Emptybox Journal

# Amazon Web Services Notes

General notes from working with the AWS.

# Enabling Programmatic Access with MFA

Use MFA with Programmatic Access(opens new window)

  1. Run code below to get temporary authenticated credentials
aws sts get-session-token --serial-number <arn::iam> --token-code <token from MFA device>

Return

{
    "Credentials": {
        "AccessKeyId": "ASIAQ4IGLDPUD7RPZS7C",
        "SecretAccessKey": "fO3mKHQTSzDC9L82KbkL3k/KQoeUw/lBuBJgnuR6",
        "SessionToken": "FwoGZXIvYXdzELL//////////wEaDJkfKguXzUQGWPouLyKGAZ0j66m0/Y7uadkV5qXlfoFnahdRV5uz/mRlyLzKm0dU66DvT/uVDl6vC7ZmqrubzuljuPX4d8lC2vaZt4ySTjDKNMzM4jwggc/49UVRtaU3siYzF9uDghJeaZ4O3hjyYWxE3e2oWs2xTQPMPo75/xmC5nnUoPOc3Lg48fjexUEUIzGZ6U5uKNSRnIAGMijsX/yOYdimDJRa2PR+75ryEUegcNursvkkWkMzPblVmjdiWk+n+0st",
        "Expiration": "2021-01-20T04:29:08+00:00"
    }
}
  1. go to your .aws folder and open .credentials

Create a new named user profile using the credentials from the previous step.

TIP

No double quotes are needed.

[mfa] aws_access_key_id = <Access-key-id> aws_secret_access_key = <secret-key> aws_session_token = <session-token>

# Deleting a MFA Device

link(opens new window)

  1. Find the device using

TIP

If you get an authentication error, create temporary credentials using the Enabling Programmatic Access with MFA steps.

aws iam list-virtual-mfa-devices --profile mfa
  1. Get the serial number of the arn device
aws iam delete-virtual-mfa-device --serial-number <arn::mfa device> --profile mfa

# CloudFront

# Connect Cloudfront to S3 Bucket

# Prerequisites

domain purchased with nameservers pointed to AWS ( can use Route53 )

# References

Elaborated based on this AWS tutorial(opens new window)

Documentation(opens new window)

# Tutorial

  1. Create a hosted zone under Route 53 for your given domain
    1. Example would be for scout.build (base domain) to create a zone named scout.build
  2. Create s3 bucket following DNS standards with no periods (.). You can still link the bucket to cloudfront without have the name match.
  3. Example is hawaii.scout.build would have a s3 bucket named hawaii.scout.build
  4. Request a certificate from the certificate manager on AWS, must request on N.Virginia Region!!
    1. Add the domain name and subdomain for the cert, such as hawaii.scout.build
  5. Validate using DNS Search(opens new window)
  6. Add a tag with name of the subdomain
  7. Click on make a CNAME record in Route 53
  8. This automatically creates the CNAME record in Route 53
  9. Once the certificate and s3 bucket are setup create a cloudfront instance following the tutorial above.

Important notes to remember when setting up the Cloudfront Distribution.

  • Origin Domain Name - s3 bucket
  • redirect http to https
  • create new access identity
  • Alternate Domain Names - exact name of s3 bucket ( same as cert too! )
  • Default Root Object - index.html
  • Comment - domain name

# S3 Transferring data Between Two Accounts

Transferring data between two AWS accounts(opens new window)

# Elastic Load Balancers

How Elastic Load Balancing works(opens new window)

tutorial(opens new window)

basic-tutorial(opens new window)

# Getting Started

  1. create EC2 Targets ( where the traffic will be going )

    1. can create in two availability zones, but don't have to. However AWS requires two be specified for the ELB.
    2. create a security group for the elb-instances with port 80/443 open for now.
      1. If internal facing, will only be open to ELB at a later point.

  2. Create a new Security Group

  3. Examine imported TLS certificates in AWS Certificate Manager

  4. Create an AWS Elastic Load Balancer (ELB)

  5. Create Target Group for ELB

  6. Specify a Target for user within a Target Group

  7. Edit ELB to use Target Group

  8. Update EC2 Security Group to alias an open permission group

  9. Optional alias the load balancer on Route 53

# Rhino Compute

tutorial(opens new window)

  1. Create Windows Basic EC2 Instance
    1. assign Name
    2. Security group
      1. ensure that port 3389/RDP is open to an IP you have control of
    3. Download SSH pair
  2. Login to Windows Machine using RDP
    1. can get Password from EC2 Dashboard by clicking on connect
      1. use the SSH .pem file to get password
  3. Enable auto login running run netplwiz
    1. enter Administrator credentials and uncheck the box

KPFui-Rhino-Compute-Windows-Server-1 Administrator ?HJyYMRytvLJ7=pzm4hEE9=Q@QxdcEr8

KPFui-Rhino-Compute-Windows-Server-2 Administrator 2j.e=LUL44f6epdNIQ(c?LFCEbC?t-H?

APIKEY = 5DAjRb%z7y$LPsU60cn01

iBpt3vOfkSe2iJK?(2$e=u!9yVH*4v88

RHINO COMPUTE KEY ec2-44-192-114-124.compute-1.amazonaws.com Administrator -jV3%?DlqAtgMpNKsifdSKA?dEYCkZ3b

Mongo DataBase