Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
•
2 likes•863 views
by Fatima Ahmed, Technical Account Manager, AWS
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Similar to Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
- 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Hands-on Setup and Overview of AWS features Fatima Ahmed Technical Account Manager
- 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Let’s Get Started • Set up an AWS account • Create an IAM user and enable MFA • Create SSH key pairs (used to log into your instances) • Create a Security Group (firewall) • Start an EC2 instance (virtual machine) • Connect to your EC2 instance • Use S3 (Internet connected storage) • Create a CloudWatch alarm • Visualize AWS costs and set spending alerts • Install the AWS CLI • Install the AWS SDK for Python
- 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Free tier • Includes most of the AWS services • Available for all new account • Good for one year from the day the account is created • Everything we show today can be done within the free tier • More details at http://aws.amazon.com/free
- 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Sign Up • Sign up though https://aws.amazon.com • You need a credit card • There will be a phone verification
- 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: signing-up for AWS
- 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Creating IAM Users Using AWS Identity and Access Management (IAM), you can create and manage AWS users and groups. You can control what resources each user has access to so you can avoid overly permissive accounts.
- 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Enabling MFA AWS allows you to require multi- factor authentication for your users through physical or software-based single use login tokens to thwart stolen passwords and key loggers as an attack vector.
- 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: creating an IAM user & enabling MFA
- 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Creating your SSH Key • SSH stands for Secure Shell • SSH keys are used for secured access to EC2 (Linux) • SSH keys avoid password weaknesses • Can import your own or use AWS created keys
- 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: creating SSH keys
- 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Creating a Security Group • Security Groups are firewalls for your instances • By default, the Security Group blocks everything • Choose which protocols & ports are open – Can use port ranges (e.g. 22-24) • Choose which addresses the ports are open to – Uses CIDR rules for IP address access – (use /32 for allowing a single address)
- 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: creating a security group
- 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Start a New Instance • Instances are virtual machines running in the cloud • You have full control of the instance and can install any software that you choose • In this process, you define what kind of machine you want (processing power, HD space, etc.) • You will need: – A Key Pair to connect to your instance via SSH – A Security Group to put your instance in
- 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: starting an EC2 instance
- 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved S3 • S3 is Amazon’s Simple Storage Service • Store and retrieve almost any amount of data: 1 Byte to 5 Terabytes • Highly scalable and durable • Encryption available • Storage is isolated by AWS Region • Object-level permissions • Easily Accessible
- 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: using S3
- 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Connecting to EC2 Instances • SSH is used to connect to Linux • Remote Desktop is used to connect to Windows
- 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Connecting to a Linux Instance from Linux/OSX • Open a terminal window • ssh -i {ssh private key location} ec2-user@{public DNS name}
- 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Connecting to a Linux Instance from Windows • Download/Install PuTTY – http://bit.ly/1jsQjnt • Convert .pem file to .ppk with PuTTYgen • Create a connection in PuTTY
- 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Connecting to a Windows Instance from Windows • Open a Remote Desktop connection • Windows + r or start and then the “run” option • mstsc /v:{EC2 instance public DNS Name}
- 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: connecting to an EC2 Instance
- 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: connecting to an instance from the AWS Management Console
- 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved CloudWatch • CloudWatch provides monitoring information for your EC2 instances • CloudWatch allows you to specify actions to take when a condition is met – Example 1: Send an email when CPU Utilization >80% for 5 minutes – Example 2: Add another machine to an Auto-Scaling Group if Average Disk Read IOPS across an Auto-Scaling Group exceeds 500 – Example 3: Remove a machine from an Auto-Scaling Group if Network input drops below 2,000 Bytes
- 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: creating a CloudWatch alarm
- 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Additional Information • CloudWatch works with Auto Scaling • When you have defined an Auto-Scaling Group, CloudWatch Alarms can be used to increase and decrease the resources in the Auto-Scaling Group.
