Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
howtos:cloud:aws_ec2 [2020/07/05 16:35 (UTC)] – bifferos | howtos:cloud:aws_ec2 [2020/07/07 00:49 (UTC)] – [Security] bifferos |
---|
===== Security ===== | ===== Security ===== |
| |
A quick word about security. We will not be making use of the service provided by AWS which furnishes your instance with keypairs, because we won't be installing the agent process that does that. This saves a bit of time for unsupported operating systems like Slackware, but it means you need to sort out how to get access to your instance after it starts. I strongly suggest you | A quick word about security. We will not be making use of the service provided by AWS which furnishes your instance with key pairs, because we won't be installing the agent process that does that. This saves a bit of time for unsupported operating systems like Slackware, but it means you need to sort out how to get access to your instance after it starts. I strongly suggest you |
| |
- Upload a public key to the account you'll use to access your instance, e.g. with ssh-copy-id. | - Upload a public key to the account you'll use to access your instance, e.g. with ssh-copy-id. |
- Reboot and ensure you still have access using your private key. | - Reboot and ensure you still have access using your private key. |
- Double-check that you cannot login using the password that would normally work on the VM console for your user. | - Double-check that you cannot login using the password that would normally work on the VM console for your user. |
| <note important>Within an hour of your instance becoming live it will be logging access attempts by Russian hackers. AWS address ranges are scanned regularly for vulnerabilities precisely because so many users screw up their security. Don't be caught out.</note> |
Of course, how secure your instance is will ultimately be your responsibility, this is just advice. | |
| |
===== Disk Formats ===== | ===== Disk Formats ===== |
</code> | </code> |
| |
Change vmdk to vhd(x) depending on the format you’re using (it’s not detected by the import process). Choose a description to describe you storage. You may want to put a version in there as I’ve done if you make several attempts at this. Put the presigned URL in the Url field, save the file, and then run: | Change vmdk to vhd(x) depending on the format you’re using (it’s not detected by the import process). Choose a description to describe your storage. You may want to put a version in there as I’ve done if you make several attempts at this. Put the presigned URL in the Url field, save the file, and then run: |
| |
<code> | <code> |
===== Connect to an Instance ===== | ===== Connect to an Instance ===== |
| |
You can now create an instance. Any instance will do, a t2.micro will have 1 CPU and plenty of RAM to boot Slackware. Shut down the instance, disconnect it's root drive. You can delete the root EBS volume supplied with that instance if you want because we'll create another one. There's no point in paying for anything you don't use. | You can now create an instance. Any instance will do, a t2.micro will have 1 CPU and plenty of RAM to boot Slackware. Shut down the instance, disconnect its root drive. You can delete the root EBS volume supplied with that instance if you want because we'll create another one. There's no point in paying for EBS storage you don't need. |
| |
You can then use the AWS Console to create an EBS volume from your uploaded snapshot, and attach the EBS volume as the root device of your instance. Make sure you specify the device as /dev/sda, to ensure it will be the root device. I found this slightly confusing because it's actually /dev/xvda in the running instance but there you go. | You can then use the AWS Console to create an EBS volume from your uploaded snapshot, and attach the EBS volume as the root device of your instance. Make sure you specify the device as /dev/sda, to ensure it will be the root device. I found this slightly confusing because it's actually /dev/xvda in the running instance but there you go. |