Skip to content

AWS Integration Phase-I

Cost Management

Understanding and managing costs is essential when working with AWS. Refer to the AWS Pricing page for detailed information.

Cost Reminder

Identity and Access Management (IAM)

IAM enables you to manage access to AWS services securely.

Overview

IAM

Users & Group

IAM allows you to organize users into groups and manage permissions efficiently.

users_group

Policies

Policies define permissions and access control for IAM users and groups.

policies

Access Keys

Access keys are used for programmatic access to AWS services.

keys

IAM User and Group Creation

Creating IAM users and groups involves the following steps:

Create a Group

  • IAM Dashboard → User groups → Create group → Group name (e.g, developers) → Attach Permission policies: Administrator Access, IAMU → Create group

    developers

Create a User

  • IAM Dashboard → Users → Create User → Username → Provide user access → Create an IAM user → Set custom password → Next → Add user to the group → Next → Create user

    user

After completing the steps, users have the option to email the instructions or download them as a .csv file. Downloading as a .csv is recommended for easier access and offline reference.

Utilization

Access IAM dashboard and sign in using credentials or alias.

  • IAM Dashboard → AWS Account → Create alias

    alias

  • Access the login URL created by the alias and log in using your credentials (from the downloaded .csv file).

    iam_login

  • Upon successful login, account details will be displayed in the right-side panel.

    login

Note: It's essential to use IAM User accounts for accessing AWS resources and services. The Root user account should be reserved solely for account setup and billing management purposes.

Security

Enabling Multi-Factor Authentication (MFA) enhances account security.

  • IAM Dashboard → Add MFA → Device name → Authenticar app (recommended e.g, Google) → Input the required fields → Add MFA

    mfa

  • After completing the setup, confirm the authentication in your dashboard.

    confirm_mfa

  • Repeat the same process to set up MFA for your Root user.

    root_mfa

Setting Up Access Keys

To facilitate communication between our application and AWS services like S3 bucket, we require access keys.

  • IAM Dashboard → Users → Select user → Security credentials → Creat Access Keys → Local code → Next → Skip tag → Create

    access_keys

Be sure to download the generated .csv file for future reference.

AWS CLI

Setup AWS CLI using the official guide.

Amazon Simple Storage Service (S3)

S3 provides object storage for a wide range of use cases.

Overview

s3

s3_work

Setting up S3

Create a Bucket

Specify bucket name and configure access settings.

  • Navigate to S3 → Create bucket → Give bucket name → Uncheck Block all public accessCreate bucket

    bucket

Tweak Permissions

Configure bucket policies for public access.

  • Select the bucket → Permissions → Block public access (bucket settings) off → Bucket policy → Policy generator (open in new tab)

  • Policy generator →

    • Type of Policy: S3 Bucket Policy
    • Statements:
      • Effect: Allow
      • Principal: *
      • Actions: GetObject
      • Copy & Paste the ARN and add a forward / with *
        s3_policy

  • Add Statement → Generate Policy → Copy the JSON Policy → Paste in Bucket Policy → Save changes

    s3_policy_update

Integration

Installation

To integrate S3 with your app, follow these steps:

  1. Install the required packages using pip: 

    pip install -U boto3  
pip install -U django-storages

  2. Add the installed packages to your Django project's settings:

    settings.py
    INSTALLED_APPS = [
# other apps
'storages',
]

This ensures that the necessary libraries are installed and configured for S3 integration within your Django application.

Config Models

To configure your models for S3 integration, follow these steps:

  1. Add an upload folder named images in the Profile picture model. This ensures that when a picture is uploaded, it will be saved in a folder named images in our S3 bucket.

    your_app_name/models.py
    class Profile(models.Model):
    profile_pic = models.ImageField(blank=True, null=True, default='default.png', upload_to='images/')  # Define upload_to as 'images'
    user = models.ForeignKey(User, max_length=10, on_delete=models.CASCADE, null=True)

  2. Run migrations to apply the changes to your database schema: 

    python manage.py makemigrations
python manage.py migrate

    migrate

    This ensures that the necessary database changes are made to accommodate the new configuration.

These steps configure your Django models to handle image uploads and ensure that they are saved in the specified images folder within your S3 bucket.

Setup settings.py

Configure AWS settings in your settings.py file as follows:

settings.py
#  # IAM accessKeys from .csv file
AWS_ACCESS_KEY_ID = ''  # Add your Access Key ID here
AWS_SECRET_ACCESS_KEY = ''  # Add your Secret Access Key here

# AWS S3 configuration
AWS_STORAGE_BUCKET_NAME = ''    # Add your S3 bucket name here

# Storage configuration for S3 for Django >= 4.2
STORAGES = {

    # Media file (image) management
    "default": {
        "BACKEND": "storages.backends.s3boto3.S3Boto3Storage",
    },

    # Static file management
    "staticfiles": {
        "BACKEND": "storages.backends.s3boto3.S3Boto3Storage",
    },
}

# Show a unique URL for the uploaded image
AWS_S3_CUSTOM_DOMAIN = '%s.s3.amazonaws.com' % AWS_STORAGE_BUCKET_NAME

# Ensure we don't overwrite any existing files
AWS_S3_FILE_OVERWRITE = False

Replace the placeholders with your actual IAM access keys and S3 bucket name. These settings enable Django to interact with your AWS S3 bucket for storing and retrieving files.

