AWS: Introduction to AWS (Amazon Web Services)


Amazon Web Services (AWS)
Considering that you don't have an account with AWS ( Amazon Web Services) this Demo is divided into 5 steps
1. Creating/Sign Up for AWS account.
2. Creating an IAM user.
3. Creating a secure key pair.
4. Creating a Virtual Private Cloud (VPC)
5. Creating a security group for access.

1. Creating/Sign Up for AWS account
When we sign up for the AWS account, we get automatic access for all the services in the AWS, which includes the Amazon EC2 and we are charged for only the services which we chose and use.
With Amazon EC2 we will pay for that what we use and if we are a new AWS customer and we can get started with Amazon EC2 for free.
If we have an AWS account already, we can skip the next task or else we can continue with the account creation. You can check the AWS Free Tier information here http://aws.amazon.com/free/
To create an AWS account, we needed to access the URL
a). Connect to the URL http://aws.amazon.com.

 b). Follow the instructions for account creation.
c). As a procedure for creating the account, you will receive a phone call and be entering the PIN using the phone keypad.
2. Creating an IAM user.
As the AWS services like Amazon EC2 are accessed using the provided credentials when we access these services it will check whether we have the permissions to access the resources the console asks for the password. We can create the access keys to access the AWS account from the command line or API interfaces. But for the security reasons, Amazon will not recommend that to access the AWS account using the credentials which we created while the Sign-UP. For that Amazon recommends using the IAM (Identity and Access Management) instead. To create an IAM user and then add the user to an IAM group with administrative permissions and grant the user with administrative permissions we can access AWS using the special URL and credentials for that IAM user.
To create a group for administrators
a). Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com and Click on Sign in the Console.
\


b). Enter the console by using your credentials.




















c). Click on Identity & Access Management. 

















d). In the navigation pane, choose Groups, and then choose to Create New Group.







































e). For Group Name, type a name for your group, such as Administrators, and then choose Next Step.


ff). In the list of policies, select the check box next to the Administrator Access policy. You can use the Filter menu and the Search box to filter the list of policies.


g). Choose Next Step, and then Click Create Group.

h). Your new group is listed under Group Names.





To create an IAM user for yourself, add the user to the administrator's group, and create a password for the user

a). In the navigation pane, choose Users, and then choose to Create New Users.
b). Inbox, type a username and clear the check box next to Generate an access key for each user and choose to Create.













c). Click on Show user Security Credentials.














d). Click on Download Credentials and save the .csv files. These credentials are used to access the AWS from command line or API.















Adding the user to the Groups.

 a).  From the list of users, choose the name (not the checkbox) of the user you just created. You can use the Search box to search for the username.


b). Choose the Groups tab and then choose Add User to Groups.
c). Select the check box next to the administrator's group. Then choose to Add to Groups.

d). Choose the Security Credentials tab. Under Sign-In Credentials, choose Manage Password.
e). Select Assign a custom password. Then type a password in the Password and Confirm Password boxes. When you are finished, choose Apply.
To Test the account
To access this new IAM user, sign out of the AWS console, then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 630610218034, your AWS account ID is 630610218034):

https://your_account_alias.signin.aws.amazon.com/console/




















3. Creating a secure key pair.

AWS provided a public-key which is cryptography to secure the login information of our instance. We can specify the name of the key pair and when we launch our instance, we can provide the private key to obtain the administrative password for our window instance so that we can log in using RDP.
As we have to create one using the Amazon EC2 console. Note that if we plan to launch instances in multiple regions we needed to create a key pair for each region

To create a key pair.

a). Sign in to AWS account.



b). From the AWS dashboard, choose EC2 to open the Amazon EC2 console.



c). From the navigation bar, select the region for which the key pair. We can select any region that's available to you, However, key pairs are specific to every region; for example, if we plan to launch an instance in the US West (Oregon) region, you must create a key pair for the instance in the US West (Oregon) region only.


d) In the navigation pane, under NETWORK & SECURITY, click Key Pairs.


e).  Click on Key Pairs and Click Create Key Pair.



8. Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create. Choose a name that is easy for you to remember, such as your IAM user name, followed by -key-pair, plus the region name. For example, my_Windows_key.



9. The private key file is automatically downloaded by your browser. The base file name is the name you specified as the file name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.




Important: This is the only place to save your private key of the instance. If you want to provide the file name of your key pair when you launch an instance we need the corresponding private key for each time you connect/access the instance.


4. Creating a Virtual Private Cloud (VPC)

Amazon VPC allows launching the Aws resources into a virtual network that we have defined. If we have a default VPC we can skip this section. Create a Security Group. We can create a nondefault VPC in our account using the below steps.
If our account supports EC2-Classic in a region, then we do not have the default VPC in that region and T2 instances should be launched into a VPC only.

To Create a nondefault VPC

a). Open the Amazon VPC console at https://console.aws.amazon.com



b)Sign in and Click on VPC. 



c). From the navigation bar, select a region for the VPC. VPC is specific to a region, so you should select the same region in which you created your key pair.


c). On the VPC dashboard, click Start VPC Wizard.




d). Select a VPC Configuration page, ensure that VPC with a Single Public Subnet is selected, and click Select VPC with a Single Public Subnet page, enter a friendly name for your VPC in the VPC name field. Leave the other default configuration settings, and click Create VPC. On the confirmation page, click OK.



5. Creating a security group for access.


Amazon provided Security groups which act as a firewall for associated instances, controlling both the in and outbound traffic at the instance level. We much add rules to the security group that enables you to connect to our instances from the IP address using for RDP. We can also add rules that allow in/ out bout of HTTP and HTTPS access from anywhere.

Note: If we plan to launch instances in multiple regions we needed to create a security group in each region.

Prerequisites: We need the public IP address of all the local computers from which we want to use this service.
To Create a security group with least privileges.

a). Open the Amazon EC2 console.

b). From the navigation bar, select a region for the security group. Security groups are specific to a region, so you should select the same region in which you created your key pair.


c). Select a region


d). Click Security Groups in the navigation pane.

e). Click Create Security Group.

f). Provide a name for the  new security group and a description for which your are creating. Provide the name so that we can easly remember, such as your IAM user name, followed by _SG, plus the region name. For example, My_Test_SG. In the VPC list, select your VPC. If you have a default VPC, it's the one that is marked with an asterisk (*).


h). On the Inbound tab, create the following rules (click Add Rule for each new rule), and then click Create:




 i) Select HTTPS from the Type list, and make sure that the Source is set to Anywhere (0.0.0.0/0).



 j) Click on Outbound Select RDP from the Type list. In the Source box, ensure Custom IP is selected, and specify the public IP address of your computer or network in CIDR notation. To specify an individual IP address in CIDR notation, add the routing prefix /32. For example, if your IP address is 183.82.39.215, specify 183.82.39.215/32. If your company allocates addresses from a range, specify the entire range, such as 183.82.39.215/24.

Note: For security reasons, we don't recommend that you allow RDP access from all IP addresses (0.0.0.0/0) to your instance, except for testing purposes and only for a short time.


Please comment and suggestions are always welcome.

Keywords: AWS Account, IAM, VPC, Security Group, Security Key Pair, Creating New account, Security AWS 

Comments

  1. DevOps14 April 2020 at 15:46

    The information which you have provided in this blog is really useful to everyone. Thanks for sharing.
    AWS Training
    AWS Online Training
    Amazon Web Services Online Training

    ReplyDelete
  2. dhinesh17 July 2020 at 19:23

    Really best post. Uploaded a helpful information.
    Full Stack Training in Chennai | Certification | Online Training Course| Full Stack Training in Bangalore | Certification | Online Training Course | Full Stack Training in Hyderabad | Certification | Online Training Course | Full Stack Developer Training in Chennai | Mean Stack Developer Training in Chennai | Full Stack Training | Certification | Full Stack Online Training Course


    ReplyDelete
  3. bhanu sreee15 January 2021 at 12:31


    It is amazing to visit your site. Thanks for sharing this information, this is useful to me...
    Workday Training
    Workday Online Training

    ReplyDelete
  4. krishna3 November 2021 at 15:00

    This comment has been removed by the author.

