00:00:00 - EC2 Key Pairs and
00:00:04 - Well, my friend, we
are well on the way
00:00:06 - to getting our instance
up and running and really
00:00:09 - understanding all
the pieces around it.
00:00:12 - And I felt, as I went
in to start this Nugget,
00:00:14 - I go, we got to just
get our bearings.
00:00:15 - Because, even as I
say that, we're well
00:00:18 - on our way to get our
own instance running,
00:00:20 - I'm sure many of
you have already
00:00:21 - gone out there and gone
Next, Next, Finish.
00:00:23 - And you're, like,
well there it is.
00:00:26 - It's not that hard.
00:00:27 - I've got a running instance.
00:00:29 - Absolutely, you can
have a running instance
00:00:31 - in a few minutes, if you
just Next, Next, Finish it.
00:00:33 - But really kind of putting
together all the pieces,
00:00:35 - so I want to make
sure we don't get
00:00:37 - lost as to where we
are on the concepts.
00:00:39 - I'm going to bring over
the EC2 Management console.
00:00:46 - And I'm in the Instances area.
00:00:49 - I've got, right here, just a
little Linux instance I've got
00:00:51 - set up this morning,
just to play around.
00:00:55 - But I wanted to bring up
the instances-- let me just
00:00:57 - click on Launch, and this
is just to get our bearings.
00:00:59 - Now we went through.
00:01:01 - We talked about what it looks
like to go through the wizard,
00:01:04 - going through the AMIs.
00:01:05 - What is an AMI?
00:01:06 - The frozen in time hard drive?
00:01:07 - Where do you get the AMIs?
00:01:08 - Creating your own AMIs, the
community, the marketplace,
00:01:11 - all those kind of things.
00:01:12 - We went through and figured out
how to get an instance going.
00:01:16 - So I'm just going to grab,
let's grab Windows 2008 R2.
00:01:20 - We talked about how many
instances, the types
00:01:23 - of instances, the
processor size, the memory,
00:01:26 - how you scale that.
00:01:28 - Not even shown
here, the I/O that's
00:01:30 - included with each one
of these instance sizes,
00:01:32 - and why that's impactful.
00:01:34 - We talked about the
availability zones, the regions
00:01:36 - and what that is.
00:01:37 - We looked at the pricing,
all of the different pricing
00:01:39 - that we could do for on-demand
versus reserved or versus spot.
00:01:43 - Whew.
00:01:44 - Even as I do this, man,
we've talked about a lot.
00:01:47 - But it's so easy to
just, Next, Next, OK.
00:01:50 - I've got it.
00:01:50 - It's good.
00:01:51 - But now you really
understand all these pieces.
00:01:53 - So let's see where
we go from here.
00:01:55 - If we're going into the
Advanced Instance options--
00:01:58 - I'm going to put those
to the end, right?
00:02:00 - Just because it will
just make more sense
00:02:02 - if we talk about
those at the very end.
00:02:04 - I'll say, this is a
great one, prevent
00:02:06 - against accidental
termination, to where
00:02:09 - you have to come in and
uncheck this box before you
00:02:11 - can terminate an instance.
00:02:12 - Because it's all too easy to
blow one away accidentally.
00:02:15 - So, continuing from
there, let's pick up here.
00:02:20 - That was my bearing check.
00:02:22 - We know where our instance is.
00:02:23 - We know what kind it is.
00:02:24 - We know EBS storage.
00:02:26 - We know all that kind of stuff.
00:02:28 - So now we're into the tags.
00:02:29 - What are tags?
00:02:32 - Tags are just a way for you to
identify your instance however
00:02:37 - you want.
00:02:38 - It is kind of a free format,
think of it as a micro database
00:02:41 - that you can use for each
instance to describe it.
00:02:44 - So when you're looking
for certain instances,
00:02:46 - you know what they are.
00:02:48 - And I would suggest,
it's all too
00:02:51 - easy to just say, well,
let's add my own tags
00:02:53 - and just make them up.
00:02:54 - But I would suggest sitting down
with your IT group, unless you
00:02:57 - are a one-man show, or a
one-woman show, then sit down
00:03:02 - and say, hey guys.
00:03:03 - Let's agree on what
tags we're going
00:03:04 - to use to describe
each one of these.
00:03:06 - Let's come up with
some common syntax.
00:03:08 - Because if you look, these keys,
these tags, the key values,
00:03:12 - can only be 127 characters.
00:03:15 - And the value can only be 255.
00:03:16 - So it's not like we're
having a big paragraph here
00:03:19 - on everything that
this instance does.
00:03:21 - So, for instance, this is--
I'm creating a Windows 2008 R2
00:03:25 - instance-- Let's say the
name of this is SDCORE-TS01.
00:03:32 - And I'm actually a
00:03:35 - that I use for my
own data center.
