IT评测·应用市场-qidao123.com

标题: COS20019 Cloud Computing Architecture - Assignment 02 [打印本页]

作者: 美食家大橙子    时间: 2024-6-14 20:58
标题: COS20019 Cloud Computing Architecture - Assignment 02
Scalable Cloud Computing Architecture (30%)

Assignment Overview

This assignment has two components:
Class attendance worth of 3% has been incorporated in the following assignment marksheet.
wechat cstutorcs
Assignment Deadline : 27 May 2024, Monday (subject to change by your co-teacher)
Assignment Submission : Please discuss with your co-teacher about how and what to submit.
Table of Contents

Assignment Overview.......................................................................
  1. 2.1. Part 1 Functional Requirements........................................................  
  2. 2.2. Part 2 Cloud Infrastructure............................................................  
  3. Testing..................................................................................  
  4. Marking Criteria of Cloud Project.........................................................  
复制代码
Assignment Submission....................................................................
Assignment MarkSheet:
  1. Component Tasks Total Marks Student Marks Date Checked
  2. Class attendance (A) 3%
  3. Lab Exercises ACF Lab 06 1%
  4. ACA Module 9 Guided Lab 1%
  5. ACA Module 10 Guided Lab 1%
  6. ACA Module 13 Guided Lab 1%
  7. ACA Module 14 Guided Lab 1%
  8. Sub-Total (1) 5%
  9. Cloud Project Scalable Photo Album Project (2) 22%
  10. Total= (A) + (1) + (2) 30%
复制代码
1. Lab Exercises (5% in total, 5 Lab

Exercises, 1% each)

Marking Criteria for Lab Exercises
Below is the marking criteria of each Lab exercise
  1. a.Complete all work required (e.g. be able to show the relevant configuration information on the
  2. cloud environment and can explain how the relevant components work together) - 1%
  3. b. Partially complete the work required (e.g. can show partial information but not fully
  4. understanding how the relevant components work together) - 0.5%
  5. c. Cannot complete the work required (e.g. do not understand what to do) - 0%
复制代码
2. Scalable Cloud Project - Highly Available

Photo Album Web Application (22% in total)

In the cloud project of Assignment 1, you have learnt how to deploy a Photo Album Web
Application on a VPC, actually in a EC2 running as a Web Server. However, this is not a highly
available environment. In case there are some hardware failure related to that particular EC
instance running the Web Server. The whole Web Applicaiton will be down and hence cannot be
used by the public users.
This is what we want to overcome in this assignment. We will configure this solution to make it
highly available. In other words, we try to make the Photo Album Web Application (1) highly
available and (2) a bit scalable. Yes, we want a bit scalable because there are many levels of
scalability as you may have known by now. In this assignment, we can only experience one or two
aspects of the scalability. Our approach in this assignment is to have multiple EC2 instances
running the same Web Application so that together they share the load and hence can handle
higher loading.
Furthermore, in this project, we allow users to upload photos using a web browser via the internet.
When a photo is uploaded from the internet, the application will also create a thumb nail image for
ease of reference.
Similar to the cloud project in Assignment 1, this project has two parts, namely infrastructure
deployment and functionality requirements. They are designed to test whether you can integrate
the skills learnt in the ACF and ACA Lab exercises in this subject in deploying a highly available
Web application on the cloud. You are not required to program the Web Application. You will be
given the code of the Web Application and instructions to revise the code.
Since we are going to make the web application scalable by having more EC2 instances running the
same web application at the same time, we need to have a working system first and then we
replicate the system to different EC2 instances. Hence, in this assignment, we need to deal with the
functional requirements first. Once we have a working system, we can then configure our cloud
infrastructure to make it highly available.
Unlike the cloud project in Assignment 1, you will only be given the requirements of each part with
some hints on the steps. You need to think about the steps carefully before you start to attempt this
project. Probably a revision of the relevant ACF and ACA labs may help.
Prerequisite requirements
Possible AWS Accounts for cloud project
You have a choice of two accounts / environments you can use to complete the cloud project of this
assignment.
  1. option, you will need to create a (read-only) IAM user and provide its credentials to your co-
  2. teacher so your assignment can be marked properly.
复制代码
Getting the files ready
Download the following files from Cloud Campus


