Amazon Web Services EC2 Getting Started Guide

learningsnortSecurity

Nov 3, 2013 (4 years and 9 days ago)

74 views

Amazon Web Services EC2
Getting Started

Guide





















2


Table of Contents

Introduction

................................
................................
................................
................................
..................

3

Connecting to your EC2 instance

................................
................................
................................
..................

3

Setting up User Accounts

................................
................................
................................
..............................

4

Tomcat

................................
................................
................................
................................
..........................

4

Installation

................................
................................
................................
................................
................

4

Configuration

................................
................................
................................
................................
............

5

Misc

................................
................................
................................
................................
...........................

6

Apache

................................
................................
................................
................................
..........................

7

Installation

................................
................................
................................
................................
................

7

Misc

................................
................................
................................
................................
...........................

7

MySQL

................................
................................
................................
................................
...........................

7

Installation

................................
................................
................................
................................
................

7

Configuration

................................
................................
................................
................................
............

8

PHPMyAdmin

................................
................................
................................
................................
................

9

Installation

................................
................................
................................
................................
................

9

Troubleshooting and Helpful Hints

................................
................................
................................
.............

10









3


Introduction

Amazon Web Services (AWS) provides organizations with a flexible solution to the problem of deploying
services on the web.

All of this is done within the “cloud” which serves as the primary delivery method
to end users. The cloud uses Amazon’s Elastic Compute Cloud (Amazon EC2) as the web service. This
web service allows administrators to quickly deploy EC2 instances with
minimal or little configuration.
These EC2 instances vary in nature but most are Linux derivatives. In reality, these are just virtual
machines accessible from the Internet when configured through the Amazon EC2 web service.

NJIT has provided you with an

EC2 instance, in which you must use for your project. This EC2 instance is
considered to be a base install of a Linux derivative which you must configure appropriately to integrate
with AWS. This guide is intended to get you started in preparing the arc
hitecture for development.


Connecting to your EC2 instance

By default, your EC2 instance will be accessible by SSH. NJIT’s UCS will have provided you with a private
key (typically located in your AFS home directory) to connect to your EC2 instance. This

will give you
direct root access to your instance. It is recommended that you do not attempt to change this as this is
the most secure way of accessing your EC2 instance.






#
ssh
-
i rsa.pvt.key root@
hostname

4


Setting up User Accounts

To setup remote access shell accounts for your fel
low classmates, you’ll need to create an account for
them and setup a password. Do the following:




Note: It is very important that you create a non
-
dictionary password. Because this box it will be publicly
available on the Internet, it will be suscept
ible to brute
-
force attacks. By having a password for any of
your users, you are at risk of compromise and loss of all of progress made in your in project.


After you have successfully created your users, they’ll be able to connect directly to the EC2 ins
tance via
SSH.




Tomcat

The Tomcat application server allows execution of Java servlets and JavaServer Pages (JSPs). In the
preceding directions, Tomcat version 5 was used. Tomcat version 6 should follow a similar installation
and configuration.

Install
ation

To begin the installation process, we’ll use the YUM installer:





After it has successfully installed, start the service and open your browser to
http://hostname:8080

(NOTE: you must have requested from NJIT UC
S prior to open port 8080 on the EC2 instance, changing
the port to 80 will not work due to security restrictions.)





# yum install tomcat5
-
ad*

# yum install tomcat5
-
web*

#
/etc/init.d/tomcat5

start

#
useradd

<username>

# passwd <username>

5






Configuration

To configure a user to access Tomcat you’ll need to modify the tomcat
-
users.xml file located in
/etc/tomcat5.









#
nano /etc/tomcat5/tomcat
-
users.xml

<?xm
l version='1.0' encoding='utf
-
8'?>

<tomcat
-
users>


<role rolename="tomcat"/>


<role rolename="role1"/>


<role rolename="manager"/>


<role rolename="admin"/>


<user username="tomcat" password="tomcat" roles="tomcat"/>


<user username="both" password="
tomcat" roles="tomcat,role1"/>


<user username="role1" password="tomcat" roles="role1"/>


<user username="adminuser" password="securepw" roles="admin,manager"/>

</tomcat
-
users>

6



In this file, you can create users and assign roles. The admin and manager roles are built
-
in that allow
access to the manager web interface and administration interface. By default, the user ‘tomcat’ does
not have full access to the administrative
interface. Any modifications to this file will require that you
restart the Tomcat5 service.


