2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS...

-1-

AmazonWebServices

AWSArchitecture

AWSAccountCrea7on

AddAWSEduca7onCredit

for$100

Launchinstance

SSHtoinstance

2016CloudSecurityCurriculumDevelopmentWorkshopAmazonWebServiceLab

AWSAccountSetupandServicesOverviewDr.SaptarshiDebroy,&MinhNguyen

Contact:Dr.PrasadCalyam,calyamp@missouri.edu

1. PurposeoftheLabUnderstanddefinitionsofvariousAmazonWebServices(AWS)andtheiruseincloudcomputingbasedwebapplicationsthatareaccessibleovertheInternetthroughanAWSaccount.

2. ReferencestoguideLabwork- Chapter1,DistributedandCloudComputing,Hwang,Fox&Dongarra- Chapter1,ProgrammingAmazonEC2,VlietandPaganelli- AWSFreeUsageforEducation:

o OverviewofAWS,http://media.amazonwebservices.com/AWS_Overview.pdfo Servicesonthefreeusagetier,http://aws.amazon.com/free/o Makethemostofyourfreemonthlyusage,

http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-freetier/TestDriveFreeTier-monthly.html

- AWSDocumentation:http://aws.amazon.com/documentation/- AWSReferenceArchitectures:http://aws.amazon.com/architecture/- GeneralAWSReading:T.Morgan,“ARarePeekIntoTheMassiveScaleofAWS”,Nov.

2014-http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/- AWSeducationalresources(AWScredit,training,learningresources)

https://aws.amazon.com/education/awseducate/

3. LabStepsandoutputcollectionguidelines

Figure1:LabStepsOverviewTheFigure1showstherequiredstepstobefollowedinordertosuccessfullycreateanaccountcreditedwithfundsforthiscourse.Youwillneedtounderstandpricingconditionsandservicesdocumentation relatedwith ‘AWS freeusage tier’, understandAWSArchitecture, create your‘AWS account’ and request for $100 credit. Then, youwill launch your first AWS EC2 (ElasticCompute Cloud) instance. The final stepwill show you theways to connect to your instancethroughlocalLinux/MacorWindowscomputer.

3.1 AmazonWebServicesTake your time inorder tounderstand the conditionsof freeusage that involve free accountavailability, restrictions in terms of instance types, pay-as-you-go service rates, operatingsystems that are under the free usage condition, and free usage accumulation, detailedinformationcanbefoundonhttp://aws.amazon.com/free/.

-2-

Go through the http://aws.amazon.com/documentation/ to find detailed information of each servicethat AWS provides. Pay special attention to the service groups: Getting startedwith AWS, Compute,Storage&ContentDeliveryandDatabase.3.2.AWSArchitectureCenterYou will need to understand overall http://aws.amazon.com/architecture/ to help you build yourapplication architecture customized according to your requirements, and for maximizing the AWSservicesusage.WebapplicationhostingrelatedcustomizationexampleisshownbelowinFigure1.

-3-

Figure1:ExampleapplicationcustomizationofAWSarchitecture

3.3.AWSAccountCreationCreatean(AWS)AmazonWebServiceaccountinhttp://aws.amazon.combyclickingthebutton‘Createa Free Account’ and follow the instructions. A credit/debit card and a cellphone/Landline number isrequired.

• Followtheinstructiontocreateyouraccount.Atsomepointyouwillalsoneedtoenteryourcredit/debitcardinformation.

• Don’tforgettoselect‘Basic(Free)’SupportplantoaccesstoAWSfreeservices(ifthatinformationis

required).

-4-

• OnceyoucreateyouraccountyouwillseeallAWSservicesavailableforyou.

3.4.AddAWSEducationCreditfor$100toyourAccount.• Inhttps://aws.amazon.com/education/awseducate/apply/ApplyforAWScreditusingthe‘Applyfor

AWSEducateforstudents’link.

-5-

• OnceyoureceivedanemailfromAWSwiththePromoCode,activateditbyenteriton‘Credits’tagasshownbelow.

• YouwillbeabletoseeyourdetailedusageandCreditsBalancebyaccessing‘Bills’optionintheleft

menu.• Anotherusefuloptionistoenable‘ReceivePDFInvoicemyEmail’aswell‘ReceiveBillingAlerts’to

keeptrackoftheusage.

