How to set up AWS Copilot on Windows Subsystem for Linux

AWS Copilot is an open source command line interface that makes it easy for developers to buildrelease, and operate production ready containerized microservices on Amazon ECS and AWS Fargate. AWS Copilot provides a simple declarative set of commands, including examples and guided experiences built in to help customers deploy quickly. After writing your application code, Copilot automates each step in the deployment lifecycle including pushing to a registry, creating a task definition, and creating a cluster.

Default application types are provided for new applications based upon AWS best practices to increase developer productivity and simplify running containers in the cloud. All you need to spin up production ready services is AWS Copilot, an AWS account, and your code.

You can install AWS Copilot on Linux, Mac OS and Windows 10. The detailed instructions for the installation is available here.

If you want to natively run AWS Copilot on Windows 10, there is an .exe file for installation in the above mentioned link. In this post, i will walkthrough on how to set up AWS Copilot on Windows Subsystem for Linux (WSL2.

Step1 – Install WSL2 on Windows 10.

I breifly convered this in one of my other post. You can refer this official documentation for details

Step 2 – Install Docker Desktop on Windows by leveraging WSL2 backend

Again, i briefly covered this in one of my previous post. You can refer this official documentation for details.

Step 3 – Install build essential package on WSL2 distro

sudo apt install build-essential

Step 4 – Install and configure AWS CLI on WSL2 distro

sudo apt install awscli

Step 5 – Install Docker on WSL2 Distro

sudo apt install docker.io

Step 6 – Ensure Docker engine on Windows 10 host leverages WSL2 Distro

Step 7 – Install AWS Copilot on WSL2 distro

curl -Lo copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x copilot && sudo mv copilot /usr/local/bin/copilot && copilot --help

Step 8 – Containerize and run a sample micro-service

git clone https://github.com/aws-samples/aws-copilot-sample-service.git
cd aws-copilot-sample-service
copilot init

Copilot would interact with you with guided questions to initialize the configuration for the micro-service.

copilot svc deploy

Copilot will set up the following resources in your AWS account.

  • A VPC
  • Subnets/Security Groups
  • Application Load Balancer
  • Amazon ECR Repositories
  • ECS Cluster & Service running on AWS Fargate

Once the deployment is complete, you should see this public load balanced service up and running.

This completes the steps for setting up AWS Copilot on Windows Subsytem for Linux.

Install Docker Desktop on Windows 10 using WSL2 backend

Nowadays, Docker is the most widely used container runtime for building and running containerized applications/micro-services. The Docker Desktop for Windows is a compelling package that comes with Docker Engine, Docker CLI client, Docker Compose, Notary, Kubernetes and CredentialHelper. In Windows 10, you can install Docker Desktop for Windows and run containers in two modes – Windows Containers mode and Linux Container mode.

I followed the steps in this article to get going. There are two options for setting up Docker on Windows – one using WSL2 back-end and other using hyper-v backend.

In this post, i’m leveraging WSL2 back-end. For leveraging WSL2 backend, Linux kernel update package needs to be installed. Download and run the Docker Desktop install after meeting all the pre-requisistes in the above mentioned article. For setting up WSL2 on Windows 10, you can refer my other blog post.

After successful installation of Docker Desktop for Windows, Log out and Log in back.

The Docker is started automated.

Now I can pull a container image from Powershell terminal.

I can also run the same image from WSL2 terminal.

Thus WSL2 provides seamless integration with Windows 10.

Install WSL2 on Windows 10

I’m a big fan of Windows Subsystem for Linux on Windows 10. I use WSL terminal as the default shell for lot of software development activities. I followed the following steps mentioned in this article Install WSL on Windows 10 | Microsoft Docs to install WSL2 on my Windows 10 (OS Build 19042.928).

Step 1 – Enable the Windows Subsystem for Linux

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart

Step 2 – Enable Virtual Machine feature

Enable Virtual Machine Platform (an optional feature) before installing WSL2.

dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

If you have hyper-v enabled, disable that. If you don’t disable hyper-v, you won’t be able to install Linux Kernel update package in step 3.

Restart the machine to complete the installation of WSL.

Step 3 – Linux Kernel update paxckage

Download and run the following Linux Kernel update package.

https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi

If you have hyper-v windows feature enabled, you won’t be able to install this package.

Step 4 – Set WSL 2 as default version

wsl --set-default-version 2

Step 6 – Install required Linux Distro.

In this case, i’m installing Ubuntu 20.0.4 by navigating to WSL store.

This completes the installation of WSL2 on Windows 10.

Access denied while accessing ELB using role “arn:aws:iam::role/aws-elasticbeanstalk-service-role

I got this error message when I tried to deploy a java sprint application using Elastic beanstalk.

When i analyze this further, it shows that the IAM policy associated with the Service Role is missing the following actions.

"elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeTargetHealth",

The IAM associated with the service role had the following configuration.

