Welcome to the Simplilearn Community

Want to join the rest of our members? Sign up right away!

Sign Up

AWS Solutions Architect SAA C02 | Radha Krishnan

krisrad

Active Member
Hello RK, Do you export the PPT into PDF and post it in google drive?
Yes. I've uploaded the whiteboard notes. The PPT can't be uploaded. It has restricted access, and you already have access to those in the form of Ebooks, that you can download from the LMS, below the live curriculum tab.
 

krisrad

Active Member
Egress gateway allows outbound traffic from private subnet ?
2 VPC's can have same range of IP's ?
Egress gateway allows outbound traffic from private subnet, ONLY for IPv6 enabled instances. For IPv4 instances, we have to use NAT Gateway.
2 VPC's can't have the same range of IP's. They should have different range that should not overlap.
 

krisrad

Active Member
DMZ stands for DeMilitarized Zone. It means restricted area. So you can put all your webservers/private services/databases in a private subnet, without a Internet Gateway. Then access can be provided into these resources, via a bastion host, residing on a public subnet. The security group for the bastion host, will allow SSH access only from your company network or a particular authorized IP address.
 

krisrad

Active Member
DMZ stands for DeMilitarized Zone. It means restricted area. So you can put all your webservers/private services/databases in a private subnet, without a Internet Gateway. Then access can be provided into these resources, via a bastion host, residing on a public subnet. The security group for the bastion host, will allow SSH access only from your company network or a particular authorized IP address.
Check out this link --> https://docs.aws.amazon.com/quickstart/latest/vpc/security.html
" A public subnet is useful as a DMZ infrastructure for web servers and for Internet-facing Elastic Load Balancing (ELB) load balancers. "
 
I received the below message for my free AWS account.
1625538397408.png
Please help me with the correct steps to be taken to avoid getting charged.

Thanks,
Kunal
 

krisrad

Active Member
I received the below message for my free AWS account.
View attachment 17855
Please help me with the correct steps to be taken to avoid getting charged.

Thanks,
Kunal
You are running some EC2 instance. Go to EC2 service and terminate the instance. Change the region on the top right and check EC2 service across all regions, to make sure no instance are running across all regions.
 
You are running some EC2 instance. Go to EC2 service and terminate the instance. Change the region on the top right and check EC2 service across all regions, to make sure no instance are running across all regions.
Will they charge on Stopped instance even?
 
Hello RK Sir, I have configured an EC2 instance in LMS and configured web server. Butthe webpage is not displaying if I give this address "ec2-34-229-186-228.compute-1.amazonaws.com". Getting this message - "ec2-34-229-186-228.compute-1.amazonaws.com took too long to respond."
 

Hashmi64

Member
Hlo Sir...I want to know about project submission, telling us to add write up files, screenshot, and what is the source code?? Plz help me with this.
 

krisrad

Active Member
Hello RK Sir, I have configured an EC2 instance in LMS and configured web server. Butthe webpage is not displaying if I give this address "ec2-34-229-186-228.compute-1.amazonaws.com". Getting this message - "ec2-34-229-186-228.compute-1.amazonaws.com took too long to respond."
You have installed httpd on this machine ? You can try to access this ec2 instance with public IP address. Check if the security group for this instance allows port 80.
 

akarsh k

Administrator
Simplilearn Support
Hlo Sir...I want to know about project submission, telling us to add write up files, screenshot, and what is the source code?? Plz help me with this.
Hi Harshmi, You need to attach the same project file in all three fields & submit the project.
 

akarsh k

Administrator
Simplilearn Support
Can anyone share project solution for refernce! thanks
Please raise ticket, Team will share the sample projects,

Please follow the steps below to raise
"Help and support" ticket.
>Login to LMS account,
>Select "help" icon on the top right hand side of the LMS page
>Select any query example:unlocking the certificate
>Connect to "Arya" the virtual assistant
>Select "other"
>To raise a ticket select " yes"
 
Hi Harshmi, You need to attach the same project file in all three fields & submit the project.
Hi, Attached the same project file in all three fields and submitted one practice project. Please check and let me know, Is that the same way we need to do for the final project also.
 
Hi RK,

I am trying to create IAM role to enable Redshift to read S3 . But not seeing any policy for S3 under IAM Role. Is it disabled ?

