Contents
  1. 1. ASW ec2 init setup
  2. 2. ssh to aws without key pairs
  3. 3. set root login
  • the 5 pillars of aws weel-architected framework
  • Identity and access management
  • Elastic Load Balancer (ELB)
    1. Spread traffic algorithmically
    2. Types
  • ASW ec2 init setup

    Managing User Accounts on Your Linux Instance

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    [ec2-user@ip-172-31-17-193 ~]$ sudo -i
    [root@ip-172-31-17-193 ~]# adduser stan
    [root@koopa ~]# passwd stan
    [root@ip-172-31-17-193 ~]# su - stan
    [stan@ip-172-31-17-193 ~]$ mkdir .ssh
    [stan@ip-172-31-17-193 ~]$ chmod 700 .ssh
    [stan@ip-172-31-17-193 ~]$ vim .ssh/authorized_keys
    [stan@ip-172-31-17-193 ~]$ chmod 600 .ssh/authorized_keys
    [root@ip-172-31-17-193 ~]# groupadd auegg
    [root@ip-172-31-17-193 ~]# usermod -a -G auegg stan
    [root@ip-172-31-17-193 ~]# visudo
    #add the following line

    %auegg ALL=(ALL) ALL
    [root@ip-172-31-17-193 ~]# service sshd restart

    ssh to aws without key pairs

    1
    2
    3
    4
    vim /etc/ssh/sshd_config
    PasswordAuthentication yes
    Reload ssh daemon
    service sshd reload

    set root login

    1
    2
    3
    4
    vi /root/.ssh/authorized_keys
    Delete the lines at the begining of the file until you get to the words ssh-rsa
    vim /etc/ssh/sshd_config
    PermitRootLogin yes

    the 5 pillars of aws weel-architected framework

    1. Operationa Excellence
      Design Principles:
    • Perform operations as code
    • Annotate documentation
    • Make frequent, small, reversible changes
    • Refine operations procedures frequently
    • Anticipate failure
    • Learn from all operation failures
      Best practices:
      Operations teams need to understand their business and customer needs so they can support business outcomes.
      Ops creates and uses procedures to repond to operational events, and validates their effectiveness to support
      business needs. Ops also collects metrics that are used to measure the achievement of desired business outcomes.
    1. Security
      Design Principles:
    • Implement a strong identity foundation
    • Enable traceability
    • Apply security at all layers
    • Automate security best practices
    • Protect data in transfit and at rest
    • Prepare for security events

    The AWS Shared Responsibility Model enables organizations to achieve
    security and compliance goals.

    1. Reliability
      Design Principles:
    • Test recovery procedures
    • Automatically recover from failure
    • Gtop guessing capacity
    • Manage change in automation
    1. Performance efficiency
      Design principles:
    • Democratize advanced technologies
    • Go global in minutes
    • Use serverless architectures
    • Experiment more often
    • Mechanical sympathy
    1. Cost optimization
    • Adopt a consumption model
    • Measure overall efficiency
    • Stop spending monty on data center operations
    • Analyze and attribute expenditure
    • Use managed services to reduce cost of ownership

    Identity and access management

    IAM overview
    AWS API
    Access ID + secret key

    CLI, SDKs and Management console call API.

    Users

    • Are created and exist within IAM service
    • Login to management console
    • Can have long-term access keys

    Elastic Load Balancer (ELB)

    Spread traffic algorithmically

    • Evenly
    • Unbalanced on purpose

      Types

    1. Application Load Balancers
    • Application Layer
      • HTTP/HTTP traffic
    • Two appealing features
      1. Dynamic host port mapping
      • Docker containers listening on the same port
      • Set hostPort to 0
        • Host picks ports in ephemeral port range
      1. Path-based routing
        image
    1. Classic Load Balancers
    Contents
    1. 1. ASW ec2 init setup
    2. 2. ssh to aws without key pairs
    3. 3. set root login
  • the 5 pillars of aws weel-architected framework
  • Identity and access management
  • Elastic Load Balancer (ELB)
    1. Spread traffic algorithmically
    2. Types