My Journey Migrating from IPv4 to IPv6 on AWS

As cloud hosting costs continue to evolve, it’s essential to review and optimize our infrastructure. Recently, I embarked on a journey to transition from IPv4 to IPv6 on my AWS-hosted website, primarily to eliminate the cost associated with AWS Elastic IPs. Here’s a recap of my experience, challenges, and ultimate success.


Why Migrate to IPv6?

AWS charges for Elastic IPs (EIP) even when they are associated with a running EC2 instance, making it a recurring cost that can be avoided. By adopting IPv6, I aimed to:

  • Reduce expenses: Stop paying for Elastic IPs.
  • Modernize the infrastructure: Future-proof my website’s networking.
  • Enhance accessibility: Ensure the website is reachable over both IPv4 and IPv6 as more networks adopt the newer protocol.

Initial Setup: My AWS Environment

My website, hosted on an AWS EC2 instance, runs a LAMP stack on Amazon Linux 2. The setup includes Apache, MariaDB, and PHP, supporting a WordPress-based site. Before the migration, the site was accessible only via IPv4, with an AWS Elastic IP attached.


The Migration Process

Here’s a step-by-step breakdown of how I migrated to IPv6:

  1. Enable IPv6 in the VPC
    • I started by adding an IPv6 CIDR block to the VPC associated with my EC2 instance. AWS offers multiple options, but for simplicity, I chose an Amazon-provided IPv6 CIDR block.
  2. Configure the Subnet for IPv6
    • Next, I allocated an IPv6 CIDR block to the subnet where my instance resides. This assignment allowed the EC2 instance to obtain an IPv6 address.
  3. Update the Routing Table
    • One key step was updating the VPC’s routing table. I added a route for ::/0 with the Internet Gateway as the target. While there was already a route for 0.0.0.0/0 (IPv4), the IPv6 traffic required this new route.
  4. Modify Apache Configuration for IPv6
    • I adjusted the Apache httpd.conf settings:
      • Replaced Listen 80 with Listen [::]:80
      • Replaced Listen 443 with Listen [::]:443
    • However, I retained the <VirtualHost *:80> and <VirtualHost *:443> blocks, as they worked fine for both IPv4 and IPv6 connections.
  5. Update DNS Settings
    • I added an AAAA record in my DNS configuration to ensure that the domain resolves to the server’s IPv6 address. This step was crucial for making the website accessible over IPv6.
  6. Restart Apache
    • After making these changes, I restarted the Apache service. Everything was configured properly, and the web server could now handle requests over IPv6!

Challenges Faced and Lessons Learned

  1. Routing Table Misconfiguration
    • Initially, the IPv6 setup didn’t work. I realized I had missed adding the ::/0 route in the routing table, which is crucial for directing IPv6 traffic to the Internet Gateway.
  2. Firewall and Security Group Settings
    • Ensuring security groups allowed IPv6 traffic on ports 80 (HTTP) and 443 (HTTPS) was another important task. Always double-check inbound and outbound rules when dealing with new protocols.
  3. Understanding Apache’s Dual-Stack Configuration
    • Although I only needed to add Listen [::]:80 and Listen [::]:443, I was initially unsure if I needed to update <VirtualHost> settings for IPv6. Fortunately, the existing configuration worked without modification.

The Result: Cost Savings and Modernization

With everything set up correctly, my website is now accessible over both IPv4 and IPv6. More importantly, I no longer need to pay for an AWS Elastic IP, leading to tangible cost savings. The transition has made my website’s networking stack future-proof while ensuring broader accessibility as more users move to IPv6.


Conclusion

Migrating from IPv4 to IPv6 may seem daunting, but with a clear objective, proper planning, and attention to details like routing and DNS configuration, the process is smooth and rewarding. If you’re looking to cut down on cloud costs or modernize your setup, I highly recommend considering an IPv6 migration.

Microsoft Security Solutions for Azure and Hybrid Environments

A Solutions Architect’s Overview for All Stakeholders


Introduction

Objective: This overview presents Microsoft’s security solutions available for Azure and hybrid environments, detailing each product’s features, benefits, overlaps, licensing requirements, and documentation for further reference.
Target Audience: IT administrators, management, and C-level stakeholders.


