AWS CDK or Cloud Development Kit allows you to create and manage your AWS resources programmatically using popular languages like Java, Python, JavaScript, TypeScript, and C#.

This concept is also known as IaC (Infrastructure as Code) i.e. manage your infrastructure as code to promote automation and minimize manual errors.

You can think of CDK as an alternative to creating CloudFormation templates.

Why CDK over Cloudformation?

1. With Cloudformation you have a single JSON or YAML file in which you define the full configuration of your resources. This file can quickly get too large to be able to manage efficiently.
   With CDK, you can manage your resources with multiple files and structures like any application.
2. You can take advantage of the features of programming languages like loops, libraries, if-else constructs to write less code and do more aka. the DRY principle (Don’t Repeat Yourself).
3. Easier to work in a team and get code completion support in IDEs.
4. Write code in Object-Oriented style rather than JSON or YAML.
5. In the same CDK project, you can keep scripts to create non-AWS resources like RabbitMQ, Redis, etc. Hence, you can write scripts to manage your entire infra along with AWS resources.

Under the hood, CDK generates a Cloudformation template from the code and uses this template to launch resources in AWS. It just saves us the trouble of creating it directly. This way you can verify the infrastructure that is going to be created.

In this article, we are going to create a custom VPC with the following resources —

• One VPC
• Two subnets — one public and one private
• Two EC2 instances — one in each subnet
• One NACL (Network Access Control List) — We will use the default one which is automatically created upon VPC creation.
• One Custom Route Table
• One Security Group

Prerequisites

To get started with CDK make sure you have —

1. An AWS account
2. Installed CDK CLI and configured Access Keys
3. Generated an EC2 key pair named us-east-1-key in the Northern Virginia region. This key will be used to launch instances.

Note — All the resources created in this article are covered in the AWS Free tier so you won’t be charged if your Free tier is active and you delete the resources after completing the tutorial.

Create a new CDK Project

mkdir vpc
cd vpc

cdk init app --language python

# create new virtual environment
python3 -m venv .env

# for Mac/Linux
source .env/bin/activate

# for Windows
.env\Scripts\activate.bat

# install required dependencies
pip install -r requirements.txt
pip install aws_cdk.aws_ec2

# to add the newly installed dependency to requirements file
pip freeze > requirements.txt

The above commands do the following —

1. Create a new CDK project with the app template in python language.
2. Create a new virtual environment and switch to it.
3. Install the dependencies required to create AWS resources.
4. Add the newly installed dependencies to the requirements file.

After running the above commands your project structure should look like this-

There are a number of ways to work with CDK. I prefer to use the Cloudformation constructs in CDK to create resources and configuration files to store the configuration of my resources.

Why use Cloudformation constructs? Because they provide you more control over the configuration of your resources (at least for now, but this may change as CDK gets updated).

Store configuration of resources

We will store the configuration of our resources in a file named config.py inside the inner vpc directory.

The above configuration contains the following information —

1. Name of entities like VPC, Internet Gateway, Route Table, Subnets, Instances, Key Pair, Security Group, and region.
2. Routes for our custom route table. We have only a single route for our custom route table that allows traffic through the internet gateway.
3. Security group configuration. We allow inbound access from the internet to SSH (22), HTTP (80), and HTTPS (443).
4. Subnet configuration. We launch the public subnet in the AZ us-east-1a and the private subnet in the AZ us-east-1b
5. Instance configuration. We launch one EC2 instance in each subnet.
6. For this example, I am using the Bitnami WordPress AMI located in the Northern Virginia region.

Creating Resources

It's time to write code to create the resources from the above configuration. We will write the code to create resources in the vpc_stack.py file.

In the above-embedded file, you can see that different methods have been defined to create different types of resources using our configuration.

To create resources, the __init__method will be called. Notice the sequence in which other methods are called in the __init__ method. This sequence matters since a VPC must be created before creating resources inside it. In the same way, a subnet must be created before creating instances inside it.

This is only one of the many ways to create CDK resources and you can prefer any other approach that suits best to you.

You can check out the CDK docs to figure out which Class to use to create which resource.

Deploying Project

The CDK CLI provides a few tools that can help you to debug, deploy, and destroy the CDK resources.

cdk synth

This command creates a Cloudformation template corresponding to your CDK code. It can come real handy while debugging your code.

cdk diff

This command shows you the difference between the current state of your infra and the new state if you deploy the current code. Always run this command before deploying!

cdk deploy

This command is used to generate a Cloudformation template from your code and deploy a Cloudformation Stack to create resources.

cdk destroy

As you would have already guessed, this command is used to destroy all the resources in your Cloudformation stack.

For making updates to your infra use the cdk deploy command instead.

Note — Don’t forget to run this command once you have completed this tutorial.

You can now verify the creation of resources in your AWS account via the console.

You can check out this project on Github.

abkunal/custom-vpc-cdk

References

1. Your first AWS CDK App
2. CDK Docs

I hope you learned something from this article, if you have doubts or feedback, do comment below!

Thanks a lot for reading this article. If you liked it, please give a few claps so it reaches more people who would benefit from it!

Creating a Custom VPC with AWS CDK was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

An APM (Application Performance Management) is used to monitor and manage the performance and availability of software applications.

You can use it to figure out things like — time taken by an API, the time taken to run a database query, the time taken to run a function, etc.

Recently at SquadStack, we replaced New Relic APM with the Elastic APM. The main problem that we faced wasn’t the integration but to optimize the APM and Elasticsearch such that they don’t go down or drop APM events reported by the servers.

We spent hours and days searching and testing different ways to optimize.

In this article, I will discuss all the optimizations we considered/made to make sure that Elastic APM and Elasticsearch work smoothly.

APM Agent Configuration

Let’s first discuss the different changes that you can make to your APM agent configuration.

TRANSACTION_MAX_SPANS

This specifies the maximum number of spans that can be collected by the APM agent in a single transaction.

The higher the value, the more data is collected by the agent, and the more load it puts on your application servers and the APM server (in terms of RAM).

Depending on your use case you can change its value or monitor the number of average spans you get per transaction and tweak it. The default value is 500

STACK_TRACE_LIMIT

This refers to the number of frames captured for each stack trace. A higher value results in more data being collected by the agent, and hence more load on your application and APM server.

The default value is 500

SPAN_FRAMES_MIN_DURATION

Specifies the minimum duration of a span for which the stack trace will be collected.

Eg — If the value is 100 ms, then for spans with duration < 100 ms no stack trace will be collected.

A higher value results in less amount of data getting collected hence minimizing the load on your application and APM server.

The default value is "5ms".

API_REQUEST_SIZE

The APM agent works smartly and collects the data in a buffer before sending it to the APM server. With this parameter, you can limit the max. size of the collected buffer.