Misc



Server code for your tomcat web apps is located in
/var/lib/tomcat5/webapps
. It is
recommended that you put most your code for Tomcat in this directory.



A
ll configuration files are located in /etc/tomcat5.



7


Apache

Apache is a fully scalable HTTP web server which allows the serving of web pages.

Installation

To begin the installation process, we’ll use the YUM installer:






After it has successfully ins
talled, start the service and open your browser to
http://hostname

(NOTE:
you must have requested from NJIT UCS prior to open port 80 on the EC2 instance.)






Misc




By default, all web content is stored in /var/www/html.



MySQL

MySQL is a relational database management system which allows for fairly robust database
architectures

with muti
-
user level access.


Installation

To begin the installation process, we’ll use the YUM installer:



After it has successfully installed
, start the service.




# yum install apache


# /etc/init.d/httpd start


# yum install mysql
-
server


# /etc/init.d/mysqld start


8


Configuration

In order to begin creating and using the database you’ll need to setup root with administrative access.







Log into mysql with the root user:














To create a database named ‘cs633’, issue the following c
ommand:








To grant special privileges to a teammate who will be responsible for administrating the database, issue
the following command:







Flush privileges to write the privileges:








mysql> create database cs633;

Query OK, 1 row affected (0.00 sec)


mysql>

#
/usr/bin/mysqladmin
-
u root password
<
securepassword>


#
mysql
-
u root
-
p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or
\
g.

Your MySQL connection id is 3

Server version: 5.0.45 Source distribution


Type 'help;' or '
\
h' for help. Type '
\
c' to clear the buffer.


mysql>

mysql> grant all privileges on cs633.* to <teammatesusername>@"localhost"
identified by '<password>';

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

9


PHPMyAdmin

If you prefer not to create or manage your d
atabase via the command line, you can use a graphical
interface such as PHPMyAdmin. Prior to installation of PHPMyAdmin it is recommended that you have
installed and configured Apache. Refer to the Installing Apache section if you need assistance.


Insta
llation

To begin the installation process, we’ll use the YUM installer:



Now point your browser to
http://hostname/phpmyadmin

and login with the root password you setup
for the database administrator. Additiona
lly, any user which you configured previously, can access this
web interface.

Note: if you receive a message such as “Forbidden” or “Access Denied”, you will need to modify the
PHPMyAdmin configuration file located at
/etc/httpd/conf.d/phpMyAdmin.conf

to a
llow access. To
ensure security, it is recommended that you allow PHPMyadmin to be accessible only by a certain IP or
IP range. Also, ensure that “deny from all” is uncommented.





# yum install
phpMyAdmin.noarch

# nano
/etc/httpd/conf.d/phpMyAdmin.conf


<
---
phpMyAdmin snippit cut
---
>

<Directory /usr/share/phpMyAdmin/>


order deny,allow


deny from all


allow from x.x.x.x

</Directory>



10




Troubleshooting and Helpful Hints



The YUM installer can run into iss
ues when it can’t download a specific package and will fail. To
fix this issue the following command: yum clean metadata. After issuing this command you
should be able to install the package you previously had trouble with.



The easiest method to transfer

files to your EC2 instance is to use SFTP or SCP. A client such as
WinSCP(winscp.net) or FileZilla(
filezilla
-
project.org
) can assist you with this. Simply supply your
SSH credentials and the hostname to the client. You will then be able to transfer fil
es.



If you are looking for a package in the YUM repository try issuing the command: yum search
<packagename>.



To see a listing of all packages installed on the current system, issue the following command:
yum list.



To download files directly to the EC2 fro
m the command line, use wget.



To get a listing of daemons or services currently running, issue the command: ps

e.



To kill a daemon or service, make note of the PID # and kill it by doing the following: kill <PID#>.



Just as you can start services you can a
lso shut them down or restart them. To shutdown a
service such as the Apache web server you can issue the following command: /etc/init.d/apache
shutdown. To restart it, issue the following command: /etc/init.d/apache restart.