Introduction to AWS Cloud and EC2

 

From this blog, we are going to start the Amazon Web Services (AWS) Series. If you are an absolute beginner and never heard anything about AWS then this is the perfect starting point for you. All the blogs will be beginner-friendly. We will start from zero and gradually move to advanced stuff. It will be a long journey. We will cover all the important services of AWS.

Content of this blog

1. Introduction to Cloud
2. Make an account on AWS
3. Regions and Availability Zones
4. EC2 Introduction
5. SSH
6. Security Group
7. Deploy this nodejs server on the internet.
8. Destroy the EC2 instance that we created so that you will not get billed.

Introduction to Cloud

Suppose you make a nodejs app which listens on Port 8080. Now you want the world to access your app. For this, you have to do the following steps:

• You have to buy a public static IP address. So, that another person can visit “http://<your_IP>:8080” to access your site.
• Ensure that your laptop is ON for 24 hrs all day.
• Your laptop has limited specs (RAM, CPU, etc); if more users come to your laptop, you may have to increase its size to handle the users, and it will be a burden.
• You will have to protect it from cyber-attacks and also physical attacks (stealing or getting damaged due to flood, etc).

When Cloud was not introduced, everything above was handled by everyone wanting to start their business online. Now, cloud providers such as “AWS”, “Azure” etc, handle all that for us with very minimal cost.

Make an Account on AWS

I will not going to show step-by-step how to create an account on AWS. You can do it yourself. It is as easy as creating an account on Instagram.

Just note one thing: You will need to have a Debit Card or Credit Card (anyone) to create an account on AWS. When you make an account, 1 Rs will be deducted from your bank. Make sure that you have enabled international payment access to your Debit (or Credit) Card.

Regions and Availability Zones

Regions

An AWS Region is a geographical area where AWS has multiple data centres. Each Region is a completely independent environment. Be careful in which region you created your resources because the resources of one region are not visible (or available) in another region.

Regions allow users to choose where to deploy their resources (like servers, databases, etc.), which can be important for reasons like latency, compliance with local laws, or disaster recovery. If your business is in India then you will create your resource in the closest region (Mumbai) so that users will suffer less latency. The farther your resource, the more latency it will suffer because the resource is coming by travelling a long distance.

Latency meaning for beginners: It is the amount of time taken by a data packet to go from one place to another. If a website loads faster without buffer then it has low latency.

Each region is associated with a unique identifier name. As for Mumbai, it is “ap-south-1".

Image of Regions. I have selected Mumbai and will create all the resources there

Availability Zones

Availability Zones are isolated locations within a Region. Each AWS Region has multiple Availability Zones, typically three or more.

Example: In the Mumbai region (ap-south-1), AWS can have its physical data centres kept in different locations of Mumbai within a 100 km radius. These locations inside Mumbai are called Availability Zones.

Availability Zones provide redundancy and ensure high availability. By deploying your resources across multiple AZs, you protect your applications from failure in a single data centre.

Mumbai has 3 data centres currently:

• ap-south-1a
• ap-south-1b
• ap-south-1c

“a”, “b”, “c”, … suffix is attached after the region code for different availability zones.

When you see it is written ap-south-1, then it is a region

When you see it is written ap-south-1a, then it is an availability zone inside a region.

EC2 (Amazon Elastic Compute Cloud) Introduction

AWS offers many services and we will study the most important services which are used in industries in these series of blogs.

Will start our journey by studying about EC2 Service of AWS.

You run your application (such as NodeJS, FastAPI, Go, Springboot etc) on localhost on your laptop. Now you want to deploy it on the internet so that people can visit your app from anywhere by typing the URL http://abc.com. For this, you need some sort of hardware (or laptop / OS) that has a public IP address and is present on the cloud. If somehow you can get this magical laptop and run “node app.js” on that laptop, then you can visit http://<that_laptop_IP_Address>:8080. You can visit this URL from anywhere. What happens now is, that when you do this on your local laptop other people can’t access the thing which is running on Port 8080 of your laptop because your laptop doesn’t have any public IP exposed to the internet.

The magical laptop that AWS provides which has a public IP address and is kept in a cloud is called EC2. It is a virtual computer which you take on rent that can be used to run applications, store data, and more. Don’t worry, AWS provides a “free tier” for 1 year after account creation. So, you will not get billed if you use machines which are under the free tier. In this series of blogs, we will only use free-tier for learning purposes.

You can check the pricing of AWS EC2 here.

You can check free-tier resources here.

The virtual machine (EC2) that we launch is known as an Instance.

Instance: An instance is a virtual server in AWS. It runs an operating system (like Linux or Windows) and can be configured with different amounts of CPU, memory, and storage. We will use Linux Ubuntu for our blogs.

Instance Type: This defines the hardware specifications of the instance, like the number of CPUs, amount of RAM, etc. Examples include “t2.micro” (a small, general-purpose instance) and “m5.large” (a more powerful instance). Don’t worry, we will see all these in practice in this blog.

Elastic IP Address: A static, public IP address that you can associate with your instance, allowing it to be reachable from the internet.

SSH (Secure Shell)

Suppose you rented an EC2 machine on AWS. How will access that EC2 machine, download your code on that machine etc?

For this, we use something called SSH. It lets you access the “terminal” of the EC2 machine from your local laptop. We run some ssh commands on our local laptop terminal and magically our local laptop terminal turns into the terminal of the EC2 machine. Now, you can do git clone, mkdir, ls or anything and that will run on that EC2 machine.

While creating the EC2 machine we have to give “SSH from anywhere” access to the security group of EC2. So, that it lets us SSH from our laptop. Then, we have to download a key-pair “.pem” file and run SSH commands in the same directory where that pem file is present and our SSH connection is successful. Never share “.pem” file with anyone otherwise they can do ssh from their machine and hack your system. We will do all these practically in this blog.

