COSC2757 Assignment 2

Cloud Foundations

COSC2757/ Semester 1, 2024

Milestone 2 (Timed AWS cloud implementation)

Assessment
Type

To be attempted individually.

Submit online via Canvas→Assignments→Second Milestone

Marks are awarded for meeting requirements as closely as possible. Clarifications/updates may
be made via announcements/relevant discussion forums.

Due Date Week 12, Friday^31 May 2024, 5:00 pm AEST ( please note the time )
Marks 45

1. Overview ( you must read this first)

You are to attempt this assignment individually, no group work is allowed. You will use material and knowledge gained
from reading AWS Academy ‘Cloud Foundations’ course.

• You will need your AWS academy accounts for this milestone. Email invites to use this account were sent
  earlier in the semester. Please accept the invite and start using this account. If you have any account-related
  issue, please email Course Coordinator: Hai Dong (hai.dong@rmit.edu.au) at your earliest. Most of the time
  these queries will be directed to AWS and may take few days to resolve.

WeChat: cstutorcs

If you find a specification open to interpretation, post a query identifying the specification in the corresponding discussion
board for assignment 2. Software development and deployment in real life does not come with a definitive roadmap and
flowcharts complete with instructions. More often than not, it is the job of the developer/analyst to clarify requirements
from the client.

All of us have been affected by the unfortunate COVID-19 scenario and its aftermath. It is often hard to concentrate
and study online; but as a student enrolled in this course, it is your responsibility to regularly attend the online
session(s).

• Bring your questions to online facilitation sessions
• Watch the online recordings on a regular basis if you cannot attend the live sessions.
• Do NOT start the work on the assignment at the last minute.
• Do NOT ask for last minute extensions , these are often rejected. Extensions can only be granted for personal and
  medical reasons, provided you submit an extension form (link) as well as supply some evidence.

1. Learning Outcomes

This assessment relates to all of the learning outcomes of the course which are:

• CLO 1: Define and understand AWS and its components
• CLO 2: Create a virtual private cloud (VPC) and demonstrate Amazon Elastic Compute C loud (Amazon EC2)
• CLO 3: Comprehend AWS storage services
• CLO 4: Comprehend AWS database services
• CLO 5: Understand architectural principles, security and compliance issues in AWS Cloud

Go to the next page

1. Academic integrity and plagiarism (standard warning)

Academic integrity is about the honest presentation of your academic work. It means acknowledging the work of others while
developing your own insights, knowledge, and ideas. You should take extreme care that you have:

• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e. directly
  copied), summarised, paraphrased, discussed or mentioned in your assessment through the appropriate

referencing methods,

• Provided a reference list of the publication details so your reader can locate the source if necessary. This includes

material taken from Internet sites.

If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off
the work and ideas of another person without appropriate referencing, as if they were your own.

RMIT University treats plagiarism as a very serious offence constituting misconduct. Plagiarism covers a variety of
inappropriate behaviours, including:

• Contract cheating- paying/asking someone to do your work
• Failure to properly document a source involving none, insufficient or incorrect referencing
• Copyright material from the internet or databases
• Collusion between students

1. Extension and late submissions

• Email course coordinator: Hai Dong (hai.dong@rmit.edu.au) for any extension related queries.
• Do NOT ask for last minute extensions, these are often rejected. Extensions can only be granted for personal

and medical reasons, provided you can supply some evidence.

• According to RMIT assessment policy as outlined here: https://www.rmit.edu.au/students/my-

course/assessment-results/special-consideration-extensions/extensions

If you are seeking an extension of seven calendar days or less (from the original due date) you must apply at
least one working day before the assessment deadline.

• After the due date, you will have 5 business days to submit your assignment as a late submission. Late
  submissions will incur a penalty of 10% per day. After these five days, Canvas will be closed, and you will lose

ALL the assignment marks.

1. Marking Guidelines

The marks allocated have been added to each of the tasks.

Go to the next page

1. Assignment 2 tasks

There are two types of tasks:

• Solutions of Basic Tasks can mostly be referenced from existing lectorial and lab notes and recordings or
  demonstration videos.
• Solutions of Advanced Tasks require you to conduct research yourself to find.

The tasks need to be completed in the classroom titled AWS Academy Learner Lab [78895] ; upon logging in to the
correct classroom you should see the following:

PLEASE NOTE- Your entry times are logged each time you work in the ‘AWS Academy Learner Lab [78895]’

classroom created for you under your AWS account. If you work under an incorrect or personal account, these log
entries will not exist, and you will get a ZERO for the whole assignment 2. No marks will be awarded for using a
personal AWS account.

