COS 20009 Cloud Computing Architecture : Solution Essays

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Question:

Task 1.

 
Create an implementation design document This task can be done individually or in a team of 2. You will present your design to the class. The document should be submitted to Turnitin and contain the following: 1. AWS diagram  ? showing the VPC, availability zones, subnets, services (ELBs, EC2 instances, scaling groups, etc.) and links between each of the services. Icons for various formats are available at https://aws.amazon.com/architecture/icons/ 2. IAM  ? define the users, groups and roles that you will be creating. List the AWS permissions that will assignment to each role/group.  
 
3. Password policy – define policy noting any special requirements for particular groups. 4. VPCs ? List the VPCs that need to be created including: Name (e.g. Production), Region, AZs to be used, number of subnets required and CIDR range. (Check your selected region supports RDS Multi?AZ). 5. Subnets – for the Production VPC only, define each of the subnets including the name (the name should indicate what tier the subnet is e.g. “WebPrivate1”), type (public/private), AZ and subnet CIDR address range. 6. Instance details – describe the type, size and justification for the EC2 instances you will use in each tier.
 
 

Task 2 – Implement your design


Overview
Use your solution design to implement a subset of your solution in the Qwiklabs lab environment. This
allows you to practice the configuration and validate your design. It is necessary to configure the entire
environment in the time.
There is no application code available in the lab environment to test your solution.
Trackers
The lab environment includes tracking of specific objectives. Due to the limitations of the tracking
system it help to complete the objectives in the order specified by the tracker.
Configuration

A subset of your designed solution should configured in the lab environment.
We recommend you configure the following services:
1. Users, and roles With the correct policies and associations
2. Production VPC
3. Internet Gateway
4. Subnets for all tiers two availability zones
5. Route tables and routes With correct subnet associations
6. Security Groups for all servers and load balancers
7. Auditing Of all console and API user actions
8. Load Balancers
9. Launch Configurations
10. Auto Scaling Groups
11. Compute Instances running web services
12. Storage With a lifecycle policy
Validating Your Solution

The following tasks can completed to validate your own solution.
Viewing web pages from the web tier instances
• If your web tier instances deploy with user data to configure a web service, then requests to the
Internet facing load balancer should provide a web page in response.
Auto Scaling Groups
• Manually increase the number of desired instances in the application tier group from two to four. The
new instances should be deployed across multiple availability zones automatically.
• Check the application load balancer has been automatically updated with the
two new instances.
Auditing
• Move a user from the Monitor group to one of the administrator groups.
• View the audit logs to verify the change was logged.
COS20009 Cloud Computing Architecture Mid?Curriculum Project p 7 of 8
IAM Roles
• View the configuration of the web tier instances and verify they are running with the appropriate IAM
role that allows them to use the storage service.
Task 3 Documentation of your implementation

Document your implementation solution with screenshots and produce a CloudFormer configuration
export. The document will be submitted to Turnitin by the due date and included in your Portfolio.
Mid?Semester Project Marking Scheme
Design
AWS Diagram
VPC(s), Subnets, Components/Services (ELBs, EC2 instances, scaling groups, IGW, NATs, S3,
etc.) clearly illustrated
Highly available all tiers
Minimal attack surface
3
IAM and Passwords
Groups, roles and policies correctly defined
2

Security groups defined 2
EC2 instances correctly specified (with rationale)
Scaling policy defined
 
 

Implementation check list

 

The following will be checked in you implementation. Make sure your portfolio has sufficient evidence
for this to be checked.
1. IAM – Groups, user and roles (3 marks)
1.1. Specified Groups created with appropriate permissions
1.2. Users added to groups
1.3. MFA enabled for SysAdmin user
1.4. Password policy created as specified
1.5. S3 access role for EC2
2. Log API calls with CloudTrail (2 marks)
2.1. Tracker Log all API calls
2.2. Log saved to S3 bucket with appropriate lifecycle
3. VPC (3 marks)
3.1. VPC created
3.2. Public and private subnets in two AZs – appropriate CIDR ranges.
3.3. NAT instance or gateway created
3.4. Make NAT accessible internet in Main Route Table, and associate with private subnets
3.5. Internet gateway created for VPC
3.6. New (Main = NO) route table created that routes to IGW and is associated with Public subnets
4. Security groups (at least 3) created with appropriate protocols and sources (3 marks)
5. Web Servers (3 marks)
5.1. Web server configuration instance created with appropriate AMI, user data, specified role and
tag Name
5.2. Image created from Web tier configurations instance
5.3. Web tier load balancer (classic) created in VPC with specified name, associate with appropriate
subnets in both AZs, and security groups.
5.4. Launch Configuration created based your saved AMI and with specified Names. Enable
CloudWatch and add appropriate user data, storage, security group etc.
5.5. Auto Scaling Group created with appropriate policy (desired, min and max sizes)
5.6. ASG configured to received traffic from Web tier ELB
5.7. Tag created Name = web?tier
6. App Servers (3 marks)
6.1. App tier configuration AMI, ELB, Launch configuration, ASG created (as for Web servers)
7. Create RDS db (3 marks)
7.1. DB subnet groups created
7.2. Create RDS instance of appropriate type created, SQL Standard ed., db.m4 2xlarge (Lab 5.3)
7.3. Multi?AZ, DB instance id, master username and password set
7.4. Appropriate security group selected, DB not public accessible.
 

