AWS Certified Solutions Architect Study Guide. David Higby Clinton

Чтение книги онлайн.

Читать онлайн книгу AWS Certified Solutions Architect Study Guide - David Higby Clinton страница 25

AWS Certified Solutions Architect Study Guide - David Higby Clinton

Скачать книгу

to a user or resource, they'll gain access to whichever resources were included in the role policies.

      Using roles, you can give a limited number of entities (other resources or users) exclusive access to resources like your EC2 instances. But you can also assign an IAM role to an EC2 instance so that processes running within it can access the external tools—like an RDS database instance—it needs to do its work.

      You'll learn more about IAM in Chapter 6, “Authentication and Authorization—AWS Identity and Access Management.”

      NAT Devices

      Sometimes you'll need to configure an EC2 instance without a public IP address to limit its exposure to the network. Naturally, that means it won't have any Internet connectivity. But that can present a problem because you'll probably still need to give it Internet access so that it can receive security patches and software updates.

      NAT will be discussed at greater length in Chapter 4.

      Key Pairs

      As any professional administrator will know, remote login sessions on your running instances should never be initiated over unencrypted plain‐text connections. To ensure properly secured sessions, you'll need to generate a key pair, save the public key to your EC2 server, and save its private half to your local machine. If you're working with a Windows AMI, you'll use the private key file to retrieve the password you'll need to authenticate into your instance. For a Linux AMI, the private key will allow you to open an SSH session.

      Each key pair that AWS generates for you will remain installed within its original region and available for use with newly launched instances until you delete it. You should delete the AWS copy in the event your public key is lost or exposed. Just be careful before you mess with your keys—your access to an instance might depend on it.

      The EC2 Auto Scaling service offers a way to both avoid application failure and recover from it when it happens. Auto Scaling works by provisioning and starting on your behalf a specified number of EC2 instances. It can dynamically add more instances to keep up with increased demand. And when an instance fails or gets terminated, Auto Scaling will automatically replace it.

      Launch Configurations

      When you create an instance manually, you have to specify many configuration parameters, including an AMI, instance type, SSH key pair, security group, instance profile, block device mapping, whether it's EBS optimized, placement tenancy, and user data, such as custom scripts to install and configure your application. A launch configuration is essentially a named document that contains the same information you'd provide when manually provisioning an instance.

      You can create a launch configuration from an existing EC2 instance. Auto Scaling will copy the settings from the instance for you, but you can customize them as needed. You can also create a launch configuration from scratch.

      Launch configurations are for use only with EC2 Auto Scaling, meaning you can't manually launch an instance using a launch configuration. Also, once you create a launch configuration, you can't modify it. If you want to change any of the settings, you have to create an entirely new launch configuration.

      Launch Templates

      Launch templates are similar to launch configurations in that you can specify the same settings. But the uses for launch templates are more versatile. You can use a launch template with Auto Scaling, of course, but you can also use it for spinning up one‐off EC2 instances or even creating a spot fleet.

      

If you have an existing launch configuration, you can copy it to a launch template using the AWS web console. There's no need to create launch templates from scratch!

      Create a Launch Template

      In this exercise, you'll create a launch template that installs and configures a simple web server. You'll then use the launch template to manually create an instance.

      1 In the EC2 Dashboard, click Launch Templates.

      2 Click the Create Launch Template button.

      3 Give the launch template a name such as MyTemplate.

      4 Click the Search For AMI link to locate one of the Ubuntu Server LTS AMIs (make sure the AMI you choose uses the 64‐bit x86 architecture and not 64‐bit ARM).

      5 For Instance Type, select t2.micro.

      6 Under Security Groups, select a security group that allows inbound HTTP access. Create a new security group if necessary.

      7 Expand the Advanced Details section and enter the following in the User Data field: #!/bin/bash apt-get update apt-get install -y apache2 echo "Welcome to my website"> index.html cp index.html /var/www/html

      8 Click the Create Launch Template button.

      9 Click the Launch Instance From This Template link.

      10 Under

Скачать книгу