If you observe a spike in the RAM of your application servers after integrating with APM then you may want to tweak the value of this parameter. At any time multiple buffers are collected and stored in the RAM.

Sometimes even your servers may go down because of this. In that case, decrease the value of this parameter so that data can be sent quickly in small chunks.

The default value is "768kb"

API_REQUEST_TIME

This refers to the max. queue time of the request buffer before sending the request to the APM server.

This parameter works well along with the above parameter. Decrease the value of both of them and you can reduce the load on your application servers.

But now that we have increased the number of API requests, the load shifts on the APM server.

The default value is "10s"

TRANSACTION_SAMPLE_RATE

If you are receiving a lot of data than what you can store then consider changing the sample rate of the transactions.

By default, the data of all transactions are reported to the APM server. You can change the value of this parameter to sample only a percentage of transactions.

Eg — A value of 0.8 means to send the data of only 80% of the transactions to the APM server. The default value is 1.0

CAPTURE_HEADERS

If you don't need to store the headers of your HTTP requests then you can disable their collection. This will take off some load from the APM agent and server.

The default value is "true"

SERVER_TIMEOUT

This specifies the timeout for requests to the APM server. If your APM server is under a heavy load then the agent may not be able to establish the connection quickly.

If you get exceptions like “Server timed out” or “connection failed to APM server” then consider increasing this value.

The default value is "5s" (seconds)

APM Server Configuration

Now that you are done tweaking the APM agent config let’s look at the changes that we can make to the apm-server.yml configuration file of the APM server.

You can run locate apm-server.yml to find the location of this file on the instance on which your APM server is running.

If your APM server cannot keep up with the rate at which the agents are sending events then you can tweak the following parameter s—

apm-server.max_event_size

This denotes the max. size of a single event that can be processed by the APM server. If you observe an exception related to the max. event size then increasing its value may resolve it.

The default value is 307200 bytes.

apm-server.idle_timeout

This denotes the max. amount of time to wait for the next incoming request before the underlying connection is closed.

You can increase this value to limit connection failures to the server. The default value is 45s (seconds)

apm-server.read_timeout | apm-server.write_timeout

They denote the max. duration for reading an entire request and writing a response.

Their value can be increased like the idle timeout to minimize connection failures. They are particularly useful when your APM server is under a heavy load and cannot process incoming requests quickly.

The default value of both the parameters is 30s (seconds)

queue.mem.events

If the rate of events becomes higher than the speed with which Elasticsearch can process them then events can be queued. Higher values prevent events to be lost but may take a large amount of RAM during high traffic.

This is one of the most common parameters of APM that you will be changing according to the load on your APM server.

The more servers you integrate with APM, the more number of events the APM server will receive. If you don’t want to scale up your Elasticsearch cluster then you can increase the queue size to hold the events temporarily at the APM server.

The default value is 4096 which is quite low.

If your Elasticsearch cluster cannot keep up with the rate at which the APM server is receiving events then you can tweak the following parameters —

output.elasticsearch.worker

It represents the number of APM processing workers per Elasticsearch host. More workers prevent the APM queue from filling if Elasticsearch can keep up with indexing.

The default value is 1

output.elasticsearch.bulk_max_size

It represents the maximum number of events to bulk in a single Elasticsearch bulk API index request.

It’s always recommended to send APM events in bulk to Elasticsearch however the default value is just 50.

Consider increasing this to a significant number depending on your load.

output.elasticsearch.timeout

If requests from the APM server to Elasticsearch are failing then consider increasing its value.

The default value is 90

Here’s an example configuration file —

Notes

• You can set the logging level to “error” if you don’t have compliance issues to log only errors in the apm server log file. By default the log level is “info” and all the API hits by the APM agents are logged.
  If you are receiving 1000s of API requests per minute then you may observe log files taking 10s of GBs of space in a single day.
• It’s recommended that you enable x-pack monitoring for APM to monitoring your APM server in Kibana’s stack monitoring page.
  You can observe some pretty cool metrics there like — Request rate, System load, CPU and Memory Utilization, Processed Events rate, etc.

Optimizing Elasticsearch

There are a few changes that you can make to Elasticsearch to optimize it for APM.

Set appropriate JVM Heap Size

Elasticsearch is built on Java and runs on JVM. You can limit how much RAM Elasticsearch can consume from jvm.options file.

You can run locate jvm.options to find the location of this file on the Elasticsearch node.

It’s recommended to set this value to half of the server’s RAM.

For Example — If your server has 32 GB of RAM then you should allocate 16 GB of RAM to Elasticsearch.

# You should always set the min and max JVM heap
# size to the same value.

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms16g
-Xmx16g

The rest of the RAM can be used by the OS, Kibana, and Elasticsearch for searching.

Set Number of Replicas

The number of replicas directly affects the indexing speed of an index in Elasticsearch. The less number of replicas you have, the faster is the indexing.

If you have only a single Node in the Elasticsearch cluster then there is no need for replicas and you can set them to zero.

You can set this using the Elasticsearch APIs on the ES node.

curl -XPUT 'http://127.0.0.1:9200/_all/_settings?preserve_existing=true' -H "Content-Type: application/json"  -d '{
  
  "index.number_of_replicas" : 0,
  "index.auto_expand_replicas": "0-1"

}'

Note — Only set replicas to zero if you have a single node in the Elasticsearch cluster.

Update Index Refresh Interval

As data is indexed in Elasticsearch it is available for search after some amount of time. By default this time is 1 second, i.e. after every second, the index is refreshed so that data is queryable.

Having a less refresh interval puts pressure on Elasticsearch and if your cluster is write-heavy instead of read-heavy then you can set this value to something like 30 seconds. So any data will be available for searching after 30 seconds of being indexed.

curl -XPUT 'http://127.0.0.1:9200/_all/_settings?preserve_existing=true' -H "Content-Type: application/json"  -d '{

  "index.refresh_interval" : "30s

}'

The above API calls apply the changes only to the existing indexes and not to future indexes. To apply these changes to future indexes as well you can create a template like this —

curl -XPUT "http://127.0.0.1:9200/_template/zeroreplicas" -H "Content-Type: application/json" -d '{

    "template" : "*",
    "settings" : {
      "number_of_replicas" : 0,
      "refresh_interval": "30s"
    }

}'

Increase Max. File Descriptors

Elasticsearch uses a lot of file descriptors and when if it runs out of them then data can be lost hence make sure to always keep this value much higher than the average usage of ES.

You can check the settings of all of your nodes by running the following command in the ES console under the Dev tools sidebar in Kibana

GET _nodes/stats/process?filter_path=**.max_file_descriptors

To see the current file descriptor percentage usage run the following command

GET _cat/nodes?v&h=fileDescriptorPercent

If you observe a high usage then consider increasing this value in the elasticsearch.service file. You can find this file inside/etc/systemd/system or /etc/systemd/system/multi-user.target.wants folder.

# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=120000

Setting up and optimizing Elastic APM isn't so simple. It takes time to observe your transaction patterns and tweak the configuration until the system becomes stable.

If your APM server or Elasticsearch cluster still cannot handle the traffic then consider scaling your APM server or Elasticsearch cluster using Vertical (increasing CPUs and RAM on the same server) or Horizontal scaling (increasing the number of machines running APM server and Elasticsearch).

Also, Elasticsearch is highly CPU and IO intensive so make sure your instance has enough CPUs for maximum performance. You may consider m5 or c5 instance family (for AWS) for these. Although Elastic Cloud uses io family for ES, they are quite costly.

On the other side, the APM server uses minimal CPU and may require more RAM because of the events queue. So, t3 and r5 instances (for AWS) could be a better choice for them.

If you have any further questions/suggestions feel free to leave a comment or reach me out at kunal.yadav (at) squadrun (dot) co. If you’ll like to work with us, check out squadstack.com/careers/ for more.

References

• Tune APM Server
• Tune Elasticsearch for Indexing Speed
• Elasticsearch Heap Size
• APM Server Common Problems
• Monitor Elasticsearch Performance Metrics
• Optimizing Elasticsearch

Thanks a lot for reading this article. If you liked it, please give a few claps so it reaches more people who would benefit from it!

How to Optimize Elastic APM was originally published in SquadStack Engineering on Medium, where people are continuing the conversation by highlighting and responding to this story.

An APM (Application Performance Management) is used to monitor and manage the performance and availability of software applications.

You can use it to figure out things like — time taken by an API, the time taken to run a database query, the time taken to run a function, etc.

To improve the performance of a system you first need to measure the performance in some way and APM can be used to do just that.

There are different APMs available in the market but here we will be discussing how to integrate New Relic APM with UWSGI for your Django/Flask Applications, so let’s get started.

Install the New Relic python library

pip install newrelic

Create a New Relic configuration file

You can use the following command to generate a New Relic configuration command, just replace YOUR-LICENSE-KEY with your account’s license key.

newrelic-admin generate-config YOUR-LICENSE-KEY newrelic.ini

Define Environments

Now, it’s time to define the different environments that you would like to monitor. Examples of this could be — production app servers, production celery servers, staging, etc.

To do so, open the newrelic.ini file and scroll to the bottom. You should see some dummy environments listed like development and test.

Here you can define your environments like this:

[newrelic:production-app]
app_name = myapp (production)
monitor_mode = true

[newrelic:production-celery]
app_name = myapp (celery)
monitor_mode = true

Here, production-app is what you will pass to your UWSGI config as the environment variable NEW_RELIC_ENVIRONMENT

app_name is the name by which you will see your application in the New Relic APM dashboard and monitor_mode indicates whether New Relic will send the data about your app to the New Relic collector.

Now that you are done with the New Relic configuration it’s time to make changes to your UWSGI config. Here I am covering the integration of two popular ways of running UWSGI.

Using systemd

You need to make two changes in your systemctl configuration.

In the Environment option, you need to define two environment variables as done in the above config file:

1. NEW_RELIC_CONFIG_FILE — Absolute path to the New Relic configuration file.
2. NEW_RELIC_ENVIRONMENT — Name of the environment as specified in the configuration file.

In the ExecStart option, you just need to prepend your UWSGI command with the newrelic-admin run-program

Now, since this is a systemctl configuration, so you need to give the absolute path to the newrelic-admin (New Relic admin is available as a binary file once you install New Relic with pip).

Now reload the configuration with the following command and restart your uwsgi service:

sudo systemctl daemon-reload
sudo systemctl restart uwsgi

Using supervisor

Like systemctl here also you need to make two changes.

In the environment option, you need to define two environment variables as done in the above config file — NEW_RELIC_CONFIG_FILE and NEW_RELIC_ENVIRONMENT

In the command option, you just need to prepend your UWSGI command with the newrelic-admin run-program (specify absolute path)

Now restart supervisor with the following command:

sudo systemctl restart supervisor

You can also use the supervisorctl command.

It may take 15–20 minutes to see the data in the New Relic APM dashboard. If you don’t receive any data then do check the UWSGI logs to debug.

If you run celery with the supervisor then you can follow the same steps of the supervisor config (define environment variables and prepend New Relic Admin) and it should work perfectly.

I hope you are able to configure New Relic and didn’t spend two hours struggling like me :P
If you are facing some issues, do let me know in the comments!

Thanks a lot for reading this article. If you liked it, please give a few claps so it reaches more people who would benefit from it!

Integrating New Relic APM with UWSGI was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

Hi Everyone, in the last article we discussed the different VPC terminologies. That may have given you a high-level idea about a VPC in AWS.

In this article, we are going to create a custom VPC with a public and a private subnet. Each subnet will have an EC2 instance (with WordPress installed) inside it.

The instance in the public subnet will be accessible via the internet while the instance in the private subnet won’t be. The following is the architecture that we are going to build.

Creating a Custom VPC

Log into your AWS console, select the region in which you would like to create a VPC (in this case I am using Northern Virginia) and select VPC.

Now, click on Your VPCs in the left sidebar and then click on Create VPC.

Give a name to your VPC and the IPv4 CIDR block that you would like. You can also give an IPv6 CIDR block if you want but for this example, I am going by the default selection.

You can enforce the tenancy of EC2 instances launched in this VPC. If you select dedicated then all your instances will be launched on dedicated tenancy instances (more cost). If you select the Default option then instances will use the tenancy option selected while launching them.

Click on the Create button to create your custom VPC!

Now, you can see your custom VPC along with the default VPC.

When you create a new VPC, a Network Access Control List (NACL) and the main Route Table is created by default.

Creating Subnets

Now that we have created our custom VPC, let’s create our public and private subnets by selecting the Subnets tab from the left sidebar and clicking on the Create Subnet button.

Let’s first create the public subnet. You can give it a friendly name to easily identify it, then select the custom VPC and an IPv4 CIDR block for this subnet. Here, I am selecting 10.0.1.0/24 as the CIDR block.

You can also select the AZ in which you would like to create this subnet since a subnet always maps to one AZ.

Once done, click on the Create button to create the subnet.

In a similar way, you can now create a private subnet.

By default, subnets have the Auto-Assign Public IP setting as disabled. Let’s enable this for our public subnet by selecting it and clicking on the Actions dropdown at the top and selecting Modify auto-assign IP settings.

Now, select the checkbox and click on the Save button.

Create an Internet Gateway

Without an internet gateway attached, any instance created inside that VPC cannot be accessed via the internet.

