• Home

  • Documents

  • 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS...
16
-1- Amazon Web Services AWS Architecture AWS Account Crea7on Add AWS Educa7on Credit for $100 Launch instance SSH to instance 2016 Cloud Security Curriculum Development Workshop Amazon Web Service Lab AWS Account Setup and Services Overview Dr. Saptarshi Debroy, & Minh Nguyen Contact: Dr. Prasad Calyam, [email protected] 1. Purpose of the Lab Understand definitions of various Amazon Web Services (AWS) and their use in cloud computing based web applications that are accessible over the Internet through an AWS account. 2. References to guide Lab work - Chapter 1, Distributed and Cloud Computing, Hwang, Fox & Dongarra - Chapter 1, Programming Amazon EC2, Vliet and Paganelli - AWS Free Usage for Education: o Overview of AWS, http://media.amazonwebservices.com/AWS_Overview.pdf o Services on the free usage tier, http://aws.amazon.com/free/ o Make the most of your free monthly usage, http://docs.aws.amazon.com/gettingstarted/latest/awsgsg- freetier/TestDriveFreeTier-monthly.html - AWS Documentation: http://aws.amazon.com/documentation/ - AWS Reference Architectures: http://aws.amazon.com/architecture/ - General AWS Reading: T. Morgan, “A Rare Peek Into The Massive Scale of AWS”, Nov. 2014 - http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/ - AWS educational resources (AWS credit, training, learning resources) https://aws.amazon.com/education/awseducate/ 3. Lab Steps and output collection guidelines Figure 1: Lab Steps Overview The Figure 1 shows the required steps to be followed in order to successfully create an account credited with funds for this course. You will need to understand pricing conditions and services documentation related with ‘AWS free usage tier’, understand AWS Architecture, create your ‘AWS account’ and request for $100 credit. Then, you will launch your first AWS EC2 (Elastic Compute Cloud) instance. The final step will show you the ways to connect to your instance through local Linux/Mac or Windows computer. 3.1 Amazon Web Services Take your time in order to understand the conditions of free usage that involve free account availability, restrictions in terms of instance types, pay-as-you-go service rates, operating systems that are under the free usage condition, and free usage accumulation, detailed information can be found on http://aws.amazon.com/free/.

2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

  • Upload
    others

  • View
    4

  • Download
    0

Embed Size (px)

Citation preview

Page 1: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-1-

AmazonWebServices

AWSArchitecture

AWSAccountCrea7on

AddAWSEduca7onCredit

for$100

Launchinstance

SSHtoinstance

2016CloudSecurityCurriculumDevelopmentWorkshopAmazonWebServiceLab

AWSAccountSetupandServicesOverviewDr.SaptarshiDebroy,&MinhNguyen

Contact:Dr.PrasadCalyam,[email protected]

1. PurposeoftheLabUnderstanddefinitionsofvariousAmazonWebServices(AWS)andtheiruseincloudcomputingbasedwebapplicationsthatareaccessibleovertheInternetthroughanAWSaccount.

2. ReferencestoguideLabwork- Chapter1,DistributedandCloudComputing,Hwang,Fox&Dongarra- Chapter1,ProgrammingAmazonEC2,VlietandPaganelli- AWSFreeUsageforEducation:

o OverviewofAWS,http://media.amazonwebservices.com/AWS_Overview.pdfo Servicesonthefreeusagetier,http://aws.amazon.com/free/o Makethemostofyourfreemonthlyusage,

http://docs.aws.amazon.com/gettingstarted/latest/awsgsg-freetier/TestDriveFreeTier-monthly.html

- AWSDocumentation:http://aws.amazon.com/documentation/- AWSReferenceArchitectures:http://aws.amazon.com/architecture/- GeneralAWSReading:T.Morgan,“ARarePeekIntoTheMassiveScaleofAWS”,Nov.

2014-http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/- AWSeducationalresources(AWScredit,training,learningresources)

https://aws.amazon.com/education/awseducate/

3. LabStepsandoutputcollectionguidelines

Figure1:LabStepsOverviewTheFigure1showstherequiredstepstobefollowedinordertosuccessfullycreateanaccountcreditedwithfundsforthiscourse.Youwillneedtounderstandpricingconditionsandservicesdocumentation relatedwith ‘AWS freeusage tier’, understandAWSArchitecture, create your‘AWS account’ and request for $100 credit. Then, youwill launch your first AWS EC2 (ElasticCompute Cloud) instance. The final stepwill show you theways to connect to your instancethroughlocalLinux/MacorWindowscomputer.

3.1 AmazonWebServicesTake your time inorder tounderstand the conditionsof freeusage that involve free accountavailability, restrictions in terms of instance types, pay-as-you-go service rates, operatingsystems that are under the free usage condition, and free usage accumulation, detailedinformationcanbefoundonhttp://aws.amazon.com/free/.

Page 2: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-2-

Go through the http://aws.amazon.com/documentation/ to find detailed information of each servicethat AWS provides. Pay special attention to the service groups: Getting startedwith AWS, Compute,Storage&ContentDeliveryandDatabase.3.2.AWSArchitectureCenterYou will need to understand overall http://aws.amazon.com/architecture/ to help you build yourapplication architecture customized according to your requirements, and for maximizing the AWSservicesusage.WebapplicationhostingrelatedcustomizationexampleisshownbelowinFigure1.

Page 3: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-3-

Figure1:ExampleapplicationcustomizationofAWSarchitecture

3.3.AWSAccountCreationCreatean(AWS)AmazonWebServiceaccountinhttp://aws.amazon.combyclickingthebutton‘Createa Free Account’ and follow the instructions. A credit/debit card and a cellphone/Landline number isrequired.

• Followtheinstructiontocreateyouraccount.Atsomepointyouwillalsoneedtoenteryourcredit/debitcardinformation.

• Don’tforgettoselect‘Basic(Free)’SupportplantoaccesstoAWSfreeservices(ifthatinformationis

required).

Page 4: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-4-

• OnceyoucreateyouraccountyouwillseeallAWSservicesavailableforyou.

3.4.AddAWSEducationCreditfor$100toyourAccount.• Inhttps://aws.amazon.com/education/awseducate/apply/ApplyforAWScreditusingthe‘Applyfor

AWSEducateforstudents’link.

Page 5: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-5-

• OnceyoureceivedanemailfromAWSwiththePromoCode,activateditbyenteriton‘Credits’tagasshownbelow.

• YouwillbeabletoseeyourdetailedusageandCreditsBalancebyaccessing‘Bills’optionintheleft

menu.• Anotherusefuloptionistoenable‘ReceivePDFInvoicemyEmail’aswell‘ReceiveBillingAlerts’to

keeptrackoftheusage.

Page 6: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-6-

3.5LaunchingyourfirstAWSInstance

Figure3:OverviewofanAWSInstance

Figure3showstheinstancearchitecturetobeconfiguredinthisLab.UsingyourAWSaccount,youwilllaunch a virtual instance created in a new ‘Volume’ from an Amazon EBS-backed instance snapshot(called‘Root’),inordertoaccessyourreservedinfrastructureresourcesovertheInternet;youwillneedto create key pairs and secure it through a security group; all the infrastructurewill be created in aspecificzone.

3.5.1 Click‘ConsoleHome’,makesuretoselecttheUSEast(N.Virginia)regioninthetop-rightpartof

yourscreenandselectAWSEC2service(ElasticComputeCloud).

Page 7: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-7-

3.5.2 Inleftmenuselect“KeyPairs”.

• CreateaKeyPaircalled‘key-ec2’andstoreitinasafelocation,youwillneedthiskeytoconnecttotheinstances.

IfyouareaLinux/MACuser,remembertosetthepriorityforthekeypair:chmod700<path-to-the-keypairs>.

Page 8: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-8-

3.5.3 Select“SecurityGroups”fromtheleftmenu,nameaSecurityGroup‘SG_EC2’,adddescriptionandaSSHrulewith‘anywhere’optionselectedinsourcefield.

• ExampleofSecurityGroupcreation.

Page 9: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-9-

3.5.4 LaunchyourInstance

• Inleftmenu,launchanewinstanceinthe‘Instances’optionClickonthe‘LaunchInstance’button

andselectthefirstImageof‘AmazonLinux’onthelist

• Selectthet2.microinstancethatis‘Free’.

• Keepdefaultvaluesinthenextconfigurationwindowsandcontinueuntilyougettothe‘Tag

Instance’option.Add‘Key’and‘Value’asshowninfigurebelowandclickon‘Next:ConfigureSecurityGroup’.

