68-kB: April 2017

Saturday, 29 April 2017

Step 4 - Create an ebs application

Summary:

We have created an AWS account with two-factor authentication.
We have bought a domain name.
We have requested and downloaded TLS certificates signed by Amazon Certification Manager.

What we need to do now is to create an Amazon Elastic Beanstalk web application. This application needs a load balancer, a web server, and a user interface.

Go to AWS Elastic Beanstalk website, read introduction and watch the video.
Login to AWS Console with two-factor authentication.
Go to Amazon Elastic Beanstalk Console.
Under EBS Console, create an application using Sample Application template:

In container options select Node.js.
Select a Load Balancer (do not pick Single Instance).
Select instance type t2.nano.
Set up HTTPS on the EBS Load Balancer.
During HTTPS setup use the certificate ARN you noted in the previous step.
In the Network Configuration turn off HTTP. This will prevent insecure HTTP access to your website.

From AWS Console go to Route 53 Management Console.
Under your Hosted Zone, click the button Create Record Set.
Select type "A" (ALIAS).
Set Alias Target to Elastic Beanstalk application environment URL. The URL should look like this: https://my-app-env.us-west-2.elasticbeanstalk.com/. It will link your EBS application to the registered domain in the Hosted Zone.
Once the EBS environment is up and running, browse to "https://yourdomain.com". You should be able to see the home page of Sample Application.
The URL bar should look like below. The address should start with https:// and the browser should recognise the certificate as Secure.

Resources:

Step 3 - Request a certificate

The Home Data Centre website needs secure access via HTTPS protocol, using a certificate signed by a known certificate authority. Amazon has AWS Certificate Manager to manage and deploy SSL and TLS Certificates.

Login to AWS Console with two-factor authentication.
Go to AWS Certificate Manager under the Security, Identity & Compliance.
Click the button "Request a certificate".
Specify "www.yourdomain.com" in the Domain Name field.
The certificate will be needed when setting up HTTPS with the Elastic Beanstalk Load Balancer.
Take a note of the certificate ARN (Amazon Resource Number).
The Amazon certificates are free of charge for domains hosted by Amazon.

Tip: You should also consider requesting a certificate with a wildcard domain name, such as "*.yourdomain.com". This certificate can be handy in securing subdomains of your website, if any.

AWS Certificate Manager

Step 2 - Register a domain name

We need to purchase a domain name for the Home Data Centre website.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. A typical domain name will cost $12 a year.

Login to AWS Console with two-factor authentication.
Go to Route 53 Management Console.
Buy a domain name and register it on your name.

The domain registration will be pending for a while. Within an hour or so, the domain will be available for use.

Amazon Route 53

Step 1 - Create an AWS account

Amazon Web Services offers reliable, scalable, and inexpensive cloud computing services. Free to join, pay only for what you use.

Access to web services is available through a web portal called AWS Console.

Once you sign up for Amazon Web Services, you are required to provide a user name and a password.

I strongly recommend enabling 2-factor authentication. With 2-factor authentication, in addition to entering your user credentials, you are required to provide a random number calculated by an authenticator application residing on your mobile phone. Without authenticator, with just username and password, you cannot get access to your AWS account. This way even if your password is stolen your account access will remain protected.

Amazon Web Services

Tip: I recommend Google Authenticator application for AWS account access.

Technology Stack

Here I will disclose the technology stack I chose for the Home Data Centre (HDC) project.

Prerequisites:

Before proceeding you will need to have:

Basic understanding of service oriented client-server architecture.
1-2 years of coding experience with any of the computer languages, preferably in JavaScript.
Some command line exposure in OSX, Linux or Windows operating systems.
ps. command line examples will be in OSX, Linux.
Good understanding of how Node.js works (preferably completed core tutorials).
Good understanding how npm (node package manager) works.
If you are missing some of these skills, you may consider educating yourself using the appropriate links provided below (see Resources section further down).

Technology stack:

JavaScript
It is often derided as being a toy, but beneath its layer of deceptive simplicity, powerful language features await. JavaScript is now used by an incredible number of high-profile applications, showing that deeper knowledge of this technology is an important skill for any web or mobile developer.
AWS Elastic Beanstalk
With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications.
Node.js
Event-driven I/O server-side JavaScript environment based on V8.
npm
Node package manager.
Express
Fast, un-opinionated, minimalist web framework for Node.js.
React
A JavaScript library for building user interfaces.

Finance:

AWS Elastic Beanstalk uses an AWS EC2 service which is not free. A very basic EC2 instance type t2.nano includes 512MB memory, 8 GiB disk space and a single core CPU that will cost $0.008 per hour.

A domain name from Amazon costs $12 a year.

EBS services (EC2 specifically) will cost $300 a year. That would total to $312 naked.

We are looking at A$400 a year. Yet good enough to kick off the experiment.

Resources:

Home Data Centre - HDC

The idea of owning a secure website have trickled by mind every now and then. I would like to be able to access critical data belonging to my household, such as passwords, any time, anywhere, from any device I want.

My requirements are:

The website should have TLS, Transport Layer Security via HTTPS.
HTTPS should use properly signed certificate rather than a self signed one.
The access will be restricted to my household via a password.
The web user interface should be mobile and desktop friendly.
It should work on any browser, and on any device.
The database should be protected by strong encryption.
The hosting service should be super secure preferably protected by 2-factor authentication.
The hosting service should be highly available and scalable.
The cost of maintenance should not exceed 400 AUD per year.
The system should be up an running within 6 months with my part time effort.
I should have great fun while doing this project.

There are many different ways to achieve this from engineering perspective. In the forthcoming posts

I shall start exploring one such solution and share my experience with you in the incoming posts.

Friday, 28 April 2017

68-kB

Engineering is the discipline of optimising benefits and the cost of systems.

Voyager 1 is a space probe launched by NASA on September 5, 1977, 40 years ago. Currently cruising in interstellar region of our galaxy Milky Way, at a distance 20.6 billion kms from the Earth, this remarkable piece of engineering has only 68 kB memory available for its information systems. To put this into perspective, my current cell-phone memory is 3.7 million times larger.

I was a freshman student when Voyager 1 was launched. 40 years on, I am still inspired by its colossal performance. As a software engineer no other human endeavour impressed me close enough, including Egyptian pyramids, Internet, iPhone or self-driving cars.

This blog is dedicated to Voyager 1 and home grown projects that it inspired.

Join me, and enjoy the ride.

Voyager website