AWS Foundations

EC2: Creating an EC2 Instance - Tags and Key Pairs

by Jeremy Cioara

Start your 7-day free trial today.

This video is only available to subscribers.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.

Amazon Web Services: AWS Foundations - Getting the Most from this Series

AWS Foundations: How to Build a Cloud Presence

AWS Foundations: Getting Started with AWS

EC2: Creating an EC2 Instance - AMI Selection

EC2: Creating an EC2 Instance - Pricing

EC2: Creating an EC2 Instance - Instance Types

EC2: Creating an EC2 Instance - Tags and Key Pairs

00:00:00 - EC2 Key Pairs and Security Groups.
00:00:04 - Well, my friend, we are well on the way
00:00:06 - to getting our instance up and running and really
00:00:09 - understanding all the pieces around it.
00:00:12 - And I felt, as I went in to start this Nugget,
00:00:14 - I go, we got to just get our bearings.
00:00:15 - Because, even as I say that, we're well
00:00:18 - on our way to get our own instance running,
00:00:20 - I'm sure many of you have already
00:00:21 - gone out there and gone Next, Next, Finish.
00:00:23 - And you're, like, well there it is.
00:00:26 - It's not that hard.
00:00:27 - I've got a running instance.
00:00:29 - Absolutely, you can have a running instance
00:00:31 - in a few minutes, if you just Next, Next, Finish it.
00:00:33 - But really kind of putting together all the pieces,
00:00:35 - so I want to make sure we don't get
00:00:37 - lost as to where we are on the concepts.
00:00:39 - I'm going to bring over the EC2 Management console.
00:00:46 - And I'm in the Instances area.
00:00:49 - I've got, right here, just a little Linux instance I've got
00:00:51 - set up this morning, just to play around.
00:00:55 - But I wanted to bring up the instances-- let me just
00:00:57 - click on Launch, and this is just to get our bearings.
00:00:59 - Now we went through.
00:01:01 - We talked about what it looks like to go through the wizard,
00:01:04 - going through the AMIs.
00:01:05 - What is an AMI?
00:01:06 - The frozen in time hard drive?
00:01:07 - Where do you get the AMIs?
00:01:08 - Creating your own AMIs, the community, the marketplace,
00:01:11 - all those kind of things.
00:01:12 - We went through and figured out how to get an instance going.
00:01:16 - So I'm just going to grab, let's grab Windows 2008 R2.
00:01:20 - We talked about how many instances, the types
00:01:23 - of instances, the processor size, the memory,
00:01:26 - how you scale that.
00:01:28 - Not even shown here, the I/O that's
00:01:30 - included with each one of these instance sizes,
00:01:32 - and why that's impactful.
00:01:34 - We talked about the availability zones, the regions
00:01:36 - and what that is.
00:01:37 - We looked at the pricing, all of the different pricing
00:01:39 - that we could do for on-demand versus reserved or versus spot.
00:01:43 - Whew.
00:01:44 - Even as I do this, man, we've talked about a lot.
00:01:47 - But it's so easy to just, Next, Next, OK.
00:01:50 - I've got it.
00:01:50 - It's good.
00:01:51 - But now you really understand all these pieces.
00:01:53 - So let's see where we go from here.
00:01:55 - If we're going into the Advanced Instance options--
00:01:58 - I'm going to put those to the end, right?
00:02:00 - Just because it will just make more sense
00:02:02 - if we talk about those at the very end.
00:02:04 - I'll say, this is a great one, prevent
00:02:06 - against accidental termination, to where
00:02:09 - you have to come in and uncheck this box before you
00:02:11 - can terminate an instance.
00:02:12 - Because it's all too easy to blow one away accidentally.
00:02:15 - So, continuing from there, let's pick up here.
00:02:20 - That was my bearing check.
00:02:22 - We know where our instance is.
00:02:23 - We know what kind it is.
00:02:24 - We know EBS storage.
00:02:26 - We know all that kind of stuff.
00:02:28 - So now we're into the tags.
00:02:29 - What are tags?
00:02:32 - Tags are just a way for you to identify your instance however
00:02:37 - you want.
00:02:38 - It is kind of a free format, think of it as a micro database
00:02:41 - that you can use for each instance to describe it.
00:02:44 - So when you're looking for certain instances,
00:02:46 - you know what they are.
00:02:48 - And I would suggest, it's all too
00:02:51 - easy to just say, well, let's add my own tags
00:02:53 - and just make them up.
00:02:54 - But I would suggest sitting down with your IT group, unless you
00:02:57 - are a one-man show, or a one-woman show, then sit down
00:03:02 - and say, hey guys.
00:03:03 - Let's agree on what tags we're going
00:03:04 - to use to describe each one of these.
00:03:06 - Let's come up with some common syntax.
00:03:08 - Because if you look, these keys, these tags, the key values,
00:03:12 - can only be 127 characters.
00:03:15 - And the value can only be 255.
00:03:16 - So it's not like we're having a big paragraph here
