* Security Group
- Virtual Firewall
- 1 instance can have multiple security groups
chkconfig httpd on - Apache will turn on when reboot automatically
EC2 - Left Menu - Security Group - Select WebDMZ
Inbound Rules - Delete HTTP rule -> can not access to public IP http://34.228.166.148
*****
Outbound - All traffics - Delete -> can access to public IP address
Edit Inbound Rule -> automatically Edit Outbound Rule
Actions -> Networking - Change Security Group -> can select multiple security group
Tip
- All Inbound Traffic is Blocked By Default
- All Outbound Traffic is Allowed
- Changes to Security Groups take effect immediately
- You can have any number of EC2 instances within a security group.
- you can have multiple security groups attached to EC2 Instances
- Security Groups are STATEFUL (*****) (whereas network access control Lists - Stateless)
: If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again
: You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists (VPC section)
- You can specify allow rules but not deny rules. (*****)
* Upgrading EBS Volume Types 1
Magnetic Storage
lsblk
[root@ip-172-31-19-244 ec2-user]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdb 202:16 0 8G 0 disk
[root@ip-172-31-19-244 ec2-user]# mkfs -t ext4 /dev/xvdb
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 2097152 4k blocks and 524288 inodes
Filesystem UUID: 1a4f0040-89b5-4ac0-8345-15ceb7c868fb
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
[root@ip-172-31-19-244 ec2-user]# mkdir /changsoopark
[root@ip-172-31-19-244 ec2-user]# mount /dev/xvdb /changsoopark
[root@ip-172-31-19-244 ec2-user]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdb 202:16 0 8G 0 disk /changsoopark
[root@ip-172-31-19-244 ec2-user]# cd /changsoopark
[root@ip-172-31-19-244 changsoopark]# ls -l
total 16
drwx------ 2 root root 16384 Oct 5 00:05 lost+found
[root@ip-172-31-19-244 changsoopark]# nano test.html
[root@ip-172-31-19-244 changsoopark]# ls -l
total 20
drwx------ 2 root root 16384 Oct 5 00:05 lost+found
-rw-r--r-- 1 root root 19 Oct 5 00:07 test.html
[root@ip-172-31-19-244 changsoopark]#
unmount the volume - umount /dev/xvdb
[root@ip-172-31-19-244 /]# cd /
[root@ip-172-31-19-244 /]# umount /dev/xvdb
[root@ip-172-31-19-244 /]# cd /changsoopark
[root@ip-172-31-19-244 changsoopark]# ls -l
total 0
[root@ip-172-31-19-244 changsoopark]#
mount it again and check the folder
[root@ip-172-31-19-244 changsoopark]# cd /
[root@ip-172-31-19-244 /]# mount /dev/xvdb /changsoopark
[root@ip-172-31-19-244 /]# cd /changsoopark
[root@ip-172-31-19-244 changsoopark]# ls -l
total 20
drwx------ 2 root root 16384 Oct 5 00:05 lost+found
-rw-r--r-- 1 root root 19 Oct 5 00:07 test.html
[root@ip-172-31-19-244 changsoopark]#
unmount it again
[root@ip-172-31-19-244 changsoopark]# cd /
[root@ip-172-31-19-244 /]# umount /dev/xvdb
[root@ip-172-31-19-244 /]# cd /changsoopark
[root@ip-172-31-19-244 changsoopark]# ls -l
total 0
[root@ip-172-31-19-244 changsoopark]#
- aws.amazon.com : Detach Volume and Create Snapshot - Create Volume : Select Volume Type
Attach Volume - Select instance and Attach button --> Go to Console
[root@ip-172-31-19-244 changsoopark]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 8G 0 disk
└─xvda1 202:1 0 8G 0 part /
xvdf 202:80 0 8G 0 disk ====> New Volume (partition)
[root@ip-172-31-19-244 changsoopark]# file -s /dev/xvdf
/dev/xvdf: Linux rev 1.0 ext4 filesystem data, UUID=1a4f0040-89b5-4ac0-8345-15ceb7c868fb (extents) (large files) (huge files)
[root@ip-172-31-19-244 changsoopark]# mount /dev/xvdf /changsoopark
[root@ip-172-31-19-244 changsoopark]# cd /changsoopark
[root@ip-172-31-19-244 changsoopark]# ls -l
total 20
drwx------ 2 root root 16384 Oct 5 00:05 lost+found
-rw-r--r-- 1 root root 19 Oct 5 00:07 test.html
Create Volume, Set MySql to volume, mount, unmount, attach, detach, snapshot, remount
Steps can be in exam
* Upgrading EBS Volume Types 2
Delete Instance - Delete volume and Delete Snapshot seperatly
Exam Tips
- EBS Volumes can be changed on the fly (except for magnetic standard)
- Best practice to stop the EC2 instance and then change the volume
- You can change volume types by taking a snapshot and then using the snapshot to create a new volume
- If you change a volume on the fly you must wait for 6 hours before making another change
- You can scale EBS Volumes up only
- Volumes must be in the same AZ as the EC2 instances
* EFS (Elastic File System) Lab
What is EFS
Amazon Elastic File System (Amazon EFS) is a file storage service for Amazon Elastic Compute Cloud (Amazon EC2) instances. Amazon EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. With Amazon EFS, storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.
- Supports the Network File System version 4 (NFSv4) protocol
- You only pay for the storage you use (no pre-provisioning required)
- Can scale up to the petabytes
- Can support thousands of concurrent NFS connections
- Data is stored across multiple AZ's within a region
- Read After Write Consistency
- EFS block based storage vs. S3 object based storage
aws.amazon.com
EFS - Create File system - Configure file system access
: VPC - An Amazon EFS file system is accessed by EC2 instances running inside one of your VPCs. Instances connect to a file system by using a network interface called a mount target. Each mount target has an IP address, which we assign automatically or you can specify.
: Create mount targets - Instances connect to a file system by using mount targets you create. We recommend creating a mount target in each of your VPC's Availability Zones so that EC2 instances across your VPC can access the file system.
==> AZ, Subnet, IP address, Security groups
- Tag and Create FIle System -> Done
Create New Instance
Step 1, Step 2 - Default
Step 3 - Default except Subnet => Select the created Submet when Create EFS above
Step 4 - Add Storage
Create another Instance - Select Load Balancer
VPS, Subnet
Define Load Balancer
==> Check EFS
'IoT > AWS Certificate' 카테고리의 다른 글
| [AWS Certificate] Developer - Databases Overview & Concepts (0) | 2017.11.08 |
|---|---|
| [AWS Certificate] Developer - S3 Summary and Quiz (1) | 2017.11.07 |
| [AWS Certificate] Developer - S3 Memo - from Cloud Guru Lecture (0) | 2017.11.03 |
| [AWS Certificate] Developer - EC2 - Summary & Exam TIps (A Cloud Guru) (0) | 2017.10.18 |
| [AWS Certificate] Developer - ELB, SDK and Lambda memo (0) | 2017.10.17 |
| [AWS Certificate] Developer - AWS CLI memo (0) | 2017.10.12 |
| [AWS Certificate] Developer - Practice : Let's get free Linux Service and my web page (0) | 2017.09.11 |
| [AWS Certificate] Developer - Associate EC2 (Elastic Compute Cloud) (0) | 2017.09.06 |
| [AWS Certificate] Developer - Associate IAM (Identity and Access Management) (0) | 2017.09.04 |
| [AWS Certificate] Developer - Associate overview memo (0) | 2017.08.31 |