The "AWS E-commerce Workshop" is a hands-on lab focused on building a scalable cloud infrastructure for an e-commerce application using AWS. The primary objective is to learn how to create and manage key components such as a Virtual Private Cloud (VPC), subnets, Internet Gateways, EC2 instances, security groups, and S3 storage configuration. This project enables participants to gain essential skills for designing secure, efficient, and optimized cloud architectures for web applications, providing a solid foundation for implementing real-world e-commerce solutions.
In this lab, we'll create the network infrastructure for your e-commerce application, including a VPC, subnet, and Internet Gateway in the Frankfurt region.
- Create VPC
- Navigate to VPC Dashboard in AWS Console
- Click "Create VPC"
- Enter CIDR block 10.0.0.0/16
- Enable DNS hostnames
- Add tag: Name=ecommerce-vpc
# Create VPC
aws ec2 create-vpc \
--cidr-block 10.0.0.0/16 \
--tag-specifications 'ResourceType=vpc,Tags=[{Key=Name,Value=ecommerce-vpc}]' \
--instance-tenancy default \
--enable-dns-hostnames
# Store VPC ID
VPC_ID=$(aws ec2 describe-vpcs \
--filters Name=tag:Name,Values=ecommerce-vpc \
--query 'Vpcs[0].VpcId' \
--output text)Validation:
- Check VPC creation in console
- Verify CIDR block is 10.0.0.0/16
- Confirm DNS hostnames enabled
aws ec2 describe-vpcs --vpc-ids $VPC_ID- Create Private Subnet
- Within your VPC, create new subnet
- Use CIDR block 10.0.0.0/26
- Select Frankfurt (eu-central-1a)
- Tag: Name=ecommerce-private-subnet
# Create subnet
aws ec2 create-subnet \
--vpc-id $VPC_ID \
--cidr-block 10.0.0.0/26 \
--availability-zone eu-central-1a \
--tag-specifications 'ResourceType=subnet,Tags=[{Key=Name,Value=ecommerce-private-subnet}]'
# Store subnet ID
SUBNET_ID=$(aws ec2 describe-subnets \
--filters Name=tag:Name,Values=ecommerce-private-subnet \
--query 'Subnets[0].SubnetId' \
--output text)Validation:
- Verify subnet creation
- Check CIDR range
- Confirm AZ assignment
aws ec2 describe-subnets --subnet-ids $SUBNET_ID- Create and Attach Internet Gateway
- Create new Internet Gateway
- Attach to your VPC
- Tag: Name=ecommerce-igw
# Create Internet Gateway
aws ec2 create-internet-gateway \
--tag-specifications 'ResourceType=internet-gateway,Tags=[{Key=Name,Value=ecommerce-igw}]'
# Store IGW ID
IGW_ID=$(aws ec2 describe-internet-gateways \
--filters Name=tag:Name,Values=ecommerce-igw \
--query 'InternetGateways[0].InternetGatewayId' \
--output text)
# Attach to VPC
aws ec2 attach-internet-gateway \
--vpc-id $VPC_ID \
--internet-gateway-id $IGW_IDValidation:
- Check IGW creation
- Verify VPC attachment
aws ec2 describe-internet-gateways --internet-gateway-ids $IGW_IDConfigure security groups and network access controls for your e-commerce infrastructure.
- Create Security Group
- Navigate to EC2 Dashboard > Security Groups
- Create in your VPC
- Name: ecommerce-sg
- Description: E-commerce security rules
# Create security group
aws ec2 create-security-group \
--group-name ecommerce-sg \
--description "E-commerce security group" \
--vpc-id $VPC_ID
# Store security group ID
SG_ID=$(aws ec2 describe-security-groups \
--filters Name=group-name,Values=ecommerce-sg \
--query 'SecurityGroups[0].GroupId' \
--output text)Validation:
- Verify security group creation
- Check VPC association
aws ec2 describe-security-groups --group-ids $SG_ID- Configure Security Rules
- Add inbound rules for HTTP and SSH
- Configure outbound rules
# Add inbound rules
aws ec2 authorize-security-group-ingress \
--group-id $SG_ID \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress \
--group-id $SG_ID \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0Validation:
- Verify inbound rules
- Check port configurations
aws ec2 describe-security-group-rules \
--filters Name=group-id,Values=$SG_IDDeploy and configure the EC2 instance that will host your e-commerce application.
