Final Project

Part 1

Configuration Steps

Configure Networking

VPC

• Create a new VPC (for subnet range I did 10.10.0.0/16)

Subnets

• Public Subnet

• Private Subnet

• Ensure that everything was created properly

Internet Gateways

• Create Gateway

• Attach it to the VPC

Route Tables

• Create both public and private route tables

• Associate the subnets with their respective tables

• Config public table to allow for internet traffic (make sure to select the internet gateway we made earlier)

Elastic IPs

• Create 2 Elastic IPs

• Once EC2 instances are made allocate them to the 2 on the public subnet

Create Instances

• Go to EC2 Console

• Go to instances then create instance

Linux-Apache-PHP (Public Subnet 10.10.10.25)

Jumpbox (Public Subnet 10.10.10.30)

MySQL (Private 10.10.15.60)

Results

Configure Security Groups

• Public Security Group

• Private Security Group

NAT-Gateway

• Go back to VPC

• Go to NAT Gateways and create a new gateway on the Public Subnet

Test Connectivity

• SSH into web

• SSH into jumpbox

• SSH into MySQL from jumpbox

EC2 Web and MySQL as a LAMP Stack

MySQL installation

• On MySQL box run

apt-get update
apt-get install mysql-server

• Ensure it is running

• Setup MySQL/Wordpress

Source: https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-on-centos-7

• Login to mysql with:

mysql -u root -p

• Start setting up wordpress by creating the database and a new privileged user for it

CREATE DATABASE wordpress;
CREATE USER [email protected] IDENTIFIED BY 'insert password here';
GRANT ALL PRIVILEGES ON wordpress.* TO [email protected];
FLUSH PRIVILEGES;

• Move over to the Web box and install wordpress

(pre-requisites)

sudo apt-get update
sudo apt-get install apache2
sudo apt-get install php
sudo apt-get install php-gd
sudo apt-get install php-mysqlnd
sudo apt-get install mariadb-client
sudo systemctl enable apache2
sudo systemctl start apache2

(wordpress install)

wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
sudo rsync -avP ~/wordpress/ /var/www/html/
sudo mkdir /var/www/html/wp-content/uploads
sudo chown -R www-data:www-data /var/www/html/*
cd /var/www/html
cp wp-config-sample.php wp-config.php

• You now need to edit wp-config.php to contain your MySql/Wordpress credentials

• Once that has been done restart apache and you should be all set

Part 2

Configure CloudWatch for Instance Monitoring

• Turn on detailed monitoring for Web and MySQL instances and basic monitoring for the jump box
  • to turn on detailed monitoring click the check box next to the desired ec2 instance then go to actions -> monitor and troubleshoot -> manage detailed monitoring and then click enable.

Configure CloudWatch for Instance Metrics:

• Go to the cloudwatch dashboard and click on the all metrics tab on the left of the screen

• Find 3 metrics you want to set alarms for, I chose EC2 CPU Utilization, NAT Gateway PacketsDropCount, and EC2 StatusCheckFailed

• Once you have found the metrics you want to monitor click on it and you should be brought to a screen like shown below

• Click the bell icon next to the instances you want to set the alarm for in order to create the alarm

  • For cpu utilization i made the threshold 80% usage

• Now do this for all 3 metrics

Configure CloudTrail for AWS auditing

• Head over to the cloudtrail dashboard

• Create a new trail (CTFinal)

• Create a new S3 Bucket in this case I just kept the default name

• Disable SSE-KMS encryption

• Add 1 key + value combo in tags, in this case I just made the key Final and the value Cloudtrail

• Click next and enable insight events

• Leave everything else as default and create the trail

• After some time cloudtrail logs should begin to populate in the s3 bucket

• Here is an example of one of the cloudtrail logs, this log entry specifically represent API calls made from my AWS environment, containing details such as the event source, event name, user identity and, request parameters.