  1. Microsoft Defender XDR
    • Primary Features: Unified detection, investigation, and response across Defender products, with automated response capabilities and cross-product threat correlation.
    • Primary Usage: Broad detection and response capabilities spanning endpoints, identities, applications, and cloud environments.
    • Advantages:
      • Provides a single-pane view of alerts across the Defender suite.
      • Reduces investigation time with cross-domain correlation.
    • Disadvantages:
      • Not a standalone product; requires multiple Defender licenses for full functionality.
      • Complexity increases with the number of integrated Defender components.
    • Overlap: Combines all Microsoft Defender for Microsoft 365 (Microsoft 365 Defender) components to offer cross-product detection, investigation, and response.
    • Requirements: Requires an active Microsoft 365 E5 Security license or each standalone Defender product.
    • Cost: Costs depend on licensing for each Defender component, typically included in Microsoft 365 E5.
    • Category: Security
    • Documentation: Microsoft Defender XDR Overview

Microsoft 365 Defender (Microsoft Defender for Microsoft 365) Suite

This suite includes several Defender products, offering integrated security within Microsoft 365, collectively forming Microsoft’s XDR solution.


  1. Microsoft Defender for Endpoint
    • Features: Endpoint detection and response (EDR), threat intelligence, vulnerability management.
    • Primary Usage: Protects endpoints with cross-platform threat intelligence, advanced detection, and response.
    • Advantages:
      • Comprehensive endpoint protection with machine learning and advanced EDR capabilities.
      • Supports cross-platform endpoints including Windows, macOS, and Linux.
    • Disadvantages:
      • Costs may scale significantly with a high number of devices.
      • Requires integration with Sentinel for advanced SIEM capabilities.
    • Overlap: Overlaps with Defender for Identity for identity-based threat insights; integrates with Intune for device management.
    • Requirements: Microsoft 365 E5 license or standalone Defender for Endpoint license.
    • Cost: Priced per endpoint or included in Microsoft 365 E5.
    • Category: Security
    • Documentation: Microsoft Defender for Endpoint Documentation
  2. Microsoft Defender for Identity
    • Features: Detects identity-based threats, lateral movement protections, integrates with Sentinel.
    • Primary Usage: Focused on securing identities in hybrid environments by detecting unusual behaviors or risks.
    • Advantages:
      • Provides deep insights into identity-based risks and lateral movement.
      • Integrates easily with SIEM solutions like Sentinel.
    • Disadvantages:
      • Focused on on-premises AD, requiring other tools to cover Azure AD.
      • May require advanced setup to fully integrate with other Defender products.
    • Overlap: Overlaps with Defender for Endpoint for identity-related threats; integrates with Entra ID for conditional access.
    • Requirements: Microsoft 365 E5 Security license or standalone Defender for Identity license.
    • Cost: Priced per user, generally included in Azure AD Premium P2.
    • Category: Identity and Management
    • Documentation: Microsoft Defender for Identity Documentation
  3. Microsoft Defender for Cloud Apps
    • Features: Cloud Access Security Broker (CASB) for SaaS applications, data loss prevention, app governance.
    • Primary Usage: Provides threat protection and governance over third-party cloud apps.
    • Advantages:
      • Offers secure access, threat detection, and DLP for SaaS and cloud applications.
      • Integrates with Microsoft Sentinel for advanced monitoring.
    • Disadvantages:
      • Limited to cloud applications; requires integration with other tools for on-premises coverage.
      • Some advanced features require extensive configuration.
    • Overlap: Overlaps with Purview in data governance; integrates with Microsoft Sentinel and Defender XDR.
    • Requirements: Microsoft 365 E5 license or standalone Defender for Cloud Apps license.
    • Cost: Priced per user; included in Microsoft 365 E5.
    • Category: Security
    • Documentation: Microsoft Defender for Cloud Apps Documentation
  4. Microsoft Defender for Office 365
    • Features: Protects against phishing, malware, zero-day attacks in email and collaboration tools.
    • Primary Usage: Secure email, SharePoint, Teams, and OneDrive within Office 365.
    • Advantages:
      • Integrated security across Office 365 collaboration tools.
      • Strong protection against email-based threats like phishing and zero-day attacks.
    • Disadvantages:
      • Limited to Office 365; not applicable to non-Microsoft email services.
      • Some advanced features require additional licensing.
    • Overlap: Integrates with other Defender products for comprehensive Microsoft 365 Defender coverage.
    • Requirements: Microsoft 365 Defender license or standalone Defender for Office 365 license.
    • Cost: Priced per user; included in Microsoft 365 E5.
    • Category: Security
    • Documentation: Microsoft Defender for Office 365 Documentation