Go to the next page

Scenario: You have a small business with a website that is hosted on an Amazon Elastic Compute Cloud (Amazon EC2)
instance. You have customer data that is stored on a backend database server that you want to keep private. You also
have an on-premise network. You want to use Amazon VPC to set up a VPC that meets the following requirements:

TASK A) VPC (7 marks)

1. (Basic) Create a new VPC in us-east-1, and name it as s1234567 (i.e. your student ID).
   • You will create three public subnets, and three private subnets in three availability zones (each pair of
     public subnet and private subnet is within an availability zone). Give them appropriate names. (1 mark)
   • The first address of your network must be xx (the last two digits of your student id, e.g. 67 for
     s1234567).xx (the last fourth and third digits of your student ID, e.g. 45 for s1234567).0.0. Each subnet
     must have 1024 IPv4 addresses in total. (1 mark)
   • Ensure your t hree public subnets are associated with a route t able and three private subnets are
     associated with another route t able. Each table is properly named and configured. (1 mark)
   • Create a security group to allow HTTP, HTTPS and SSH Access inside the p ublic subnets from the wider
     internet and name it as s1234567-public. (1 mark)
     Note: if the last two digits of your student ID are 00 (e.g. s1234500), the first IP address of your network address
     must be 10.xx.0.0 (e.g. 10.45.0.0 for s1234500).
2. (Advanced) Connect the private subnets of this VPC with your on-premises network (CIDR: 192.168.10.0/24) to
   form a virtual private network. (3 marks)

TASK B) EC2 (5 marks)

1. (Basic) Inside EC2, launch:
   • An instance with Amazon Linux 2023 AMI and t2.small Instance Type and name it as s1234567-
     Web Server 1. Make sure it is inside Public Subnet 3 of the s1234567 VPC and assign the
     Security Group you created earlier. (1 mark)
   • Install a web server, a database, and PHP libraries into the EC2 (see Lab 2 instructions). Assign
     a permanent public IP address to the EC2 (i.e. the IP address will not change when the instance
     is restarted) so that you can access the website using the public IP address after launching the
     instance. (1 mark)
   • Choose ‘ Choose an existing key pair’ when you launch the instance. Access the instance using
     Putty/Terminal/Command Prompt/Git Bash/PowerShell (No EC2 Instance Connect or Session Manager
     Allowed) and the key pair provided by the Learner Lab. (1 mark)
2. (Advanced) Enabling HTTPS on your web server so that the web server can be accessed through HTTPS protocol. (
   marks)

TASK C) S3&IAM&Lambda (6 marks)

1. (Basic) Create an S3 bucket (name it as s1234567-s3 ) in us-east-1 and create and upload a webpage that can show
   your name, student ID, and registered COSC2757 practical name (in HTML format) to the S3 bucket and make S
   host this webpage as a public website (so the public can access it from its object URL). (2 marks)
2. (Advanced) Create a Lambda function and configure a trigger for the bucket. Every time that you add an object to
   your Amazon S3 bucket, your function runs and outputs the object type to CloudWatch Logs. (2 marks)
3. (Advanced) Create another S3 bucket (name it as s1234567-iam ) in us-east-1 and a private connection between the
   public subnets of VPC and this bucket without using authentication. (2 marks)

Go to the next page

NOTE: You will be required to submit a series of screenshots to show that you have completed the tasks.

Please make sure that all your AWS Management Console screenshots show all the details and your AWS username
(appearing in the top-right corner of the management console) otherwise you will receive a ZERO mark for any tasks
that miss the details and username.

TASK D) EBS&EFS (6 marks)

1. (Basic) Create a new EBS volume (Type: GP3, Size: 8 GB) and attach it to the EC2 instance.
   • Create a file system and a file on this new volume and create a snapshot for this volume. (1 mark)
   • Delete this volume, recreate a volume (10 GB) based on the snapshot, attach the restored volume to the
     instance, and show the file system is restored and resized. (2 marks)
2. (Basic) Create an EFS (name it as s1234567-EFS ) and mount it to the EC2 instance (i.e. only allowing the EC
   instance to access it). (3 marks)

TASK E) RDS&DynamoDB (7 marks)

1. (Basic) Create a security group for the s1234567 VPC called s1234567-DB Access. This security group should allow
   inbound connections on the port used for MySQL connections from the instance that has the security group you
   created in Task A.
   - Create a Subnet Group (containing Private Subnet-1 and Private Subnet-2) for Database (name it as
   s1234567-Subnet-Group ). (1 mark)
   - Create Database (2 marks)
   - Go to Create Database under RDS, and select MySQL.
   - Leave the ‘Settings’ as default, but set password to ' s1234567’
   - Set the DB instance type to db.t3.micro with 8 GB SSD (GP2).
   - The deployment must be a Multi-AZ deployment (with replicas).
   - Ensure it is launched in the s1234567 VPC, using the subnet group you created previously.
   - Ensure you attach the DB Security Group.
   - Disable automatic backups, encryption and enhanced monitoring.
   - (Advanced) Use Putty/Terminal/Command Prompt/Git Bash/PowerShell to show that the EC2 instance can
   access the DB instance. (1 mark)
2. Inside DynamoDB,
   • (Basic) Create a DynamoDB table ( s1234567-Shopping ) exactly following the schema and containing the
     information below. (1 mark)

Customer_ID Purchase_Date Item_ 1 Item_ 2 Item_

10004 20 - 05 - 2024 Tea Salad Sandwich

10004 25 - 05 - 2024 Tea Sandwich

10005 22 - 05 - 2024 Juice Soda Soda

10005 26 - 05 - 2024 Pizza Tea Salad

10006 25 - 05 - 2024 Water Pizza Fries

10006 29 - 05 - 2024 Fries Salad Tea

10007 28 - 05 - 2024 Soda Sandwich

10007 29 - 05 - 2024 Soda Sandwich Tea

• (Advanced) Create a single query to retrieve all the records that contain tea. (2 marks)

