AWS LEARN
AWS CONSOLE
Check parameters on AWS root AWS console
https://.aws.amazon.com/console
- Create user
https://console.aws.amazon.com/iam/home?region=us-east-1#/home
add user learn
- Configure credentials in Sign-in credentials
Assigned MFA device
arn:aws:iam::xxxxxxxxxxxx:mfa/learn
- Apply changes to use MFA (Generate token on mobile authenticator Google apps)
Access keys
- Use access keys to make secure REST or HTTP Query protocol requests to AWS service APIs. For your protection, you should never share your secret keys with anyone. As a best practice, we recommend frequent key rotation.
SSH keys for AWS CodeCommit
- Use SSH public keys to authenticate access to AWS CodeCommit repositories
- Alert's if you lost this files dotn's possible login instance running
Install awscli
Provide credentials
$ aws configure
AWS Access Key ID []: KHJHJHJHVCVCVCLKJOUY
AWS Secret Access Key []: dljkhsdjhskjh786786/uhudhuhd
Default region name []: us-east-1
Default output format []: json
$
$ aws sts get-session-token --serial-number arn:aws:iam::849399717715:user/Claude --token-code 1234
OUTPUT
{
"Credentials": {
"SecretAccessKey": "dljkhsdjhskjh786786/uhudhuhd",
"SessionToken": "Fdddn]][[]\\\\wEaDEbcjK18xhcrreP/JSKd87873IVPSGkL46vW+1xBVPNnBu31vBaNP7JICeKhxxtnWdfdfdfdfYBn3Pw56WSLoL92E/7b1EzsVpxIK6OVIUT454545JGgDRzbGVSk2mv0eiern+44444xQp1+Ypzuuuxxx0vFVw3EoBuuuuuuN7RiUz2D7IUUPwyd90vr/KnXru96ks4444JS53sgF",
"Expiration": "2011-0`-14T11:53:56Z",
"AccessKeyId": "KHJHJHJHVCVCVCLKJOUY"
}
}
Export environments
$ export AWS_ACCESS_KEY=KHJHJHJHVCVCVCLKJOUY
$ export AWS_SECRET_ACCESS_KEY=dljkhsdjhskjh786786/uhudhuhd
$ export AWS_SESSION_TOKEN=Fdddn]][[]\\\\wEaDEbcjK18xhcrreP/JSKd87873IVPSGkL46vW+1xBVPNnBu31vBaNP7JICeKhxxtnWdfdfdfdfYBn3Pw56WSLoL92E/7b1EzsVpxIK6OVIUT454545JGgDRzbGVSk2mv0eiern+44444xQp1+Ypzuuuxxx0vFVw3EoBuuuuuuN7RiUz2D7IUUPwyd90vr/KnXru96ks4444JS53sgF
Configure credential files
$ echo '
[mfa-role]
aws_access_key=KHJHJHJHVCVCVCLKJOUY
aws_secret_access_key=dljkhsdjhskjh786786/uhudhuhd
aws_session_token=Fdddn]][[]\\\\wEaDEbcjK18xhcrreP/JSKd87873IVPSGkL46vW+1xBVPNnBu31vBaNP7JICeKhxxtnWdfdfdfdfYBn3Pw56WSLoL92E/7b1EzsVpxIK6OVIUT454545JGgDRzbGVSk2mv0eiern+44444xQp1+Ypzuuuxxx0vFVw3EoBuuuuuuN7RiUz2D7IUUPwyd90vr/KnXru96ks4444JS53sgF
' >> ~/.aws/credentials
Add profile on config awscli
$ echo '
[profile mfa-role]
output = json
region = us-east-1
source-profile = mfa-role
'> ~/.aws/config
Compose json file example
$ echo
{
"ImageId": "ami-80861296",
"SecurityGroupIds": [ "sg-095234577" ],
"InstanceType": "m3.medium",
"SubnetId": "subnet-1db340dd55",
"IamInstanceProfile": {
"Arn": "arn:aws:iam::276376876983:instance-profile/learn"
}
} > ec2-spot.json
Deploy spot-instances
$ aws ec2 request-spot-instances --spot-price "0.010" --instance-count 1 --type "one-time" --launch-specification file://ec2-spot.json
List spor request instances
aws ec2 describe-spot-instance-requests
OUTPUT
{
"SpotInstanceRequests": [
{
"Status": {
"UpdateTime": "2012-05-14T01:27:02.000Z",
"Code": "price-too-low",
"Message": "Your Spot request price of 0.01 is lower than the minimum required Spot request fulfillment price of 0.0112."
},
"ProductDescription": "Linux/UNIX",
"SpotInstanceRequestId": "sir-dfdf56564fsk",
"State": "open",
"LaunchSpecification": {
"Placement": {
"AvailabilityZone": "us-east-1b"
},
"ImageId": "ami-80861296",
"SecurityGroups": [
{
"GroupName": "launch-wizard-1",
"GroupId": "sg-09523477"
}
],
"SubnetId": "subnet-d232352dfdf",
"Monitoring": {
"Enabled": false
},
"IamInstanceProfile": {
"Arn": "arn:aws:iam::3454354564545:instance-profile/learn"
},
"InstanceType": "m3.medium"
},
"Type": "one-time",
"CreateTime": "2012-05-14T01:26:57.000Z",
"SpotPrice": "0.010000"
}
Cancel spot request instance
$ aws ec2 cancel-spot-instance-requests --spot-instance-request-ids sir-ddkjk8787
OUTPUT
{
"CancelledSpotInstanceRequests": [
{
"State": "cancelled",
"SpotInstanceRequestId": "sir-ddkjk8787"
}
]
}
Automations next steps...
Ansible
Provisioning sinatnces with ansible automations scripts.
GIT
Automatic documentation
Amazing notification tool
Send notification to slack channels
$ aws ec2 request-spot-instances --spot-price "0.010" --instance-count 1 --type "one-time" --launch-specification file://ec2-spot.json |curl -X POST --data-urlencode 'payload={"channel": "#aws", "username": "webhookbot", "text": "AWS Spot Instance provision", "icon_emoji": ":ghost:"}' https://hooks.slack.com/services/T5sdsdFXs2/Bdfdfdf8DU/AdflkjJKKJkjdfdfdfEc44444v4444z