Additional Microsoft Security Products

  1. Azure Security Center (Microsoft Defender for Cloud)
    • Features: Threat protection, secure score, compliance assessments, multi-cloud support.
    • Primary Usage: Manages and enhances Azure security posture.
    • Advantages:
      • Provides visibility into Azure and multi-cloud security.
      • Integrates with Sentinel for consolidated incident response.
    • Disadvantages:
      • Advanced threat protection requires a Defender plan, adding costs.
      • Limited protection for on-premises resources.
    • Overlap: Can be used alongside Sentinel for security monitoring.
    • Requirements: Azure Defender plan for advanced threat protection.
    • Cost: Basic features free; Defender plan priced per resource.
    • Category: Security
    • Documentation: Azure Security Center Documentation
  2. Microsoft Sentinel
    • Features: Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR), with extensive analytics and custom detection.
    • Primary Usage: Provides centralized incident response and automated workflows.
    • Advantages:
      • Scalable SIEM with custom alert capabilities.
      • Integrates with all Defender products for end-to-end visibility.
    • Disadvantages:
      • Costs can be high with large data ingestion requirements.
      • Requires familiarity with KQL for custom queries.
    • Overlap: Integrates with Purview for compliance; connects with all Defender products.
    • Requirements: Requires Azure Log Analytics workspace.
    • Cost: Based on data ingestion and retention.
    • Category: Security
    • Documentation: Microsoft Sentinel Documentation
  3. Microsoft Intune
    • Features: Mobile Device Management (MDM), Mobile Application Management (MAM), compliance policies, endpoint security.
    • Primary Usage: Manages and secures devices across platforms, with integration in the Microsoft 365 Defender suite.
    • Advantages:
      • Supports a wide range of devices and provides strong compliance management.
      • Integrated with Defender for Endpoint for cohesive endpoint security.
    • Disadvantages:
      • Limited control over non-mobile devices.
      • Some endpoint security features require Defender for Endpoint.
    • Overlap: Integrates with Defender for Endpoint for device security.
    • Requirements: Intune license (included in Microsoft 365 E3/E5).
    • Cost: Based on selected plan; included in E3/E5 plans.
    • Category: Identity and Management
    • Documentation: Microsoft Intune Documentation
  4. Microsoft Purview
    • Features: Data classification, data loss prevention (DLP), lifecycle management, compliance management.
    • Primary Usage: Data governance and protection to meet compliance standards.
    • Advantages:
      • Comprehensive data governance with lifecycle management.
      • Integrates with Sentinel for compliance monitoring.
    • Disadvantages:
      • Certain features require specialized setup for on-premises data.
      • Licensing complexity due to various modules.
    • Overlap: Complements Priva for privacy compliance, integrates with Sentinel.
    • Requirements: Purview licenses or Microsoft 365 E5 Compliance.
    • Cost: Pricing varies by module and usage.
    • Category: Compliance and Privacy
    • Documentation: Microsoft Purview Documentation
  5. Microsoft Priva
    • Features: Privacy management, data risk management, data subject request handling.
    • Primary Usage: Ensures privacy compliance for data handling and regulatory requirements.
    • Advantages:
      • Built-in tools to support privacy regulation compliance.
      • Integrates with Purview for governance and risk management.
    • Disadvantages:
      • Limited features for non-Microsoft environments.
      • Complexities in setup for multi-jurisdictional requirements.
    • Overlap: Overlaps with Purview in data governance.
    • Requirements: Microsoft 365 E5 Compliance; additional features may require separate licensing.
    • Cost: Priced per user.
    • Category: Compliance and Privacy
    • Documentation: Microsoft Priva Documentation
  6. Microsoft Entra ID
    • Features: Identity and access management, SSO, MFA, conditional access policies.
    • Primary Usage: Centralized access management across on-premises and cloud environments.
    • Advantages:
      • Centralized identity management with strong SSO and MFA options.
      • Integrates with other security products for identity-driven security.
    • Disadvantages:
      • Advanced features require additional licensing (Premium P2).
      • Limited to identity management; security requires Defender for Identity.
    • Overlap: Works alongside Defender for Identity for identity protection.
    • Requirements: Azure AD Free, Premium P1, or P2.
    • Cost: Included in EMS or Microsoft 365 plans.
    • Category: Identity and Management
    • Documentation: Microsoft Entra ID Documentation