 

 

Answer:

Create an implemendent design documents this task can be done individualy and in a team . You will be the present your design in the class . The documents should be subbimeted to turtlein and contain the following. AWS Diagram , showing the VPC , Availabity zones, subnets, services,(ELBs, EC2 instance,sclaing group etc.) and links between each of the services . 
 
 
 
 
 
2.IAM Define the users, groups and rolls that you will be creating ,List the AWS Permissions that will assinment to each role/group.
 

 

 

Group/Role

Group/Role Name

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Permissions

Group   

DBAdmin

AmazonRDSFullAccess

Group 

SysAdmin

EC2Admins

Group    

MonAdmin

Monitoring Access

Group

NetAdmin

LB Access

Group

ProgAdmin

EC2Access

 

 

3.Password Policy

 
A password with at least 8 characters, 1 uppercase and 1 lowercase letter, 1 number, and 1 special character ? Forced password change every 90 days ? No re?use of the previous three passwords.
 
4. VPCs Name Region AZs Number of Subnets CIDR Range Production US-East-1 US-East-1a, USEast-1b 8 10.0.0.0/20
 

5.Subnets

 
Name Type AZ CIDR No Of IPs Route Table ELBPublic1 Public US-East-1a 10.0.0.0/25 128 0.0.0.0/0 – Internet Gateway, 10.0.0.0/20 – local ELBPublic2 Public US-East-1b 10.0.0.128/25 128 0.0.0.0/0 – Internet Gateway, 10.0.0.0/20 – local WebPrivate1 Private US-East-1a 10.0.2.0/23 512 0.0.0.0/0 – NAT Gateway, 10.0.0.0/20 – local WebPrivate2 Private US-East-1b 10.0.4.0/23 512 0.0.0.0/0 – NAT Gateway, 10.0.0.0/20 – local AppPrivate1 Private US-East-1a 10.0.6.0/23 512 10.0.0.0/20 – local AppPrivate2 Private US-East-1b 10.0.8.0.23 512 10.0.0.0/20 – local DBPrivate1 Private US-East-1a 10.0.10.0/26 64 0.0.0.0/0 – NAT Gateway, 10.0.0.0/20 – local 4 DBPrivate2 Private US-East-1b 10.0.11.64/26 64 0.0.0.0/0 – NAT Gateway, 10.0.0.0/20 – local
 

6.Instance Details

 
Tier Tag* OS Type Size Justification # of instances User Data? Web Key = Name Value = web? tier Windows server 2016 T2.medium 2 vCPU, 4 GB RAM 2 App Key = Name Value = app?tier Windows server 2016 T2.large 2 vCPU, 8 GB RAM 2 DB Key = Name Value = db?tier Windows server 2016 Db.T2.large 2 vCPU, 8 GB RAM 2 Yes
 

7.Load Balancer Details

 

Load Balancer Name External/Internal Subnets SG Name Rule Source For Web tier Web-elb External Public Subnets Web-elbsg Port- 443 0.0.0.0/0 For App tier App-elb Internal Private Subnets App-elbsg Port 80, 443 Web-tiersg

 

8.Security Groups

 
Instance Tier SG Name Rule Source Web Tier Web-tier-sg Port- 80, 443 Web-elb App Tier App-tier-sg Port 80, 443 App-elb Database Tier Db-tier-sg Port – Database port App-tier-sg

 

9.Auto Scaling lunch Configuration

 
Tier OS Type Size Configuration Name Role Security Group Web Windows Server – 2016 T2.medium 2 vCPU, 4 GiB RAM WebTier Web-tiersg App Windows Server – 2016 T2.large 2 vCPU, 8 GiB RAM AppTier App-tiersg
 

10.Auto Scaling Groups

 

Tier Launch Configuration Group Name Group Size VPC Subnets ELB Tags Web WebTier WebTier Desired – 2 Minimum – 2 Maximum -4 10.0.0.0/20 10.0.2.0/23 10.0.4.0/23 Webelb KeyName, ValueWebtierscalinggroup App AppTier AppTier Desired – 2 Minimum – 2 Maximum -4 10.0.0.0/20 10.0.6.0/23 10.0.8.0/23 Appelb KeyName, ValueApptierscalinggroup
 

 

 
 
 

Place your order
(550 words)

Approximate price: $22

Homework help cost calculator

600 words
We'll send you the complete homework by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 customer support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • 4 hour deadline
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 300 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more