AWS

[Mobile version(QRCode)]
Access record[Graph / PV Info.(Past 1 day / Past 1 week) / Access from outside (Yesterday / Past 1 week) / Vistors's list]
ProfilePmail(Mail)
Inbox   /Send   /Sent
Reviews(List   /Limit)
Poll   /Agree:Got   /Sent
Fan
Works/Music
Blog
[Write]
Links
My Play List
 Created dateCategoryArticle title
12017/12/31AWSIntroduction AWS's service..
22017/12/08AWSTry of new AWS services
32017/12/06AWSCloud9
42017/02/27AWSIntroduction of AWS in 201..
52017/02/25AWSHow to mount s3 using goof..
62017/01/24AWSMove to AWS
72016/08/01AWSAuto scale::Points which y..
82016/04/22AWSS3: How to set up web serv..
92016/04/07AWSHow to study and get "..
102016/02/12AWSHow to set up Auto scale i..
 =>Older article
 Created dateNameRecent messages

1.
2017/12/31 (Updated 2017/12/28) "AWS > Introduction AWS's service in January of 2018"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. About this document
  1. Compute
  2. Storage
  3. Database
  4. Migration
  5. Networking & Content Delivery
  6. Developer Tools
  7. Management Tools
  8. Media Services
  9. Machine Learning
  10. Analytics
  11. Security, Identity & Compliance
  12. Mobile Services
  13. AR & VR
  14. Application Integration
  15. Customer Engagement
  16. Business Productivity
  17. Desktop & App Streaming
  18. Internet of Things
  19. Game Development

1. About this document

List up AWS's service and explain how we can make use of them based on actual usage by me.
The level of "Useful for?" is described as
Everyone
Sometimes
Limited
  1. Compute

ServiceUseful for?ExplanationMy usage
EC2SometimesEC2 (Elastic Compute) is basis of AWS. But its cost is not best if we compare with instances of VPS. Basically EC2 is useful with combination with other AWS service to reduce human cost and when you try to minimize the down time as much as possible even if you have to pay additional fee. So if you do your business only by yourself, this may not be the best choice.If I work not for myself, I will use EC2.
LightsailLimitedVPS service by AWS. But if we use VPS, I think we don't have to use AWS because its spec is limited compared to the price. 
Elastic Container ServiceSometimesFor dockerJust seeing
LambdaSometimes  
BatchLinited  
Elastic BeanstalkLinited  

  2. Storage

ServiceUseful for?ExplanationMy usage
S3Everyone  
EFSSometimes  
GlacierEveryone  
Storage GatewayLimited  

  3. Database

ServiceUseful for?ExplanationMy usage
RDSEveryone  
DynamoDBSometimes  
ElastiCacheSometimes  
Amazon RedshifLimitedFor datawarehouse. But the cost is not so cheap. 

  4. Migration

ServiceUseful for?ExplanationMy usage
AWS Migration HubLimited  
Application Discovery ServiceLimited  
Database Migration ServiceLimited  
Server Migration ServiceLimited  
SnowballLimited  

  5. Networking & Content Delivery

ServiceUseful for?ExplanationMy usage
VPCEveryone  
CloudFrontEveryone  
Route 53Everyone  
API GatewaySometimes  
Direct ConnectLimited  

  6. Developer Tools

ServiceUseful for?ExplanationMy usage
CodeStarLimited  
CodeCommitLimited  
CodeBuildLimited  
CodeDeploySometimes  
CodePipelineLimited  
Cloud9Limited  
X-RayLimited  

  7. Management Tools

ServiceUseful for?ExplanationMy usage
CloudWatchEveryone  
CloudFormationLimited  
CloudTrailLimited  
ConfigLimited  
OpsWorksLimited  
Service CatalogLimited  
Systems ManagerLimited  
Trusted AdvisorLimited  
Managed ServicesLimited  

  8. Media Services

ServiceUseful for?ExplanationMy usage
Elastic Transcoder_Limited   
Kinesis Video Streams_Limited   
MediaConvert_Limited   
MediaLive_Limited   
MediaPackage_Limited   
MediaStore_Limited   
MediaTailor_Limited   

  9. Machine Learning

ServiceUseful for?ExplanationMy usage
Amazon SageMaker_Limited   
Amazon Comprehend_Limited   
AWS DeepLens_Limited   
Amazon Lex_Limited   
Machine Learning_Limited   
Amazon Polly_Limited   
Rekognition_Limited   
Amazon Transcribe_Limited   
Amazon Translate_Limited   

  10. Analytics

ServiceUseful for?ExplanationMy usage
AthenaLimited  
EMRLimited  
CloudSearchLimited  
Elasticsearch ServiceSometimes  
KinesisLimited  
QuickSightSometimes  
Data PipelineLimited  
AWS GlueLimited  

  11. Security, Identity & Compliance

ServiceUseful for?ExplanationMy usage
IAMEveryone  
CognitoSometimes  
GuardDutyLimited  
InspectorLimited  
Amazon MacieLimited  
AWS Single Sign-OnLimited  
Certificate ManagerEveryone  
CloudHSMLimited  
Directory ServiceLimited  
WAF & ShieldSometimes  
ArtifactLimited  

  12. Mobile Services

ServiceUseful for?ExplanationMy usage
Mobile HubLimited  
AWS AppSyncLimited  
Device FarmLimited  
Mobile AnalyticsLimited  

  13. AR & VR

ServiceUseful for?ExplanationMy usage
Amazon SumerianLimited  

  14. Application Integration

ServiceUseful for?ExplanationMy usage
Step FunctionsLimited  
Amazon MQLimited  
Simple Notification ServiceEveryone  
Simple Queue ServiceSometimes  
SWFLimited  

  15. Customer Engagement

ServiceUseful for?ExplanationMy usage
Amazon ConnectLimited  
PinpointSometimes  
Simple Email ServiceEveryone  

  16. Business Productivity

ServiceUseful for?ExplanationMy usage
Alexa for BusinessLimited  
Amazon ChimeLimited  
WorkDocsLimited  
WorkMailSometimes  

  17. Desktop & App Streaming

ServiceUseful for?ExplanationMy usage
WorkSpacesLimited  
AppStream 2.0Limited  

  18. Internet of Things

ServiceUseful for?ExplanationMy usage
AWS IoTLimited  
IoT Device ManagementLimited  
Amazon FreeRTOSLimited  
AWS GreengrassLimited  

  19. Game Development

ServiceUseful for?ExplanationMy usage
Amazon GameLiftLimited  


Add comment to this article

2.
2017/12/08 (Updated 2017/12/14) "AWS > Try of new AWS services"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. Launch template

  1. Launch template

Actually we have to specify many and have to find the reason of why it cannot bring the instance up.
So it looks not so useful.

