THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE

The current schedule for OPS345 is here: OPS335_Weekly_Schedule

AWS Console

Log in here: https://awsacademy.instructure.com

Click "Courses" > "AWS Academy Learner Lab - Foundation Services" > "Modules" > "Learner Lab - Foundational Services"

Click "Start Lab". The first time this will take a few minutes. This will spin up all your EC2 instances which automatically shut down 4 hours after you start the lab. But your data will not be lost. Your VMs will persist until the end of the course.

AWS cost monitoring

• You are responsible for your AWS usage. Normally using resources from AWS costs money. In an AWS Educate Learner Lab you get a 100$ credit which will be more than enough to cover all your resources until the end of the course.
  • Take this opportunity during the course to learn what costs how much money, and make sure you don't use up your 100$ until you are done all your work in the course. The skills of managing cloud costs are very valuable.
  • Both in the Learner Lab and the real AWS figuring out what the money was spent on is surprisingly difficult after it's already spent. So pay attention whenever you see a note about the cost of anything.
  • You cannot use AWS Budgets in your AWS Learning Lab.
  • You could try to figure out how to use the Amazon CloudWatch billing alarms
• Always keep cost in the back of your mind when doing /anything/ on AWS

Basic security on a public-facing server

• A good AWS password, not used anywhere else
• Remove default usernames
• Whenever possible: don't use passwords at all, use SSH keys for logging in
• root is never allowed to log in remotely
• How to use sudo and how to configure it
• ssh keys, same as OPS245
• How to organise your SSH keys and not lose them

First AWS VM

• Create a new security group "ops345first" with only the SSH port open. We'll look at security groups in more detail next week.
• Instance == VM. AMI == VM disk image.
• Lots of AMIs appear to be available, only Amazon Linux works with AWS Academy.
• Use "Launch Instances" to deploy a pre-built "Amazon Linux 2 AMI (HVM), SSD Volume Type" VM. Not one of the other Amazon Linux AMIs.
  • Instance type t2.micro - sort of kind of almost free
  • Security group "ops345first"
  • Create a new RSA key pair named ops345-first-key, save it as ops345-first-key.pem on your workstation under a new directory ~/keys/ssh/
• Differences between Amazon Linux and CentOS
  • /etc/yum.repos.d/amzn2-core.repo
  • Not linked to RedHat/IBM support cycles and policies.
• Explore the VM:
  • connect with user ec2-user, ssh key
  • Many packages not installed by default in CentOS /are/ installed by default in Amazon Linux.
  • yum install telnet
  • systemctl works the same way
  • Note neither iptables nor any other firewall is installed by default.
  • passwd, shadow, group files
  • netstat -atnup
• Create yoursenecaid user, no password, create /etc/sudoers.d/10-ops345-users with these contents:

yoursenecaid ALL=(ALL) NOPASSWD:ALL

• Allow yourself to log in using your SSH key:

# cd /home/ec2-user/
# cp -r .ssh/ ~yoursenecaid
# chown -R yoursenecaid.users ~yoursenecaid/.ssh/

• Confirm ssh in as yoursenecaid and successfully sudo su -
• Delete ec2-user including the home directory. Use the userdel command.
• Update hostname to "first.yoursenecaid.ops" and make sure it sticks:
  • https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html
  • Change the instance "Name" in the EC2 management console to "first".