AWS Summit Benelux 2013 - Getting Started with AWS

transcript

Getting Started with AWS

Martin Elwin

Launching an

instance

Region

Regions

Regions Region

US-WEST (N.

California) EU-WEST (Ireland)

ASIA PAC

(Tokyo)

ASIA PAC

(Singapore)

US-WEST (Oregon)

SOUTH AMERICA (Sao

Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC

(Sydney)

Wizard

Launch Wizard

Choose

operating

system

Launch Wizard

Launch!

Launch

Launch Confirmation

Instance

DNS name

Public Address

Instance

DNS name

Compute

Vertical Scaling

From $0.02/hr Elastic Compute Cloud (EC2) Basic unit of compute capacity

Range of CPU, memory & local disk options

18 Instance types available, from micro to cluster compute

Feature Details

Flexible Run Windows or Linux distributions

Scalable Wide range of instance types from micro to cluster compute

Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created

Full control Full root or administrator rights

Secure Full firewall control via Security Groups

Monitoring Publishes metrics to Cloud Watch

Inexpensive On-demand, Reserved and Spot instance types

VM Import/Export Import and export VM images to transfer configurations in and out of EC2

1 2 4 8 16 32 64 128 256

EC2 instance types

High I/O 4XL 60.5 GB 35 EC2 Compute Units 16 virtual cores 2*1024 GB SSD-based local instance storage

Small 1.7 GB, 1 EC2 Compute Unit 1 virtual core

Micro 613 MB Up to 2 ECUs (for short bursts)

Large 7.5 GB 4 EC2 Compute Units 2 virtual cores

Hi-Mem XL 17.1 GB 6.5 EC2 Compute Units 2 virtual cores

Hi-Mem 2XL 34.2 GB 13 EC2 Compute Units 4 virtual cores

Hi-Mem 4XL 68.4 GB 26 EC2 Compute Units 8 virtual cores

High-CPU Med 1.7 GB 5 EC2 Compute Units 2 virtual cores

High-CPU XL 7 GB 20 EC2 Compute Units 8 virtual cores

Medium 3.7 GB, 2 EC2 Compute Units 1 virtual core

M3 XL 15 GB 13 EC2 Compute Units 4 virtual cores EBS storage only

M3 2XL 30 GB 26 EC2 Compute Units 8 virtual cores EBS storage only

Extra Large 15 GB 8 EC2 Compute Units 4 virtual cores

Cluster GPU 4XL 22 GB 33.5 EC2 Compute Units, 2 x NVIDIA Tesla “Fermi” M2050 GPUs

Cluster Compute 4XL 23 GB 33.5 EC2 Compute Units

Cluster Compute 8XL 60.5 GB 88 EC2 Compute Units

High Storage 8XL 117 GB 35 EC2 Compute Units, 24 * 2 TB ephemeral drives 10 GB Ethernet

Hi-Mem Cluster Compute 8XL 244 GB 88 EC2 Compute Units 16 virtual cores 240 GB SSD

EC2 Compute Units

EC2 instance types

EC2 Compute Units

) Special Storage

Light Spiky

Amazon Machine Image

Instance

Running or Stopped machine

AZ Availability Zone

EBS EBS EBS EBS EBS EBS

EBS Snapshots

S3 Buckets

Region

EC2 terminology

More details!

Sign up:

aws.amazon.com

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

You will need

Credit card information – you won’t pay unless you use resources

A telephone – on which to receive an automated security call

1 2 3 4 5

Sign up

You will need

Best practice

Setup billing alerts so you can be notified when levels of spend are reached

If you have existing accounts, consider using consolidated billing to bring them together under one payment

Credit card information – you won’t pay unless you use resources

A telephone – on which to receive an automated security call

1 2 3 4 5

Sign up

750 hours of Amazon EC2 Linux/RedHat/Suse Micro Instance usage

750 hours of Amazon EC2 Microsoft Windows Server Micro Instance usage

750 hours of an Elastic Load Balancer

30 GB of Amazon Elastic Block Storage

5 GB of Amazon S3 standard storage

100 MB of storage, 5 units of write capacity, and 10 units of read capacity for Amazon DynamoDB*

25 Amazon SimpleDB Machine Hours and 1 GB of Storage

1,000 Amazon SWF workflow executions*

1,000,000 Requests of Amazon Simple Queue Service*

1,000,000 Requests, 100,000 HTTP and 1,000 email notifications for Amazon Simple Notification Service*

10 Amazon CloudWatch metrics, 10 alarms, and 1,000,000 API requests*

15 GB of bandwidth out aggregated across all AWS services

750 hours of Amazon RDS for SQL Server Micro DB Instance usage

20 GB of RDS database storage

10 million RDS I/Os

20 GB of backup storage for your automated RDS database backups and any user-initiated DB Snapshots

20 minutes of SD transcoding or 10 minutes of HD transcoding in Amazon Elastic Transcoder*

Free tier http://aws.amazon.com/free/

1 2 3 4 5

Sign up

1 2 3 4 5

Logging in to an

instance

Sign up Key pairs

Public Key

Inserted by Amazon into each EC2 instance that

you launch

Private Key

Downloaded and stored by you

Standard SSH RSA Key pair

Public/Private Keys

Public key provided by AWS to EC2

instance for secure, personalized, initial,

non-generic access

Supports NIST and other security standards

for providing non-default user access

Instance key pairs

Instance

Comms secured with private key

1 2 3 4 5

Sign up Key pairs

Public Key

Inserted by Amazon into each EC2 instance that

you launch

Private Key

Downloaded and stored by you

Instance key pairs

Instance

Comms secured with private key

Private keys are not

stored by AWS

Standard SSH RSA Key pair

Public/Private Keys

Public key provided by AWS to EC2

instance for secure, personalized, initial,

non-generic access

Supports NIST and other security standards

for providing non-default user access

1 2 3 4 5

Sign up Key pairs

AWS generated keys

Import your own keys

Select your region

Create keys

Give them a name

Private key is generated and downloaded by your browser immediately

Create 1 key pair for all resources or as many as you like (e.g 1 per server type)

You supply only the public key to AWS

1 2 3 4 5

Sign up Key pairs

ssh –I eu-west.pem

ec2-user@publicdns.amazonaws.com

1. Linux Launch (First Boot) 1. Instance initialization scripts insert public

key into ~/.ssh/authorized_keys

2. User connects with SSH using their Private

1 2 3 4 5

Sign up Key pairs

You can’t log into a Linux

instance without key

1 2 3 4 5

Sign up Key pairs

Don’t lose it

1 2 3 4 5

Sign up Key pairs

1. Windows Launch (First Boot Sequence)

2. Instance initialization scripts:

a) Creates a random Administrator password

b) Encrypts random password with Public Key

c) Reports encrypted password to Windows System Log

3. User retrieves the encrypted password and decrypts it with their Private Key (using AWS Console or API Call)

1 2 3 4 5

Sign up Key pairs

Choose key

pair when

launching

instance

1 2 3 4 5

Sign up Key pairs

Keep secure

Do not share

Rotate Need to know

1 2 3 4 5

Sign up Key pairs

1 2 3 4 5

Sign up Key pairs

Allowing access

to the instance

1 2 3 4 5

Sign up Key pairs Access

sudo yum -y install httpd

sudo chkconfig httpd on

sudo /etc/init.d/httpd start

Let’s install something

Install apache web server

Set it to run as a service

Start the web server

1 2 3 4 5

Security groups

Security Group

EC2 Classic EC2 VPC (virtual private cloud)

Inbound only Inbound and outbound

TCP, UDP, ICMP only Any protocol

Assigned at launch Assigned at launch or when running

Modify anytime Modify anytime

instance

Port 80 (HTTP)

Port 22 (SSH)

Name Description Protocol Port range IP Address, range, or another security group

1 2 3 4 5

Added port 80

to group

Security

groups

Open our security group

1 2 3 4 5

Test it by hitting the public DNS name of

the instance

1 2 3 4 5

Reuse your

instance!

1 2 3 4 5

Sign up Key pairs Access Image

Makes a snapshot of the instance

Creates an image that is private to you

Saves time in deployments and system setup

1 2 3 4 5

Sign up Key pairs Image Access

Create

1 2 3 4 5

Name it

create

1 2 3 4 5

…and

launch a

instance

from the

1 2 3 4 5

Who can start

an instance?

1 2 3 4 5

Sign up IAM users Key pairs Image Access

Identity and Access Management:

Securely control access to AWS services and resources for your

1 2 3 4 5

Account owner

Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs

IAM users/groups

Access to specific services Access to console and/or REST APIs and/or SOAP APIs

1 2 3 4 5

Account owner

Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs

IAM users/groups

Access to specific services Access to console and/or REST APIs and/or SOAP APIs

Master user

account – owns

payment method

Regular users

1 2 3 4 5

Account

Administrators Developers Applications

Tomcat

Jim Brad

Reporting

Console

1 2 3 4 5

Account

Tomcat

Jim Brad

Reporting

Console

Multi-factor authentication

Groups

1 2 3 4 5

AWS system entitlements

Roles Account

Tomcat

Jim Brad

Reporting

Console

1 2 3 4 5

"Statement": [

"Effect": "Allow",

"Action": [

"elasticbeanstalk:*",

"ec2:*",

"elasticloadbalancing:*",

"autoscaling:*",

"cloudwatch:*",

"s3:*",

"sns:*"

"Resource": "*"

Policy driven Declarative definition of

rights for groups

Policies control access to

AWS APIs

1 2 3 4 5

Next Steps

Elastic Load Balancing Create highly scalable applications

Distribute load across EC2 instances in multiple

availability zones

Auto Scaling Automatic re-sizing of compute clusters

based upon demand

Relational Database Service Database-as-a-Service

No need to install or manage database instances

Scalable and fault tolerant configurations

Next Steps

aws.amazon.com

get started with the free tier

AWS Summit Benelux 2013 - Getting Started with AWS

Technology