  1. This zip file contains the full source code of the Photo Album Web Application.
  2. It is different from the one in Assignment 1. Hence the set up script will be
  3. different. You need to customize it yourself.
复制代码
  1. Furthermore, after you unzip this file, there is a folder named photoalbum by
  2. default. This may conflict with your Assignment 1’s photoalbum folder. Be
  3. careful. Please be remember to put all files inside /var/www/html/photoalbum.
  4. This is different from /var/www/html/cos20019/photoalbum in Assignment 1.
复制代码
  1. Last, but not least, you need to read the file constants.php carefully. There are
  2. some extra steps in the file telling you to install the AWS SDK inside
  3. /var/www/html/.
复制代码


  1. This zip file contains the full source code of the CreateThumbnail Lambda
  2. function.
复制代码
2.1. Part 1 Functional Requirements

Figure 1. Cloud Architecture for Highly Available Photo Album Cloud Project
Figure 1 shows the cloud infrastructure and services of the Highly Available Photo Album Cloud
Project. First, we need to make sure that we have a working system in the EC2 instance named Dev
Server. This EC2 instance serves two purposes:
The Photo Album Web Application is to be hosted on your EC2 web servers. The full source code has
been provided to you in photoalbum.zip.
You need to modify the constants.php file in the provided code (carefully read the comments in the
file) using available information from your S3 bucket, RDS database, and Lambda function.
The web site should be accessible through http://[your.elb.dns]/photoalbum/album.php if the
directory structure in your web server is as specified in the constants.php file.


  1. Please be very careful about this. In Assignment 1, we use the public ip v4 address
  2. to access the Photo Album Web Application. However, after we have made the
  3. Auto Scaling Group available, we use the public ip v4 address of the Elastic Load
  4. Balancer to access the Photo Album Web Application. While we prepare the Web
  5. Application (the extra one is the Photo Uploading feature see Part 1 Requirement 2
  6. below), we need to use the public ip v4 address of the Dev Server to test our Web
复制代码
  1. Application first. Once it is OK, we then use it as the machine image to launch the
  2. Web Servers in the Auto Scaling Group.
复制代码
  1. Furthermore, this project requires AWS SDK installation on your EC2 web server
  2. instances. Read and follow the provided instructions in the constants.php file
  3. carefully.
复制代码
Below are the individual functional requirements of this Photo Album Web Application.
2.1.1. Requirement 1 Photo Album (album.php)

This page lists all the photos whose meta-data are stored in the database. Programmatically, this
page performs the following actions:

2.1.2. Requirement 2 Photo Uploading (photouploader.php)

This page allows you to upload a photo to an S3 bucket and insert its meta-data into the RDS
database. In the meantime, a Lambda function called CreateThumbnail will create a resized verion
of the photo that was just uploaded to S3.
Programmatically, this page performs the following actions (assuming you have all information
filled and photo been selected):

For more details, please inspect the supplied source code.


  1. You need to set the S3 policy properly to allow write access to your S3 bucket
  2. before you can test this upload feature. Please see Part 2 Requirement 3 for some
  3. examples in setting up the S3 policy.
复制代码
2.2. Part 2 Cloud Infrastructure

This part of the assignment is to set up the infrastructure, which involves the following
infrastructure as shown in Figure 1:


  1. For this assignment, you have the following two options:
复制代码
  1. It is totally your choice. Either way, I advise you to make a plan first and enact
  2. your plan step by step.
复制代码
2.2.1. Requirement 1 Your VPC

The VPC used in Highly Available Photo Album Cloud Project is similar to that in Assignment 1. The
following points should be noted:



2.2.2. Requirement 2 Network Address Translation (NAT)

For private EC2 instances (i.e.\ those EC2 instances in private subnets) to be able to communicate
with the public internet, their private IP addresses need to be translated by a NAT device. You need
to create this NAT device in a public subnet in your VPC. Please see Figure 1 for the location of this
NAT device.
A NAT device is either a NAT gateway or a NAT instance (an EC2 instance taking the role of a NAT
gateway).
So, you have the following two options


  1. AWS has deprecated the relevant NAT AMI (Amazon Machine Image) for a NAT
  2. instance. Hence, you may need to create your own AMI if you choose this
  3. option.
复制代码
  1. Please see https://docs.aws.amazon.com/vpc/latest/userguide/
  2. VPC_NAT_Instance.html for the relevant instructions on setting up a NAT
  3. instance and the relevant permissions (e.g. Security Group required).
复制代码
2.2.3. Requirement 3 S3 Photo Storage

