Wilson Mar bio photo

Wilson Mar

Hello. Hire me!

Email me Calendar Skype call 310 320-7878

LinkedIn Twitter Gitter Google+ Youtube

Github Stackoverflow Pinterest

https://wilsonmar.github.io/aws-onboarding/

You’ll like it here in the cloud


Overview

This tutorial focuses on getting you setup to access the AWS cloud as a System Administrator.


Tutorials in Amazon’s Qwiklabs use the manual approach, so it’s presented here to provide notes.

## AWS Management Console

  1. Use an internet browser to get on the AWS Console at http://aws.amazon.com/ on web browsers. There are apps for mobile devices:

    AWS Sub-Accounts

  2. Sign-up for an AWS account using the email address of the billing administrator, providing your credit card.

  3. Open AWS Management Console and login as the billing administrator root account.

    PROTIP: Create a sub-account to do work rather than using the account created for billing.

  4. Create a sub-account.

    TODO: Add steps.

  5. Define group roles to permissions.

  6. Grant permissions to each group.

  7. Create sub-accounts.

  8. Assign sub-account users to group roles.

    This sub-account will be used in the remainder of this tutorial.

    NOTE: Groups cannot be nested.

  9. Create a sign-in link, such as:

    https://whatever.signin.aws.amazon.com/console

  10. Delete root access.

    Regions

  11. Sign-in using a sub-account.

    Notice your AWS Console is tied to a particular Availability Zone, such as “us-west-2”:

    https://us-west-2.console.aws.amazon.com/lambda/home?region=us-west-2

    NOTE: Baking different zones into Console URLs makes for more direct connections and removes issues from using a single URL/DNS.

    The AWS Management Console is now used for manual review of one Availability Zone at a time.

    Set icon bar with your favorite services

  12. There are several ways to select a service. One is clicking the icon in the gallery.

  13. Copy the public DNS to clipboard, for example:

    ec2-11-22-33-444-compute-1.amazonaws.com

  14. Download the PEM/PPK.

IAM

AWS Identity and Access Management (IAM) controls access to users, groups, roles, and policies.

  1. Assign permissions to make

  2. List users:

    aws iam list-users --query Users[*].UserName

  3. List groups which the user belongs to :

    aws iam list-groups-for-user --username ???

Services and Categories

Automation coming

In enterprises today, servers are built by scripts and configuration files generated from templates. This is so the build process can be debugged and changed slightly through the lifecycle from test to prod.

Instead of clicking and typing, server administrators work with template files in JSON format for Cloud Formation to process.

The next step up is to use Atlas which generates
JSON files based on information typed into their web Consoles.

AWS CLI

The command line interface is used by programs rather than the manual Console.

These inputs to generators (and the generator code) are saved in version control systems like Git.

  1. Install AWS CLI:

    brew update
    brew install awscli

    the response I got on 20 Jun 2016:

    ==> Downloading https://homebrew.bintray.com/bottles/awscli-1.10.39.el_capitan.b
    ######################################################################## 100.0%
    ==> Pouring awscli-1.10.39.el_capitan.bottle.tar.gz
    ==> Caveats
    The "examples" directory has been installed to:
      /usr/local/share/awscli/examples
    
    Add the following to ~/.bashrc to enable bash completion:
      complete -C aws_completer aws
    
    Add the following to ~/.zshrc to enable zsh completion:
      source /usr/local/share/zsh/site-functions/_aws
    
    Before using awscli, you need to tell it about your AWS credentials.
    The easiest way to do this is to run:
      aws configure
    
    More information:
      https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
    
    zsh completion has been installed to:
      /usr/local/share/zsh/site-functions
    ==> Summary
    🍺  /usr/local/Cellar/awscli/1.10.39: 2,778 files, 19.8M
    
  2. Verify what version you have installed:

    aws --version

    Sample response (June 4, 2016):

    aws-cli/1.10.38 Python/2.7.11 Darwin/15.5.0 botocore/1.4.28
    

    NOTE: Python 2.7 is being used, not Python 3. The Python package botocore on GitHub provides a low-level foundation for AWS CLI software.

  3. To enable bash completion for aws commands:

    echo ‘complete -C aws_completer aws’ » ~/.bashrc

  4. To configure IAM:

    aws configure

    The default region name is us-west-2.

    The default output format is json.

  5. For a list of commands:

    aws command help

    See http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-using.html

Git

Git-History

Invoke-History 13

Linux AMIs

Types of operating system AMI:

  • Amazon Linux 2014.09.2 (CentOS)
  • Red Hat Enterprise Linux 6.6 (RHEL)
  • SUSE Linux Enterprise Server 12
  • Ubuntu Server 14.04

Advanced User Data

https://gist.github.com/mikepfeiffer/

   
  • https://aws.amazon.com/powershell
    AWS Powershell for Windows</a>

    aws Get-AWSCredentials -ListProfiles

Diagrams

ProcessOn.com provides a free on-line tool to draw diagrams such as this

At architecture/icons Amazon provides a sample .PPTX (PowerPoint 2010+) file (AWS_Simple_Icons_PPT_v16.2.22.zip). Lines used to illustrate the hierarchy:

PROTIP: Use different colors for lines and text to reduce visual confusion.

You can also download a zip containing .png and .svg files of icons (AWS_Simple_Icons_EPS-SVG_v16.2.22.zip).

People

  • Matt Wood, @mza, Product Strategy @ Amazon Web Services

Social

Tutorial Rock Stars and their presentations

Jeff Barr (@jeffbarr), AWS Chief Evangelist makes announcements of all new stuff at the company’s AWS Blog and #AWS Twitter hash-tag

Yan Kurniawan

J O’connner:

  • http://joconner.com/

Ryan Scott Brown @ryan_sb

  • https://serverlesscode.com/post/new-ssl-tls-cert-manager-acm/

AWS Certifications

AWS Training Resources

More on Amazon

This is one of a series on Amazon: