Running a digital card store on AWS

Wednesday, March 8, 2017

Running a digital card store on AWS

In my previous post, I've written about registering an AWS Free Tier account and about the things you should beware of.

As I promised in my previous post, I will show how to run a simple Java Spring Boot application on AWS.

As an example, I have developed a digital card store application using Spring Boot framework. Digital trade cards are the digital versions of classic trade cards. There are so popular digital cards that it is hard to believe a simple JPG file worth $225, $440 and even $1524.

So our application is a prototype digital card store that manages cards. Source code for the application can be found here. In the future posts, I will add various features that use different AWS services.

The prototype allows you to add a new card, list existing cards and get details of a specific card using REST requests and responses.

Prerequisites

1. An AWS account

2. AWS CLI Tools

3. Git

4. Maven

In my previous post, I showed how to register and install AWS CLI Tools.

Steps

The steps to build and run the application are below.

1. Clone the application from GitHub

2. Build and test the application

3. Put the Spring Boot fat jar to S3.

4. Launch a new EC2 instance that pulls the jar from S3 and starts the application.

Let's start.

1. Clone the application from GitHub

Execute the git clone command to clone the application.

git clone https://github.com/ceyhunozgun/cardstore1

2. Build and test the application

cd cardstore1

mvn package

mvn spring-boot:run

After the application starts, direct your browser to http://localhost:8080

You should see the home page of the card store app.

In the home page you can create a new card and list the cards using the link below.

3. Put the Spring Boot Fat Jar to S3

When we package the application, Maven will create the fat jar file in the target directory.

$ ls target/*.jar

target/cardstore-0.0.1-SNAPSHOT.jar

Before copying the file to S3, we should create a S3 bucket. We can create a new bucket using AWS CLI.

$ aws s3 mb s3://cardstoredeploy

make_bucket: cardstoredeploy

To put the jar to the S3 bucket, execute the following command.

$ aws s3 cp target/cardstore-0.0.1-SNAPSHOT.jar s3://cardstoredeploy

upload: target\cardstore-0.0.1-SNAPSHOT.jar to s3://cardstoredeploy/cardstore-0.0.1-SNAPSHOT.jar

Now you should see the jar in AWS S3 Console.

4. Launch the EC2 Instance

In this step, we will use AWS CLI to create an EC2 instance. Before we create an EC2 instance we should do some preparations. The preparations can be done by AWS CLI, but to keep the things simple we will use the AWS Console.

To launch an EC2 instance we should do the following:

1. Create an IAM Role for EC2 service to read the jar file from S3.

Although full access is not needed in this application, we will create a role with AmazonS3FullAccess policy to use it in future posts.

Sign in to the AWS Console. Under AWS Services choose IAM.
Select Roles from the navigation pane and then click Create Role.
Enter S3-Admin-Role as Role Name and click Next Step.
Expand AWS Service Roles section and select Amazon EC2.
Enter S3 to filter the policies and select the check box for AmazonS3FullAccess.
Click Next Step to review the role and then click Create Role.

2. Generate EC2 key pair that will be used to access the EC2 instance.

A key pair is required to create an EC2 instance. This key pair is normally used to connect to the instance using SSH. In this post we won't connect to the EC2 instance over SSH.

At the AWS console choose EC2.
Select Key Pairs under Network & Security from the navigation pane. Click Create Key Pair.
Enter CardStoreKP as key pair name and click Create.

After the key pair is created the private key file is automatically downloaded by your browser. Save this private key file in a safe place. This key file is required to connect to EC2 instances via SSH. You can find the detailed information here

3. Create a security group to allow inbound SSH and HTTP traffic (ports 22 and 8080)

Security groups are used to allow incoming and outgoing traffic. For our application we will create a security group to allow inbound access for SSH and HTTP protocols.

In AWS Console, click Services and select EC2.
Under Network & Security, choose Security Groups. Click Create Security Group.
Enter CardStoreSG as name and 'Card Store Security Group to allow SSH and 8080 Http traffic' as description and leave the VPC as default.
Under Inbound rules click Add Rule.
Select SSH from Type combo. Choose Anywhere under Source.
Click Add Rule again and select Custom TCP Rule and enter 8080 in Port Range. Choose Anywhere under Source.
Click Create to create security group.

All the outbound traffic is allowed by default.

Please note that to keep it simple, we have allowed any source. In real usage scenarios, you should limit the access accordingly.

Note Security group Id. It should be like ' sg-8567a2ee'.

4. Create the EC2 instance that gets the jar from S3 and runs it.

We will use AWS CLI to create an EC2 instance that runs Amazon Linux. To get the jar file from S3 and run the application when the instance starts, the EC2 init script mechanism is used.

Init script is in cardstore1_ec2_init_script.txt file.


#!/bin/bash

yum install java-1.8.0 -y
yum remove java-1.7.0-openjdk -y

mkdir app

aws s3 cp --region eu-central-1 s3://cardstoredeploy/cardstore-0.0.1-SNAPSHOT.jar app/

java -jar app/cardstore-0.0.1-SNAPSHOT.jar

The current Amazon Linux comes with Java 7 installed. Because Spring Boot requires Java 8, first we install Java 8. After that we remove Java 7 to make Java 8 default. Once Java installation is done, we get the jar file from S3.

Please note that --region parameter should point to the region that your S3 bucket is created in. Finally, the application is launched by java command.

Now we are ready to launch the Amazon Linux EC2 instance. We create the EC2 instance with aws ec2 run-instances command.

$ aws ec2 run-instances --image-id ami-af0fc0c0 --count 1 --instance-type t2.micro --key-name CardStoreKP --user-data file://cardstore1_ec2_init_script.txt --associate-public-ip-address --security-group-ids sg-8567a2ee --iam-instance-profile Name=S3-Admin-Role

The meaning of the parameters for the run-instances command is explained below.

--image-id ami-af0fc0c0

The Amazon Machine Image (AMI) id for current Amazon Linux operating system.

--count 1

We want to launch one instance.

--instance-type t2.micro

We use t2.micro to stay in the AWS Free Tier limits.

--key-name CardStoreKP

The key name of the key pair we have created before.

--user-data file://cardstore1_ec2_init_script.txt

The file to specify the commands that will be executed when the server starts.

--associate-public-ip-address

Required for instance to get a public ip address, so we can connect from outside.

--security-group-ids sg-8567a2ee

The id of the security group we have created before.

--iam-instance-profile Name=S3-Admin-Role

The name of the IAM role that will be used by instance. Required for instance to access S3 services in init script.

After this command, a new EC2 instance will be created. It will take some time to instance to be created and get an public ip address. To connect to instance, we will need the public ip address that will be assigned to the instance. We can get the public ip address by executing the describe-instances command.

$ aws ec2 describe-instances|grep PublicIpAddress

"PublicIpAddress": "35.157.111.179"

For my instance 35.157.111.179 was assigned. Your ip address will be different. You should use the ip address assigned to your instance.

After the application started you can connect to the instance using your browser at http://<ip address>:8080

The home page of the application should look like the below.