Description
Introduction
This assignment will measure your understanding of some of the network and security
mechanisms of our cloud provider AWS. This assignment assures us that you have attended the
tutorials and learned about AWS VPC, RDS and Secrets Manager, or that you have found some
other way to learn these services.
Learning Outcomes
• Learn the importance and role of Virtual Private Clouds in creating secure architectures
that maximize the principle of least privilege (i.e. if a server does not need to be publicly
reachable or have its traffic go across the Internet, then it should be behind some
protective measure)
• Learn how to implement a VPC on AWS
• Apply your learning by implementing one public facing service inside the VPC that is
accessible to the public internet
• Apply your learning by implementing one private service inside the VPC that is not
accessible to the public internet, used by the public facing service
• Learn to apply AWS security practices by using Secrets Manager to store private
information
• More experience working with AWS libraries that allow you to perform AWS operations
• More experience building REST APIs, and working with arrays in JSON
By now you have all learned that cloud computing can be tricky and complicated. You have
learned that provisioning IT resources correctly is complicated, and a small mistake can lead to
hours of debugging and searching for answers. I highly recommend that you start this
assignment early, and that you follow my tutorial so that you understand how to properly
provision everything. There is a link at the end of this document that is the AWS tutorial that I
followed in our tutorial on March 7th in Collaborate Ultra. This architecture will be too complex
for me to debug with you individually if you make mistakes. Proceed carefully and
meticulously.
Requirements
You will build a web application with any language or framework you like, deployed on an EC2
instance behind a Virtual Private Cloud (VPC).
Your application running on EC2 will be public facing (accessible through a Public IP you assign
to it on launch, or an elastic IP you create for it), and listening to POST requests to
/storestudents, and GET requests to /liststudents.
/storestudents will:
• Receive and parse a JSON body
• Connect to an AWS RDS database server running on a private subnet inside your VPC
• Insert one record into the students table in the database for each item in the students
array in the JSON body
• Return a status 200 code if everything works, or 400 and an error message if there is a
failure
/liststudents will:
• Connect to the AWS RDS database running on the private subnet inside your VPC
• Query the students table and return a list of all students to display in a browser. How
you display the student information is up to you, but it must be legible.
When you are finished the system will look and function like this:
Additonal Requirement – Secrets Manager
To connect to your RDS database you will need a username and password. Store this
information in Secrets Manager, and retrieve it from Secrets Manager in your code using your
access key, secret access key and session token credentials from your lab environment.
Your RDS database:
You may choose whichever type of database you are comfortable with; I recommend Aurora
because this database is covered in the tutorial. I do not recommend SQL Server or Oracle as
these DBs will devour your credits.
Your database must contain a single table named students that has the following schema:
CREATE TABLE students (
first_name varchar(100),
last_name varchar(100),
banner varchar(20)
)
JSON You Will Send Your App
Your app will receive the following JSON input to the /storestudents endpoint:
{
“students”: [
{
“first_name”: “”,
“last_name”: “”,
“banner”: “”
},
{
“first_name”: “”,
“last_name”: “”,
“banner”: “”
},
…
]
}
Note the following:
• <>’s are placeholders intended to mean you replace this with some other text
• … indicates that the “students” object is an array that can have any length, including
being empty!
How To Submit
Submit the following to the assignment drop box on Brightspace:
• A video you record doing the following:
o Using postman (or a similar tool) to POST some students to your EC2 server’s
/storestudents endpoint from your computer (not from the EC2 server itself, this
demonstrates that you have set up your VPC correctly)
o Use the AWS console to load up your VPC and show your public and private
subnets, go slow so we can see things clearly. Show any security groups, elastic
IPs and subnets you have created.
o Show your Secrets Manager configuration and where your username and
password for the RDS database are saved, also show how these values are
retrieved in your code and used to connect to your database.
o Show your RDS config, demonstrate that it is running inside your private subnet
o Use a browser to load your /liststudents endpoint and demonstrate that your
code properly returns all of the student information you passed to
/storestudents earlier. Make sure these match so that we can verify that you
aren’t just returning hardcoded values.
• Your code in a zip file so that we can perform an AIO check
Your TAs will review your videos and assign your grade. Make their job easy by verifying that
your video has everything clearly visible and legible. If they can’t see something, they aren’t
going to assume it works, they will give you a zero for that item.
Marking Rubric
Your submission will be marked by the TAs reviewing your videos:
• Your VPC configuration is correct: 40%
o There is a private subnet (or multiple private subnets if RDS requires it)
o There is a public subnet
o The EC2 server is in the public subnet
o RDS is in the private subnet(s)
• Your app uses Secrets Manager to store the username and password for your RDS
database, which you retrieve programmatically using your AWS Academy lab
credentials – 10%
• Your app properly parses the incoming JSON to /storestudents and stores the
information in the students table in RDS – 25%
• Your app properly queries the RDS students table and displays a list of students in the
database from the /liststudents endpoint – 25%
AWS Tutorial
This tutorial will be very helpful in your preparation of the assignment. You can watch me
progressing through this tutorial by reviewing the Network tutorial on Collaborate Ultra:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Tutorials.WebServerDB.Cr
eateVPC.html
CSCI4145/5409
