added ec2 details

This commit is contained in:
gurkenhabicht 2024-02-18 17:34:13 +01:00
parent 5378eca051
commit b6788a4bb4
1 changed files with 71 additions and 3 deletions

View File

@ -791,13 +791,76 @@ solutions can not be snapshotted.
Snapshots can be created from EBSs, which are stored in S3 buckets.
Snapshots can be encrypted through KMS and can be shared accross accounts.
Snapshots deliver a lot of useful content. List metadata of a snapshot via aws cli.
Snapshots deliver a lot of useful content.
List metadata of a snapshot via aws cli.
```sh
aws ec2 describe-snapshots --snapshot-ids <snap-id>
aws ec2 describe-snapshots --region <region> --snapshot-ids <snap-id>
```
#### Restore an Amazon Machine Image
This shows the size of the volume in GBs, state of the drive, encryption, ownerId and so on.
A snapshot can be used to create a volume. Snapshots are available in a complete region after they got created, but they need to be in an explicit AZ to mount them.
Create a volume from a snapshot through metadata service on an EC2 instance using the following commands.
Get the current AZ through a metadata token.
```sh
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
availability_zone=$(curl -s -H "X-aws-ec2-metdata-token: $TOKEN" http://169.254.169.254/latest/meta-data/placement/availability-zone)
```
A volume can be created with the use of the snapshot-id, the type, the region and the previously gathered AZ.
```sh
aws ec2 create-volume --snapshot-id <snapshotId> --volume-type gp3 --region <region>
--availability-zone $availability_zone
```
The output contains the `VolumeId` to attach the volume to an EC2 instance.
```sh
instance_id=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
aws ec2 attach-volume --region <region> --device /dev/sdh --instance-id $instance_id --volume-id <VolumeId>
```
Mount the created and attached device to the file system
```sh
lsblk
sudo mkdir /mnt/attached-volume
sudo mount /dev/<devicename> /mnt/attached-volume
```
#### EC2 Amazon Machine Image (AMI) Configuration
An AMI is an image of a VM. This image can be configured before it is deployed via cloud-init scripts. These scripts may contain interesting data like credentials or other intel.
The files are stored in `/var/lib/cloud/instance/scripts/`
List all available or user specific AMIs on the account via aws cli.
```sh
aws ec2 describe-images
aws ec2 decribe-images --owners <owner/account-id>
```
Get the configuration file contents through Instance Connect to the EC2 or through the SSM Session Manager via curl.
```sh
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/user-data
```
Alternatively use aws cli to get the configuration files
```sh
TOKEN=$(curl -s -XPUT -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" http://169.254.169.254/latest/api/token
instance_id=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/instance-id)
aws ec2 describe-instance-attribute --attribute UserData --instance-id $instance_id --region <region> --query UserData --output text | base64 -d
```
#### Restore an Amazon Machine Image (AMI)
An EC2 VM can be created from an Amazon Machine Image,
that can be found in some S3 buckets.
@ -835,4 +898,9 @@ aws ec2 run-instances --image-id <ImageIdOfGeneratedAMI> --instance-type t3a.mic
Take a look at the EC2 dashboard inside the webconsole to see the IP address of the created EC2 instance. Connect to the VM via SSH, using the generated keypair.
#### EC2 & AutoScaling + Load Balancing
* The AutoScaling Group (ASG) scales down the oldest instance.
* Only the Loadbalancer gets exposed, not the EC2 VMs.
* A ELB can terminate the TLS session.
* An Application ELB can have a WAF attached