1 00:00:12,679 --> 00:00:18,150 Welcome back to BackSpace Academy! In this lab we're going to be creating a 2 00:00:18,150 --> 00:00:24,600 server on ec2 that will be running Nodejs web applications for us and also, 3 00:00:24,600 --> 00:00:30,990 we'll be connecting in to that server using a terminal and also using SFTP to 4 00:00:30,990 --> 00:00:35,010 upload our application and different versions of the application to this server 5 00:00:35,010 --> 00:00:41,010 Now one thing I'd like to say is that if you're going to be doing Nodejs 6 00:00:41,010 --> 00:00:46,760 development or any other sort of development on AWS in my honest opinion 7 00:00:46,760 --> 00:00:52,920 the best way to do that is by using the AWS Cloud 9 IDE because it's going to 8 00:00:52,920 --> 00:00:56,670 have everything set up for you out of the box and it's going to have a great 9 00:00:56,670 --> 00:01:02,370 IDE to use that will be fully integrated with all of those AWS services for you 10 00:01:02,370 --> 00:01:09,960 but that said, you need to have access to the AWS management console to use 11 00:01:09,960 --> 00:01:15,390 AWS Cloud 9 IDE but, if you setup on EC2 like we're going 12 00:01:15,390 --> 00:01:19,979 to do in this lab, you can give someone programmatic access only and they'll 13 00:01:19,979 --> 00:01:24,869 only be able to access it through the command-line interface or through a 14 00:01:24,869 --> 00:01:29,220 software development kit. So that's going to reduce any training that is 15 00:01:29,220 --> 00:01:33,960 required on the management console and it's going to reduce any possibility of 16 00:01:33,960 --> 00:01:38,909 the developer doing something that they probably shouldn't be doing or 17 00:01:38,909 --> 00:01:44,939 didn't mean to do. We'll start off by creating an IAM user with limited privileges that 18 00:01:44,939 --> 00:01:48,990 will only allow them to have programmatic access. We'll put them in a 19 00:01:48,990 --> 00:01:53,009 group called developers and we're also going to create a role that will allow 20 00:01:53,009 --> 00:02:00,270 that EC2 server to access other services within AWS. Then we'll set up a security 21 00:02:00,270 --> 00:02:07,229 group specifically for Nodejs then we're going to bootstrap this EC2 22 00:02:07,229 --> 00:02:12,750 instance with a bash script. So what will happen is that when this EC2 instance is 23 00:02:12,750 --> 00:02:15,599 launched it will automatically run this bash script 24 00:02:15,599 --> 00:02:20,280 which will set up the Linux operating system for us and a number of 25 00:02:20,280 --> 00:02:27,660 firewall settings. Next we'll look at installing the NodeJS software and the AWS 26 00:02:27,660 --> 00:02:32,280 software development kit on this instance. Then we'll look at using the 27 00:02:32,280 --> 00:02:38,250 secure file transfer protocol to transfer our application, our Nodejs application 28 00:02:38,250 --> 00:02:44,040 onto this Nodejs server and also with other versions of our 29 00:02:44,040 --> 00:02:49,110 application as well. Then finally we'll look at creating an Amazon Machine Image 30 00:02:49,110 --> 00:02:53,310 of this server so that we can launch other servers like that in the future 31 00:02:53,310 --> 00:02:59,630 without having to go through all of this process of installing the software 32 00:03:02,269 --> 00:03:09,659 and starting off in the IAM management console, we're going to first off create a user 33 00:03:09,659 --> 00:03:16,140 we go to users and add user we'll give this user our name BackSpace-lab-ec2 34 00:03:16,140 --> 00:03:21,510 will be fine. We're going to give this user programmatic access only and 35 00:03:21,510 --> 00:03:26,280 that means that they can access this server remotely through the AWS 36 00:03:26,280 --> 00:03:32,549 command-line interface or through an AWS software development kit. We're not going 37 00:03:32,549 --> 00:03:38,879 to give them management console access but that said, if this developer required 38 00:03:38,879 --> 00:03:44,459 access to the AWS Cloud 9 IDE then you would also need to have management 39 00:03:44,459 --> 00:03:48,120 console access as well but for this lab we're just going to be doing 40 00:03:48,120 --> 00:03:53,790 programmatic access only. Click on Next permissions. What we need to do now is 41 00:03:53,790 --> 00:03:57,750 that we need to add this user to a group because that is good practice to keep 42 00:03:57,750 --> 00:04:03,870 track of your users and to have your user inherit the permissions of that group 43 00:04:03,870 --> 00:04:07,319 then add that user to a group we can see here we've got a