To create an internet gateway go to the Internet Gateways tab in the left sidebar and click on Create Internet Gateway at the top. Give a name to your internet gateway and click on the Save button.

You can see that the gateway is detached. You need to attach the internet gateway with your custom VPC. You can do this by selecting it, clicking on the Actions dropdown at the top and selecting Attach to VPC.

Then select your custom VPC and click on the Attach button.

Create a Route Table

For security reasons, it is recommended to leave the main route table as it is. Hence, we will be creating a new route table for our custom VPC and allow internet access to our public subnet through it.

Let’s head to the Route Tables tab from the left sidebar and click on the Create route table button at the top.

Give a name to your route table, select the custom VPC and click on the Save button.

Associate subnet with Route Table

By default, all subnets are associated with the main route table. Let's associate the public subnet with the custom route table by selecting it and navigating to the Subnet Associations tab at the bottom.

Click on the Edit subnet associations and select the public subnet and click on the Save button.

Create Route to allow internet access

Now to allow internet access to our public subnet we need to create a new Route for our custom route table.

Select the custom route table and navigate to the Routes tab at the bottom. Click on the Edit Routes button and add a new Route with the destination as 0.0.0.0/0 i.e. the Internet and Target as the attached internet gateway.

Save the Routes and now your public subnet has internet access.

Launch Instances

It’s time to launch our instances. Head over to the EC2 dashboard and click on Launch Instance.

Select the WordPress Certified by Bitnami and Automattic from the AWS Marketplace and choose an instance type. I am choosing the t2.micro here since it’s available in the Free Tier.

In the next step select the custom VPC as the network and the public subnet as the subnet. Now, in the field just below the subnet, you can see the field Auto-assign Public IP and its value is set to the subnet setting.

Since in our subnet, we enabled this option so the default option here is Enable.

Now, add some storage and give some name to your instance (I am giving public-instance).

Create a Security Group

Now create a security group with ports 22, 80 and 443 open to the internet. I am opening port 22 since we are going to SSH from our public instance into our private instance but for better security SSH should only be open for your particular IP.

Click on Review and Launch and Launch the instance by creating a key pair.

Now, to create a private instance, select the same AMI and instance type. Just this time select the private subnet to launch the instance.

You can see that for the private subnet the Auto-assign Public IP is disabled by default.

Now, add some storage, give some name to your instance, select the same security group that you used for the public instance and launch the instance with the same key.

Once both the instances are running you can see that only the public instance has an IPv4 Public IP.

If you open this IP in the browser you will see your new WordPress blog!

Since your private instance does not have a public IP address you won’t be able to see its WordPress blog from the browser.

SSH into Instances

It’s time to SSH into your instances but since your private instance does not have a public IP address you won’t be able to SSH into it directly from your system.

So lets first SSH into the public instance.

To confirm that your instance has internet access you can run sudo apt-get update and see that it’s working.

Now, that we are inside the public subnet we should be able to SSH into our private subnet since by default instances within a VPC can communicate with each other.

To SSH, we need the private key, so create a .pem file and copy the contents of your downloaded PEM file in it. You can do create a new file by typing the following commands

• vi private.pem to open VIM
• Press i to enter insert mode of VIM
• Copy the content of your downloaded PEM file and paste in the terminal using Command + V on Mac and Ctrl + Shift + V on Linux
• Press Escape key to exit the insert mode and type :wq to save the file and quit
• Now, type chmod 600 private.pem to limit permissions of the file

To SSH into the private instance, type the following command

ssh ubuntu@<private-IP-of-private-instance> -i private.pem

You can find the private IP of an instance from the Description tab after selecting an instance. In my case the private IP of the private instance is 10.0.3.171

Now we are in the terminal of our private instance. To confirm that our private instance does not have access to the internet let’s run the same command sudo apt-get update

You will notice that it will either timeout or show some error.

Applications of Private Subnets

Now, that you have seen a private subnet lets see why would you use one

1. Databases — One of the most common use cases would be hosting your database in the private subnets while your web servers are hosted on the public subnets. This way you restrict the internet access to your databases hence providing an additional layer of security.
2. Application Servers — Let's say you have application servers that handle logic and interact with your databases. Now, your web servers can pass on jobs to your application servers present in the private subnet.

Outbound Internet Access to Private Instances

Your private instances may need outbound internet access to keep the system up to date. You can do so by creating a NAT Gateway. They allow only outbound internet access to your private instances while blocking all inbound internet access to them.

Wrap Up

Now, that you have learned how to create a custom VPC with public and private subnets its time to terminate the whole set up.

1. Terminate Your EC2 instances
2. Once your instances have been terminated go to your VPC dashboard, select your custom VPC, Click on Actions button at the top and select Delete VPC option.

Click on Delete VPC again and it will delete your VPC along with all its resources.

I hope you learned something from this article, if you have doubts or feedback, do comment below!

Thanks a lot for reading this article. If you liked it, please give a few claps so it reaches more people who would benefit from it!

Creating a Custom VPC in AWS was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

VPC or Virtual Private Cloud is one of the most important services offered by AWS. It is also important from the security point of view for any company or startup.

You can think of VPC as your own virtual data center in the cloud. You have complete control over the virtual networking environment, like IP address range, subnets, the configuration of Network Access Control Lists (NACLs), Route Tables, Security Groups, and Network Gateways.

In this article, we are going to discuss the terminologies used when dealing with the VPC.

Having an idea about the different terminologies will you in understanding the features and working of VPC.

To get started login to your AWS account and select VPC in the Services tab at the top-left of the page.

VPC Dashboard — It gives a quick overview of your VPCs and in the current region.

Virtual Private Cloud

Your VPCs — It shows all the VPCs created in the given region. By default, each region comes with a default VPC to quickly allow you to launch instances. For the production systems, it is recommended to create a custom VPC and launch services in it to provide better security.

Subnets — A subnet represents an availability zone in a VPC and is associated with only one availability zone. So, if a region has 3 AZs then three subnets can be created one for each availability zone. While launching instances in a region you can choose the subnet in which you would like to launch an instance.

Route Tables — A Route table defines a set of rules called routes, that is used to determine where network traffic is directed in your VPC. Each subnet is always associated with a Route table and Route tables can span across multiple availability zones (subnets).

Every VPC has the Main Route Table in it. When you create a custom VPC, the Main Route Table is created by default.

Internet Gateways — To provide internet access to your VPC you need to attach an internet gateway to a Route Table. In the Main Route Table of the default VPC, an internet gateway is attached by default hence allowing you to launch instances easily. By default, all subnets are associated with the Main Route Table.

Egress Only Internet Gateways — These are internet gateways that only allow outbound communication over IPv6 from instances in your VPC to the internet and blocks the internet from initiating an IPv6 connection with your instances.

