Lab 9: Infrastructure Provisioning with CloudFormation

CloudFormation is a powerful tool for automating infrastructure provisioning, and this lab will guide you through its capabilities. You will learn how to create reusable templates to automate the creation of VPCs, launch EC2 instances, and manage other AWS resources. By the end of this lab, you will have hands-on experience in automating your infrastructure provisioning process.

Lab 10: Optimizing Web Applications with Advanced Modules

This lab focuses on optimizing web applications using advanced AWS modules. You will deploy auto-scaling web services that adjust resources based on demand, ensuring optimal performance and scalability. Additionally, you will learn how to seamlessly connect your web services with databases, enabling efficient data retrieval and storage for high-performance web applications.

Lab 11: Cost Monitoring and Resource Optimization with Advanced Modules

Managing costs and optimizing resources are crucial aspects of AWS, and this lab will guide you through the process. You will learn how to effectively manage costs using AWS Cost Management Tools, including setting up cost reports, budgets, and cost anomaly detection. Through hands-on exercises, you will gain visibility into resource usage and make informed decisions for cost optimization.

Promises of AWS General Immersion Day

1. Proficiency in AWS Services: Through the hands-on labs of AWS General Immersion Day, you will gain practical experience in working with a wide range of AWS services. This will enhance your understanding of these services and enable you to effectively utilize them in real-world scenarios.

2. Resource Management: You will learn how to provision, configure, and manage AWS resources such as EC2 instances, VPCs, RDS databases, S3 buckets, and more. This will enable you to efficiently manage your infrastructure and optimize resource utilization.

3. Security and Compliance: By participating in the security-focused labs, you will gain knowledge and hands-on experience in implementing robust security measures for your AWS resources. This includes setting up IAM roles and policies, configuring VPC security groups, and implementing encryption for data at rest and in transit.

4. Monitoring and Troubleshooting: You will learn how to monitor your AWS resources using CloudWatch, set up alarms, and proactively identify and resolve issues before they impact your services. This will enable you to ensure the availability and performance of your applications.

5. Database Management: Through the labs focused on Amazon RDS, you will gain the skills to launch, configure, and manage databases using RDS instances. This includes tasks such as backup and restore, snapshot creation, and instance modification.

6. Storage Management: You will learn how to efficiently manage storage using Amazon S3 and Elastic File System (EFS). This includes creating S3 buckets, managing objects, configuring versioning and lifecycle policies, as well as creating and mounting EFS drives across EC2 instances.

7. Infrastructure Automation: The CloudFormation lab will equip you with the skills to automate infrastructure provisioning using reusable templates. This will enable you to provision and manage AWS resources consistently and efficiently.

8. Web Application Optimization: Through the labs focused on advanced modules, you will learn how to deploy auto-scaling web services, seamlessly connect them with databases, and optimize performance and scalability.

Conclusion

By participating in the hands-on labs of AWS General Immersion Day, you can expect to gain practical experience and knowledge in working with various AWS services. These labs are designed to simulate real-world scenarios, allowing you to apply your skills and deepen your understanding of the AWS platform.

No matter your level of experience, whether you are a beginner or an experienced AWS user, AWS General Immersion Day offers a valuable opportunity to build a solid foundation and enhance your expertise in compute, network, security, monitoring, database, storage, and provisioning.

So, if you're ready to roll up your sleeves, get your hands dirty, and dive into the world of AWS, AWS General Immersion Day is the perfect program for you. Whether you want to enhance your existing skills or start your AWS journey from scratch, this program provides the tools and resources necessary to unlock the full potential of AWS.

Don't miss out on the chance to embark on your AWS journey today. Join AWS General Immersion Day and take the first step towards mastering AWS!

Learn how to create a powerful serverless API using Amazon API Gateway, AWS Lambda, and DynamoDB. Follow step-by-step instructions to set up the project, create Lambda functions, and deploy the API. Interact with DynamoDB for CRUD operations.

