Now that we’ve covered the fundamentals of the AWS cloud; let’s talk about how you get started. I’ll demonstrate how you can get your first virtual machine running (we call them instances). We’ve designed AWS to be secure by default so I’ll show you how you can open port in your AWS firewall so that you can connect to your application. I’ll also show you how you can use secured key pairs for connecting to your instances. You’ll also see how to set up an email alert if your application becomes non-responsive. I’ll demonstrate how to take a backup of your instance and how to restore that backup, and we’ll finish with putting a file into Amazon’s Simple Storage Solution (sometimes referred to as S3) and how to make that file available to anyone on the internet.
Let’s get started!
Everyone who signs up for AWS is automatically signed up for the free tier. Everything we do today will be done within the free tier so you can do everything you see today without any cost to you. Many AWS services are included in the free tier to help you get familiar with the services and let you try them out with your own code and use cases. You can find more information on everything in the free tier at aws.amazon.com/free
The first thing you need to do is sign up for an Amazon Web Services account. It’s simple, just go to aws.amazon.com and click on the “sign up” button at the top. You do need a credit card and being near a phone helps for the phone verification part.
Let me walk you through that process.
Use an alias!
Secured premises – trying to break in
S3 encryption – trying to steal HDs
MFA – trying to take encryption keys
SSH & SSL support – trying to listen in
Security groups – trying to access from undefined locations
IAM users – trying to access as a global admin
MFA access – trying to access with stolen credentials
& your additional ability to add control
Secured premises – trying to break in
S3 encryption – trying to steal HDs
MFA – trying to take encryption keys
SSH & SSL support – trying to listen in
Security groups – trying to access from undefined locations
IAM users – trying to access as a global admin
MFA access – trying to access with stolen credentials
& your additional ability to add control
IAM console setup
admin IAM user setup
non-admin IAM user setup
LOGOUT AS MASTER
IAM LOGIN
If the virtual machines (or instances as we call them) you will be creating in EC2 you will be using Linux, the first thing you will need to do, after you’ve signed up for Amazon Web Services, is to create an Secure Shell (or SSH) key. Remember, this doesn’t depend on what operating system you are using on your own computer, this is for the computer that AWS is going to be running for you. For users who will be using Windows instances in AWS you do not need an SSH key as you will be using Remote Desktop and a login username and password to connect to your Windows Instances from your computer.
For this example we’ll be looking at working with a Linux instance so we are going to create an SSH key.
SSH keys help avoid weak passwords since the key used is much longer than most users passwords. If you want, you have the ability to import your own keys for use in connecting to your EC2 instances. In this demonstration we’ll be using the Key pair generator that is built into AWS.
EC2 -> Key Pairs
Create one for Linux and one for Windows
Security on the Internet is always important. To help ensure that your resources are secured, AWS automatically starts your resources without any connections enabled from the Internet. Much like an Internet Firewall, Security groups allow you to choose which ports are open to which IP addresses on the internet. You can specify a range of ports as well as a range of addresses to give you full control over what ports are available and where connections can come from.
In this demonstration we’ll create a new Security Group and open Ports 80 (used for Web based HTTP traffic) 443 (used for secured web HTTPS traffic) 22 for SSH access (which is used for Linux machines) and 3389 (which is used for the remote desktop protocol (or RDP) when connecting to Windows-based instances). In this example we’ll be opening each of these to any internet connection though for your own work you may want to limit your RDP and SSH connections to just your personal IP address.
This section is very important as one of the most common problems users sometimes face is not having the right ports open or not having the right IP addresses allowed through those ports. A good example of this would be if you enabled only your personal IP address to access your instance and then your Internet Service Provider (or ISP) dynamically gave you a new IP address (this is not untypical for personal Internet accounts).
Now let’s look at how to create and configure a Security Group.
Create 2 security groups for Windows 3389 and SSH 22
Amazon’s Elastic Compute Cloud (also called EC2) gives you computing power available on demand in the AWS cloud. The AWS instances (which are similar to virtual machines) give you the ability to run the operating system, platforms, and tools that you want. You get full control of the resources and administrator (or root) access to the instance. You can choose the processing power, memory, and hard disk space that you need. There are even instance typed that give you access to special graphics hardware if you require it. There are many different configurations you can choose from.
In this example we’ll be creating a t1.micro Amazon Linux instance. We’ll pick the hard drive space, as well as the SSH key we’ll use for access and the Security Group we want applied to allow access. We will then start the instance and take note of the address of this instance on the Internet so that we can connect to it later.
Let’s get started.
Amazon Simple Storage Service (sometimes referred to as S3) is an easy way to store files on the Internet. Amazon S3 is highly scalable so the files you post on S3 will be highly available as well as highly durable. Amazon Web Services stores multiple copies of your file in different, geographically separated, locations so your data is available to you, or your customers, when you need it to be. You can store files that are any size from 1 byte to 5 terabytes in Amazon S3. S3 also provides 11 nines of durability. That’s 99.999999999% durability so you can have confidence that your files are always going to be there. AWS provides encryption of your files to protect against unauthorized access as well as in transit when they are being transferred in or out of the S3 folders (we call them buckets). All of your storage is separated by region so you can choose the geographic location where your data is stored and you have granular permissions control so you can control who can access each file in your bucket individually, or as a group.
