AWS

AWS VPC and VPC Peering

Posted on Updated on

 

Creating a VPC

  1. Create a new VPC with CIDR block
    Eg .
    10.0.0.0/16
    Number of ips = 2 ^ (32-16)
    Ips range in the VPC (1.0.0.0 – 10.0.255.255)
  2. Create Public and private Subnets inside the VPC
    Eg. CIDR block (10.0.0.0/24) – 256 ips in a subnet
    Public subnet will have Internet gateway attached to their route table while private ones won’t
  3. Create an Internet Gateway and attach it to the VPC, Instance in the VPC will be able to connect to the internet though the Internet gateway
  4. Create a NAT Gateway inside a public subnet, NAT gateway allows one way traffic from Private Subnet to the internet
  5. Create 2 Route tables one for public subnet and one for private subnet
    Assign subnet to corresponding route table through subnet Association Tab

    1. For Private Subnet, add these routes
      1. For outgoing connection-
        Destination: 0.0.0.0/0 —- Target: NAT-gateway(eg. nat-foobar)
        Now instance in private subnet can access the outside world through NAT but outside world can’t connect to the instances
    2. For Public Sunet, add these routes
      1. For in and out connection through internet
        Destination: 0.0.0.0/0 —- Target: internet-gateway(eg. igw-loremipsum)
        Now instances in public subnet can access and be accessed from the internet through the Internet Gateway

VPC Peering

  1. Make sure the ip CIDR block of the 2 VPCS do not collide. If the existing VPC has CIDR block 10.0.0.0/16, then the new VPC should use CIDR block like 10.1.0.0/16 so the ips in the two VPCs don’t collide
  2. Creating Peering Connection from Peering Connections Page
    1. Give a proper Peering connection name tag
    2. Select new VPC as the Requester VPC
    3. Select old VPC as the another VPC and submit
    4. Click on the Newly Created Peering Connection and press Actions and press Accept Request to accept the peering.
  3. Now the route tables need to be updated to add routes to each others ips
    1. Edit the private and public Route table of both VPC and add an entry on each
      Destination = CIDR block of the other VPC
      Target = Peering connection. Eg pcx-foobar
    2. Edit DNS Settings:
      Check both checkboxes
      Allow DNS resolution from peer VPC (vpc-dc700db8) to private IP
      Allow DNS resolution from local VPC (vpc-6bcf1b0f) to private IP
  4. For accessing rds from other VPC, add the CIDR block of the current VPC in the security group of rds instance.
Advertisements

Mounting Amazon S3 bucket on EC2 Instance

Posted on Updated on

Install required libraries :

https://github.com/s3fs-fuse/s3fs-fuse/wiki/Installation-Notes#installing-on-amazon-linux-ami
sudo yum install -y gcc libstdc++-devel gcc-c++ fuse fuse-devel curl-devel libxml2-devel mailcap automake openssl-devel
git clone https://github.com/s3fs-fuse/s3fs-fuse
cd s3fs-fuse/
./autogen.sh
./configure –prefix=/usr –with-openssl
make
sudo make install

Create password file with S3 identity and credential :
echo MYIDENTITY:MYCREDENTIAL > /home/ec2-user/s3fs-passwd
chmod 600 /home/ec2-user/s3fs-passwd

To make file accessible for other users as well(ie nginx user) :
sudo nano /etc/fuse.conf
uncomment “user_allow_other”

To mount :
s3fs bucketname /usr/share/nginx/html/project-name/sitemap/ -o passwd_file=/home/ec2-user/s3fs-passwd -o allow_other

To mount with debug :
s3fs bucketname /usr/share/nginx/html/project-name/sitemap/ -o passwd_file=/home/ec2-user/s3fs-passwd -d -d -f -o f2 -o curldbg -o allow_other

 

Mount on boot :
create the global credential file :
echo MYIDENTITY:MYCREDENTIAL > /etc/passwd-s3fs
chmod 600 /path/to/passwd

sudo nano /etc/fstab
mybucket /path/to/mountpoint fuse.s3fs _netdev,allow_other 0 0

 

Thankx for reading. Cheers!!!