Summary Table of Features, Overlaps, and Categories

SolutionPrimary FeaturesPrimary UsageOverlapCategory
Microsoft Defender XDRUnified cross-product detection, automated incident response, cross-domain correlation.Broad detection and response across Microsoft Defender suite.Combines Defender products for integrated incident response.Security
Microsoft Defender for EndpointEndpoint protection, vulnerability management, cross-platform threat detection.Endpoint security and response across platforms.Overlaps with Defender for Identity; integrates with Intune for device management.Security
Microsoft Defender for IdentityIdentity threat detection, lateral movement protection, SIEM integration.Protects on-premises identities in hybrid environments.Overlaps with Defender for Endpoint; integrates with Entra ID.Identity and Management
Microsoft Defender for Cloud AppsCloud app governance, threat protection, data loss prevention (DLP).Security for SaaS applications and cloud resources.Overlaps with Purview for governance; integrates with Sentinel and XDR suite.Security
Microsoft Defender for Office 365Protection against phishing, zero-day attacks, email, and collaboration security.Secures email and collaboration tools in Office 365.Integrates with Defender XDR, ensuring collaboration data security.Security
Azure Security Center (Defender for Cloud)Compliance, threat protection for cloud environments, multi-cloud support.Enhances Azure security posture.Works with Sentinel for centralized monitoring; overlaps with Purview in compliance features.Security
Microsoft SentinelSIEM/SOAR, security monitoring, extensive analytics, custom alert detection.Incident response and centralized security monitoring.Complements all Defender products; overlaps with Purview for auditing.Security
Microsoft IntuneDevice compliance, MDM, MAM, endpoint security policies.Device management, especially mobile.Integrates with Defender for Endpoint for device security.Identity and Management
Microsoft PurviewData classification, DLP, lifecycle management, compliance reporting.Governance, data protection across environments.Complements Priva in privacy compliance; integrates with Sentinel.Compliance and Privacy
Microsoft PrivaPrivacy compliance, data subject requests, risk management for sensitive data.Compliance with data privacy regulations.Works with Purview for data governance and classification.Compliance and Privacy
Microsoft Entra IDIdentity and access management, conditional access, SSO, MFA.Access and identity control across applications.Works with Defender for Identity for identity security; integrates with Microsoft 365 services.Identity and Management

This organized presentation offers an in-depth view of the latest Microsoft security solutions arranged by category and priority, empowering stakeholders with information on each product’s function, benefits, and overlapping areas.

Prompt Engineering guide by ChatGPT.

I’ve asked ChatGPT a guide in asking a better questions and here’s what it says.

Prompt engineering is about crafting questions or instructions in a way that maximizes the quality of the response you get. Here’s a step-by-step guide to help you ask better questions and improve prompt clarity:

1. Be Clear and Specific

  • Goal: Make sure the question or task is clearly stated.
  • Why: It reduces ambiguity, helping me understand exactly what you’re looking for.
  • How:
    • Bad: “Tell me about Azure.”
    • Good: “Explain how Azure Copilot assists in managing resources.”

2. Provide Context

  • Goal: Include any relevant information or background that would help me tailor the answer.
  • Why: It improves the response accuracy by considering your environment or needs.
  • How:
    • Bad: “How do I sync data?”
    • Good: “How do I sync data between my on-premise Windows Server 2022 and Microsoft Entra ID using Azure AD Connect?”

3. Specify the Format of the Response

  • Goal: Tell me how you’d like the answer (e.g., bulleted list, code snippet, table).
  • Why: It ensures the response fits your needs for easier consumption or implementation.
  • How:
    • Bad: “How do I create a virtual machine?”
    • Good: “How do I create a virtual machine in Azure using the CLI? Provide the necessary commands.”

4. Ask One Thing at a Time (or Group Related Tasks)

  • Goal: Focus on one question or a closely related set of questions.
  • Why: It avoids confusion and ensures each aspect gets sufficient attention.
  • How:
    • Bad: “How do I deploy VMs and set up network security in Azure?”
    • Good: “How do I deploy a virtual machine in Azure? Follow-up: How do I configure basic network security rules for it?”