    “Version”: “2012-10-17”,

{

    “Statement”: [

        {

            “Effect”: “Allow”,

            “Action”: [

                “elasticloadbalancing:DescribeInstanceHealth”,

                “ec2:DescribeInstances”,

                “ec2:DescribeInstanceStatus”,

                “ec2:GetConsoleOutput”,

                “ec2:AssociateAddress”,

                “ec2:DescribeAddresses”,

                “ec2:DescribeSecurityGroups”,

                “sqs:GetQueueAttributes”,

                “sqs:GetQueueUrl”,

                “autoscaling:DescribeAutoScalingGroups”,

                “autoscaling:DescribeAutoScalingInstances”,

                “autoscaling:DescribeScalingActivities”,

                “autoscaling:DescribeNotificationConfigurations”

            ],

            “Resource”: [

                “*”

            ]

        }

    ]

}

To give some background, this is an auto-created Service Role. This was created by Visual Studio 2019 when i used Elastic Beanstalk for .NET applications.

The fix for this is to associate the IAM Policy ‘arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth’ with Service Role

https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts-roles-service.html

This turns the Elastic Beanstalk environment health to green.

Working with Github private repository using bash on Windows 10

There are times, we want to collaborate with other stakeholders in Github in a private manner. Meaning, we need to work and collaborate on a private Github repository. If you have a private Github private repository ready for collaboration, the most proven way to work with that is to leverage one of the following two options.

  1. Leverage SSH keys at the Github account level. So that you can work with Github private repository using SSH keys. The whole idea is that you will be generating an RSA key pair using SSH Key gen utility, add the private key portion of the key pair to the SSH agent and upload the public key portion of the key pair to the Github account settings. The advantage of this approach is that you have one SSH key defined at the Github account level to manage or work with all the private Github repositories created under that account.githubsshkey
  2. Leverage Deploy Keys at the individual repository level. I have learnt that a Deploy Key can be associated with only one Github repository at this point in time. githubdeploykey

The advantage of the second approach is that you can have a dedicated  key or set of deploy keys for individual repositories.

In this post, i’ll be covering the option #1. Basically i will leverage bash on windows 10 to work with private github repository using SSH keys. My windows 10 is already set up with Ubuntu 18.0.4 for Windows sub-system for linux.  I’m not covering the steps for setting up bash on Windows 10 using Windows subsystem for linux. You can refer microsoft documenation for that. Let’s move to the SSH set up process for Github.

Navigate to the directory in windows 10, where you want to generate SSH key pair.

pic1

Type ‘bash’ on the command prompt. It will launch the bash shell on windows 10. Basically the Windows folder that you have pointed will be mounted to the ubuntu 18.0.4 bash shell.

Now you can generate the SSH key pair using ‘ssh-keygen’ utility.

ssh-keygen -t rsa -b 4096 -C “your_email@example.com

Enter the name of the file for saving the key pair and provide any arbitrary passphrase when prompted.

pic2

Start the ssh on the bash shell. We need to explicty start it, because the run levels of this is different from a standard ubuntu desktop OS. I have learnt that the SSH agent does not get started automatically when you invoke bash on windows 10, unlike a standard ubuntu desktop OS.

eval $(ssh-agent -s)

pic3

Add the private key portion of the generated key pair to the SSH agent.

ssh-add keyname

If you getting a permission error for the generated key pair, the key will not get added successfully to the agent.

pic4

Even if you try to modify the permission of the key using ‘chmod 400’ or ‘chmod 600’ on the mounted directory, it won’t be successful. Becuase i’ve learnt that changing file permissions using chmod on the mounted directory (from windows 10) does not work.

The best way to fix this is to copy the key to a folder under the ubuntu user root directory, not to any windows mounted directory on bash.

Check if the directory ~/.ssh already exists on the bash shell. If not, explicitly create a directory ~/.ssh and exit the bash shell.

Again, navigate to the directory in windows 10 where the key pairs are generated and launch bash from there.

copy private key to ~/.ssh

pic5.JPG

Navigate to ~/.ssh and change permissions using any one of the following commands.

chmod 400 sundargitsshkey

chmod 600 sundargitsshkey

pic6

Copy the public key of the generated key pair (with ‘.pub’ suffix) to New –> SSH Key under Github account settings. Basically copy the content of the public key using any of the text editors and paste there in textbox available in New –> SSH Key under Github account settings.

Navigate to the SSH config file located in ‘/etc/ssh/ssh_config’ and add an entry for ‘IdentityFile ~/.ssh/sundargitsshkey’

sudo nano ssh_config

pic7

Start the SSH agent explicitly.

eval $(ssh-agent -s)

Verify the connectivity to Github using this command ‘SSH -T git@github.com’. You need to user the Github user name as ‘git’. If you try to use your actual Github user name, you’ll get errors.

It will ask you to confirm to accept the warning on authenticity of github.com. Accept it and provide passphrase for private key file when prompted. You’ll get the confirmation for successful authentication to make SSH calls into Github account from your bash shell.

pic8

Now you do git clone, commit and push to any number of repositories under your Github account using SSH, be it a private repository or public repository. This completes the post on working with Github private repository using bash on Windows 10.