00:03:38 - SDCORE, to me, says the name
of my company that I work with,
00:03:41 - Core.
00:03:42 - Core is the data center.
00:03:43 - TS stands for the function.
00:03:45 - I use, for instance,
TS is terminal server.
00:03:48 - Or I might do a DC for
Domain Controller or FS
00:03:51 - for a File Server.
00:03:53 - I've got my own key.
00:03:54 - And then 01, this is the first
terminal server that I have
00:03:57 - at the data center.
00:03:58 - So if you never had a
naming convention, Bam!
00:04:01 - There it is, in two
seconds or less,
00:04:02 - a naming convention for you.
00:04:04 - So that will be a
name that can now
00:04:07 - appear-- you can see it, kind
of behind the scenes here--
00:04:09 - see this little name?
00:04:11 - I didn't put any
tags in this one.
00:04:12 - So it's says, Empty.
00:04:14 - That's not very descriptive.
00:04:16 - But I don't have to
just stop at the name.
00:04:19 - I can go in and say, well,
let's add a description.
00:04:24 - Description will be, and
again, 255 characters.
00:04:27 - You don't have much.
00:04:28 - Let's just say, RDS Gateway
to reach internal apps.
00:04:36 - I'll just say internal
servers, how's that?
00:04:39 - And you can keep adding
another tag and another tag,
00:04:41 - as many tags as you want.
00:04:42 - And let's just
say, Creation Date.
00:04:46 - It is, what's the day, 5/25/12.
00:04:51 - And go on.
00:04:52 - And you can see up
to 10 individual tags
00:04:54 - that you can use.
00:04:55 - Now I'm going to show
you this in a minute.
00:05:02 - I'll show it to you in a minute.
00:05:03 - I'm going to click on Continue.
00:05:05 - Save those tags.
00:05:05 - Because I want to now
get into the key pairs.
00:05:07 - So let me pause there and
flip over to the concept.
00:05:11 - What most people
do when they get
00:05:13 - to the key pairs on their EC2
instances, they kind of-- well,
00:05:17 - actually, let me show you--
they usually come into here
00:05:20 - and they go, OK.
00:05:21 - And by default there is no pair.
00:05:23 - This is just a pair that
I created previously
00:05:25 - for my Linux instance.
00:05:27 - They come in here and it
says, create a new key pair
00:05:29 - or proceed without.
00:05:30 - And people go,
let's not do that.
00:05:33 - And then it says, oh no.
00:05:34 - You can't connect to this
instance unless you do that.
00:05:36 - You go, oh, OK.
00:05:37 - Then let's do this.
00:05:39 - OK, I'll type it in.
00:05:40 - Duh da duh.
00:05:41 - And they create download.
00:05:42 - But they're just kind
of going through, not
00:05:44 - really understanding the
power of what they're doing
00:05:47 - and the power of
what this really is.
00:05:49 - This goes back to public and
private key cryptography.
00:05:53 - And I always, I could
give you the, OK.
00:05:55 - Type this, and then
go here and do that.
00:05:57 - I mean, you can Google
that and find it.
00:05:59 - But to really understand
the why behind it all,
00:06:02 - it's just, that's satisfying.
00:06:04 - That's where you
are, Oh, I get it.
00:06:06 - So understanding public and
private key cryptography
00:06:09 - is huge.
00:06:10 - Because it's really how almost
all the secure communication
00:06:14 - in the world works.
00:06:16 - This all goes back
to decades ago,
00:06:18 - when there was an instructor,
a college professor,
00:06:22 - and his student named Whitfield
Diffie, that was the student.
00:06:27 - And, I believe, was Martin
Hellman, was the-- Martin?
00:06:31 - I think was Martin.
00:06:32 - Hellman was the
00:06:33 - And so these guys
were-- and this
00:06:35 - is decades ago-- they
were sitting there,
00:06:37 - trying to figure
out, how do you have
00:06:40 - secure, encrypted communication,
across a public network.
00:06:45 - Think about it.
00:06:46 - You're right here, right?
00:06:48 - Sitting at your computer.
00:06:49 - And something that almost
all of us do nowadays
00:06:52 - is do online banking, where
we can go and transfer
00:06:58 - account balances, make
payments, online bill pay.
00:07:00 - So I don't have to mail it
in the mail and all that.
00:07:02 - So it's very convenient.
00:07:03 - But in the middle of all
of this communication
00:07:07 - is the public internet,
with evil people,
00:07:10 - who are trying to steal
your bank account balance,
00:07:12 - and trying to steal the ability
to transfer information.
00:07:15 - So I need to have some kind
of secure, encrypted session
00:07:19 - between these guys.
00:07:21 - I have to have something
that secures it.
