Open main menu

CDOT Wiki β

OPS345 Lab 1

Revision as of 00:43, 8 December 2021 by Andrew (talk | contribs) (AWS Console)

THIS PAGE IS A DRAFT, NOT A REAL COURSE PAGE

The current schedule for OPS345 is here: OPS335_Weekly_Schedule

Accessing your AWS account

At the beginning of the semester your professor will create a Leaner Lab in AWS Academy. The professor will add all the students enrolled in their OPS345 sections as students in that Learner Lab. You should automatically receive an email that looks like this in the beginning of the course:

If you haven't recieved such an email: you need to let your professor know.

Once you complete setting up your account: browse around the interface. For OPS345 you only ever need to navigate to the following screen in this interface:

Log in here: https://awsacademy.instructure.com

Click "Courses" > "AWS Academy Learner Lab - Foundation Services" > "Modules" > "Learner Lab - Foundational Services"

Click "Start Lab". The first time this will take a few minutes. This will spin up all your EC2 instances which automatically shut down 4 hours after you start the lab. But your data will not be lost. Your VMs will persist until the end of the course.

AWS cost monitoring

  • You are responsible for your AWS usage. Normally using resources from AWS costs money. In an AWS Educate Learner Lab you get a 100$ credit which will be more than enough to cover all your resources until the end of the course.
    • Take this opportunity during the course to learn what costs how much money, and make sure you don't use up your 100$ until you are done all your work in the course. The skills of managing cloud costs are very valuable.
    • Both in the Learner Lab and the real AWS figuring out what the money was spent on is surprisingly difficult after it's already spent. So pay attention whenever you see a note about the cost of anything.
    • You cannot use AWS Budgets in your AWS Learning Lab.
    • You could try to figure out how to use the Amazon CloudWatch billing alarms
  • Always keep cost in the back of your mind when doing /anything/ on AWS

Basic security on a public-facing server

  • A good AWS password, not used anywhere else
  • Remove default usernames
  • Whenever possible: don't use passwords at all, use SSH keys for logging in
  • root is never allowed to log in remotely
  • How to use sudo and how to configure it
  • ssh keys, same as OPS245
  • How to organise your SSH keys and not lose them

First AWS VM

  • Create a new security group "ops345first" with only the SSH port open. We'll look at security groups in more detail next week.
  • Instance == VM. AMI == VM disk image.
  • Lots of AMIs appear to be available, only Amazon Linux works with AWS Academy.
  • Use "Launch Instances" to deploy a pre-built "Amazon Linux 2 AMI (HVM), SSD Volume Type" VM. Not one of the other Amazon Linux AMIs.
    • Instance type t2.micro - sort of kind of almost free
    • Security group "ops345first"
    • Create a new RSA key pair named ops345-first-key, save it as ops345-first-key.pem on your workstation under a new directory ~/keys/ssh/
  • Differences between Amazon Linux and CentOS
    • /etc/yum.repos.d/amzn2-core.repo
    • Not linked to RedHat/IBM support cycles and policies.
  • Explore the VM:
    • connect with user ec2-user, ssh key
    • Many packages not installed by default in CentOS /are/ installed by default in Amazon Linux.
    • yum install telnet
    • systemctl works the same way
    • Note neither iptables nor any other firewall is installed by default.
    • passwd, shadow, group files
    • netstat -atnup
  • Create yoursenecaid user, no password, create /etc/sudoers.d/10-ops345-users with these contents:
yoursenecaid ALL=(ALL) NOPASSWD:ALL
  • Allow yourself to log in using your SSH key:
# cd /home/ec2-user/
# cp -r .ssh/ ~yoursenecaid
# chown -R yoursenecaid.users ~yoursenecaid/.ssh/