{"componentChunkName":"component---src-templates-blog-js","path":"/ctf/aws-formation/tp1-ec2","result":{"data":{"markdownRemark":{"html":"

1 - IAM Lab

\n

Identity and Access Management

\n

AWS Management Console

\n

Give acces to control permission and user, and create user groups

\n

Activate MFA on root account (email address with QR code on mobile (virtual MFA) )\nroot account : Mode Dieu

\n

In identity access, its on a global access (not in an specific region)

\n

add user

\n

create user

\n

AWS access type :

\n\n

add user to group

\n
    \n
  1. creation of group
    2. \n
  2. select policy of managed policy (ex Administrator Access)
    3. \n
  3. send access key ID and secret and pwd to user
    4. \n
  4. user will connect to https://akiros-training.signin.aws.amazon.com/console
    5. \n
\n

different policy

\n

AdministratorAccess : Provides full access to AWS services and resources : anything on anything

\n

{ \"Version\": \"2012-10-17\", \"Statement\": [ { \"Effect\": \"Allow\", \"Action\": \"\", \"Resource\": \"

\n

account setting

\n

A password policy is a set of rules that define the type of password an IAM user can set. Learn more\nPassword policy

\n

This AWS account uses a password policy

\n

users - security credentials

\n

console password != access keys & secret ?

\n

Access keys : Use access keys to make secure REST or HTTP Query protocol requests to AWS service APIs. For your protection, you should never share your secret keys with anyone. As a best practice, we recommend frequent key rotation

\n

SSH keys for AWS CodeCommit : Use SSH public keys to authenticate access to AWS CodeCommit repositories.

\n

What are IAM roles?

\n

IAM roles are a secure way to grant permissions to entities that you trust. Examples of entities include the following:

\n\n

conclusion

\n\n

2 - EC2 - 101

\n

Quick Resizable compute capacity in the cloud : Amazon Elastic Compute Cloud

\n

provide virtual machine

\n

price : pay for what you, pay less more you use, pay less more your reserve

\n

pricing model

\n
    \n
  1. On demand : Les instances à la demande vous permettent de payer la capacité de calcul à l'heure ou à la seconde (60 secondes minimum) sans engagement à long terme. De cette manière, vous n'avez pas à subir le coût ni la complexité de la planification, de l'achat et de la maintenance du matériel : l'ensemble de ces frais fixes, habituellement élevés, est transformé en des coûts variables bien moindres.
    2. \n
  2. Reserved : 1 à 3 ans de reservation
    3. \n
  3. consommation connue et preditable
    4. \n
  4. \n

    reserved pricing types :

    \n\n
    5. \n
  5. spot (bid whatever price)
    6. \n
  6. dedicated hosts
    7. \n
\n

instance types

\n

F1 : Field Programmable Gate Array -> Genomic research\nI3 : Hight Speed storage -> NoSQl, Data Warehousing\nP3 : High GPU -> ML and Bitcoin mining

\n

FIGHT(boxing) DR(doctor) MC(ireland) PX(pixie) ZAU(australia)

\n

https://aws.amazon.com/fr/ec2/instance-types/

\n

3 - EC2 Lab

\n
    \n
  1. Service - Compute - EC2
    2. \n
  2. Choose AMI (Machine Image)
    3. \n
  3. Amazon Linux 2 AMI (HVM), SSD Volume Type - ami-01c72e187b357583b
    4. \n
  4. Choose an instance type
    5. \n
  5. T2 micro
    6. \n
  6. Configure Instance Details
    7. \n
  7. Network : VPC : Amazon Virtual Private Cloud (VPC) ; You can create a VPC and select your own IP address range, create subnets, configure route tables, and configure network gateways.
    8. \n
  8. Subnet : A range of IP addresses in your VPC that can be used to isolate different EC2 resources from each other or from the Internet. Each subnet resides in one Availability Zone.
    9. \n
  9. Placement group : A range of IP addresses in your VPC that can be used to isolate different EC2 resources from each other or from the Internet. Each subnet resides in one Availability Zone.
    10. \n
  10. Shutdown behaviour : stop or terminater
    11. \n
  11. Tenancy : You can choose to run your instances on physical servers fully dedicated for your use.
    12. \n
  12. Users details : bootstrap group
    13. \n
  13. Add storage : Your instance will be launched with the following storage device settings.
    14. \n
  14. volume type : root
    15. \n
  15. Add tags
    16. \n
  16. configuration of security groupes
    17. \n
  17. it s virtual firewall aloowing communication between port
    18. \n
  18. can create security group : Type (SSH or HTTP), Protocol (TCP), Port Range (22, 80), Source (IP one or custom)
    19. \n
  19. review
    20. \n
  20. create a key pair (public and private = asymatric key) :
    21. \n
  21. name
    22. \n
  22. Save it
    23. \n
  23. launch instance (terminal or plugin or connect (EC2 instance connect based on ssh))
    24. \n
\n
$ ls\nMyUse1KP.pem\n$ mkdir SSH\n$ mv MyUse1KP.pem\n$ cd SSH\n$ CHMOD 400 MyUSE1KP.pem # modification of permission\n$ ssh ec2-user@MYIPV4IP -i MyUSE1KP.pem\n$ sudo su\n\n\n$ yum update -y\n$ yum install httpd -y #patched instance into a web server\n$ nano index.html # puis créer une petite page html\n$ service httpd start\n$ chkconfig on #\n
\n