These can be used in case you have some application server that does not have a public IPv4 address but has an IPv6 address and you would like to allow this instance to access internet to keep the system updated and install patches while at the same time prevent someone from the internet to send a request to this instance.

DHCP Options Set — If you would like to provide your own DHCP configuration parameters like domain name and DNS, you can create a DHCP Options set and associate it with your VPC. It’s an advanced setting and you may or may not use it based on your network architecture.

Elastic IPs —These are the static public IPv4 addresses that you can assign to your EC2 instances. Once attached the IP address of an EC2 instance doesn’t change if stopped and started again. By default, you can create only 5 Elastic IPs per region. You can get this limit increased by contacting AWS support and telling them about your use case.

Endpoints — It enables you to privately connect your VPC to supported AWS services without requiring internet access. The traffic between your VPC and other services does not leave the Amazon network.

For example — let’s say you have a private subnet (whose Route Table does not have an internet gateway attached), and you have an instance in it (with no public IP address). Now you would like that instance to be able to access S3, in that case, you use VPC endpoints to communicate with S3.

Endpoint Services — Now let’s say you have created a system that does video transcoding and you have private instances in your VPC that would like to send videos to this system for transcoding. In that case, you can configure this system as AWS PrivateLink powered service or endpoint service.

NAT Gateways — They can be used to allow instances in a private subnet to connect to the internet or other AWS services but block the internet from initiating a connection with those instances. They only support IPv4 traffic.

Peering Connections — Let’s say you have two VPCs in the same or different region or even in different AWS accounts. And you would like them to communicate with each other privately (without traffic going through the internet). In that case, you can create a peering connection between these VPCs.

One thing to note here is that Transitive Peering is not supported. Hence it is necessary to create a peering connection between VPC B and C in the above diagram for them to communicate with each other, VPC B cannot communicate with VPC C through VPC A.

Security

Network ACLs (NACLs)— Stands for Network Access Control Lists. They are associated with subnets and provide an additional layer of security by acting as a Firewall for your subnets. You create rules for inbound and outbound access for your subnets. They can be used to both allow as well as deny access.

They are stateless i.e. if you create an inbound rule for a port then an outbound rule for the same port is not created automatically. You can also block individual IP addresses using them.

Security Groups — These are associated with instances in the subnets and acts as a Firewall for your instances. By default, security groups deny all inbound access and can only be used to allow inbound access and not deny.

Unlike NACLs, these are stateful i.e. if you create an inbound rule for a port then an outbound rule for the same port is create automatically.

Virtual Private Network (VPN)

If you have on-premises systems that you would like to connect to your VPC then you can create a Site-to-Site VPN connection.

Customer Gateways — It is the AWS resource that provides AWS information about the Customer Gateway Device. The Customer Gateway Device is a physical or software application on the customer side of the Site-to-Site VPN connection.

Virtual Private Gateways (VGW)— Like Customer Gateway provides information about the Customer’s side of the connection, VGW acts the resource on the AWS side of the Site-to-Site VPN connection.

Site-to-Site VPN Connections — These are the VPN connections between VPC and your on-premises systems.

Client VPN Endpoints — Site-to-Site VPN allows AWS to connect to your on-premises system and vice-versa, but if you would like to connect to this network from anywhere around the world you would need to create a client VPN endpoint. Using this endpoint, clients can securely connect to this VPN network.

Transit Gateways

This is an advanced concept and you should check out AWS docs to learn more about this.

With a VPC peering connection, you can only connect two VPCs with each other. If you want to connect a new VPC to these two VPC, you would need to create two new peering connections since transitive peering is not supported.

In the same way, with Site-to-Site VPN, you would need to create a new connection to connect any two networks.

If you have a large number of on-premises systems and VPCs across multiple AWS accounts, it would become cumbersome to create and manage these connections.

With Transit Gateway, you only have to create and manage a single connection from the central gateway to each Amazon VPC and on-premises data center. Any new VPC or on-premises center is simply connected to the Transit Gateway and is then automatically available to every other network that is connected to the Transit Gateway.

Transit Gateway Attachments — These are the different attachments that you have created for your transit gateway. Attachment can be a VPC, VPN or a peering connection.

Transit Gateway Route Tables — These route tables include dynamic and static routes that decide the next hop based on the destination IP address of the packet. The targets of these routes could be a VPC or VPN connection.

Transit Gateway multicast domains — Multicast is a communication protocol used for delivering a single stream of data to multiple receiving computers simultaneously.

In this case, it can be used to route multicast traffic between subnets of the attached VPCs.

A Multicast domain allows the segmentation of a multicast network into different domains and makes the transit gateway act as multiple multicast routers.

Network Manager — It lets you centrally manage your network across AWS and on-premises centers by visualizing your global network in a centralized dashboard, as a logical diagram or a geographic map.

Traffic Mirroring

This is a VPC feature that can be used to copy network traffic from an elastic network interface (ENI) of EC2 instances. This traffic can then be sent to security and monitoring appliances for Content inspection, Threat Monitoring, and Troubleshooting.

Mirror Sessions — It replicates traffic from a specified source to a target.

Mirror Targets — It is the destination that replicated traffic from your session will go to.

Mirror Filters — It helps you control what gets replicated from your session.

Now that we know about the different terminologies of VPC we can go ahead and get hands-on experience with working on VPC. We will do that in the next article!

I hope you learned something from this article, if you have doubts, do comment below!

References

1. Amazon VPC
2. Transit Gateway
3. Traffic Mirroring

Thanks a lot for reading this article. If you liked it, please give a few claps so it reaches more people who would benefit from it!

Understanding Amazon VPC Terminology was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

On the night of 7th December 2019, I faced the most shocking moment of my life. I and my roommate found the body of one of our flatmates who was dead for two days!

The thing is I live in a 4 BHK flat in Jasola Vihar in Delhi. In that flat 5 people live -
Room 1 — me and my roommate (let’s call him A)
Room 2 — only one person lives here, let’s call him V
Room 3 — Two people live here, D and P
Room 4 — empty (repairing work going on)

It all started on the night of 5th December, I reached home at around 9:30 PM and found that the main door of the house was locked. This was quite strange because we guys never lock the main door since we all come at different times and the maid and cleaning lady also come before anyone returns from the office. On the same day, D left for Pune.

At that time I thought maybe nobody is at home and that’s why someone locked the main door. So, I opened it with my keys and went to my room and found that my roommate was already inside. I asked him did you locked the main door? He said no he didn’t and he came at around 8:15 PM, at that time the main door was unlocked. We thought maybe D or P had left somewhere for the weekend and that’s why they locked the door. Also, Room 3 was also locked on that day.

Now that night passed, the next day I went for my office outing and my roommate went to his office. At night V left for Jaipur because of some Family problems.