 

Installing Mono framework and MonoDevelop IDE on Ubuntu 18.0.4

I’m exploring a lot on .NET cross platform development these days. One of the option other than .NET core, is to leverage Mono framework. Mono framework and MonoDevelop IDE also helps us to develop cross-platfrom .NET applications.  Here are the steps i followed to set up Mono framework and MonoDevelop IDE on Ubuntu 18.0.4.

a)Set up mono repository for ubuntu 18.0.4

sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF

 
echodeb https://download.mono-project.com/repo/ubuntu stable-bionic main” | sudo tee /etc/apt/sources.list.d/mono-official-stable.list

sudo apt update

b)Install required packages

Install the package mono-devel to compile the code.
sudo apt install mono-devel

Install the package mono-complete to install everything.
sudo apt install mono-complete

Install the package mono-dbg to get the debugging symbols for framework libraries.
sudo apt install mono-dbg

Install package referenceassemblies-pcl for PCL compilation support (this gets installed if your install mono-complete).
sudo apt install referenceassemblies-pcl

Install package ca-certificates-mono to get SSL certificates for https connection (this gets installed if your install mono-complete).

sudo apt install ca-certificates-mono

Install pakage mono-xsp4 to run ASP.NET applications.
sudo apt install mono-xsp4

c)Install monodevelop IDE

The pre-requisite for installing MonoDevelop IDE is to set up the  mono repository for ubuntu 18.0.4 (mentioned in step #a). Then proceeed to IDE installation using apt-get package manager.

sudo apt-get install monodevelop

 

 

 

How to SSH into virtual box guest VM from host

I have set up a virtual box guest VM running ubuntu 18.0.4. I tried to SSH into the ubuntu guest VM from host. It did not work. Here are the simple steps to enable SSH to access ubuntu guest VM from host.

By default, when we create a virtual machine in virtual box, it will come up with a pre-configured NAT adapter.

virtualbox NAT

This will provide the internet connection to the guest VM. This is not enough for enabling SSH. Power off the virutal machine, open network settings in virtual box and add a host only adapter.

Host only adapter

Go to File –> Host Network Manager  and make sure that the selected network adapter for host only network is enabled with DHCP configuration.

DHCP1

DHCP2

The virtual machine that is configured with this Host only network adapter can receive static ip addresses in the range of lower bound and upper bound mentioned in this configuration. In this  case, it is between 192.168.57.3 and 192.168.57.254 (both bounds inclusive).

Switch on the virtual machine and log in.

We need to make changes to the network interfaces file of ubuntu, to reflect the host only adapter and the static ip for the VM.

Navigate to /etc/network/interfaces and add the following lines.

auto enp0s8
iface enp0s8 inet static
address 192.168.57.3
netmask 255.255.255.0

In mycase the host only network adapter is assigned as enp0s8 in the guest VM. In your case, it may be same or different. Based on that set it appropriately.

The next step is to install the openssh server. Run the following commands in the terminal.

auto eth1
iface eth1 inet static
address 192.168.57.4
netmask 255.255.255.0

Restart VM and we can the static IP address of 192.168.57.4 assigned to it.

SSH from host. It should be successful.

SSH guest VM

This completes the post of enabling SSH for ubuntu 18.04 guest VM running in virtual machine.

Docker error response from daemon client.Timeout exceeded

I was trying to set up Docker in my machine running ubuntu 18.0.4. I got this error “Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)”, while issuing ‘Docker login’ command from the terminal.

Screenshot from 2018-12-25 13-05-10.png

I have learnt that the fix for this issue is to add couple of more entires in the resolve.conf file.

Navigate to /etc/resolv.conf

Add the following nameserver entries

nameserver 8.8.8.8

nameserver 8.8.4.4

docker dns change.png

After making this change, i was able to successfuly login to docker hub from the terminal.

 

 

Enable static website hosting in S3

AWS Simple Storage Service (S3) offers one of the powerful capability to host static websites. In this post let’s cover the steps for the same.

Create a sample bucket by name ‘mytestdomain.com’. The convention is that bucket name should match with the website domain name.

In this case the domain name for the static website is mytestdomain.com. The S3 bucket should match that name.

image

Enable public read access to this bucket.

image

Enable static web site hosting for the bucket by selecting ‘Use this bucket to host a static website’ and specifying the index document and error document.


image

Upload the index.html and error.html file and grant the public read access to it. Now access the static website url

provided by S3. It should be in this format.

http://s3bucketname.s3-website-region.amazonaws.com/

It should render the index.html in the browser

image

To render this website with the actual domain name, we need to leverage Route 53 DNS service offered by AWS.

Create a hosted zone for our custom domain.

image

Once the hosted zone is created, S3 presents with list of name servers. It should be mapped with the domain registrar for routing the request through Route 53.

The next step is to create a Record Set for the Hosted Zone bye selecting the Alias Target to the S3 bucket enabled for static website hosting.

image

It takes few minutes for the record set changes to get propagated. After that try accessing the website domain url. It should render the index page. This completes this article.