00:03:19 - on everything that this instance does.
00:03:21 - So, for instance, this is-- I'm creating a Windows 2008 R2
00:03:25 - instance-- Let's say the name of this is SDCORE-TS01.
00:03:32 - And I'm actually a naming convention
00:03:35 - that I use for my own data center.
00:03:38 - SDCORE, to me, says the name of my company that I work with,
00:03:41 - Core.
00:03:42 - Core is the data center.
00:03:43 - TS stands for the function.
00:03:45 - I use, for instance, TS is terminal server.
00:03:48 - Or I might do a DC for Domain Controller or FS
00:03:51 - for a File Server.
00:03:53 - I've got my own key.
00:03:54 - And then 01, this is the first terminal server that I have
00:03:57 - at the data center.
00:03:58 - So if you never had a naming convention, Bam!
00:04:01 - There it is, in two seconds or less,
00:04:02 - a naming convention for you.
00:04:04 - So that will be a name that can now
00:04:07 - appear-- you can see it, kind of behind the scenes here--
00:04:09 - see this little name?
00:04:11 - I didn't put any tags in this one.
00:04:12 - So it's says, Empty.
00:04:14 - That's not very descriptive.
00:04:16 - But I don't have to just stop at the name.
00:04:19 - I can go in and say, well, let's add a description.
00:04:24 - Description will be, and again, 255 characters.
00:04:27 - You don't have much.
00:04:28 - Let's just say, RDS Gateway to reach internal apps.
00:04:36 - I'll just say internal servers, how's that?
00:04:39 - And you can keep adding another tag and another tag,
00:04:41 - as many tags as you want.
00:04:42 - And let's just say, Creation Date.
00:04:46 - It is, what's the day, 5/25/12.
00:04:51 - And go on.
00:04:52 - And you can see up to 10 individual tags
00:04:54 - that you can use.
00:04:55 - Now I'm going to show you this in a minute.
00:05:02 - I'll show it to you in a minute.
00:05:03 - I'm going to click on Continue.
00:05:05 - Save those tags.
00:05:05 - Because I want to now get into the key pairs.
00:05:07 - So let me pause there and flip over to the concept.
00:05:11 - What most people do when they get
00:05:13 - to the key pairs on their EC2 instances, they kind of-- well,
00:05:17 - actually, let me show you-- they usually come into here
00:05:20 - and they go, OK.
00:05:21 - And by default there is no pair.
00:05:23 - This is just a pair that I created previously
00:05:25 - for my Linux instance.
00:05:27 - They come in here and it says, create a new key pair
00:05:29 - or proceed without.
00:05:30 - And people go, let's not do that.
00:05:33 - And then it says, oh no.
00:05:34 - You can't connect to this instance unless you do that.
00:05:36 - You go, oh, OK.
00:05:37 - Then let's do this.
00:05:39 - OK, I'll type it in.
00:05:40 - Duh da duh.
00:05:41 - And they create download.
00:05:42 - But they're just kind of going through, not
00:05:44 - really understanding the power of what they're doing
00:05:47 - and the power of what this really is.
00:05:49 - This goes back to public and private key cryptography.
00:05:53 - And I always, I could give you the, OK.
00:05:55 - Type this, and then go here and do that.
00:05:57 - I mean, you can Google that and find it.
00:05:59 - But to really understand the why behind it all,
00:06:02 - it's just, that's satisfying.
00:06:04 - That's where you are, Oh, I get it.
00:06:06 - So understanding public and private key cryptography
00:06:09 - is huge.
00:06:10 - Because it's really how almost all the secure communication
00:06:14 - in the world works.
00:06:16 - This all goes back to decades ago,
00:06:18 - when there was an instructor, a college professor,
00:06:22 - and his student named Whitfield Diffie, that was the student.
00:06:27 - And, I believe, was Martin Hellman, was the-- Martin?
00:06:31 - I think was Martin.
00:06:32 - Hellman was the college professor.
00:06:33 - And so these guys were-- and this
00:06:35 - is decades ago-- they were sitting there,
00:06:37 - trying to figure out, how do you have
00:06:40 - secure, encrypted communication, across a public network.
00:06:45 - Think about it.
00:06:46 - You're right here, right?
00:06:48 - Sitting at your computer.
00:06:49 - And something that almost all of us do nowadays
00:06:52 - is do online banking, where we can go and transfer
00:06:58 - account balances, make payments, online bill pay.
00:07:00 - So I don't have to mail it in the mail and all that.
00:07:02 - So it's very convenient.
00:07:03 - But in the middle of all of this communication
00:07:07 - is the public internet, with evil people,
00:07:10 - who are trying to steal your bank account balance,
00:07:12 - and trying to steal the ability to transfer information.
00:07:15 - So I need to have some kind of secure, encrypted session
00:07:19 - between these guys.
00:07:21 - I have to have something that secures it.
00:07:23 - So these evil people in the middle of the cloud
