Konstantin Vlasenko

An engineer is someone who can make for a dollar what any fool could make for two. – Alan Kay

Tag Archives: amazon

#PowerShell: Register AWS EC2 instances in Amazon Route53 (new way)

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Just in case – Amazon EC2
I use this script https://github.com/konstantinvlasenko/cloud/blob/master/Register-CNAME.ps1 to provide meaningful names for them.
Simple usage:

$config = @{ DomainName = 'mylab.com' }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress

Advanced usage (register in another account; registering A record):

$config = @{ DomainName = 'mylab.com'; AssumeRoles = @{ R53 = @{ ARN = 'arn:aws:iam::600021112340:role/Route53'; SessionName = 'Friends' } }; }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress 'A'

Schedule your Amazon EC2 spot instance startup time

Here I want to explain how to start your Amazon EC2 instance recurrently by scheduling.


I have used the AWS Tools for Windows PowerShell. You can use java command line or python library. The main goal is to explain the idea:

I am going to automate the starting of my Fitnesse server.

Create launch configuration

New-ASLaunchConfiguration Fitnesse -ImageId ami-00000000 -SecurityGroups Fitnesse -InstanceType t1.micro -SpotPrice 0.011

Create Auto Scaling group with MinSize=MaxSize=0

New-ASAutoScalingGroup Fitnesse-AS -LaunchConfigurationName Fitnesse -AvailabilityZones us-east-1a -MinSize 0 -MaxSize 0

Set the Start scheduling action
The core thing is the MinSize=MaxSize=1 and the -Recurrence argument which is in the cron scheduler time format

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Start -MinSize 1 -MaxSize 1 -Recurrence '15 13 * * *'

Optionl (stop event)

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Stop -MinSize 0 -MaxSize 0 -Recurrence '59 23 * * *'

AWS EC2: It is not possible to “sniff” traffic that is intended for a different virtual instance

It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic. Attacks such as ARP cache poisoning do
not work within Amazon EC2 and Amazon VPC. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another’s data, as a standard practice customers should encrypt sensitive traffic – Amazon Web Services: Overview of Security Processes

AWS is built for enterprise security standards

Certifications

Phisical security

  • Datacenters in nondescript facilities
  • Physical access strictly controlled
  • Must pass two-factor authentication at least twice for floor access
  • Physical access logged and audited

HW, SW, Network

  • Systematic change management
  • Phased updates deployment
  • Safe storage decommission
  • Automated monitoring and self-audit
  • Advanced network protection

 

source: Using Amazon Web Services for Disaster Recovery Webinar (16:07)

AWS .NET SimpleDB uses https

So do not be afraid. You are secure.
Declaring Type: Amazon.SimpleDB.AmazonSimpleDBConfig
Assembly: AWSSDK, Version=1.3.8.0

public AmazonSimpleDBConfig()
{
    this.serviceVersion = "2009-04-15";
    this.serviceURL = "https://sdb.amazonaws.com";
    this.userAgent = AWSSDKUtils.SDKUserAgent;
    this.signatureVersion = "2";
    this.signatureMethod = "HmacSHA256";
    this.proxyPort = -1;
    this.maxErrorRetry = 3;
    this.fUseSecureString = true;
}

Using PowerShell for common AWS SimpleDB operations

#Create SimpleDB client

Add-Type -Path "C:\AWS SDK\1.3.8.0\bin\AWSSDK.dll"
$sdb=[Amazon.AWSClientFactory]::CreateAmazonSimpleDBClient('Key Id', 'Secret Key')

#Create Domain

$req = (new-object Amazon.SimpleDB.Model.CreateDomainRequest).WithDomainName('Contacts')
$sdb.CreateDomain($req)

#List Domains

$req = (new-object Amazon.SimpleDB.Model.ListDomainsRequest)
$sdb.ListDomains($req)

