2016 cloud security curriculum development workshop …-1- amazon web services aws architecture aws...
TRANSCRIPT
-1-
AmazonWebServices
AWSArchitecture
AWSAccountCrea7on
AddAWSEduca7onCredit
for$100
Launchinstance
SSHtoinstance
2016CloudSecurityCurriculumDevelopmentWorkshopAmazonWebServiceLab
AWSAccountSetupandServicesOverviewDr.SaptarshiDebroy,&MinhNguyen
Contact:Dr.PrasadCalyam,[email protected]
1. PurposeoftheLabUnderstanddefinitionsofvariousAmazonWebServices(AWS)andtheiruseincloudcomputingbasedwebapplicationsthatareaccessibleovertheInternetthroughanAWSaccount.
2. ReferencestoguideLabwork- Chapter1,DistributedandCloudComputing,Hwang,Fox&Dongarra- Chapter1,ProgrammingAmazonEC2,VlietandPaganelli- AWSFreeUsageforEducation:
o OverviewofAWS,http://media.amazonwebservices.com/AWS_Overview.pdfo Servicesonthefreeusagetier,http://aws.amazon.com/free/o Makethemostofyourfreemonthlyusage,
http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-freetier/TestDriveFreeTier-monthly.html
- AWSDocumentation:http://aws.amazon.com/documentation/- AWSReferenceArchitectures:http://aws.amazon.com/architecture/- GeneralAWSReading:T.Morgan,“ARarePeekIntoTheMassiveScaleofAWS”,Nov.
2014-http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/- AWSeducationalresources(AWScredit,training,learningresources)
https://aws.amazon.com/education/awseducate/
3. LabStepsandoutputcollectionguidelines
Figure1:LabStepsOverviewTheFigure1showstherequiredstepstobefollowedinordertosuccessfullycreateanaccountcreditedwithfundsforthiscourse.Youwillneedtounderstandpricingconditionsandservicesdocumentation relatedwith ‘AWS freeusage tier’, understandAWSArchitecture, create your‘AWS account’ and request for $100 credit. Then, youwill launch your first AWS EC2 (ElasticCompute Cloud) instance. The final stepwill show you theways to connect to your instancethroughlocalLinux/MacorWindowscomputer.
3.1 AmazonWebServicesTake your time inorder tounderstand the conditionsof freeusage that involve free accountavailability, restrictions in terms of instance types, pay-as-you-go service rates, operatingsystems that are under the free usage condition, and free usage accumulation, detailedinformationcanbefoundonhttp://aws.amazon.com/free/.
-2-
Go through the http://aws.amazon.com/documentation/ to find detailed information of each servicethat AWS provides. Pay special attention to the service groups: Getting startedwith AWS, Compute,Storage&ContentDeliveryandDatabase.3.2.AWSArchitectureCenterYou will need to understand overall http://aws.amazon.com/architecture/ to help you build yourapplication architecture customized according to your requirements, and for maximizing the AWSservicesusage.WebapplicationhostingrelatedcustomizationexampleisshownbelowinFigure1.
-3-
Figure1:ExampleapplicationcustomizationofAWSarchitecture
3.3.AWSAccountCreationCreatean(AWS)AmazonWebServiceaccountinhttp://aws.amazon.combyclickingthebutton‘Createa Free Account’ and follow the instructions. A credit/debit card and a cellphone/Landline number isrequired.
• Followtheinstructiontocreateyouraccount.Atsomepointyouwillalsoneedtoenteryourcredit/debitcardinformation.
• Don’tforgettoselect‘Basic(Free)’SupportplantoaccesstoAWSfreeservices(ifthatinformationis
required).
-4-
• OnceyoucreateyouraccountyouwillseeallAWSservicesavailableforyou.
3.4.AddAWSEducationCreditfor$100toyourAccount.• Inhttps://aws.amazon.com/education/awseducate/apply/ApplyforAWScreditusingthe‘Applyfor
AWSEducateforstudents’link.
-5-
• OnceyoureceivedanemailfromAWSwiththePromoCode,activateditbyenteriton‘Credits’tagasshownbelow.
• YouwillbeabletoseeyourdetailedusageandCreditsBalancebyaccessing‘Bills’optionintheleft
menu.• Anotherusefuloptionistoenable‘ReceivePDFInvoicemyEmail’aswell‘ReceiveBillingAlerts’to
keeptrackoftheusage.