Add comment to this article

3.
2017/12/06 (Updated 2017/12/13) "AWS > Cloud9"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. What is Cloudl 9
2. Price
3. Setting up

  1. What is Cloudl 9

Online editor
  2. Price

Free
  3. Setting up

You have to allow the access from cloud9 to the targeted ec2.
Currently IP range of Cloud9 is not officially publish, so we have to allow access from everywhere for the server 0.0.0.0/0 first.
22 and 8080 port must be opened.
After everything is set up, you can find the IP of connecting cloud 9 by
netstat -rn |grep EST
and check the ip of the source by whois.

And you can tune up the IP range of AWS for security making use of the tool of converting IP range to CIDR
https://www.ipaddressguide.com/cidr#range

You have to register ssh key's value to the account's ~/.ssh/authorized_keys on the server which you want to use for the development.

Then ~/.cloud9 env will be created.

After it, some necessary files will be installed on the server.
If you have the problem of installation through we for some reason, you can do it from shell.
git clone git://github.com/c9/core.git c9sdk
cd c9sdk
scripts/install-sdk.sh
node server.js -p 8080 -a

It will take some time.

If the process doesn't finish well, you cann install themiii

sudo privilege will be required.

Added roles to the user
AWSLambdaReadOnlyAccess
AWSLambdaVPCAccessExecutionRole

Add comment to this article

4.
2017/02/27 "AWS > Introduction of AWS in 2017 and how to use it"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. Introduction of AWS in 2017
2. What is main benefit of AWS?
    1. We can make use of the increasing features provided by AWS and the speed is getting fast
    2. So many variety of services
    3. It is easy to construct the system without SPOF (Single Point Of Failures)
    4. Elasticity
    5. API
3. Basic service of AWS
    1. Compute
        1. EC2
        2. EC2: AMI
        3. EC2: EBS
        4. EC2: ELB
    2. Storage
        1. S3
    3. Database
        1. RDS
          1. Aurora
        2. DynamoDB
    4. Network & Content Delivery
        1. VPC
        2. Route 53
    5. Management Tools
        1. CloudWatch
        2. CloudTrail
        3. Config
        4. TrustedAdvisor
    6. Security, Identity & Compliance
        1. IAM
        2. Certificate Manager
        3. SNS
        4. SES
        5. WorkMai
4. Basic infra architecture of AWS
    1. IAM
    2. VPC & Subnet & Security Group
    3. Web instance
    4. RDS
    5. SES
    6. s3
    7. Cloudwatch

  1. Introduction of AWS in 2017

This is the document to explain what is the benefit of AWS and how to make use of it

I have a certificate of "AWS Certified Solutions Architect - Associate Level"

and constructed systems based on AWS.

And this site is also running on AWS now.
  2. What is main benefit of AWS?


    1. We can make use of the increasing features provided by AWS and the speed is getting fast

If we try to do by ourselves, of course we will lose to AWS, which means the competitors on the shoulder of the giant AWS can go further.
It is simply business risk.
    2. So many variety of services

We can find so many services and most of them satisfies the security, scalability, redundancy with high criteria.
If we try to do it by ourselves, it will cost so much.
    3. It is easy to construct the system without SPOF (Single Point Of Failures)

AWS is providing
- Multi region = Multiple countries and locations
- Multi zone = Multiple datacenter in 1 region
environment.
And their managed system are fully making use of its redundant environment, so we can forget the system and can just focus on making use of the service.
    4. Elasticity


    5. API

System can be created not only by web console(=manual) but by CLI and API.
So we can incorporate AWS's system into programming, which leads to Infrastructure as Code.
  3. Basic service of AWS

AWS is offering many services, but I think you will start from using the following services and you should know all of them.
    1. Compute


      1. EC2

Elastic Compute Cloud, which is almost same with a machine instance. There are many types and pricing models.
      2. EC2: AMI

Amazon Machine Image. You can create this from your machine instance but you can make use of other's ones, too. Initially you will choose AMI which matches your necessity and will create EC2 instance. In AWS environment, Amazon Linux is most recommended and reliable OS.
      3. EC2: EBS

Elastic Block Store. EC2 and EBS will be combined but they can exist separately. So even after you terminates EC2 instance, you still can make use of EBS. EBS has many speed model but basically it is fast.
      4. EC2: ELB

Elastic Load Balancer. Fully managed service and you don't have to take care of the redundancy. We can make use of Application Load balancer and Classic Load balancer which can be used for internal TCP based load balancer, too.
    2. Storage


      1. S3

Quite cheap file storage system. Reliability is so high. So we can make use of storing data and static files. When we create image uploading service, we will choose this for data storage.
Price
Standard StorageStandardInfrequent Access StorageGlacier Storage
First 50 TB / month$0.023 per GB$0.0125 per GB$0.004 per GB

    3. Database


      1. RDS

Amazon RDS is a managed relational database service that provides you six familiar database engines to choose from, including Amazon Aurora, MySQL, MariaDB, Oracle, Microsoft SQL Server, and PostgreSQL.
Amazon RDS handles routine database tasks such as provisioning, patching, backup, recovery, failure detection, and repair.
        1. Aurora

Amazon Aurora is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases. Amazon Aurora with MySQL-compatibility delivers up to five times the performance of MySQL without requiring any changes to most MySQL applications.
      2. DynamoDB


    4. Network & Content Delivery


      1. VPC


      2. Route 53


    5. Management Tools


      1. CloudWatch


      2. CloudTrail


      3. Config


      4. TrustedAdvisor


    6. Security, Identity & Compliance


      1. IAM


      2. Certificate Manager


      3. SNS


      4. SES


      5. WorkMai

l
  4. Basic infra architecture of AWS


    1. IAM


    2. VPC & Subnet & Security Group


    3. Web instance


    4. RDS


    5. SES


    6. s3


    7. Cloudwatch



Add comment to this article

5.
2017/02/25 (Updated 2018/06/24) "AWS > How to mount s3 using goofys"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. What is goofys?
2. Preparation on AWS web console
3. Installation of necessary files
4. Mount s3 bucket
5. Execute automatically when instance restarts
6. How to change s3's permission later

    1. What is goofys?

https://github.com/kahing/goofys
You can access files on s3 through directory path.
    2. Preparation on AWS web console

You have to prepare S3 Bucket beforehand and have to give S3 full privilege to some role and associate the role with ec2 instance.
Following procedure is in the case of AmazonLinux.
    3. Installation of necessary files

yum update -y;
yum install golang fuse -y;
export GOPATH=/usr/local/go/bin;
go get github.com/kahing/goofys
go install github.com/kahing/goofys

If something doesn't go well, please download the latest version from official site and install it following the instruction.
wget https://redirector.gvt1.com/edgedl/go/go1.8.5.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.8.5.linux-386.tar.gz

