Difference between revisions of "OPS345 Lab 1"

From CDOT Wiki
Jump to: navigation, search
(First AWS VM)
(Replaced content with "[http://wiki.littlesvr.ca/wiki/OPS345_Lab_1 This page has moved.]")
 
(53 intermediate revisions by the same user not shown)
Line 1: Line 1:
= THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE =
+
[http://wiki.littlesvr.ca/wiki/OPS345_Lab_1 This page has moved.]
 
 
''' The current schedule for OPS345 is here: [[OPS335_Weekly_Schedule]]
 
 
 
= AWS Console =
 
 
 
Log in here: https://awsacademy.instructure.com
 
 
 
Click "Courses" > "AWS Academy Learner Lab - Foundation Services" > "Modules" >  "Learner Lab - Foundational Services"
 
 
 
Click "Start Lab". The first time this will take a few minutes. This will spin up all your EC2 instances which automatically shut down 4 hours after you start the lab. But your data will not be lost. Your VMs will persist until the end of the course.
 
 
 
= AWS cost monitoring =
 
 
 
* You are responsible for your AWS usage. Normally using resources from AWS costs money. In an AWS Educate Learner Lab you get a 100$ credit which will be more than enough to cover all your resources until the end of the course.
 
** Take this opportunity during the course to learn what costs how much money, and make sure you don't use up your 100$ until you are done all your work in the course. The skills of managing cloud costs are very valuable.
 
** Both in the Learner Lab and the real AWS figuring out what the money was spent on is surprisingly difficult after it's already spent. So pay attention whenever you see a note about the cost of anything.
 
** You cannot use AWS Budgets in your AWS Learning Lab.
 
** You could try to figure out how to use the Amazon CloudWatch billing alarms
 
* Always keep cost in the back of your mind when doing /anything/ on AWS
 
 
 
= Basic security on a public-facing server =
 
 
 
* A good AWS password, not used anywhere else
 
* Remove default usernames
 
* Whenever possible: don't use passwords at all, use SSH keys for logging in
 
* root is never allowed to log in remotely
 
* How to use sudo and how to configure it
 
* ssh keys, same as OPS245
 
* How to organise your SSH keys and not lose them
 
 
 
= AWS networking =
 
 
 
* Default dynamic public IP
 
* Default static private network/IP
 
* Reserving a static public IP under "Elastic IPs", cost of doing that
 
 
 
= First AWS VM =
 
 
 
* Deploy a pre-built Debian 10 VM ("Instance")
 
** Instance type t2.micro - sort of kind of almost free
 
** Existing security group "default"
 
** Create a new RSA key pair named ops345-default-key, save it as ops345-default-key.pem on your workstation under a new directory ~/keys/ssh/
 
* Differences between Debian and CentOS
 
* Explore the VM:
 
** connect with user ec2-user, ssh key
 
** no yum, use apt
 
** no rpm, use dpkg
 
** systemctl
 
** passwd, shadow, group files
 
** netstat -atnup
 
** Create senecaid-admin user, no password, add to wheel group, modify /etc/sudoers
 
** Confirm can log in as senecaid-user and successfully sudo su
 
** Delete ec2-user
 

Latest revision as of 02:43, 28 February 2022