4 - Security Group Basis - Labs

\n

Security groups = collection of fire rules that restrict the traffic network for the instance

\n\n
Security Groups associated with i-01c443205406e90b2\nPorts   Protocol    Source  aws-cloud9-ajallais-f2b0539af89c437ab43773dc8c3016b4-InstanceSecurityGroup-1LRG2SCQCWHDZ\n22  tcp 15.188.210.32/27, 15.188.210.64/27\n
\n\n

We can not :

\n\n

5 - EBS 101

\n

Amazon Elastic Block Store\nprovides persistent block storage volume for use with amazon EC2 instance

\n

5 types of EBS Storage :

\n
    \n
  1. General Purpose (SSD) = general
    2. \n
  2. Provisionel IOPS (SSD) = most expensive -> Databases
    3. \n
  3. Throughtput Optimised Hard Disk Drive (HDD) = low cost -> Big Data & Warehousing
    4. \n
  4. Cold Hard Disk Drive (HDD) = lowest cost -> Files Serveur
    5. \n
  5. Magnetic = previous generation of HDD
    6. \n
\n

\"ebs

\n

6 - Volumes and SnapShot

\n

EBS : Amazon Elastic Block Store : Amazon Elastic Block Store (EBS) est un service de stockage par bloc hautes performances et simple d'utilisation conçu en vue d'une utilisation avec Amazon Elastic Compute Cloud (EC2) pour les charges de travail exigeantes en débit et en transactions à n'importe quelle échelle.\nhttps://aws.amazon.com/fr/ebs/?ebs-whats-new.sort-by=item.additionalFields.postDateTime&ebs-whats-new.sort-order=desc

\n
    \n
  1. Service - Compute - EC2
    2. \n
  2. Running instance
    3. \n
  3. Terminate EC2 instance
    4. \n
  4. \n

    virtual machine (EC2) and virtual hard disk (volume) should be in the same region

    \n\n
    5. \n
  5. if we stop EC2 the Volume stop as welll few minutes later
    6. \n
\n

elastic block store - Volumes :

\n\n

Action on volumes

\n\n

to remember

\n\n

Amazon S3 vs EFS vs EBS Comparison

\n

https://www.msp360.com/resources/blog/amazon-s3-vs-ebs-vs-efs/

\n

\"s3

\n

7 - AMI Types (EBS vs Instance Store)

\n

Selection criteria

\n\n

pratical

\n
    \n
  1. Service - Compute - EC2
    2. \n
  2. Community AMIs
    3. \n
  3. amzn2-ami-hvm-2.0.20200520.1-x86_64-gp2 - ami-01c72e187b357583b
    4. \n
  4. add storage : Your instance will be launched with the following storage device settings. You can attach additional EBS volumes and instance store volumes to your instance, or edit the settings of the root volume. You can also attach additional EBS volumes after launching an instance, but not instance store volumes
    5. \n
  5. volume type are instance store
    6. \n
  6. reboot
    7. \n
\n

we can not see AMI storage but only instance store volume

\n

difference between system status checks and instance status checks ?

\n

to remember

\n\n

8 - ENI vs ENA vs EFA

\n

https://www.edureka.co/community/37301/difference-between-efa-eni-and-ena-eni

\n

An ENA ENI is used to serve traditional IP networking features that is necessary to support VPC.\nAn EFA ENI is used to provide all the functionality of an ENA ENI and also hardware support for applications which communicates directly with the EFA ENI even without involving the instance kernel using an extended programming interface.