- Launch EC2 Instance
- Choose Amazon Linux 2 AMI
- Select t2.micro instance type
- Place in private subnet
- Attach security group
# Create key pair for SSH access
aws ec2 create-key-pair \
--key-name ecommerce-key \
--query 'KeyMaterial' \
--output text > ecommerce-key.pem
chmod 400 ecommerce-key.pem
# Launch EC2 instance
aws ec2 run-instances \
--image-id ami-0a261c0e5f51090b1 \
--instance-type t2.micro \
--subnet-id $SUBNET_ID \
--security-group-ids $SG_ID \
--key-name ecommerce-key \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=ecommerce-server}]'
# Store instance ID
INSTANCE_ID=$(aws ec2 describe-instances \
--filters "Name=tag:Name,Values=ecommerce-server" \
--query 'Reservations[0].Instances[0].InstanceId' \
--output text)Validation:
- Verify instance running status
- Check instance tags
aws ec2 describe-instances --instance-ids $INSTANCE_ID- Configure Elastic IP
- Allocate new Elastic IP
- Associate with EC2 instance
# Allocate Elastic IP
aws ec2 allocate-address \
--domain vpc
# Store Elastic IP allocation ID
EIP_ID=$(aws ec2 describe-addresses \
--query 'Addresses[-1].AllocationId' \
--output text)
# Associate with instance
aws ec2 associate-address \
--instance-id $INSTANCE_ID \
--allocation-id $EIP_IDValidation:
- Check Elastic IP association
- Test SSH connectivity
aws ec2 describe-addresses --allocation-ids $EIP_ID
# Get public IP
PUBLIC_IP=$(aws ec2 describe-addresses \
--allocation-ids $EIP_ID \
--query 'Addresses[0].PublicIp' \
--output text)
# Test SSH connection
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IPSet up S3 storage for your website files and configure necessary permissions.
- Create S3 Bucket
- Choose unique bucket name
- Select Frankfurt region
- Configure basic settings
# Create S3 bucket
aws s3api create-bucket \
--bucket your-ecommerce-bucket-name \
--region eu-central-1 \
--create-bucket-configuration LocationConstraint=eu-central-1
# Enable versioning
aws s3api put-bucket-versioning \
--bucket your-ecommerce-bucket-name \
--versioning-configuration Status=EnabledValidation:
- Verify bucket creation
- Check region setting
aws s3api get-bucket-location --bucket your-ecommerce-bucket-name
aws s3api get-bucket-versioning --bucket your-ecommerce-bucket-name- Configure IAM Role
- Create role for EC2
- Attach S3 access policy
# Create IAM role
cat << EOF > trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
aws iam create-role \
--role-name ecommerce-ec2-role \
--assume-role-policy-document file://trust-policy.json
# Create S3 access policy
cat << EOF > s3-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::your-ecommerce-bucket-name",
"arn:aws:s3:::your-ecommerce-bucket-name/*"
]
}
]
}
EOF
aws iam put-role-policy \
--role-name ecommerce-ec2-role \
--policy-name S3Access \
--policy-document file://s3-policy.jsonValidation:
- Check role creation
- Verify policy attachment
aws iam get-role --role-name ecommerce-ec2-role
aws iam get-role-policy --role-name ecommerce-ec2-role --policy-name S3AccessDeploy the e-commerce website to your EC2 instance and configure the web server.