    4. Mount s3 bucket

get apache user's group id and user id
grep apache /etc/passwd
As example, apache user's group id and user id are 48.
Without doing this, only root can write file, so apache cannot create or delete files.

gid=48; #Example
uid=48; #Example
DIRMODE=0775;
FILEMODE=0666;
S3_BUCKET_NAME=firstclass-sakuhindb-uploadedimg; #Example
S3_MOUNT_NAME=/s3/${S3_BUCKET_NAME}; #Example
sudo mkdir -p ${S3_MOUNT_NAME};
sudo umount ${S3_MOUNT_NAME} ;sudo /usr/local/bin/goofys ${S3_BUCKET_NAME} ${S3_MOUNT_NAME} -o allow_other,--uid=$uid,--gid=$gid,--dir-mode=$DIRMODE,--file-mode=$FILEMODE,--use-content-type,--acl=public-read

gid=48; #Example
uid=48; #Example
DIRMODE=0775;
FILEMODE=0666;
S3_BUCKET_NAME=minakoe-index; #Example considering that making files public through https://stat.image.sakuhindb.com/ <= You have to combine with CloudFront to make it accessible through https
S3_MOUNT_NAME=/s3/${S3_BUCKET_NAME}; #Example
mkdir -p ${S3_MOUNT_NAME};
umount ${S3_MOUNT_NAME} ;sudo /usr/local/go/bin/bin/goofys ${S3_BUCKET_NAME} ${S3_MOUNT_NAME},--uid=$uid,--gid=$gid,--dir-mode=$DIRMODE,--file-mode=$FILEMODE

--user-content-type=Set user content type based on file's extension
--acl=public-read=This is necessary when you want to make this content accessible through web to users

verify
df -kh

Result example
Filesystem Size Used Avail Use% Mounted on
devtmpfs 7.9G 64K 7.9G 1% /dev
tmpfs 7.9G 0 7.9G 0% /dev/shm
/dev/xvda1 99G 59G 41G 60% /
fs-4e65c607.efs.us-east-1.amazonaws.com:/ 8.0E 46G 8.0E 1% /efs
firstclass-weblogs 1.0P 0 1.0P 0% /s3/firstclass-weblogs

    5. Execute automatically when instance restarts

sudo vi /etc/rc.local;

gid=48;
uid=48;
S3_BUCKET_NAME=firstclass-weblogs; #Example
S3_MOUNT_NAME=/s3/${S3_BUCKET_NAME};
/usr/local/bin/goofys ${S3_BUCKET_NAME} ${S3_MOUNT_NAME} -o allow_other,--uid=$uid,--gid=$gid,--dir-mode=$DIRMODE,--file-mode=$FILEMODE,--use-content-type,--acl=public-read

Restart the server and verify that s3 will be mounted automatically when the instance restarts
    6. How to change s3's permission later

Install s3cmd
sudo yum install s3cmd --enablerepo=epel

Ex. Make files under s3://firstclass-sakuhindb-uploadedimg bucket public to users through web
s3cmd setacl -r --acl-public s3://firstclass-sakuhindb-uploadedimg


Add comment to this article

6.
2017/01/24 "AWS > Move to AWS"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. Background
  1. Prerequisite
    1. Your PC
    2. Create AWS account by sign up
    3. Create user account using IAM
  2. Decide the region
    1. Check mandatory service for you
    2. Compare price
    3. Decide default region
  3. Cost estimation before you start using AWS
  4. Set up AWS CLI env on your PC
  5. Create network (VPC)
  6. Move the authority to Rout53
  7. SSL Certificate
  8. ec2 instance
  9. EFS
  10. Request to unlock the limitation of SES
  11. Change mail to use SES
  12. Change the code which is using REMOTE_ADDR
  13. Timezone of Amazon Linux
  14. Stop unnecessary process

1. Background

I decided the service of sakuhindb move to AWS.
I will show the procedure for you to reference.
  1. Prerequisite


    1. Your PC

Mac or Linux environment to use linux command
    2. Create AWS account by sign up

https://aws.amazon.com/free/
    3. Create user account using IAM

After you have succeeded in signing in web console, create user group and user.
  2. Decide the region

https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
    1. Check mandatory service for you

North virginia has all service and price is low.
So check the region's status which you are considering to serve the service.
In my case, it is tokyo and following services are not available now.

ServiceNecessary
Amazon Cloud DirectoryN
Amazon Elastic File System (EFS)Y
Amazon Kinesis AnalyticsN
Amazon Kinesis FirehoseN
Amazon LightsailN
Amazon Machine LearningN
Amazon Mobile AnalyticsN
Amazon PinpointN
Amazon Polly
Amazon QuickSightN
Amazon RekognitionN
Amazon Simple Email Service (SES)N
Amazon WorkDocsN
Amazon WorkMailN
AWS Application Discovery ServiceN
AWS CodeDeployN
AWS Managed ServicesN
AWS SnowballN
AWS Snowball EdgeN

    2. Compare price

EC2 Price
RegionN. VirginiaSingaporeTokyo
t2.micro$0.012$0.015$0.016
RDS Price 
RegionN. VirginiaSingaporeTokyo
db.t2.micro$0.017$0.026$0.026

ELB
RegionN. VirginiaSingaporeTokyo
ELB$0.025$0.028$0.027

    3. Decide default region

In this case, I needed EFS, so I chose N. Virginia.
  3. Cost estimation before you start using AWS

EFS50GB x 0.3=$15

  4. Set up AWS CLI env on your PC

brew install awscli;
brew install boto;
brew install jq;
aws configure;

# API key information can be gotten from IAM console
# Input region name seeing http://docs.aws.amazon.com/general/latest/gr/rande.html
  5. Create network (VPC)

ansible-playbook playbook/network-security/vpc.yml -i hosts/localhost --extra-vars=@extra-vars/base.yml

vpc.yml
# ansible-playbook playbook/network-security/vpc.yml -i hosts/localhost --extra-vars=@extra-vars/base.yml
---
- hosts: 127.0.0.1
  gather_facts: no
  connection: local

  tasks:
    - name: "make vpc for Prod"
      ec2_vpc:
        state: present
        cidr_block: 10.0.0.0/21
        resource_tags: { "Environment":"Prod",  "Name":"Prod {{ pj }}"  }
        subnets:
          - cidr: 10.0.0.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Public", "Name" : "Prod-Public" }
          - cidr: 10.0.1.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Private", "Name" : "Prod-Private" }
          - cidr: 10.0.2.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Secure", "Name":"Prod-Secure" }
          - cidr: 10.0.3.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Admin", "Name":"Prod-Admin" }
          - cidr: 10.0.4.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Public2", "Name":"Prod-Public2" }
          - cidr: 10.0.5.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Private2", "Name":"Prod-Private2" }
          - cidr: 10.0.6.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Secure2", "Name":"Prod-Secure2" }
          - cidr: 10.0.7.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Prod", "Tier" : "Admin2", "Name":"Prod-Admin2" }
        internet_gateway: True
        route_tables:
          - subnets:
              - 10.0.0.0/24
              - 10.0.1.0/24
              - 10.0.2.0/24
              - 10.0.3.0/24
              - 10.0.4.0/24
              - 10.0.5.0/24
              - 10.0.6.0/24
              - 10.0.7.0/24
            routes:
              - dest: 0.0.0.0/0
                gw: igw
        region: "{{ aws_default_region }}"

