creating a VPC and subnets via an AWS CloudFormation template

In this exercise, you will start laying the infrastructure for the course project by creating a VPC and subnets via an AWS CloudFormation template. You will create more AWS resources in these subnet in the subsequent exercises. 
You will also create an Amazon EC2 instance and learn how to connect to it using an SSH client. You use an SSH client for remote login and administration over an authenticated secure channel. You will then look at the log files on the instance and extract information from the instance metadata and user data script.

To get started, follow the steps below.

1. Launch an AWS CloudFormation template to create VPC and subnets.

In this section, you will create a VPC and subnets by launching an AWS CloudFormation template. If you are familiar with AWS CloudFormation, you may want to attempt to complete this section by using the properties below before reading the step-by-step instructions.

Region: Oregon (us-west-2) 
CloudFormation template: Download template 
Name of the stack: edx-vpc-stack 

2. Launch an Amazon EC2 instance with a user data script in a VPC.

In this section, you will launch an Amazon EC2 instance with an user data script. If you are familiar with Amazon EC2, you may want to attempt to complete this section by using the properties below before reading the step-by-step instructions.

Region: Oregon (us-west-2) 
Amazon Machine Image (AMI): Amazon Linux AMI 
Instance Type: t2.micro 
Network VPC: edx-build-aws-vpc 
Subnet: edx-subnet-public-a 
User data script: Download 
Tag: Ex3WebServer 
Security group name: exercise3-sg 
Security group rules: Allow HTTP and SSH 
Key Pair: Create a new key pair and save it for later use. 

• In the AWS Console, click Services, then click EC2 to open the EC2 dashboard.
• At the top right corner, select the US West (Oregon) region.
• From the EC2 dashboard, click Launch Instance.
• On the Choose an Amazon Machine Image (AMI) page, select Amazon Linux AMI by clicking Select. This AMI is free-tier eligible.
• On the Choose an Instance Type page, select t2.micro.
• Click Next: Configure Instance Details.
• For Network, select edx-build-aws-vpc.
• For Subnet, select edx-subnet-public-a.
• Leave the defaults and scroll down to the Advanced Details section and expand it.
• Download the user data script and copy and paste the contents of the script in the text area.
• Click Next: Add Storage. Skip through this page and click Next: Add Tags.
• Click Add Tag.
• In the Key textbox, type Name
• In the Value textbox, type Ex3WebServer
• Click Next: Configure Security Group. Note that the wizard gives you an option to create a new security group or select an existing one. For this exercise, leave the default chosen option, Create a new security group.
• For Security group name, type exercise3-sg
• Click Add Rule.
• For Type, leave Custom TCP Rule selected.
• For Port Range, type 80
• For Source, type 0.0.0.0/0
• Note: The inbound rule for SSH is added by default.
• Click Review and Launch.
• On the Review Instance Launch page, review the details and click Launch.
• When prompted for a key pair, select Create a new key pair, enter a name for the key pair, and then click Download Key Pair.
Note: This is the only chance for you to save the private key file, so be sure to download it. You will use the same key pair for all subsequent exercises in the course. Save the private key file in a safe place. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.
• Select the acknowledgement check box, and then click Launch Instances.
• Click View Instances to return to the instances page.
• On the Instances page, you can view the status of the launch. It can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks. You can view this information in the Status Checks column. 
  Note: It takes a few minutes for the status checks to pass. Wait until the status checks changes from Initializing to 2/2 checks passed.
• Once the instance is ready, select the instance and note down the IPv4 Public IP found in the Descriptions tab at the bottom.
• Paste the public IP address of your instance in your web browser to display the welcome web page. This page is now displaying dynamic information about your server.

3. Connect to your Amazon EC2 instance.

In this section, you will connect to your Amazon EC2 instance via SSH. An SSH connection requires port 22 to be open on your network. You may need to contact your network administrator to ensure that this is open.

For MAC/Linux users:

• Open the Terminal application.
• Type the commands below. In both commands, replace PATH-TO-PEM-FILE with a reference to the .pem file that you downloaded while launching the instance. In the second command, replace PUBLIC-IP with the IPv4 Public IP of the instance.

chmod 400 PATH-TO-PEM-FILE 
ssh -i PATH-TO-PEM-FILE ec2-user@PUBLIC-IP 


• You will see a prompt like the one below. Answer yes to the prompt.