00:07:25 - can't find it and see it, and be able to get to my bank account
00:07:28 - balance and all that.
00:07:29 - And they're going, OK.
00:07:30 - Well, how-- think of this.
00:07:32 - I mean, college professor, student,
00:07:33 - sitting there looking at each other.
00:07:35 - OK, how do you do that?
00:07:36 - I mean, back then encryption keys
00:07:39 - were very common, to where you would have a key.
00:07:42 - And a key-- I'm visualizing it here as a key,
00:07:45 - but it's a mathematical formula that really scrambles data-- So
00:07:49 - let's say I want to transfer $150 from my checking
00:07:53 - to my savings account or something like that.
00:07:55 - Before I send it, it runs it through this encryption key,
00:07:59 - which just is a big mathematical algorithm that
00:08:01 - goes bluh bluh bluh bluh and scrambles it all up, to where
00:08:03 - you can't understand it.
00:08:05 - Well, the person who has that key
00:08:06 - can also reverse that, to figure it out.
00:08:10 - So to do encrypted communication,
00:08:12 - I would have the online bank have the key.
00:08:16 - And I have the key.
00:08:17 - And then we just kind of encrypt it between.
00:08:19 - It's like, oh, well, that's simple.
00:08:20 - But how do you get the key?
00:08:26 - Oh yeah.
00:08:27 - Forgot about that.
00:08:27 - How do you get the key?
00:08:29 - How do you get the same key that the bank has,
00:08:31 - so that you can encrypt it, without the guy
00:08:33 - in the middle getting it, too?
00:08:34 - I mean, you can't just have the bank send you the key.
00:08:36 - Do you see this dilemma?
00:08:38 - So Martin and Whitfield were sitting there,
00:08:40 - they're like, how do we do this, how do we do this?
00:08:42 - And the way the story is told-- and you
00:08:44 - can go look this up in Wikipedia if you want.
00:08:47 - Actually, I don't know if it's there, maybe it's there---
00:08:49 - the student, Whitfield Diffie, was at home asleep.
00:08:55 - At 2:00 or 3:00 in the morning, wakes up in a cold sweat,
00:08:58 - and goes, I got it.
00:09:00 - I know it.
00:09:00 - I've got the-- he dreamed the algorithm for what we now know
00:09:04 - as the Diffie-Hellman public key encryption algorithm,
00:09:08 - to where you now have, instead of one key,
00:09:11 - two keys to start your communication ,
00:09:17 - a public key and a private key.
00:09:19 - So I'm going to show you how it works across the internet.
00:09:21 - And then I'm going to apply that same mindset.
00:09:23 - Well, it's actually much simpler when
00:09:25 - you look at it from an EC2 perspective.
00:09:27 - But understanding kind of the big picture,
00:09:29 - this is an impress your friends conversation, seriously.
00:09:33 - They're going to go, wow.
00:09:34 - Really?
00:09:35 - So here's how it works.
00:09:37 - When my computer connects to the online bank-- let me
00:09:41 - flip colors here-- connects to the online bank.
00:09:44 - It says, OK, this is going to be identified as a secure channel.
00:09:49 - The way that works is the bank, their web server,
00:09:52 - says, I'm going to send you a security certificate.
00:09:55 - Ah, certificate.
00:09:56 - Some of you may have seen that before when
00:09:58 - you're surfing the web and it comes up and says, hey,
00:10:00 - this certificate is not valid.
00:10:02 - Do you want to proceed?
00:10:02 - And everybody is like, eh, don't show this to me again.
00:10:04 - And hit yes.
00:10:04 - Well, it's not good to have an invalid certificate,
00:10:06 - because everybody should have a valid certificate saying,
00:10:09 - this is who I am.
00:10:10 - And this certificate says, this is my identity.
00:10:14 - I am the Bank of Arizona.
00:10:16 - I have this level of encryption.
00:10:19 - This is the date and time I got this certificate.
00:10:21 - And I've got-- you might go, what's
00:10:23 - that little squid on there-- it's a stamp.
00:10:25 - There's actually something called a certificate authority
00:10:28 - out on the internet.
00:10:29 - VeriSign is a big one.
00:10:31 - Many different certificate authorities
00:10:33 - that, before this bank goes into business online,
00:10:35 - they go to the security authority and says,
00:10:38 - here's all our information about our business-- not all of it,
00:10:41 - but the requested information-- so you
00:10:43 - know that we really are the bank.
00:10:45 - Because it would be horrible if somebody
00:10:48 - pretended to be the Bank of Arizona.
00:10:50 - As a matter of fact, that's called a phishing attack,
00:10:52 - when you get those emails where it's somebody pretending
00:10:55 - to be eBay or Amazon or something like that.
00:10:57 - It's a phishing email, somebody trying
00:10:58 - to pull the wool over your eyes, to get you
00:11:00 - to type in values over there, so they can compromise your data.
00:11:04 - So we need to have these certificate authorities
00:11:07 - on the internet that says, OK.
