|
|
(49 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | = THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE =
| + | [http://wiki.littlesvr.ca/wiki/OPS345_Lab_1 This page has moved.] |
− | | |
− | ''' The current schedule for OPS345 is here: [[OPS335_Weekly_Schedule]]
| |
− | | |
− | = AWS Console =
| |
− | | |
− | Log in here: https://awsacademy.instructure.com
| |
− | | |
− | Click "Courses" > "AWS Academy Learner Lab - Foundation Services" > "Modules" > "Learner Lab - Foundational Services"
| |
− | | |
− | Click "Start Lab". The first time this will take a few minutes. This will spin up all your EC2 instances which automatically shut down 4 hours after you start the lab. But your data will not be lost. Your VMs will persist until the end of the course.
| |
− | | |
− | = AWS cost monitoring =
| |
− | | |
− | * You are responsible for your AWS usage. Normally using resources from AWS costs money. In an AWS Educate Learner Lab you get a 100$ credit which will be more than enough to cover all your resources until the end of the course.
| |
− | ** Take this opportunity during the course to learn what costs how much money, and make sure you don't use up your 100$ until you are done all your work in the course. The skills of managing cloud costs are very valuable.
| |
− | ** Both in the Learner Lab and the real AWS figuring out what the money was spent on is surprisingly difficult after it's already spent. So pay attention whenever you see a note about the cost of anything.
| |
− | ** You cannot use AWS Budgets in your AWS Learning Lab.
| |
− | ** You could try to figure out how to use the Amazon CloudWatch billing alarms
| |
− | * Always keep cost in the back of your mind when doing /anything/ on AWS
| |
− | | |
− | = Basic security on a public-facing server =
| |
− | | |
− | * A good AWS password, not used anywhere else
| |
− | * Remove default usernames
| |
− | * Whenever possible: don't use passwords at all, use SSH keys for logging in
| |
− | * root is never allowed to log in remotely
| |
− | * How to use sudo and how to configure it
| |
− | * ssh keys, same as OPS245
| |
− | * How to organise your SSH keys and not lose them
| |
− | | |
− | = AWS networking =
| |
− | | |
− | * Default dynamic public IP
| |
− | * Default static private network/IP
| |
− | * Reserving a static public IP under "Elastic IPs", cost of doing that
| |
− | | |
− | = First AWS VM =
| |
− | | |
− | * Create a new security group "ops345sg" with only the SSH port open. We'll look at security groups in more detail next week.
| |
− | * Instance == VM. AMI == VM disk image.
| |
− | * Lots of AMIs appear to be available, only Amazon Linux works with AWS Academy.
| |
− | * Use "Launch Instances" to deploy a pre-built "Amazon Linux 2 AMI (HVM), SSD Volume Type" VM. Not one of the other Amazon Linux AMIs.
| |
− | ** Instance type t2.micro - sort of kind of almost free
| |
− | ** Security group "ops345sg"
| |
− | ** Create a new RSA key pair named ops345-default-key, save it as ops345-default-key.pem on your workstation under a new directory ~/keys/ssh/
| |
− | * Differences between Amazon Linux and CentOS
| |
− | ** /etc/yum.repos.d/amzn2-core.repo
| |
− | ** Not linked to RedHat/IBM support cycles and policies.
| |
− | * Explore the VM:
| |
− | ** connect with user ec2-user, ssh key
| |
− | ** Many packages not installed by default in CentOS /are/ installed by default in Amazon Linux.
| |
− | ** yum install telnet
| |
− | ** systemctl works the same way
| |
− | ** Note iptables is not installed, we'll fix that in the next lab.
| |
− | ** passwd, shadow, group files
| |
− | ** netstat -atnup
| |
− | * Create yoursenecaid user, no password, create /etc/sudoers.d/10-ops345-users with these contents:
| |
− | <source>yoursenecaid ALL=(ALL) NOPASSWD:ALL</source>
| |
− | * Allow yourself to log in using an SSH key:
| |
− | <source>
| |
− | # cd /home/ec2-user/
| |
− | # cp -r .ssh/ ~andrew
| |
− | # chown -R andrew.users ~andrew/.ssh/
| |
− | </source>
| |
− | * Confirm ssh in as yoursenecaid and successfully sudo su -
| |
− | * Delete ec2-user including the home directory. Use the userdel command.
| |
− | * Update hostname and make sure it sticks:
| |
− | ** https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html
| |
− | ** Change the instance "Name" in the EC2 management console.
| |