Assignment #05 Infrastructure as Code w/Terraform

In this assignment, you will update the Terraform template for the application stack to add the following resources: CourseNana.COM

DB Security Group

• Create an EC2 security group for your RDS instances. • Add ingress rule to allow TCP traffic on the port6 for MySQL/MariaDB or 3 for PostgreSQL. • The Source of the traffic should be the application] security group. o Restrict access to the instance from the internet. • This security group will be referred to as the idatabase security group. CourseNana.COM

S3 Bucket

• Create a private S3 bucket with a randomly generated bucket name depending on the environment. • Make sure Terraform can delete the bucket even if it is not empty. o To delete all objects from the bucket manually use the CLI before you delete the bucket you can use the following AWS CLI command that may work for removing all objects from the bucket. Laws s3 rm s3://bucket-name --recursive . • Enable default encryption for S3 Buckets ff> • Create a lifecycle policy for the bucket to transition objects from STANDARD storage class toS-i 1Pd1DARD_IA storage class after 30 days . CourseNana.COM

RDS Parameter Group

A DB parameter group acts as a container for engine configuration values that are applied to one or more DB instances. Create a new parameter group to match your database (Postgres or MySQL) and its version. Then RDS DB instance must use the new parameter group and not the default parameter group. CourseNana.COM

RDS Instance

INAF(P4 I NG: Setting Public accessibility) tO-(T^Lae) will expose your instance to the internet. Your RDS instance should be created with the following configuration. You may use default values/settings for any property not mentioned below. CourseNana.COM

Property Value Database Engine MySQL/PostgreSQL DB Instance Class db.t3.micro Multi-AZ deployment No DB instance identifier csye6225 Master username csye6225 Master password pick a strong password Private subnet for RDS Subnet group instances Public accessibility No Database name csye6225 CourseNana.COM

Database security group should be attached to this RDS instance. CourseNana.COM

User Data

1. EC2 instance should be launched with user data C-> (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) .
2. Database username, password, hostname, and S3 bucket name should be passed to the web application using user data ff- > (https://docsaws.amazon.com/AWSEC2/latest/UserGuide/user¬data.html) .
3. The S3 bucket name must be passed to the application via EC2 user data. IAM Policy 114)AppS3 the policy will allow EC2 instances to perform S3 buckets. This is required for applications on your EC2 instance to talk to the S3 bucket. Note: Replace with appropriate permissions for the S3 bucket to create security policies.

   {
   "Version": "2012-10-17",
   "Statement": [
   {
   "Action": [
   "s3:*"
   ],
   "Effect": "Allow",
   "Resource": [
   "arn:aws:s3:::YOUR_BUCKET_NAME", "arn:aws:s3:::YOUR_BUCKET_NAME/*"
   1
   }
   1
   }

IAM Role

Create an IAM role EC2-CSYE6225 for the EC2 service and attach the WebAppS3 policy to it. You will attach this role to your EC2 instance. CourseNana.COM

Web Application

The web application's database must be the RDS instance launched by the Terraform template when running on the EC2 instance. You can no longer install/use the local database on the EC2 instance CourseNana.COM

Swagger Docs: fhttps://app.swaggerhub.com/apis-docsicsye6225/fal12020- csye6225/assignment-03) RESTful API Endpoints To Be Implemented: https://app.swaggerhub.com/apis-docs/csye6225- webapp/cloud-native-webapp/spring2023-a5 (https://app.swaggerhub.com/apis-docs/csye6225- webapp/cloud-native-webapp/spring2023-a5) CourseNana.COM

About the field data types in swagger docs: CourseNana.COM

1. If a field has readOnly set to true , the value in this field is populated by your application. Example fields are timestamp and id. readOnly properties are included in responses but not in requests.
2. If a field has writeOnly set to true , the value in this field is provided by the API caller in POST ' or PUT request but these fields are not part of GET request. An example is the —password field. writeOnly properties may be sent in requests but not in responses
3. ' multipleOf keyword is used to specify that a number must be the multiple of another number.
4. Theminimum and maximum keywords are used to specify the range of possible values.

   API Requirements

5. All API request/response payloads should be in JSON.
6. No UI should be implemented for the application.
7. As a user, I expect all API calls to return with a proper HTTP status code fhttps://en.wikipedia.org/wiki/List of HTTP status codes) .
8. Users should be authenticated & authorized where applicable.
9. Users can upload images to the products they have created.
10. You must add support for popular file types such as jpeg, jpg, png, etc.
11. Each image must be stored in an S3 bucket.
12. Object metadata must be stored in the database. See AWS docs for available metadata ff> (https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html#object-metadata) .
13. Users can (hard) delete images they have uploaded.
14. The image must be deleted from the S3 bucket.
15. Users cannot update their images.
16. Users can delete only their own images from the products they have created.
17. Users should not be able to delete images uploaded by other users or from products created by other users.
18. Multiple users can upload images with the same name. You must ensure the partitioning user's images in the object storage bucket.
19. S3 credentials should not be hardcoded anywhere and the application must be able to access S3 using the IAM role attached to the EC2 instance.

    Documentation

    AWS

    • cloud-init E-> (https://cloudinit.readthedocs.io/en/latest/) • Running commands on your Linux instance at launch D (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html)_. • User data and shell scripts E-> (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user¬data.html#user-data-shell-scripts) • User data and cloud-init directives E-> (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html#user-data-cloud-init) CourseNana.COM

    Submission

    The assignment will be considered late if commits are made to the main branch after the due date. CourseNana.COM

20. All work for this assignment must be done on the feature branch in your fork and merged to (main) when you are dev complete.
21. The feature and main branches must be in sync.
22. Submit your code from all repositories in this assignment. Read the instructions carefully to create your zip file.
23. Create a folder with the naming convention firstname_lastname_neuid
24. In the firstname_lastname_neuid clone all of your GitHub (organization) repositories with the git clone command. It is important that you clone the repos so that your commit history and branches are preserved.
25. Once you have cloned all of your repositories, you will create a zip of the firstname_lastname_neuid_afitt directory. The zip file should be firstname_lastname_neuid_afil*.zip where ## is the assignment number.
26. Now unzip the zip file in some other directory and confirm the content of the zip files.
27. Upload the Zip to this assignment.
28. You are allowed to resubmit. If you think there may be an issue with the ZIP file, feel free to submit it again. Only the latest will be used for grading.