Getting Started with AWS provides an overview of key AWS services for getting started, including:
1) Setting up an AWS account and creating IAM users for access management.
2) Generating a key pair for logging into EC2 instances securely.
3) Launching an EC2 instance, installing software, and making it publicly accessible via a security group.
4) Creating an AMI from the instance for reusable deployments.
5) Next steps like using ELB, Auto Scaling, and RDS.
2. Compute
Vertical Scaling
From $0.02/hr
Elastic Compute Cloud (EC2)
Basic unit of compute capacity
Range of CPU, memory & local disk options
18 Instance types available, from micro to cluster compute
Feature Details
Flexible Run Windows or Linux distributions
Scalable Wide range of instance types from micro to cluster compute
Machine Images Configurations can be saved as machine images (AMIs) from which new instances can be created
Full control Full root or administrator rights
Secure Full firewall control via Security Groups
Monitoring Publishes metrics to Cloud Watch
Inexpensive On-demand, Reserved and Spot instance types
VM Import/Export Import and export VM images to transfer configurations in and out of EC2
3. 256
128
64
32
16
8
4
2
1
1 2 4 8 16 32 64 128 256
EC2 instance types
High I/O 4XL 60.5 GB
35 EC2 Compute Units
16 virtual cores
2*1024 GB SSD-based local instance
storage
Memory(GB)
Small 1.7 GB,
1 EC2 Compute
Unit
1 virtual core
Micro 613 MB
Up to 2 ECUs (for
short bursts)
Large 7.5 GB
4 EC2 Compute
Units
2 virtual cores
Hi-Mem XL 17.1 GB
6.5 EC2 Compute
Units
2 virtual cores
Hi-Mem 2XL 34.2 GB
13 EC2 Compute
Units
4 virtual cores
Hi-Mem 4XL 68.4 GB
26 EC2 Compute
Units
8 virtual cores
High-CPU Med 1.7
GB
5 EC2 Compute
Units
2 virtual cores
High-CPU XL 7 GB
20 EC2 Compute
Units
8 virtual cores
Medium 3.7 GB,
2 EC2 Compute
Units
1 virtual core
M3 XL 15 GB
13 EC2 Compute
Units 4 virtual
cores
EBS storage only
M3 2XL 30 GB
26 EC2 Compute
Units 8 virtual
cores
EBS storage only
Extra Large 15 GB
8 EC2 Compute
Units
4 virtual cores
Cluster GPU 4XL 22 GB
33.5 EC2 Compute Units,
2 x NVIDIA Tesla “Fermi”
M2050 GPUs
Cluster Compute 4XL 23 GB
33.5 EC2 Compute Units
Cluster Compute 8XL 60.5
GB
88 EC2 Compute Units
High Storage 8XL 117 GB
35 EC2 Compute Units,
24 * 2 TB ephemeral
drives
10 GB Ethernet
Hi-Mem Cluster Compute 8XL
244 GB
88 EC2 Compute Units
16 virtual cores
240 GB SSD
EC2 Compute Units
10. 1 2 3 4 5
Sign up
You will need
Credit card information – you won’t pay unless you use resources
A telephone – on which to receive an automated security call
11. 1 2 3 4 5
Sign up
You will need
Best practice
Setup billing alerts so you can be notified when levels of spend are
reached
If you have existing accounts, consider using consolidated billing to
bring them together under one payment
Credit card information – you won’t pay unless you use resources
A telephone – on which to receive an automated security call
12. 1 2 3 4 5
Sign up
750 hours of Amazon EC2 Linux/RedHat/Suse Micro Instance usage
750 hours of Amazon EC2 Microsoft Windows Server Micro Instance usage
750 hours of an Elastic Load Balancer
30 GB of Amazon Elastic Block Storage
5 GB of Amazon S3 standard storage
100 MB of storage, 5 units of write capacity, and 10 units of read capacity for Amazon DynamoDB*
25 Amazon SimpleDB Machine Hours and 1 GB of Storage
1,000 Amazon SWF workflow executions*
1,000,000 Requests of Amazon Simple Queue Service*
1,000,000 Requests, 100,000 HTTP and 1,000 email notifications for Amazon Simple Notification Service*
10 Amazon CloudWatch metrics, 10 alarms, and 1,000,000 API requests*
15 GB of bandwidth out aggregated across all AWS services
750 hours of Amazon RDS for SQL Server Micro DB Instance usage
20 GB of RDS database storage
10 million RDS I/Os
20 GB of backup storage for your automated RDS database backups and any user-initiated DB Snapshots
20 minutes of SD transcoding or 10 minutes of HD transcoding in Amazon Elastic Transcoder*
Free tier http://aws.amazon.com/free/
15. 1 2 3 4 5
Sign up IAM users
Identity and Access Management:
Securely control access to AWS
services and resources for your
users
16. 1 2 3 4 5
Sign up IAM users
Account owner
Access to all subscribed services
Access to billing reports
Access to console, REST and SOAP APIs
IAM users/groups
Access to specific services
Access to console and/or REST APIs and/or SOAP APIs
17. 1 2 3 4 5
Sign up IAM users
Account owner
Access to all subscribed services
Access to billing reports
Access to console, REST and SOAP APIs
IAM users/groups
Access to specific services
Access to console and/or REST APIs and/or SOAP APIs
Master user
account – owns
payment method
Regular users
18. 1 2 3 4 5
Sign up IAM users
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
19. 1 2 3 4 5
Sign up IAM users
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
Multi-factor authentication
Groups
20. AWS system entitlements
Roles
1 2 3 4 5
Sign up IAM users
Account
Administrators Developers Applications
Bob
Kevin
Tomcat
Jim Brad
Mark
Susan
Reporting
Console
21. 1 2 3 4 5
Sign up IAM users
{
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*"
],
"Resource": "*"
}
]
}
Policy driven
Declarative definition of
rights for groups
Policies control access to
AWS APIs
23. 1 2 3 4 5