The authenticity of host '54.201.7.240 (54.201.7.240)' can't be established. ECDSA key fingerprint is SHA256:TrCPkFBL0F+pTp3LH+UGFPhGjl7N4qaoLucu21RWsRM. Are you sure you want to continue connecting (yes/no)?

• Install PuTTY.
• PuTTY does not natively support the private key format (.pem) generated by Amazon EC2. PuTTY has a tool named PuTTYgen, which can convert keys to the required PuTTY format (.ppk). You must convert your private key into this format (.ppk) before attempting to connect to your instance using PuTTY. To convert your private key (.pem file) using PuTTYgen, follow the instructions below:
  • Start PuTTYgen.
  • Under Type of key to generate, select RSA.
  • Click Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pem file, select the option to display files of all types.
  • Select your .pem file for the key pair that you specified when you launched your instance, and then click Open. Click OK to dismiss the confirmation dialog box.
  • Click Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a warning about saving the key without a passphrase. Click Yes.
  • Specify the same name for the key that you used for the key pair (for example, my-key-pair). PuTTY automatically adds the .ppk file extension. 
    Your private key is now in the correct format for use with PuTTY. You can now connect to your instance using PuTTY's SSH client.
• Start PuTTY.
• In the Category pane, click Session.
In the Host Name text box, type ec2-user@IP-ADDRESS, where IP-ADDRESS is the public IP address of your Amazon EC2 instance.
• In the Category pane, expand Connection, expand SSH, and then click Auth.
• Click Browse.
• Select the .ppk file that you generated for your key pair, and then click Open.
• If you plan to start this session again later, you can save the session information for future use. In the Categorytree, select Session, enter a name for the session in Saved Sessions, and then click Save.
• Click Open to start the PuTTY session. PuTTY will ask whether you wish to cache the server’s host key. Click Yes.

4. View log file, query instance metadata, and user data.

In this section, you will inspect the cloud-init logs to verify the steps in the UserData script executed on the Amazon EC2 Instance. Then, you will query the instance metadata service from the Amazon EC2 instance so that you can see how your application is printing information about itself on the welcome page.

• To view the log file, type the command below in your instance terminal.

cat /var/log/cloud-init-output.log

Explore the log file to see the log entries generated for installing the user data script.
• To view the instance metadata, type the command below:

curl http://169.254.169.254/latest/meta-data/

• Execute the command below to get the instance identity document of your instance:

curl http://169.254.169.254/latest/dynamic/instance-identity/document

• Execute the command below to get the instance public IP address:

curl http://169.254.169.254/latest/meta-data/public-ipv4

• Execute the command below to get the MAC address of the instance:

curl http://169.254.169.254/latest/meta-data/mac

• Execute the command below to get the VPC ID in which the instance resides. Make sure to replace Your-MAC in the command below with the MAC address of your instance:

curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/Your-MAC/vpc-id

• Execute the command below to get the subnet-id in which the instance resides. Make sure to replace Your-MACin the command below with the MAC address of your instance:

curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/Your-MAC/subnet-id

• Execute the command below to get the instance user data:

curl http://169.254.169.254/latest/user-data

• Go to the EC2 dashboard in your console, locate the Amazon EC2 instance you created and verify the public IP address, the VPC ID and the subnet-id of the instance you just queried in the instance terminal. You should be able see this information in the Description tab at the bottom.

5. Terminate the Amazon EC2 instance.

• In the AWS Console, click Services, then click EC2 to open the EC2 dashboard.
• In the navigation pane, click Instances. In the list of instances, select the Ex3WebServer instance.
• Click Actions, Instance State, Terminate.
• Click Yes, Terminate when prompted for confirmation.
• Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it remains visible on the console for a short while, and then the entry is deleted.

眼鏡蛇

posted on 2018-04-19 11:10 眼鏡蛇 閱讀(147) 評論(0)  編輯  收藏 所屬分類: AWS