    - name: "make vpc for Stg"
      ec2_vpc:
        state: present
        cidr_block: 10.0.8.0/21
        resource_tags: { "Environment":"Stg", "Name":"Stg {{ pj }}" }
        subnets:
          - cidr: 10.0.8.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Public", "Name":"Stg-Public" }
          - cidr: 10.0.9.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Private", "Name":"Stg-Private" }
          - cidr: 10.0.10.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Secure", "Name":"Stg-Secure" }
          - cidr: 10.0.11.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Admin", "Name":"Stg-Admin" }
          - cidr: 10.0.12.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Public2", "Name":"Stg-Public2" }
          - cidr: 10.0.13.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Private2", "Name":"Stg-Private2" }
          - cidr: 10.0.14.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Secure2", "Name":"Stg-Secure2" }
          - cidr: 10.0.15.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Stg", "Tier" : "Admin2", "Name":"Stg-Admin2" }
        internet_gateway: True
        route_tables:
          - subnets:
              - 10.0.8.0/24
              - 10.0.9.0/24
              - 10.0.10.0/24
              - 10.0.11.0/24
              - 10.0.12.0/24
              - 10.0.13.0/24
              - 10.0.14.0/24
              - 10.0.15.0/24
            routes:
              - dest: 0.0.0.0/0
                gw: igw
        region: "{{ aws_default_region }}"

    - name: "make vpc for Dev"
      ec2_vpc:
        state: present
        cidr_block: 10.0.16.0/21
        resource_tags: { "Environment":"Dev", "Name":"Dev {{ pj }}" }
        subnets:
          - cidr: 10.0.16.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Public", "Name":"Dev-Public" }
          - cidr: 10.0.17.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Private", "Name":"Dev-Private"  }
          - cidr: 10.0.18.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Secure", "Name":"Dev-Secure" }
          - cidr: 10.0.19.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Admin", "Name":"Dev-Admin" }
          - cidr: 10.0.20.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Public2", "Name":"Dev-Public2" }
          - cidr: 10.0.21.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Private2", "Name":"Dev-Private2" }
          - cidr: 10.0.22.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Secure2", "Name":"Dev-Secure2" }
          - cidr: 10.0.23.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Dev", "Tier" : "Admin2", "Name":"Dev-Admin2" }
        internet_gateway: True
        route_tables:
          - subnets:
              - 10.0.16.0/24
              - 10.0.17.0/24
              - 10.0.18.0/24
              - 10.0.19.0/24
              - 10.0.20.0/24
              - 10.0.21.0/24
              - 10.0.22.0/24
              - 10.0.23.0/24
            routes:
              - dest: 0.0.0.0/0
                gw: igw
        region: "{{ aws_default_region }}"

    - name: "make vpc for Admin"
      ec2_vpc:
        state: present
        cidr_block: 10.0.24.0/21
        resource_tags: { "Environment":"Admin", "Name":"Admin {{ pj }}" }
        subnets:
          - cidr: 10.0.24.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Public", "Name":"Admin-Public"  }
          - cidr: 10.0.25.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Private", "Name":"Admin-Private" }
          - cidr: 10.0.26.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Secure", "Name":"Admin-Secure" }
          - cidr: 10.0.27.0/24
            az: "{{ dca }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Admin", "Name":"Admin-Admin" }
          - cidr: 10.0.28.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Public2", "Name":"Admin-Public2" }
          - cidr: 10.0.29.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Private2", "Name":"Admin-Private2" }
          - cidr: 10.0.30.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Secure2", "Name":"Admin-Secure2" }
          - cidr: 10.0.31.0/24
            az: "{{ dcb }}"
            resource_tags: { "Environment":"Admin", "Tier" : "Admin2", "Name":"Admin-Admin2" }
        internet_gateway: True
        route_tables:
          - subnets:
              - 10.0.24.0/24
              - 10.0.25.0/24
              - 10.0.26.0/24
              - 10.0.27.0/24
              - 10.0.28.0/24
              - 10.0.29.0/24
              - 10.0.30.0/24
              - 10.0.31.0/24
            routes:
              - dest: 0.0.0.0/0
                gw: igw
        region: "{{ aws_default_region }}"

hosts/localhost
[localhost]
127.0.0.1 ansible_python_interpreter=/usr/local/bin/python

extra-vars/base.yml
pj: 1stclass
aws_default_rds_type: db.t2.micro
aws_default_region: us-east-1 # N. Virgnia
aws_prefered_zone: us-east-1d
dca: us-east-1d
dcb: us-east-1e
aws_ec2_key: ec2-key-pair
aws_ami_id: prod-web

internal_cid: ["202.55.66.114/32", # new-analyzer
"182.19.143.105/32" # SG
]

dev_internal_cid: ["202.55.66.114/32", # new-analyzer
"182.19.143.105/32" # SG
]

jenkins_integrated_cid: ["202.55.66.114/32" # new-analyzer
]

  6. Move the authority to Rout53

Before you delegate DNS's authority from existing DNS to Route 53, create DNS record in Route 53 beforehand.
Create zone from web console for sakuhindb.com.
After it, execute following ansible.

playbook/network-security/route53.yml
# ansible-playbook playbook/network-security/route53.yml -i hosts/localhost --extra-vars=@extra-vars/base.yml
---
- hosts: 127.0.0.1
  gather_facts: no
  connection: local
  tasks:
    - route53:
        command: create
        zone: sakuhindb.com
        record: sakuhindb.com
        type: A
        ttl: 300
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        record: blog-sc.sakuhindb.com
        type: A
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        record: chat.sakuhindb.com
        type: A
        value: 157.7.136.190
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: common.sakuhindb.com
        value: 157.7.136.235
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.image.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.image-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.music.sakuhindb.com
        value: 158.199.143.203

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.product-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.video.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en.video-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: en2.sakuhindb.com
        value: 157.7.136.190
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: image.sakuhindb.com
        value: 157.7.136.235
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: image-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: img.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.blog-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.chat.sakuhindb.com
        value: 157.7.136.190
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.image.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.image-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.product-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: m.video.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: music.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: product-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: rss.sakuhindb.com
        value: 158.199.143.203