00:07:23 - So these evil people in
the middle of the cloud
00:07:25 - can't find it and see it, and be
able to get to my bank account
00:07:28 - balance and all that.
00:07:29 - And they're going, OK.
00:07:30 - Well, how-- think of this.
00:07:32 - I mean, college
00:07:33 - sitting there looking
at each other.
00:07:35 - OK, how do you do that?
00:07:36 - I mean, back then
00:07:39 - were very common, to where
you would have a key.
00:07:42 - And a key-- I'm visualizing
it here as a key,
00:07:45 - but it's a mathematical formula
that really scrambles data-- So
00:07:49 - let's say I want to transfer
$150 from my checking
00:07:53 - to my savings account
or something like that.
00:07:55 - Before I send it, it runs it
through this encryption key,
00:07:59 - which just is a big
mathematical algorithm that
00:08:01 - goes bluh bluh bluh bluh and
scrambles it all up, to where
00:08:03 - you can't understand it.
00:08:05 - Well, the person
who has that key
00:08:06 - can also reverse that,
to figure it out.
00:08:10 - So to do encrypted
00:08:12 - I would have the online
bank have the key.
00:08:16 - And I have the key.
00:08:17 - And then we just kind
of encrypt it between.
00:08:19 - It's like, oh,
well, that's simple.
00:08:20 - But how do you get the key?
00:08:26 - Oh yeah.
00:08:27 - Forgot about that.
00:08:27 - How do you get the key?
00:08:29 - How do you get the same
key that the bank has,
00:08:31 - so that you can encrypt
it, without the guy
00:08:33 - in the middle getting it, too?
00:08:34 - I mean, you can't just have
the bank send you the key.
00:08:36 - Do you see this dilemma?
00:08:38 - So Martin and Whitfield
were sitting there,
00:08:40 - they're like, how do we do
this, how do we do this?
00:08:42 - And the way the story
is told-- and you
00:08:44 - can go look this up in
Wikipedia if you want.
00:08:47 - Actually, I don't know if it's
there, maybe it's there---
00:08:49 - the student, Whitfield
Diffie, was at home asleep.
00:08:55 - At 2:00 or 3:00 in the morning,
wakes up in a cold sweat,
00:08:58 - and goes, I got it.
00:09:00 - I know it.
00:09:00 - I've got the-- he dreamed the
algorithm for what we now know
00:09:04 - as the Diffie-Hellman public
key encryption algorithm,
00:09:08 - to where you now have,
instead of one key,
00:09:11 - two keys to start
your communication ,
00:09:17 - a public key and a private key.
00:09:19 - So I'm going to show you how
it works across the internet.
00:09:21 - And then I'm going to
apply that same mindset.
00:09:23 - Well, it's actually
much simpler when
00:09:25 - you look at it from
an EC2 perspective.
00:09:27 - But understanding kind
of the big picture,
00:09:29 - this is an impress your friends
00:09:33 - They're going to go, wow.
00:09:34 - Really?
00:09:35 - So here's how it works.
00:09:37 - When my computer connects
to the online bank-- let me
00:09:41 - flip colors here-- connects
to the online bank.
00:09:44 - It says, OK, this is going to be
identified as a secure channel.
00:09:49 - The way that works is the
bank, their web server,
00:09:52 - says, I'm going to send
you a security certificate.
00:09:55 - Ah, certificate.
00:09:56 - Some of you may have
seen that before when
00:09:58 - you're surfing the web and
it comes up and says, hey,
00:10:00 - this certificate is not valid.
00:10:02 - Do you want to proceed?
00:10:02 - And everybody is like, eh,
don't show this to me again.
00:10:04 - And hit yes.
00:10:04 - Well, it's not good to have
an invalid certificate,
00:10:06 - because everybody should have
a valid certificate saying,
00:10:09 - this is who I am.
00:10:10 - And this certificate
says, this is my identity.
00:10:14 - I am the Bank of Arizona.
00:10:16 - I have this level of encryption.
00:10:19 - This is the date and time
I got this certificate.
00:10:21 - And I've got-- you
might go, what's
00:10:23 - that little squid on
there-- it's a stamp.
00:10:25 - There's actually something
called a certificate authority
00:10:28 - out on the internet.
00:10:29 - VeriSign is a big one.
00:10:31 - Many different
00:10:33 - that, before this bank
goes into business online,
00:10:35 - they go to the security
authority and says,
00:10:38 - here's all our information about
our business-- not all of it,
00:10:41 - but the requested
information-- so you
00:10:43 - know that we really
are the bank.
00:10:45 - Because it would be
horrible if somebody
00:10:48 - pretended to be the
Bank of Arizona.
00:10:50 - As a matter of fact, that's
called a phishing attack,
00:10:52 - when you get those emails
where it's somebody pretending
00:10:55 - to be eBay or Amazon
or something like that.