Thanks
Anil
 
Hello Sir,

Please see the project below.
1626187304349.png

For this project, I've created a VPC from launch wizard having 1 public subnet and 1 subnet groups. Then I created subnet groups - 1 for public subnet and 1 for private subnet, security groups - 1 for DB instance and 1 for EC2 instance. Once the VPC has been set up, I worked on DB instance and EC2 instance. I created MySQL DB instance in private subnet in my VPC and configured security group as per DB instance.
Finally I created EC2 instance with Linux AMI in same region, within public subnet within my VPC. After configuring security group, I launched the instance and it was running successfully. I implemented PuTTyGen to get private key in .pem format and using the private key in PuTTy I can able to connect to the my Linux instance.

Do I need to implement anything else apart from this???

Thanks,
Kunal
 
Last edited:

krisrad

Active Member
Hi RK,

I am trying to create IAM role to enable Redshift to read S3 . But not seeing any policy for S3 under IAM Role. Is it disabled ?

Thanks
Anil
First create a role and select the service as 'Redshift', then select permissions/policies. Several AWS managed policies like 'S3fullaccess', 'S3Readonlyaccess' are created by aws and are available to be selected for your new role.
 

krisrad

Active Member
Hello Sir,

Please see the project below.
View attachment 18003

For this project, I've created a VPC from launch wizard having 1 public subnet and 1 subnet groups. Then I created subnet groups - 1 for public subnet and 1 for private subnet, security groups - 1 for DB instance and 1 for EC2 instance. Once the VPC has been set up, I worked on DB instance and EC2 instance. I created MySQL DB instance in private subnet in my VPC and configured security group as per DB instance.
Finally I created EC2 instance with Linux AMI in same region, within public subnet within my VPC. After configuring security group, I launched the instance and it was running successfully. I implemented PuTTyGen to get private key in .pem format and using the private key in PuTTy I can able to connect to the my Linux instance.

Do I need to implement anything else apart from this???

Thanks,
Kunal
It sounds good, pls. take screenshot of the resources you have created.

In addition those, you might have to write a word document with a writeup on how the front-end/ui might work to capture the inputs from the employees and how you can connect the EC2 instance to the RDS DB instance.

The requirement also states that the application must scale when there is a traffic surge. So You have to create an Auto-Scaling group and Load balancer and submit screenshots of those resources as well.
 
It sounds good, pls. take screenshot of the resources you have created.

In addition those, you might have to write a word document with a writeup on how the front-end/ui might work to capture the inputs from the employees and how you can connect the EC2 instance to the RDS DB instance.

The requirement also states that the application must scale when there is a traffic surge. So You have to create an Auto-Scaling group and Load balancer and submit screenshots of those resources as well.
Hi Sir,

Thanks for the response.
As you suggested I created two EC2 instances and installed web servers and connected them to my RDS instance. Then I created an application load balancer with a path-based rule which navigates to my EC2 instances based on traffic. But now if I implement Autoscaling which is going to create EC2 instances automatically for me.
Do I need to manually go to each of the instances created using Autoscaling group and install the web server and connect to RDS instance??

Thanks,
Kunal
 
Last edited:

JINO JOHN_1

New Member
Hi RK
Good day,

Regarding MFA, what would be the minimum permission assigned for users to configure MFA by themselves, in the demo we have assigned the user 'Joe' the Administrator access?
Suppose we assign MFA for the root user and what if the mobile device is stolen or damaged, how can we then login using root and Is there any way to recover root user account?
I understand that we cannot enforce MFA to all the users in AWS, they themselves have to do it as per their wish, but how as an administrator we can ensure compliance across the organization, I believe Azure has an option to to assign MFA to all Azure users (AD--> Users--> MFA)
 
Hi RK,

Could you please explain 2nd project. Confusion on "AWS services that can be used to deploy a serverless web app on the AWS Cloud. The web app will be used to upload and save data by the users". Could you please add some light on this?
 
Hello RK Sir,
For Project1, I created MySql database and also EC2 instance. Also installed http and able to host and run the webpage. But for storing and retrieving value from database I need to run PHP scripts. Please help me in having information regarding how to execute PHP scripts from AMI Linux. Thank you
 
Hi RK,

Could you please explain 2nd project. Confusion on "AWS services that can be used to deploy a serverless web app on the AWS Cloud. The web app will be used to upload and save data by the users". Could you please add some light on this?
HI RK,

Could you please help here. ? Wanted to know the use of Route 53
 

krisrad

Active Member
Hi RK
Good day,

Regarding MFA, what would be the minimum permission assigned for users to configure MFA by themselves, in the demo we have assigned the user 'Joe' the Administrator access?
Suppose we assign MFA for the root user and what if the mobile device is stolen or damaged, how can we then login using root and Is there any way to recover root user account?
I understand that we cannot enforce MFA to all the users in AWS, they themselves have to do it as per their wish, but how as an administrator we can ensure compliance across the organization, I believe Azure has an option to to assign MFA to all Azure users (AD--> Users--> MFA)
If you are the root user with an associated phone number, then you can deactivate your MFA device. Pls. see this blog -> https://aws.amazon.com/blogs/securi...e-faster-by-using-the-aws-management-console/
 

krisrad

Active Member
HI RK,

Could you please help here. ? Wanted to know the use of Route 53
The project is asking us to architect a solution, which will allow users to upload a file and save this file in a Storage service and send them an email notification, to the customer's email address, that the file has been uploaded.

