Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Amazon EC2 Cookbook
  • Table Of Contents Toc
  • Feedback & Rating feedback
Amazon EC2 Cookbook

Amazon EC2 Cookbook

By : Sekhar Reddy
Buy this Book
close
close
Amazon EC2 Cookbook

Amazon EC2 Cookbook

By: Sekhar Reddy
Buy this Book

Overview of this book

Discover how to perform a complete forensic investigation of large-scale Hadoop clusters using the same tools and techniques employed by forensic experts. This book begins by taking you through the process of forensic investigation and the pitfalls to avoid. It will walk you through Hadoop’s internals and architecture, and you will discover what types of information Hadoop stores and how to access that data. You will learn to identify Big Data evidence using techniques to survey a live system and interview witnesses. After setting up your own Hadoop system, you will collect evidence using techniques such as forensic imaging and application-based extractions. You will analyze Hadoop evidence using advanced tools and techniques to uncover events and statistical information. Finally, data visualization and evidence presentation techniques are covered to help you properly communicate your findings to any audience.
Table of Contents (10 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Sections
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Selecting and Configuring Amazon EC2 Instances
chevron up
Icon
1. Selecting and Configuring Amazon EC2 Instances
Icon
Introduction
Icon
Choosing the right AWS EC2 instance types
Icon
Preparing AWS CLI tools
Icon
Launching EC2 instances using EC2-Classic and EC2-VPC
Icon
Allocating Elastic IP addresses
Icon
Creating an instance with multiple NIC cards and a static private IP address
Icon
Selecting the right storage for your EC2 instance
Icon
Creating tags for consistency
Icon
Configuring security groups
Icon
Creating an EC2 key pair
Icon
Grouping EC2 instances using placement groups
Icon
Configuring Elastic Load Balancing
Icon
Architecting for high availability
Icon
Creating instances for AWS Marketplace
2
2. Configuring and Securing a Virtual Private Cloud
Icon
2. Configuring and Securing a Virtual Private Cloud
Icon
Introduction
Icon
Creating and configuring VPC
Icon
Configuring VPC DHCP options
Icon
Configuring networking connections between two VPCs (VPC peering)
Icon
Connecting on-premise network to VPC using VPN
3
3. Managing AWS Resources Using AWS CloudFormation
Icon
3. Managing AWS Resources Using AWS CloudFormation
Icon
Introduction
Icon
Creating CloudFormation templates
Icon
Creating CloudFormation templates from existing AWS resources
Icon
Deploying applications on EC2 instances
Icon
Updating a stack
4
4. Securing Access to Amazon EC2 Instances
Icon
4. Securing Access to Amazon EC2 Instances
Icon
Introduction
Icon
Creating IAM users
Icon
Creating IAM groups and assigning group-level permissions
Icon
Creating IAM roles
Icon
Connecting on-premise AD to AWS IAM
Icon
Configuring AWS multifactor authentication
5
5. Monitoring Amazon EC2 Instances
Icon
5. Monitoring Amazon EC2 Instances
Icon
Introduction
Icon
Collecting EC2 metrics using AWS CloudWatch
Icon
Collecting custom metrics from EC2 instances
Icon
Monitoring costs using CloudWatch
Icon
Sending an e-mail based on a CloudWatch alarm
Icon
Using CloudWatch Logs
6
6. Using AWS Data Services
Icon
6. Using AWS Data Services
Icon
Introduction
Icon
Using Amazon SimpleDB services from a Java program
Icon
Using Amazon DynamoDB
Icon
Using Amazon ElastiCache
Icon
Using Amazon RDS
7
7. Accessing Other AWS Services
Icon
7. Accessing Other AWS Services
Icon
Introduction
Icon
Configuring Route 53
Icon
Accessing AWS S3 from applications
Icon
Accessing AWS SES from applications
Icon
Accessing AWS SNS from applications
Icon
Accessing AWS SQS from applications
8
8. Deploying AWS Applications
Icon
8. Deploying AWS Applications
Icon
Introduction
Icon
Using Docker containers for AWS deployments
Icon
Using Chef for AWS deployments
Icon
Using Puppet for AWS deployments
9
Index
Icon
Index

Configuring security groups

Security groups are like firewalls for your EC2 instances. If you don't specify the security group while creating instance in EC2-VPC, then AWS automatically assigns the default security group of the EC2-VPC to the instance. We can configure the inbound and outbound rules for security groups. We can also change these inbound and outbound rules while the instance is running. These changes are automatically applied.

For every VPC, we get a default security group, which we can't delete. You can't use a security group that you created for EC2-VPC when you launch an instance in EC2-Classic. You also can't use security group that you created for EC2-Classic, when you launch an instance in EC2-VPC. After you launch an instance in EC2-Classic, you can't change its security group but you can add and delete rules, which are then applied, automatically. But after you launch an instance in EC2-VPC, you can change its security groups, and add and remove rules, which are then applied, automatically.