00:11:08 - This is really the real one.
00:11:10 - That's why it's so scary if somebody sees that message that
00:11:13 - says, this is an invalid certificate.
00:11:14 - Do you want to proceed?
00:11:16 - And people go, oh yeah.
00:11:17 - Because a lot of times people don't pay the money
00:11:19 - to have a certificate really validate their identity.
00:11:21 - So you're playing the game, like, I really
00:11:24 - hope this is the real Amazon, the real eBay,
00:11:27 - the real Bank of Arizona.
00:11:28 - So if you have a certificate authority give one to you,
00:11:32 - then it's validated.
00:11:34 - The browsers won't pop up that security warning
00:11:36 - and that kind of thing.
00:11:37 - But also on here and here's the key--
00:11:39 - no pun intended-- the key of what I'm trying to say,
00:11:42 - is the bank's public key.
00:11:47 - That's why it has that name.
00:11:48 - A public key is available to anybody.
00:11:51 - And it is, you can think of it as a full encryption/decryption
00:11:56 - algorithm.
00:11:57 - It can encrypt, it can decrypt data.
00:11:59 - However, it is only a one-way encryption.
00:12:04 - Let's start putting these pieces together here.
00:12:06 - If I encrypt something with that public key,
00:12:09 - that key cannot decrypt it.
00:12:12 - It must be decrypted with the private key, which
00:12:14 - is the reverse of the formula.
00:12:16 - Let's talk more about that in a second.
00:12:18 - So let me finish the story here.
00:12:20 - You connect to the bank.
00:12:21 - They send you their certificate, which includes,
00:12:23 - this is who I am.
00:12:25 - I'm valid.
00:12:25 - I'm not a fake.
00:12:26 - And here's a public key, a mathematical algorithm,
00:12:29 - that we can use-- or I should say,
00:12:31 - that you, little computer-- can use for encryption.
00:12:35 - Now, notice I said, encryption, not really decryption.
00:12:40 - But this computer, your browser, Internet Explorer,
00:12:43 - Firefox, Chrome, whatever browser you're using,
00:12:47 - built into it has a certain level of encryption.
00:12:51 - And based on where you are in the world,
00:12:53 - there are some governments that say, well, we
00:12:54 - want to be able to see what you're doing.
00:12:56 - So they may block the ability to use really high encryption
00:13:00 - versions of this.
00:13:01 - They have very low encryption values and things like that,
00:13:04 - that they allow.
00:13:04 - So, based on the browser that you're using,
00:13:06 - let's just say you use 129-bit encryption.
00:13:09 - Lets just say, I'm using Chrome.
00:13:11 - Chrome will then generate what's called, your session key, which
00:13:18 - is just a key.
00:13:20 - It's an encryption, it's the old school, the original.
00:13:23 - One key to rule them all.
00:13:25 - It is an encryption/decryption algorithm that you and the bank
00:13:28 - will use for your session.
00:13:30 - OK, whoa, whoa, whoa.
00:13:31 - Wait a sec, Jeremy.
00:13:32 - This got weird.
00:13:32 - I thought you said, the public key did encryption?
00:13:34 - I did.
00:13:35 - But we don't want to use that for all of our communication.
00:13:38 - Because then I've only got half of a formula.
00:13:42 - I can encrypt stuff, but I can't decrypt stuff with it.
00:13:44 - So what my browser does is generate
00:13:47 - a one key to rule them all encryption session, encryption
00:13:51 - key, and encrypts the encryption key.
00:13:57 - Really?
00:13:57 - Yeah.
00:13:58 - So it takes the public key from that certificate
00:14:01 - and encrypts this encryption key,
00:14:04 - which it then sends back to the bank.
00:14:08 - The bank gets it and says, OK.
00:14:11 - I'm now I'm going to use my private key, which
00:14:14 - it never, ever, ever sends to anyone.
00:14:17 - That thing is hid in a way.
00:14:18 - It's the banks.
00:14:20 - It never sends that private key to anyone.
00:14:21 - Because if it did, oh my goodness,
00:14:23 - it would compromise the whole security.
00:14:25 - Because whoever got that, that evil person in the middle.
00:14:27 - If they got the private key, then they
00:14:28 - could decrypt all these session keys
00:14:30 - from the users coming back in.
00:14:31 - So you never send the private key.
00:14:33 - So the bank gets that encrypted session key back,
00:14:36 - decrypts it, and now-- I got to use a new color for this.
00:14:39 - This is so cool-- and now, both sides
00:14:42 - have a session key that they can use for their communication.
00:14:49 - And that's what they actually use
00:14:50 - for all of the communication between those two
00:14:53 - for that session.
00:14:54 - That's why they call it session key.
00:14:55 - As soon as you close your browser, it's done.
00:14:57 - The session key is deleted.
00:14:58 - The next time you connect, you get the public key.
00:15:01 - You regenerate a brand new session key for the session.