There are 2 ways to do this. First way you can invoke a lambda function via an api gateway and the lambda function will produce a signed url for an s3 bucket. Now you can directly send a POST request to this signed url along with the file to upload and the file will be uploaded to S3 bucket.

The second option is to create a web application which will allow users to upload a file to an S3 bucket. The web application itself can be hosted as website in S3 or on EC2.

Once the file is uploaded to S3 bucket, you can use S3 event notifications to send a message to SQS queue or an SNS topic, which will send an email notification to the customer. Or you can send the event notification to Lambda function which will programmatically use the SES (Email service) to send an email to the customer.

Route53 is a dns service you can use to route your domain requests to API gateway endpoint or the static web app in S3 bucket.

Check out this blog -> which gives the above solution -> https://aws.amazon.com/blogs/comput...s3-directly-from-a-web-or-mobile-application/
 

krisrad

Active Member
Hello RK Sir,
For Project1, I created MySql database and also EC2 instance. Also installed http and able to host and run the webpage. But for storing and retrieving value from database I need to run PHP scripts. Please help me in having information regarding how to execute PHP scripts from AMI Linux. Thank you
For storing and retrieving data from database, you don't need php. You can also use aws sdk in javascript to connect to RDS database. Then you can embed the javascript in your html file or in your node.js application. You can google for connecting to RDS from javascript, you will find many examples.
 

krisrad

Active Member
Hi Sir,

Thanks for the response.
As you suggested I created two EC2 instances and installed web servers and connected them to my RDS instance. Then I created an application load balancer with a path-based rule which navigates to my EC2 instances based on traffic. But now if I implement Autoscaling which is going to create EC2 instances automatically for me.
Do I need to manually go to each of the instances created using Autoscaling group and install the web server and connect to RDS instance??

Thanks,
Kunal
You can create an AMI of your EC2 instance and specify that AMI in the launch configuration of the Auto-Scaling group. Then you don't have to go to instances individually and install software.
 
Hii,

I am Prasad. I want help in doing the projects. Please guide me in doing the projects. Who can help me out in this or else provide anyone's no so that I can ask my doubts to that person.

Request you to help me out in this.....
 

krisrad

Active Member
Hii,

I am Prasad. I want help in doing the projects. Please guide me in doing the projects. Who can help me out in this or else provide anyone's no so that I can ask my doubts to that person.

Request you to help me out in this.....
If you have any specific questions on a particular project, pls. ask them here.
 
The project is asking us to architect a solution, which will allow users to upload a file and save this file in a Storage service and send them an email notification, to the customer's email address, that the file has been uploaded.

There are 2 ways to do this. First way you can invoke a lambda function via an api gateway and the lambda function will produce a signed url for an s3 bucket. Now you can directly send a POST request to this signed url along with the file to upload and the file will be uploaded to S3 bucket.

The second option is to create a web application which will allow users to upload a file to an S3 bucket. The web application itself can be hosted as website in S3 or on EC2.

Once the file is uploaded to S3 bucket, you can use S3 event notifications to send a message to SQS queue or an SNS topic, which will send an email notification to the customer. Or you can send the event notification to Lambda function which will programmatically use the SES (Email service) to send an email to the customer.

Route53 is a dns service you can use to route your domain requests to API gateway endpoint or the static web app in S3 bucket.

Check out this blog -> which gives the above solution -> https://aws.amazon.com/blogs/comput...s3-directly-from-a-web-or-mobile-application/
Hi RK,
Regarding Project 2,
I have created an IAM role that has permissions to S3, SNS, SQS, "ses:SendEmail","ses:SendRawEmail", and LambdaExecute.
Next Created an S3 bucket, SNS topic, SQS, and a Lambda function.
In my SQS, I have subscribed to my SNS topic.
In S3, updated the event notification with the SNS topic and got stuck here.
In the Lambda function, I have written a code to send an email notification. Without any condition, I am able to send an email. How to relate the S3 trigger event to the SNS topic to SQS to SES? Why do we use Route53 here?
 
Top