Then on the night of 7th December at around 9 PM, we were waiting for our dinner to be delivered and at that time a person (let’s call him PK) showed up and said that he is looking for P. He told us that he hasn’t shown up to office for the past two days and is not answering anyone’s phone (office + home). He saw him last on the evening of 5th December when he left the office.

At that time we called D (roommate of P) to ask him whether he has any idea where he is or where can he go. He didn’t have any idea about that. We also called P’s phone, it was ringing but no one picked it up. We also talked to the caretaker and he also didn’t have any idea. Last time he saw P leaving for office on 5th December morning.

After 25 mins at 9:25 PM, the Uncle of P came to the flat and he said that he was looking for P. There was no communication from P to his family in the last two days. At that time we all got worried. Room 3 was locked so we talked to Nestaway’s area manager and he told me that we can only get the spare key of the room the next day once the office opens.

At that time we thought of listening for the phone ringtone near Room 3’s front and back door. We tried calling multiple times and found that something was ringing inside that room. We got really scared at that time and decided we gotta see inside the room somehow. First, we tried breaking the back door but it was too sturdy. Then we tried breaking the window near the back door.

So I, along with the Uncle of P pulled the window (it had two latches, one at the top and another at the bottom, but the only bottom one was locked). After pulling it too hard the bottom latch came off. I opened the window, the Uncle had turned the flashlight on his phone. We smelled some really fouled smell and saw that there was a body on the bed covered in a blanket!

The adrenaline rushed through my body and I was shocked and scared a lot! I almost had a mini heart attack. I said, “What the Fuck!”

The Uncle was shocked and panicked saying “Oh my God, Oh my God, he is dead!”.

He immediately called the police, we informed A, PK and house caretaker about the situation, everyone was shocked and we decided that no one will go inside the room until the police arrive.

We informed D and V about what happened and they were also shocked!

After about 30 mins a police sergeant and Ambulance showed up. They went through the back window and opened the door from the inside (the door can be locked from inside without a key and from outside with key).

The doctors who came with the police took the blanket off of P and found that his whole body was swollen and there were dark blue and black lines throughout his body and informed that he died because of some kind of poison.

Then the doctors left since they deal with the situation where someone is alive but now it had to be handed over to the police for the investigation.

After around 30 mins another police sergeant came, saw the body and took our statements. We also discussed if anyone knew about some personal problems or depression P was facing but he was really introverted and it didn’t felt like he had some personal problems going on.

The sergeants informed the crime team and they reached the flat after about an hour. They took some pictures, asked us the story so far and flipped the body upwards. No one was able to stand in the room without a mask, it was really stinking. They found that his whole body had swollen and there was blood coming out of P’s eye and white stuff coming out of his mouth (the sign of poison we usually see in movies/TV).

I didn’t get a look at his face as I was scared and shocked as hell at that time and didn’t enter the room. At around 12 AM, somehow we had dinner and we were also having a headache, maybe because of the smell.

The Uncle of P called for an Ambulance from AIIMS since the body has to be taken for the Postmortem. At around 3:30 AM the Ambulance came and somehow they took the swollen heavy body and police sealed the room.

I can’t believe we had been living in the same flat with a dead body in the next room for 2 days!

Now the body is gone but it’s still hard to believe that the person we used to see every day and say Hi to isn’t in this world anymore.

It seems these days the mental problems should be taken as seriously as the physical body problems. It’s not clear why P committed suicide since we didn’t know him so well but depression and stress seem to be the most common cause of this. Today, we are so well connected with everyone through smartphones and the internet but still, we feel alone.

So, please notice the people around you, we are all fighting our battles every day. Some have it better and some have it worse but it’s the same thing for everyone. Listening to someone may help them and talk to someone about your problems may help you and prevent people from taking some drastic measures and end their life.

The Most Shocking Moment of My Life was originally published in Ascent Publication on Medium, where people are continuing the conversation by highlighting and responding to this story.

In this article, I am sharing some of the real facts and quotes that I read in Ryan Holiday’s book Ego is the Enemy.

The book is divided into three parts — Aspire, Success, and Failure. In every moment of our lives, we are present in either of these stages of life. How we manage our ego can take us from one stage to another.

The goal is to be —

1. Humble in our Aspirations.
2. Gracious in our Success.
3. Resilient in our Failure.

Aspire

For those who are aspiring to do something.

Those who know do not speak. Those who speak do not know. — Lao Tzu

• The ability to evaluate one’s own ability is the most important skills of all. Without it, improvement is impossible. And certainly, ego makes it difficult every step of the way. It is certainly more pleasurable to focus on our talents and strengths, but where does that get us? Arrogance and self-absorption inhibit growth. So does fantasy and ‘vision’.
• The only relationship between work and chatter is that one kills the other.
• We like it so much to talk about what we want to achieve or something that we are going to do. Why do we do that?
  After spending so much time thinking, explaining, and talking about a task, we start to feel that we’ve gotten closer to achieving it, although of course, we haven’t.
• Appearances are deceiving. Having authority is not the same as being an authority. Having the right and being right are not the same either. Being promoted doesn’t necessarily mean you’re doing good work and it doesn’t mean you are worthy of promotion.

Impressing people is utterly different from being truly impressive.

• The pretense of knowledge is our most dangerous vice because it prevents us from getting any better.

You can’t learn if you think you already know.

• What humans require in our ascent is purpose and realism. Purpose, you could say, is like passion with boundaries. Realism is detachment and prescriptive.
• Fundamental realities for those who are starting now — 
  1. You are not as good or as important as you think you are.
  2. You have an attitude that needs to be readjusted.
  3. Most of what you think you know or most of what you learned in books or in school is out of date or wrong.
• If you want to give feedback to your superior or question a decision do it in private so as not to offend your superior.
• Greatness comes from humble beginnings; it comes from grunt work. It means you’re the least important person in the room — until you change that with results.
• Help those above you to achieve what they want and allow them to take credit for your ideas. They will trust you a lot and you will be paid back a lot.
• The distinction between a professional and a dilettante occurs right there — when you accept that having an idea is not enough; that you must work until you are able to recreate your experience effectively in words on the page.

You can’t build a reputation on what you’re going to do.

• When you are not practicing, remember, someone somewhere is practicing, and when you meet him he will win.

Success

For those who have achieved success.

As our island of knowledge grows, so does the shore of our ignorance.

• After we give ourselves proper credit, the ego wants us to think, I’m special, I’m better. The rules don’t apply to me.
• It takes a special kind of humility to grasp that you know less, even as you know and grasp more and more. It’s remembering Socrates’ wisdom lay in the fact that he knew that he knew next to nothing.
• Humility engenders learning because it beats back the arrogance that puts blinders on. It leaves you open for truths to reveal themselves. You don’t stand in your own way… Do you know how you can tell when someone is truly humble? I believe there’s one simple test: because they consistently observe and listen, the humble improve. They don’t assume ‘I know the way’.

