5.2.1. AWS Cloud Setting
Amazon Web Services (AWS) provide the biggest cloud environment. Many companies currently use this cloud. The process of shifting gears from local IT infrastructure to the cloud is growing.

Job seekers can see this in the growing number of job ads with AWS requirements.
This is a very important skill for most of start-ups and entrepreneurs.
AWS offers many different services. We will start with the simplest and cheapest EC2.
EC2 provides virtual disk space, memory and computing power of Windows and/or Linux. The Elastic Load Balancing service can distribute incoming traffic across multiple instances, can provide failover and install automatically new instances if configured.

With limited usage this service is free.

1. Create your AWS account and select EC2 in AWS Services.

2. Launch Instance - then check the Free Tier Only checkbox and select the Amazon Linux as your Amazon Machine Image (AMI) - Make sure that t2.micro - Free tier eligible was selected, then press the Review and Launch button.

5.2.aws1-2

Then, the instructions will invite you to EDIT SECURITY.
When selected, the screen will display the launch-wizard-# Security Group with the pre-selected radio-button Create a new security group.
Keep this selection.
In the existing security line the SSH port 22 is open for all users.
Our recommendation is to change Anywhere to MyIP selection there.
This will limit access to SSH port.
Note: if you need more than one IP address there, take a close look at the MyIP address.
You will find a.b.c.d/32. This slash 32, by the way, means a single IP in CIDR notation.
To have more than one address, change this /32 to /31 and add another address in that manner:
a.b.c.d/31,e.f.g.h/16

In the next line add another important port HTTP and allow port 80 be visible from anywhere.

This will allow you in the future to run Tomcat and have your own web site open to the world.
Add another line to open the port 8080 as Custom TCP.

*Note: There will be a small modification of one of the server files to really accomplish this mission. Keep reading...

Press the Review and Launch button.

Follow recommendations to generate SSH key pairs and save the file, for example, awskeypair.pem in c:\its-resources\aws.
Save a passphrase and keep a note, you will need it later to connect to the running instance.

The instance is running and waiting for your attention to serve you.
Take a note on the public IP address visible on the bottom-right. See steps 1 and 2 above.

The next step is to connect to this instance.
Unfortunately, current AWS instructions on doing so is not simple or clear and suggested tools are not very convenient.

Our recommendation is to use Bitvise SSH Client. Download and install it on your local machine.
This tool once connected provides both: console and FTP access simultaneously.
Follow the steps 3 - 7 illustrated below.

5.2.aws3-7

3) Start Bitvise SSH Client and click the User keypair manager or >b>Client keypair manager link.
4) This will open a Bitvise Keipair Management window. Click on the Import control, which opens a file browser.
5) Then select your keypair file, stored before, for example, awskeypair.pem
*Note: There is the Change Passphrase link in the Import Keypair window.
If you use this option (which I usually do) you provide any passphrase, for example, javaschool and Bitvise will check for the passphrase each time you try to login. If Bitvise forgets the passphrase in anothersession, you might need to re-import the keypair again.
6) This will finish import and come back to the main Bitvise SSH Client window.
Enter the IP address that was provided by AWS to your instance.
7) Enter the user name as ec2-user, the Initial method as publickey-slot1 and enter the passphrase.
Now use the Login control, which will send the request to the server, connect with the instance and open two windows: a black Console window on the left and an FTP window on the right.

5.2.aws8-14

8) Follow the recommendation to run update in the Console.
$sudo yum update

9) Then explore the directories on the server. Use the control in the middle-top of the FTP window (see the red arrow) to get to the root of all directories. Then explore the content of directories starting from home and usr.
10) The usr/share directory will be a good place to keep the Tomcat after you upload it to the server. Keep in mind that you can only upload files to your /home/ec2-user - directory. The FTP part cannot provide you more privileges.

But after the file is on the server, you can move it in the console. You will use sudo -i to gain necessary privileges, but be careful with that. Only do this when necessary.

11) The next step is to install Tomcat. Enter in the Console:
sudo yum install tomcat

optional, it can be entered more specific instruction:
sudo yum install tomcat80

Note: from this point we will use tomcat or tomcat8 name interchangeable as different environments will have different requirements for their instructions.

In both cases yum may pick up tomcat8 but this can be changed in the future...

AWS will do all magic and you can refresh /usr/share in the FTP window to find a new directory - tomcat8.

Then let us start the tomcat:
sudo service tomcat start

optional this might be changed to more precise instruction:
sudo service tomcat8 start

To check if tomcat is running successfully, enter

wget http://localhost:8080

Was it clear so far? Highlight the text in question Or

The wget command is a veruy convenient way mimicking a browser. This command will access local host on the port 8080 (default for Tomcat) with HTTP request. The wget command may or may not be present in your environment.

This command, if successful, will save the index.html file with the Tomcat output.

To view this page you can use another Unix command cat.
cat index.html

Of course, this should happen in the directory where index.html is saved.
To stop Tomcat type:
sudo service tomcat stop

or
sudo service tomcat8 stop

We can optionally run Tomcat on another port and for example have web pages visible on the port 80.
By default the port is defined as 8080. This can be easily reconfigure.
Do you still remember how to do this?
12) We need to change this setting in /usr/share/tomcat/conf/server.xml (or /usr/share/tomcat8/conf/server.xml);

But we cannot do this directly on the server via the FTP. We will copy this file our local machine, change it there and then copy back.

13) For this purpose we create the server folder on the local machine as it is illustrated in the image below.
I advise to create a mirror structure of directory under the server folder: server/tomcat8/conf.
Then copy the server.xml from the server to our local machine and modify the file there. You can do this with the same FTP by double-click on the file when it is on the local machine.

Find the line: Connector port="8080" and change the port number to "80". Then save and copy the file back to the server, to your /home/ec2-user - directory.

14) Come back to your Console window and check if file is there:
ls
Then get necessary privileges by typing:
sudo -i
Becoming root gives a lot of privileges and responsibilities. This also moves you to another folder. So you will need to change directory (cd) to /home/ec2-user and only then copy the file to /usr/share/tomcat/conf.

After copying the file it is better to type exit to give up the root privileges.

Here is the magic you need to do to really enable port 80.
You will need to tell tomcat that the TOMCAT_USER="root".

Add privileges by typing:

sudo -i

Then edit the tomcat profile:

vi /etc/init.d/tomcat (or vi /etc/init.d/tomcat8)

Find the line that defines TOMCAT_USER and edit this line:
TOMCAT_USER="root"

Then let us start the tomcat:
sudo service tomcat start
or
sudo service tomcat8 start

At this point your AWS server must be visible in a browser when you just type its IP address.

If this is not enough to make port 80 visible from outside, check and fix iptables settings.

[ec2-user@ip-172-31-42-229 ~]$ sudo -i
[root@ip-172-31-42-229 ~]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
------------------------------ This is usual output. ----- Check specific protocols (prot) ------
[root@ip-172-31-42-229 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
------------------------------------------------ Then open iptables for all traffic (Security Group still at work) ------
[root@ip-172-31-42-229 ~]# sudo iptables -P INPUT ACCEPT
[root@ip-172-31-42-229 ~]# sudo iptables -P FORWARD ACCEPT
[root@ip-172-31-42-229 ~]# sudo iptables -P OUTPUT ACCEPT

[root@ip-172-31-42-229 ~]# sudo iptables -t mangle -F
[root@ip-172-31-42-229 ~]# sudo iptables -F
[root@ip-172-31-42-229 ~]# sudo iptables -X
[root@ip-172-31-42-229 ~]#
----------------------------------------- This should fix port problems. -------------

Then, you can connect the server IP address with your domain name or several names, place your web pages in the webapps directory and make your web pages visible 24x7 running in a reliable AWS environment.

Of course, webapps is just a default place, but you can provide better places by properly configuring server.xml and web.xml files in tomcat8/conf - directory.

Assignments:
1. Create 4 QnAs and email as a file 5.2.1.QnA.Your.Name.txt to dean@ituniversity.us
2. Describe in an essay the difficulties you had in setting the environment and testing the results.
Provide screen shots with well visible details and email as MSWord 5.2.1.essay.Your.Name.doc to dean@ituniversity.us

This and other lessons are related to the book IT of the future: Big Data, Cognitive Computing and Semantic Cloud Architecture - http://ITofTheFuture.com