\n

ENI : Elastic Network Interface = virtual network card\nEN : Enhanced Networking = single root I/O -> high performace networking capabilities\nEFA : Elastic Fabric Adapter = network device, can attach to your EC2 to boost HPC and ML application

\n

HPC : High Performance Computing

\n

\"enhanced\"

\n

9 - Encrypted Root Device Volumes and Snapshot

\n

Root device volumes = Disk

\n

to remember

\n\n

10 - CloudWatch 101

\n

https://aws.amazon.com/fr/cloudwatch/\nAmazon CloudWatch est un service de surveillance et d'observabilité conçu pour les ingénieurs DevOps, les développeurs, les ingénieurs en fiabilité de sites (SRE) et les responsables informatiques. CloudWatch vous fournit des données et informations exploitables dont vous avez besoin pour surveiller vos applications, réagir aux variations de performance sur l’ensemble du système, optimiser l’utilisation des ressources et avoir une appréciation unifiée de la santé opérationnelle. CloudWatch collecte les données opérationnelles et de surveillance sous forme de journaux, de métriques et d’événements pour vous permettre d’avoir une appréciation unifiée des ressources, des applications et des services AWS exécutés sur AWS et sur des serveurs sur site. Vous pouvez utiliser CloudWatch pour déceler des comportements anormaux dans vos environnements, définir des alarmes, visualiser les journaux et les métriques côte à côte, agir automatiquement, faire des dépannages et trouver les informations utiles au bon\nfonctionnement de vos applications.

\n

to remember

\n\n

11 - CloudWatch Lab

\n

to remember

\n\n

12 - EFS Lab

\n

Elastic Files System\nAutomaticaly add or remove storage ressource to adapt to application needs

\n

to remember

\n\n

\"If

\n

\"The

\n

13 - FSX for Windows & FSX for Lustre

\n

\"wfsx\"

\n

\"lustre\"

\n\n

14 - EC2 Placement groups

\n

Spread placement group = grp of instance that are each place on distinct underlying harware

\n

recommanded ofr app with small number of critical instance that should be kept separate from each other

\n

= INDIVIDUAL INSTANCES

\n

to remember

\n\n

15 - AWS WAF

\n

AWS WAF = web app firewall :

\n\n

to remember

\n

how to block malicious IP addresses ?

\n

AWS WAF != Networks ACLs

","frontmatter":{"date":"July 31, 2020","path":"ctf/aws-formation/tp1-ec2","title":"TP1 - EC2","tags":["cloud","ec2","aws"],"categorie":"ctf","thumbnail":"/assets/alex-machado-80sv993luki-unsplash.jpg"},"fields":{"readingTime":{"text":"14 min read"}}},"file":{"childImageSharp":{"fluid":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAANABQDASIAAhEBAxEB/8QAFwAAAwEAAAAAAAAAAAAAAAAAAAMEBf/EABUBAQEAAAAAAAAAAAAAAAAAAAED/9oADAMBAAIQAxAAAAGFz11jKaIn/8QAGhAAAgMBAQAAAAAAAAAAAAAAAAECERMSMf/aAAgBAQABBQLm3gxwaJTxe1i8/8QAGBEAAgMAAAAAAAAAAAAAAAAAAAECElH/2gAIAQMBAT8BUdKn/8QAFhEBAQEAAAAAAAAAAAAAAAAAABEB/9oACAECAQE/Abqv/8QAGhAAAQUBAAAAAAAAAAAAAAAAAQACEBESIv/aAAgBAQAGPwJckOjObVBtR//EABwQAQACAgMBAAAAAAAAAAAAAAEAETFBIWFxkf/aAAgBAQABPyEVB9ih2jUSxfkFQDkWX4Ju5grU/9oADAMBAAIAAwAAABDjD//EABYRAQEBAAAAAAAAAAAAAAAAAAEAIf/aAAgBAwEBPxAA1M//xAAWEQEBAQAAAAAAAAAAAAAAAAABIRD/2gAIAQIBAT8QWYTP/8QAGhABAQEAAwEAAAAAAAAAAAAAAREAIUFxwf/aAAgBAQABPxAYkFlcFzRnCFCH3zCCggiKI5gk6hL1lpwEhs0zEABv/9k=","aspectRatio":1.4970059880239521,"src":"/static/11cdcb302d032fa2db3a46428a8f74c9/a7715/alex-machado-80sv993luki-unsplash.jpg","srcSet":"/static/11cdcb302d032fa2db3a46428a8f74c9/8f7df/alex-machado-80sv993luki-unsplash.jpg 250w,\n/static/11cdcb302d032fa2db3a46428a8f74c9/0f3a1/alex-machado-80sv993luki-unsplash.jpg 500w,\n/static/11cdcb302d032fa2db3a46428a8f74c9/a7715/alex-machado-80sv993luki-unsplash.jpg 1000w,\n/static/11cdcb302d032fa2db3a46428a8f74c9/37d86/alex-machado-80sv993luki-unsplash.jpg 1500w,\n/static/11cdcb302d032fa2db3a46428a8f74c9/a41d1/alex-machado-80sv993luki-unsplash.jpg 2000w,\n/static/11cdcb302d032fa2db3a46428a8f74c9/6a059/alex-machado-80sv993luki-unsplash.jpg 6000w","sizes":"(max-width: 1000px) 100vw, 1000px"}}}},"pageContext":{"slug":"ctf/aws-formation/tp1-ec2","featuredImage":"alex-machado-80sv993luki-unsplash.jpg"}}}