group for 44 00:04:07,319 --> 00:04:12,090 administrators and we don't want to add our user to that group so we're going to 45 00:04:12,090 --> 00:04:18,650 create a specific group for our developers. So we click on create group 46 00:04:18,650 --> 00:04:28,380 we call this group developers and create group. So now we've created that group 47 00:04:28,380 --> 00:04:33,030 for our developers. It doesn't have an attached policy yet, we're going 48 00:04:33,030 --> 00:04:37,560 we'll to do that later on and we've added our user to that group automatically 49 00:04:37,560 --> 00:04:42,210 click on next tags and we're not going to worry about adding any tags 50 00:04:42,210 --> 00:04:52,199 to this user and next review and create that user. Ok, so now that we've created 51 00:04:52,199 --> 00:04:59,610 that user very important for this for this user to have programmatic access to 52 00:04:59,610 --> 00:05:03,120 this server they need to have credentials and so they need to have 53 00:05:03,120 --> 00:05:06,780 this access key ID and this secret access key so we need to download that 54 00:05:06,780 --> 00:05:12,300 so we just download that now and save that somewhere safe so once we've got 55 00:05:12,300 --> 00:05:17,169 that we can close out of here. Okay so now that we've created that user 56 00:05:17,169 --> 00:05:22,479 and we've created a group we need to assign permissions for that user because 57 00:05:22,479 --> 00:05:25,960 right now that user can't do anything, they've got no permissions to do anything 58 00:05:25,960 --> 00:05:32,409 so the best way to get the the right permissions to start with and 59 00:05:32,409 --> 00:05:37,470 then we can work from that and refine those missions is to start off with an 60 00:05:37,470 --> 00:05:44,919 AWS managed policy for a specific job function. So I am going to open up a web 61 00:05:44,919 --> 00:05:54,099 page here and here we have here we have our AWS manage policies for job functions 62 00:05:54,099 --> 00:06:00,879 so they are policies that AWS regularly update and their policies that 63 00:06:00,879 --> 00:06:06,759 they the AWS believe that a certain job function should have. So we have policies 64 00:06:06,759 --> 00:06:11,919 for administrators, billing, database, data sciences and, we've also got there for a 65 00:06:11,919 --> 00:06:16,360 developer power user. So we're going to give this this user or this group of users 66 00:06:16,360 --> 00:06:23,560 developer power user policy and, so here we can see it has a link to the AWS 67 00:06:23,560 --> 00:06:28,990 managed policy there. So we'll click on that and that will take us to the IAM 68 00:06:28,990 --> 00:06:34,659 management console specifically for that policy and, there we can see that it has 69 00:06:34,659 --> 00:06:39,490 a number of permissions there. We won't worry about that too much but we can 70 00:06:39,490 --> 00:06:44,379 refine that later on if we would like to and it's certainly a very good idea to 71 00:06:44,379 --> 00:06:49,719 do that because you want to limit access as much as possible. What we need to do 72 00:06:49,719 --> 00:06:54,879 now is we need to associate this policy with our developers group and, then our 73 00:06:54,879 --> 00:07:02,259 user will inherit this the permissions assigned within this policy. So we go 74 00:07:02,259 --> 00:07:07,539 to policy usage and we're going to attach this policy to an entity. 75 00:07:07,539 --> 00:07:13,569 So we're going to search for our developers and developers group. We could also attach 76 00:07:13,569 --> 00:07:17,469 this policy to a user but, it's far better to attach the policy 77 00:07:17,469 --> 00:07:23,469 to a group and have all of those users inherit the policy of that group. 78 00:07:23,469 --> 00:07:28,080 So we select developers and we attach that policy now 79 00:07:28,080 --> 00:07:33,040 and there we can see we have our developers there are attached to this policy 80 00:07:33,040 --> 00:07:39,520 okay so the next thing that we need to do is that we need to create a 81 00:07:39,520 --> 00:07:48,700 role for our ec2 server to access AWS resources. So we go to roles and, create 82 00:07:48,700 --> 00:07:52,200 role. It's an AWS service. We're going to be 83 00:07:52,200 --> 00:08:00,580 allowing or associating this role to the ec2 server. So it's AWS ec2. We select ec2 here 84 00:08:00,580 --> 00:08:07,630 which will allow ec2 instances to call AWS services on our behalf. 85 00:08:07,630 --> 00:08:14,770 We click on next for permissions. So we're going to give this server access 86 00:08:14,770 --> 00:08:19,900 to Amazon s3. So it might want to create buckets or do whatever. So we're just 87 00:08:19,900 --> 00:08:25,600 going to give this server Amazon s3 full access, but that said we could also do an 88 00:08:25,600 --> 00:08:31,930 Amazon s3 endpoint a VPC endpoint in our VPC and that would also allow access to 89 00:08:31,930 --> 00:08:33,669 s3 and that's probably a better way of doing it, 90 00:08:33,669 --> 00:08:39,520 but for now I'm just creating a role here to show you how you can create 91 00:08:39,520 --> 00:08:45,820 access permissions for a specific server. So this could be access to ec2. 92 00:08:45,820 --> 00:08:50,950 For example if you wanted this ec2 server to be able to create other ec2 servers, 93 00:08:50,950 --> 00:08:55,930 you could actually search here for ec2 as well, but we'll just stick now with 94 00:08:55,930 --> 00:09:06,160 Amazon s3. Click on next tags and, next review. We'll give this role a name. 95 00:09:06,160 --> 00:09:10,720 We'll leave the description as it is and that looks pretty good, 96 00:09:10,720 --> 00:09:22,000 and we'll create this role. Ok so now that we've created a user and, we've added 97 00:09:22,000 --> 00:09:25,990 that user to a group and, we've assigned permissions to that group for that group 98 00:09:25,990 --> 00:09:31,210 of users and, we've also created a role and assigned a policy with permissions 99 00:09:31,210 --> 00:09:36,940 to that role and, that role can be associated to our ec2 server, the next 100 00:09:36,940 --> 00:09:40,840 thing we need to do is to create a security group that we can associate to 101 00:09:40,840 --> 00:09:46,240 this server, that will allow traffic from the wider internet and also allow 102 00:09:46,240 --> 00:09:53,590 traffic for secure access for us so that we can run terminal commands remotely to 103 00:09:53,590 --> 00:09:59,890 to this ec2 server. So we need to receive on port 80 for HTTP but we also need to 104 00:09:59,890 --> 00:10:06,250 receive traffic on port 3000 because NodeJS won't receive traffic on port 80 105 00:10:06,250 --> 00:10:09,040 it won't let you do that. So what you need to do is receive it on 106 00:10:09,040 --> 00:10:13,870 port 80 and then forwarded over to port 3000 and, further on in the lab we'll 107 00:10:13,870 --> 00:10:18,340 look at how we're going to do that using the Linux operating system and, we also 108 00:10:18,340 --> 00:10:24,880 need to have access on port 22 for secure shell or SSH and that will allow 109 00:10:24,880 --> 00:10:30,610 us to remotely connect into this server and issue commands to this server and 110 00:10:30,610 --> 00:10:37,380 also it will allow us to upload files using secure File Transfer Protocol 111 00:10:37,380 --> 00:10:43,390 directly to that server. So starting off we need to scroll down to network and 112 00:10:43,390 --> 00:10:49,930 security in the ec2 management console. Go to security groups and create a 113 00:10:49,930 --> 00:10:58,500 security group and, we'll give this security group a name and a description 114 00:11:00,510 --> 00:11:05,950 We're going to leave it with the default VPC and we'll add our inbound rules. 115 00:11:05,950 --> 00:11:11,740 The first one is to receive traffic for the wider internet on port 80 for HTTP. 116 00:11:11,740 --> 00:11:17,800 We'll scroll down, the type will be HTTP and, there we go port 80 and that 117 00:11:17,800 --> 00:11:21,730 will be from anywhere. So all traffic from the wider internet on port 80 will 118 00:11:21,730 --> 00:11:30,040 come in. We also need to allow traffic which will be a custom TCP on port 3000 119 00:11:30,040 --> 00:11:36,519 and that is to receive traffic for the Nodejs server and that will be from 120 00:11:36,519 --> 00:11:43,240 anywhere as well and, the final rule that we need to create is for SSH. So we'll 121 00:11:43,240 --> 00:11:48,910 scroll down to SSH which will give us secure shell access remotely to our 122 00:11:48,910 --> 00:11:54,160 server. Now normally you would select, and I suggest that you select, my IP. 123 00:11:54,160 --> 00:11:59,259 I can't do that here because where I operate from I've set up multiple 124 00:11:59,259 --> 00:12:03,279 internet connections through a load balancer and so my IP can be run of 125 00:12:03,279 --> 00:12:09,069 three or four different IP addresses. So I have to use anywhere but please if 126 00:12:09,069 --> 00:12:13,240 you've got a static IP address make sure that you select my IP it's going to give 127 00:12:13,240 --> 00:12:18,029 you much better security. So I'm just going to select anywhere for now and 128 00:12:18,029 --> 00:12:26,230 then I'll create that security group and there we go. Ok so now that we've created 129 00:12:26,230 --> 00:12:30,850 our security group, we need to associate it with an ec2 instance. So first of all 130 00:12:30,850 --> 00:12:38,769 we need to create that ec2 instance. So let's go to instances and Launch 131 00:12:38,769 --> 00:12:49,810 instance. We will select the Amazon Linux 2 AMI which is a CentOS ami and we'll 132 00:12:49,810 --> 00:12:56,440 set the t2.micro and next for configure instance details. 