• One-Click Deployment

• Project GitHub Repo

Introduction

In this blog article, we will walk you through the process of building a powerful serverless API using Amazon API Gateway, AWS Lambda, and DynamoDB. This step-by-step guide will help you understand the high-level design, set up the project, and deploy the API, making it clear and easy to follow.

Project Description

Our goal is to create a serverless API that interacts with DynamoDB to perform CRUD operations (Create, Read, Update, Delete) and supports additional operations for testing. The API will be backed by an AWS Lambda function, which will handle incoming requests and interact with the DynamoDB table based on the payload.

Project Skeleton

To achieve our goal, we will have the following components:

1. Amazon API Gateway: This service will act as the frontend for our API, receiving HTTP requests and routing them to the appropriate Lambda function.

2. AWS Lambda: We will create a Python 3.7 Lambda function that serves as the backend for our API. It will handle various operations and communicate with the DynamoDB table.

3. DynamoDB: This NoSQL database service from AWS will store our data. We will create a table and define a primary key for efficient data retrieval.

Tools Used

For this project, we will be using the following AWS services and other tools:

1. Amazon API Gateway: To create and manage the API endpoints.

2. AWS Lambda: For serverless computing to process incoming API requests.

3. AWS DynamoDB: To store and retrieve data in a scalable and reliable manner.

4. AWS IAM: To allow the Lambda function to carry out the required task.

5. Postman: To test POST requests on the API and to inspect API responses.

High-Level Design

Our API will have a single resource named "DynamoDBManager," which will handle various methods like POST, enabling different DynamoDB operations. Each API call will be routed to the appropriate Lambda function, allowing us to interact with the DynamoDB table seamlessly.

Setup

Generate Lambda IAM Role

1. Open the roles page in the IAM console.

2. Choose Create role.

3. Create a role with the following properties.

   • Trusted entity: Lambda.

   • Role name: lambda-apigateway-role.

   • Permissions: The custom policy below has the permissions that the function needs to write data to DynamoDB and upload logs.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1428341300017",
      "Action": [
        "dynamodb:DeleteItem",
        "dynamodb:GetItem",
        "dynamodb:PutItem",
        "dynamodb:Query",
        "dynamodb:Scan",
        "dynamodb:UpdateItem"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Resource": "*",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow"
    }
  ]
}

Create Lambda Function

1. Click "Create function" in AWS Lambda Console

1. Select "Author from scratch". Use name "LambdaFunctionOverHttps" , select "Python 3.7"" as Runtime. Under Permissions, select "Use an existing role", and select "lambda-apigateway-role" that we created, from the drop down. Finally click "Create function" on the bottom right.

1. Replace the boilerplate coding with the following code snippet and click "Save".

# Sample Python Code for the Lambda Function

from __future__ import print_function

import boto3
import json

print('Loading function')


def lambda_handler(event, context):
    '''Provide an event that contains the following keys:
      - operation: one of the operations in the operations dict below
      - tableName: required for operations that interact with DynamoDB
      - payload: a parameter to pass to the operation being performed
    '''

    operation = event['operation']

    if 'tableName' in event:
        dynamo = boto3.resource('dynamodb').Table(event['tableName'])

    operations = {
        'create': lambda x: dynamo.put_item(**x),
        'read': lambda x: dynamo.get_item(**x),
        'update': lambda x: dynamo.update_item(**x),
        'delete': lambda x: dynamo.delete_item(**x),
        'list': lambda x: dynamo.scan(**x),
        'echo': lambda x: x,
        'ping': lambda x: 'pong'
    }

    if operation in operations:
        return operations[operation](event.get('payload'))
    else:
        raise ValueError('Unrecognized operation "{}"'.format(operation))

Test Lambda Function

Before moving forward, let's test the newly created Lambda function. We'll do a sample echo operation, where the function should output whatever input we pass.

1. Click the dropdown menu of the "Test" button in the AWS Lambda Console.

2. Configure a test event with the following JSON payload:

{
    "operation": "echo",
    "payload": {
        "somekey1": "somevalue1",
        "somekey2": "somevalue2"
    }
}

With the successful test, we can move on to the next steps!