00:10:57 - It's a phishing
email, somebody trying
00:10:58 - to pull the wool over
your eyes, to get you
00:11:00 - to type in values over there, so
they can compromise your data.
00:11:04 - So we need to have these
00:11:07 - on the internet that says, OK.
00:11:08 - This is really the real one.
00:11:10 - That's why it's so scary if
somebody sees that message that
00:11:13 - says, this is an
00:11:14 - Do you want to proceed?
00:11:16 - And people go, oh yeah.
00:11:17 - Because a lot of times
people don't pay the money
00:11:19 - to have a certificate really
validate their identity.
00:11:21 - So you're playing the
game, like, I really
00:11:24 - hope this is the real
Amazon, the real eBay,
00:11:27 - the real Bank of Arizona.
00:11:28 - So if you have a certificate
authority give one to you,
00:11:32 - then it's validated.
00:11:34 - The browsers won't pop
up that security warning
00:11:36 - and that kind of thing.
00:11:37 - But also on here
and here's the key--
00:11:39 - no pun intended-- the key
of what I'm trying to say,
00:11:42 - is the bank's public key.
00:11:47 - That's why it has that name.
00:11:48 - A public key is
available to anybody.
00:11:51 - And it is, you can think of it
as a full encryption/decryption
00:11:56 - algorithm.
00:11:57 - It can encrypt, it
can decrypt data.
00:11:59 - However, it is only
a one-way encryption.
00:12:04 - Let's start putting these
pieces together here.
00:12:06 - If I encrypt something
with that public key,
00:12:09 - that key cannot decrypt it.
00:12:12 - It must be decrypted with
the private key, which
00:12:14 - is the reverse of the formula.
00:12:16 - Let's talk more about
that in a second.
00:12:18 - So let me finish the story here.
00:12:20 - You connect to the bank.
00:12:21 - They send you their
certificate, which includes,
00:12:23 - this is who I am.
00:12:25 - I'm valid.
00:12:25 - I'm not a fake.
00:12:26 - And here's a public key,
a mathematical algorithm,
00:12:29 - that we can use--
or I should say,
00:12:31 - that you, little computer--
can use for encryption.
00:12:35 - Now, notice I said, encryption,
not really decryption.
00:12:40 - But this computer, your
browser, Internet Explorer,
00:12:43 - Firefox, Chrome, whatever
browser you're using,
00:12:47 - built into it has a certain
level of encryption.
00:12:51 - And based on where
you are in the world,
00:12:53 - there are some governments
that say, well, we
00:12:54 - want to be able to
see what you're doing.
00:12:56 - So they may block the ability
to use really high encryption
00:13:00 - versions of this.
00:13:01 - They have very low encryption
values and things like that,
00:13:04 - that they allow.
00:13:04 - So, based on the browser
that you're using,
00:13:06 - let's just say you use
00:13:09 - Lets just say, I'm using Chrome.
00:13:11 - Chrome will then generate what's
called, your session key, which
00:13:18 - is just a key.
00:13:20 - It's an encryption, it's the
old school, the original.
00:13:23 - One key to rule them all.
00:13:25 - It is an encryption/decryption
algorithm that you and the bank
00:13:28 - will use for your session.
00:13:30 - OK, whoa, whoa, whoa.
00:13:31 - Wait a sec, Jeremy.
00:13:32 - This got weird.
00:13:32 - I thought you said, the
public key did encryption?
00:13:34 - I did.
00:13:35 - But we don't want to use that
for all of our communication.
00:13:38 - Because then I've only
got half of a formula.
00:13:42 - I can encrypt stuff, but I
can't decrypt stuff with it.
00:13:44 - So what my browser
does is generate
00:13:47 - a one key to rule them all
encryption session, encryption
00:13:51 - key, and encrypts
the encryption key.
00:13:57 - Really?
00:13:57 - Yeah.
00:13:58 - So it takes the public
key from that certificate
00:14:01 - and encrypts this
00:14:04 - which it then sends
back to the bank.
00:14:08 - The bank gets it and says, OK.
00:14:11 - I'm now I'm going to use
my private key, which
00:14:14 - it never, ever, ever
sends to anyone.
00:14:17 - That thing is hid in a way.
00:14:18 - It's the banks.
00:14:20 - It never sends that
private key to anyone.
00:14:21 - Because if it did,
oh my goodness,
00:14:23 - it would compromise
the whole security.
00:14:25 - Because whoever got that, that
evil person in the middle.
00:14:27 - If they got the
private key, then they
00:14:28 - could decrypt all
these session keys
00:14:30 - from the users coming back in.
00:14:31 - So you never send
the private key.
00:14:33 - So the bank gets that
encrypted session key back,
00:14:36 - decrypts it, and now-- I got
to use a new color for this.
00:14:39 - This is so cool--
and now, both sides
00:14:42 - have a session key that they
can use for their communication.
00:14:49 - And that's what
they actually use
00:14:50 - for all of the communication
between those two
00:14:53 - for that session.
00:14:54 - That's why they
call it session key.
00:14:55 - As soon as you close
your browser, it's done.
00:14:57 - The session key is deleted.
00:14:58 - The next time you connect,
you get the public key.
00:15:01 - You regenerate a brand new
session key for the session.
00:15:05 - Wow, isn't that a cool--
that's how it works.
00:15:07 - That's how all the communication
works on the internet.
00:15:09 - Now, I said-- I shouldn't
say all the communication.
00:15:12 - All of the secure communication
that works on the internet--
00:15:15 - now, I said the EC2 side
of things isn't that bad.
00:15:19 - Because we don't really
need a session key.
00:15:21 - They use the idea of public
and private key cryptography
00:15:26 - in such a way that we can use
it to retrieve our passwords
00:15:30 - or to log into a system.
00:15:31 - So let me explain.
00:15:33 - I'm going to hop back to the
instance I was just creating,
00:15:36 - right here.
00:15:37 - So we got to the
point, we went through
00:15:38 - and defined all the tags.
00:15:39 - Great.
00:15:40 - Let's continue.
00:15:42 - Please.
00:15:43 - There we go.
00:15:43 - And it says, do you want to
choose from your existing
00:15:46 - key pairs or proceed
or create a new one?
00:15:48 - Now, normally if this is the
first instance that you create,
00:15:51 - this will not be here.
00:15:52 - So I'm going to
create a new one,
00:15:53 - as if I hadn't done that before.
00:15:56 - So let's just call
00:16:02 - As just a simple
00:16:05 - might name it after your
organization or whatever
00:16:07 - the case may be.
00:16:08 - But that pair is being assigned
to this virtual machine.
00:16:11 - So I'm going to click, Create
and download the key pair.
00:16:13 - And what it's doing-- kind of
happened down here below-- you
00:16:18 - can see it downloaded,
00:16:22 - I'm going to go--
well, and now we're
00:16:25 - into the security groups,
the firewall, which
00:16:27 - we'll see in just a second--
but I'm going to show in folder.
00:16:29 - Let me, wow.
00:16:32 - There's all my downloads.
00:16:33 - If you want to see what I've
been downloading lately,
00:16:35 - you can check that.
00:16:37 - But right there is the CBTPair2.
00:16:39 - Now, if I right click
on that and open it,
00:16:42 - edit it with Notepad--
00:16:50 - Let's try that again.
00:16:57 - Oh, there we go.
00:16:58 - It was just taking its
time-- so right here
00:17:02 - is the RSA private key.
00:17:07 - This, if you ever
wonder, well what
00:17:09 - is that mathematical
formula, that's it.
00:17:11 - Well, that's actually the key
for the mathematical formula
00:17:14 - right there.
00:17:14 - That is the private key.
00:17:15 - So you have just been
given-- with what you now
00:17:18 - know about how web security
works, that's a big deal.
00:17:21 - Amazon just gave you the
private key for your system.
00:17:26 - Save it.
00:17:27 - You need it.
00:17:28 - They maintain the public key.
00:17:31 - So let me finish
going through-- I'll
00:17:33 - do the security groups
in just a second.
00:17:37 - Let me just go through
and launch this machine.
00:17:40 - So it's going to just
go through and start
00:17:42 - building that
machine over there.
00:17:43 - There we go.
00:17:44 - So it's loading up.
00:17:45 - I can already see
my name right there.
00:17:47 - But I want to right
click on this guy-- what
00:17:52 - was I thinking for a sec.
00:17:54 - There we go.
00:17:54 - I totally lost my train
of thought for a second.
00:17:57 - I was thinking about what
was in my download folder--
00:17:59 - so we've got the two machines.
00:18:01 - We have a Linux
instance right here.
00:18:02 - This is Ubuntu Linux.
00:18:04 - And then, right here, I
have my Windows instance
00:18:07 - that I just created.
00:18:08 - It's actually generating.
00:18:09 - So it's going to take some
time, usually about 10,
00:18:11 - 15 minutes before that thing is
fully ready and ready to rock.
00:18:15 - So while we're waiting
for that to load,
00:18:18 - let me jump right here to
how the key pairs are used
00:18:21 - for Windows instances
and for Linux instances.
00:18:24 - What happens in the
Windows world is we,
00:18:28 - as we generate the machine,
get the private key.
00:18:32 - It's sent to us by Amazon.
00:18:34 - It's downloaded.
00:18:35 - And that is something you want
to hang onto, you want to save.
00:18:37 - Because once that Windows
instance is ready,
00:18:40 - you need that to get the
default administrator password.