S3 also allows users to access your content via API and Web-based requests. Web based requests can also use the built in web-server so S3 can serve up static website content like images, videos, documents, and even the HTML, JavaScript, and CSS files themselves.
While we’re waiting for the EC2 instances to start…
In this demonstration we’ll upload a new image file to an Amazon S3 bucket. We’ll then set the permissions on the file so that it will be available publically on the internet. Finally we’ll access that image via a web browser to prove that it is available over the internet.
Let’s get started.
Previously we created an Elastic Compute Cloud (or EC2) instance.
Amazon Web Services provides the flexibility to run the software you want; using the tools you are most familiar with. This means that you can connect to a Linux instance using any terminal program that supports SSH. There is a Java-based terminal that can be used by anyone who has a browser that supports Java. This is what we will be using in our demonstration today. If would prefer to use an application on your personal machine, you can use Terminal on a Mac running OSX, or PuTTY on a Windows PC. Please note that there are some additional steps to using PuTTY under Windows as you need to convert the .pem SSH private key to a .ppk file.
If we had created a Windows instance in AWS, we could connect from Remote Desktop (or Microsoft Terminal Services Client) from a Windows Machine or 2X from a Mac running OSX or a Linux machine.
As a reference I’ll cover how to do each of these though we’ll be connecting to our instance using the Java client using SSH.
To connect to a Linux Instance from Mac OSX or a Linux PC; just open a terminal window and type “SSH dash I”, then the location of your private key that you downloaded. (The key usually ends in .pem) then ec2-user(which is our user name) “the at symbol” and then the public DNS name of the instance we want to connect to. We are logging in as EC2-user which has administrator (or root) permissions. For security reasons we don’t log in as the root user though once you are in your instance you are free to change the root account and access that way if you wish. In general it is not recommended that you log in as the root user though EC2-user has full root permissions.
If you are using Windows and do not want to use the java-based client in the AWS EC2 console, you can use PuTTY. You can download PuTTY for free from the link listed here. You will need to convert your .pem key file that you downloaded earlier to a .ppk file. You can do this using PuTTYGen which comes with PuTTY. You will then need to create a connection in PuTTY. There are a number of steps in this process. Detailed screen shots of this process are available in the version of this presentation that is posted on the Internet in the AWS Slideshare located at www.slideshare.net/AmazonWebServices. You may need to search for this particular presentation as many of our presentations are posted there.
If you are connecting to a Windows instance from a Windows PC, you can use Remote Desktop. To make the Remote Desktop connection, press the windows key and the “R” key at the same time. You can also press the start menu and select the “run” option from the menu if you are using windows XP through Windows 7. In the run box that appears type MSTSC slash V colon and then the public DNS name of the EC2 instance fro the details section on the AWS EC2 management console. You will see a window appear asking for your username and password. Use the username and password you were given when creating your Windows AWS instance to connect to your Windows EC2 instance.
In this example we’ll be connecting to the Linux EC2 instance that we created earlier.
Let’s get started.
chmod 400 DemoKeyPair.pem
In this demonstration we’ll be connecting to the Amazon Linux EC2 instance we created earlier. We’ll use the java-based terminal to make this connection.
Let’s get started.
CloudWatch is a service that provides monitoring of your EC2 instances. CloudWatch also allows you to take action on those monitors. You can use CloudWatch to notify you about the state of your instances, as well as scale out (or in) your application. You can use metrics like Disk Input/Output per second (or IOPS), network throughput, CPU utilization or many others. CloudWatch helps you define when you want the system to take certain actions on your application as well as when you would like to be alerted.
In today’s example, we are only running one instance so we will be setting up a CloudWatch alarm to email us if the CPU utilization of our application goes over 80% for over 5 minutes. This way we know if our system is reaching it’s limits and we may need to look at scaling up (which we deal with in the next webinar in this series). We could also use this to set an alert if your server becomes unresponsive so you would know if your application crashed or was not available for your users.
Let’s go set up a CloudWatch alarm.
In this example we are going to create a CloudWatch Alarm that will send us an email if the CPU Utilization of our instance goes over 80% for longer than 5 minutes. This will be useful to know if our service is under heavy load and we may need to increase our resources or look into a product bug.
Let’s get started.
Show the cost explorer
Set a billing alert
https://www.python.org/downloads/
./Library/Python/3.6/bin/aws --version
./Library/Python/3.6/bin/aws help
e.g. create a key pair
./Library/Python/3.6/bin/aws configure
./Library/Python/3.6/bin/aws ec2 create-key-pair --key-name 'my key pair'
In today’s session we’ve seen how to sign up for Amazon Web Services, create an SSH key to connect to a Linux instance, and configure a security group to enable access to our instance. We’ve created an EC2 instance and connected to that instance. We’ve set an alarm to notify us if our instance has a high CPU load. We’ve also backed up our instance and done a restore in that backup. Finally we put a file in S3 and made it available to the internet.