We're going to set up a virtual machine in AWS now so you can start to get used to the process. You'll be repeating this several times during the course, try to learn a little more about it each time you do it.
Security group ops345first
A security group is a fundamental concept in AWS. It's not completely clear what it is. The closest thing you would have seen that's similar is a set of iptables rules. You can assign the security group (this set of rules) to one or more virtual machines.
A security group with no rules does not allow any traffic to pass through.
- Create a new security group "ops345first" with only the SSH port open to the world in the incoming rules. Familiarize yourself with the interface. You'll use this security group for your first VM you'll soon create.
First AWS VM
- Instance == VM. AMI == VM disk image.
- Lots of AMIs appear to be available, only Amazon Linux works with AWS Academy.
- Use "Launch Instances" to deploy a pre-built "Amazon Linux 2 AMI (HVM), SSD Volume Type" VM. Not one of the other Amazon Linux AMIs.
- Instance type t2.micro - sort of kind of almost free
- Security group "ops345first"
- Create a new RSA key pair named ops345-first-key, save it as ops345-first-key.pem on your workstation under a new directory ~/keys/ssh/
- Differences between Amazon Linux and CentOS
- /etc/yum.repos.d/amzn2-core.repo
- Not linked to RedHat/IBM support cycles and policies.
- Explore the VM:
- connect with user ec2-user, ssh key
- Many packages not installed by default in CentOS /are/ installed by default in Amazon Linux.
- yum install telnet
- systemctl works the same way
- Note neither iptables nor any other firewall is installed by default.
- passwd, shadow, group files
- netstat -atnup
- Create yoursenecaid user, no password, create /etc/sudoers.d/10-ops345-users with these contents:
yoursenecaid ALL=(ALL) NOPASSWD:ALL
- Allow yourself to log in using your SSH key:
# cd /home/ec2-user/
# cp -r .ssh/ ~yoursenecaid
# chown -R yoursenecaid.users ~yoursenecaid/.ssh/
- Confirm ssh in as yoursenecaid and successfully sudo su -
- Delete ec2-user including the home directory. Use the userdel command.
- Update hostname to "first.yoursenecaid.ops" and make sure it sticks:
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-hostname.html
- Change the instance "Name" in the EC2 management console to "first".