00:18:46 - Meaning, let's flip back here.
00:18:48 - I have this instance that's
00:18:51 - If I right click on here,
there's an option that says,
00:18:53 - get Windows password.
00:18:54 - Now it's going to give
me an error saying, hey,
00:18:56 - you can't do it.
00:18:57 - Wait at least 15
minutes before you
00:18:58 - try to retrieve the
00:19:00 - But once you do, you're going
to see it bring up a window--
00:19:03 - and, actually, let me, I'm just
going to camp out and wait.
00:19:05 - I'm going to check my email
and then come back-- I'm back.
00:19:09 - Checking email, bad idea.
00:19:11 - An hour later, here I am.
00:19:13 - So I've got the machine
sitting right here.
00:19:16 - It's generated.
00:19:17 - It's been running,
waiting for me.
00:19:19 - So I now can right click on
it, hit Get Windows Passwords.
00:19:22 - Now, when we're talking Windows
systems-- let me get back
00:19:25 - to my slide here-- when
I'm talking about Windows
00:19:27 - instances that are
running, the key
00:19:29 - is definitely critical, but
only really critical initially.
00:19:34 - You need it to get the default
00:19:38 - And then, once you
get in, then you
00:19:39 - can change the password
to whatever you want.
00:19:41 - For Linux, the private
key is actually
00:19:44 - how you will authenticate from
here on out, unless you start
00:19:47 - creating different user
accounts and things like that
00:19:49 - within Linux.
00:19:50 - So, I would say, of course
you need it for both of them.
00:19:54 - But Linux, it's definitely
got a more ongoing purpose.
00:19:59 - So right here is the encrypted
version of my Windows password.
00:20:01 - It's saying, after I put
it through the public key,
00:20:05 - I have this little blob.
00:20:07 - I believe that I can decrypt
that using the private key
00:20:11 - called CBTPair2.pem.
00:20:13 - Do you have that?
00:20:14 - Now, there's a couple ways
I could go about this.
00:20:16 - I could either go in
there and actually
00:20:19 - copy and paste this
whole private key
00:20:22 - into this little box and
tell it, this my private key.
00:20:24 - Or a little easier is just
to go in and-- let me just
00:20:28 - find it, CBTPair2.
00:20:30 - Open-- and you can see, it
puts the private key right in,
00:20:33 - just as if I would have
copy and pasted it.
00:20:35 - And I click Decrypt Password.
00:20:36 - And bam, there it is.
00:20:38 - I now have my decrypted
00:20:41 - Now I can pull up Remote
00:20:45 - Let's go in and
highlight this name.
00:20:47 - That is now my name
that I can connect to.
00:20:51 - Paste that in here and connect.
00:20:53 - Voila.
00:20:54 - It comes in, says,
00:20:56 - Well, the user, it
says, is administrator.
00:21:00 - And my password,
vndzy!7avp It says, hey.
00:21:08 - well, talk about certificates.
00:21:10 - Even Remote Desktop
uses a certificate.
00:21:12 - Look at this, Hey.
00:21:13 - This is just, what a great
way to talk about what I just
00:21:15 - described on the public key.
00:21:17 - It says, this Certificate is
Not From a Trusted Certifying
00:21:19 - Authority.
00:21:20 - That's OK.
00:21:20 - Because if we had to go buy a
CA certificate for every Remote
00:21:24 - Desktop Session we wanted.
00:21:25 - it would get a little costly.
00:21:26 - So I'm going to click on,
Yes Accept that Certificate.
00:21:29 - And I am now in.
00:21:30 - Now, the first thing that I'm
going to do as an administrator
00:21:34 - is get into this Windows
Server 2008 instance
00:21:38 - and go to my Windows Security
and change my password.
00:21:43 - So I would type in the old
password and then the new one.
00:21:45 - And then I'll say, not that
I wouldn't care anymore,
00:21:49 - but I don't really need
that private key anymore.
00:21:53 - Because I already have the
password changed at that point.
00:21:57 - So now let's talk about Linux.
00:21:59 - Linux has the ability
to authenticate users
00:22:02 - based on solely the private key,
a little different than what
00:22:06 - we just did with Windows.
00:22:07 - With Windows we went in
and used that private key
00:22:10 - to figure out the
password and then logged
00:22:12 - in with username and password.
00:22:13 - With Linux, you can get in
without a username and password
00:22:16 - at all.
00:22:16 - Just the private key
can get you into Linux.
00:22:19 - Now, actually using the
private key with Linux
00:22:23 - is a little bit more
difficult than with Windows.
00:22:25 - Because Windows you
don't really use it,
00:22:27 - at least not for Windows itself.
00:22:29 - You just kind of use it to
figure out the admin password.
00:22:31 - And then you chuck it.