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: video.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: video-sc.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: www.sakuhindb.com
        value: 158.199.143.203
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: A
        record: www2.sakuhindb.com
        value: 157.7.136.190
        wait: yes

    - route53:
        command: create
        zone: sakuhindb.com
        type: MX
        record: sakuhindb.com
        value: mail.accessup.org
        wait: yes

After everything becomes O.K, go to your domain name registrer's web page and change NS server assignment to AWS's naming server.
  7. SSL Certificate

You have to have an mail account like admin@$DOMAINAME to show the ownership of the domain.
for 
sakuhindb.com
video.sakuhindb.com
en.image.sakuhidb.com
, you have to create SSL record for sakuhindb.com, *.sakuhindb.com and *.image.sakuhindb.com
  8. ec2 instance

Only initial time, create an instance from web screen.
Before creating web instance, create IAM role for webinstance, which will be used when you create a web instance.
  9. EFS

You have to open 2049 port

sudo yum -y install nfs-utils
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 file-system-id.efs.aws-region.amazonaws.com:/ efs-mount-point;

#Example
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 fs-4e65c607.efs.us-east-1.amazonaws.com:/ /www

[ec2-user@aws-sakuhindb ~]$ df -k
Filesystem                                       1K-blocks    Used        Available Use% Mounted on
devtmpfs                                            498764      60           498704   1% /dev
tmpfs                                               509640       0           509640   0% /dev/shm
/dev/xvda1                                        30830568 1231096         29499224   5% /
fs-4e65c607.efs.us-east-1.amazonaws.com:/ 9007199254740992       0 9007199254740992   0% /www



# File transfer
rsync --rsync-path="rsync" -ave "ssh -c arcfour" /www/* www@prod-sakuhindb:/www
  10. Request to unlock the limitation of SES


  11. Change mail to use SES


  12. Change the code which is using REMOTE_ADDR

sudo yum install mod_extract_forwarded;
  13. Timezone of Amazon Linux


  14. Stop unnecessary process

sudo vi /etc/sysconfig/init
#ACTIVE_CONSOLES=/dev/tty[1-6]
ACTIVE_CONSOLES=/dev/tty1

shutdown -r now

Add comment to this article

7.
2016/08/01 "AWS > Auto scale > Points which you should be cautious"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

If you remove auto-scale setting, associated instances are also terminated.
Be careful!

Add comment to this article

8.
2016/04/22 "AWS > S3: How to set up web server for static files"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

BUCKET=....;
aws s3 mb s3://$BUCKET;

Confirm the privilege of each bucket of s3 for the security.

Add comment to this article

9.
2016/04/07 "AWS > How to study and get "AWS Certified Solutions Architect - Associate""
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

1. Certificate
  1. AWS Certified Solutions Architect - Associate
2. The way to study
  1. Check the service list and get the basic understanding of each service
3. Key points to be studied
  1. AWS Region
  2. Limitation of the each service
  3. Roles
  4. Deepen the knowledge of Key services for the examination
    1. CloudFormation
        1. Example of template
        2. Limitation
        3. Intrinsic Function
        4. CLI command list
    2. Elastic Beanstalk
        1. Limitation
        2. CLI command list
    3. DynamoDB
        1. Limitation
        2. CLI command list
    4. EC2
        1. Limitation
        2. awscli command list
    5. IAM
        1. Limitation
        2. CLI command list
    6. Route 53
        1. Limitation
        2. CLI command list
    7. RDS
        1. Limitation
        2. CLI command list
    8. S3
        1. Limitation
        2. CLI command list
    9. SNS
        1. Limitation
        2. CLI command list
    10. SQS
        1. Limitation
        2. CLI command list
    11. SWF
        1. Limitation
        2. CLI command list
    12. VPC
        1. Limitation
4. Study resources

1. Certificate

http://aws.amazon.com/certification/


And my certificate

  1. AWS Certified Solutions Architect - Associate

https://aws.amazon.com/certification/certified-solutions-architect-associate/

The table below lists the domains measured by this examination and the extent to which they are represented.
Domain% of Examination
1.0 Designing highly available, cost-efficient, fault-tolerant, scalable systems60%
2.0 Implementation/Deployment10%
3.0 Data Security20%
4.0 Troubleshooting10%
TOTAL100%

2. The way to study


  1. Check the service list and get the basic understanding of each service

https://aws.amazon.com/documentation/

Mobile and analysis is the part which I have to study.
Lambda, DynamoDb, s3 and Gracier must be used for its low cost.
3. Key points to be studied


  1. AWS Region

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
IDCodeName
1us-east-1US East (N. Virginia)
2us-west-2US West (Oregon)
3us-west-1US West (N. California)
4eu-west-1EU (Ireland)
5eu-central-1EU (Frankfurt)
6ap-southeast-1Asia Pacific (Singapore)
7ap-northeast-1Asia Pacific (Tokyo)
8ap-southeast-2Asia Pacific (Sydney)
9ap-northeast-2Asia Pacific (Seoul)
10sa-east-1South America (Sao Paulo)

  2. Limitation of the each service

http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
  3. Roles

aws iam list-policies|grep PolicyName|sort
  4. Deepen the knowledge of Key services for the examination

1. Read through the documentation
2. Touch and create an application
    1. CloudFormation

https://aws.amazon.com/documentation/cloudformation/
      1. Example of template

https://s3-us-west-2.amazonaws.com/cloudformation-templates-us-west-2/AutoScalingMultiAZWithNotifications.template
      2. Limitation

ResourceDefault Limit
Stacks200

      3. Intrinsic Function

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html
Fn::Base64
Condition Functions
Fn::FindInMap
Fn::GetAtt
Fn::GetAZs
Fn::Join
Fn::Select
Ref
      4. CLI command list

o cancel-update-stack
o create-stack
o delete-stack
o describe-account-limits
o describe-stack-events
o describe-stack-resource
o describe-stack-resources
o describe-stacks
o get-stack-policy
o get-template
o get-template-summary
o help
o list-stack-resources
o list-stacks
o set-stack-policy
o signal-resource
o update-stack
o validate-template
    2. Elastic Beanstalk

http://aws.amazon.com/documentation/elastic-beanstalk/
      1. Limitation

ResourceDefault Limit
Applications25
Versions500
Environments200

      2. CLI command list

o abort-environment-update
o check-dns-availability
o create-application
o create-application-version
o create-configuration-template
o create-environment
o create-storage-location
o delete-application
o delete-application-version
o delete-configuration-template
o delete-environment-configuration
o describe-application-versions
o describe-applications
o describe-configuration-options
o describe-configuration-settings
o describe-environment-health
o describe-environment-resources
o describe-environments
o describe-events
o describe-instances-health
o help
o list-available-solution-stacks
o rebuild-environment
o request-environment-info
o restart-app-server
o retrieve-environment-info
o swap-environment-cnames
o terminate-environment
o update-application
o update-application-version
o update-configuration-template
o update-environment
o validate-configuration-settings
    3. DynamoDB