Page 10: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-10-

• Selectthe‘SecurityGroup’createdpreviouslyandclickon‘ReviewandLaunch’.

• Onceyouclick‘launch’youwillbepromptedtochoosethekeypair‘key-ec2’createdpreviously.

• Inashorttimeyournewinstancewillbedeployedandreadytobeused.

Page 11: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-11-

3.6 Addingvolume

Inleftmenu“ElasticBlockStore”,select‘Volumes’andyouwillseethedefaultvolumewhereyourinstanceisstored.

• Clickin‘CreateVolume’forcreatinganew2GBvolumeandVolumeType‘GeneralPurpose(SSD)’.Besurethatthe‘AvailabilityZone’inthenewvolumeisthesameasthe‘Zone’ofthefirstvolume(Forthisspecificcaseus-east-1c)

Page 12: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-12-

• Oncethenewvolumeis‘available’,rightclickonitandselect‘Attachvolume’,selectyourcreated

instanceandattachit.Notethepathwillbeestablishedinthe‘Device’option.

• Youwillendupwithanew2GBSDDstoragedriveattachedtoyourinstance.• Itisgoodpracticetonameyourvolumes.

3.7 ConnectiontotheinstanceusingSSH

Firstup,copythepublicDNS.

Page 13: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-13-

3.7.1ForLinuxandMACOS

Openaterminalandtypein:

ssh –i <path-to-your-key-pairs> <public DNS>

Youwillbeloggedintheamazoninstance.

3.7.2ForWindows

Download‘PuTTYKeyGenerator’toconvertyourkeytoPuTTYcompatibleformat.Clickin‘conversions’and‘importkey’toselectyour‘key-ec2.pem’.

Page 14: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-14-

Selectthe‘SSH-1(RSA)’checkboxandclickon‘Saveprivatekey’forstoring.Nameit‘key-ec2-putty’

NowwithPuTTY.Paste[publicdns]in‘HostName(orIPaddress)’

Page 15: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-15-

Browsethe‘key-ec2-putty’inConnection/SSH/AuththenclickBrowse.

Select‘Yes’inthePuTTYalert.ThenLoginas‘ec2-user’

Page 16: 2016 Cloud Security Curriculum Development Workshop …-1- Amazon Web Services AWS Architecture AWS Account Creaon Add AWS Educaon Credit for $100 Launch instance SSH to 2016 Cloud

-16-

3.8Youshouldstopyourinstanceafterfinishingthelab.

InyourAWSEC2serviceselect‘Instances’under‘INSTANCES’option,selectyourrunninginstance,clickon‘Actions’buttonand‘Stop’option.


AWS cloud watch

AWS cloud watch

Software
VMWARE CLOUD ON AWS - Citrix.com · the AWS infrastructure and abstract AWS VPC networks for the customer cloud administrator. With VMware Cloud on AWS, the customer connects to VMware

VMWARE CLOUD ON AWS - Citrix.com · the AWS infrastructure and abstract AWS VPC networks for the customer cloud administrator. With VMware Cloud on AWS, the customer connects to VMware

Documents
NetApp Cloud Volumes Service for AWS Account …docs.netapp.com/us-en/cloud_volumes/aws/media/cvs_aws...NetApp Cloud Volumes Service for AWS AWS Account Setup Cloud Volumes Team, NetApp,

NetApp Cloud Volumes Service for AWS Account …docs.netapp.com/us-en/cloud_volumes/aws/media/cvs_aws...NetApp Cloud Volumes Service for AWS AWS Account Setup Cloud Volumes Team, NetApp,

Documents
Cloud computing with AWS

Cloud computing with AWS

Documents
Aws elastic compute cloud

Aws elastic compute cloud

Technology
AWS Cloud Adoption Framework

AWS Cloud Adoption Framework

Documents
20141021 AWS Cloud Taekwon - Big Data on AWS

20141021 AWS Cloud Taekwon - Big Data on AWS

Technology
AWS Empowering Digital Marketing with the AWS Cloud

AWS Empowering Digital Marketing with the AWS Cloud

Technology
Aws cloud computing

Aws cloud computing

Education
AWS Cloud Security

AWS Cloud Security

Technology
About Intellipaat · AWS What is Cloud Computing, Cloud Service & Deployment Models, how AWS is the leader in the cloud domain, various cloud computing products offered by AWS, introduction

