Skip to content

Instantly share code, notes, and snippets.

@JamesYang76

JamesYang76/aws general.md

Last active December 28, 2020 12:45
Show Gist options
  • Save JamesYang76/1597d57085eae7de044f430cce056254 to your computer and use it in GitHub Desktop.
Save JamesYang76/1597d57085eae7de044f430cce056254 to your computer and use it in GitHub Desktop.
Download ZIP
AWS general
Raw
aws general.md

CLI config

# make default profile
$ aws configure
$ aws configure --profile user1

$ cat ~/.aws/credentials
[default]
aws_access_key_id = AWS_KEY_ID
aws_secret_access_key = AWS_KEY

[user1]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY


$ cat ~/.aws/config
[default]
region=us-west-2
output=json

[profile user1]
region=us-east-1
output=text

Select Profile

$ export AWS_PROFILE=user1

or

$ export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
$ export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
$ export AWS_DEFAULT_REGION=us-west-2

How to connect AWS

$ ssh -i "ec2-key-pair.pem" [email protected]
# If copy/paste ssh(id_rsa.pub) from local machine, and add it into .ssh/authorized_keys, 
$ ssh [email protected]
# If there is appuser(sudo adduser appuser) and also ssh is added to .ssh/authorized_keys,
$ ssh [email protected]

About User

# to show user list https://linuxize.com/post/how-to-list-users-in-linux/
$ cat /etc/passwd

# to show group
# cat /etc/group

# To add user https://askubuntu.com/questions/410244/a-command-to-list-all-users-and-how-to-add-delete-modify-users
$ sudo adduser appuser # create user
$ sudo usermod -aG sudo username # Add user to sudo(group)
$ gpasswd -d user_name group_name #delete user from group
$ sudo su #root login
$ sudo -u appuser -H bash -l #switch to appuser
$ su appuser
$ whoami # check me
$ sudo chown myappuser: /var/www/myapp #change ownership to myappuser for  /var/www/myapp

Jump Host

$vim ~/.ssh/config

Host *
 AddKeysToAgent yes
 UseKeychain yes
 IdentityFile ~/.ssh/id_rsa

Host jump
 User ubuntu
 Hostname ec2-54-66-149-18.ap-southeast-2.compute.amazonaws.com

Host nginx
 User ubuntu
 Hostname ec2-13-236-60-170.ap-southeast-2.compute.amazonaws.com
 ProxyCommand ssh jump -W %h:%p
 Compression yes
 ForwardAgent yes

Security Group

Act as firewall
Setting Port and Source(ip, subnet, other sg and so on...)
Deny is impossible(only NACL)
Statefull - traffic from inbound can go out without setting outbound.

Netwrok Access Control List(NACL)

Stateless - should allow outbound

Network Address Translastion(NAT)

Change private to public or public to private ip address

NAT Gateway

make private instance connect to internet
should be in public subnet)

CIDR

https://cidr.xyz/

VPC

IG -----RT(Public)------------- |
 |                              | NACL 
 |                              |
 |      RT(Private)------------ |
 |          |                                       
 |          |---------------------------------------NAT GateWay(should be in public subnet)
 |                                                      |
 |-------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment