An Architect's vision

  X.509 certificates contain a public key and additional metadata (like an expiration date that AWS verifies when you upload the certificate). Each certificate is associated with a private key. When you create a request, you create a digital signature with your private key and then include that signature in the request, along with your certificate. AWS verifies that you're the sender by decrypting the signature with the public key that is in your certificate. AWS also verifies that the certificate you sent matches the certificate that you uploaded to AWS. Use X.509 certificates only when you must sign SOAP-based requests. In all other cases, use access keys.

  Key pairs consist of a public and private key, where you use the private key to create a digital signature, and then AWS uses the corresponding public key to validate the signature. Key pairs are used only for Amazon EC2 and Amazon CloudFront. For Amazon EC2, you use key pairs to access Amazon EC2 instances like when you use SSH to log in to a Linux instance. For more information, see Connecting to Amazon EC2 Instances in the Amazon Elastic Compute Cloud Developer Guide .

Access keys consist of an access key ID (like AKIAIOSFODNN7EXAMPLE) and a secret access key (like wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign programmatic requests that you make to AWS whether you're using the AWS SDK, REST, or Query APIs. The AWS SDKs use your access keys (which you store as part of the application) to sign requests for you so that you don't have to handle the signing process. If you're unable to use the AWS SDK, you can sign requests manually. Access keys are also used with command line interfaces (CLIs). When you use a CLI, the commands that you issue are signed by your access keys, which you can either pass with the command or store as configuration settings on your computer. You can also create and use tem

AWS Multi-Factor Authentication (AWS MFA) provides an extra level of security that you can apply to your AWS environment. With AWS MFA enabled, when you sign in to an AWS website, you are prompted for your username and password, as well as for an authentication code from an MFA device. Taken together, these multiple factors provide increased security for your AWS account settings and resources. You can enable MFA for the root account and for IAM users.

  If you have multiple individuals or applications that require access to your AWS account, AWS Identity and Access Management (IAM) lets you create unique IAM user identities. Each user can use their own user names and passwords to sign in to the AWS Management Console, AWS Discussion Forums, or AWS Support Center. In some cases, an IAM user name and password are required to use a service, such as sending email with SMTP by using Amazon Simple Email Service.

When you sign up for AWS, you provide an email address and password that is associated with your AWS account. You use these credentials to sign in to secure AWS web pages like the AWS Management Console, AWS Discussion Forums, or AWS Support Center. The account email address and password are root-level credentials, meaning anyone that uses these credentials has full access to all resources in the account. We recommend instead that you can use an IAM user name and password to sign in to AWS web pages.

Following 5 different types of security features are used in AWS Email address and password IAM user name and password Multi-Factor Authentication (MFA) Access keys (access key ID and secret access key) Key pairs

healthy-threshold    How many consecutive successful checks before marking node as InService unhealthy-threshold   How many consecutive failed checks before marking node as OutOfService Example: The Unhealthy Threshold is set to 2 by default – this means that after two failed ping health  checks the instance will be marked as unhealthy and the web server will be disabled in the ELB configuration.

Ans is No. If AMI is EBS backed AMI, nothing is going to happen with restart. You can get the data stored on C:\ drive as well. Only Public DNS: entry will be changed.

In that case, we need to open Port 80 from the EC2 instance using " Windows Firewall and Security Option "

Get the ID of the Amazon EBS volume and the Availability Zone of a running instance for which you want to increase the root storage size. Stop the instance. Detach the original volume from the instance. Create a snapshot of the detached volume. Create a new volume from the snapshot by specifying a larger size. Attach the new volume to the stopped instance. Start the instance and get the new IP address/hostname. Connect to the instance using the new IP address/hostname. Resize the root file system to the extent of the new Amazon EBS volume. Check the size of the root device. The root device now shows the increased size. (Optional) Delete the old Amazon EBS volume, if you no longer need it. The following are the tasks for creating a snapshot of the root device of an instance store-backed instance. The snapshot is created using an Amazon EBS volume. We can use this snapshot to create a new EBS-backed AMI or to launch another instance.

All AMIs are categorized as following 1. backed by Amazon EBS   It means that the root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot. 2. backed by instance store .  It means that the root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3.

By default, the root device volume for an AMI backed by Amazon EBS is deleted when the instance terminates. To change the default behavior, set the DeleteOnTermination flag to false in the instance's block device mapping. AWS Management Console To change the root device volume to persist when you launch an instance Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/ . From the Amazon EC2 console dashboard, click Launch Instance . On the Choose an Amazon Machine Image (AMI) page, choose the AMI to use and click Select . Follow the wizard to complete the Choose an Instance Type and Configure Instance Details pages. On the Add Storage page, deselect the Delete On Termination check box for the Root volume. Complete the remaining wizard pages, and then click Launch . You can verify the setting by viewing details for the root device volume on the instance's details pane in the AWS Management Console. Next to Block

Go to mstsc Click option Go to Local Resources TAB Go to Local Devices and Resources section  Click More Select the drive you want to share press ok Then connect  Now you can share the desired files from your local desktop to AWS EC2 windows instance

When you stop and then start your back-end EC2 instances associated with your load balancer, ·          It is  recommend that you de-register your stopped instance from your load balancer, ·          and then re-register the restarted instance. Failure to do so may prevent the load balancer from routing the traffic to the restarted instance. 