133 00:12:56,440 --> 00:13:00,670 We'll leave it with the default VPC. Make sure that you auto assign a public IP address 134 00:13:00,670 --> 00:13:05,740 because without that you're not going to be able to receive traffic or you won't 135 00:13:05,740 --> 00:13:10,930 be found on the wider internet. We'll select that IAM role for this ec2 136 00:13:10,930 --> 00:13:16,480 server that we created which was backspace - lab - ec2 - s3 and then 137 00:13:16,480 --> 00:13:21,430 we're going to scroll down to this area of advanced details. Now that might be 138 00:13:21,430 --> 00:13:27,790 minimized like this or if it's not there just click on on the caret here 139 00:13:27,790 --> 00:13:32,380 and it will open it up for you. Now what we need to do is that we need to create a bash script, 140 00:13:32,380 --> 00:13:37,360 a Linux bash script and what that will do is that that will be invoked when the 141 00:13:37,360 --> 00:13:43,209 instance is launched and, it will set up, first of all it will do a update of our 142 00:13:43,209 --> 00:13:46,840 Linux operating system a yum update. Then it's 143 00:13:46,840 --> 00:13:52,570 going to set up our firewall rules within the Linux operating system and, 144 00:13:52,570 --> 00:13:57,190 is going to direct traffic that comes in on port 80 that cannot be received by 145 00:13:57,190 --> 00:14:02,920 Nodejs directly and it's going to forward that traffic over to port 3000 where the 146 00:14:02,920 --> 00:14:07,420 Nodejs system can actually accept that. Now this 147 00:14:07,420 --> 00:14:12,340 is firewall rules that are set up in the Linux operating system and this is one 148 00:14:12,340 --> 00:14:17,440 thing to remember, is that yes you have security groups but, you also have other 149 00:14:17,440 --> 00:14:21,760 layers of security as well and your Linux firewall rules don't forget about 150 00:14:21,760 --> 00:14:25,660 them because if you're using Linux you can also take advantage of 151 00:14:25,660 --> 00:14:31,480 those as well, as another layer of security. So we've got that set up, now we 152 00:14:31,480 --> 00:14:36,340 just paste that in, and we can see there, we're first off, we're doing a yum update 153 00:14:36,340 --> 00:14:43,750 and then we're directing traffic for port 80 redirecting over to port 3000. 154 00:14:43,750 --> 00:14:49,900 Click on next and storage. We will leave storage as it is. Add tags, we're going to 155 00:14:49,900 --> 00:14:54,670 add a tag and we're just going to add a name tag. Now when you put the name tag 156 00:14:54,670 --> 00:14:58,750 make sure that you use a capital N in front of the name otherwise it won't 157 00:14:58,750 --> 00:15:03,940 come up correctly, and the values is going to be NodeJS. Next we configure 158 00:15:03,940 --> 00:15:09,100 our security group. We select the security group so select an existing 159 00:15:09,100 --> 00:15:14,580 security group and which will be down here somewhere, 160 00:15:14,970 --> 00:15:19,420 there it is. There's our Nodejs security group. We can see there that 161 00:15:19,420 --> 00:15:26,560 has traffic coming in on port 80, port 22 and port 3000. That looks-fine. 162 00:15:26,560 --> 00:15:35,650 We will review and launch. Looking good, and launch. So we need to choose an 163 00:15:35,650 --> 00:15:39,490 existing key pair. So I've already got a key pair here. If you haven't, create a 164 00:15:39,490 --> 00:15:46,170 new one. So just acknowledge that and launch the instances 165 00:15:52,030 --> 00:16:02,320 and view instances and, we'll let that chug away for now. Okay so now that we've 166 00:16:02,320 --> 00:16:07,900 launched our instance, it doesn't really do anything, it won't receive any, or it 167 00:16:07,900 --> 00:16:11,290 won't respond to any traffic coming in. It will receive the traffic but it won't 168 00:16:11,290 --> 00:16:14,770 do anything with it because we haven't set up NodeJS, there's no software on there. 