- Configure Web Server
- Install Apache and PHP
- Set up virtual host
- Configure permissions
# Connect to instance and run setup
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP << 'EOF'
# Update system
sudo yum update -y
# Install Apache and PHP
sudo yum install -y httpd php
# Start and enable Apache
sudo systemctl start httpd
sudo systemctl enable httpd
# Set permissions
sudo usermod -a -G apache ec2-user
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www
find /var/www -type d -exec sudo chmod 2775 {} \;
find /var/www -type f -exec sudo chmod 0664 {} \;
EOFValidation:
- Check Apache status
- Verify PHP installation
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP 'sudo systemctl status httpd'- Deploy Website Files
- Upload files to S3
- Download to EC2
- Configure website
# Upload website files to S3
aws s3 cp ./website-files s3://your-ecommerce-bucket-name/ --recursive
# Download and deploy on EC2
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP << 'EOF'
aws s3 cp s3://your-ecommerce-bucket-name/ /var/www/html/ --recursive
sudo systemctl restart httpd
EOFValidation:
- Test website access
- Check error logs
# Check website accessibility
curl -I http://$PUBLIC_IP
# Check error logs
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP 'sudo tail /var/log/httpd/error_log'Perform comprehensive testing of the entire setup.
- Network Connectivity
# Test VPC connectivity
aws ec2 describe-vpc-attribute \
--vpc-id $VPC_ID \
--attribute enableDnsHostnames
# Test subnet routing
aws ec2 describe-route-tables \
--filters "Name=vpc-id,Values=$VPC_ID"- Security Configuration
# Verify security group rules
aws ec2 describe-security-group-rules \
--filters Name=group-id,Values=$SG_ID
# Check instance security groups
aws ec2 describe-instance-attribute \
--instance-id $INSTANCE_ID \
--attribute groupSet- Website Functionality
# Check HTTP response
curl -I http://$PUBLIC_IP
# Test PHP functionality
echo "<?php phpinfo(); ?>" | ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP \
'cat > /var/www/html/info.php'
curl http://$PUBLIC_IP/info.php- Cannot Connect to EC2
- Check security group rules
- Verify Elastic IP association
- Confirm key pair permissions
aws ec2 describe-instance-attribute \
--instance-id $INSTANCE_ID \
--attribute groupSet- Website Not Accessible
- Check Apache status
- Verify file permissions
- Review error logs
ssh -i "ecommerce-key.pem" ec2-user@$PUBLIC_IP << 'EOF'
sudo systemctl status httpd
ls -la /var/www/html
sudo tail /var/log/httpd/error_log
EOF- S3 Access Issues
- Check IAM role
- Verify bucket policy
- Test S3 connectivity
aws iam simulate-principal-policy \
--policy-source-arn arn:aws:iam::ACCOUNT_ID:role/ecommerce-ec2-role \
--action-names s3:GetObject \
--resource-arns arn:aws:s3:::your-ecommerce-bucket-name/*Remove all created resources to avoid unwanted charges.
# Delete EC2 instance
aws ec2 terminate-instances --instance-ids $INSTANCE_ID
# Release Elastic IP
aws ec2 release-address --allocation-id $EIP_ID
# Delete security group
aws ec2 delete-security-group --group-id $SG_ID
# Detach and delete Internet Gateway
aws ec2 detach-internet-gateway \
--internet-gateway-id $IGW_ID \
--vpc-id $VPC_ID
aws ec2 delete-internet-gateway --internet-gateway-id $IGW_ID
# Delete subnet and VPC
aws ec2 delete-subnet --subnet-id $SUBNET_ID
aws ec2 delete-vpc --vpc-id $VPC_IDValidation:
- Verify all resources deleted
- Check AWS Console for remaining resources
aws ec2 describe-vpcs --vpc-ids $VPC_ID
aws ec2 describe-subnets --subnet-ids $SUBNET_ID
aws ec2 describe-internet-gateways --internet-gateway-ids $IGW_ID
aws ec2 describe-security-groups --group-ids $SG_ID