- 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Billing and Cost Management • Several features to help you monitor costs and visualize your AWS spend: – Cost Explorer – Alerts on Spending Limits – Detailed Billing Reports – Consolidated Billing – AWS Organizations
- 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: AWS Account billing console
- 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Command Line Interface • The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. • It is available for the following Operating Systems at https://aws.amazon.com/cli/ – Windows (32-bit and 64-bit installer) – Mac and Linux • Requires Python 2.6.5 or higher. Install using pip – Amazon Linux • Pre-installed on Amazon Linux AMI
- 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Demo: Installing AWS CLI
- 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved • Installation Documentation: http://docs.aws.amazon.com/cli/latest/userguide/installing.html
- 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS SDK for Python (Boto3) • Boto is the Amazon Web Services (AWS) SDK for Python, which allows Python developers to write software that makes use of Amazon services like S3 and EC2. Boto provides an easy to use, object-oriented API as well as low-level direct service access. • Installation is simple: pip3 install boto3 – https://aws.amazon.com/sdk-for-python/ – https://boto3.readthedocs.io/en/latest/ – https://aws.amazon.com/developers/getting-started/python/ – https://boto3.readthedocs.io/en/latest/guide/examples.html
- 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved What we covered • Set up an AWS account • Create an IAM user and enable MFA • Create SSH key pairs (used to log into your instances) • Create a Security Group (firewall) • Start an EC2 instance (virtual machine) • Use S3 (Internet connected storage) • Connect to your EC2 instance • Create a CloudWatch alarm • Visualize AWS costs and set spending alerts • Install the AWS CLI • Install the AWS SDK for Python
- 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Thank You
Editor's Notes
- Now that we’ve covered the fundamentals of the AWS cloud; let’s talk about how you get started. I’ll demonstrate how you can get your first virtual machine running (we call them instances). We’ve designed AWS to be secure by default so I’ll show you how you can open port in your AWS firewall so that you can connect to your application. I’ll also show you how you can use secured key pairs for connecting to your instances. You’ll also see how to set up an email alert if your application becomes non-responsive. I’ll demonstrate how to take a backup of your instance and how to restore that backup, and we’ll finish with putting a file into Amazon’s Simple Storage Solution (sometimes referred to as S3) and how to make that file available to anyone on the internet. Let’s get started!
- Everyone who signs up for AWS is automatically signed up for the free tier. Everything we do today will be done within the free tier so you can do everything you see today without any cost to you. Many AWS services are included in the free tier to help you get familiar with the services and let you try them out with your own code and use cases. You can find more information on everything in the free tier at aws.amazon.com/free
- The first thing you need to do is sign up for an Amazon Web Services account. It’s simple, just go to aws.amazon.com and click on the “sign up” button at the top. You do need a credit card and being near a phone helps for the phone verification part. Let me walk you through that process. Use an alias!
- Secured premises – trying to break in S3 encryption – trying to steal HDs MFA – trying to take encryption keys SSH & SSL support – trying to listen in Security groups – trying to access from undefined locations IAM users – trying to access as a global admin MFA access – trying to access with stolen credentials & your additional ability to add control
- Secured premises – trying to break in S3 encryption – trying to steal HDs MFA – trying to take encryption keys SSH & SSL support – trying to listen in Security groups – trying to access from undefined locations IAM users – trying to access as a global admin MFA access – trying to access with stolen credentials & your additional ability to add control
- IAM console setup admin IAM user setup non-admin IAM user setup LOGOUT AS MASTER IAM LOGIN
- If the virtual machines (or instances as we call them) you will be creating in EC2 you will be using Linux, the first thing you will need to do, after you’ve signed up for Amazon Web Services, is to create an Secure Shell (or SSH) key. Remember, this doesn’t depend on what operating system you are using on your own computer, this is for the computer that AWS is going to be running for you. For users who will be using Windows instances in AWS you do not need an SSH key as you will be using Remote Desktop and a login username and password to connect to your Windows Instances from your computer. For this example we’ll be looking at working with a Linux instance so we are going to create an SSH key. SSH keys help avoid weak passwords since the key used is much longer than most users passwords. If you want, you have the ability to import your own keys for use in connecting to your EC2 instances. In this demonstration we’ll be using the Key pair generator that is built into AWS.