https://aws.amazon.com/documentation/dynamodb/?nc1=h_ls
      1. Limitation

ResourceDefault Limit
US East (N. Virginia) Region: Maximum capacity units per table or global secondary index40,000 read capacity units and 40,000 write capacity units
US East (N. Virginia) Region: Maximum capacity units per account80,000 read capacity units and 80,000 write capacity units
All other Regions: Maximum capacity units per table or global secondary index10,000 read capacity units and 10,000 write capacity units
All other Regions: Maximum capacity units per account20,000 read capacity units and 20,000 write capacity units
Maximum number of tables256

      2. CLI command list

o batch-get-item
o batch-write-item
o create-table
o delete-item
o delete-table
o describe-table
o get-item
o help
o list-tables
o put-item
o query
o scan
o update-item
o update-table
o wait
    4. EC2

https://aws.amazon.com/documentation/ec2/
      1. Limitation

ResourceDefault Limit
Elastic IP addresses for EC2-Classic5
Security groups for EC2-Classic per instance500
Rules per security group for EC2-Classic100
Key pairs5,000
Throttle on the emails that can be sent from your Amazon EC2 accountThrottle applied
Reserved Instances20 instance reservations per Availability Zone, per month
AMI CopiesDestination regions are limited to 50 concurrent AMI copies at a time, with no more than 25 of those coming from a single source region.

Instance TypeOn-Demand LimitReserved LimitSpot Limit
m4.4xlarge1020Dynamic Spot Limit
m4.10xlarge520Dynamic Spot Limit
c4.4xlarge1020Dynamic Spot Limit
c4.8xlarge520Dynamic Spot Limit
cg1.4xlarge220Dynamic Spot Limit
hi1.4xlarge220Dynamic Spot Limit
hs1.8xlarge220Not offered
cr1.8xlarge220Dynamic Spot Limit
g2.2xlarge520Dynamic Spot Limit
g2.8xlarge220Dynamic Spot Limit
r3.4xlarge1020Dynamic Spot Limit
r3.8xlarge520Dynamic Spot Limit
i2.xlarge820Dynamic Spot Limit
i2.2xlarge820Dynamic Spot Limit
i2.4xlarge420Dynamic Spot Limit
i2.8xlarge220Dynamic Spot Limit
d2.4xlarge1020Dynamic Spot Limit
d2.8xlarge520Dynamic Spot Limit
t2.nano2020Not offered
t2.micro2020Not offered
t2.small2020Not offered
t2.medium2020Not offered
t2.large2020Not offered
All Other Instance Types2020Dynamic Spot Limit

      2. awscli command list

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/OperationList-cmd.html
o accept-vpc-peering-connection
o allocate-address
o assign-private-ip-addresses
o associate-address
o associate-dhcp-options
o associate-route-table
o attach-classic-link-vpc
o attach-internet-gateway
o attach-network-interface
o attach-volume
o attach-vpn-gateway
o authorize-security-group-egress
o authorize-security-group-ingress
o bundle-instance
o cancel-bundle-task
o cancel-conversion-task
o cancel-export-task
o cancel-import-task
o cancel-reserved-instances-listing
o cancel-spot-fleet-requests
o cancel-spot-instance-requests
o confirm-product-instance
o copy-image
o copy-snapshot
o create-customer-gateway
o create-dhcp-options
o create-flow-logs
o create-image
o create-instance-export-task
o create-internet-gateway
o create-key-pair
o create-network-acl
o create-network-acl-entry
o create-network-interface
o create-placement-group
o create-reserved-instances-listing
o create-route
o create-route-table
o create-security-group
o create-snapshot
o create-spot-datafeed-subscription
o create-subnet
o create-tags
o create-volume
o create-vpc
o create-vpc-endpoint
o create-vpc-peering-connection
o create-vpn-connection
o create-vpn-connection-route
o create-vpn-gateway
o delete-customer-gateway
o delete-dhcp-options
o delete-flow-logs
o delete-internet-gateway
o delete-key-pair
o delete-network-acl
o delete-network-acl-entry
o delete-network-interface
o delete-placement-group
o delete-route
o delete-route-table
o delete-security-group
o delete-snapshot
o delete-spot-datafeed-subscription
o delete-subnet
o delete-tags
o delete-volume
o delete-vpc
o delete-vpc-endpoints
o delete-vpc-peering-connection
o delete-vpn-connection
o delete-vpn-connection-route
o delete-vpn-gateway
o deregister-image
o describe-account-attributes
o describe-addresses
o describe-availability-zones
o describe-bundle-tasks
o describe-classic-link-instances
o describe-conversion-tasks
o describe-customer-gateways
o describe-dhcp-options
o describe-export-tasks
o describe-flow-logs
o describe-image-attribute
o describe-images
o describe-import-image-tasks
o describe-import-snapshot-tasks
o describe-instance-attribute
o describe-instance-status
o describe-instances
o describe-internet-gateways
o describe-key-pairs
o describe-moving-addresses
o describe-network-acls
o describe-network-interface-attribute
o describe-network-interfaces
o describe-placement-groups
o describe-prefix-lists
o describe-regions
o describe-reserved-instances
o describe-reserved-instances-listings
o describe-reserved-instances-modifications
o describe-reserved-instances-offerings
o describe-route-tables
o describe-security-groups
o describe-snapshot-attribute
o describe-snapshots
o describe-spot-datafeed-subscription
o describe-spot-fleet-instances
o describe-spot-fleet-request-history
o describe-spot-fleet-requests
o describe-spot-instance-requests
o describe-spot-price-history
o describe-subnets
o describe-tags
o describe-volume-attribute
o describe-volume-status
o describe-volumes
o describe-vpc-attribute
o describe-vpc-classic-link
o describe-vpc-endpoint-services
o describe-vpc-endpoints
o describe-vpc-peering-connections
o describe-vpcs
o describe-vpn-connections
o describe-vpn-gateways
o detach-classic-link-vpc
o detach-internet-gateway
o detach-network-interface
o detach-volume
o detach-vpn-gateway
o disable-vgw-route-propagation
o disable-vpc-classic-link
o disassociate-address
o disassociate-route-table
o enable-vgw-route-propagation
o enable-volume-io
o enable-vpc-classic-link
o get-console-output
o get-password-data
o help
o import-image
o import-key-pair
o import-snapshot
o modify-image-attribute
o modify-instance-attribute
o modify-network-interface-attribute
o modify-reserved-instances
o modify-snapshot-attribute
o modify-spot-fleet-request
o modify-subnet-attribute
o modify-volume-attribute
o modify-vpc-attribute
o modify-vpc-endpoint
o monitor-instances
o move-address-to-vpc
o purchase-reserved-instances-offering
o reboot-instances
o register-image
o reject-vpc-peering-connection
o release-address
o replace-network-acl-association
o replace-network-acl-entry
o replace-route
o replace-route-table-association
o report-instance-status
o request-spot-fleet
o request-spot-instances
o reset-image-attribute
o reset-instance-attribute
o reset-network-interface-attribute
o reset-snapshot-attribute
o restore-address-to-classic
o revoke-security-group-egress
o revoke-security-group-ingress
o run-instances
o start-instances
o stop-instances
o terminate-instances
o unassign-private-ip-addresses
o unmonitor-instances
o wait
    5. IAM