5. Iterate on Responses

  • Goal: If a response isn’t clear or detailed enough, ask follow-up questions or request more specifics.
  • Why: It refines the answer and ensures all points are covered.
  • How:
    • Start: “How do I configure Azure AD Connect for password writeback?”
    • Follow-up: “Can you explain what settings I need to configure on the on-premise server?”

6. Use Examples

  • Goal: Provide examples of what you mean to clarify your intent.
  • Why: It ensures I understand exactly what you’re asking about.
  • How:
    • Bad: “How do I automate a task?”
    • Good: “I want to automate starting and stopping VMs on Azure based on a schedule. What automation options are available for that?”

7. Use Constraints or Guidelines if Needed

  • Goal: Specify any restrictions or preferences (e.g., a specific tool, platform, or version).
  • Why: It helps me narrow the scope and deliver relevant solutions.
  • How:
    • Bad: “Show me an example of IaC.”
    • Good: “Show me an example of using Terraform to deploy an Azure VM with a specific virtual network.”

8. Indicate Your Knowledge Level

  • Goal: Tell me whether you need a beginner-level explanation, advanced guidance, or something in between.
  • Why: It ensures I don’t oversimplify or overcomplicate my response.
  • How:
    • Bad: “How do I set up network security?”
    • Good: “I have intermediate knowledge of Azure Networking. How do I set up advanced network security groups for multiple subnets?”

Example: Putting It All Together

Before:

  • “How do I configure Azure AD?”

After:

  • “I’ve connected my on-premise Windows Server 2022 domain to Microsoft Entra ID using Azure AD Connect. What’s the process for configuring user provisioning and password writeback for cloud apps like Microsoft 365? Can you provide step-by-step guidance?”

Following this guide will help you frame your questions in a way that results in more precise and useful responses!

Troubleshooting Methodology

This post is a summary (list type) from an online class I took in 2022. I’m writing it as a note/cheatsheet for myself and to those who may find it useful.

  1. IDENTIFY the problem and determine the scope.
    • Question all stakeholders concerned.
    • Identify the scale of the problem.
    • Collect additional logs / reports.
    • If possible, try to replicate the problem.
    • Perform backups.
    • Escalate if necessary. Asking for help is not a weakness.
  2. ESTABLISH A THEORY of probable cause.
    • Question the obvious.
    • Does the problem stem from a central point or isolated?
    • Escalate if needed.
  3. TEST THE THEORY to determine the cause.
    • Establish a new theory if not confirmed.
    • Undo previous steps.
    • Escalate if needed.
  4. ESTABLISH A PLAN of action to resolve the problem.
    • Notify users/ stakeholders that will be impacted.
  5. IMPLEMENT THE SOLUTION or escalate.
    • Make one change at a time, test and confirm.
    • Reverse the change if not resolved.
  6. VERIFY FULL SYSTEM functionality.
    • Implement preventive measures.
  7. PERFORM ROOT CAUSE ANALYSIS.
    • Did you threat the symptom and not the root cause?
  8. DOCUMENT your findings, actions and outcomes.
    • Create a wiki, KBA or FAQ for the admin team.
    • Use the Notes/Remarks inputs.
    • Share the knowledge!

Wiki section updated with new cheatsheet list

Hi everyone!

I just added the Wiki section with some list of cheatsheet like TERRAFORM, ANSIBLE, KUBERNETES, DOCKER, DATABASE, and SCRIPTING.

Let me know what else you’d like to include.

Send email to [email protected]

Amazon Linux 2 – PHP 7.4 upgrade to PHP 8.0

A client’s machine installed with PHP 7.4 needs to be upgraded to PHP 8.0 sooner as the former is reaching “End of Life” support (until November 28, 2022). Here’s a link about it: https://www.php.net/supported-versions.php

These are the steps made to complete the upgrade procedure:

#1. On the client’s Amazon Linux 2 Virtual Machine, list the PHP versions available.

[root@ip-172-31-84-24 html]# amazon-linux-extras | grep php
42 php7.4=latest enabled [ =stable ]
_ php8.0 available [ =stable ]

#2. Disable php 7.4.

[root@ip-172-31-84-24 html]# amazon-linux-extras disable php7.4
Beware that disabling topics is not supported after they are installed.
. . . .
. . . .
42 php7.4 available [ =stable ]
. . . .
51 php8.0 available [ =stable ]
. . . .

