sehee

configure your Git identities: 

git config --global user.name "your_full_name"
git config --global user-email "your_email"

set your default branch to be main: 

git config --global init.defaultBranch main

set up auto-correct: 

git config --global help.autocorrect <duration>

<duration>: ms

verify your settings: 

git config --list

git init
git add .
git commit -m "initial commit"
git status

# in AWS console
git remote add origin  https://git-codecommit.us-east-1.amazonaws.com/v1/repos/sionna
git branch -M main

git config —global credential.helper '!aws codecommit credential-helper $@'
git config —global credential.UseHttpPath true

git push -u origin main

In the Intermediate part of the workshop, you will:

• Learn how to manage multiple stacks by creating Nested Stacks  and Layered Stacks 
• You will learn how to Package and Deploy  a Nested Stack from an S3 bucket.

In the Advanced part of the workshop, you will:

• Learn about the AWS CloudFormation registry 
• Learn how to extend CloudFormation by creating modules 
• Learn how to extend CloudFormation by creating resource types 

AWS Cloud9 (CloudShell) Setup

Clone lab resources using git

git clone https://github.com/aws-samples/cfn101-workshop

Install the latest version of AWS CLI

cd cfn101-workshop/code/solutions/cloud9
chmod +x awscliv2.sh
source awscliv2.sh
aws --version
# aws-cli/2.31.34 Python/3.13.9 Linux/6.1.155-176.282.amzn2023.x86_64 exec-env/CloudShell exe/x86_64.amzn.2023

Local Development Setup

We recommend you install the AWS CloudFormation Linter . A linter 

will proactively flag basic errors in your CloudFormation templates before you deploy them.

If you are using Visual Studio Code, you should install the cfn-lint plugin.

pip install cfn-lint

Default VPC

default VPC using the Amazon VPC console

$ aws ec2 describe-vpcs --filters Name=isDefault,Values=true --query "Vpcs[].VpcId" --region us-east-1
[
    "vpc-xxxxxxxxxxxxxaa89"
]

Basics

cd cfn101-workshop/code/workspace
aws cloudformation create-stack --stack-name cfn-workshop-template-and-stack --template-body file://template-and-stack.yaml

template-and-stack.yaml file

Resources:
  S3Bucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: AES256

use the AWS CLI to create the stack - create-stack command was successfully sent, CloudFormation will return StackId

$ aws cloudformation create-stack --stack-name cfn-workshop-template-and-stack --template-body file://template-and-stack.yaml
{
    "StackId": "arn:aws:cloudformation:us-east-1:xxxxxxxx7753:stack/cfn-workshop-template-and-stack/xxxxxxxx-xxxx-xxxx-xxxx-0e672ed843db"
}

Challenge

객체가 삭제되거나 덮어쓰는 것을 방지하거나, 객체를 보관하여 이전 버전으로 복구할 수 있도록 S3 버킷에서 버전 관리를 활성화

- S3 리소스의 속성 섹션에 VersioningConfiguration 속성을 생성
- 상태를 enabled 설정
- 템플릿에서 변경된 내용을 반영하도록 스택을 업데이트

# add Properties
        VersioningConfiguration:
          Status: Enabled

스택 업데이트

$ aws cloudformation update-stack --stack-name cfn-workshop-template-and-stack --template-body file://template-and-stack.yaml
{
    "StackId": "arn:aws:cloudformation:us-east-1:xxxxxxxx7753:stack/cfn-workshop-template-and-stack/xxxxxxxx-xxxx-xxxx-xxxx-0e672ed843db"
}

Hugo is a fast, open-source static site generator that simplifies creating websites.

brew install hugo

Creating a new hugo site

hugo new site <my-site-name>

- replace <my-site-name> with my desired project name: sarah-hugo

Installing a Theme for my hugo site

- Hugo doesn’t come with a built-in default theme
- choose a theme from hugo themes that suits my project (popular: Ananke theme (for beginners))
+ Initializing a Git Repository (in <my-site-name> folder)

cd sarah-hugo
git init
git submodule add https://github.com/theNewDynamic/gohugo-theme-ananke.git themes/ananke

