diff --git a/LICENSE b/LICENSE index af3f76b..d4c2afd 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2017 Benjamin Piper (https://benpiper.com) +Copyright (c) 2021 Benjamin Piper (https://benpiper.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 35e4ec7..34dfb97 100644 --- a/README.md +++ b/README.md @@ -10,13 +10,13 @@ If you don't already have the AWS PowerShell SDK installed, [install-awspowershe ``` I recommend using [Visual Studio Code with the PowerShell extension](https://benpiper.com/2017/08/visual-studio-code-as-a-powershell-integrated-scripting-environment/). It works on Linux, Mac, and Windows! -#### AWS Networking Deep Dive: Virtual Private Cloud (VPC) lab setup +#### Virtual Private Cloud (VPC) lab setup Refer to [vpc/lab-setup.md](vpc/lab-setup.md) for the lab setup for this course. -#### AWS Networking Deep Dive: Elastic Load Balancing (ELB) lab setup +#### Elastic Load Balancing (ELB) lab setup Refer to [elb/lab-setup.md](elb/lab-setup.md) for the lab setup for this course. -#### AWS Networking Deep Dive: Route 53 DNS lab setup +#### Route 53 DNS] lab setup Refer to [route53/lab-setup.md](route53/lab-setup.md) for the lab setup for this course. *Baked with love for PowerShell Core!* diff --git a/elb/README.md b/elb/README.md index 83ee50f..650bf9d 100644 --- a/elb/README.md +++ b/elb/README.md @@ -1 +1,4 @@ -[lab-setup.ps1](lab-setup.ps1) - Refer to lab-setup.md for instructions \ No newline at end of file + +Course link: [AWS Networking Deep Dive: Elastic Load Balancing (ELB)](https://pluralsight.pxf.io/6bXjBK) + +[lab-setup.ps1](lab-setup.ps1) - Refer to lab-setup.md for instructions diff --git a/elb/lab-setup.md b/elb/lab-setup.md index ebbe113..d4bd8c9 100644 --- a/elb/lab-setup.md +++ b/elb/lab-setup.md @@ -1,4 +1,59 @@ + +## Automated lab setup 1. You will need the AWS PowerShell SDK installed and loaded. Run [install-awspowershell.ps1](/install-awspowershell.ps1) to take care of this, or do it manually. 2. Edit the file [_credentials.ps1](_credentials.ps1), replace the AWS secret key and access key with your own, and save the file as credentials.ps1 -3. Edit [lab-setup.ps1](lab-setup.ps1) and modify the AWS region (default is us-east-1) and your public IP address accordingly. +3. Edit [lab-setup.ps1](lab-setup.ps1) and modify the AWS region (default is us-east-1), SSH keypair name, and your public IP address accordingly. 4. Run [. ./lab-setup.ps1](lab-setup.ps1) + +## Manual lab setup + +VPC: webapp-vpc 172.31.0.0/16 + +Subnets: +web-1a 172.31.1.0/24 +web-1b 172.31.2.0/24 +App-1a 172.31.101.0/24 +App-1b 172.31.102.0/24 + +Internet gateway: webapp-igw + +Route tables: +webapp-rt (associate with all subnets): +Default IPv4 (0.0.0.0/0) and IPv6 (::0/0) routes with internet gateway as target + +Security groups: +web-sg: +Inbound tcp/80,443 from 0.0.0.0/0 +Inbound tcp/81 from 172.31.0.0/16 +Inbound tcp/22 (SSH) from your IP + +app-sg: +Inbound tcp/8080,8443 from 172.31.0.0/16 +Inbound tcp/22 (SSH) from your IP + +db-sg: +Inbound tcp/3306 (MySQL) from 172.31.101.0/24,172.31.102.0/24 +Inbound tcp/22 (SSH) from your IP + +Instances: +All instances use the AMI named "aws-elasticbeanstalk-amzn-2017.03.1.x86_64-ecs-hvm-201709251832" (AMI ID ami-c710e7bd in N. Virginia region) +Auto-assign all instances a public IP + +Web tier: +Assign the web-sg security group to all +Name, subnet, IP +Web1, web-1a, 172.31.1.21 +Web2, web-1b, 172.31.2.22 +Web3, web-1b, 172.31.2.23 + +App tier: +Assign the app-sg security group to all +Name, subnet, IP +App1, app-1a, 172.31.101.21 +App2, app-1b, 172.31.102.22 +App3, app-1b, 