Photos are to be stored in an S3 bucket, which has been created from Assignment 1, ensuring
objects stored in this S3 bucket are correctly accessible by applying the appropriate permissions
and policies.
In AWS Learner Lab environment, you may not be able to create your own IAM roles due to AWS
Academy’s restrictions. Nonetheless, an IAM role named " LabRole " or " LabinstanceProfile " with
required permissions already exists in your management console that can be used for this
assignment.
Since you will be uploading new photos to your S3 bucket, you need to set up appropriate S3 bucket
policy to allow users to write to the S3 bucket.
You need to make sure that the uploading of new photos must be via your web application or done
by you via the S3 Management Console, meaning that you cannot directly upload any photos to
your S3 bucket using the URL of your S3 bucket.
Please see https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html
for the appropriate examples. You may need to modify the examples to suit your needs. There are
so many options in this part. Here are two options (choose one for your assignment, you do not
need to do both):


  1. Please see https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-
  2. bucket-policies.html#example-bucket-policies-HTTP-HTTPS-2 for an example.
复制代码


  1. There is no single example in https://docs.aws.amazon.com/AmazonS3/latest/
  2. userguide/example-bucket-policies.html that matches this requirement. You
  3. may need to read through some of them and modify them to suit your need.
复制代码
2.2.4. Requirement 4 Load Balancing

Web request load needs to be distributed across the web servers in the auto-scaling group using an
Application Load Balancer. Ensure that your Elastic Load Balancer (ELB) is running health checks
on all instances.
Your ELB needs to be internet facing and routes the traffic to appropriate Web Servers, in the
private subnets, running the Photo Album Web Application.


  1. The health check path must be correctly configured (e.g.
  2. "/photoalbum/album.php", see the Functional Requirements for details).
  3. Otherwise, the health checks would fail.
复制代码
2.2.5. Requirement 5 Auto Scaling

You need to create an Auto Scaling Group (ASG) that scales your Web Server’s EC2 instances
automatically.
You need to define a scaling policy for your auto scaling group with at least the following rules:

The ASG should launch instances into the private subnets.
2.2.6. Requirement 6 EC2 Web Server instance

Your EC2 Web Server instances should be based on Amazon Linux 2023 AMI , which is similar to the
one used in Assignment 1. They need to be given proper permissions through an IAM role to be able
to put objects into the S3 bucket and invoke the CreateThumbnail Lambda function (see Part 2
Requirement 7). The role must follow the least-privilege principle.
These instances should be automatically launched by the auto scaling group, and only accept
incoming traffic from the load balancer. Once launched, they should be ready to serve Photo Album
users without any further human intervention. In other words, you should not have to do any
configurations once the instances have been launched.
 An ASG can launch instances based on an AMI that has been customized by you.

The Development (Dev) Server does not receive traffic from the ELB. The Dev server can be used to
develop the custom AMI, which would contain everything needed to run the Photo Album Web Site
(AWS PHP SDK, Apache Web Server, source code of the Web Application, etc.). It can also be used to
manage your database (through phpMyAdmin - similar to Assignment 1).
2.2.7. Requirement 7 The CreateThumbnail Lambda function to scale the

image

The CreateThumbnail Lambda function is used to scale the image in this project. This Lambda
function has the following configurations:



  1. Since you cannot create your own role in the Learner Lab, we use the LabRole,
  2. which has been created for you in the Learner Lab environment. In real
  3. production environment, you need to create an IAM role with policies that
  4. allow this Lambda function to get objects from and put objects to the S3 bucket.
  5. The role must follow the least-privilege principle.
复制代码



  1. The default is 3 seconds. It is better to change it to 30 seconds to avoid
  2. unexpected timing error.
复制代码
Once the Lambda function has been created, you can upload a deployment package to add
functionality to this function. The deployment package has been provided to you in lambda-
deployment-package.zip
. This package contains the library and full source code to resize images and
dowload/upload images to S3 (for best result, please use PNG images). The package is ready to work
without any modification.