#3. Check PHP list again.


[root@ip-172-31-84-24 html]# amazon-linux-extras |grep php
42 php7.4 available [ =stable ]
51 php8.0 available [ =stable ]

#4. Enable PHP 8.0.

[root@ip-172-31-84-24 html]# amazon-linux-extras enable php8.0
. . . .
41 postgresql11 available [ =11 =stable ]
_ php7.4 available [ =stable ]
. . . .
51 php8.0=latest enabled [ =stable ]
. . . .
Now you can install:
# yum clean metadata
# yum install php-cli php-pdo php-fpm php-mysqlnd

#5. Clean metadata.

[root@ip-172-31-84-24 html]# yum clean metadata
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Cleaning repos: amzn2-core amzn2extra-docker amzn2extra-epel amzn2extra-kernel-5.10 amzn2extra-php8.0 epel epel-debuginfo epel-source epel-testing epel-testing-debuginfo epel-testing-source
52 metadata files removed
20 sqlite files removed
0 metadata files removed

#6. Now check available php installation.

[root@ip-172-31-84-24 html]# yum info php
. . . .
232 packages excluded due to repository priority protections
. . . .
Available Packages
Name : php
Arch : x86_64
Version : 8.0.20
Release : 1.amzn2
Size : 3.3 M
Repo : amzn2extra-php8.0/2/x86_64

#7. Running the command in #4 as suggested gives an error

[root@ip-172-31-84-24 html]# yum install php-cli php-pdo php-fpm php-mysqlnd
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
232 packages excluded due to repository priority protections
Resolving Dependencies
–> Running transaction check
. . . .
–> Processing Dependency: php-common(x86-64) = 8.0.20-1.amzn2 for package: php-cli-8.0.20-1.amzn2.x86_64
. . . .
–> Finished Dependency Resolution
Error: Package: php-json-7.4.26-1.amzn2.x86_64 (@amzn2extra-php7.4)
Requires: php-common(x86-64) = 7.4.26-1.amzn2
Removing: php-common-7.4.26-1.amzn2.x86_64 (@amzn2extra-php7.4)
. . . .
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest

#8. Remove the php-json* package

[root@ip-172-31-84-24 html]# yum remove php-json
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Resolving Dependencies
–> Running transaction check
—> Package php-json.x86_64 0:7.4.26-1.amzn2 will be erased
–> Processing Dependency: php-json(x86-64) = 7.4.26-1.amzn2 for package: php-common-7.4.26-1.amzn2.x86_64
–> Running transaction check
. . . .
. . . .
–> Finished Dependency Resolution
Removed:
php-json.x86_64 0:7.4.26-1.amzn2
Dependency Removed:
php-cli.x86_64 0:7.4.26-1.amzn2 php-common.x86_64 0:7.4.26-1.amzn2 php-fpm.x86_64 0:7.4.26-1.amzn2 php-mbstring.x86_64 0:7.4.26-1.amzn2 php-mysqlnd.x86_64 0:7.4.26-1.amzn2 php-pdo.x86_64 0:7.4.26-1.amzn2
php-xml.x86_64 0:7.4.26-1.amzn2
Complete!

#9. Install PHP and other dependencies

[root@ip-172-31-84-24 html]# yum install php php-{pear,cgi,common,curl,mbstring,gd,mysqlnd,gettext,bcmath,json,xml,fpm,intl,zip}
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
232 packages excluded due to repository priority protections
Resolving Dependencies
–> Running transaction check
. . . .
Installed:
php.x86_64 0:8.0.20-1.amzn2 php-bcmath.x86_64 0:8.0.20-1.amzn2 php-cli.x86_64 0:8.0.20-1.amzn2 php-common.x86_64 0:8.0.20-1.amzn2 php-fpm.x86_64 0:8.0.20-1.amzn2 php-gd.x86_64 0:8.0.20-1.amzn2
php-intl.x86_64 0:8.0.20-1.amzn2 php-mbstring.x86_64 0:8.0.20-1.amzn2 php-mysqlnd.x86_64 0:8.0.20-1.amzn2 php-pear.noarch 1:1.10.12-9.amzn2 php-xml.x86_64 0:8.0.20-1.amzn2
Dependency Installed:
php-pdo.x86_64 0:8.0.20-1.amzn2 php-process.x86_64 0:8.0.20-1.amzn2
Complete!

