#PowerShell: Register AWS EC2 instances in Amazon Route53 (new way)

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Just in case – Amazon EC2
I use this script https://github.com/konstantinvlasenko/cloud/blob/master/Register-CNAME.ps1 to provide meaningful names for them.
Simple usage:

$config = @{ DomainName = 'mylab.com' }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress

Advanced usage (register in another account; registering A record):

$config = @{ DomainName = 'mylab.com'; AssumeRoles = @{ R53 = @{ ARN = 'arn:aws:iam::600021112340:role/Route53'; SessionName = 'Friends' } }; }
$name = "www.$($config.DomainName)"
# get instances
$instance = (Get-EC2Instance $InstanceId).RunningInstance
# update R53
.\Register-CNAME.ps1 $config $name $instance.PublicIpAddress 'A'

Schedule your Amazon EC2 spot instance startup time

Here I want to explain how to start your Amazon EC2 instance recurrently by scheduling.


I have used the AWS Tools for Windows PowerShell. You can use java command line or python library. The main goal is to explain the idea:

I am going to automate the starting of my Fitnesse server.

Create launch configuration

New-ASLaunchConfiguration Fitnesse -ImageId ami-00000000 -SecurityGroups Fitnesse -InstanceType t1.micro -SpotPrice 0.011

Create Auto Scaling group with MinSize=MaxSize=0

New-ASAutoScalingGroup Fitnesse-AS -LaunchConfigurationName Fitnesse -AvailabilityZones us-east-1a -MinSize 0 -MaxSize 0

Set the Start scheduling action
The core thing is the MinSize=MaxSize=1 and the -Recurrence argument which is in the cron scheduler time format

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Start -MinSize 1 -MaxSize 1 -Recurrence '15 13 * * *'

Optionl (stop event)

Write-ASScheduledUpdateGroupAction -AutoScalingGroupName Fitnesse-AS -ScheduledActionName Stop -MinSize 0 -MaxSize 0 -Recurrence '59 23 * * *'

AWS EC2: It is not possible to “sniff” traffic that is intended for a different virtual instance

It is not possible for a virtual instance running in promiscuous mode to receive or “sniff” traffic that is intended for a different virtual instance. While customers can place their interfaces into promiscuous mode, the hypervisor will not deliver any traffic to them that is not addressed to them. Even two virtual instances that are owned by the same customer located on the same physical host cannot listen to each other’s traffic. Attacks such as ARP cache poisoning do
not work within Amazon EC2 and Amazon VPC. While Amazon EC2 does provide ample protection against one customer inadvertently or maliciously attempting to view another’s data, as a standard practice customers should encrypt sensitive traffic – Amazon Web Services: Overview of Security Processes

AWS is built for enterprise security standards

Certifications

Phisical security

  • Datacenters in nondescript facilities
  • Physical access strictly controlled
  • Must pass two-factor authentication at least twice for floor access
  • Physical access logged and audited

HW, SW, Network

  • Systematic change management
  • Phased updates deployment
  • Safe storage decommission
  • Automated monitoring and self-audit
  • Advanced network protection

 

source: Using Amazon Web Services for Disaster Recovery Webinar (16:07)

AWS .NET SimpleDB uses https

So do not be afraid. You are secure.
Declaring Type: Amazon.SimpleDB.AmazonSimpleDBConfig
Assembly: AWSSDK, Version=1.3.8.0

public AmazonSimpleDBConfig()
{
    this.serviceVersion = "2009-04-15";
    this.serviceURL = "https://sdb.amazonaws.com";
    this.userAgent = AWSSDKUtils.SDKUserAgent;
    this.signatureVersion = "2";
    this.signatureMethod = "HmacSHA256";
    this.proxyPort = -1;
    this.maxErrorRetry = 3;
    this.fUseSecureString = true;
}

Using PowerShell for common AWS SimpleDB operations

#Create SimpleDB client

Add-Type -Path "C:\AWS SDK\1.3.8.0\bin\AWSSDK.dll"
$sdb=[Amazon.AWSClientFactory]::CreateAmazonSimpleDBClient('Key Id', 'Secret Key')

#Create Domain

$req = (new-object Amazon.SimpleDB.Model.CreateDomainRequest).WithDomainName('Contacts')
$sdb.CreateDomain($req)

#List Domains

$req = (new-object Amazon.SimpleDB.Model.ListDomainsRequest)
$sdb.ListDomains($req)

#Insert Item

$req = (new-object Amazon.SimpleDB.Model.PutAttributesRequest).WithDomainName('Contacts').WithItemName('user1');
$req.Attribute.Add((new-object Amazon.SimpleDB.Model.ReplaceableAttribute).WithName('FirstName').WithValue('Konstantin'))
$req.Attribute.Add((new-object Amazon.SimpleDB.Model.ReplaceableAttribute).WithName('LastName').WithValue('Vlasenko'))
$sdb.PutAttributes($req)

#Query All Items

$req = (new-object Amazon.SimpleDB.Model.SelectRequest).WithSelectExpression('select * from Contacts')
$sdb.Select($req)

#Query Item

$req = (new-object Amazon.SimpleDB.Model.SelectRequest).WithSelectExpression('select * from Contacts where itemName()="user1"')
$sdb.Select($req)