X
Lab complete!
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool
To run this workshop, you need an AWS account, and a user identity with access to the following services:
You can use your own account, or an account provided through Event Engine as part of an AWS organized workshop. Using an account provided by Event Engine is the easier path, as you will have full access to all AWS services, and the account will terminate automatically when the event is over.
You should also have familiarity with using the AWS CLI, including configuring the CLI for a specific account and region profile. If not, please follow the CLI setup instructions. Make sure you have a default profile set up; you may need to run aws configure if you have never set up the CLI before.
If you are running this workshop as part of an Event Engine lab, please log into the console using this link and enter the hash provided to you as part of the workshop.
If you are using your own AWS account, be sure you have access to create and manage resources in the services noted above.
After completing the workshop, remember to complete the cleanup section to remove any unnecessary AWS resources.
After you have your account identified, pick a primary AWS region to work in, such as us-west-2. We’ll refer to this as REGION going forward. Then pick a backup region, such as us-east-2. We’ll refer to this as BACKUPREGION going forward.
Set up two CLI profiles, one for the primary region and one for the backup region. We’ll name these PRIMARY and BACKUP.
In this example PRIMARY uses us-west-2 and BACKUP uses us-east-2. Choose whichever regions you prefer.
$ aws configure --profile BACKUP
AWS Access Key ID [None]: <<provide access key id>>
AWS Secret Access Key [None]: <<provide access key >>
Default region name [None]: us-east-2
Default output format [None]:
$ aws configure --profile PRIMARY
AWS Access Key ID [None]: <<provide access key id>>
AWS Secret Access Key [None]: <<provide access key >>
Default region name [None]: us-west-2
Default output format [None]:
For more details refer to the CLI documentation.
This workshop should work in us-east-1, us-east-2, or us-west-2. You can likely use it in other regions but may have to make some minor adjustments to the CloudFormation templates.
Also note your AWS account number. You find this in the console or by running aws sts get-caller-identity on the CLI. We’ll refer to this as ACCOUNT going forward. You can store this in an environment variable for convenience:
export AWS_PROFILE=PRIMARY
export ACCOUNT=$(aws sts get-caller-identity --query Account --output text)
You will have to create two prefix lists, one in the backup region and another one in the primary region. These prefix lists should include the network range (CIDR) that you want to use for ingress traffic, such as your corporate network. If you do not know the CIDR to use and you are working in an AWS-provided account, you can set this to 0.0.0.0/0 to allow inbound traffic from anywhere, but be aware that this is an insecure configuration and should not be used in your own accounts without a security review.
For instructions on creating prefix list, refer to the documentation. From the command line, you could run:
export AWS_PROFILE=PRIMARY
aws ec2 create-managed-prefix-list \
--prefix-list-name <choose a name> \
--entries Cidr=<enter your CIDR>,Description=CorpNetworkPrimary \
--max-entries 10 \
--address-family IPv4
export AWS_PROFILE=BACKUP
aws ec2 create-managed-prefix-list \
--prefix-list-name <choose a name> \
--entries Cidr=<enter your CIDR>,Description=CorpNetworkBackup \
--max-entries 10 \
--address-family IPv4
Now that you have completed this lab, make sure to update your Well-Architected review if you have implemented these changes in your workload.
Click here to access the Well-Architected Tool