https://aws.amazon.com/iam/
      1. Limitation

ResourceDefault Limit
Groups per account100
Instance profiles100
Roles250
Server certificates20
Users5000

      2. CLI command list

http://docs.aws.amazon.com/cli/latest/reference/iam/
o add-client-id-to-open-id-connect-provider
o add-role-to-instance-profile
o add-user-to-group
o attach-group-policy
o attach-role-policy
o attach-user-policy
o change-password
o create-access-key
o create-account-alias
o create-group
o create-instance-profile
o create-login-profile
o create-open-id-connect-provider
o create-policy
o create-policy-version
o create-role
o create-saml-provider
o create-user
o create-virtual-mfa-device
o deactivate-mfa-device
o delete-access-key
o delete-account-alias
o delete-account-password-policy
o delete-group
o delete-group-policy
o delete-instance-profile
o delete-login-profile
o delete-open-id-connect-provider
o delete-policy
o delete-policy-version
o delete-role
o delete-role-policy
o delete-saml-provider
o delete-server-certificate
o delete-signing-certificate
o delete-ssh-public-key
o delete-user
o delete-user-policy
o delete-virtual-mfa-device
o detach-group-policy
o detach-role-policy
o detach-user-policy
o enable-mfa-device
o generate-credential-report
o get-access-key-last-used
o get-account-authorization-details
o get-account-password-policy
o get-account-summary
o get-context-keys-for-custom-policy
o get-context-keys-for-principal-policy
o get-credential-report
o get-group
o get-group-policy
o get-instance-profile
o get-login-profile
o get-open-id-connect-provider
o get-policy
o get-policy-version
o get-role
o get-role-policy
o get-saml-provider
o get-server-certificate
o get-ssh-public-key
o get-user
o get-user-policy
o help
o list-access-keys
o list-account-aliases
o list-attached-group-policies
o list-attached-role-policies
o list-attached-user-policies
o list-entities-for-policy
o list-group-policies
o list-groups
o list-groups-for-user
o list-instance-profiles
o list-instance-profiles-for-role
o list-mfa-devices
o list-open-id-connect-providers
o list-policies
o list-policy-versions
o list-role-policies
o list-roles
o list-saml-providers
o list-server-certificates
o list-signing-certificates
o list-ssh-public-keys
o list-user-policies
o list-users
o list-virtual-mfa-devices
o put-group-policy
o put-role-policy
o put-user-policy
o remove-client-id-from-open-id-connect-provider
o remove-role-from-instance-profile
o remove-user-from-group
o resync-mfa-device
o set-default-policy-version
o simulate-custom-policy
o simulate-principal-policy
o update-access-key
o update-account-password-policy
o update-assume-role-policy
o update-group
o update-login-profile
o update-open-id-connect-provider-thumbprint
o update-saml-provider
o update-server-certificate
o update-signing-certificate
o update-ssh-public-key
o update-user
o upload-server-certificate
o upload-signing-certificate
o upload-ssh-public-key
o wait
    6. Route 53

https://aws.amazon.com/route53/
      1. Limitation

ResourceDefault Limit
Hosted zones500
Domains50
Resource record sets per hosted zone10,000
Reusable delegation sets100
Hosted zones that can use the same reusable delegation set100
Amazon VPCs that you can associate with a private hosted zone100
Health checks50
Traffic policies50
Policy records5

      2. CLI command list

o associate-vpc-with-hosted-zone
o change-resource-record-sets
o change-tags-for-resource
o create-health-check
o create-hosted-zone
o create-reusable-delegation-set
o delete-health-check
o delete-hosted-zone
o delete-reusable-delegation-set
o disassociate-vpc-from-hosted-zone
o get-change
o get-checker-ip-ranges
o get-geo-location
o get-health-check
o get-health-check-count
o get-health-check-last-failure-reason
o get-health-check-status
o get-hosted-zone
o get-hosted-zone-count
o get-reusable-delegation-set
o help
o list-geo-locations
o list-health-checks
o list-hosted-zones
o list-hosted-zones-by-name
o list-resource-record-sets
o list-reusable-delegation-sets
o list-tags-for-resource
o list-tags-for-resources
o update-health-check
o update-hosted-zone-comment
o wait
    7. RDS

https://aws.amazon.com/rds/
      1. Limitation

Instances40
Reserved Instances40
Total storage for all DB instances100 TB
Manual Snapshots50
Parameter Groups50
Security Groups25
VPC Security Groups5
Subnet Groups20
Subnets per Subnet Group20
Option Groups20
Event Subscriptions20
Read Replicas per Master5

