Launching secure-by-default SLES on Amazon EC2 instances with Amazon Virtual Private Cloud (VPC) Rick Ashford Mike Friesenegger SUSE Sales Engineer rashford@suse.com SUSE Sales Engineer mikef@suse.com
SUSE and AWS Partnership Overview SUSE Linux Enterprise Server on Amazon EC2 launched Fall 2010 Available in all AWS regions and instance types Same mission-critical Enterprise Linux from data center to public cloud Seamless support through AWS Support One-click build and simplified management with SUSE Studio and SUSE Manager Trial at no cost through AWS Free Usage Tier Page 2
Agenda What are you going to accomplish in this lab? Accessing the lab What you will do during the lab Page 3 Building the Web Server image using SUSE Studio Connecting Studio to AWS Uploading the Web Server image as an EC2 AMI Create Virtual Private Cloud (VPC) Launch the AMI in the private side of the VPC Access the Web Server through public side of the VPC
Important items before we begin... Make sure the browser does not block pop-ups Review the pages carefully as you do the lab Page 4 Use the arrows to guide you through the steps Some pages have notes to highlight information Some pages are informational with nothing to do A suggestion - open gedit because some pages ask you to take a note of certain information Please tell us the page number whenever you are having a problem with the lab
What are you going to accomplish in this lab?
Build a Web Server AMI using SUSE Studio AMI Page 6
Upload the Web Server AMI to AWS (Normally you would do this but step has been done ahead of time) AMI Page 7
Build an AWS Virtual Private Cloud (VPC) Public Subnet 10.0.0.0/24 Internet Page 8 Private Subnet 10.0.1.0/24
Launch the Web Server AMI in the Private Subnet Allowing SSH Inbound Public Subnet 10.0.0.0/24 Private Subnet 10.0.1.0/24 AMI Internet Page 9 ssh
Launch an AWS SLES image in the Public Subnet Allowing SSH Inbound Public Subnet 10.0.0.0/24 Private Subnet 10.0.1.0/24 AMI Internet Page 10 ssh ssh
Access the Web Server AMI through the Public SLES Image Public Subnet 10.0.0.0/24 Private Subnet 10.0.1.0/24 AMI Internet Page 11 ssh ssh
How might an AWS VPC be used in your organization? This option is shown on slide 49 Ha rd Page 12 Your Datacenter wa re VP N
Accessing the Lab
http://suse.qwiklab.com Page 14
Page 15
Page 16
Save files to the desktop... 1 No need to download. Should be on the desktop... 2 Page 17 Right click on index.html and select Save File
Ignore the username and password fields above the button and the popup after clicking the button. Page 18
Building the Web Server image using SUSE Studio
Page 20
Use the account of your choice Page 21
Page 22
2 1 3 5 4 Page 23
2 3 Page 24 1
1 2 Page 25
1 2 3 Page 26
1 2 Page 27 Browse to the index.html that was saved to the desktop
1 2 3 4 Page 28
1 3 2 4 5 Page 29
Building the image takes around 5 minutes... 2 1 3 Page 30
Connecting Studio to AWS
Back to the qwiklab tab 1 Page 32
Page 33
Copy & paste the Access Keys into a temp document 1 Page 34
Stop to learn how to find the AWS Access Keys using slides 35 38. Thank you.
Where can one find the Access Keys in AWS (1 of 2 ways)... This page is for reference. Nothing to do on this page. Page 36
Where can one find the Access Keys in AWS (1 of 2 ways continued)... This page is for reference. Nothing to do on this page. Page 37
Where can one find the Access Keys This page is for reference. in AWS (2 of 2 ways)... Nothing to do on this page. Page 38
Where can one find the Access Keys in AWS (2 of 2 ways continued)... This page is for reference. Nothing to do on this page. Page 39
Back to the SUSE Studio tab 1 2 Page 40
Paste from the temp document 1 2 3 4 Page 41
Uploading the Web Server image as an EC2 AMI
Normally the AMI would need to be uploaded to EC2 We are cheating because the AMI is already uploaded... Do not upload for this lab! This is normally what you would see during an upload Page 43
Stop to see how to upload the AMI using a CLI. Thank you.
Create Virtual Private Cloud (VPC)
Back to the qwiklab tab 1 2 Page 46
Copy and paste the AWS credentials 1 2 Page 47
Page 48
Page 49
1 2 Page 50
Page 51
Page 52
Page 53
Launch the AMI in the private side of the VPC
Page 55
Make a note of these... Page 56
Page 57
Page 58
1 2 3 4 Page 59
1 2 3 Page 60
Page 61
Page 62
Page 63
1 2 Page 64
1 2 3 Page 65
Save to the desktop... Page 66
Page 67
1 2 Page 68
2 1 Page 69
Page 70
1 2 3 Verify this is the 10.0.1.0 subnet 4 Page 71
Page 72
Page 73
1 2 3 Page 74
Page 75
1 2 3 4 Page 76
Page 77
The web server running in the private side of the VPC Rename this instance to web server by clicking in the Name area. Page 78
Access the Web Server through public side of the VPC
Page 80
2 1 Page 81
Page 82
1 2 Verify that the subnet used is 10.0.0.0/24 3 5 4 Page 83
Page 84
Page 85
1 2 3 Page 86
Page 87
1 2 3 4 Page 88
Page 89
The SLES server running in the public side of the VPC Rename this instance to public by clicking in the Name area. Page 90
Make note of the public hostname or IP address 1 2 Page 91
Open a terminal... 1 2 3 Page 92
1 2 Page 93
1 Page 94
Make note of the web server hostname or IP address 1 2 Page 95
1 Page 96
1 2 Page 97
Page 98
We hope you enjoyed the lab!! Thank you.
v0.6