Anton, Friendlyantz

Software Engineer, interested in back-end and TDD, AI and CyberSec

https://www.cloudcraft.co/ - diagramming https://www.ozbargain.com.au/node/823383 - # eBook The Good Parts of AWS @ Gumroad https://github.com/localstack/localstack - simulation of AWS locally https://encore.dev/

IAM

  • Never use root
  • Sort out IAM users and roles (can be JSONed)
  • Generate access keys for CLI (NEVER SHARE)
aws configure
aws iam list-users
  • Assign MFA

Roles

  • EC2 and Lamba mainly

IAM Security Tools

Budgeting

  1. You need to set up billing acces as root user to other users first: top-right -> Account -> IAM user and role access to Billing information -> Activate IAM Access
  2. as IAM user go to account -> billing
    • Free Tier - forecasting
    • Budgets

EC2

When creating - create Key pair

For Linux 2 - add this user data script (this will be used ONLY on the FIRST launch(once in a lifecycle))

#!/bin/bash
# Use this for your user data (script from top to bottom)
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello World from $(hostname -f)</h1>" > /var/www/html/index.html

Types and Classes

Types: nano, micro, xl, etc etc Classes: General Purpose: t2: Burstable performance instances suitable for small workloads, development, and testing. t3: The next generation of burstable performance instances with improved performance over t2.

Compute Optimized:
    c5: Compute-optimized instances designed for high-performance computing and compute-intensive applications.
    c6g: Compute-optimized instances with Arm-based processors.

Memory Optimized:
    r5: Memory-optimized instances ideal for memory-intensive applications and large databases.
    r6g: Memory-optimized instances with Arm-based processors.

Storage Optimized:
    i3: Storage-optimized instances suitable for applications that require high-performance local storage.
    d3: Dense-storage instances with large HDD storage, suitable for big data and data warehousing.

Accelerated Computing:
    p3: GPU instances optimized for machine learning, deep learning, and high-performance computing.
    g4: GPU instances for graphics-intensive applications and video encoding.

High I/O:
    i3en: High I/O instances with large NVMe SSD storage for I/O intensive workloads.
    hs1: High Storage instances designed for data warehousing and big data processing.

FPGA and ASIC:
    f1: FPGA-based instances for custom hardware acceleration.
    infra: Custom instances with AWS-designed Graviton processors.

Security Groups

Create a separate group for SSH access Sec groups are wrapper around EC2 and are not part of EC2

Security Groups can define other security groups to be able to connect

Leave a comment