06 - CLI Demo Flashcards Preview

AWS-CDA-2019-03 - EC2 > 06 - CLI Demo > Flashcards

Flashcards in 06 - CLI Demo Deck (8)
Loading flashcards...
1
Q

Least Privilege

A

Least Privilege

  • Always give your users the minimum amount of access required
2
Q

Create Groups

A

Create Groups

  • Assign your users to groups
  • Your users will automatically inherit the permissions of the group
  • The groups permissions are assigned using policy documents
3
Q

Secret Access Key

A
  • You will see this only once
  • If you do not save it, you can delete the Key Pair (Access Key ID and Secret Access Key) and regenerate it
  • You will need to run “aws configure” again
4
Q

Do not use just one access key

A

Do not use just one access key

  • Do not create just one access key and share that with all your developers
  • If someone leaves the company on bad terms, then you will need to delete the key and create a new one causing every developer to need to update their keys
  • Instead, create one key pair per developer
5
Q

You can use the AWS CLI on your local laptop

A

Obtaining Command Line Tools on Laptop

Download / Install Python: https://www.python.org/downloads/

$ which python

$ ls -al /usr/bin/python

$ curl -O https://bootstrap.pypa.io/get-pip.py

$ python3 get-pip.py –user

$ pip –version

pip 9.0.1 from /Library/Python/2.7/site-packages/pip-9.0.1-py2.7.egg (python 2.7)

$ pip3 install awscli

$ aws –version

aws-cli/1.14.32 Python/3.6.4 Darwin/17.4.0 botocore/1.8.36

6
Q

Configure Laptop to Use Access Key ID and Secret Access Key

A

$ aws configure

User: User Access Key ID: AKIAJRZM5PW6RABWXK5A

Pass: Secret Access Key: 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

Default Region: us-east-1

7
Q

SSH to EC2 Instance

A

$ cd ‘/Users/mmarkl00/Google Drive/ssh-aws-2019’

$ ls -l

$ ssh ec2-user@3.85.20.192 -i MyEC2keyPair-2019.pem

$ sudo su -

aws configure

User: User Access Key ID: AKIAJRZM5PW6RABWXK5A

Pass: Secret Access Key: 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

Default Region: us-east-1

8
Q

Risks of Storing Credentials on EC2 Instance

A

Risks of Storing Credentials on EC2 Instance

  • If port 22 is open
    • Someone obtains your private MyEC2keyPair.pem
    • They would be able to obtain the AWS CLI credentials from the EC2 instance
    • And install command line tools on their laptop and access your account
  • Credentials are not secure, the move secure way to access is via Roles