AWS Summit Nordics - Getting Started With AWS

Getting Started with AWS

Martin Elwin

Compute

Vertical Scaling

From $0.02/hr Elastic Compute Cloud (EC2) Basic unit of compute capacity

Range of CPU, memory & local disk options

18 Instance types available, from micro to cluster compute

Feature Details

Flexible Run Windows or Linux distributions

Scalable Wide range of instance types from micro to cluster compute

Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created

Full control Full root or administrator rights

Secure Full firewall control via Security Groups

Monitoring Publishes metrics to Cloud Watch

Inexpensive On-demand, Reserved and Spot instance types

VM Import/Export Import and export VM images to transfer configurations in and out of EC2

256

128

64

32

16

8

4

2

1

1 2 4 8 16 32 64 128 256

EC2 instance types

High I/O 4XL 60.5 GB 35 EC2 Compute Units 16 virtual cores 2*1024 GB SSD-based local instance storage

Me

mo

ry (

GB

)

Small 1.7 GB, 1 EC2 Compute Unit 1 virtual core

Micro 613 MB Up to 2 ECUs (for short bursts)

Large 7.5 GB 4 EC2 Compute Units 2 virtual cores

Hi-Mem XL 17.1 GB 6.5 EC2 Compute Units 2 virtual cores

Hi-Mem 2XL 34.2 GB 13 EC2 Compute Units 4 virtual cores

Hi-Mem 4XL 68.4 GB 26 EC2 Compute Units 8 virtual cores

High-CPU Med 1.7 GB 5 EC2 Compute Units 2 virtual cores

High-CPU XL 7 GB 20 EC2 Compute Units 8 virtual cores

Medium 3.7 GB, 2 EC2 Compute Units 1 virtual core

M3 XL 15 GB 13 EC2 Compute Units 4 virtual cores EBS storage only

M3 2XL 30 GB 26 EC2 Compute Units 8 virtual cores EBS storage only

Extra Large 15 GB 8 EC2 Compute Units 4 virtual cores

Cluster GPU 4XL 22 GB 33.5 EC2 Compute Units, 2 x NVIDIA Tesla “Fermi” M2050 GPUs

Cluster Compute 4XL 23 GB 33.5 EC2 Compute Units

Cluster Compute 8XL 60.5 GB 88 EC2 Compute Units

High Storage 8XL 117 GB 35 EC2 Compute Units, 24 * 2 TB ephemeral drives 10 GB Ethernet

Hi-Mem Cluster Compute 8XL 244 GB 88 EC2 Compute Units 16 virtual cores 240 GB SSD

EC2 Compute Units

EC2 instance types

EC2 Compute Units

Me

mo

ry (

GB

) Special Storage

Light Spiky

AMI

Amazon Machine Image

Instance

Running or Stopped machine

AZ Availability Zone

S3

EBS EBS EBS EBS EBS EBS

EBS Snapshots

S3 Buckets

Region

EC2 terminology

5 steps to getting

started

1 2 3 4 5

Sign up:

aws.amazon.com

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

You will need

Credit card information – you won’t pay unless you use resources

A telephone – on which to receive an automated security call

1 2 3 4 5

Sign up

You will need

Best practice

Setup billing alerts so you can be notified when levels of spend are reached

If you have existing accounts, consider using consolidated billing to bring them together under one payment

Credit card information – you won’t pay unless you use resources

A telephone – on which to receive an automated security call

1 2 3 4 5

Sign up

750 hours of Amazon EC2 Linux/RedHat/Suse Micro Instance usage

750 hours of Amazon EC2 Microsoft Windows Server Micro Instance usage

750 hours of an Elastic Load Balancer

30 GB of Amazon Elastic Block Storage

5 GB of Amazon S3 standard storage

100 MB of storage, 5 units of write capacity, and 10 units of read capacity for Amazon DynamoDB*

25 Amazon SimpleDB Machine Hours and 1 GB of Storage

1,000 Amazon SWF workflow executions*

1,000,000 Requests of Amazon Simple Queue Service*

1,000,000 Requests, 100,000 HTTP and 1,000 email notifications for Amazon Simple Notification Service*

10 Amazon CloudWatch metrics, 10 alarms, and 1,000,000 API requests*

15 GB of bandwidth out aggregated across all AWS services

750 hours of Amazon RDS for SQL Server Micro DB Instance usage

20 GB of RDS database storage

10 million RDS I/Os

20 GB of backup storage for your automated RDS database backups and any user-initiated DB Snapshots

20 minutes of SD transcoding or 10 minutes of HD transcoding in Amazon Elastic Transcoder*

Free tier http://aws.amazon.com/free/

1 2 3 4 5

Sign up

1 2 3 4 5

Sign up

Create IAM users

IAM users

1 2 3 4 5

Sign up IAM users

Identity and Access Management:

Securely control access to AWS services and resources for your

users

1 2 3 4 5

Sign up IAM users

Account owner

Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs

IAM users/groups

Access to specific services Access to console and/or REST APIs and/or SOAP APIs

1 2 3 4 5

Sign up IAM users

Account owner

Access to all subscribed services Access to billing reports Access to console, REST and SOAP APIs

