AWS, Deploy API lambda service to upload presigned images to S3, managed with a Pipeline

In this entry I would like to share an example to show how to deploy a serverless API service in AWS using the CodePipeline.

In this scenario there is an static web application that is consuming the published API to upload images via Java lambda function and get a presigned url to grant temporal access to the file stored in S3, in this way we can keep the bucket as private and provide temporal access to the files.

The next diagram shows the architecture for this solution:

As you can see, there is a Cloud9 development environment and CI/CD pipeline which is triggered by CodeCommit when the changes are pushed to the repository, then start to build the application with CodeBuild, finally the API is published to be consumed by the web site.

So let’s get started.

Seguir leyendo →

AWS, Deploy a serverless application using Lambda and CodePipeline

In this entry I would like to share this example to show how to deploy a serverless application in AWS using lambda, API gateway, S3 and DynamoDB. This example is taken from my last training in AWS cloud. The next diagram shows the architecture:

As you can see there are 3 lambdas connected to DynamoDB serving from API gateway and the frontend is hosted as static web application in a S3 bucket.

Also, it includes a configured development enviroment with a pipeline to automate the releases.

As same as my previous entries, I can’t detail all steps because I had a restricted user. But I’m gonna try to describe all that I consider relevant.

So, let’s get started.

Seguir leyendo →

AWS ECS, Run Java microservices using docker containers in ECS

In this entry I’m going to show an example to run Java microservices in containers in AWS, I’m using a simple web application with a provided source code from my last training that you can donwload from my github repository.

Please notice that refactoring any monolithic application it could be a very complex task and depends of each context as well as the analisys before to modernize any component to be decoupled, as reference this is is the initial architecture and how must to be after the modernization in containers.

AS-IS, a highly available environment for a monolithic Java application.

TO-BE, the highly available environment for the containeraized Java application

As same as my previuos entries, all information were taken from my last training, therefore some components were already provided:

• Development IDE
• Development Pipeline
• A ECS Cluster
• A RDS instance
• A Custom VPC

Let’s get started.

Seguir leyendo →

AWS EC2, Implement CI/CD pipeline for a monolithic Java application

In this entry I would like to share an example to show how to automate the build and deployment in AWS using Code Pipeline with a Java application. The next steps are taken from my last training and I can’t share all detailed steps because my user has restricted permissions, but I consider this is enough if you know the basics, like the vpc configuration and the IAM roles. So, let’s get started.

The next diagram shows the architecture to implement, the source code is located in Code Commit and will be edited using Cloud9, afther the changes are pushed into the repository the application artifacts would be built using Code Build and deployed with Code Deploy, this last will manage the load balancer to distribute the traffic and deploy the application into the auto scaling group servers.

Seguir leyendo →

AWS EC2, build high available architecture for a Java web application

In this entry I would like to share my recent training activity in AWS where I’ve learn how to build and deploy the next architecture for a Java web application in a highly availability infrastructure.

As you can see, it has an Aplication Load Balancer (ALB) configured to use an Auto Scaling Group (ASG), it will launch EC2 instances in a private subnet, every EC2 instance would connect to RDS database (MySQL).

This time I can’t share all detailed steps because I have a restricted user and it don’t have enough permissions to read the security groups neither VPC configuration, including other elements like the instance profile, for that reason I’m going to describe it in summarized way to keep it simple.

Let’s get started.

Seguir leyendo →

AWS Set basic network security for EC2 instances

Recently I have started to study for achieve the next AWS certification level as Solution Architect Professional and today I tooked the first activity of the AWS Jam Gamified Learning, it consist in complete some challenges resolving problems without instrutions or guides, when you complete a task or challenge gains some points and could you compare with other participants (like a game).

Here is my score, I was the last to complete all the challenges, and I couldn’t get all points because my session expired and I didn’t have enough time.

And I think this format is very helpful to get experience, and would like to share here one problem of the challenge.

Problem: Securing the VPC network resources

The exercise consist in configure the subnets of the VPC using the Network Access Control List (NACL) and Security Groups (SG) to keep the integrity and secure the resources in two Availability Zones (AZ), the next diagram shows the idea of the solution (it is showing only for one AZ):

It’s look like simple right? well, this is the final configuration that has to be delivered with all rules:

Let’s take a look on each part.

Seguir leyendo →

AWS EC2, How to decrypt the password from Windows instance

It’s possible get the password in clear text from an instance and decrypt using the Key Pair, I’ve found two ways to do this:

• Online mode, using AWS CLI and execute the get-password-data
• Offline mode, using openssl

In this entry I’m going to show both.

Seguir leyendo →

AWS EC2 Getting password from Windows instance that was launched from a custom AMI

The AWS documentation describe this problem:

I’m receiving the error «Password is not available yet. Please wait at least 4 minutes after launching an instance before trying to retrieve the auto-generated password» when connecting to my newly launched Amazon Elastic Compute Cloud (Amazon EC2) Windows instance. I’ve waited longer than 4 minutes and still can’t connect.

According to AWS:

«Resetting the password allows you to recover access to the new instance. However, you get the same error when you launch any other instance from that custom AMI.To avoid this issue, configure the initialization tasks from EC2Launch or EC2Config to enable auto-generated passwords.«

«Instances launched from custom AMIs take the Administrator password from the source instance. If the default password for the Administrator account was changed in the source instance used to create the AMI, then the new instance takes the same password. Decrypting the password using a key pair file isn’t possible, unless you configure EC2Launch or EC2Config to generate a new password on the next instance boot.»

Unfortunately, I’ve the same problem but my instance is not new, that was launched from custom AMI and I don’t have the key neither the password to get access… well in this entry I’m going to show how I’ve solved this problem.

Seguir leyendo →

Setup CI Server in Cloud for Java projects with code coverage and inspection

Yep!  I was wating a long time to wirte about this topic, but finally I’m going to show  how to setup your own Continous Integration Server (aka CI) using cloud services, all of them with free accounts.

Only consider the scope of the functionality is very limited because all services we’re using are free, but if pay for it you can do much more.

I don’t going to explain what is or what are the feautres of the CI server, only I want to say the CI is a concept created by Martin Fowler in 2006 and like he’s mention in her website:

«Continuous Integration is a software development practice where members of a team integrate their work frequently, usually each person integrates at least daily – leading to multiple integrations per day. Each integration is verified by an automated build (including test) to detect integration errors as quickly as possible. Many teams find that this approach leads to significantly reduced integration problems and allows a team to develop cohesive software more rapidly.»

Well, let’s get started. We’re going to configure and integrate the next services, so you only need your Github or Bitbucket account.

• Github as repository of your code
• TravsCI  to automate build and integrations
• Coveralls to show code coverage in your project
• Sonarqube to code inspection

The demo project

Seguir leyendo →