Once you understand how IP addresses and DNS names are affected when different actions are performed, you start to realize the importance of using remappable IP addresses such as Elastic IPs for front end servers in the cloud.   Elastic IP  provides a way of maintaining the same public facing IP address even when the associated virtual machine instance is changed.

Rebooting  Rebooting is simple booting while already running. When you perform a reboot, the same virtual machine instance is rebooted.  The original virtual machine instance that was provisioned to you is never returned back to Amazon.  The public IP address will not change. Restart When you stop a server, the associated instance is actually terminated.  Therefore, when you restart the server, another virtual machine instance will be provisioned to you, so it will have new and different public and private IP addresses.

Log on to the computer using the Administrator account. Click Start , click Control Panel , and then double-click User Accounts . In User Accounts , in Make changes to your user account , click Change your password . In Change your password , in Current Password , type your password. In New password , type a new password. In Confirm new password , retype the password. In Type a password hint , type a word or phrase that will remind you of your password or, optionally, leave this field blank. Click Change password .

Log on to the computer using the Administrator account. Click Start , right-click Administrative Tools , and then click Open . Administrative Tools opens. Double-click Computer Management , click Local Users and Groups , and in the details pane, double-click Users . The Users folder opens. In the details pane, right-click the account that you want to change, and click Set Password . A warning dialog box opens. Read the information to determine whether you want to proceed with the step to change the password. In New Password , type a password. In Confirm password , retype the password, and then click OK .

Right click on the instance in the EC2 dashboard and click connect.  It will open Console Connect - Remote Desktop Connection Click on Retrieve Password Browse the private key with .pem extension from your local desktop  Then press Decrypt Password button You get following Public DNS Username - Administrator Password  Use mstsc from your local desktop, put Public DNS entry there and click connect.  You will get the login screen Put Adminstrator password and login to your EC2 instance Note: Always change your Administrative password after connecting your EC2 instance

login as ec2-user sudo su -  to switch to root user go to  /var/www/html/ directory create index.html file http://ec2-xxx.xxx.xxx.xxx.ap-zone-1.compute.amazonaws.com/

When you install Apache in Windows server, Default Index.html file gets created in C:\Apache Software Foundation\Apache 2.2\htdocs httpd.conf file gets created in C:\Apache Software Foundation\Apache 2.2\Conf Need to modify following httpd.conf file 1. DocumentRoot from C:\Apache Software Foundation\Apache 2.2\htdocs to D:\Apache (self created) 2. Directory  from C:\Apache Software Foundation\Apache 2.2\htdocs to D:\Apache (self created)

$df -h Filesystem             Size   Used  Avail Use% Mounted on /dev/xvda1             8.0G   1.1G   6.9G  14% / tmpfs                  298M      0   298M   0% /dev/shm [ec2-user@ip-xxx-xxx-xxx-xxx my-data]$ sudo su - [root@ip-xxx-xxx-xxx-xxx ~]# fdisk -l Disk /dev/xvda1: 8589 MB, 8589934592 bytes 255 heads, 63 sectors/track, 1044 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/xvdf: 1073 MB, 1073741824 bytes 255 heads, 63 sectors/track, 130 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x76167e64     Device Boot      Start         End      Blocks   Id  System /dev/xvdf1               1         130     1044193+  8e  Linux LVM [root@ip-xxx-xxx-xxx-xxx ~]# mkfs.ext3 /dev/sd

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/command-reference.html You can see following Topics ec2-allocate-address ec2-assign-private-ip-addresses ec2-associate-address ec2-associate-dhcp-options ec2-associate-route-table ec2-attach-internet-gateway ec2-attach-network-interface ec2-attach-volume ec2-attach-vpn-gateway ec2-authorize ec2-bundle-instance ec2-cancel-bundle-task ec2-cancel-conversion-task ec2-cancel-export-task ec2-cancel-reserved-instances-listing ec2-cancel-spot-instance-requests ec2-confirm-product-instance ec2-copy-image ec2-copy-snapshot ec2-create-customer-gateway ec2-create-dhcp-options ec2-create-group ec2-create-image ec2-create-instance-export-task ec2-create-internet-gateway ec2-create-keypair ec2-create-network-acl ec2-create-network-acl-entry ec2-create-network-interface ec2-create-placement-group ec2-create-reserved-instances-listing ec2-create-route ec2-create-route-table ec2-create-snapshot ec2-c

Go to Amazon Console Go to Load Balancer section under NETWORK & SECURITY Select the specific LB Go to Instances Tab Select the specific instance remove it. 

Need to download PUTTYgen from net. How?  Go to http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html Download  PuTTYgen : Open Puttygen , Click Load browse your .pem key pairs select it save it to .pk format Then go to Putty give your PUBLIC DNS - only ec2-user: Come to data section: put root come to SSH then Authentication -- browse .pk key pairs. Save the configuration. Done 

By default root user is not allowed to login but you can use ec2-user as indicated by others. Once you login with ec2-user you switch to root and change the SSH configuration. $sudo su - Edit the SSH daemon configuration file /etc/ssh/sshd_config Make changes  PermitRootLogin without-password Reload the SSH daemon configuration by running: /etc/init.d/sshd reload Next time you just need to do $sudo su - and you would be a root user. confirm this by id - command