Embed Size (px)
Citation preview
Getting Started with AWS
Martin Elwin
Launching an
instance
Region
Regions
Regions Region
US-WEST (N.
California) EU-WEST (Ireland)
ASIA PAC
(Tokyo)
ASIA PAC
(Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao
Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
Wizard
Launch Wizard
Choose
operating
system
Launch Wizard
Launch!
Launch
Launch Confirmation
Instance
DNS name
Public Address
Instance
DNS name
SSH
SSH
EC2
Compute
Vertical Scaling
From $0.02/hr Elastic Compute Cloud (EC2) Basic unit of compute capacity
Range of CPU, memory & local disk options
18 Instance types available, from micro to cluster compute
Feature Details
Flexible Run Windows or Linux distributions
Scalable Wide range of instance types from micro to cluster compute
Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created
Full control Full root or administrator rights
Secure Full firewall control via Security Groups
Monitoring Publishes metrics to Cloud Watch
Inexpensive On-demand, Reserved and Spot instance types
VM Import/Export Import and export VM images to transfer configurations in and out of EC2
256
128
64
32
16
8
4
2
1
1 2 4 8 16 32 64 128 256
EC2 instance types
High I/O 4XL 60.5 GB 35 EC2 Compute Units 16 virtual cores 2*1024 GB SSD-based local instance storage
Me
mo
ry (
GB
)
Small 1.7 GB, 1 EC2 Compute Unit 1 virtual core
Micro 613 MB Up to 2 ECUs (for short bursts)
Large 7.5 GB 4 EC2 Compute Units 2 virtual cores
Hi-Mem XL 17.1 GB 6.5 EC2 Compute Units 2 virtual cores
Hi-Mem 2XL 34.2 GB 13 EC2 Compute Units 4 virtual cores
Hi-Mem 4XL 68.4 GB 26 EC2 Compute Units 8 virtual cores
High-CPU Med 1.7 GB 5 EC2 Compute Units 2 virtual cores
High-CPU XL 7 GB 20 EC2 Compute Units 8 virtual cores
Medium 3.7 GB, 2 EC2 Compute Units 1 virtual core
M3 XL 15 GB 13 EC2 Compute Units 4 virtual cores EBS storage only
M3 2XL 30 GB 26 EC2 Compute Units 8 virtual cores EBS storage only
Extra Large 15 GB 8 EC2 Compute Units 4 virtual cores
Cluster GPU 4XL 22 GB 33.5 EC2 Compute Units, 2 x NVIDIA Tesla “Fermi” M2050 GPUs
Cluster Compute 4XL 23 GB 33.5 EC2 Compute Units
Cluster Compute 8XL 60.5 GB 88 EC2 Compute Units
High Storage 8XL 117 GB 35 EC2 Compute Units, 24 * 2 TB ephemeral drives 10 GB Ethernet
Hi-Mem Cluster Compute 8XL 244 GB 88 EC2 Compute Units 16 virtual cores 240 GB SSD
EC2 Compute Units
EC2 instance types
EC2 Compute Units
Me
mo
ry (
GB
) Special Storage
Light Spiky
AMI
Amazon Machine Image
Instance
Running or Stopped machine
AZ Availability Zone
S3
EBS EBS EBS EBS EBS EBS
EBS Snapshots
S3 Buckets
Region
EC2 terminology
More details!
Sign up:
aws.amazon.com
1 2 3 4 5
Sign up
1 2 3 4 5
Sign up
1 2 3 4 5
Sign up
1 2 3 4 5
Sign up
You will need
Credit card information – you won’t pay unless you use resources
A telephone – on which to receive an automated security call
1 2 3 4 5
Sign up
You will need
Best practice
Setup billing alerts so you can be notified when levels of spend are reached
If you have existing accounts, consider using consolidated billing to bring them together under one payment
Credit card information – you won’t pay unless you use resources
A telephone – on which to receive an automated security call
1 2 3 4 5
Sign up
750 hours of Amazon EC2 Linux/RedHat/Suse Micro Instance usage
750 hours of Amazon EC2 Microsoft Windows Server Micro Instance usage
750 hours of an Elastic Load Balancer
30 GB of Amazon Elastic Block Storage
5 GB of Amazon S3 standard storage
100 MB of storage, 5 units of write capacity, and 10 units of read capacity for Amazon DynamoDB*
25 Amazon SimpleDB Machine Hours and 1 GB of Storage
1,000 Amazon SWF workflow executions*
1,000,000 Requests of Amazon Simple Queue Service*
1,000,000 Requests, 100,000 HTTP and 1,000 email notifications for Amazon Simple Notification Service*
10 Amazon CloudWatch metrics, 10 alarms, and 1,000,000 API requests*
15 GB of bandwidth out aggregated across all AWS services
750 hours of Amazon RDS for SQL Server Micro DB Instance usage
20 GB of RDS database storage
10 million RDS I/Os
20 GB of backup storage for your automated RDS database backups and any user-initiated DB Snapshots
20 minutes of SD transcoding or 10 minutes of HD transcoding in Amazon Elastic Transcoder*
Free tier http://aws.amazon.com/free/
1 2 3 4 5
Sign up
1 2 3 4 5
Logging in to an
instance
Sign up Key pairs
Public Key
Inserted by Amazon into each EC2 instance that
you launch
Private Key
Downloaded and stored by you
Standard SSH RSA Key pair
Public/Private Keys
Public key provided by AWS to EC2
instance for secure, personalized, initial,
non-generic access
Supports NIST and other security standards
for providing non-default user access
Instance key pairs
EC2
Instance
Comms secured with private key
1 2 3 4 5
Sign up Key pairs
Public Key
Inserted by Amazon into each EC2 instance that
you launch
Private Key
Downloaded and stored by you