When you specify a security group as the source or destination for a rule, the rule affects all instances associated with the security group The security groups created for EC2-Classic can only have inbound rules, but security groups created for EC2-VPC can have both inbound and outbound rules.

The limit to create security groups for each region is 500. You can create up to 100 security groups per VPC. You can also assign an unlimited number of security groups to the instance launched in EC2-Classic, whereas only 5 security groups can be assigned to an instance launched in VPC. The number of rules that can be added to each security group on EC2-Classic is 100 and for VPC it is 50.

How to do it…

In this recipe, we first list the commands for creating a security group for EC2-Classic and EC2-VPC. Then, we see how to create inbound and outbound rules. Finally, we list the command for adding the security group to an instance.

Creating a security group for EC2-Classic

By running the following command, you can create the security group in EC2-Classic. You have to provide the security group name and security group description for the security group.

$ aws ec2 create-security-group 
--group-name [SecurityGroupName]
--description [Description]

The parameters used in this command are described as follows:

  • [SecurityGroupName]: This provides the security group name
  • [Description]: This gives the description of the security group

Next, run the following command to create a security group with the WebServerSecurityGroup name in EC2-Classic:

$ aws ec2 create-security-group 
--group-name WebServerSecurityGroup 
--description "Web Server Security Group"

Creating a security group for EC2-VPC

By running the following command, you can create a security group in EC2-VPC. You have to provide the security group name, security group description, and VPC ID for the security group:

$ aws ec2 create-security-group 
--group-name [SecurityGroupName]
--description [Description] 
--vpc-id [VPCId]

The parameters used in this command are described as follows:

  • [SecurityGroupName]: This parameter provides the security group name
  • [Description]: This one gives the description of the security group
  • [VPCId]: This option provides a VPC ID

The following command will create a security group named WebServerSecurityGroup in VPC (vpc-1f33c27a). You can get your VPC IDs by running the aws ec2 describe-vpcs command.

$ aws ec2 create-security-group 
--group-name WebServerSecurityGroup 
--description "Web Server Security Group" 
--vpc-id vpc-1f33c27a

Adding an inbound rule

Run the following command to add an inbound rule to your security group. You will need to provide the security group ID, protocol (TCP/UDP/ICMP), port, and the CIDR IP range.

$ aws ec2 authorize-security-group-ingress 
--group-id [SecurityGroupId] 
--protocol [Protocol]
--port [Port]
--cidr [CIDR]

The parameters used in this command are described as follows:

  • [SecurityGroupId]: This is used to provide the security group ID
  • [Protocol]: This one provides the IP protocol of this permission
  • [Port]: This is used to specify the range of ports to allow
  • [CIDR]: This one gives the CIDR IP range

Next, run the following command to create the inbound rule that allows SSH traffic from IP address 123.252.223.114 in the security group (sg-c6b873a3):

$ aws ec2 authorize-security-group-ingress 
--group-id sg-c6b873a3 
--protocol tcp 
--port 22 
--cidr 123.252.223.114/32

Adding an outbound rule

Run the following command to add an outbound rule to your security group. You will need to specify the security group ID, protocol (TCP/UDP/ICMP), port, and the CIDR IP range.

$ aws ec2 authorize-security-group-egress 
--group-id [SecurityGroupId] 
--protocol [Protocol] 
--port [Port]
--cidr [CIDR]

The parameters used in this command are described as follows:

  • [SecurityGroupId]: This parameter provides the security group ID
  • [Protocol]: This option specifies the IP protocol of this permission
  • [Port]: This is used to give the range of ports to allow
  • [CIDR]: This one gives the CIDR IP range

Then, run the following command to create the outbound rule that allows MySQL traffic from your instance to IP address 123.252.223.114 in the security group (sg-c6b873a3):

$ aws ec2 authorize-security-group-egress 
--group-id sg-c6b873a3 
--protocol tcp 
--port 3866 
--cidr 123.252.223.114/24

Adding the security group to an instance

By running the following command, you can attach the security group to your EC2 instance. You have to provide the EC2 instance ID, and one or more security group IDs:

$ aws ec2 modify-instance-attribute 
--instance-id [InstanceId] 
--groups [SecurityGroupIds]

The parameters used in this command are described here:

  • [InstanceId]: This option gives an EC2 instance ID
  • [SecurityGroupIds]: This option provides the IDs of one or more security groups

Then, run the following command to add the security groups sg-c6b873a3 and sg-ccb873a9 to EC2 instance i-2e7dace3:

$ aws ec2 modify-instance-attribute 
--instance-id i-2e7dace3 
--groups sg-c6b873a3 sg-ccb873a9
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Amazon EC2 Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon