AWS

This page has some notes about my experiences with Amazon Web Services (AWS).

Glossary

AMI 

Amazon Machine Image. An Amazon Machine Image is the description of a machine configuration that you use to create an instance. For more details see the AWS docs.

AWS Management Console 

The web interface that you see when you log in on https://aws.amazon.com/.

EC2 

The (Amazon) Elastic Compute Cloud. For more details see the AWS docs.

EC2 Dashboard 

The web interface that you seen you log in to the AWS Managemeng Console and then select the "EC2" service.

Services currently in use

EC2 instance

• Instance ID = i-003ef16c9ae33d1ab
• AMI ID = ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180522 (ami-6a003c0f)
• Region = Ohio
• Public DNS = ec2-18-217-223-162.us-east-2.compute.amazonaws.com
• Other host names
  • lg4w.herzbube.ch

Setting up an EC2 instance

In this section I describe how I set up an EC2 instance for hosting the server part of my educational web project Little Go for Web (lg4w).

This section may be useful in the future when I need to quickly set up another machine for hosting a web application.

Basic EC2 instance parameters

In the AWS dashboard create the EC2 instance with the following basic parameters:

• Ubuntu 16.04 LTS (Xenial Xerus)
• Default settings are OK
  • 1 GB RAM
  • 8 GB Disk
  • 1 CPU
  • Instance type = t2.micro

DNS

As it turns out, Let's Encrypt does not issue certificates for AWS host names. Because of this I'm adding a CNAME alias for the machine: lg4w.herzbube.ch.

SSH access

You get an SSH private key for download. See the OpenSSH page on this wiki for more on SSH. Here are the steps I took to get SSH access to the EC2 instance from my MacBook:

• Store locally in the .ssh Ordner
• chmod 400 ~/.ssh/ffhs-aws.id_rsa
• Add entry to ~/.ssh/config:

# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
# Instance ID = i-003ef16c9ae33d1ab
# IP = 18.217.223.162
# Username = ubuntu or root
Host ec2-18-217-223-162.us-east-2.compute.amazonaws.com
IdentityFile ~/.ssh/ffhs-aws.id_rsa

Host lg4w.herzbube.ch
IdentityFile ~/.ssh/ffhs-aws.id_rsa

Log in to the machine with one of the following commands:

ssh ubuntu@ec2-18-217-223-162.us-east-2.compute.amazonaws.com
ssh ubuntu@lg4w.herzbube.ch

Install PHP 7.2

Ubuntu 16.04 LTS (Xenial Xerus) does not have PHP 7.2, so installing this version of PHP is a bit more complicated than I would have liked.

• General instructions: https://thishosting.rocks/install-php-on-ubuntu/
• Update system with sudo apt-get update followed by sudo apt-get upgrade.
• This package allows to add APT repositories via command line: sudo apt-get install python-software-properties.
• Add the APT repository of the Debian maintainer of PHP (Ondřej Surý): sudo add-apt-repository ppa:ondrej/php
• Not in the website instructions, but when you add the APT repository you get the recommendation to also add the following APT repository: sudo add-apt-repository ppa:ondrej/apache2.
• Update package list: sudo apt-get update
• Install PHP 7.2: sudo apt-get install php7.2

More system configuration

Install more packages that are needed for the "Little Go for Web" project:

• mysql-server
• php-mysql (for accessing MySQL via PDO)
• composer
• php-zip (so that composer can process downloaded packages)

Apache configuration

• Enable the rewrite module: a2enmod rewrite

Configure the EC2 instance

• Open up the following network ports:
  • 80
  • 443
  • 8001 (or whatever port is required for the WebSocket connection)

Configure web server for HTTPS access

Here are some steps to configure the web server on an Ubuntu EC2 instance for HTTPS access.

• Let's Encrypt should be the certificate issuer. I want to use Certbot for certificate management.
• References
  • https://certbot.eff.org/
  • https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache
• Install APT repository + packages

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache

• Get the certificate AND modify the Apache configuration to serve it

sudo certbot --apache

• This starts an interactive process. Here are my answers to the questions:
  • Agree to TOS = Yes
  • Share email address with EFF = No
  • Domain name = lg4w.herzbube.ch
  • Redirect HTTP traffic to HTTPS = Yes
• Results
  • Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
  • Enabled Apache socache_shmcb module
  • Enabled Apache ssl module
  • Certificate and chain have been saved at /etc/letsencrypt/live/lg4w.herzbube.ch/fullchain.pem
• Key file has been saved at /etc/letsencrypt/live/lg4w.herzbube.ch/privkey.pem
• Certificate will expire on 2018-09-01. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew all of your certificates, run certbot renew.
• Test configuration with https://www.ssllabs.com/ssltest/analyze.html?d=lg4w.herzbube.ch
• Manual edits
  • Add "RewriteEngine On" to HTTP vhost

LG4W configuration

Here's the config file:

$config->dbPassword = "secret";

$config->urlBasePath = "/littlego-web";

//$config->webSocketHost = "ec2-18-217-223-162.us-east-2.compute.amazonaws.com";
$config->webSocketHost = "lg4w.herzbube.ch";
$config->webSocketPort = "8001";

$config->phpMailerHost = "smtp.office365.com";
$config->phpMailerUsername = "patrick.naef@students.ffhs.ch";
$config->phpMailerPassword = "secret";
$config->phpMailerFromAddress = "patrick.naef@students.ffhs.ch";
$config->phpMailerFromName = "Patrick";
$config->phpMailerReplyToAddress = "noreply@moodle.ffhs.ch";

URLs

Once everything has been set up the LG4W app can be reached under these URLs:

• http://ec2-18-217-223-162.us-east-2.compute.amazonaws.com/littlego-web
• https://lg4w.herzbube.ch/littlego-web

Q & A

How can I see details about an EC2 instance? 

1. Log in to the AWS Management Console.
2. In the top-right corner of the screen select the region where the EC2 instance is running.
3. Click the arrow that is labelled "All services", then select the entry "EC2". This brings up the EC2 dashboard.
4. On the left-hand side of the screen, select the "Instances" entry. This shows you all your EC2 instances that are running in the currently selected region.