-6-

3.5LaunchingyourfirstAWSInstance

Figure3:OverviewofanAWSInstance

Figure3showstheinstancearchitecturetobeconfiguredinthisLab.UsingyourAWSaccount,youwilllaunch a virtual instance created in a new ‘Volume’ from an Amazon EBS-backed instance snapshot(called‘Root’),inordertoaccessyourreservedinfrastructureresourcesovertheInternet;youwillneedto create key pairs and secure it through a security group; all the infrastructurewill be created in aspecificzone.

3.5.1 Click‘ConsoleHome’,makesuretoselecttheUSEast(N.Virginia)regioninthetop-rightpartof

yourscreenandselectAWSEC2service(ElasticComputeCloud).

-7-

3.5.2 Inleftmenuselect“KeyPairs”.

• CreateaKeyPaircalled‘key-ec2’andstoreitinasafelocation,youwillneedthiskeytoconnecttotheinstances.

IfyouareaLinux/MACuser,remembertosetthepriorityforthekeypair:chmod700<path-to-the-keypairs>.

-8-

3.5.3 Select“SecurityGroups”fromtheleftmenu,nameaSecurityGroup‘SG_EC2’,adddescriptionandaSSHrulewith‘anywhere’optionselectedinsourcefield.

• ExampleofSecurityGroupcreation.

-9-

3.5.4 LaunchyourInstance

• Inleftmenu,launchanewinstanceinthe‘Instances’optionClickonthe‘LaunchInstance’button

andselectthefirstImageof‘AmazonLinux’onthelist

• Selectthet2.microinstancethatis‘Free’.

• Keepdefaultvaluesinthenextconfigurationwindowsandcontinueuntilyougettothe‘Tag

Instance’option.Add‘Key’and‘Value’asshowninfigurebelowandclickon‘Next:ConfigureSecurityGroup’.

-10-

• Selectthe‘SecurityGroup’createdpreviouslyandclickon‘ReviewandLaunch’.

• Onceyouclick‘launch’youwillbepromptedtochoosethekeypair‘key-ec2’createdpreviously.

• Inashorttimeyournewinstancewillbedeployedandreadytobeused.

-11-

3.6 Addingvolume

Inleftmenu“ElasticBlockStore”,select‘Volumes’andyouwillseethedefaultvolumewhereyourinstanceisstored.

• Clickin‘CreateVolume’forcreatinganew2GBvolumeandVolumeType‘GeneralPurpose(SSD)’.Besurethatthe‘AvailabilityZone’inthenewvolumeisthesameasthe‘Zone’ofthefirstvolume(Forthisspecificcaseus-east-1c)

-12-

• Oncethenewvolumeis‘available’,rightclickonitandselect‘Attachvolume’,selectyourcreated

instanceandattachit.Notethepathwillbeestablishedinthe‘Device’option.

• Youwillendupwithanew2GBSDDstoragedriveattachedtoyourinstance.• Itisgoodpracticetonameyourvolumes.

3.7 ConnectiontotheinstanceusingSSH

Firstup,copythepublicDNS.

-13-

3.7.1ForLinuxandMACOS

Openaterminalandtypein:

ssh –i <path-to-your-key-pairs> <public DNS>

Youwillbeloggedintheamazoninstance.

3.7.2ForWindows

Download‘PuTTYKeyGenerator’toconvertyourkeytoPuTTYcompatibleformat.Clickin‘conversions’and‘importkey’toselectyour‘key-ec2.pem’.

-14-

Selectthe‘SSH-1(RSA)’checkboxandclickon‘Saveprivatekey’forstoring.Nameit‘key-ec2-putty’

NowwithPuTTY.Paste[publicdns]in‘HostName(orIPaddress)’

-15-

Browsethe‘key-ec2-putty’inConnection/SSH/AuththenclickBrowse.

Select‘Yes’inthePuTTYalert.ThenLoginas‘ec2-user’

-16-

3.8Youshouldstopyourinstanceafterfinishingthelab.

InyourAWSEC2serviceselect‘Instances’under‘INSTANCES’option,selectyourrunninginstance,clickon‘Actions’buttonand‘Stop’option.