00:22:32 - You never really use
it again, after you
00:22:34 - change the admin password.
00:22:35 - But, on the Linux side, it's
part of the authentication.
00:22:39 - When you get the PEM
file, you didn't really
00:22:42 - get a private key.
00:22:44 - You did, but it's like
the meat-- you took off
00:22:47 - all the packaging-- there's
the meat of the private key.
00:22:51 - I'll chew on it right there.
00:22:53 - But with Linux you
actually have to take that
00:22:56 - and generate it into a
full-blown private key.
00:22:59 - And to do most--
you can go on Google
00:23:02 - and find a million step
by steps to do this.
00:23:04 - I just grabbed one for OS X,
if you're using a Macintosh.
00:23:08 - First thing that you want to
do is get your EC2 command line
00:23:11 - tools.
00:23:12 - It's a little
package of tools that
00:23:13 - will compress files, tools
that you can download.
00:23:16 - Unzip those.
00:23:17 - And you use this command
right here-- ec2-add-keypair--
00:23:21 - and then you say, pstam.
00:23:23 - This is just a name.
00:23:24 - Whatever you want to name the
key pair, you put in there.
00:23:27 - So they have a great
output right here, showing,
00:23:30 - I type that in.
00:23:30 - It says, OK, key
pair such and such.
00:23:33 - And that's where,
right here, you
00:23:34 - paste that private
key, the meat I just
00:23:37 - showed you, into that,
which ends the private key.
00:23:40 - And now that generates
a key that you're
00:23:44 - able to use to get into
your Linux instance.
00:23:47 - So let me scroll
down a little bit.
00:23:49 - This is, again, using
OS X. They go in,
00:23:50 - and just it shows using some
more of the EC2 command line
00:23:55 - tools to list the
images that you have
00:23:57 - and see what images are in your
account from the command line.
00:24:00 - So, we haven't even gotten
into the command line tool.
00:24:02 - We're doing everything through
the AWS Management console
00:24:04 - right now.
00:24:05 - We'll get there.
00:24:06 - But this is just a sneak
peek of what's to come.
00:24:08 - So they do some other things.
00:24:09 - But, by the time
it's said and done,
00:24:10 - this is where the glory happens.
00:24:12 - It says, I'm now going
to SSH, into my instance.
00:24:16 - I'm identifying the
key pair of RSA--
00:24:20 - this is the key pair
that we generated
00:24:22 - way up here with this
pstam-keypair-- so I'm saying,
00:24:26 - use that key pair to access
the root account of blah,
00:24:29 - blah, blah.
00:24:30 - And that's the actual name
that Amazon would give you
00:24:32 - when you generated your
instance, to access it.
00:24:35 - And that's where
you can now get in.
00:24:36 - You're now accessing
your virtual machine,
00:24:39 - using SSH from a Linux prompt.
00:24:43 - And you can get in
and-- if you want to,
00:24:45 - you can go into the SSH
area and add user accounts,
00:24:48 - so you don't have to use
that key pair every time.
00:24:51 - And maybe just use that
for initial access,
00:24:53 - like we do with Windows.
00:24:55 - So, now let me answer
this last question.
00:24:57 - What if I lose my key?
00:25:02 - Well, let's talk through that.
00:25:04 - If you lose your key-- first
off, on a Windows side,
00:25:08 - let's say, you
generate the instance.
00:25:10 - You never change
the admin password.
00:25:12 - You forget the admin
password-- and I'm
00:25:15 - coming up with a hair
brained scenario here--
00:25:17 - you just always use that PEM
key figure out what the password
00:25:20 - and paste it in to
access it via RDP.
00:25:23 - You lose the PEM file, so
you can't get your password.
00:25:25 - Now, first and foremost,
Amazon cannot get it for you.
00:25:30 - They do not keep
the private key.
00:25:31 - They send it to you
and they say, that is
00:25:33 - your responsibility.
00:25:34 - Hang onto that.
00:25:36 - So if you-- I'll say it in both.
00:25:38 - Windows and Linux.
00:25:39 - If you don't have
the admin password.
00:25:40 - And you haven't changed
it from the original.
00:25:42 - And same thing with Linux, if
you just lose that PEM file,
00:25:45 - that's the key to generating
your private key to access it.
00:25:48 - You're locked out of the system.
00:25:53 - The short answer is, go in
and terminate your instance.
00:25:56 - And you'll create a new one.
00:25:57 - But maybe you're at the
point where you've gone in,
00:26:00 - you've got-- let me bring
my AWS Management console
00:26:03 - back up here-- you've gone in.
00:26:06 - You've got some actual
data in SDCORE-TS01.
00:26:10 - And you're, like, Ah.
00:26:11 - I can't lose that.
00:26:12 - I don't just want to
terminate the instance.
