added ec2 details
This commit is contained in:
parent
5378eca051
commit
b6788a4bb4
|
@ -791,13 +791,76 @@ solutions can not be snapshotted.
|
|||
Snapshots can be created from EBSs, which are stored in S3 buckets.
|
||||
Snapshots can be encrypted through KMS and can be shared accross accounts.
|
||||
|
||||
Snapshots deliver a lot of useful content. List metadata of a snapshot via aws cli.
|
||||
Snapshots deliver a lot of useful content.
|
||||
List metadata of a snapshot via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 describe-snapshots --snapshot-ids <snap-id>
|
||||
aws ec2 describe-snapshots --region <region> --snapshot-ids <snap-id>
|
||||
```
|
||||
|
||||
#### Restore an Amazon Machine Image
|
||||
This shows the size of the volume in GBs, state of the drive, encryption, ownerId and so on.
|
||||
|
||||
A snapshot can be used to create a volume. Snapshots are available in a complete region after they got created, but they need to be in an explicit AZ to mount them.
|
||||
|
||||
Create a volume from a snapshot through metadata service on an EC2 instance using the following commands.
|
||||
|
||||
Get the current AZ through a metadata token.
|
||||
|
||||
```sh
|
||||
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
|
||||
availability_zone=$(curl -s -H "X-aws-ec2-metdata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/availability-zone)
|
||||
```
|
||||
|
||||
A volume can be created with the use of the snapshot-id, the type, the region and the previously gathered AZ.
|
||||
|
||||
```sh
|
||||
aws ec2 create-volume --snapshot-id <snapshotId> --volume-type gp3 --region <region>
|
||||
--availability-zone $availability_zone
|
||||
```
|
||||
|
||||
The output contains the `VolumeId` to attach the volume to an EC2 instance.
|
||||
|
||||
```sh
|
||||
instance_id=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
|
||||
aws ec2 attach-volume --region <region> --device /dev/sdh --instance-id $instance_id --volume-id <VolumeId>
|
||||
```
|
||||
|
||||
Mount the created and attached device to the file system
|
||||
|
||||
```sh
|
||||
lsblk
|
||||
sudo mkdir /mnt/attached-volume
|
||||
sudo mount /dev/<devicename> /mnt/attached-volume
|
||||
```
|
||||
|
||||
#### EC2 Amazon Machine Image (AMI) Configuration
|
||||
|
||||
An AMI is an image of a VM. This image can be configured before it is deployed via cloud-init scripts. These scripts may contain interesting data like credentials or other intel.
|
||||
The files are stored in `/var/lib/cloud/instance/scripts/`
|
||||
|
||||
List all available or user specific AMIs on the account via aws cli.
|
||||
|
||||
```sh
|
||||
aws ec2 describe-images
|
||||
aws ec2 decribe-images --owners <owner/account-id>
|
||||
```
|
||||
|
||||
Get the configuration file contents through Instance Connect to the EC2 or through the SSM Session Manager via curl.
|
||||
|
||||
```sh
|
||||
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
|
||||
curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data
|
||||
```
|
||||
|
||||
Alternatively use aws cli to get the configuration files
|
||||
|
||||
```sh
|
||||
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
|
||||
instance_id=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
|
||||
aws ec2 describe-instance-attribute --attribute UserData --instance-id $instance_id --region <region> --query UserData --output text | base64 -d
|
||||
```
|
||||
|
||||
#### Restore an Amazon Machine Image (AMI)
|
||||
|
||||
An EC2 VM can be created from an Amazon Machine Image,
|
||||
that can be found in some S3 buckets.
|
||||
|
@ -835,4 +898,9 @@ aws ec2 run-instances --image-id <ImageIdOfGeneratedAMI> --instance-type t3a.mic
|
|||
|
||||
Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair.
|
||||
|
||||
#### EC2 & AutoScaling + Load Balancing
|
||||
|
||||
* The AutoScaling Group (ASG) scales down the oldest instance.
|
||||
* Only the Loadbalancer gets exposed, not the EC2 VMs.
|
||||
* A ELB can terminate the TLS session.
|
||||
* An Application ELB can have a WAF attached
|
||||
|
|
Loading…
Reference in New Issue