-6-
3.5LaunchingyourfirstAWSInstance
Figure3:OverviewofanAWSInstance
Figure3showstheinstancearchitecturetobeconfiguredinthisLab.UsingyourAWSaccount,youwilllaunch a virtual instance created in a new ‘Volume’ from an Amazon EBS-backed instance snapshot(called‘Root’),inordertoaccessyourreservedinfrastructureresourcesovertheInternet;youwillneedto create key pairs and secure it through a security group; all the infrastructurewill be created in aspecificzone.
3.5.1 Click‘ConsoleHome’,makesuretoselecttheUSEast(N.Virginia)regioninthetop-rightpartof
yourscreenandselectAWSEC2service(ElasticComputeCloud).
-7-
3.5.2 Inleftmenuselect“KeyPairs”.
• CreateaKeyPaircalled‘key-ec2’andstoreitinasafelocation,youwillneedthiskeytoconnecttotheinstances.
IfyouareaLinux/MACuser,remembertosetthepriorityforthekeypair:chmod700<path-to-the-keypairs>.
-8-
3.5.3 Select“SecurityGroups”fromtheleftmenu,nameaSecurityGroup‘SG_EC2’,adddescriptionandaSSHrulewith‘anywhere’optionselectedinsourcefield.
• ExampleofSecurityGroupcreation.
-9-
3.5.4 LaunchyourInstance
• Inleftmenu,launchanewinstanceinthe‘Instances’optionClickonthe‘LaunchInstance’button
andselectthefirstImageof‘AmazonLinux’onthelist
• Selectthet2.microinstancethatis‘Free’.
• Keepdefaultvaluesinthenextconfigurationwindowsandcontinueuntilyougettothe‘Tag
Instance’option.Add‘Key’and‘Value’asshowninfigurebelowandclickon‘Next:ConfigureSecurityGroup’.
-10-
• Selectthe‘SecurityGroup’createdpreviouslyandclickon‘ReviewandLaunch’.
• Onceyouclick‘launch’youwillbepromptedtochoosethekeypair‘key-ec2’createdpreviously.
• Inashorttimeyournewinstancewillbedeployedandreadytobeused.
-11-
3.6 Addingvolume
Inleftmenu“ElasticBlockStore”,select‘Volumes’andyouwillseethedefaultvolumewhereyourinstanceisstored.
• Clickin‘CreateVolume’forcreatinganew2GBvolumeandVolumeType‘GeneralPurpose(SSD)’.Besurethatthe‘AvailabilityZone’inthenewvolumeisthesameasthe‘Zone’ofthefirstvolume(Forthisspecificcaseus-east-1c)
-12-
• Oncethenewvolumeis‘available’,rightclickonitandselect‘Attachvolume’,selectyourcreated
instanceandattachit.Notethepathwillbeestablishedinthe‘Device’option.
• Youwillendupwithanew2GBSDDstoragedriveattachedtoyourinstance.• Itisgoodpracticetonameyourvolumes.
3.7 ConnectiontotheinstanceusingSSH
Firstup,copythepublicDNS.
-13-
3.7.1ForLinuxandMACOS
Openaterminalandtypein:
ssh –i <path-to-your-key-pairs> <public DNS>
Youwillbeloggedintheamazoninstance.
3.7.2ForWindows
Download‘PuTTYKeyGenerator’toconvertyourkeytoPuTTYcompatibleformat.Clickin‘conversions’and‘importkey’toselectyour‘key-ec2.pem’.
-14-
Selectthe‘SSH-1(RSA)’checkboxandclickon‘Saveprivatekey’forstoring.Nameit‘key-ec2-putty’
NowwithPuTTY.Paste[publicdns]in‘HostName(orIPaddress)’
-15-
Browsethe‘key-ec2-putty’inConnection/SSH/AuththenclickBrowse.
Select‘Yes’inthePuTTYalert.ThenLoginas‘ec2-user’
-16-
3.8Youshouldstopyourinstanceafterfinishingthelab.
InyourAWSEC2serviceselect‘Instances’under‘INSTANCES’option,selectyourrunninginstance,clickon‘Actions’buttonand‘Stop’option.