aws.qwiklabs.

com

Lab 2 - Build a Web Server | Qwiklabs

Qwiklabs
9-11 minutes

© 2021 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may
not be reproduced or redistributed, in whole or in part, without prior written permission
from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited.
All trademarks are the property of their owners.
Corrections, feedback, or other questions? Contact us at AWS Training and Certification.
Overview
In this lab, you use Amazon Virtual Private Cloud (Amazon VPC) to create your own VPC
and add additional components to produce a customized network. You create security
groups for your Amazon Elastic Compute Cloud (Amazon EC2) instance. You configure
and customize the Amazon EC2 instance to run a web server and launch it into the VPC.
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services
(AWS) resources into a virtual network that you define. This virtual network closely
resembles a traditional network that you would operate in your own data center, with the
benefits of using the scalable infrastructure of AWS. You can create a VPC that spans
multiple Availability Zones. A security group acts as a virtual firewall that controls the
traffic for one or more instances. When you launch an instance, you associate one or more
security groups with the instance. You add rules to each security group that allow traffic to
or from its associated instances.
An internet gateway is a VPC component that allows communication between instances in
your VPC and the internet. A route table contains a set of rules, which are called routes,
that are used to determine where network traffic is directed. Each subnet in a VPC must be
associated with a route table. The route table controls routing for the subnet.
After creating a VPC, you can add one or more subnets in each Availability Zone. Each
subnet resides entirely within one Availability Zone, and can't span zones. If a subnet's
traffic is routed to an internet gateway, the subnet is known as a public subnet. If a subnet
doesn't have a route to the internet gateway, the subnet is known as a private subnet.
Scenario
In this lab, you build the following infrastructure:
Topics covered
After completing this lab, you can:
 Create a VPC
 Create subnets
 Configure a security group
 Launch an Amazon EC2 instance into a VPC

Start Lab
1. At the top of your screen, launch your lab by choosing Start Lab
This starts the process of provisioning your lab resources. An estimated amount of time to
provision your lab resources is displayed. You must wait for your resources to be
provisioned before continuing.
If you are prompted for a token, use the one distributed to you (or credits you have
purchased).
2. Open your lab by choosing Open Console
This opens an AWS Management Console sign-in page.
3. On the sign-in page, configure:
 IAM user name:
 Password: Paste the value of Password from the left side of the lab page
 Choose Sign In
Do not change the Region unless instructed.
Common Login Errors
Error: You must first log out