About Intellipaat · AWS What is Cloud Computing, Cloud Service & Deployment Models, how AWS is the leader in the cloud domain, various cloud computing products offered by AWS, introduction

Documents
AWS Cloud Formation

AWS Cloud Formation

Technology
Optimize your AWS cloud with cloud ranger

Optimize your AWS cloud with cloud ranger

Technology
Aws public cloud deployment

Aws public cloud deployment

Technology
VMware Cloud on AWS - taldor.co.ilVMware Cloud on AWS - 3 Year Traditional (on-prem) Native Cloud Instance VMware Cloud on AWS TCO –3 Year Subscription CONFIDENTIAL 9 Note: Reference

VMware Cloud on AWS - taldor.co.ilVMware Cloud on AWS - 3 Year Traditional (on-prem) Native Cloud Instance VMware Cloud on AWS TCO –3 Year Subscription CONFIDENTIAL 9 Note: Reference

Documents
AWS Storage Services for Hybrid Cloud - files.meetup.comfiles.meetup.com/19647895/AWS Storage Services for a Hybrid Cloud.… · AWS Storage Services for Hybrid Cloud . ... Hybrid

AWS Storage Services for Hybrid Cloud - files.meetup.comfiles.meetup.com/19647895/AWS Storage Services for a Hybrid Cloud.… · AWS Storage Services for Hybrid Cloud . ... Hybrid

Documents
Spring Cloud on AWS

Spring Cloud on AWS

Technology
Cloud Volumes Service for AWS docs : Cloud …...Release notes What’s new in Cloud Volumes Service for AWS NetApp periodically updates Cloud Volumes Service for AWS to bring you

Cloud Volumes Service for AWS docs : Cloud …...Release notes What’s new in Cloud Volumes Service for AWS NetApp periodically updates Cloud Volumes Service for AWS to bring you

Documents
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)

AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)

Technology
Oracle EBS AWS Cloud

Oracle EBS AWS Cloud

Documents
AWS Cloud with NETSCOUT

AWS Cloud with NETSCOUT

Documents
Cloud Volumes Service for AWS : Cloud Manager · • Cloud Volumes API key and Secret key: See the Cloud Volumes Service for AWS documentation to get this information. • The AWS

Cloud Volumes Service for AWS : Cloud Manager · • Cloud Volumes API key and Secret key: See the Cloud Volumes Service for AWS documentation to get this information. • The AWS

Documents
Module 4: Secure your cloud applications...AWS Certificate Manager Amazon Cloud Directory AWS CloudHSM Amazon Cognito AWS Directory Service AWS Firewall Manager Amazon GuardDuty AWS

Module 4: Secure your cloud applications...AWS Certificate Manager Amazon Cloud Directory AWS CloudHSM Amazon Cognito AWS Directory Service AWS Firewall Manager Amazon GuardDuty AWS

Documents
Aws cloud best_practices

Aws cloud best_practices

Documents
AWS Webcast - Library Systems on the AWS Cloud

AWS Webcast - Library Systems on the AWS Cloud

Technology
Cloud Security (AWS)

Cloud Security (AWS)

Internet
AWS Role-based Learning and Certification Paths · AWS Certified Cloud Practitioner (optional) AWS Certified Cloud Practitioner (optional) Architecting on AWS (3 days) Developing

AWS Role-based Learning and Certification Paths · AWS Certified Cloud Practitioner (optional) AWS Certified Cloud Practitioner (optional) Architecting on AWS (3 days) Developing

Documents
AWS Webcast - What is Cloud Computing with AWS

AWS Webcast - What is Cloud Computing with AWS

Technology
AWS IoT Camera Connector on the AWS Cloud · AWS IoT enables internet-connected devices to connect to the AWS Cloud and lets applications in the AWS Cloud interact with these devices

AWS IoT Camera Connector on the AWS Cloud · AWS IoT enables internet-connected devices to connect to the AWS Cloud and lets applications in the AWS Cloud interact with these devices

Documents
AWS Webcast - Explore the AWS Cloud

AWS Webcast - Explore the AWS Cloud

Technology