      2. CLI command list

o add-option-to-option-group
o add-source-identifier-to-subscription
o add-tags-to-resource
o apply-pending-maintenance-action
o authorize-db-security-group-ingress
o copy-db-cluster-snapshot
o copy-db-parameter-group
o copy-db-snapshot
o copy-option-group
o create-db-cluster
o create-db-cluster-parameter-group
o create-db-cluster-snapshot
o create-db-instance
o create-db-instance-read-replica
o create-db-parameter-group
o create-db-security-group
o create-db-snapshot
o create-db-subnet-group
o create-event-subscription
o create-option-group
o delete-db-cluster
o delete-db-cluster-parameter-group
o delete-db-cluster-snapshot
o delete-db-instance
o delete-db-parameter-group
o delete-db-security-group
o delete-db-snapshot
o delete-db-subnet-group
o delete-event-subscription
o delete-option-group
o describe-account-attributes
o describe-certificates
o describe-db-cluster-parameter-groups
o describe-db-cluster-parameters
o describe-db-cluster-snapshots
o describe-db-clusters
o describe-db-engine-versions
o describe-db-instances
o describe-db-log-files
o describe-db-parameter-groups
o describe-db-parameters
o describe-db-security-groups
o describe-db-snapshots
o describe-db-subnet-groups
o describe-engine-default-cluster-parameters
o describe-engine-default-parameters
o describe-event-categories
o describe-event-subscriptions
o describe-events
o describe-option-group-options
o describe-option-groups
o describe-orderable-db-instance-options
o describe-pending-maintenance-actions
o describe-reserved-db-instances
o describe-reserved-db-instances-offerings
o download-db-log-file-portion
o failover-db-cluster
o help
o list-tags-for-resource
o modify-db-cluster
o modify-db-cluster-parameter-group
o modify-db-instance
o modify-db-parameter-group
o modify-db-subnet-group
o modify-event-subscription
o promote-read-replica
o purchase-reserved-db-instances-offering
o reboot-db-instance
o remove-option-from-option-group
o remove-source-identifier-from-subscription
o remove-tags-from-resource
o reset-db-cluster-parameter-group
o reset-db-parameter-group
o restore-db-cluster-from-snapshot
o restore-db-cluster-to-point-in-time
o restore-db-instance-from-db-snapshot
o restore-db-instance-to-point-in-time
o revoke-db-security-group-ingress
o wait
    8. S3

https://aws.amazon.com/s3/
      1. Limitation

Buckets100 per account

      2. CLI command list

o cp
o ls
o mb
o mv
o rb
o rm
o sync
o website
    9. SNS

https://aws.amazon.com/sns/
      1. Limitation

Topics per AWS account100,000

      2. CLI command list

o add-permission
o confirm-subscription
o create-platform-application
o create-platform-endpoint
o create-topic
o delete-endpoint
o delete-platform-application
o delete-topic
o get-endpoint-attributes
o get-platform-application-attributes
o get-subscription-attributes
o get-topic-attributes
o help
o list-endpoints-by-platform-application
o list-platform-applications
o list-subscriptions
o list-subscriptions-by-topic
o list-topics
o publish
o remove-permission
o set-endpoint-attributes
o set-platform-application-attributes
o set-subscription-attributes
o set-topic-attributes
o subscribe
o unsubscribe
    10. SQS

https://aws.amazon.com/sqs/
      1. Limitation

Size limitationSet from 1KB to256KB

      2. CLI command list

o add-permission
o change-message-visibility
o change-message-visibility-batch
o create-queue
o delete-message
o delete-message-batch
o delete-queue
o get-queue-attributes
o get-queue-url
o help
o list-dead-letter-source-queues
o list-queues
o purge-queue
o receive-message
o remove-permission
o send-message
o send-message-batch
o set-queue-attributes
    11. SWF

https://aws.amazon.com/swf/
      1. Limitation

ResourceDefault Limit
Domains250

      2. CLI command list

o count-closed-workflow-executions
o count-open-workflow-executions
o count-pending-activity-tasks
o count-pending-decision-tasks
o deprecate-activity-type
o deprecate-domain
o deprecate-workflow-type
o describe-activity-type
o describe-domain
o describe-workflow-execution
o describe-workflow-type
o get-workflow-execution-history
o help
o list-activity-types
o list-closed-workflow-executions
o list-domains
o list-open-workflow-executions
o list-workflow-types
o poll-for-activity-task
o poll-for-decision-task
o record-activity-task-heartbeat
o register-activity-type
o register-domain
o register-workflow-type
o request-cancel-workflow-execution
o respond-activity-task-canceled
o respond-activity-task-completed
o respond-activity-task-failed
o respond-decision-task-completed
o signal-workflow-execution
o start-workflow-execution
o terminate-workflow-execution
    12. VPC

https://aws.amazon.com/vpc/
      1. Limitation

ResourceDefault limit Comments
VPCs per region5
Subnets per VPC200
Internet gateways per region5
Virtual private gateways per region5
Cstomer gateways per region50
VPN connections per region50
VPN connections per VPC (per virtual private gateway)10
Route tables per VPC200
Routes per route table (non-propagated routes)50
BGP advertised routes per route table (propagated routes)100
Elastic IP addresses per region for each AWS account5
Security groups per VPC500
Inbound or outbound rules per security group50
Security groups per network interface5
Network interfaces per region350
Network ACLs per VPC200
Rules per network ACL20
Active VPC peering connections per VPC50
Outstanding VPC peering connection requests25
Expiry time for an unaccepted VPC peering connection request1 week
VPC endpoints per region20
Flow logs per single network interface, single subnet, or single VPC in a region2

4. Study resources

http://aws.amazon.com/documentation/

https://aws.amazon.com/getting-started/tutorials/

https://www.youtube.com/user/awstutorialseries/playlists

https://run.qwiklab.com/

http://aws.amazon.com/jp/training/intro_series/

Add comment to this article

10.
2016/02/12 "AWS > How to set up Auto scale in AWS"
[Show only this article / Modify / Delete / Send trackback / Add to the shared category]

Stop instance

Choose instance

Choose View/Change User Data

Add the following script for the initiation

#!/bin/bash
yum -y update;
curl https://amazon-ssm-ap-southeast-1.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm;
yum install -y amazon-ssm-agent.rpm;

By adding installation command, you can use the instance for auto-scaling.

Add comment to this article

 =>Older article
Subscribe to RSS
RSS
Term
Category
All
1.Japan
2.Atlassian's products
3.Self
4.Development of this site
5.Japanese comics
6.Japanese anime
7.Weekly hot news of Japanese culture
8.OP/ED/PV
9.Japanese game
10.Ranking
11.Japanese Comics (Manga)
12.Search Engine
13.Japanese drama
14.Japanese otaku culture
15.Programming
16.Ineternet world
17.Movie
18.C/C++
19.BerkeleyDB
20.Apache programming
21.Spam
22.Meteor
23.Marketing
24.Python
25.Scrum
26.JIRA
27.Git
28.CI
29.Jenkins
30AWS
31.Operation
32.Singapore
33.Cloud
34.Mysql Cluster
35.DevOps
36.Bitbucket
37.Xamarin
38.Good and new
39.Monitoring
40.JavaScript(node.js)
41.React
42.Phillipines
43.Hiring
44.Python
45.SEO
46.Malaysia
47.Mongodb
48.Perl
49.Docker
50.Life hack
51.Dance
52.QA
53.Mysql
54.Digital Life Hack
55.Project management
56.Django
57.Gatsby
58.Administrator
Sayings from S-Cry-Ed

Rule in this world is speed. Even stupid person can write cool novel if he can spend 20 years for it.

If someone helped me, I will help him in return, which is my rule.

To become stronger, consider what is cowardliest thinking. And rebel against the thinking, which will make you stronger.



I am Japanese but working for some English sites.

Doctor Job Career
Nurse Job Career
↑Top