Configure Hugo to use the theme by editing the hugo.toml configuration file

# vi sarah-hugo/hugo.toml
baseURL = 'https://example.org/'
languageCode = 'en-us'
title = 'My New Hugo Site'

theme = "ananke"

Creating a Simple Content File

hugo new posts/my-first-post.md

• generates a new Markdown file located in the content/posts directory

open the newly created file in my preferred text editor: 

nano content/posts/my-first-post.md

+++
date = '2025-11-05T17:45:09+09:00'
draft = true
title = 'My First Post'
+++

add some content below the front matter

# Welcome to My First Post! 

This is my very first post using Hugo and Git. Exciting times ahead!

• in nano, CTR + 0, then Enter, and then CTRL + X to exit

Staging my changes

stage all changes in my project directory by running: 

git add .

Making my first commit

git config --global user.email "my@gmail.com"
git config --global user.name "my name"

git commit -m "Add first post: My First Post"

Viewing my changes with Hugo

start the Hugo server to view the changes locally

hugo server -D

• -D flag stands for Draft

open my web browser and go to ‘http://localhost:1313’

Viewing my commit history

git log

commit axxxxxxxxxxxxxxxxx0 (HEAD → main)
Author: my name <my@gmail.com>
Date: Wed Nov 5 18:17:59 2025 +0900

Add first post: My First Post

Ignoring unnecessary files with .gitignore

it’s important to recognize that not all files need to be tracked by Git
- such as logs, build artifacts, and environment configurations

inside the root of your project directory, create a file named .gitignore: 

touch .gitignore

In this file, you can specify file patterns that Git should ignore. For example:

# Ignore log files
*.log

# Ignore Hugo build directory
public/

# Ignore temporary editor files
*.swp

References: 

From Theory to Practice: A Git Workshop for Beginners - https://hjortberg.substack.com/p/from-theory-to-practice-a-git-workshop

25.11.03 기준

Foundational

AWS Certified Cloud Practitioner

: CLF-C02 / 719 questions

https://www.examtopics.com/exams/amazon/aws-certified-cloud-practitioner-clf-c02/

AWS Certified AI Practitioner

: AIF-C01 / 318 questions

https://www.examtopics.com/exams/amazon/aws-certified-ai-practitioner-aif-c01/

Associate

AWS Certified Solutions Architect - Associate

: SAA-C03 / 1019 questions

https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-associate-saa-c03/

AWS Certified Machine Learning Engineer - Associate

: MLA-C01 / 145 questions

https://www.examtopics.com/exams/amazon/aws-certified-machine-learning-engineer-associate-mla-c01/

AWS Certified Developer - Associate

: DVA-C02 / 557 questions

https://www.examtopics.com/exams/amazon/aws-certified-developer-associate-dva-c02/

AWS Certified CloudOps Engineer - Associate

: SOA-C03 / 478 questions (C02 기준)

https://www.examtopics.com/exams/amazon/aws-certified-sysops-administrator-associate/

AWS Certified Data Engineer - Associate

: DEA-C01 / 261 questions

https://www.examtopics.com/exams/amazon/aws-certified-data-engineer-associate-dea-c01/

Professional

AWS Certified Solutions Architect - Professional

: SAP-C02 / 529 questions

https://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-professional-sap-c02/

AWS Certified DevOps Engineer - Professional

: DOP-C02 / 390 questions

https://www.examtopics.com/exams/amazon/aws-certified-devops-engineer-professional-dop-c02/

AWS Certified Generative AI Developer - Professional[베타 시험]

: -

Specialty

AWS Certified Machine Learning - Specialty (until March 31, 2026)

: MLS-C01 / 369 questions

https://www.examtopics.com/exams/amazon/aws-certified-machine-learning-specialty/