Instance key pairs
EC2
Instance
Comms secured with private key
Private keys are not
stored by AWS
Standard SSH RSA Key pair
Public/Private Keys
Public key provided by AWS to EC2
instance for secure, personalized, initial,
non-generic access
Supports NIST and other security standards
for providing non-default user access
1 2 3 4 5
Sign up Key pairs
AWS generated keys
Import your own keys
Select your region
Create keys
Give them a name
Private key is generated and downloaded by your browser immediately
Create 1 key pair for all resources or as many as you like (e.g 1 per server type)
You supply only the public key to AWS
1 2 3 4 5
Sign up Key pairs
ssh –I eu-west.pem
1. Linux Launch (First Boot) 1. Instance initialization scripts insert public
key into ~/.ssh/authorized_keys
2. User connects with SSH using their Private
Key
1 2 3 4 5
Sign up Key pairs
ssh –I eu-west.pem
You can’t log into a Linux
instance without key
1 2 3 4 5
Sign up Key pairs
1. Linux Launch (First Boot) 1. Instance initialization scripts insert public
key into ~/.ssh/authorized_keys
2. User connects with SSH using their Private
Key
ssh –I eu-west.pem
Don’t lose it
1 2 3 4 5
Sign up Key pairs
1. Linux Launch (First Boot) 1. Instance initialization scripts insert public
key into ~/.ssh/authorized_keys
2. User connects with SSH using their Private
Key
1. Windows Launch (First Boot Sequence)
2. Instance initialization scripts:
a) Creates a random Administrator password
b) Encrypts random password with Public Key
c) Reports encrypted password to Windows System Log
3. User retrieves the encrypted password and decrypts it with their Private Key (using AWS Console or API Call)
1 2 3 4 5
Sign up Key pairs
Choose key
pair when
launching
instance
1 2 3 4 5
Sign up Key pairs
Keep secure
Do not share
Rotate Need to know
1 2 3 4 5
Sign up Key pairs
1 2 3 4 5
Sign up Key pairs
Allowing access
to the instance
1 2 3 4 5
Sign up Key pairs Access
sudo yum -y install httpd
sudo chkconfig httpd on
sudo /etc/init.d/httpd start
Let’s install something
Install apache web server
Set it to run as a service
Start the web server
1 2 3 4 5
Sign up Key pairs Access
Security groups
Security Group
EC2 Classic EC2 VPC (virtual private cloud)
Inbound only Inbound and outbound
TCP, UDP, ICMP only Any protocol
Assigned at launch Assigned at launch or when running
Modify anytime Modify anytime
instance
Port 80 (HTTP)
Port 22 (SSH)
Name Description Protocol Port range IP Address, range, or another security group
1 2 3 4 5
Sign up Key pairs Access
Added port 80
to group
Security
groups
Open our security group
1 2 3 4 5
Sign up Key pairs Access
Test it by hitting the public DNS name of
the instance
1 2 3 4 5
Sign up Key pairs Access
1 2 3 4 5
Sign up Key pairs Access
Reuse your
instance!
1 2 3 4 5
Sign up Key pairs Access Image
Makes a snapshot of the instance
Creates an image that is private to you
Saves time in deployments and system setup
1 2 3 4 5
Sign up Key pairs Image Access
Create
image
1 2 3 4 5
Sign up Key pairs Image Access
Name it
and
create
1 2 3 4 5
Sign up Key pairs Image Access
Your
AMI
1 2 3 4 5
Sign up Key pairs Image Access
…and
launch a
new
instance
from the
AMI
1 2 3 4 5
Sign up Key pairs Image Access
1 2 3 4 5
Sign up Key pairs Image Access
Who can start
an instance?
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Identity and Access Management:
Securely control access to AWS services and resources for your
users
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Account owner
Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs
IAM users/groups
Access to specific services Access to console and/or REST APIs and/or SOAP APIs
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Account owner
Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs
IAM users/groups
Access to specific services Access to console and/or REST APIs and/or SOAP APIs
Master user
account – owns
payment method
Regular users
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Multi-factor authentication
Groups
1 2 3 4 5
Sign up IAM users Key pairs Image Access
AWS system entitlements
Roles Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
1 2 3 4 5
Sign up IAM users Key pairs Image Access
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*"
],
"Resource": "*"
}
]
}
Policy driven Declarative definition of
rights for groups
Policies control access to
AWS APIs
1 2 3 4 5
Sign up IAM users Key pairs Image Access
1 2 3 4 5
Sign up IAM users Key pairs Image Access
Next Steps
Elastic Load Balancing Create highly scalable applications
Distribute load across EC2 instances in multiple
availability zones
Auto Scaling Automatic re-sizing of compute clusters
based upon demand
Relational Database Service Database-as-a-Service
No need to install or manage database instances
Scalable and fault tolerant configurations
Next Steps
aws.amazon.com
get started with the free tier
