Open main menu

CDOT Wiki β

OSL840 Assignment 2 2022-1

Because AWS Academy has deleted hundreds of students' work without any notice or backups: you may choose to do this assignment instead of the one we had planned earlier.

Overview

In this assignment you'll find out whether you've become more efficient at the AWS basics you've done previously in this course. You'll recreate much (but not all) of the virtual network environment and virtual machines you've set up in the labs.

Part 1: Networking

  • Create a new VPC:
    • Named vpc-ops345-asg2
    • With the CIDR block 10.0.0.0/24
  • Create a new subnet:
    • Named subnet-ops345-asg2
    • With CIDR block to 10.0.0.0/25
    • Do not let it auto-assign public IP addresses
  • Create a second subnet:
    • Named subnet-ops345-asg2-db
    • In an availability zone different from subnet-ops345-asg2
  • Add an internet gateway and a route table to give your VPC access to the internet.
    • Name them ops345-asg2-internet-gateway and ops345-asg2-route-table

Part 2: Web server

  • Create a new VM
    • Named www-asg2
    • With local IP 10.0.0.5
    • With an elastic IP
    • With a security group wwwasg2sg
    • Add a 6GB EBS volume as an LVM physical volume, with a 6GB logical volume permanently mounted on /var/www
  • Install Apache and PHP
  • Put a copy of PHP File Manager under /var/www/html, look around, and ponder how little thought you've given web server security in the past.

Part 3: Database

  • Create a new MariaDB instance named ops345dbasg2
  • Create a database in your instance named asg2
  • Create a user for your database named asg2dbuser with any password you like
  • Instead of setting up a complex database-backed web application: use the mariadb command-line to log in as asg2dbuser, and run the following SQL commands:
    use asg2;
    CREATE TABLE work_log(
        -> id INT NOT NULL AUTO_INCREMENT,
        -> person VARCHAR(100) NOT NULL,
        -> hours INT,
        -> PRIMARY KEY ( id ));
    INSERT INTO work_log(person, hours) values('yournamehere', 4);
    /* Insert at least two more rows with different values */
    SELECT * FROM work_log;

Part 4: DNS and HTTPS

  • Create an A record in Bindistrar to map www-asg2.youruserid.ops345.ca to your machine's public IP.
  • Create a CNAME record to map asg2done.youruserid.ops345.ca to www-asg2.youruserid.ops345.ca
  • Get a Let's Encrypt certificate for www-asg2.youruserid.ops345.ca
  • Configure Apache to serve encrypted connections

Submission

Please submit on Blackboard one asg2-alt.tar.gz file containing screenshots of your work (as individial images) with the correct filenames. Skip screenshots of work you didn't do:

  • asg2-alt-ss01-vpc.png a screenshot of your VPC configuration.
  • asg2-alt-ss02-subnet1.png a screenshot of your subnet-ops345-asg2 configuration.
  • asg2-alt-ss03-subnet2.png a screenshot of your subnet-ops345-asg2-db configuration.
  • asg2-alt-ss04-www.png a screenshot of your www-asg2 instance configuration, including its IP addresses.
  • asg2-alt-ss05-lvm.png a screenshot of you running mount on www-asg2.
  • asg2-alt-ss06-fm.png a screenshot of Firefox showing the PHP file manager.
  • asg2-alt-ss07-sql.png a screenshot of you loggin into ops345dbasg2 as asg2dbuser and running SELECT * FROM work_log;.
  • asg2-alt-ss08-dig-a.png a screenshot of you running a dig command to get the ip address of www-asg2.youruserid.ops345.ca.
  • asg2-alt-ss09-dig-cname.png a screenshot of you running a dig command to get the value of asg2done.youruserid.ops345.ca.
  • asg2-alt-ss10-https.png a screenshot of Firefox accessing https://www-asg2.youruserid.ops345.ca

(to create asg2-alt.tar.gz select all your screenshots in a file manager in Linux Mint, right click, and pick "Compress")