-
Notifications
You must be signed in to change notification settings - Fork 13
Creating A VPC
- Student has AWS account
- AWS VPC Stacks
- SSH and SCP commands
- SSH access keys
- AWS EC2 Instances
This will be used to allow SSH access to the EC2 instances we create in later steps.
- Log in to your AWS console and open the EC2 console.
- Click Key Pairs link from the left-hand column.
- Click Create Key Pair and enter a name (e.g. "vpc_access") for the key pair when it asks.
IMPORTANT! When it asks you to save the key pair, do so and make sure to take note of what location you save it to. You will need this key later in the steps as well as anytime you want to create an SSH connection to the servers we create. If you lose the key, you will have to re-create the servers whose access depends on it.
When finished you will have a key pair file ending in .pem. This is the public key portion of the key pair, where AWS keeps the private key in their system.
In which we create a VPC to run our servers in.
- Under "Management Tools," click the CloudFormation link to open the CloudFormation UI.
- In the CloudFormation UI, click the "Create Stack" button to begin creating a stack.
- Under "Choose Template" and "Upload a template to Amazon S3," click the "Browse..." button and select the json template from from your disk to load it. (This can be found in your local working copy of the 'hackoregon-devops-2017' Github repo that you cloned in earlier assignments, under the 'assign3' directory. Alternatively it can be copied from here in to a file that you save on your disk) Once the template file has been loaded, click Next.
- Give your stack a name, e.g. "VPCStack" and select three different availability zones in the three AvailabilityZoneX dropdown lists.
- In the CIDR dropdown, enter "10.40.0.0/16"
- In the three CIDRdmzA,B,C fields, enter "10.40.1.0/24, 10.40.2.0/24, and 10.40.3.0/24," respectively. These will be your publicly-accessible nets, will have public IP addresses, and will be addressable from the internet. (If there is only one field, enter the first value in the list, i.e. "10.40.1.0/24")
- In the three CIDRprivA,B,C fields, enter "10.40.10.0/24, 10.40.11.0/24, and 10.40.12.0/24," respectively. These will be your private nets, without public IPs, and addressable only from within their own net or from the public net.
- In the Key Pair dropdown, select the name from the key pair you created in Step 1. (If there is only one field, enter the first value in the list, i.e. "10.40.10.0/24")
- Enter a tag in the Owner and VPC Name fields. These names don't matter but help to identify or classify the VPC in other operations.
- Click Next through the option screens (defaults are fine) until you can click Create.
- Under "Compute" click the EC2 link to open the EC2 instance UI.
- Click "Create Instance" to begin setting up an EC2 instance.
- Select "Ubuntu Server (64)" as the server type. Click Next.
- Under Name, enter a value to identify this instance, e.g. "public_server." In the Network dropdown, select the name of the VPC you created in Step 2. Under Subnet, select one of the "dmz-" subnets. Verify that Auto-assign Public IP field is Enabled. Leave all other options set to defaults. Click Next.
- When it asks you for the key pair to use, select the key pair name we created in Step 1. Click Next until you see Launch and then click that.
- Back at the EC2 UI, click "Create Instance" to begin setting up the second (private) EC2 instance.
- Select "Ubuntu Server (64)" as the server type. Click Next.
- Under Name, enter a value to identify this instance, e.g. "public_server." In the Network dropdown, select the name of the VPC you created in Step 2. Under Subnet, select one of the "private-" subnets. Verify that Auto-assign Public IP field is not Enabled. Leave all other options set to defaults. Click Next.
- When it asks you for the key pair to use, select the key pair name we created in Step 1. Click Next until you see Launch and then click that.
You now have two EC2 instances running in your VPC, one publicly-addressable and one privately-addressable.
- In a terminal, change to the directory where you saved your key pair file.
Type the following command to SSH in to your public EC2 instance:
ssh -i ./<keyfile_name>.pem [email protected]
...Replacing 1.2.3.4 with the public IP address of your public EC2 server. This can be found under the settings for your EC2 instance. (Select the instance and look for "IPv4 Public IP" under Description tab). If SSH asks you about saving server fingerprints select yes. You should now be logged in to a terminal session on your public EC2 instance. Type exit and hit return to close the session.
- Back on your local machine, enter the following command to use SCP to copy the key file up to your public EC2 instance. You will need it in one of the following step to gain SSH access to your private EC2 instance.
scp ./<keyfile_name>.pem -i ./<keyfile_name>.pem [email protected]:~
- Re-enter the SSH command above to log back in to your public EC2 instance.
- Type the following command to SSH from your public EC2 instance in to your private EC2 instance.
ssh -i ./<keyfile_name>.pem [email protected]
...Replacing 5.6.7.8 with the private IP address of your private EC2 server. This can be found under the settings for your EC2 instance. (Select the instance and look for "Private IPs" under Description tab). If SSH asks you about saving server fingerprints select yes. You should now be logged in to a terminal session on your private EC2 instance.
Congratulations, you now have method to gain shell access to your secure private EC2 instance.
- In the EC2 Instance UI, select both of your instances and click Stop from the context-menu or Actions dropdown. This will shut them down without erasing them so that you do not incur any charges (however small) on your AWS account.