Professional Documents
Culture Documents
Assignment 4 - Feb 11, 2024
Assignment 4 - Feb 11, 2024
ARCHITECTURE DIAGRAM
● You need to deploy the following architecture as seen in the above architectural diagram.
● Please create screenshots to perform your steps, and once the lab is successful, don’t forget to
clean up.
Lab 1: Creating the Virtual Private Cloud (VPC)
AWS CloudFormation is a service that gives developers and businesses an easy way to create a
collection of related AWS and third-party resources and provision and manage them in an orderly
and predictable fashion.
1. Downloaded the CloudFormation template and saved it to my laptop.
2. Open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/
3. I selected the region into which I want to deploy resources. I am using us-east-1.
4. Click on Create Stack. Select Template is ready and click Upload a template file. Click Choose
File and upload the template I downloaded. Once successfully uploaded, press Next.
5. Name the CloudFormation stack as cloud-stack and click Next. Leave the rest of the settings as
default.
6. When the CloudFormation stack has finished, all defined resources within the template will be
deployed within the AWS account.
7. Click VPCs. Verify that a new VPC with a 10.0.0.0/16 CIDR IP address range has been created.
8. Click on Subnets in the left panel to view our newly created subnets.
3. Select AWS Managed Microsoft AD as the directory type and click Next.
4. Select Standard Edition
1. Open the directory by clicking the Directory ID. In the Networking & Security tab, copy the
two DNS addresses.
2. Go to the VPC service and go to DHCP Options Sets. Click Create DHCP options set.
7. Click Save
10. Click on the file system's name and select View Details.
11. Once it has finished building, note down the DNS name.
4. Choose an Amazon Machine Image (AMI), and Select Microsoft Windows Server 2019
Base.
5. Select t3.micro instance type.
6. Now, create a key pair and name the key pair MyEC2Key. Select the .pem key.
Press Create key pair and this will download the key pair.
7. Scroll down to Network settings, press Edit , fill in instance details:
8. Create a security group and set up a new security group.
9. Now go to Configure Storage, set the volume type to General Purpose SSD (gp3) , and
change the size of the volume to 100 GiB.
10. Now go to Advanced Details. You will see a drop-down box with Domain Join
Directory above it. Open the drop-down, and you should see the Directory. Make sure
that the Directory is selected.
11. For IAM Instance Profile. We need to create an Identity and Access Management (IAM)
role with permission to access AWS Systems Manager. Click the Create New IAM.
12. Create a role. Then, highlight EC2 under Common use cases. Click Next: Permission to
define permissions.
13. Type SSM into the filter policies search box and
select AmazonSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess.
14. Click Next to review the policy.
3. Open the download location and open the .rdp file. Click on connect.
4. Login using the credentials we created earlier when setting up AWS Managed
Microsoft AD. Click Connect and select More choices. Select Use a different account.
5. Accept the security warning about certificates to begin a Remote Desktop Connection
8. Notice that the Amazon EC2 instance has automatically joint the corp.business.local
Active Directory domain.
Managing an AWS Managed Microsoft AD Domain
1. Open Server Manager, click the icon to open the Server Manager Dashboard.
Click Add roles and features.
2. Click Next several times until you reach the Features screen. Select Group Policy
Management, Remote Server Administration Tools, and additionally, select DNS
Server Tools in the Remote Server Administration Tools menu. Cycle through Next a
few times and click Install.
3. Exit Server Manager. Go to Control Panel, System and Security, and Administrative
Tools.
4. Double-click Active Directory Users and Computers.
5. The CORP Organisational Unit has been automatically created, over which we have
full control.
6. Click on the Windows icon, type gpmc.msc, and click on the icon to open the Group
Policy Management console to access a fully featured Group Policy Management
service.
7. Click on the Windows icon and type gpmc.msc, and click on the icon to open the
Group Policy Management console to access a fully featured Group Policy
Management service.
2. Select the default security group from the list, click Add Security Group and click Save.
3. Open rdp, then open File Explorer by using the shortcut Windows Key + E.
4. Enter the DNS name to the Amazon FSx file system into the search. The DNS name is
preceded by two backslashes. Click Enter to see the default file system share.
5. Right-click the Share and on the popup menu, select Map network drive. Accept the
defaults and click Finish.
6. You can use Amazon FSx for Windows File System just like an on-premises file server.
Create a text file on the share. By right-clicking, select New, Text Document. Name the
file test.txt.