1,234
edits
Changes
Created page with "https://aws.amazon.com/education/awseducate/ click "AWS Account", then "AWS Edicate Starter Account", then "AWS Console" = AWS cost monitoring = * Students are responsible f..."
https://aws.amazon.com/education/awseducate/
click "AWS Account", then "AWS Edicate Starter Account", then "AWS Console"
= AWS cost monitoring =
* Students are responsible for their AWS usage, including paying for it
* No AWS alerts on AWS educate account
* For those not using AWS educate: Amazon CloudWatch billing alarms
* Always keep cost in the back of your mind when doing /anything/ on AWS
= Basic security on a public-facing server =
* A good AWS password, not used anywhere else
* Remove default usernames
* Whenever possible: don't use passwords at all, use SSH keys for logging in
* root is never allowed to log in remotely
* How to use sudo and how to configure it
* ssh keys, same as OPS245
* How to organise your SSH keys and not lose them
= AWS networking =
* Default dynamic public IP
* Default static private network/IP
* Reserving a static public IP under "Elastic IPs", cost of doing that
= First AWS VM =
* Deploy a pre-built SuSE VM ("Instance") suse-sles-15-sp2-v20201211-hvm-ssd-x86_64
** Instance type t2.micro - sort of almost free
* Differences between SuSE and CentOS
* Explore the VM:
** connect with user ec2-user, ssh key
** no yum, use zypper
** systemctl
** passwd, shadow, group files
** netstat -atnup
** Create senecaid-admin user, no password, add to wheel group, modify /etc/sudoers
** Confirm can log in as senecaid-user and successfully sudo su
** Delete ec2-user
click "AWS Account", then "AWS Edicate Starter Account", then "AWS Console"
= AWS cost monitoring =
* Students are responsible for their AWS usage, including paying for it
* No AWS alerts on AWS educate account
* For those not using AWS educate: Amazon CloudWatch billing alarms
* Always keep cost in the back of your mind when doing /anything/ on AWS
= Basic security on a public-facing server =
* A good AWS password, not used anywhere else
* Remove default usernames
* Whenever possible: don't use passwords at all, use SSH keys for logging in
* root is never allowed to log in remotely
* How to use sudo and how to configure it
* ssh keys, same as OPS245
* How to organise your SSH keys and not lose them
= AWS networking =
* Default dynamic public IP
* Default static private network/IP
* Reserving a static public IP under "Elastic IPs", cost of doing that
= First AWS VM =
* Deploy a pre-built SuSE VM ("Instance") suse-sles-15-sp2-v20201211-hvm-ssd-x86_64
** Instance type t2.micro - sort of almost free
* Differences between SuSE and CentOS
* Explore the VM:
** connect with user ec2-user, ssh key
** no yum, use zypper
** systemctl
** passwd, shadow, group files
** netstat -atnup
** Create senecaid-admin user, no password, add to wheel group, modify /etc/sudoers
** Confirm can log in as senecaid-user and successfully sudo su
** Delete ec2-user