- EC2 -> Key Pairs Create one for Linux and one for Windows
- Security on the Internet is always important. To help ensure that your resources are secured, AWS automatically starts your resources without any connections enabled from the Internet. Much like an Internet Firewall, Security groups allow you to choose which ports are open to which IP addresses on the internet. You can specify a range of ports as well as a range of addresses to give you full control over what ports are available and where connections can come from. In this demonstration we’ll create a new Security Group and open Ports 80 (used for Web based HTTP traffic) 443 (used for secured web HTTPS traffic) 22 for SSH access (which is used for Linux machines) and 3389 (which is used for the remote desktop protocol (or RDP) when connecting to Windows-based instances). In this example we’ll be opening each of these to any internet connection though for your own work you may want to limit your RDP and SSH connections to just your personal IP address. This section is very important as one of the most common problems users sometimes face is not having the right ports open or not having the right IP addresses allowed through those ports. A good example of this would be if you enabled only your personal IP address to access your instance and then your Internet Service Provider (or ISP) dynamically gave you a new IP address (this is not untypical for personal Internet accounts). Now let’s look at how to create and configure a Security Group.
- Create 2 security groups for Windows 3389 and SSH 22
- Amazon’s Elastic Compute Cloud (also called EC2) gives you computing power available on demand in the AWS cloud. The AWS instances (which are similar to virtual machines) give you the ability to run the operating system, platforms, and tools that you want. You get full control of the resources and administrator (or root) access to the instance. You can choose the processing power, memory, and hard disk space that you need. There are even instance typed that give you access to special graphics hardware if you require it. There are many different configurations you can choose from. In this example we’ll be creating a t1.micro Amazon Linux instance. We’ll pick the hard drive space, as well as the SSH key we’ll use for access and the Security Group we want applied to allow access. We will then start the instance and take note of the address of this instance on the Internet so that we can connect to it later. Let’s get started.
- Amazon Simple Storage Service (sometimes referred to as S3) is an easy way to store files on the Internet. Amazon S3 is highly scalable so the files you post on S3 will be highly available as well as highly durable. Amazon Web Services stores multiple copies of your file in different, geographically separated, locations so your data is available to you, or your customers, when you need it to be. You can store files that are any size from 1 byte to 5 terabytes in Amazon S3. S3 also provides 11 nines of durability. That’s 99.999999999% durability so you can have confidence that your files are always going to be there. AWS provides encryption of your files to protect against unauthorized access as well as in transit when they are being transferred in or out of the S3 folders (we call them buckets). All of your storage is separated by region so you can choose the geographic location where your data is stored and you have granular permissions control so you can control who can access each file in your bucket individually, or as a group. S3 also allows users to access your content via API and Web-based requests. Web based requests can also use the built in web-server so S3 can serve up static website content like images, videos, documents, and even the HTML, JavaScript, and CSS files themselves.
- While we’re waiting for the EC2 instances to start… In this demonstration we’ll upload a new image file to an Amazon S3 bucket. We’ll then set the permissions on the file so that it will be available publically on the internet. Finally we’ll access that image via a web browser to prove that it is available over the internet. Let’s get started.
- Previously we created an Elastic Compute Cloud (or EC2) instance. Amazon Web Services provides the flexibility to run the software you want; using the tools you are most familiar with. This means that you can connect to a Linux instance using any terminal program that supports SSH. There is a Java-based terminal that can be used by anyone who has a browser that supports Java. This is what we will be using in our demonstration today. If would prefer to use an application on your personal machine, you can use Terminal on a Mac running OSX, or PuTTY on a Windows PC. Please note that there are some additional steps to using PuTTY under Windows as you need to convert the .pem SSH private key to a .ppk file. If we had created a Windows instance in AWS, we could connect from Remote Desktop (or Microsoft Terminal Services Client) from a Windows Machine or 2X from a Mac running OSX or a Linux machine. As a reference I’ll cover how to do each of these though we’ll be connecting to our instance using the Java client using SSH.