00:15:05 - Wow, isn't that a cool-- that's how it works.
00:15:07 - That's how all the communication works on the internet.
00:15:09 - Now, I said-- I shouldn't say all the communication.
00:15:12 - All of the secure communication that works on the internet--
00:15:15 - now, I said the EC2 side of things isn't that bad.
00:15:19 - Because we don't really need a session key.
00:15:21 - They use the idea of public and private key cryptography
00:15:26 - in such a way that we can use it to retrieve our passwords
00:15:30 - or to log into a system.
00:15:31 - So let me explain.
00:15:33 - I'm going to hop back to the instance I was just creating,
00:15:36 - right here.
00:15:37 - So we got to the point, we went through
00:15:38 - and defined all the tags.
00:15:39 - Great.
00:15:40 - Let's continue.
00:15:42 - Please.
00:15:43 - There we go.
00:15:43 - And it says, do you want to choose from your existing
00:15:46 - key pairs or proceed or create a new one?
00:15:48 - Now, normally if this is the first instance that you create,
00:15:51 - this will not be here.
00:15:52 - So I'm going to create a new one,
00:15:53 - as if I hadn't done that before.
00:15:56 - So let's just call this CBTPair2.
00:16:02 - As just a simple identifier name,
00:16:05 - might name it after your organization or whatever
00:16:07 - the case may be.
00:16:08 - But that pair is being assigned to this virtual machine.
00:16:11 - So I'm going to click, Create and download the key pair.
00:16:13 - And what it's doing-- kind of happened down here below-- you
00:16:18 - can see it downloaded, CBTPair2.pem.
00:16:22 - I'm going to go-- well, and now we're
00:16:25 - into the security groups, the firewall, which
00:16:27 - we'll see in just a second-- but I'm going to show in folder.
00:16:29 - Let me, wow.
00:16:32 - There's all my downloads.
00:16:33 - If you want to see what I've been downloading lately,
00:16:35 - you can check that.
00:16:37 - But right there is the CBTPair2.
00:16:39 - Now, if I right click on that and open it,
00:16:42 - edit it with Notepad-- where's Notepad?
00:16:50 - Let's try that again.
00:16:57 - Oh, there we go.
00:16:58 - It was just taking its time-- so right here
00:17:02 - is the RSA private key.
00:17:07 - This, if you ever wonder, well what
00:17:09 - is that mathematical formula, that's it.
00:17:11 - Well, that's actually the key for the mathematical formula
00:17:14 - right there.
00:17:14 - That is the private key.
00:17:15 - So you have just been given-- with what you now
00:17:18 - know about how web security works, that's a big deal.
00:17:21 - Amazon just gave you the private key for your system.
00:17:26 - Save it.
00:17:27 - You need it.
00:17:28 - They maintain the public key.
00:17:31 - So let me finish going through-- I'll
00:17:33 - do the security groups in just a second.
00:17:37 - Let me just go through and launch this machine.
00:17:40 - So it's going to just go through and start
00:17:42 - building that machine over there.
00:17:43 - There we go.
00:17:44 - So it's loading up.
00:17:45 - I can already see my name right there.
00:17:47 - But I want to right click on this guy-- what
00:17:52 - was I thinking for a sec.
00:17:54 - There we go.
00:17:54 - I totally lost my train of thought for a second.
00:17:57 - I was thinking about what was in my download folder--
00:17:59 - so we've got the two machines.
00:18:01 - We have a Linux instance right here.
00:18:02 - This is Ubuntu Linux.
00:18:04 - And then, right here, I have my Windows instance
00:18:07 - that I just created.
00:18:08 - It's actually generating.
00:18:09 - So it's going to take some time, usually about 10,
00:18:11 - 15 minutes before that thing is fully ready and ready to rock.
00:18:15 - So while we're waiting for that to load,
00:18:18 - let me jump right here to how the key pairs are used
00:18:21 - for Windows instances and for Linux instances.
00:18:24 - What happens in the Windows world is we,
00:18:28 - as we generate the machine, get the private key.
00:18:32 - It's sent to us by Amazon.
00:18:34 - It's downloaded.
00:18:35 - And that is something you want to hang onto, you want to save.
00:18:37 - Because once that Windows instance is ready,
00:18:40 - you need that to get the default administrator password.
00:18:46 - Meaning, let's flip back here.
00:18:48 - I have this instance that's currently initializing.
00:18:51 - If I right click on here, there's an option that says,
00:18:53 - get Windows password.
00:18:54 - Now it's going to give me an error saying, hey,
00:18:56 - you can't do it.
00:18:57 - Wait at least 15 minutes before you
00:18:58 - try to retrieve the generated password.
00:19:00 - But once you do, you're going to see it bring up a window--
00:19:03 - and, actually, let me, I'm just going to camp out and wait.
00:19:05 - I'm going to check my email and then come back-- I'm back.
00:19:09 - Checking email, bad idea.
00:19:11 - An hour later, here I am.
