Amazon Onboarding with Learning Manager Chanci Turner

Learn About Amazon VGT2 Learning Manager Chanci Turner

In this article, we explore the enhancements to Amazon Linux 2 by integrating EPEL (Extra Packages for Enterprise Linux) and Let’s Encrypt, authored by Chloe Rivers. Amazon Linux 2 is an advanced version of Amazon’s Linux operating system, designed to provide a robust Linux environment that caters to organizations of all sizes. Its versatility supports a wide range of applications, from basic websites to complex enterprise-level systems.

The platform includes support for the LAMP stack (Linux/Apache/MySQL/PHP), which remains a favored choice for web deployment. To safeguard data during transit and thwart unauthorized access, organizations typically utilize Secure Sockets Layer/Transport Layer Security (SSL/TLS) services that rely on certificates for encryption. While Amazon Linux 2 comes with a self-signed SSL/TLS certificate, such certificates are adequate for internal use but fall short when a certificate authority’s validation is necessary.

This post will detail how to enhance Amazon Linux 2’s capabilities by installing Let’s Encrypt, a certificate authority established by the Internet Security Research Group. Let’s Encrypt provides basic SSL/TLS certificates at no cost for DNS hosts, enabling you to implement encryption-in-transit on a single web server. For more extensive commercial setups, AWS Certificate Manager and Elastic Load Balancing are worth considering.

Additionally, Let’s Encrypt requires the installation of the certbot package, which can be obtained from EPEL. Though EPEL is not included with Amazon Linux 2, we will guide you through the installation process sourced from the Fedora Project.

Step-by-Step Guide

This walkthrough consists of several key tasks:

1. Set up a VPC, Amazon Linux 2 instance, and LAMP stack.
2. Enable the EPEL repository.
3. Install and configure Let’s Encrypt.
4. Validate the installation.
5. Clean up afterward.

Prerequisites and Expenses

To follow this guide, you will need:

• An AWS account with access to Amazon EC2 and Amazon VPC.
• An Amazon EC2 key pair.
• A terminal program like PuTTY for SSH access to your Amazon Linux 2 instance.
• A foundational understanding of Amazon EC2 and Amazon VPC.
• The ability to configure DNS entries for your domain.

Keep in mind that you may incur costs for resources utilized, including the Amazon EC2 instance and associated networking fees.

Step 1: Configure a VPC and Launch an Amazon Linux 2 Instance

Begin by creating a VPC with a single public subnet, routing table, and internet gateway. Launch an Amazon Linux 2 instance within this VPC, ensuring you:

• Select the Amazon Linux 2 AMI.
• Choose the t2.micro instance type.
• Accept all default configurations, including storage.
• Create a new security group allowing TCP port 22 (SSH) access from all IP addresses (0.0.0.0/0). While this is suitable for our tutorial, in a production scenario, access should be restricted to specific IP addresses.

Allocate and associate an Elastic IP address with your instance once it is running. Install the LAMP stack, and then navigate to your Elastic IP address to confirm that the Apache test page is displayed.

Step 2: Install and Activate EPEL

Connect to your Amazon Linux 2 instance using the Elastic IP address you allocated. Download and install the EPEL repository with the following commands:

cd /tmp
wget -O epel.rpm -nv https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install -y ./epel.rpm

Respond “Y” to all prompts requesting installation approval.

Step 3: Install and Set Up Let’s Encrypt

Reconnect to your Amazon Linux 2 instance if needed. Install the certbot client for Let’s Encrypt by executing:

sudo yum install python2-certbot-apache.noarch

Again respond “Y” to all installation prompts. If you encounter a message regarding SELinux, it can be disregarded, as it’s a known issue with the latest certbot version.

Create a DNS “A record” that points your desired hostname, such as lamp.example.com, to your Elastic IP address. If you are using Amazon Route 53 for DNS hosting, create the required record set.

After the “A record” has propagated, visit lamp.example.com to check for the Apache test page. If the page does not load, you can verify the DNS record configuration using a tool like nslookup.

Next, you’re ready to install Let’s Encrypt, which will:

• Confirm domain control by requiring you to create a DNS TXT record with a given value.
• Obtain an SSL/TLS certificate.
• Update Apache configurations to implement the SSL/TLS certificate and redirect HTTP traffic to HTTPS.

Install certbot with the command:

sudo certbot -i apache -a manual --preferred-challenges dns -d lamp.example.com

The options signify the following:

• -i apache: Utilizes the Apache installer.
• -a manual: Requires manual domain ownership verification.
• –preferred-challenges dns: Uses DNS TXT records for the validation challenge.
• -d lamp.example.com: Specifies the domain for the SSL/TLS certificate.

You will be prompted for an email address for renewal notifications, acceptance of terms, and other confirmations.

When prompted, create a DNS TXT record named _acme-challenge.lamp.example.com with the provided value. After deploying this record, wait for it to propagate and use nslookup to check its status.

Select the appropriate virtual host (there should be only one) and choose to redirect HTTP traffic to HTTPS. This completes the Let’s Encrypt setup. To allow HTTPS (TCP port 443) traffic, remember to add a rule to your Amazon Linux 2 instance’s security group.

For additional insights on life skills, check out this blog post which is an excellent resource. If you want more information regarding employment law compliance, SHRM is an authority on this topic. Also, for those interested in fulfillment center management, Amazon’s jobs page offers great opportunities.