It’s during your moment at the top that you can afford ego the least — because the stakes are so much higher, the margins for errors are so much smaller.

• “Keep your identity small”. Make it about the work and the principles behind it — not about a glorious vision that makes a good headline.
• Instead of pretending that we are living some great story, we must remain focused on the execution — and on executing with excellence. We must shun the false crown and continue working on what got us here. Because that’s the only thing that will keep us here.
• We’re never happy with what we have, we want what others have too. We want to have more than everyone else. We start out knowing what is important to us, but once we’ve achieved it, we lose sight of our priorities. Ego sways us and can ruin us.
• All of us waste precious life doing things we don’t like, to prove ourselves to people we don’t respect, and to get things we don’t want.

It’s not about beating the other guy. It’s not about having more than the others. It’s about being what you are and being as good as possible at it, without succumbing to all the things that draw you away from it. It’s about going where you set out to go. About accomplishing the most that you’re capable of in what you choose. That’s it. No more and no less.

• Urgent and important are not synonyms.
• We never earn the right to be greedy or to pursue our interests at the expense of everyone else. To think otherwise is not only egotistical, but it’s also counter-productive.
• The Disease of Me can corrupt the most innocent climb. It’s not about you.
• We want to get to the top as fast as humanly possible. We have no patience for waiting. We’re high on getting high up the ranks. Once we’ve made it, we tend to think that ego and energy is the only way to stay there. It’s not.

Don’t be deceived by the recognition you have gotten or the amount of money in your bank account.

• We know what decisions we must make to avoid the ignominious, even pathetic end: protecting our sobriety, eschewing greed and paranoia, staying humble, retaining our sense of purpose, connecting to the larger world around us.
• Just because you did something once, doesn’t mean you’ll be able to do it successfully forever.

Failure

For those who have recently faced failure.

Almost always, your road to victory goes through a place called ‘Failure’— Bill Walsh

• Failure and adversity are relative and unique to each of us. Almost without exception, this is what life does; it takes our plans and dashes them to pieces. Sometimes once, sometimes lots of times.
• Whether what you’re going through is your fault or your problem doesn’t matter, because it’s yours to deal with right now.
• There are two types of time in our lives: dead time, when people are passive and waiting, and alive time, when people are learning and acting and utilizing every second. Every moment of failure, every moment or situation that we did not deliberately choose or control, presents this choice: Alive time. Dead time. What will it be?
• This moment is not your life. But it is a moment in your life. How will you use it?

What matters to an active man is to do the right thing; whether the right thing comes to pass should not bother him

• In life, there will be times when we do everything right, perhaps even perfectly. Yet the results will somehow be negative: failure, disrespect, jealousy, or even a resounding yawn from the world.
• It’s far better when doing good work is sufficient. In other words, the less attached we are to outcomes the better. When fulfilling our own standards is what fills us with pride and self-respect. When the effort — not the results, good or bad — is enough.

The bigger the Ego, the harder the Fall.

• Change begins by hearing the criticism and the words of the people around you. Even if those words are mean spirited, angry, or hurtful. It means weighing them, discarding the ones that don’t matter and reflecting on the ones you do.
• When we lose, we have a choice, Are we going to make this a lose-lose situation for ourselves and everyone involved? or will it be a lose…and then win?
  Because you will lose in life. It’s a fact.
• The only real failure is abandoning your principles. Killing what you love because you can’t bear to part from it is selfish and stupid. If your reputation can’t absorb a few blows, it wasn’t worth anything in the first place.
• You’re not as good as you think. You don’t have it all figured out. Stay focused. Do better.

Ego kills what we love. Sometimes, it comes close to killing us too.

• Warren Buffet has said, make a distinction between the inner scorecard and the external one. Your potential, the absolute best you’re capable of- that’s the metric to measure yourself against. Your standards are. Winning is not enough. People can get lucky and win. People can be assholes and win. Anyone can win. But not everyone is the best possible version of themselves.
• Holding your ego against a standard (inner or indifferent or whatever you want to call it) makes it less and less likely that excess or wrongdoing is going to be tolerated by you. Because it’s not about what you can get away with, it’s about what you should or shouldn’t do.
• Attempting to destroy something out of hate or ego often ensures that it will be preserved and disseminated forever.
• Hate at any point is cancer that gnaws at the very vital center of your life and your existence. It is like eroding acid that eats away the best and the objective center of your life.

Training is like sweeping the floor. Just because we’ve done it once, doesn’t mean the floor is clean forever. Every day the dust comes back. Every day we must sweep. The same is true for ego.

If you would like to read the examples of what Ego has done to people in history, do read the book Ego is the Enemy.

Thanks for reading this article. If you liked it, please give a few claps so it reaches more people who would love it!

Notes from Ryan Holiday’s Ego is the Enemy was originally published in Ascent Publication on Medium, where people are continuing the conversation by highlighting and responding to this story.

There has been a lot of talk about serverless and AWS lambda these days. More and more companies and teams are switching towards the serverless architecture for their applications.

In this article, I will be explaining serverless and we will be deploying our first hello world lambda function!

What is Serverless?

Serverless simply means that you don’t have to manage the servers on which your application runs.

You don’t have to take care of patching the system, installing antivirus software or configuring firewalls. Also, you don’t have to worry about scaling your application as the load increases. It is handled automatically!

Hence, it allows you to focus more on the functionality of your application.

Why is it better?

Normally, when you are creating a dynamic web application you usually create a server in PHP, Nodejs, Ruby or Python which interact with a database to fetch information and send it to the frontend.

Then you host this backend server on hosting providers like AWS or Azure. The problem with this approach is that your server is running 24 x 7. It is running even when no one is interacting with your application.

Because of this you end paying even for the idle time. Along with this, most of the time you are also responsible for patching the system for bugs, keeping the antivirus software updated and setting up autoscaling.

What is AWS Lambda?

This is AWS’s offering of building serverless applications. In this, you can create lambda functions that are executed only when some action is performed.

The action performed can be someone visiting your website so your functions fetch some data from the database and return the response. You can create these functions in a number of languages like Python, Nodejs, Java, Go, Ruby, C#, .NET etc.

The best part is that you only pay for the execution duration of the function. When your function is not running, you don’t have to pay anything.

Similarly to lambda, other cloud providers have their own serverless offerings like Microsoft Azure offers Azure functions and Google Cloud Platform offers Cloud Functions.

Features of Lambda

1. Pay per execution.
2. Create an event-driven architecture. Eg —Trigger your lambda function once an image is uploaded to Amazon S3 to add a watermark to the image or change its format.
3. Built-in Fault Tolerance.
4. Automatic Scaling.
5. Integrated security model (Industry compliances).