  1. In order to test this function, you can create a test event with the following input
  2. in AWS Lambda Console (via the Test tab):
复制代码
  1. {"bucketName" : "your-photo-bucket", "fileName": "your-image.png"}
复制代码
  1. An example could be
复制代码
  1. {"bucketName" : "mlau-photos-bucket", "fileName": "swinburnelogo.png"}
复制代码


  1. Since we are putting new objects to the same S3 bucket, please DO NOT set the
  2. trigger of this lambda function to S3 : All object create events. Doing so will end
  3. up having an infinite loop.
复制代码
You are encourage to inspect the source code and understand the logic of this Lambda function.
However, you will not be required to answer coding questions about Lambda functions. Having
said that, general concepts on how Lambda functions work will be asked in the exam.
2.2.8. Rquirement 8 Database with RDS

Same RDS database created in Assignment 1.
You may think that since the Web Server EC2 instances are now in private subnets, access to
phpMyAdmin from these servers would require some further configurations. That is correct.
However, it is not necessary to go through phpMyAdmin from these servers. It is because we still
have a Dev Server in the public subnet. And, it is acceptable to manage your DB through the Dev
Server. Hence, there is no need to further configure the EC2 Web Server instances. That is also the
reason why we keep the Dev Server instance in the public subnet.
2.2.9. Requirement 9 Security Groups

You need to create four to five security groups, depending on whether you choose to use a NAT
Gateway or a NAT instance. Each security group is associated with a tier shown in the architecture
diagram as in Figure 1:



  1. You need this NATSG if you use a NAT instance. In other words, if you use NAT
  2. gateway, you do not need this security group.
复制代码
ELBSG, WebServerSG, DBServerSG and NATSG, if any, must follow the least-privilege principle ,
i.e., allowing all traffic from anywhere is NOT acceptable. DevSG does not have to follow the least-
privilege principle.


  1. Your RDS instance needs to be in a private subnet. Only WebServerSG security
  2. group can access it.
复制代码


  1. Security groups are stateful. See https://docs.aws.amazon.com/vpc/latest/userguide/
  2. VPC_SecurityGroups.html for details.
复制代码


  1. If unsure about how to set up security groups and IAM roles, or unsure if your
  2. security groups and IAM roles are causing problems, you can make them wide
  3. open (allowing all traffic from anywhere, full permissions first), then tighten them
  4. later once your web application is fully functional[^1 ]
复制代码
Testing

The Photo Album Web Application should be accessible through
http://[your.elb.dns]/photoalbum/album.php.
Using your Photo Album Web Application (http://[your.elb.dns]/photoalbum/photouploader.php),
upload a few photos along with their meta-data

Marking Criteria of Cloud Project

Table 2. Marking Criteria of Cloud Project
  1. Requirements Tasks
  2. Total
  3. Marks
复制代码
  1. Student
  2. Marks
复制代码
  1. Part 1
  2. Infrastructure
复制代码
  1. VPC configured with 2 Availability Zones, both with
  2. public and private subnets
复制代码
1%

  1. Public and Private route tables route to internet
  2. gateway and NAT device (instance or gateway)
  3. respectively
复制代码
2%

  1. Security groups properly configured and attached 2%
  2. IAM roles properly configured (or used) 1%
  3. ASG configured and working correctly 2%
  4. ELB configured and working correctly with associated
  5. Elastic Public IP address 2%
  6. Photos stored in S3 are correctly accessible. S3 bucket
  7. policies are correct
复制代码
2%

  1. Lambda configured and working correctly 2%
  2. RDS configured and working correctly 1%
  3. Sub-Total (a) 15%
复制代码
  1. Part 2
  2. Functionality
复制代码
  1. Web site accessible via ELB 1%
  2. Photos and their meta-data displayed on album.php
  3. page
复制代码
2%

  1. Photos and their meta-data can be uploaded to the S
  2. bucket and RDS database, respectively
复制代码
2%

  1. Photos are resized by the Lambda function 2%
  2. Sub-Total (b) 7%
复制代码
  1. Deductions
复制代码
  1. Documentaion not as specified or poorly presented
  2. [between 0% to 22%] (c)
复制代码
22%

  1. Serious misconfigurations of AWS services being used
  2. [between 0% to 22%] (d)
复制代码
22%

  1. Sub-Total (e) = minimum of "(c)+(d)" and 22% 22%
  2. Total= (a) + (b) - (e) 22%
复制代码
Assignment Submission

Make sure your web site is functional from the due date - check you have started the web server
EC2 instance if you have stopped it. Your co-teacher will notify you to stop your web site once the
marking is completed.
Submit a single pdf document to your co-teacher via Cloud Campus. No demonstration is required.
The document must contain the following:


That is all for Assignment 2.
[ 1 ] This is not a good practice. However, you can do this for learning purposes.

免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。




欢迎光临 IT评测·应用市场-qidao123.com (https://dis.qidao123.com/) Powered by Discuz! X3.4