- To connect to a Linux Instance from Mac OSX or a Linux PC; just open a terminal window and type “SSH dash I”, then the location of your private key that you downloaded. (The key usually ends in .pem) then ec2-user(which is our user name) “the at symbol” and then the public DNS name of the instance we want to connect to. We are logging in as EC2-user which has administrator (or root) permissions. For security reasons we don’t log in as the root user though once you are in your instance you are free to change the root account and access that way if you wish. In general it is not recommended that you log in as the root user though EC2-user has full root permissions.
- If you are using Windows and do not want to use the java-based client in the AWS EC2 console, you can use PuTTY. You can download PuTTY for free from the link listed here. You will need to convert your .pem key file that you downloaded earlier to a .ppk file. You can do this using PuTTYGen which comes with PuTTY. You will then need to create a connection in PuTTY. There are a number of steps in this process. Detailed screen shots of this process are available in the version of this presentation that is posted on the Internet in the AWS Slideshare located at www.slideshare.net/AmazonWebServices. You may need to search for this particular presentation as many of our presentations are posted there.
- If you are connecting to a Windows instance from a Windows PC, you can use Remote Desktop. To make the Remote Desktop connection, press the windows key and the “R” key at the same time. You can also press the start menu and select the “run” option from the menu if you are using windows XP through Windows 7. In the run box that appears type MSTSC slash V colon and then the public DNS name of the EC2 instance fro the details section on the AWS EC2 management console. You will see a window appear asking for your username and password. Use the username and password you were given when creating your Windows AWS instance to connect to your Windows EC2 instance.
- In this example we’ll be connecting to the Linux EC2 instance that we created earlier. Let’s get started. chmod 400 DemoKeyPair.pem
- In this demonstration we’ll be connecting to the Amazon Linux EC2 instance we created earlier. We’ll use the java-based terminal to make this connection. Let’s get started.
- CloudWatch is a service that provides monitoring of your EC2 instances. CloudWatch also allows you to take action on those monitors. You can use CloudWatch to notify you about the state of your instances, as well as scale out (or in) your application. You can use metrics like Disk Input/Output per second (or IOPS), network throughput, CPU utilization or many others. CloudWatch helps you define when you want the system to take certain actions on your application as well as when you would like to be alerted. In today’s example, we are only running one instance so we will be setting up a CloudWatch alarm to email us if the CPU utilization of our application goes over 80% for over 5 minutes. This way we know if our system is reaching it’s limits and we may need to look at scaling up (which we deal with in the next webinar in this series). We could also use this to set an alert if your server becomes unresponsive so you would know if your application crashed or was not available for your users. Let’s go set up a CloudWatch alarm.
- In this example we are going to create a CloudWatch Alarm that will send us an email if the CPU Utilization of our instance goes over 80% for longer than 5 minutes. This will be useful to know if our service is under heavy load and we may need to increase our resources or look into a product bug. Let’s get started.
- Show the cost explorer Set a billing alert
- https://www.python.org/downloads/ ./Library/Python/3.6/bin/aws --version ./Library/Python/3.6/bin/aws help e.g. create a key pair ./Library/Python/3.6/bin/aws configure ./Library/Python/3.6/bin/aws ec2 create-key-pair --key-name 'my key pair'
- In today’s session we’ve seen how to sign up for Amazon Web Services, create an SSH key to connect to a Linux instance, and configure a security group to enable access to our instance. We’ve created an EC2 instance and connected to that instance. We’ve set an alarm to notify us if our instance has a high CPU load. We’ve also backed up our instance and done a restore in that backup. Finally we put a file in S3 and made it available to the internet.