00:26:14 - Well, the good news is this.
00:26:16 - I mean, it's either an ephemeral
or it's an EBS storage.
00:26:19 - Most of the time,
people run it from EBS.
00:26:21 - You can see right
here, the root device.
00:26:23 - It's running off of EBS.
00:26:25 - So the hard disk, the
contents are still there.
00:26:28 - What I would suggest is this.
00:26:31 - Right click on this guy
and create an AMI image.
00:26:35 - And by the way, this is great
time to talk about this.
00:26:38 - If you haven't created your
own AMI, this is how you do it.
00:26:41 - I can say, the image name is,
let's just say, SACORE-TS01.
00:26:46 - Backup.
00:26:48 - I can't get in there.
00:26:49 - And you could put a description.
00:26:51 - No Reboot.
00:26:52 - Select that.
00:26:52 - Hit Yes Create.
00:26:53 - And what it's doing
is, it's now creating
00:26:55 - an AMI behind the scenes.
00:26:57 - Now, remember, when we go in
and create a new instance,
00:27:01 - I can click on the
instances and choose--
00:27:04 - let me see if I can launch a
new instance with this going.
00:27:10 - See if it shows it there.
00:27:12 - Ah, no it doesn't.
00:27:13 - We've got to wait
for it to finish--
00:27:15 - so it's creating
an AMI instance.
00:27:17 - So you see where
I'm going with this?
00:27:18 - You're going to want to go
and there and now generate
00:27:21 - a new instance from
your frozen in time AMI.
00:27:25 - At that point, you'll be able
to use a new private key,
00:27:27 - generate a new private key,
and get into that system.
00:27:30 - Now, a lot of times when you
do this, to some services
00:27:33 - won't be started.
00:27:34 - You'll have to manually go in
there and start the services.
00:27:36 - Some of your disks
may not be mounted.
00:27:38 - You may get in there and go,
oh, I only see the C drive.
00:27:41 - Did it lose everything?
00:27:42 - Go into the Disk
Manager in Windows
00:27:45 - or use some mount
points in Linux
00:27:49 - to mount the disks back in.
00:27:51 - And all of your data
should still be there.
00:27:54 - I shouldn't say
should, it will still--
00:27:56 - it's not like Amazon just loses
data-- it will still be there.
00:27:58 - You just have to mount it
all back up and get into.
00:28:01 - So, all is not lost
if you lose your key.
00:28:03 - But it does definitely
cause a hassle.
00:28:06 - Well, that's enough fun for now.
00:28:08 - I want to put a
dividing line there,
00:28:09 - so I really have the time to
expound on security groups.
00:28:12 - There's a lot to think about
when you're setting them up.
00:28:15 - So we talked about,
in this Nugget, tags.
00:28:17 - And, actually, there's something
I totally forgot to show you.
00:28:20 - But I was going through
defining the tags,
00:28:22 - and you're probably, like, OK.
00:28:23 - Well, that's great to see them.
00:28:25 - But where do you
actually use them?
00:28:28 - Where can you find them?
00:28:30 - Well, you remember for this
SDCORE-TS01 virtual machine
00:28:34 - right here, or
instance, I actually
00:28:37 - defined the tag of, I think,
the Creation Date and things
00:28:40 - like that.
00:28:41 - You can go up here to
the Show/Hide button.
00:28:43 - And that allows you to add
your own tags to this list.
00:28:48 - Let's add them all in there.
00:28:49 - I click on All of them.
00:28:51 - And now I can see, if
I expand this out--
00:28:54 - now I'm obviously running
a little out of room here--
00:28:58 - but now I can see all
of the custom tags
00:29:00 - that I've put in there.
00:29:02 - And I have seen, sometimes
when you put this,
00:29:04 - it shows all empty until you
click the Refresh button.
00:29:07 - So if you do this yourself
and nothing shows up.
00:29:09 - Click refresh.
00:29:10 - And it will show up for you.
00:29:12 - But that's your nice
way of doing it.
00:29:14 - And now you can filter on them.
00:29:15 - You can search for them.
00:29:17 - They're part of your
image list here.
00:29:20 - So that's a really
00:29:21 - So we talked about tags and
adding those to your instances
00:29:24 - that are running.
00:29:25 - We also talked about EC2 key
pairs and all of their glory,
00:29:29 - to talk about what
the key pairs are.
00:29:31 - We even talked about public
key/private key cryptography
00:29:34 - and the mindset behind it.
00:29:36 - And then how we applied
it to Windows instances,
00:29:38 - to Linux instances, what
happens if you forget your key,
00:29:42 - all those kind of
things we went through.
00:29:43 - So, in the next Nugget, we will
talk about security groups.
00:29:47 - But, for now, I hope this
has been informative for you.
00:29:49 - And I'd like to thank
you for viewing.