172.31.102.23 + +Database tier: +Assign the db-sg security group +Name, subnet, IP +db, app-1a, 172.31.101.99 diff --git a/elb/lab-setup.ps1 b/elb/lab-setup.ps1 index dcaebd9..8c04acc 100644 --- a/elb/lab-setup.ps1 +++ b/elb/lab-setup.ps1 @@ -10,9 +10,9 @@ $AWSProfileName="aws-networking-deep-dive-elb" $AWSRegion = "us-east-1" # Set your IP subnet for SSH access -$myIP = "24.96.154.171/32" +$myIP = "24.96.0.0/16" # Set the AMI image (change this if you change the region) -$ami = "ami-c710e7bd" # aws-elasticbeanstalk-amzn-2017.03.1.x86_64-ecs-hvm-201709251832 +$ami = "ami-00d1bccc04cb4ae98" # aws-elasticbeanstalk-amz\n-2018.03.0.x86_64-ecs-hvm-202103271420 # Set the name of your SSH keypair $keyname = "ccnetkeypair" @@ -64,16 +64,19 @@ $appsg = New-EC2SecurityGroup -VpcId $vpc.VpcId -GroupName "app-sg" -GroupDescri $dbsg = New-EC2SecurityGroup -VpcId $vpc.VpcId -GroupName "db-sg" -GroupDescription "db-sg" #Create IPpermissions for public http and https + $httpip = new-object Amazon.EC2.Model.IpPermission $httpip.IpProtocol = "tcp" $httpip.FromPort = 80 $httpip.ToPort = 80 +$httpip.IpRanges.Add("::0/0") $httpip.IpRanges.Add("0.0.0.0/0") $httpsip = new-object Amazon.EC2.Model.IpPermission $httpsip.IpProtocol = "tcp" $httpsip.FromPort = 443 $httpsip.ToPort = 443 +$httpsip.IpRanges.Add("::0/0") $httpsip.IpRanges.Add("0.0.0.0/0") $sship = new-object Amazon.EC2.Model.IpPermission @@ -96,6 +99,8 @@ $appip.FromPort = 8080 $appip.ToPort = 8080 $appip.IpRanges.Add("172.31.1.0/24") $appip.IpRanges.Add("172.31.2.0/24") +$appip.IpRanges.Add("172.31.101.0/24") +$appip.IpRanges.Add("172.31.102.0/24") $appsip = new-object Amazon.EC2.Model.IpPermission $appsip.IpProtocol = "tcp" @@ -103,6 +108,8 @@ $appsip.FromPort = 8443 $appsip.ToPort = 8443 $appsip.IpRanges.Add("172.31.1.0/24") $appsip.IpRanges.Add("172.31.2.0/24") +$appsip.IpRanges.Add("172.31.101.0/24") +$appsip.IpRanges.Add("172.31.102.0/24") #Create IPpermissions for DB tier $dbip = new-object Amazon.EC2.Model.IpPermission @@ -117,7 +124,7 @@ Grant-EC2SecurityGroupIngress -GroupId $appsg -IpPermissions @( $appip, $appsip, Grant-EC2SecurityGroupIngress -GroupId $dbsg -IpPermissions @( $dbip, $sship ) # Create web instances -$itype = "t2.nano" +$itype = "t3.micro" $web1 = New-EC2Instance -ImageId $ami -KeyName $keyname -InstanceType $itype -SubnetId $web1a.SubnetId -SecurityGroupId $websg -AssociatePublicIp $true -PrivateIpAddress "172.31.1.21" $web2 = New-EC2Instance -ImageId $ami -KeyName $keyname -InstanceType $itype -SubnetId $web1b.SubnetId -SecurityGroupId $websg -AssociatePublicIp $true -PrivateIpAddress "172.31.2.22" @@ -139,3 +146,8 @@ New-NameTag -name "app3" -resourceID $app3.Instances.InstanceId # Create db instance $db = New-EC2Instance -ImageId $ami -KeyName $keyname -InstanceType $itype -SubnetId $app1a.SubnetId -SecurityGroupId $dbsg -AssociatePublicIp $true -PrivateIpAddress "172.31.101.99" New-NameTag -name "db" -resourceID $db.Instances.InstanceId + +Start-Sleep 3 + +# View instances +(Get-EC2Instance -Filter $filter_reservation).Instances \ No newline at end of file diff --git a/elb/toggle-ipv6.ps1 b/elb/toggle-ipv6.ps1 new file mode 100644 index 0000000..a495ef7 --- /dev/null +++ b/elb/toggle-ipv6.ps1 @@ -0,0 +1,7 @@ +# Disable IPv6 + +Disable-NetAdapterBinding -Name * -ComponentID ms_tcpip6 + +# Enable IPv6 + +Enable-NetAdapterBinding -Name * -ComponentID ms_tcpip6 \ No newline at end of file diff --git a/install-awspowershell.ps1 b/install-awspowershell.ps1 index 826b376..d19a1cd 100644 --- a/install-awspowershell.ps1 +++ b/install-awspowershell.ps1 @@ -1,27 +1,10 @@ - Write-Host "You are using PowerShell $PSEdition!" - - # Test PoSh version (core vs full) and respond accordingly - if ($PSEdition -eq "Core") { - #PoSh Core (probably Linux but maybe bleeding edge Windows user) + if (!