#Insert Item

$req = (new-object Amazon.SimpleDB.Model.PutAttributesRequest).WithDomainName('Contacts').WithItemName('user1');
$req.Attribute.Add((new-object Amazon.SimpleDB.Model.ReplaceableAttribute).WithName('FirstName').WithValue('Konstantin'))
$req.Attribute.Add((new-object Amazon.SimpleDB.Model.ReplaceableAttribute).WithName('LastName').WithValue('Vlasenko'))
$sdb.PutAttributes($req)

#Query All Items

$req = (new-object Amazon.SimpleDB.Model.SelectRequest).WithSelectExpression('select * from Contacts')
$sdb.Select($req)

#Query Item

$req = (new-object Amazon.SimpleDB.Model.SelectRequest).WithSelectExpression('select * from Contacts where itemName()="user1"')
$sdb.Select($req)

AT: Moving Ahead With Amazon EC2 (Creating AMI by modifying the existing one)

  1. Login to the AWS Management Console
  2. Switch to EC2 tab
  3. Click on AMIs
  4. Select EBS image and Launch it
  5. Do not select micro or small instance at this step to avoid long running configuration
  6. Click on Instances
  7. Wait ~5 minutes and try to Get Windows Admin Password of your started instance
  8. RDP to your instance by using Public DNS (you can find it at the description tab for the running instance)
  9. Install latest Windows updates
  10. Make your additional changes
  11. Create Image (EBS AMI). Don’t worry about running state of the instance. It will be stopped automatically while making the new AMI.
  12. Click on AMIs
  13. Wait. You should get the new image Owned By Me
  14. Terminate running instance. You don’t need it anymore

AT: Moving Ahead With Amazon EC2 (Building the testing environment)

ATAcceptance Testing
For the first try I decided to build the following very simple Windows lab:

  • Domain Controller with DNS
  • Application Server

Here are some questions that you must have the answer before moving forward:

  • Which amazon images (AMI) to use for the virtual machines? How to create AMI for VMs?
    Actually had no any chance to create the AMI from scratch. Could not argue with anything here…but it is possible. I chose the easiest and fastest option to create AMI by modifying the one from the Amazon Machine Images library.
  • What is the difference between Instance-Store and EBS root devices?

    When you launch your Amazon EC2 instances you have the ability to store your root device data on Amazon EBS or the local instance store. By using Amazon EBS, data on the root device will persist independently from the lifetime of the instance. This enables you to stop and restart the instance at a subsequent time, which similar to shutting down your laptop and restarting it when you need it again.

    Alternatively, the local instance store only persists during the life of the instance. This is an inexpensive way to launch instances where data is not stored to the root device. For example, some customers use this option to run large web sites where each instance is a clone to handle web traffic.

  • In which Amazon Region you are going to implement your testing environment?

    Amazon EC2 provides the ability to place instances in multiple locations. Amazon EC2 locations are composed of Regions and Availability Zones. Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect your applications from failure of a single location. Regions consist of one or more Availability Zones, are geographically dispersed, and will be in separate geographic areas or countries. The Amazon EC2 Service Level Agreement commitment is 99.95% availability for each Amazon EC2 Region. Amazon EC2 is currently available in five regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), and Asia Pacific (Tokyo). – http://aws.amazon.com/ec2/

    I am personally decided to use US East region while my work place is in Russia. The price for instance here is the cheapest!

Connecting to Official Ubuntu Images for EC2

  • Read first
  • To connect to an instance of an official Ubuntu image for EC2, you need to ssh to it as “ubuntu” instead of as “root”.

    • Hmm…what next to do?:)

Why can’t I ssh or ping my brand new Amazon EC2 instance?

I just created a free EC2 instance with all the defaults. It says it’s running in the AWS Management Console. On the “Instance Actions” menu, I click “Connect”. I copy the DNS name provided (looks like ec2-a-dashed-IP-address.compute-1.amazonaws.com) and try to SSH to it. No response. I can’t even ping it. What gives?
answer: http://goo.gl/T6pQD

Follow

Get every new post delivered to your Inbox.