Note: If you are using a Windows laptop then setup WSL if you want to do SSH. You can follow this video.

Security Group

A Security Group is a set of rules that control the traffic allowed to and from your EC2 instances. Think of it as a firewall that specifies which traffic is allowed based on IP address, port, and protocol.

• Inbound Rules: Define which traffic is allowed to come from outside world to your EC2. Example: You may set SSH (Port 22) traffic only from your IP address. Now, only you can SSH into your EC2 machine terminal. You can expose Port 8080 to allow from anywhere so that anyone in the world can access your app which is running on Port 8080.
• Outbound Rules: Define which traffic is allowed to go outside our EC2 instance to the world. Example: Suppose your database instance is hosted somewhere else then you only allow your EC2 IP address to connect to your database. So, no one else backend can make the connection to your DB.

When you create a Security Group in AWS then you can name this security group and attach it to any EC2 Instance. One security group can be attached to multiple EC2 servers and one EC2 server can have multiple security groups attached to it.

Deploy a NodeJS application on the Internet

We will deploy the below Nodejs Server on the internet.

const express = require('express');
const app = express();

app.get("/", (req, res) => {
  res.send("Welcome to AWS tutorial by Shivam Bhadani");
})

app.get("/health", (req, res) => {
  res.send("Everything is OK");
})

app.listen(8080, () => console.log("Sever is listening on Port 8080"))

Don’t worry if you can’t understand the above code, it is just an application server that runs on Port 8080.

You can get the code from here: https://github.com/shivam-bhadani/Simple-Nodejs-Server

Go to AWS Console > Search “EC2” on the search bar > Go to EC2 and Click on Launch Instance

We will launch our first EC2 instance.

1. Name any name to your Instance and select Ubuntu free-tier as OS Image. Then select Instance Type which is under free-tier. For me in the Mumbai region, it is “t2-micro”.

2. Scroll down and select “Create security group”. It will create a new security group. If you have any existing Security Group created then you can assign that. But we don’t have so we will create one. Give “Allow SSH traffic from anywhere” access. It will permit to do SSH from any laptop anywhere.

3. Scroll down and click on Create new key pair. If you have any existing one then you can assign that but we don’t have so we will generate a new key pair and download it. SSH will happen only in the same folder on your laptop where your key pair is present. I have told these in the above section of the blog.

4. Give any name to your key-pair and click on “Create Key pair” button.

5. Scroll down and configure storage settings. By default, it is given 8 GB storage so we will go with it. This EBS Storage is also a very important topic. We will discuss it in detail in the next blog.

Then click on Launch Instance.

6. Wait for 2–3 minutes then your instance state will come under the “Running” State.

Congrats, you have created your first EC2 instance.

7. We will do SSH from our laptop into this instance. Select the checkmark of your instance then Click on the “Connect” button on the left of the Instance State button.

8. If you don’t want to do SSH from your laptop and directly access your instance from the AWS console then you can click on “Connect” button under “EC2 Instance Connect”.

9. We want to connect it from our laptop. So, we will go to “SSH client” tab and then run the following command into our Window WSL Terminal.

10. I have downloaded “.pem” file into my D drive. I am moving that file into root directory by running the command

cp /mnt/d/shivam-security-group.pem ~/

Now run the commands that are provided above on the terminal to SSH.

11. Congrats, Now we have successfully done SSH. Our terminal became the terminal of EC2. You can verify the IP address “172:31:1:187” of the below image to the private IP address of our instance that is visible in the image of step 7.

12. You got your brand-new machine. Now, you have to install nodejs, npm and the code to run on this machine.

Install NodeJS by running the following commands

sudo apt update

sudo apt install nodejs

Then clone our repo:

git clone https://github.com/shivam-bhadani/Simple-Nodejs-Server.git

Going inside our cloned repo

cd Simple-Nodejs-Server

Installing packages and running the server

npm i
node app.js

Running sudo apt update

Cloning the repo from git

Going inside the cloned repo

Installing the packages by doing npm i

Running the server by doing node app.js

13. Now copy the public IP of your instance which is visible in step 7. Then try accessing your nodejs app from your browser by doing http://<your_instance_public_IP>:8080.

Oops, we can’t access the app as shown in the below:

Can you guess what mistake we made? Why can’t we access our app?

Answer: If you read about security groups carefully then we talked about inbound rules there. We haven’t exposed the inbound rule of Port 8080 to “Allow Anywhere”. We only did SSH allow anywhere.

14. Select your running instance as shown in Step 7. Go to “Security” tab in the footer. Then select the security group link.

15. You can see, currently, only ssh is allowed. Click on the “Edit inbound rules” button.

16. Add a new rule that “Custom TCP” is allowed from anywhere on the internet on Port 8080

17. Again visit “http://<your_instance_public_IP>:8080” and boom, your website is live on the internet. And you can share it with anyone.

You can see the URL looks very ugly. What you can do is buy a domain name from any DNS provider like godaddy etc and point that domain to your application’s IP address. Then people can visit your website by typing your custom domain name.

18. Very Important: Terminate the instance that you have created. Otherwise, you might get a bill if you are not in the free-tier.

There are many flaws in this strategy of deployment.

1. If a lot of traffic comes to our website then it can crash as t2.micro cannot handle that much traffic. For this, you need horizontal scaling.
2. We made SSH public, this is not a good practice.
3. Our site is hosted on http which is not secure. We have to configure SSL certificate so that it will become “https” which is encrypted.

There are a lot of flaws also, but it will all get resolved and we will learn gradually in these AWS Series, how applications are deployed in industries.

But if you have personal projects or hackathons then you can deploy your site as shown in this blog with a custom domain. It will enhance your resume if you have live links to your project.