Category Archives: Amazon AWS

Summary about Network and Security in Amazon AWS

Questions

  • Amazon AWS IAM (Identity and Access Management) User

Amazon AWS IAM (Identity and Access Management)

  • Using credential of AWS account is not recommended to access services in Amazon AWS .
  • Using Amazon AWS IAM is recommended.

Amazon EC2 Key Pairs

  • Key pairs can’t be shared between regions.
  • A key pair must be specified when launching instance.
  • To log in to instance, the private key of the key pair used when launching instance has to be provided.
  • Linux/Unix instances have no password.
  • Amazon EC2 stores the public key only, and you store the private key.
  • The keys that Amazon EC2 uses are 1024-bit SSH-2 RSA keys.
  • Five thousand key pairs are allow to have per region.
  • Amazon EC2 doesn’t keep a copy of your private key; therefore, if private key is lost,  there is no way to recover it. If the private key is lost for an instance store-backed instance, the instance is not able to be accessible. The only why is terminating the instance and launching another instance using a new key pair. If the private key is lost for an EBS-backed instance, it is still possible to regain access to the instance.  [ Connecting to Your Instance if You Lose Your Private Key  ]
  • How to create a key pair

Simple steps to create key pair using Amazon EC2

  1. Open the Amazon EC2 console.
  2. select a region for the key pair
  3. Click Key Pairs in the navigation pane.
  4. Create Key Pair ( Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create )
  5. The private key file is automatically downloaded by your browser.  ( This is the only chance for you to save the private key file. )

Amazon EC2 Security Groups

  • A security group acts as a virtual firewall that controls the traffic for one or more instances.
  • When an instance is launched, one or more security groups can be associated with the instance.
  • Rules for a security group can be modified at any time; the new rules are automatically applied to all instances that are associated with the security group.

Security Groups for EC2-Classic

  • Security groups created specifically for EC2-Classic must be used.
  • Security groups created specifically for EC2-VPC cannot be used to launch an instance in EC2-Classic
  • An instance can be associated with up to 500 security groups and 100 rules can be added into a security group.
  • After launching an instance with security groups, the list of associated security groups cannot be modified. ( relaunching is only option ) . However, rules in security groups can be updated and will be applied automatically.

Security Groups for EC2-VPC

  • Security groups created specifically for EC2-VPC must be used.
  • Security groups created specifically for EC2-Classic cannot be used to launch an instance in EC2-VPC
  • After launching an instance in a VPC, the list of associated security groups can be updated. And, of cource rules in security groups can be updated and will be applied automatically.
  • In EC2-VPC, a network interface ( subnet ) can be associated with up to 5 security groups and add up to 50 rules to a security group.
  • Security groups for EC2-VPC have additional capabilities that aren’t supported by security groups for EC2-Classic. For more information about security groups for EC2-VPC, see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.