IAM users/groups

Access to specific services Access to console and/or REST APIs and/or SOAP APIs

Master user

account – owns

payment method

Regular users

1 2 3 4 5

Sign up IAM users

Account

Administrators Developers Applications

Bob

Kevin

Tomcat

Jim Brad

Mark

Susan

Reporting

Console

1 2 3 4 5

Sign up IAM users

Account


Bob

Kevin

Tomcat

Jim Brad

Mark

Susan

Reporting

Console

Multi-factor authentication

Groups

AWS system entitlements

Roles

1 2 3 4 5

Sign up IAM users

Account


Bob

Kevin

Tomcat

Jim Brad

Mark

Susan

Reporting

Console

1 2 3 4 5

Sign up IAM users

{

"Statement": [

{

"Effect": "Allow",

"Action": [

"elasticbeanstalk:*",

"ec2:*",

"elasticloadbalancing:*",

"autoscaling:*",

"cloudwatch:*",

"s3:*",

"sns:*"

],

"Resource": "*"

}

]

}

Policy driven Declarative definition of

rights for groups

Policies control access to

AWS APIs

1 2 3 4 5

Sign up IAM users

1 2 3 4 5

Sign up IAM users

Generate a key pair

Key pairs

1 2 3 4 5

Sign up IAM users Key pairs

Public Key

Inserted by Amazon into each EC2 instance that you launch

Private Key

Downloaded and stored by you

Standard SSH RSA Key pair

Public/Private Keys

Public key provided by AWS to EC2 instance

for secure, personalized, initial, non-generic

access

Supports NIST and other security standards

for providing non-default user access

Instance key pairs

EC2

Instance

Comms secured with private key

1 2 3 4 5


Public Key

Inserted by Amazon into each EC2 instance that you launch

Private Key

Downloaded and stored by you

Instance key pairs

EC2

Instance

Comms secured with private key

Private keys are not

stored by AWS

Standard SSH RSA Key pair

Public/Private Keys

Public key provided by AWS to EC2 instance

for secure, personalized, initial, non-generic

access

Supports NIST and other security standards

for providing non-default user access

1 2 3 4 5


AWS generated keys

Import your own keys

Select your region

Create keys

Give them a name

Private key is generated and downloaded by your browser immediately

Create 1 key pair for all resources or as many as you like (e.g 1 per server type)

You supply only the public key to AWS

1 2 3 4 5


ssh –I eu-west.pem

[email protected]

1. Linux Launch (First Boot)

2. Public Key made available through metadata

3. Instance initialization scripts insert public key into ~/.ssh/authorized_keys

4. User connects with SSH using their Private

Key

1 2 3 4 5



[email protected]





Key

You can’t log into a Linux

instance without key

1 2 3 4 5



[email protected]





Key

Don’t lose it

1 2 3 4 5


1. Windows Launch (First Boot Sequence)


3. Windows runs Sysprep (reboots)

4. Instance initialization scripts:

a) Creates a random Administrator password

b) Encrypts random password with Public Key

c) Reports encrypted password to Windows System Log

5. User retrieves the encrypted password and decrypts it with their Private Key (using AWS Console or API Call)

1 2 3 4 5


Keep

secure Do not

share

Rotate Need to

know

1 2 3 4 5


1 2 3 4 5

Sign up IAM users Key pairs Launch

Launch an instance

1 2 3 4 5


Region

Regions Region

US-WEST (N.

California) EU-WEST (Ireland)

ASIA PAC

(Tokyo)

ASIA PAC

(Singapore)

US-WEST (Oregon)

SOUTH AMERICA (Sao

Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC

(Sydney)

1 2 3 4 5


Wizard

1 2 3 4 5


Choose

key pair

1 2 3 4 5


Choose

machine

image

1 2 3 4 5


What’s this?

1 2 3 4 5


Security groups

Security Group

EC2 Classic EC2 VPC (virtual private cloud)

Inbound only Inbound and outbound

TCP, UDP, ICMP only Any protocol

Assigned at launch Assigned at launch or when running

Modify anytime Modify anytime

instance

Port 80 (HTTP)

Port 22 (SSH)

Name Description Protocol Port range IP Address, range, or another security group

1 2 3 4 5


Launch!

1 2 3 4 5


1 2 3 4 5


Instance

DNS name

1 2 3 4 5


Instance

DNS name Key file EC2 Linux

username

1 2 3 4 5


1 2 3 4 5


sudo yum -y install httpd

sudo chkconfig httpd on

sudo /etc/init.d/httpd start

Let’s install something

Install apache web server

Set it to run as a service

Start the web server

1 2 3 4 5


Added port 80

to group

Security

groups

Open our security group

1 2 3 4 5


Test it by hitting the public DNS name of

the instance

1 2 3 4 5


1 2 3 4 5


Create an image

Image

1 2 3 4 5

Sign up IAM users Key pairs Launch Image

Makes a snapshot of the instance

Creates an image that is private to you

Saves time in deployments and system setup

1 2 3 4 5


Create

image

1 2 3 4 5


Name it

and

create

1 2 3 4 5


Your

AMI

1 2 3 4 5


…and

launch a

new

instance

from the

AMI

1 2 3 4 5


Next Steps

Elastic Load Balancing Create highly scalable applications

Distribute load across EC2 instances in

multiple availability zones

Auto Scaling Automatic re-sizing of compute clusters

based upon demand

Relational Database

Service Database-as-a-Service

No need to install or manage database instances

Scalable and fault tolerant configurations

Next Steps

aws.amazon.com

get started with the free tier

Technology

AWS Summit Nordics - Getting Started With AWS