    ReplyDelete
  5. Anonymous1 June 2022 at 00:41

    SMM PANEL
    smm panel
    iş ilanları
    İnstagram takipçi satın al
    hirdavatciburada.com
    beyazesyateknikservisi.com.tr
    servis
    tiktok jeton hilesi

    ReplyDelete
  6. Anonymous3 June 2022 at 13:29

    ümraniye toshiba klima servisi
    pendik lg klima servisi
    tuzla samsung klima servisi
    tuzla mitsubishi klima servisi
    çekmeköy vestel klima servisi
    ataşehir vestel klima servisi
    çekmeköy bosch klima servisi
    ataşehir bosch klima servisi
    maltepe mitsubishi klima servisi

    ReplyDelete

Post a Comment

Popular posts from this blog

Observium: Configuring Microsoft Windows 2008 Server SNMP Agent

Image
1 . Open Control Pannel. 2. Right click on “ Programs & Features ” and click on “ Turn Windows Features on or off" 3 . Expand “ SNMP Services ” and select “ SNMP Service ” click Next 4. Click Install 5. Close  Programs & Features ” 6. Open Ädministraive Tools and clicket Services 7. Expand Configuration and select Services,  Select SNMP Service , right click and select properties 8 . Select the “ Agent ” tab 9. Type the contact name responsible for this server or email address 10 . Type the location eg, Hyderabad,India. 11 . Tick the following  Physical Datalink and subnetwork  SNMP Trap Service - Agent 12 . Select the “ Traps ” tab 13 . Type in the community string you are using in your environment and select “ Add to list ” 14 . Click “ Add ” 15 . Type the IP of the Observium ServerSNMP Trap Service - Traps 16 . Select “ Security ” tab 17 . Ensure “ Send authentication trap ” is
Read more

AWS: Upgrade PV Drivers on Windows Instances

Image
Amazon Windows AMIs contain a set of drivers to permit access to Xen virtualized hardware. These drivers are used by Amazon EC2 to map instance store and Amazon EBS volumes to their devices. If your Windows instance is launched from a Windows Server 2012 R2 AMI, it uses AWS PV drivers. If your Windows instance uses RedHat drivers, you can upgrade to Citrix drivers. If you are already using Citrix drivers, you can upgrade the Citrix Xen guest agent service. To verify which driver your Windows instance uses , open  Network Connections  in Control Panel and view the  Local Area Connection . Check whether the driver is one of the following: AWS PV Network Device Citrix PV Ethernet Adapter RedHat PV NIC Driver Alternatively, you can check the output from the  pnputil -e  command. AWS PV Drivers Windows Server 2012 R2 AMIs include AWS PV drivers. The AWS PV drivers are stored in the %ProgramFiles%\Amazon\Xentools directory. This directory also contains public symbo
Read more

How to configure Incremental backups for MSSQL Database

Image
Incremental Database Backup : Create a folder for the backup in the Hardisk (Ex: C:\SQL_backup\Incrementail) 1. Open SQL Server Management Studio and connect using windows credentials. 2. Click Management   and select Maintenance Plans . 3. Right-Click on Maintenance Plans and select New Maintenance Plans, Give naming Convention as Incremental_DB_Backup . 4. In Left side of Server Management Studio there will be a Tool Box within Maintenance Plan Tasks   5. Drag and drop the Back Up Database Task and Maintenance Clean Task in the Incremental_DB_Backup   Design area.   6. Right Click on the Back Up Database Task and select Edit .   7. Select the Type of Backup you want to do as Differential 8. Select the Database In Database(s)   in these database list (Ex: TestDB.)   9. Select Create a Backup file for every database , select Create a sub-directory for each database 10. Give the path where we want to store the database backup as C:\SQL_backup\I
Read more