AWS Certified Security - Specialty

: SCS-C02 / 307 questions

https://www.examtopics.com/exams/amazon/aws-certified-security-specialty-scs-c02/

AWS Certified Advanced Networking - Specialty

: ANS-C01 / 272 questions

https://www.examtopics.com/exams/amazon/aws-certified-advanced-networking-specialty-ans-c01/

References: 

https://aws.amazon.com/ko/certification/

VPN Basics

VPN allows hosts to communicate privately over an untrusted intermediary network like internet, in encrypted from

-

AWS 측 VPC: 10.0.0.0/16

onpremise 측 VPC: 192.168.0.0/16 (172.31.0.0/16)

VGW 생성

CGW 생성 (onprem-VPC의 EC2 인스턴스 퍼블릭 IP)

Site-to-Site VPN connection 생성 (static IP prefixes: 192.168.0.0/16)

IP Sec down

- VPN connections 우측 상단 Download configuration 버튼을 클릭하여, 각 고객 게이트웨이 디바이스 제공업체 별 configuration 파일 다운로드

- Actions > Modify VPN tunel options > 터널 1 선택하여 log group 설정(로그 기록 활성화 가능)

on-prem 라우터 설정

instance 설정 >

onprem-EC2에 strongswan 설치 및 설정

sudo yum update
sudo yum install strongswan  # Amazon Linux 2023에는 strongswan 패키지가 기본 저장소에 없음
sudo yum install libreswan -y

AWS-VPC 라우팅 테이블 설정

192.168.0.0/16 -> Virtual Private Gateway

Onprem-VPC 라우팅 테이블 설정

10.0.0.0/16 -> Local VPN instance

연결 테스트

# AWS-EC2에서

ping <onprem-EC2-private-IP>

# onprem-EC2에서

ping <AWS-EC2-private-IP>

-

CloudFormation Stacks > Outputs

Transit gateway attachments > VPN type, IP Address: Router1Public, BGP ASN: 65016

WebRTC (Web Real-Time Communication): 웹/앱에서 별다른 소프트웨어 없이 카메라/마이크 등을 사용하여 실시간 커뮤니케이션을 제공해주는 기술 [2]

Peer to Peer 통신을 하기 위해 사용자의 IP 주소를 알아야 하는데,

대부분의 사용자는 방화벽을 사용하여 STUN/TURN 서버가 필수적이다 [1].

1. STUN 서버

: Session Traversal Utilities for NAT

두 클라이언트가 같은 네트워크에 존재하고 있을 때는 해결되지 않는다.

Symmetric NAT의 경우는 애플리케이션이 달라지면 NAT의 매핑테이블이 바뀔 수 있다.

2. TURN 서버

: Traversal Using Relays around NAT

클라이언트들이 통신할 때 Public 망에 존재하는 TURN 서버를 경유하여 통신하게 된다.

ICE의 일부로 사용될 수 있도록 디자인 되었다.

3. ICE(Interactive Connectivity Establishment)

: Client가 모든 통신 가능한 주소를 식별하는 것

1) Relayed Address: TURN 서버가 패킷 릴레이를 위해 할당하는 주소

2) Server Reflexive Address: NAT가 매핑한 클라이언트의 공인망(Public IP, Port)

3) Local Address: 클라이언트의 사설 주소(Private IP, Port)

따라서 STUN 서버는 Server Reflexive Address 만을 응답하지만 TURN 서버는 Relayed Address와 Server Reflexive Address 모두 응답한다.

4. Coturn

TURN과 STUN 프로토콜을 구현한 서버 소프트웨어

STUN 서버는 Server Reflexive Address 만을 응답

TURN 서버는 Relayed Address 와 Server Reflexive Address 모두 응답

References:

[1] WebRTC란? (STUN과 TURN 서버의 이해) (2) - https://andonekwon.tistory.com/59

[2] [WebRTC] WebRTC란 무엇일까? - https://gh402.tistory.com/38