In this lab, you create a custom Amazon Machine Image (AMI) that contains various configuration changes. You then deploy a new instance from the custom AMI and use pass user data scripts to the instance to add a new user specific to the function of the instance. You then learn how to use AWS Systems Manager to keep your instances patched. Finally, you use Amazon Elastic Block Store (Amazon EBS) encryption to protect company data at rest
- Create a custom AMI
- Deploy a new EC2 instance from a custom AMI
- Patch an EC2 instance using AWS Systems Manager
- Encrypt an EBS volume
- Understand how EBS encryption works and how it impacts other operations, such as snapshots
The following list details the major resources in the diagram:
- A VPC with one public subnet and two private subnets in one Availability Zone, and one public subnet in a second Availability Zone.
- A Network Load Balancer with two nodes, one in each public subnet.
- An EC2 instance acting as a web server in the first private subnet.
- An EC2 instance acting as a database server in the second subnet.
- Two security groups, one for each instance based on its purpose.
The network traffic flows from an external user, through an internet gateway to one of the two Network Load Balancer nodes, to the web server. If the URL of the WordPress blog site running on the web server is requested, traffic flows to the database server as well.
No comments:
Post a Comment