Storing Static Files in S3

Upload static files to your S3 bucket for serving content usign these steps:

  1. Check if your S3 bucket is empty.

    empty

  2. Run the following command in your terminal and select yes to confirm:

    python manage.py collectstatic

    collect

  3. Wait for a few minutes for the files to be uploaded to your S3 bucket.

  4. Refresh your S3 bucket to ensure all the files are successfully uploaded.

    fill

Note: If you encounter any issues while loading the default.png file, ensure it is located in the root folder of your S3 bucket.

Amazon Relational Database Service (RDS)

RDS offers managed database services for various database engines.

Overview

rds

Setting up RDS

Follow these steps to set up your PostgreSQL database using Amazon RDS:

Create an Instance

  • Go to RDS → Resources → DB Instances → Create database → Standard create → PostgreSQL → Free tier → DB instance identifier (arno-aws-course-postgredb) → Master username (e.g, postgres_1) → Set password → DB instance class → db.t3.micro → Storage (default) → Connectivity → Public Access: Yes → Additional config → DB port → Monitoring (default) → Additional Configuration → Set database name (e.g, arno_aws_course) → Create database

    db

Set Inbound Rules

  1. Go to Security Groups and click on the group ID associated with your RDS instance.
  2. Navigate to the "Inbound rules" section and click on "Edit inbound rules."
  3. Add two rules:
    • Type: PostgreSQL, Source: any IPv4 0.0.0.0/0
    • Type: PostgreSQL, Source: any IPv6 ::/0
  4. Click on "Save rules" to apply the changes.

inbound

Integration

Installation

Execute the following command to install the necessary package:

pip install -U psycopg2-binary

Setup settings.py

Configure your AWS RDS PostgreSQL database in the settings.py file of your Django project as follows:

settings.py
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': '',         # Initial database name
        'USER': '',         # Master username
        'PASSWORD': '',     # Master password
        'HOST': '',         # Copy the endpoint from the RDS dashboard
        'PORT': '5432',     # Default port for PostgreSQL
    }
}

Note: Ensure to comment out or remove your default SQLite database settings before using RDS.

Connect the database

Follow these steps to connect your database:

  1. Check for Unapplied Migrations:

    Run your Django server and check if there are any unapplied migrations. If you see a message similar to the one shown in the screenshot below, it means your database is successfully connected:

    post_migrate

  2. Stop the Server and Run Migrations:

    Stop the server and execute the following commands to run migrations:

    python manage.py makemigrations
python manage.py migrate

  3. Create a New SUDO:

    After completing the migrations, create a new SUDO as per the instructions provided.

Amazon Route 53

Route 53 is a scalable domain name system (DNS) web service.

Overview

Here's an overview of Route 53, including its use cases, DNS resolution, various routing policies, and examples:

route53

  • Use Cases:

    usecase

  • DNS Resolution:

    dns

  • DNS Records:

    records

  • Routing Policies:

    policies

  • Simple Routing:

    simple

  • Weighted Routing:

    weighted

  • Failover Routing:

    fail

  • Latency Routing:

    latency

Setup Route53

If you already have a domain, you can transfer its registration to Route53 using this guide.

Register a Domain

  1. Go to Route53.
  2. Navigate to Domains > Registered Domains.
  3. Click on "Register domains" and search for your desired domain name.
  4. Select your domain and check the price.
  5. Proceed to checkout.

buy

Integration

Amazon Certificate Manager

Amazon Certificate Manager (ACM) enables you to provision, manage, and deploy SSL/TLS certificates for use with AWS services.

acm

https

Important: To apply a certificate, you must have purchased a domain name; otherwise, this step is not applicable. You can skip this part if you don't have a domain name.

Certificate Provision

Provision SSL certificates and configure DNS records for secure communication

  1. Go to Certificate Manager.
  2. Request a certificate and choose "Request a public certificate."

  3. Add domain names for which you want to generate the certificate.

    ssl

  4. Choose the validation method as DNS and select any key algorithm. Then, click on "Request."

  5. After generating the certificate, note the CNAME name and CNAME value.

    config

  6. Go to Hosted Zones and navigate to your registered domain.

  7. Create a new record:

    • Enter the CNAME name in the Record name field.

      cname

    Note: Don't forget to remove ".yourwebsite.com" from the end of the CNAME.

    • Enter the CNAME value in the Value field.
    • Choose the record type as CNAME and add another record for the www DNS.
    • Click on "Create records."

    record

Important: SSL validation may take up to several hours or 1-2 days. Please wait until the status shows "Issued."