Create DynamoDB Table

Now, we need to create the DynamoDB table that our Lambda function will utilize.

1. Open the DynamoDB console.

2. Click "Create table."

3. Set the following settings for the table:

   • Table name: lambda-apigateway

   • Primary key: id (string)

4. Click "Create."

Build API

Our next step is to create the API using Amazon API Gateway.

1. Go to the API Gateway console.

2. Click "Create API."

3. Select "REST API" and give the API a name, such as "DynamoDBOperations."

4. Click "Create API."

1. Click "Actions" and then select "Create Resource."

2. Input "DynamoDBManager" as the Resource Name and click "Create Resource."

1. Now, let's create a POST method for our API. With the "/dynamodbmanager" resource selected, click "Actions" again and select "Create Method."

1. Choose "POST" from the dropdown and click the checkmark.

1. The integration will automatically select "Lambda Function." Choose "LambdaFunctionOverHttps" (our previously created Lambda function) from the list, and click "Save." A popup window will prompt you to add a resource policy to the Lambda function. Click "Ok."

Deploy API

To make our API accessible, we need to deploy it to a stage.

1. Click "Actions," then select "Deploy API" when post method selected.

1. For "Deployment stage," select "[New Stage]," and give the stage a name, such as "Prod." Finish it by clicking "Deploy."

1. Once the deployment is complete, select the "Prod" stage using the stages tab of the sidebar to reveal the "Invoke URL." Copy this URL; it is the endpoint for our API.

Running Our Solution

Now that our API is deployed, let's test it by invoking the Lambda function and interacting with the DynamoDB table.

1. To create an item in the DynamoDB table, use the following JSON payload in a POST request:

{
    "operation": "create",
    "tableName": "lambda-apigateway",
    "payload": {


        "Item": {
            "id": "1234ABCD",
            "number": 5
        }
    }
}

1. To execute the API from your local machine, you can use either Postman or cURL:

   • Postman: Select "POST," paste the API invoke URL, and provide the JSON payload in the "Body" section. Click "Send," and the API should return an "HTTPStatusCode" of 200.

• cURL: Use the following command in your terminal:

    $ curl -X POST -d "{\"operation\":\"create\",\"tableName\":\"lambda-apigateway\",\"payload\":{\"Item\":{\"id\":\"1\",\"name\":\"Bob\"}}}" https://$API.execute-api.$REGION.amazonaws.com/prod/DynamoDBManager
  

1. To verify that the item is inserted into the DynamoDB table, navigate to the DynamoDB console, select the "lambda-apigateway" table, and click the "Explore table items" button.

1. To retrieve all items from the table, you can use the "list" operation. Send the following JSON payload to the API via Postman:

{
    "operation": "list",
    "tableName": "lambda-apigateway",
    "payload": {
    }
}

You will see the two items that appended lambda-apigateway table as it is below screenshot.

And that's it! You have successfully created a serverless API using Amazon API Gateway, AWS Lambda, and DynamoDB!

Cleanup

Once you have completed the tutorial and want to clean up the resources:

1. Delete the DynamoDB table "lambda-apigateway" from the DynamoDB console.

2. Delete the Lambda function "LambdaFunctionOverHttps" from the AWS Lambda console.

3. Delete the API "DynamoDBOperations" from the Amazon API Gateway console.

4. Delete the "lambda-apigateway-role" from AWS IAM console.

Conclusion

Building a serverless API with Amazon API Gateway, AWS Lambda, and DynamoDB provides a scalable and cost-efficient solution for your applications. By following this step-by-step guide, you've learned how to create, deploy, and test your serverless API. Now you can leverage this knowledge to build various serverless applications with ease and confidence. Happy coding!

References

• GitHub Repository: https://github.com/saha-rajdeep/serverless-lab

• AWS Documentation:

  • https://repost.aws/knowledge-center/api-gateway-authentication-token-errors

  • https://repost.aws/knowledge-center/api-gateway-internal-server-error