Sign up IAM users
Generate a key pair
Key pairs
24. 1 2 3 4 5
Sign up IAM users Key pairs
Public Key
Inserted by Amazon into each
EC2 instance that you launch
Private Key
Downloaded and stored by
you
Standard SSH RSA Key pair
Public/Private Keys
Public key provided by AWS to EC2 instance
for secure, personalized, initial, non-generic
access
Supports NIST and other security standards
for providing non-default user access
Instance key pairs
EC2
Instance
Comms secured
with private key
25. 1 2 3 4 5
Sign up IAM users Key pairs
Public Key
Inserted by Amazon into each
EC2 instance that you launch
Private Key
Downloaded and stored by
you
Instance key pairs
EC2
Instance
Comms secured
with private key
Private keys are not
stored by AWS
Standard SSH RSA Key pair
Public/Private Keys
Public key provided by AWS to EC2 instance
for secure, personalized, initial, non-generic
access
Supports NIST and other security standards
for providing non-default user access
26. 1 2 3 4 5
Sign up IAM users Key pairs
AWS generated keys
Import your own keys
Select your region
Create keys
Give them a name
Private key is generated and downloaded by your browser immediately
Create 1 key pair for all resources or as many as you like (e.g 1 per server type)
You supply only the public key to AWS
27. 1 2 3 4 5
Sign up IAM users Key pairs
ssh –I eu-west.pem
ec2-user@publicdns.amazonaws.com
1. Linux Launch (First Boot)
2. Public Key made available through metadata
3. Instance initialization scripts insert public key
into ~/.ssh/authorized_keys
4. User connects with SSH using their Private
Key
28. 1 2 3 4 5
Sign up IAM users Key pairs
ssh –I eu-west.pem
ec2-user@publicdns.amazonaws.com
1. Linux Launch (First Boot)
2. Public Key made available through metadata
3. Instance initialization scripts insert public key
into ~/.ssh/authorized_keys
4. User connects with SSH using their Private
Key
You can’t log into a Linux
instance without key
29. 1 2 3 4 5
Sign up IAM users Key pairs
ssh –I eu-west.pem
ec2-user@publicdns.amazonaws.com
1. Linux Launch (First Boot)
2. Public Key made available through metadata
3. Instance initialization scripts insert public key
into ~/.ssh/authorized_keys
4. User connects with SSH using their Private
Key
Don’t lose it
30. 1 2 3 4 5
Sign up IAM users Key pairs
1. Windows Launch (First Boot Sequence)
2. Public Key made available through metadata
3. Windows runs Sysprep (reboots)
4. Instance initialization scripts:
a) Creates a random Administrator password
b) Encrypts random password with Public Key
c) Reports encrypted password to Windows System Log
5. User retrieves the encrypted password and decrypts it with their Private Key (using
AWS Console or API Call)
31. 1 2 3 4 5
Sign up IAM users Key pairs
Keep
secure
Do not
share
Rotate Need to
know
33. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Launch an instance
34. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Region
35. Regions
Region
US-WEST (N.
California) EU-WEST (Ireland)
ASIA PAC
(Tokyo)
ASIA PAC
(Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao
Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
36. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Wizard
37. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Choose
key pair
38. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Choose
machine
image
39. 1 2 3 4 5
Sign up IAM users Key pairs Launch
What’s this?
40. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Security groups
Security
Group
EC2 Classic EC2 VPC (virtual private cloud)
Inbound only Inbound and outbound
TCP, UDP, ICMP only Any protocol
Assigned at launch Assigned at launch or when running
Modify anytime Modify anytime
instance
Port 80
(HTTP)
Port 22
(SSH)
Name
Description
Protocol
Port range
IP Address, range, or another security group
41. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Launch!
46. 1 2 3 4 5
Sign up IAM users Key pairs Launch
sudo yum -y install httpd
sudo chkconfig httpd on
sudo /etc/init.d/httpd start
Let’s install something
Install apache web server
Set it to run as a service
Start the web server
47. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Added port 80
to group
Security
groups
Open our security group
48. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Test it by hitting the public DNS name of
the instance
50. 1 2 3 4 5
Sign up IAM users Key pairs Launch
Create an image
Image
51. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
Makes a snapshot of the instance
Creates an image that is private to you
Saves time in deployments and system setup
52. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
Create
image
53. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
Name it
and
create
54. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
Your
AMI
55. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
…and
launch a
new
instance
from the
AMI
56. 1 2 3 4 5
Sign up IAM users Key pairs Launch Image
57. Next Steps
Elastic Load Balancing
Create highly scalable applications
Distribute load across EC2 instances in
multiple availability zones
Auto Scaling
Automatic re-sizing of compute clusters
based upon demand
Relational Database
Service
Database-as-a-Service
No need to install or manage database instances
Scalable and fault tolerant configurations