#10. A continuation the output in #9 installation message. Just disregard this.


php-json is available in Amazon Linux Extra topic “php7.4”

To use, run
# sudo amazon-linux-extras install php7.4

#11. Now check PHP version

[root@ip-172-31-84-24 ~]# php -v
PHP 8.0.20 (cli) (built: Jun 23 2022 20:34:07) ( NTS )
Copyright (c) The PHP Group
Zend Engine v4.0.20, Copyright (c) Zend Technologies

Cloud Vendors VPS Review

If you’re specifically just into Virtual Private Servers, you may want to look at Contabo as an alternative from most cloud providers like AWS, Azure, Alibaba, GCP, Oracle Cloud and Huawei.

Almost all Cloud Providers pricing are “pay-as-you-go” by the seconds, minute or hourly basis but Contabo packages are fixed monthly.

Comparing the packages (CPU, RAM, Storage and Traffic) over the prices compared, Contabo is more cheaper and practical if you will commit on a monthly basis.

If you’re constrained with a budget of lower than $5 than maybe chose from the other cloud vendors. But with just a small add up with cost, Contabo is way more advisable to buy.

See the links and some screenshots taken.

There could be changes in prices from the screenshots taken from the time of this post.

https://contabo.com/en/vps/

AWS (Lightsail) have these pricing details

https://aws.amazon.com/lightsail/pricing/

If you need highly configurable environments and instances with consistently high CPU performance for applications such as video encoding or HPC applications, AWS recommend you use Amazon EC2.

You may want to checkout Azure pricing here:

https://azure.microsoft.com/en-us/pricing/details/virtual-machines/linux/

https://azure.microsoft.com/en-us/pricing/details/virtual-machines/windows/

Alibaba Cloud pricing

https://www.alibabacloud.com/campaign/lightspace

Oracle Cloud pricing:

https://www.oracle.com/ph/cloud/price-list.html

Google Cloud compute engine pricing:

https://cloud.google.com/compute/all-pricing

Huawei pricing:

https://www.huaweicloud.com/intl/en-us/pricing/index.html#/ecs

These Cloud Vendors except Contabo also provides offer free trials so you can test your use cases.

Working with AWS CloudFormation is FUN!!!

Working with CloudFormation to code your Infrastructure is fun and easy. Thanks to the visual designer that comes with the tool which work like most IDE (e.g. NetBeans, Eclipse) to develop a program.

The designer has a drag and drop interface, i.e canvas and an editor (text) section. The latter has a Template tab and Components tab which is subdivided into Parameters, Mappings, Conditions, Metadata, and Outputs sections.

The canvas has all the list of resource types you need and this helps you get more familiar with AWS and how they can be interrelated to other services.

Likewise, the editor section also has an automatic suggestion of intrinsic functions and resource reference parameters for the field values in your template using the CTRL+Space key.

Clueless how to start? Upload a sample template and reviewing it will help you understand and architect your infrastructure easier if you’re just starting to learn the tool.

One style I do to learn coding (e.g. python) was to fork a code and deconstruct it. Thanks to AWS, they have bunch of sample templates to copy and deploy. The tool comes with built-in sample templates and some of which is linked here.

Here’s a sample solution I copied from AWS list of template which is linked here.

* Template Name – WordPress scalable and durable.

* Description: Installs and deploys WordPress on to Amazon EC2 instances in an Auto Scaling group with a multi-AZ Amazon RDS database instance for storage.

With some modification – positioning of the resources, the stack will look like this:

The code which is in json format can be found here.

So, once template is validated, keyed-in parameter values (e.g. instance-type, database name, password), a summary is presented for you to review before hitting the create button.  The stack should be completed in  a few minutes.

Aside from making template from scratch or samples, you can create a template of your existing infrastructure.  You can use the CloudFormer tool to build it. This is like reverse engineering your Infrastructure. This means you can capture and redeploy applications you already have running.

To do this, click Launch CloudFormer and create an AWS CloudFormation stack that runs the CloudFormer tool. After the stack creation is complete, navigate to the CloudFormer URL available on the Outputs tab.

Finally, BEST PRACTICES are recommended to help you use CloudFormation effectively and securely.

Happy coding.