In this entry I would like to share an example to show how to deploy a serverless API service in AWS using the CodePipeline.
In this scenario there is an static web application that is consuming the published API to upload images via Java lambda function and get a presigned url to grant temporal access to the file stored in S3, in this way we can keep the bucket as private and provide temporal access to the files.
The next diagram shows the architecture for this solution:
As you can see, there is a Cloud9 development environment and CI/CD pipeline which is triggered by CodeCommit when the changes are pushed to the repository, then start to build the application with CodeBuild, finally the API is published to be consumed by the web site.
In this entry I would like to share this example to show how to deploy a serverless application in AWS using lambda, API gateway, S3 and DynamoDB. This example is taken from my last training in AWS cloud. The next diagram shows the architecture:
As you can see there are 3 lambdas connected to DynamoDB serving from API gateway and the frontend is hosted as static web application in a S3 bucket.
Also, it includes a configured development enviroment with a pipeline to automate the releases.
As same as my previous entries, I can’t detail all steps because I had a restricted user. But I’m gonna try to describe all that I consider relevant.
In this entry I’m going to show an example to run Java microservices in containers in AWS, I’m using a simple web application with a provided source code from my last training that you can donwload from my github repository.
Please notice that refactoring any monolithic application it could be a very complex task and depends of each context as well as the analisys before to modernize any component to be decoupled, as reference this is is the initial architecture and how must to be after the modernization in containers.
AS-IS, a highly available environment for a monolithic Java application.
TO-BE, the highly available environment for the containeraized Java application
As same as my previuos entries, all information were taken from my last training, therefore some components were already provided:
In this entry I would like to share an example to show how to automate the build and deployment in AWS using Code Pipeline with a Java application. The next steps are taken from my last training and I can’t share all detailed steps because my user has restricted permissions, but I consider this is enough if you know the basics, like the vpc configuration and the IAM roles. So, let’s get started.
The next diagram shows the architecture to implement, the source code is located in Code Commit and will be edited using Cloud9, afther the changes are pushed into the repository the application artifacts would be built using Code Build and deployed with Code Deploy, this last will manage the load balancer to distribute the traffic and deploy the application into the auto scaling group servers.
In this entry I would like to share my recent training activity in AWS where I’ve learn how to build and deploy the next architecture for a Java web application in a highly availability infrastructure.
As you can see, it has an Aplication Load Balancer (ALB) configured to use an Auto Scaling Group (ASG), it will launch EC2 instances in a private subnet, every EC2 instance would connect to RDS database (MySQL).
This time I can’t share all detailed steps because I have a restricted user and it don’t have enough permissions to read the security groups neither VPC configuration, including other elements like the instance profile, for that reason I’m going to describe it in summarized way to keep it simple.
Hi in this entry I would like to share my recent learning from my last training in AWS where I had to configure an approval for avoid unwanted chnages in a Productive branch, and also automate it on every new repository.
For this example, the business requirement was «only the users with the role SeniorDevelopers could merge the changes into a branch named Prod«.
In order to solve this, it is needed to create an approval rule in CodeCommit to set the conditions and choose the role that must be allowed to apply changes on the selected branch, then configure Event Bridge to send the event on every new repository cretation to execute a Lambda and associate the rule to that new repository. Something like this:
Recently I have started to study for achieve the next AWS certification level as Solution Architect Professional and today I tooked the first activity of the AWS Jam Gamified Learning, it consist in complete some challenges resolving problems without instrutions or guides, when you complete a task or challenge gains some points and could you compare with other participants (like a game).
Here is my score, I was the last to complete all the challenges, and I couldn’t get all points because my session expired and I didn’t have enough time.
And I think this format is very helpful to get experience, and would like to share here one problem of the challenge.
Problem: Securing the VPC network resources
The exercise consist in configure the subnets of the VPC using the Network Access Control List (NACL) and Security Groups (SG) to keep the integrity and secure the resources in two Availability Zones (AZ), the next diagram shows the idea of the solution (it is showing only for one AZ):
It’s look like simple right? well, this is the final configuration that has to be delivered with all rules:
This is a quick entry, I’ve been helping a friend to review a conectivity problem in their SAP installation on AWS cloud, on every reboot the connectivity is losted.
These are the actions that we’ve taken to solve it.
1. First, automate the saprouter exceution when the EC2 instance is started or stopped, to do this open the CMD terminal and execute this command:
As you can see the a new service called «SAPRouter» is added as local service and it is managed by Windows.
2. Modify the Windows firewall, go to Control Panel > System and Security > Windows Firewall > Advanced Settings, select Inbound Rules > Actions > New Rule, and add a new Port rule to allow the TCP traffic with Specific ports: 3299, 3200. Then select Allowconenction into Action and select the profiles to apply it, finally set a name as «SAP Router» and click on Finish.
3. Review the network configuration in AWS, the next image shows the arquitecture, there is a VPC with two subnets (one public and another private), the user access from Internet to connect with the Bastion Host and this one is used to redirect the traffic to the SAP server using the SAP Router:
To keep it simple, this is the checklist to complete the configuration:
Verify the main route table on the VPC, it must to have an entry to route the traffic to internet (Internet Gateway) and the local traffic
Open the Network ACL and ensure the TCP ports are allowed in Inbound and Outbound rules for TCP ports 3200 and 3299
Verify the routing table on each Subnet, the Public Subnet has a Route Table A to route traffic to the Internet, the Private Subnet has a Route Table B to route the traffic to the NATGateway for the Appserver
For Bastion host, add the Inbound and Outbound rules into the Security Group to receive the connections from internet with the SAP Router over the Public IP (using an Elastic IP)
For the Appserver, add the Inbound and Outbound rules into the Security Group to receive the connections from the Bastion host using only the private IP or the security group from sender
4.An extra tip, to validate the conectivity from the Bastion host to the Appserver a simple test can be executed in AWS, goto VPC > Network Analize > Reachability Analizer > Create and analize path, in source type select the Bastion instance and the target the Appserver with the port 3299, when the analize is finished the path is showed with all network components in AWS.
This is a simplification of the Network configuration for this entry but I consider this is enough for now.
I’m receiving the error«Password is not available yet. Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password» when connecting to my newly launched Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. I’ve waited longer than 4 minutes and still can’t connect.
According to AWS:
«Resetting the password allows you to recover access to the new instance. However, you get the same error when you launch any other instance from that custom AMI.To avoid this issue, configure the initialization tasks from EC2Launch or EC2Config to enable auto-generated passwords.«
«Instances launched from custom AMIs take the Administrator password from the source instance. If the default password for the Administrator account was changed in the source instance used to create the AMI, then the new instance takes the same password. Decrypting the password using a key pair file isn’t possible, unless you configure EC2Launch or EC2Config to generate a new password on the next instance boot.»
Unfortunately, I’ve the same problem but my instance is not new, that was launched from custom AMI and I don’t have the key neither the password to get access… well in this entry I’m going to show how I’ve solved this problem.
Jaehoo Weblog 