Now enough with the introduction, let’s create your first lambda function.

Creating a lambda function

1. Log in to your AWS console and select Lambda under the Compute tab. You will be taken to the lambda dashboard. You will see either of the two below images.

2. Now, let’s click on Create a function button. It will open up a form where you have to enter some basic details for your lambda function.

3. You have three ways of creating a lambda function -

a. Creating from scratch and writing all the code from starting.
b. Using a blueprint of a lambda function from common use cases
c. Choose a sample function from AWS Serverless Repository.

If you are building something that is commonly used by others then you may find a similar function in the last two options. Using them may reduce your development time.

Here I will be creating a function from scratch. Let’s fill in some details.

4. Give your function a name of your choice. Then you can select the language in which you would like to run this function. I am selecting the Node.js 8.10 here.

Now you specify an IAM role that defines what permissions your lambda function has. Eg — If your function will be interacting with S3, just give S3 access to its assigned role. Because of this your function is limited to access to S3 only and cannot interact with any other AWS service (#Security!).

For now select create a new role option and give your role a name.

Once done, click on the Create function button.

5. Your lambda function will be created now. By default, a lambda function has access to CloudWatch logs where it logs all the executions of the function along with any STDOUT based events like console.log for Nodejs and print for python.

If you scroll down, you can see your function code. By default, it just outputs “Hello from Lambda!”.

If you scroll even further, you can add environment variables, description and allocated memory to your function along with tags that help you with billing and filtering.

The timeout of your function signifies that after this much time your function will be automatically stopped if it keeps on running.

Our function is created now but to run it we need to add some trigger to it.

6. Scroll to the top and select API Gateway from the left panel. You will see a form coming up at the bottom. Select Create a new API in the API field and Open in the Security field. By open we mean that anyone will be able to access this API with the generated URL.

Once done, click on Add button and then click on the Save button at the right top of the page to save your function.

Your API has been created and will be accessible through the given link. If you click on the link it will open a new tab where you will see “Hello from Lambda!”.

Try changing this text to something else, save your function and reload the API page. You will see the updated text.

Congratulations! You have created your first lambda function and API using API Gateway.

I will be writing more articles on lambda and serverless so stay tuned!

Thanks for reading this article. If you liked it, please give a few claps so it reaches more people who would love it!

What is AWS Lambda and Serverless? was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

If you are new to AWS and looking to deploy some servers for your applications, then AWS Lightsail may be the best starting point for you.

Unlike Amazon EC2, you are given a nice interface where you can select preconfigured plans that may cover most of your use cases.

Just with 3–4 clicks you can launch a WordPress website running on Linux server.

You also don’t have to worry about determining the cost since the cost is fixed monthly.

Along with servers, you can also create databases, load balancers, and storage on Lightsail.

Now let’s get practical and quickly launch a Node server with Lightsail!

Launching an Instance

1. First, log into your AWS console and in the All Services tab under Compute you will find Lightsail. Click on it, it will open the Lightsail dashboard in a new tab.

2. Now you can select the region in which you want to create your instance (server). Normally, the closer your instance is to your users, the lower is the latency and faster is the connection. Here, I have selected the Mumbai region since its closest to my location.

3. Next step is to select the instance image (OS and application). For the Linux platform, you can either select only OS where you have the option to choose from Ubuntu, OpenSUSE, CentOS or Amazon Linux.

Or you can select an application along with OS. When you select an application, AWS automatically installs all the necessary packages and files needed to work with that application so you don’t have to install them yourself.

For Windows Server, currently, the only available app is SQL server.

For the Apps, I will be selecting Node.js here, you can select anything else if you like.

4. In the optional section above you can add a launch script, this is a shell script that will run on the instance the first time it launches. If you have deployed an EC2 instance in the past then you may recall that it resembles with the User data there.

You can use this script to do some configuration on the instance.

By default, Lightsail uses a default ssh key pair for your Linux instances. You can use this ssh key to connect to your instance using SSH via command line.

Now, its time to choose an instance plan. You can see the different fixed price available plans. If you are trying for the first time then you can use the first plan worth $3.5 free for one month.

5. You can give your instance a unique name if you would like.

You can also give tags to your instances to easily filter them or organize them for billings and analysis purposes.

Now click on Create Instance button to create your first Lightsail instance!

Within a few minutes, your server will be deployed and you will see something like above. Click on it to view additional details.

You can see that the status is running and just below it you can see the Public IP of the instance. If you paste it in the address bar of your browser it will show you a similar page like below.

Now you can SSH into your instance and deploy your code.

Don’t forget to terminate your instance if you are not using it anymore. You can terminate the instance by going to the Delete tab in the above screenshot.

If you want to learn how to SSH into your instance and upload your code, you can check out the following article Deploying a Node App on Amazon EC2.

If you have any questions, please comment below.

Thanks for reading this article. If you liked it, please give a few claps so it reaches more people who would love it!

What is Amazon Lightsail? was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.

Losing the keys of your EC2 instance is totally possible. Maybe you deleted them by mistake or somebody else did it. Or you ran an automated script to clean up the mess and it accidentally deleted it.

But don’t worry, you have not lost your data. If you are using EBS (Elastic Block Storage) volumes, you can easily recover your data by creating an AMI (Amazon Machine Image) of your EC2 instance.

When you create an image of an EC2 instance, a snapshot of the attached root volume is also created.

Creating an AMI of your Instance

We can create an image of the EC2 instance and launch that image using the new key pair.

So, log into your AWS console and navigate to EC2.

1. Select your Instance, click Actions drop-down at the top, hover over Image and click Create Image.

2. Give a name and description to your image. You can see a No reboot checkbox. If you select this, an image of your instance will be created without restarting it.

This is not recommended since the EBS volume is in the read/write state when an instance is running. But if you have a critical application running on it, select it. Once done, click on the Create Image button.

3. It may take a few minutes to create an image based on the instance type and size of the EBS volume. You can look at the status of your image and snapshot by navigating to the AMIs and Snapshot in the left sidebar.

When the status of your AMI turns available, select your AMI and click on Launch.

4. Now you can follow the process of launching an EC2 instance and specify a new key pair to launch a new instance with all your preserved data!

If you want to learn and understand how to launch an EC2 instance, check out my article on Launching an Amazon EC2 instance.

Deleting your AMI

Once you are done launching your new instance you can delete your AMI by selecting it and choosing Deregister from the Actions drop-down.

Deleting an AMI does not delete the EBS snapshot created during the creation of the AMI. You will have to manually delete it by navigating to Snapshots in the left sidebar and selecting Delete from the Actions drop-down.

I hope you got something better out of this article. If you have any queries or suggestions, please comment.

Thanks for reading this article. If you liked it, please give a few claps so it reaches more people who would love it!