more details about vpc
This commit is contained in:
parent
05da866d3f
commit
aa548b5700
|
@ -583,6 +583,86 @@ Transit Gateway allows multiple hops between VPCs through other VPCs.
|
|||
Client VPN is a simple VPN connection to the VPCs of an AWS account in use
|
||||
leveraging MFA authentication.
|
||||
|
||||
#### Bind Public IP Address to Access a VPC
|
||||
|
||||
A public Ip address is needed to have ingress on an EC2 VM.
|
||||
|
||||
Allocate a public Ip address via aws cli
|
||||
|
||||
```sh
|
||||
aws ec2 allocate-address
|
||||
```
|
||||
|
||||
Find details about the ENI of the EC2 instance you want to bind the Ip address
|
||||
to via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 describe-instances | jq '.Reservations[].Instances[].NetworkInterfaces[]'
|
||||
```
|
||||
Use found AllocationId and NetworkInterfaceId from the steps before. Attach the
|
||||
Ip address to the ENI via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 associate-address --allocation-id <AllocationId> --network-interface-id <NetworkInterfaceId>
|
||||
```
|
||||
|
||||
##### Make the Ip address accessible from the Internet through an Internet Gateway
|
||||
|
||||
Get the InternetGatewayId first via aws cli
|
||||
|
||||
```sh
|
||||
internet_gateway_id=$(aws ec describe-internet-gateways | jq '.InternetGateways[].InternetGatewayId' -r)
|
||||
```
|
||||
|
||||
Query the RouteTableId of a specific Tag (of an EC2) via aws cli.
|
||||
|
||||
```sh
|
||||
route_table_id=$(aws ec2 desribe-route-tables | jq .'RouteTables[] | select(.Tags[] | select(.Key == "Name" and .Value == "MyGivenTag")) | .RouteTableId' -r)
|
||||
```
|
||||
|
||||
Add the route through the InternetGateway via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 create-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --gateway-id $internet_gateway_id
|
||||
```
|
||||
|
||||
##### Modify the Security Group for Ingress from the Internet via aws cli
|
||||
|
||||
Pick a desired Security Group via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 describe-security-groups | jq .
|
||||
```
|
||||
|
||||
Create a rule for the security group to allow every connection via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 authorize-security-group-ingress --protocoll all --port 0-65535 --cidr 0.0.0.0/0 --group-id <GroupId>
|
||||
```
|
||||
|
||||
##### Modify ACL for Access
|
||||
|
||||
List available ACLs and find the desired `NetworkAclId` through aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 describe-network-acls | jq .
|
||||
```
|
||||
|
||||
Use this `NetworkAclId` to create an ingress rule on position 1 through any
|
||||
protocol on any address via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 create-network-acl-entry --cidr-block 0.0.0.0/0 --ingress --protocol -1 --rule-action allow --rule-number 1 --network-acl-id <NetworkAclId>
|
||||
```
|
||||
|
||||
Create an egress rule as well via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 create-network-acl-entry --cidr-block 0.0.0.0/0 --egress --protocol -1 --rule-action allow --rule-number 1 --network-acl-id <NetworkAclId>
|
||||
```
|
||||
|
||||
Now the VPC and EC2 is accessible through the internet.
|
||||
|
||||
### Metadata Service
|
||||
|
||||
The instance (Openstack) Metadata service can be found under 169.254.169.254.
|
||||
|
@ -945,7 +1025,8 @@ curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta
|
|||
```
|
||||
|
||||
PS:
|
||||
If you want to activate IMDSv2 an instance ID is needed to activate it through aws cli.
|
||||
If you want to activate IMDSv2 an instance ID is needed to activate it through
|
||||
aws cli.
|
||||
|
||||
```sh
|
||||
instance_id=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
|
||||
|
@ -966,8 +1047,10 @@ List available ENIs through the webshell of the account.
|
|||
aws ec2 describe-network-interfaces
|
||||
```
|
||||
|
||||
|
||||
#### EC2 & ELastic Block Storage (EBS)
|
||||
|
||||
|
||||
An EC2 instance has EBS as its set block device, either SSD or HDD.
|
||||
|
||||
EBS storage is persistent, snapshots can be created.
|
||||
|
@ -1097,3 +1180,16 @@ List available load-balancers via aws cli.
|
|||
aws elbv2 describe-load-balancers --query Loadbalancers[].DNSName --output text
|
||||
```
|
||||
|
||||
### Encryption Services
|
||||
|
||||
#### Key Management Service (KMS)
|
||||
|
||||
Create encryption keys to be used on AWS services through their API.
|
||||
Encryption of storage can also be done through KMS keys.
|
||||
|
||||
#### Amazon Certificate Manger (ACM)
|
||||
|
||||
Manage certificate so 2e2 encryption through TLS which are then used for other
|
||||
AWS services.
|
||||
|
||||
#### DNS & Route53
|
||||
|
|
Loading…
Reference in New Issue