00:19:13 - So I've got the machine sitting right here.
00:19:16 - It's generated.
00:19:17 - It's been running, waiting for me.
00:19:19 - So I now can right click on it, hit Get Windows Passwords.
00:19:22 - Now, when we're talking Windows systems-- let me get back
00:19:25 - to my slide here-- when I'm talking about Windows
00:19:27 - instances that are running, the key
00:19:29 - is definitely critical, but only really critical initially.
00:19:34 - You need it to get the default administrator password.
00:19:38 - And then, once you get in, then you
00:19:39 - can change the password to whatever you want.
00:19:41 - For Linux, the private key is actually
00:19:44 - how you will authenticate from here on out, unless you start
00:19:47 - creating different user accounts and things like that
00:19:49 - within Linux.
00:19:50 - So, I would say, of course you need it for both of them.
00:19:54 - But Linux, it's definitely got a more ongoing purpose.
00:19:59 - So right here is the encrypted version of my Windows password.
00:20:01 - It's saying, after I put it through the public key,
00:20:05 - I have this little blob.
00:20:07 - I believe that I can decrypt that using the private key
00:20:11 - called CBTPair2.pem.
00:20:13 - Do you have that?
00:20:14 - Now, there's a couple ways I could go about this.
00:20:16 - I could either go in there and actually
00:20:19 - copy and paste this whole private key
00:20:22 - into this little box and tell it, this my private key.
00:20:24 - Or a little easier is just to go in and-- let me just
00:20:28 - find it, CBTPair2.
00:20:30 - Open-- and you can see, it puts the private key right in,
00:20:33 - just as if I would have copy and pasted it.
00:20:35 - And I click Decrypt Password.
00:20:36 - And bam, there it is.
00:20:38 - I now have my decrypted administrator password.
00:20:41 - Now I can pull up Remote Desktop Connection.
00:20:45 - Let's go in and highlight this name.
00:20:47 - That is now my name that I can connect to.
00:20:51 - Paste that in here and connect.
00:20:53 - Voila.
00:20:54 - It comes in, says, what username.
00:20:56 - Well, the user, it says, is administrator.
00:21:00 - And my password, vndzy!7avp It says, hey.
00:21:08 - well, talk about certificates.
00:21:10 - Even Remote Desktop uses a certificate.
00:21:12 - Look at this, Hey.
00:21:13 - This is just, what a great way to talk about what I just
00:21:15 - described on the public key.
00:21:17 - It says, this Certificate is Not From a Trusted Certifying
00:21:19 - Authority.
00:21:20 - That's OK.
00:21:20 - Because if we had to go buy a CA certificate for every Remote
00:21:24 - Desktop Session we wanted.
00:21:25 - it would get a little costly.
00:21:26 - So I'm going to click on, Yes Accept that Certificate.
00:21:29 - And I am now in.
00:21:30 - Now, the first thing that I'm going to do as an administrator
00:21:34 - is get into this Windows Server 2008 instance
00:21:38 - and go to my Windows Security and change my password.
00:21:43 - So I would type in the old password and then the new one.
00:21:45 - And then I'll say, not that I wouldn't care anymore,
00:21:49 - but I don't really need that private key anymore.
00:21:53 - Because I already have the password changed at that point.
00:21:57 - So now let's talk about Linux.
00:21:59 - Linux has the ability to authenticate users
00:22:02 - based on solely the private key, a little different than what
00:22:06 - we just did with Windows.
00:22:07 - With Windows we went in and used that private key
00:22:10 - to figure out the password and then logged
00:22:12 - in with username and password.
00:22:13 - With Linux, you can get in without a username and password
00:22:16 - at all.
00:22:16 - Just the private key can get you into Linux.
00:22:19 - Now, actually using the private key with Linux
00:22:23 - is a little bit more difficult than with Windows.
00:22:25 - Because Windows you don't really use it,
00:22:27 - at least not for Windows itself.
00:22:29 - You just kind of use it to figure out the admin password.
00:22:31 - And then you chuck it.
00:22:32 - You never really use it again, after you
00:22:34 - change the admin password.
00:22:35 - But, on the Linux side, it's part of the authentication.
00:22:39 - When you get the PEM file, you didn't really
00:22:42 - get a private key.
00:22:44 - You did, but it's like the meat-- you took off
00:22:47 - all the packaging-- there's the meat of the private key.
00:22:51 - I'll chew on it right there.
00:22:53 - But with Linux you actually have to take that
00:22:56 - and generate it into a full-blown private key.
00:22:59 - And to do most-- you can go on Google
00:23:02 - and find a million step by steps to do this.
00:23:04 - I just grabbed one for OS X, if you're using a Macintosh.
00:23:08 - First thing that you want to do is get your EC2 command line
00:23:11 - tools.
00:23:12 - It's a little package of tools that