Go to the next page

TASK F) ELB&Auto Scaling (4 marks)

(Basic) Create an Elastic Load Balancer (called s1234567-ELB ) and an Auto Scaling Group (called s1234567-Auto
Scaling ) that launch instances ( called s1234567-instance ) of the same type and configuration across Private Subnet-
1 and Private Subnet-3 , where

• The target group is named as s1234567-Target-Group.
• Enable EC2 instance detailed monitoring within CloudWatch.
• Enable group metrics collection within CloudWatch.
• Desired capacity: 3, Minimum capacity: 2, Maximum capacity: 4.
• The scaling policy is that Average CPU Utilization is greater than 70% in 2 mins.
• Automatically send AWS notifications to your student email for only scale-in and scale-out events. (1 mark)
• Test your Autoscaling group by using the load test function of the hosted website. (3 marks)

TASK G) System Architecture (10 marks)

(Basic) Draw a system architecture to precisely illustrate all the components included in Tasks A-F as detailed as
possible (including all services and their connections, region, AZs, VPC, subnets, security groups, CIDRs, IP
addresses, details of route tables, etc.)

Go to the next page

1. Submission Instructions

You need to create a single zipped archive containing the following:

Tasks Subtasks Screenshots required Name of screenshot files
Task A VPC_1 Resource Map
Subnets (including CIDRs)
Public Route Table
Private Route Table
Public Security Group

Name all screenshots with
TaskA_ 1
e. g. Task A_1-Resource
Map, etc.

VPC_2 Route Table
Security Group
VPN

Name all screenshots with
TaskA_ 2

Task B EC2_1 Instances (with instance selected to show details, security
and networking)
Website (show URL in HTTP)
Instance access ( using Putty/Terminal/Command
Prompt/Git Bash/PowerShell)

Name all screenshots with
TaskB_ 1

EC2_2 Operations (in Putty/Terminal/Command Prompt/Git
Bash/PowerShell)
Website (show URL in HTTPS)

Name all screenshots with
TaskB_ 2

Task C S3&IAM&Lambda_
1

The website (with the URL) Name all screenshots with
TaskC_ 1
S3&IAM&Lambda_
2

Lambda Function Overview
S3 Object Uploading
CloudWatch Log Events

Name all screenshots with
TaskC_

S3&IAM&Lambda_
3

VPC Endpoint (full information)
Bucket Policy

Name all screenshots with
TaskC_
TASK D EBS&EFS_1 EBS Volume (Details)
File System Operations
Snapshot (Details)
Volume Deletion
Volume Recreation
File System Restoration and Resizing
Restored File System Demonstration

Name all screenshots with
TaskD_

EBS&EFS_2 EFS (Network Information)
Mount Operations
Mounted EFS Demonstration

Name all screenshots with
TaskD_

TASK E RDS&DynamoDB_1 Security Group
Subnet Groups
DB Instance (full information)
EC2 and DB Instances Interactions

Name all screenshots with
TaskE_

RDS&DynamoDB_2 Table
Query and Results

Name all screenshots with
TaskE_
TASK F ELB&AutoScaling Launch Configuration (Details)
Autoscaling Group (Summary of all the steps)
Target Groups (Details (show healthy status) and Targets)
Website (with the URL of ELB DNS and shown in different
availability zones)
CloudWatch Alarms (showing “In alarm” status)
Alarm Message (in your student email)
Scale-Out EC2 Instances and Their Located Subnets

Name all screenshots with
TaskF_

Task G System
Architecture

System Architecture Graph Name it with TaskG_

Go to the next page

Note:

1. Make sure the font size in your screenshots is large enough to identify.
2. You may make two or more screenshots for the same required screenshot if a single screenshot cannot cover all the
   details.
3. Include your username ( appearing in the top-right corner of your AWS management console) in all submitted screenshots
   otherwise you will receive a 0 mark for any screenshots missing the username.
4. You may create folders (use the task/subtask titles to name the folders) to contain the screenshots of each task/subtask.

You must submit this single zipped archive via Assignment submission link under Milestone 2 Canvas.

The zipped file must be named as yourStudentNumber_a2.zip, as an example if your student number is s1234567 the
file must be named as

s1234567_a2.zip

INCORRECT file name will attract a penalty of 5 marks from the total score.

Note: You won’t receive a penalty for the Canvas auto-generated file name appendix (e.g. s1234567_a2-1 .zip)

Assessment declaration: When you submit work electronically, you agree to the assessment declaration:

https://www.rmit.edu.au/students/student-essentials/assessment-and-exams/assessment/assessment-declaration

For further information on our policies and procedures, please refer to:

https://www.rmit.edu.au/students/student-essentials/rights-and-responsibilities/academic-integrity

1. Assignment queries

Please attend Week11-12 tutelab sessions or post questions on the discussion board to query doubts concerning this
assignment.