If you see the message, You must first log out before logging into a different AWS
account:
 Choose click here
 Close your browser tab to return to your initial lab window
 Choose Open Console again
Do not change the Region unless instructed.
Task 1: Create your VPC
In this task, you create a VPC with two subnets in one Availability Zone and a NAT
Gateway.
4. In the AWS Management Console, on the Services menu, select EC2.
You can also type EC2 in the Find Services search bar.
5. If you see New EC2 Experience at the top-left of your screen, ensure New EC2
Experience is selected. This lab is designed to use the new EC2 Console.
 6. On left hand side scroll down to find the section titled 'NETWORK & SECURITY'
and choose Elastic IPs.
7. Select the Allocate Elastic IP addresses button from the top of the page.
8. Leave settings on the next page as default and select the Allocate button.
9. In the AWS Management Console, on the Services menu, select VPC.
You can also type VPC in the Find Services search bar.
10. If you see New VPC Experience at the top-left of your screen, ensure New VPC
Experience is selected. This lab is designed to use the new EC2 Console.
11. Choose Launch VPC Wizard.
12. In the navigation pane to the left, select VPC with Public and Private Subnets.
13. Choose Select.
14. Configure the following settings and ignore any settings that aren’t listed:
 IPv4 CIDR block: Type
 VPC name: Type
 Public subnet's IPv4 CIDR: Type
You can safely ignore the error: Public and private subnet CIDR blocks overlap. You will
fix this when you change the value below.
 Availability Zone: Expand the list of Availability Zone’s and select the first AZ in
the list.
 Public subnet name: Type
 Private subnet's IPv4 CIDR: Type
 Availability Zone: Expand the list of Availability Zone’s and select the first AZ in
the list.
 Private subnet name: Type
 Elastic IP Allocation ID: Expand the list and choose the EIP that was created
earlier.
15. Choose Create VPC.
16. In the success message, choose OK.
Task 2: Create a VPC security group
In this task, you create a VPC security group that permits access for web traffic.
17. In the left navigation pane, select Security Groups. You might need to scroll down
to find it.
18. Choose Create security group.
19. In the Create security group dialog box, configure the following settings, and
ignore any settings that aren’t listed:
 Security group name: Type
 Description: Type
 VPC: Select My Lab VPC (This is the VPC that you created in Task 1.)
20. In the Inbound rules section, click Add rule then configure:
 Type: HTTP
 Source: Anywhere
21. Choose Create security group.
Task 3: Launch your first web server instance
In this task, you launch an Amazon EC2 instance into the VPC that you created and
bootstrap the instance to act as a web server.
22. On the Services menu, select EC2.
23. In the left navigation pane, click Instances.
24. Choose Launch instance.
25. In the top row for Amazon Linux 2, choose Select. If you receive a warning,
choose Continue.
26. On the Step 2: Choose an Instance Type page, confirm that t2.micro is selected,
and then choose Next: Configure Instance Details.
27. On the Step 3: Configure Instance Details page, configure the following settings,
and ignore any settings that aren’t listed:
 Network: Select My Lab VPC (This is the VPC that you created in Task 1.)
 Subnet: Select Public Subnet 1 (This is the subnet that you created in Task 1.)
 Auto-assign Public IP: Choose Enable (You can safely ignore the message: You
do not have permissions to list any IAM roles)
28. Expand the Advanced Details section. You might need to scroll down to find it.
29. Choose Copy Code Block below, and paste it into the User data box.
#!/bin/bash -ex
yum -y install httpd php mysql php-mysql
systemctl enable httpd.service
systemctl start httpd.service
if [ ! -f /var/www/html/lab-app.tgz ]; then
cd /var/www/html
wget https://us-west-2-tcprod.s3.amazonaws.com/courses/ILT-BF-100-
ACPEXX/v2.0.12/lab-2-build-a-web-server/scripts/lab-app.tgz
tar xvfz lab-app.tgz
chown apache:root /var/www/html/rds.conf.php
fi
The user data transforms the Linux instance into a PHP web application.
30. Choose Next: Add Storage.
31. Choose Next: Add Tags.
32. Choose Add Tag and configure the following settings. (Ignore any settings that
aren’t listed.)
 Key: Type
 Value: Type
33. Choose Next: Configure Security Group.
34. On the Step 6: Configure Security Group page, choose Select an existing
security group, and then select the security group that you created in Task 2
(WebSecurityGroup).
35. Choose Review and Launch.
When you are prompted with a warning that you will not be able to connect to the instance
through port 22, Choose Continue.
36. Review the instance information, and choose Launch then:
 Choose Proceed without a key pair.
 I acknowledge that ...
 Choose Launch Instances.
 37. Scroll down and choose View Instances You will see one instance: Web Server 1.
38. Wait until Web Server 1 shows 2/2 checks passed in the Status Checks column.
This will take 3-5 minutes. Choose the refresh icon in the upper-right pane to check for
updates.
39. Select Web Server 1, and on the Description tab, copy the Public DNS(IPv4)
value.
40. Paste the Public DNS value in a new web browser window or tab, and press
ENTER.
You should see a web page that displays the AWS logo and instance metadata
values.

Lab complete
Congratulations! You have successfully learned how to:
 Create a VPC
 Create subnets
 Configure a security group
 Launch an Amazon EC2 instance into a VPC

End Lab
Follow these steps to close the console, end your lab, and evaluate the experience.
41. Return to the AWS Management Console.
42. On the navigation bar, choose awsstudent@<AccountNumber>, and then choose
Sign Out.
43. Choose End Lab
44. Choose OK
45. (Optional):
 Select the applicable number of stars
 Type a comment
 Choose Submit
o 1 star = Very dissatisfied
o 2 stars = Dissatisfied
o 3 stars = Neutral
o 4 stars = Satisfied
 o 5 stars = Very satisfied
You may close the window if you don't want to provide feedback.
Additional resources
 Amazon EC2
 Amazon VPC
For more information about AWS Training and Certification, see
http://aws.amazon.com/training/.
Your feedback is welcome and appreciated.
If you would like to share any feedback, suggestions, or corrections, please provide the
details in our AWS Training and Certification Contact Form.