Create an IAM instance profile that grants access to Amazon S3. Open the IAM console. Choose Roles, and then choose Create role. Select AWS Service, and then choose EC2. Crypto key generate rsa modulus 2048 not working. Note: Creating an IAM role from the console with EC2 selected as the trusted entity automatically creates an IAM instance profile with the same name as the role name. However, if the role is created using the AWS.
Access instance via SSH
We need to create a key pair via AWS Console (or CLI tool). AWS will load the public half of the key into your EC2 instances and when you try to SSH into the instance then AWS will require you to provide the private half of the key pair (you do this using the -i path/to/private.pem
flag).
Default location of web page on base AWS AMI (open it and make a change):
To create a new AMI based off any modifications we make to the currently running instance:
To generate a new AMI based on the state of the currently running instance, ssh into the instance and run:
For full details see: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-bundle-vol.html
We now need to upload the new AMI to S3, so still within the running instance execute the following command:
For full details see: http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/CLTRG-ami-upload-bundle.html
Now we need to register our new AMI (done via the AWS Console): 'Register New AMI' under EC2 > AMIsThen specify the locatation in S3: {S3_buckname}/{path_to_manifest_xml}
Now from here we can launch an instance from this new AMI.
Security can be easily overlooked when building a product, especially when working with an outsourced engineering team. You want to trust them, so you give them access to your servers. But then you discover fraudulent activity, and, well, you start to panic.
In hindsight, you realize you never should have shared your Secure Shell (SSH) key, instead storing it in a vault with restricted user access. If, however, someone has a private SSH key to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance and you’re worried about a malicious attack, you have two options to revoke their access:
Here’s a summary of how to replace the keys mentioned in option No. 2 above:
(For more, DigitalOcean has a great tutorial on setting up SSH keys.)
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub ssh [email protected] 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys
where ~/.ssh/id_rsa.pub is the new key on your machine and [email protected] is the username and IP address of your EC2 instance.vim ~/.ssh/authorized_keys
Just go to the line with the old key and remove it: dd
Note: If you tried editing the file and didn’t save it, or the connection was interrupted, an .authorized_keys.swp file will be created, and the next time you try to edit your authorized_keys, you will get a nasty message. Just delete the .swp file, and you should be good to edit.Make sure to update the key if you’re using it elsewhere, like on a continuous integration (CI) server. Otherwise you’ll be scratching your head when none of your builds are working.