00:23:13 - will compress files, tools that you can download.
00:23:16 - Unzip those.
00:23:17 - And you use this command right here-- ec2-add-keypair--
00:23:21 - and then you say, pstam.
00:23:23 - This is just a name.
00:23:24 - Whatever you want to name the key pair, you put in there.
00:23:27 - So they have a great output right here, showing,
00:23:30 - I type that in.
00:23:30 - It says, OK, key pair such and such.
00:23:33 - And that's where, right here, you
00:23:34 - paste that private key, the meat I just
00:23:37 - showed you, into that, which ends the private key.
00:23:40 - And now that generates a key that you're
00:23:44 - able to use to get into your Linux instance.
00:23:47 - So let me scroll down a little bit.
00:23:49 - This is, again, using OS X. They go in,
00:23:50 - and just it shows using some more of the EC2 command line
00:23:55 - tools to list the images that you have
00:23:57 - and see what images are in your account from the command line.
00:24:00 - So, we haven't even gotten into the command line tool.
00:24:02 - We're doing everything through the AWS Management console
00:24:04 - right now.
00:24:05 - We'll get there.
00:24:06 - But this is just a sneak peek of what's to come.
00:24:08 - So they do some other things.
00:24:09 - But, by the time it's said and done,
00:24:10 - this is where the glory happens.
00:24:12 - It says, I'm now going to SSH, into my instance.
00:24:16 - I'm identifying the key pair of RSA--
00:24:20 - this is the key pair that we generated
00:24:22 - way up here with this pstam-keypair-- so I'm saying,
00:24:26 - use that key pair to access the root account of blah,
00:24:29 - blah, blah.
00:24:30 - And that's the actual name that Amazon would give you
00:24:32 - when you generated your instance, to access it.
00:24:35 - And that's where you can now get in.
00:24:36 - You're now accessing your virtual machine,
00:24:39 - using SSH from a Linux prompt.
00:24:43 - And you can get in and-- if you want to,
00:24:45 - you can go into the SSH area and add user accounts,
00:24:48 - so you don't have to use that key pair every time.
00:24:51 - And maybe just use that for initial access,
00:24:53 - like we do with Windows.
00:24:55 - So, now let me answer this last question.
00:24:57 - What if I lose my key?
00:25:02 - Well, let's talk through that.
00:25:04 - If you lose your key-- first off, on a Windows side,
00:25:08 - let's say, you generate the instance.
00:25:10 - You never change the admin password.
00:25:12 - You forget the admin password-- and I'm
00:25:15 - coming up with a hair brained scenario here--
00:25:17 - you just always use that PEM key figure out what the password
00:25:20 - and paste it in to access it via RDP.
00:25:23 - You lose the PEM file, so you can't get your password.
00:25:25 - Now, first and foremost, Amazon cannot get it for you.
00:25:30 - They do not keep the private key.
00:25:31 - They send it to you and they say, that is
00:25:33 - your responsibility.
00:25:34 - Hang onto that.
00:25:36 - So if you-- I'll say it in both.
00:25:38 - Windows and Linux.
00:25:39 - If you don't have the admin password.
00:25:40 - And you haven't changed it from the original.
00:25:42 - And same thing with Linux, if you just lose that PEM file,
00:25:45 - that's the key to generating your private key to access it.
00:25:48 - You're locked out of the system.
00:25:53 - The short answer is, go in and terminate your instance.
00:25:56 - And you'll create a new one.
00:25:57 - But maybe you're at the point where you've gone in,
00:26:00 - you've got-- let me bring my AWS Management console
00:26:03 - back up here-- you've gone in.
00:26:06 - You've got some actual data in SDCORE-TS01.
00:26:10 - And you're, like, Ah.
00:26:11 - I can't lose that.
00:26:12 - I don't just want to terminate the instance.
00:26:14 - Well, the good news is this.
00:26:16 - I mean, it's either an ephemeral or it's an EBS storage.
00:26:19 - Most of the time, people run it from EBS.
00:26:21 - You can see right here, the root device.
00:26:23 - It's running off of EBS.
00:26:25 - So the hard disk, the contents are still there.
00:26:28 - What I would suggest is this.
00:26:31 - Right click on this guy and create an AMI image.
00:26:35 - And by the way, this is great time to talk about this.
00:26:38 - If you haven't created your own AMI, this is how you do it.
00:26:41 - I can say, the image name is, let's just say, SACORE-TS01.
00:26:46 - Backup.
00:26:48 - I can't get in there.
00:26:49 - And you could put a description.
00:26:51 - No Reboot.
00:26:52 - Select that.
00:26:52 - Hit Yes Create.
00:26:53 - And what it's doing is, it's now creating
00:26:55 - an AMI behind the scenes.
00:26:57 - Now, remember, when we go in and create a new instance,
00:27:01 - I can click on the instances and choose--
00:27:04 - let me see if I can launch a new instance with this going.
00:27:10 - See if it shows it there.
00:27:12 - Ah, no it doesn't.
00:27:13 - We've got to wait for it to finish--
00:27:15 - so it's creating an AMI instance.
00:27:17 - So you see where I'm going with this?
00:27:18 - You're going to want to go and there and now generate
00:27:21 - a new instance from your frozen in time AMI.
00:27:25 - At that point, you'll be able to use a new private key,
00:27:27 - generate a new private key, and get into that system.
00:27:30 - Now, a lot of times when you do this, to some services
00:27:33 - won't be started.
00:27:34 - You'll have to manually go in there and start the services.
00:27:36 - Some of your disks may not be mounted.
00:27:38 - You may get in there and go, oh, I only see the C drive.
00:27:41 - Did it lose everything?
00:27:42 - Go into the Disk Manager in Windows
00:27:45 - or use some mount points in Linux
00:27:49 - to mount the disks back in.
00:27:51 - And all of your data should still be there.
00:27:54 - I shouldn't say should, it will still--
00:27:56 - it's not like Amazon just loses data-- it will still be there.
00:27:58 - You just have to mount it all back up and get into.
00:28:01 - So, all is not lost if you lose your key.
00:28:03 - But it does definitely cause a hassle.
00:28:06 - Well, that's enough fun for now.
00:28:08 - I want to put a dividing line there,
00:28:09 - so I really have the time to expound on security groups.
00:28:12 - There's a lot to think about when you're setting them up.
00:28:15 - So we talked about, in this Nugget, tags.
00:28:17 - And, actually, there's something I totally forgot to show you.
00:28:20 - But I was going through defining the tags,
00:28:22 - and you're probably, like, OK.
00:28:23 - Well, that's great to see them.
00:28:25 - But where do you actually use them?
00:28:28 - Where can you find them?
00:28:30 - Well, you remember for this SDCORE-TS01 virtual machine
00:28:34 - right here, or instance, I actually
00:28:37 - defined the tag of, I think, the Creation Date and things
00:28:40 - like that.
00:28:41 - You can go up here to the Show/Hide button.
00:28:43 - And that allows you to add your own tags to this list.
00:28:48 - Let's add them all in there.
00:28:49 - I click on All of them.
00:28:51 - And now I can see, if I expand this out--
00:28:54 - now I'm obviously running a little out of room here--
00:28:58 - but now I can see all of the custom tags
00:29:00 - that I've put in there.
00:29:02 - And I have seen, sometimes when you put this,
00:29:04 - it shows all empty until you click the Refresh button.
00:29:07 - So if you do this yourself and nothing shows up.
00:29:09 - Click refresh.
00:29:10 - And it will show up for you.
00:29:12 - But that's your nice way of doing it.
00:29:14 - And now you can filter on them.
00:29:15 - You can search for them.
00:29:17 - They're part of your image list here.
00:29:20 - So that's a really powerful tool.
00:29:21 - So we talked about tags and adding those to your instances
00:29:24 - that are running.
00:29:25 - We also talked about EC2 key pairs and all of their glory,
00:29:29 - to talk about what the key pairs are.
00:29:31 - We even talked about public key/private key cryptography
00:29:34 - and the mindset behind it.
00:29:36 - And then how we applied it to Windows instances,
00:29:38 - to Linux instances, what happens if you forget your key,
00:29:42 - all those kind of things we went through.
00:29:43 - So, in the next Nugget, we will talk about security groups.
00:29:47 - But, for now, I hope this has been informative for you.
00:29:49 - And I'd like to thank you for viewing.

EC2: Creating an EC2 Instance - Security Groups

EC2: Creating an EC2 Instance - Elastic IPs and ELB

VPC: It's MY Cloud Now! Understanding AWS Network Management

VPC: It's MY Cloud Now! Understanding AWS Network Management, Part 2

VPC: It's MY Cloud Now! Understanding AWS Network Management, Part 3

S3 Foundations: Getting Started with S3

S3 Foundations: Working with S3 Storage

Route 53: DNS Management Made Easy

IAM: Creating and Managing User Access

AWS Case Study: CBT Nuggets Move to the Cloud

AWS: Series Wrap-up

Please help us improve by sharing your feedback on training courses and videos. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus

Course Features

Speed Control

Play videos at a faster or slower pace.

Bookmarks

Pick up where you left off watching a video.

Notes

Jot down information to refer back to at a later time.

Offline Training

Our mobile apps offer the ability to download videos and train anytime, anywhere offline.

Accountability Coaching

Develop and maintain a study plan with assistance from coaches.
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Certifications:
Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.


Stay Connected

Get the latest updates on the subjects you choose.


  © 2014 CBT Nuggets. All rights reserved. Licensing Agreement | Billing Agreement | Privacy Policy | RSS