169 00:16:14,770 --> 00:16:18,400 We don't have the AWS software development kit either. So we can't 170 00:16:18,400 --> 00:16:23,710 access anything like s3 without our software development kit. So what we need 171 00:16:23,710 --> 00:16:29,110 to do is add those. So the way that we do that is we need to connect into this ec2 172 00:16:29,110 --> 00:16:34,360 instance using SSH and, run a secure shell and, run commands to install that. 173 00:16:34,360 --> 00:16:41,680 So the way we do that is we select our server and we click on connect and, 174 00:16:41,680 --> 00:16:46,500 we'll get this connection string down here and, we're just going to copy that, 175 00:16:46,500 --> 00:16:53,080 just copy that and, what we need to do now is go to where we downloaded our PEM file 176 00:16:53,080 --> 00:16:57,940 just recently. So when we created this ec2 instance we downloaded a PEM file. 177 00:16:57,940 --> 00:17:02,320 So I've got the one here that I downloaded. So we just go in to where it 178 00:17:02,320 --> 00:17:09,190 is and provided we've got Git for windows installed on our PC, we just right click 179 00:17:09,190 --> 00:17:12,340 on the folder area. You don't right click on the actual file itself 180 00:17:12,340 --> 00:17:16,570 because it won't come up just right click on the folder area here on the 181 00:17:16,570 --> 00:17:22,930 empty space and just to get bash here and, that will get up a Git screen, 182 00:17:22,930 --> 00:17:27,070 a bash screen for us that we can issue commands and the first command 183 00:17:27,070 --> 00:17:32,140 that we're going to issue will be to connect to that server. Ok so I'm just 184 00:17:32,140 --> 00:17:38,280 going to paste that command in now. So just right-click and select paste and 185 00:17:38,280 --> 00:17:45,510 enter yes to accept that fingerprint 186 00:17:46,400 --> 00:17:52,640 and there we go. So we now have secured access to that ec2 server. 187 00:17:52,640 --> 00:17:56,330 What we need to do now is that we need to run through and install the Nodejs 188 00:17:56,330 --> 00:18:01,190 software on our on our server. The first thing we need to do is that we 189 00:18:01,190 --> 00:18:05,690 need to install the node version manager and, from there we can use the node 190 00:18:05,690 --> 00:18:11,150 version manager to install NodeJS. So first of all do a curl command to bring 191 00:18:11,150 --> 00:18:15,800 that into our server and, all this is in the lab notes, just copy and paste it 192 00:18:15,800 --> 00:18:21,710 from the lab notes, like I am doing here and that will bring that in and now we 193 00:18:21,710 --> 00:18:28,610 just need to invoke the node version manager. So we can run it and just copy 194 00:18:28,610 --> 00:18:31,540 and paste over again. 195 00:18:31,960 --> 00:18:38,300 Now we can use nvm. Now that it's setup and invoked we can use it to 196 00:18:38,300 --> 00:18:42,950 install Nodejs. We just do nvm install node and, again I'm just copying this 197 00:18:42,950 --> 00:18:45,670 from the lab notes. 198 00:18:52,180 --> 00:18:56,860 Okay so that worked fine. We're just going to check that it actually works by 199 00:18:56,860 --> 00:19:01,930 doing node --version. If it's installed it will send us back what the 200 00:19:01,930 --> 00:19:09,070 version of NodeJS and there we go. So it's version 13.11 201 00:19:09,070 --> 00:19:13,270 of node. So that worked fine NodeJS is installed. The next thing we need to 202 00:19:13,270 --> 00:19:19,030 install is the AWS software development kit. We can install it using the 203 00:19:19,030 --> 00:19:24,810 node package manager. Now that Nodejs is setup, So we just do npm install AWS - SDK. 204 00:19:24,810 --> 00:19:31,420 So again I'll just copy that over from the lab notes make life easier. 205 00:19:31,420 --> 00:19:41,500 In NPM install AWS software development kit and that looks fine. 206 00:19:41,500 --> 00:19:47,500 We just check that it has installed by doing again AWS - - version. Again I'll just copy 207 00:19:47,500 --> 00:19:55,170 and paste it over from the lab notes. There we go. So we've got a the AWS 208 00:19:55,170 --> 00:20:02,140 software development kit has been set up there fine okay. So we've installed 209 00:20:02,140 --> 00:20:05,830 Nodejs and the AWS software development kit for 210 00:20:05,830 --> 00:20:09,460 Nodejs what we need to do now is that we need 211 00:20:09,460 --> 00:20:17,290 to upload our application code to our server using secure FTP or SFTP for short. 212 00:20:17,290 --> 00:20:21,070 What we're going to do is we're going to use a software called CyberDuck 213 00:20:21,070 --> 00:20:25,120 and we're going to connecting using it. The first thing we need to do is 214 00:20:25,120 --> 00:20:32,310 we need to grab our public IP address and copy that and then open up CyberDuck. 215 00:20:32,310 --> 00:20:40,780 So there's CyberDuck and we need to open a connection and, it's going to be SFTP. 216 00:20:40,780 --> 00:20:48,640 It won't be FTP it will be SFTP for SSH File Transfer Protocol and the 217 00:20:48,640 --> 00:20:54,580 server will be that public IP address. Port will be 22 and then we're going to 218 00:20:54,580 --> 00:20:59,350 choose our private key. So normally this will have none. So what we're going to do 219 00:20:59,350 --> 00:21:04,780 is choose our private key now that will be the private key that we saved when we 220 00:21:04,780 --> 00:21:07,850 created this to service. So the one that's associated 221 00:21:07,850 --> 00:21:12,860 to that. That's not your credentials, the excel worksheet view credentials, this is 222 00:21:12,860 --> 00:21:22,159 a PEM file. So we'll choose it and connect now provided that PEM file is 223 00:21:22,159 --> 00:21:26,590 correct we should be fine. 224 00:21:27,549 --> 00:21:35,690 There we go we've connected in and it's got a listing of our server. So just 225 00:21:35,690 --> 00:21:39,080 jumping into an editor. I've got Visual Studio, it can be anything, it can be 226 00:21:39,080 --> 00:21:43,909 notepad it could be anything, just to edit this this text. So the thing that we 227 00:21:43,909 --> 00:21:48,289 need to change here for you it will be this private IP address. So that won't be 228 00:21:48,289 --> 00:21:52,279 the same as yours, so we need to copy that over. Now just remember this is the 229 00:21:52,279 --> 00:21:58,039 private IP address, before we copied the public IP address, we need to copy the 230 00:21:58,039 --> 00:22:03,769 private IP address. So we'll just scroll down a little bit further and on the 231 00:22:03,769 --> 00:22:12,940 left hand side here will be the private IP address and I'll just paste that in. 232 00:22:13,240 --> 00:22:19,820 Make sure that we have still got the commas or inverted commas around that and I'm 233 00:22:19,820 --> 00:22:29,840 going to save that. Okay so once I've saved that I can now use. Go back into 234 00:22:29,840 --> 00:22:34,100 Cyberduck and all I need to do is just grab that file from my file explorer 235 00:22:34,100 --> 00:22:39,529 and just drag that across and drop it on to Cyberduck, and that will 236 00:22:39,529 --> 00:22:44,899 upload it to our server. So I'm just going to grab it here and drop it on 237 00:22:44,899 --> 00:22:48,880 onto on to CyberDuck 238 00:22:56,830 --> 00:23:01,659 and you can see there that it's been uploaded. Let's just close out of that 239 00:23:01,659 --> 00:23:07,570 now. So what I want to do now is connect back in to the server. So make sure that 240 00:23:07,570 --> 00:23:12,902 my connection is still open. So just jumping back in to Git for Windows 241 00:23:12,902 --> 00:23:18,760 getting that connection and it's still open, which is good and, what I'm going to 242 00:23:18,760 --> 00:23:23,200 do is, I'm going to run that application. So the command to use is node and then 243 00:23:23,200 --> 00:23:31,929 the name of the file. So the name of the file is app.js and just going to paste that in. 244 00:23:31,929 --> 00:23:37,630 So node and then the name of the file. Okay so we let that worked fine. So we can see 245 00:23:37,630 --> 00:23:43,840 here the server is running at that private IP address 3000 and that will be 246 00:23:43,840 --> 00:23:49,899 receiving traffic from or it will be receiving traffic that has been 247 00:23:49,899 --> 00:23:55,750 redirected from port 80. So if we go into into that public IP address now. 248 00:23:55,750 --> 00:24:05,470 I'm just going to copy this public IP address, paste it in here there. We can 249 00:24:05,470 --> 00:24:11,200 see we have our application which is hello world from Backspace' Academy. 250 00:24:11,200 --> 00:24:18,730 That's great! That all worked ok. It was a little bit of work in uploading 251 00:24:18,730 --> 00:24:24,279 that software and installing it, so if someone else wants to come along and we 252 00:24:24,279 --> 00:24:28,120 need to create another server for them it would be great if we had an an image 253 00:24:28,120 --> 00:24:32,139 of that server we could launch directly from that image. So what we're going to 254 00:24:32,139 --> 00:24:37,539 do now is that we're going to create an Amazon Machine Image or an AMI of this 255 00:24:37,539 --> 00:24:44,230 server and once we've done that we're going to create or launch another ec2 256 00:24:44,230 --> 00:24:48,220 instance using thei image and that way we don't have to install all that 257 00:24:48,220 --> 00:24:52,720 software again. So the way we do that is that we go to instances, select our instance , 258 00:24:52,720 --> 00:24:59,620 go to actions, go to image and create image. We'll give that image a 259 00:24:59,620 --> 00:25:05,039 name and we'll give it a description 260 00:25:05,600 --> 00:25:14,580 and then we'll click on create image. Now we'll scroll down and we'll go to AMIs 261 00:25:14,580 --> 00:25:20,610 and then we can see our AMI is being created. It's status is currently pending 262 00:25:20,610 --> 00:25:25,350 we just wait about five minutes or so. I'll go away and have a cup of 263 00:25:25,350 --> 00:25:28,250 coffee and hopefully it will be done by then. 264 00:25:28,250 --> 00:25:34,110 Okay it's been about five minutes or so and thanks to the magic of pre-recorded video 265 00:25:34,110 --> 00:25:39,660 it's all been done. What we can do now is that we can jump back into or 266 00:25:39,660 --> 00:25:44,850 no, we'll stay where we are, sorry we will launch directly from this page here. 267 00:25:44,850 --> 00:25:53,730 We can launch an ec2 instance from this AMI. So I just click on launch and will 268 00:25:53,730 --> 00:25:58,980 select a t2.micro. So same as before we're going to use the default VPC. 269 00:25:58,980 --> 00:26:05,700 Make sure our public IP is enabled for it. We'll select that IAM role so that 270 00:26:05,700 --> 00:26:13,020 we can access AWS or the ec2 server can access AWS resources and we'll scroll 271 00:26:13,020 --> 00:26:17,270 down here and I am going to paste in here. I'm just going to grab it from the lab notes. 272 00:26:17,270 --> 00:26:24,140 Okay so we'll paste in our Linux firewall settings or Linux firewall bash 273 00:26:24,140 --> 00:26:35,070 script and, next add storage and, add tags. We'll put in a tag there. We'll call this 274 00:26:35,070 --> 00:26:38,240 NodeJS. 275 00:26:42,100 --> 00:26:47,040 We'll select that same security group 276 00:26:52,980 --> 00:27:00,990 and, review and launch and launch. We'll use that same key pair and launch 277 00:27:00,990 --> 00:27:03,650 instances. 278 00:27:06,980 --> 00:27:11,900 We'll let that chug away and what we'll do in the meantime is we'll get 279 00:27:11,900 --> 00:27:14,320 rid of the old one here so we don't get too confused. 280 00:27:14,320 --> 00:27:25,370 So actions terminate and we'll give the other one a bit of time to do it stuff 281 00:27:25,370 --> 00:27:34,040 until it gets a a status other than pending for us. Okay thanks to the magic 282 00:27:34,040 --> 00:27:39,620 of pre-recorded video our instance is up and running. What we need to do now is 283 00:27:39,620 --> 00:27:45,260 that we need to change our application because it's set up for the old instance. 284 00:27:45,260 --> 00:27:49,130 So what we need to do. I'll just get it up here. So we can see here that the host 285 00:27:49,130 --> 00:27:56,840 name which is the private IP address is now set to the private IP address of the 286 00:27:56,840 --> 00:28:00,890 old instance. We need to change it to the new instance. So we need to go back 287 00:28:00,890 --> 00:28:09,799 into our ec2 management console and we'll select the private IP address. 288 00:28:09,799 --> 00:28:15,669 I'm just going to copy that over and we'll paste that in there 289 00:28:15,669 --> 00:28:20,140 and we'll save that again. 290 00:28:25,290 --> 00:28:29,670 and what we'll do is we'll get Cyberduck up again and we'll and we'll drag and 291 00:28:29,670 --> 00:28:34,770 drop that over after we've connected to cyberduck. So get Cyberduck up now and, 292 00:28:34,770 --> 00:28:41,630 we'll need to disconnect from the old server and, we'll open a new connection 293 00:28:41,630 --> 00:28:46,980 and, what we need to do is we need to make sure it's still SFTP. That's fine. 294 00:28:46,980 --> 00:28:52,110 We need to get the new public IP address. So this is again it's for the old server 295 00:28:52,110 --> 00:28:55,950 that we've already deleted or terminated, so we need to get the new one for this one . 296 00:28:55,950 --> 00:29:02,910 So just copying that public IP this time, not private IP, and we'll paste that 297 00:29:02,910 --> 00:29:11,700 in there now. Again it's ec2user again and the same PEM file as well. 298 00:29:11,700 --> 00:29:15,530 That should connect in. 299 00:29:22,300 --> 00:29:28,330 Okay we logged in successfully. We've got our app.js. We need to replace it. 300 00:29:29,230 --> 00:29:33,520 Okay we'll just drag that across now. 301 00:29:46,059 --> 00:29:50,669 Okay that's done so what we need to do now is we need to connect in to our 302 00:29:50,669 --> 00:29:57,549 server using SSH. So again what we do is we get Git for windows up, but we first 303 00:29:57,549 --> 00:30:01,719 need to get this connection string here. Now if you have a look at this it's 304 00:30:01,719 --> 00:30:08,200 using root as the username. Now that's not correct, for all Amazon Linux AMIs 305 00:30:08,200 --> 00:30:15,279 it must be ec2 - user. So we need to change that. I'm just going to 306 00:30:15,279 --> 00:30:27,219 copy that and change it and what I'll do now is I'll paste that in to our 307 00:30:27,219 --> 00:30:31,960 Git for Windows bash screen. So I just paste that in there and then we can see we've 308 00:30:31,960 --> 00:30:41,710 changed it here to ec2-user and enter and we should be getting in. There we go 309 00:30:41,710 --> 00:30:47,710 Wonderful! So now we've got our new application or updated application with 310 00:30:47,710 --> 00:30:54,789 the new private IP address we should now just be able to do nodejs and run our 311 00:30:54,789 --> 00:31:01,330 application, and there we go. So it's running there fine and we'll just grab 312 00:31:01,330 --> 00:31:09,489 this public IP address and go to it in our browser and see what happens, 313 00:31:09,489 --> 00:31:12,190 and there we go. So that's fantastic. All worked perfectly. 314 00:31:12,190 --> 00:31:19,929 We created an AMI and it took all of the hard work of creating or installing 315 00:31:19,929 --> 00:31:24,159 Nodejs on our server and the AWS software development kit. So what we can 316 00:31:24,159 --> 00:31:29,969 do now is that we're just going to clean it all up so first things first of all 317 00:31:31,349 --> 00:31:35,009 terminate this instance. 318 00:31:38,240 --> 00:31:53,300 We'll delete that AMI or deregister the AMI and, we will go into the IAM or 319 00:31:53,300 --> 00:31:57,970 we will get rid of that that security group as well. 320 00:32:06,370 --> 00:32:10,620 We'll go into the IAM management console. 321 00:32:14,090 --> 00:32:18,159 We will delete that s3 role 322 00:32:29,740 --> 00:32:33,690 and we'll delete that user as well 323 00:32:40,110 --> 00:32:46,010 and finally we'll delete that group as well of developers. 324 00:32:51,380 --> 00:32:56,310 Okay so that brings us to the end of the lab. Just one more thing I want to talk 325 00:32:56,310 --> 00:33:01,260 about is the credentials because we downloaded two sets of credentials here 326 00:33:01,260 --> 00:33:06,480 so and we only really used one of those and that was the the key that we needed 327 00:33:06,480 --> 00:33:12,930 for ec2 so we downloaded at the PEM file and we use that with Git for Windows 328 00:33:12,930 --> 00:33:18,540 to have this secure shell access and we also use it with cyberduck as 329 00:33:18,540 --> 00:33:25,860 well for SFTP access. So that is related specifically to that ec2 instance but we 330 00:33:25,860 --> 00:33:32,910 also downloaded when we created that user we downloaded programmatic access 331 00:33:32,910 --> 00:33:37,650 or credentials for that user and they were downloaded as a CSV file. So that 332 00:33:37,650 --> 00:33:42,240 will have the users name which was backspace - lab and it will have 333 00:33:42,240 --> 00:33:48,180 an access key ID and a secret access key and, what they're used for is, if that 334 00:33:48,180 --> 00:33:53,760 user connects into that ec2 instance and then they want to use the command-line 335 00:33:53,760 --> 00:33:58,350 interface which will be already installed because it was an Amazon Linux AMI, 336 00:33:58,350 --> 00:34:05,040 they can actually access the resources within AWS for example they 337 00:34:05,040 --> 00:34:12,090 could access ec2 service, for example they could access Cloudwatch or 338 00:34:12,090 --> 00:34:17,910 something like that and they could have that access by using these access key ID 339 00:34:17,910 --> 00:34:22,950 and the secret access key ID and setting that up in the command line interface in 340 00:34:22,950 --> 00:34:27,450 the parameters of it or they could also use it with the software development kit 341 00:34:27,450 --> 00:34:33,480 as well - to access it through an application. So that's the two different 342 00:34:33,480 --> 00:34:36,810 types of credentials that we were using. There's one of them we used and the 343 00:34:36,810 --> 00:34:40,440 other one we didn't use, but one of them you're going to be using with the 344 00:34:40,440 --> 00:34:44,340 command-line interface or the software development kit. So that brings us to the 345 00:34:44,340 --> 00:34:48,930 end of a good lab and I hope you've got something out of it and learned a little 346 00:34:48,930 --> 00:34:54,620 bit more about ec2 and I look forward to seeing you in the next one.