(Get-Module AWSPowerShell.NetCore)) { Write-Host "Installing AWSPowerShell.NetCore..." - Install-Module AWSPowerShell.NetCore -Scope CurrentUser -Force + Install-Module -name AWSPowerShell.NetCore -Scope CurrentUser -Force -AllowClobber } Write-Host "Importing module..." Import-Module AWSPowerShell.NetCore -Force - # If using PoSh Core on windows, add: Install-Module AWSPowerShell -SkipPublisherCheck - } elseif ($PSEdition -eq "Desktop") - { - #PoSh Windows - if ((Get-Module AWSPowerShell) -notlike "AWSPowerShell" ) { - Write-Host "Installing AWSPowerShell..." - Install-Module AWSPowerShell -Scope CurrentUser -Force - } - Write-Host "Importing module..." - Import-Module AWSPowerShell -Force - } - - #NB: Do not install Core module in regular Windows PowerShell! It's not the same thing and won't work. - + Get-AWSPowerShellVersion \ No newline at end of file diff --git a/route53/README.md b/route53/README.md index eb95937..5412268 100644 --- a/route53/README.md +++ b/route53/README.md @@ -1,3 +1,9 @@ +Course link: [AWS Networking Deep Dive: Route 53 DNS](https://pluralsight.pxf.io/n1jM96) + ## Lab setup -[lab-setup.ps1](lab-setup.ps1) - View [lab-setup.md](lab-setup.md) for instructions \ No newline at end of file +[lab-setup.ps1](lab-setup.ps1) - View [lab-setup.md](lab-setup.md) for instructions + +### Terraform (Optional) + +Emmanuel Ojeah has created Terraform templates for the course. You can find them at https://github.com/EOjeah/route53-ps diff --git a/route53/dnstest.ps1 b/route53/dnstest.ps1 index 5ec8f4a..686eba0 100644 --- a/route53/dnstest.ps1 +++ b/route53/dnstest.ps1 @@ -40,6 +40,7 @@ function Iterate-NSLookup { $responses.Add($ip,1) Write-Host Resolved unique IP: $ip } + Write-Progress -Activity "Resolving $hostname" -Status $ip -PercentComplete (($stepcounter++ / $iterations) * 100) Start-Sleep -seconds $sleeptime } @@ -54,6 +55,7 @@ function Iterate-NSLookup { return $recordlist } +$stepCounter = 0 $records = Iterate-NSLookup -hostname $hostname -nameserver $nameserver -iterations $iterations -sleeptime $sleeptime $records | Format-Table -Property ip,count,percent Write-Host $records.count "unique responses" for $hostname \ No newline at end of file diff --git a/route53/get-instance-eip.ps1 b/route53/get-instance-eip.ps1 index 3071575..954344f 100644 --- a/route53/get-instance-eip.ps1 +++ b/route53/get-instance-eip.ps1 @@ -1,10 +1,15 @@ #Import AWS credentials . ./credentials.ps1 -Set-AWSCredential -AccessKey $AWSAccessKey -SecretKey $AWSSecretKey +$AWSProfileName="aws-networking-deep-dive-route-53-dns" + +# Load the credentials for this session +Set-AWSCredential -ProfileName $AWSProfileName + +# To avoid errors, specify only the regions you're using. +$regions = @("us-east-1","us-west-1") +#$regions = @((Get-AWSRegion).Region) -#$regions = @("us-east-1","us-west-1") -$regions = @((Get-AWSRegion).Region) $urlprefix = "http://" $instances = @() diff --git a/route53/lab-cleanup.ps1 b/route53/lab-cleanup.ps1 index 5edc5da..ad59dfd 100644 --- a/route53/lab-cleanup.ps1 +++ b/route53/lab-cleanup.ps1 @@ -1,3 +1,5 @@ +Write-Warning "This will destroy AWS resources." -WarningAction Inquire + $cidr = "172.9.0.0/16" $region = "us-west-1" @@ -7,9 +9,28 @@ $instances = Get-EC2Instance foreach ($instance in $instances) { Remove-EC2Instance $instances.Instances.InstanceId -Force } Write-Host Proceed when instances are terminated pause +# Remove network interfaces +# Remove VPCs +$vpcs = Get-EC2Vpc -Region $region -Filter @( @{Name="cidr";Values=$cidr}) +foreach ($vpc in $vpcs) { Remove-EC2Vpc -VpcId $vpc.VpcId -Force } +# Remove resource record sets +# Remove zones +# Remove reusable delegation sets + + +$cidr = "172.3.0.0/16" +$region = "us-east-1" + +Set-DefaultAWSRegion $region +# Remove instances +$instances = Get-EC2Instance +foreach ($instance in $instances) { Remove-EC2Instance $instances.Instances.InstanceId -Force } +Write-Host Proceed when instances are terminated +pause +# Remove network interfaces # Remove VPCs -$vpc = Get-EC2Vpc -Region $region -Filter @( @{name="cidr";value=$cidr}) -Remove-EC2Vpc -VpcId $vpc.VpcId -Force +$vpcs = Get-EC2Vpc -Region $region -Filter @( @{Name="cidr";Values=$cidr}) +foreach ($vpc in $vpcs) { Remove-EC2Vpc -VpcId $vpc.VpcId -Force } # Remove resource record sets # Remove zones -# Remove reusable delegation sets \ No newline at end of file +# Remove reusable delegation sets diff --git a/route53/lab-setup.md b/route53/lab-setup.md index ce2d43c..ae291b9 100644 --- a/route53/lab-setup.md +++ b/route53/lab-setup.md @@ -1,3 +1,4 @@ + 1. You will need the AWS PowerShell SDK installed and loaded. Run [install-awspowershell.ps1](/install-awspowershell.ps1) as root/administrator to take care of this, or do it manually. 2. Edit the file [_credentials.ps1](_credentials.ps1), replace the AWS secret key and access key with your own, and save the file as credentials.ps1 3. Edit [lab-setup.ps1](lab-setup.ps1) and customize the variables for your preferred AWS regions, AMI IDs, IP range, keypair names, and instance type. diff --git a/route53/lab-setup.ps1 b/route53/lab-setup.ps1 index 205652e..eaffec4 100644 --- a/route53/lab-setup.ps1 +++ b/route53/lab-setup.ps1 @@ -6,18 +6,27 @@ #Import AWS credentials . ./credentials.ps1 +# Set AWS credentials +$AWSProfileName="aws-networking-deep-dive-route-53-dns" + +# Set AWS credentials and store them +Set-AWSCredential -AccessKey $AWSAccessKey -SecretKey $AWSSecretKey -StoreAs $AWSProfileName + +# Load the credentials for this session +Set-AWSCredential -ProfileName $AWSProfileName + # Set region-specific settings $AWSRegionA = "us-east-1" -$amiRegionA = "ami-48351d32" #aws-elasticbeanstalk-amzn-2017.09.1.x86_64-ecs-hvm-201801192255 +$amiRegionA = "ami-00d1bccc04cb4ae98" #aws-elasticbeanstalk-amzn-2018.03.0.x86_64-ecs-hvm-202103271420 $AWSRegionB = "us-west-1" -$amiRegionB = "ami-f7383a97" #aws-elasticbeanstalk-amzn-2017.09.1.x86_64-ecs-hvm-201801180451 +$amiRegionB = "ami-04ee69ce5f61ff15e" #aws-elasticbeanstalk-amzn-2018.03.0.x86_64-ecs-hvm-202104170041 # Search for AMIs by name -$amiName = "aws-elasticbeanstalk-amzn-2017.09.1.x86_64-ecs-hvm-2018011*" -Get-EC2ImageByName -Region "EU-west-2" -Name $amiName | ft -Property Name,ImageId +$amiName = "amzn2-ami-hvm-x86_64-ebs" +Get-SSMLatestEC2Image -Region "EU-west-2" -Path ami-amazon-linux-latest -ImageName $amiName | ft -Property Name,ImageId # Set your IP subnet for SSH access -$myIP = "24.96.154.168/29" +$myIP = "24.96.0.0/16" # Set the name of your SSH keypair $regionAKeyname = "ccnetkeypair" @@ -28,16 +37,7 @@ Get-EC2KeyPair -Region "us-east-1" Get-EC2KeyPair -Region "us-west-1" # Set instance type -$itype = "t2.nano" - -# Set AWS credentials -$AWSProfileName="aws-networking-deep-dive-route-53-dns" - -# Set AWS credentials and store them -Set-AWSCredential -AccessKey $AWSAccessKey -SecretKey $AWSSecretKey -StoreAs $AWSProfileName - -# Load the credentials for this session -Set-AWSCredential -ProfileName $AWSProfileName +$itype = "t3.micro" ### ### Region A setup @@ -211,6 +211,7 @@ Set-AWSCredential -ProfileName $AWSProfileName $sship.IpProtocol = "tcp" $sship.FromPort = 22 $sship.ToPort = 22 + $sship.IpRanges.Add("172.3.0.0/16") $sship.IpRanges.Add($myIP) Grant-EC2SecurityGroupIngress -GroupId $sg -IpPermissions @( $httpip, $httpsip, $sship ) diff --git a/route53/reusable-delegation-set.ps1 b/route53/reusable-delegation-set.ps1 index efe7eeb..f5f0180 100644 --- a/route53/reusable-delegation-set.ps1 +++ b/route53/reusable-delegation-set.ps1 @@ -28,4 +28,6 @@ $firstns nslookup -type=any $zonename $firstns # View nameservers only -$zone.DelegationSet.NameServers \ No newline at end of file +$zone.DelegationSet.NameServers + +# Remove-R53ReusableDelegationSet -Id $dsid \ No newline at end of file diff --git a/route53/s3/index.html b/route53/s3/index.html index 426ff77..4d47f54 100644 --- a/route53/s3/index.html +++ b/route53/s3/index.html @@ -11,5 +11,5 @@ -All servers are down. Please try again later. ☹ +All servers are down. Please try again later. :( \ No newline at end of file diff --git a/route53/test-connection.ps1 b/route53/test-connection.ps1 index 0fb32eb..735002f 100644 --- a/route53/test-connection.ps1 +++ b/route53/test-connection.ps1 @@ -1,10 +1,12 @@ # test-connection.ps1 -#Import AWS credentials -. ./credentials.ps1 - # Set AWS credentials and region $AWSRegion = "us-east-1" +$AWSProfileName="aws-networking-deep-dive-route-53-dns" + +# Load the credentials for this session +Set-AWSCredential -ProfileName $AWSProfileName + # Test functionality if ((Get-EC2Vpc -Region $AWSRegion).count -ge 1) { Write-Host -ForegroundColor yellow Connectivity to AWS established! } \ No newline at end of file diff --git a/vpc/README.md b/vpc/README.md index 83ee50f..d3626bb 100644 --- a/vpc/README.md +++ b/vpc/README.md @@ -1 +1,3 @@ -[lab-setup.ps1](lab-setup.ps1) - Refer to lab-setup.md for instructions \ No newline at end of file +Course link: [AWS Networking Deep Dive: VPC](https://pluralsight.pxf.io/c/1191775/424552/7490?subId1=github&u=https%3A%2F%2Fwww.pluralsight.com%2Fcourses%2Faws-networking-deep-dive-vpc) + +[lab-setup.ps1](lab-setup.ps1) - Refer to lab-setup.md for instructions diff --git a/vpc/lab-setup.md b/vpc/lab-setup.md index b2fc35f..ff91744 100644 --- a/vpc/lab-setup.md +++ b/vpc/lab-setup.md @@ -1,3 +1,4 @@ + 1. You will need the AWS PowerShell SDK installed and loaded. Run [install-awspowershell.ps1](/install-awspowershell.ps1) to take care of this, or do it manually. 2. Edit the file [_credentials.ps1](_credentials.ps1), replace the AWS secret key and access key with your own, and save the file as credentials.ps1 3. Edit [lab-setup.ps1](lab-setup.ps1) and modify the AWS region accordingly (default is us-east-1) diff --git a/vpc/lab-setup.ps1 b/vpc/lab-setup.ps1 index 53fb68b..92fbe96 100644 --- a/vpc/lab-setup.ps1 +++ b/vpc/lab-setup.ps1 @@ -3,8 +3,8 @@ #Import AWS credentials . ./credentials.ps1 #The credentials file should contain the following two variables: -# $AWSAccessKey="" # Your access key -# $AWSSecretKey="" # Your secret key +# $AWSAccessKey="AKIAYVP4CIPPKKEX3NUX" # Replace with your access key +# $AWSSecretKey="mpCNyY4qm3YvBH1f8WQjVQQ6j1Y7kiRkgvl4bbr+" # Replace with your secret key # Set AWS credentials and region $AWSProfileName="aws-networking-deep-dive-vpc" @@ -21,4 +21,4 @@ Set-DefaultAWSRegion -Region $AWSRegion Get-DefaultAWSRegion # Test functionality -if ((Get-EC2Vpc).count -ge 1) { Write-Host Connectivity to AWS established! } \ No newline at end of file +if ((Get-EC2Vpc).count -ge 1) { Write-Host Connectivity to AWS established! }