├── 20 MUST KNOW things about Amazon EC2.pdf
├── labs
    ├── readme.md
    ├── lab06-ec2-with-instance-store-root-volume.MD
    ├── lab02-create-windows-ec2-and-rdp.MD
    ├── lab10-wordpress-and-small-features.MD
    ├── lab05-ec2-command-line-interface.MD
    ├── lab01-create-a-basic-linux-ec2.MD
    ├── lab07-ec2-userdata-ssh-with-password.MD
    ├── lab09-instance-logs-using-cloudwatch.MD
    ├── lab03-configure-web-server-and-create-golden-image.MD
    ├── lab08-cloudwatch-agent-and-memory-metric.MD
    └── lab04-ec2-permissions-with-iam-role.MD
└── README.md


/20 MUST KNOW things about Amazon EC2.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Cloud-Yeti/aws-ec2-course/HEAD/20 MUST KNOW things about Amazon EC2.pdf


--------------------------------------------------------------------------------
/labs/readme.md:
--------------------------------------------------------------------------------
1 | # AWS Labs 
2 | 
3 | If you have any questions please ask them [here](https://github.com/Cloud-Yeti/aws-ec2-course/issues/new) by opening an issue. 
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # AWS EC2 MUST KNOW 20 Facts and 10 MUST DO Labs
 2 | This is the repo for our course on Udemy. [Click here](https://www.udemy.com/cloudyeti-ec2) to buy the course. 
 3 | 
 4 | 
 5 | ## Course Slides
 6 | [Click here](https://github.com/Cloud-Yeti/aws-ec2-course/blob/master/20%20MUST%20KNOW%20things%20about%20Amazon%20EC2.pdf)
 7 | 
 8 | ## Questions
 9 | If you have any questions please ask them [here](https://github.com/Cloud-Yeti/aws-ec2-course/issues/new) by opening an issue. 
10 | 
11 | ## Contact Us
12 | contact@cloudyeti.io
13 | 


--------------------------------------------------------------------------------
/labs/lab06-ec2-with-instance-store-root-volume.MD:
--------------------------------------------------------------------------------
 1 | ## EC2 with instance store
 2 | 
 3 | To choose an instance store-backed AMI using the console
 4 | 
 5 | - Open the Amazon EC2 console.
 6 | 
 7 | - Click Launch Instance
 8 | - Choose **Community AMIs** from the left Navigation box. 
 9 | - From the filter lists under the Root device type option , select Instance store.
10 | ![image](https://user-images.githubusercontent.com/22568316/51089787-1c806380-1741-11e9-85ee-786b0d0e8c3e.png)
11 | 
12 | - Select the Top AMI( or any Amazon Linux AMI)
13 | 
14 | - You cannot select any kind of instance type as not all instance types ( eg t2.micro) support Instance store as root device type. Let's select m1.small as our instance type. 
15 | - After this, launch the instance as usual.
16 | 
17 | 
18 | 
19 | 
20 | 


--------------------------------------------------------------------------------
/labs/lab02-create-windows-ec2-and-rdp.MD:
--------------------------------------------------------------------------------
 1 | ## Lab02 create a windows ec2 and login with rdp
 2 | 
 3 | - Login to AWS console 
 4 | - From the top Navigation Bar/menu Click Services 
 5 | - Select ec2 service
 6 | - Click on Launch Instance
 7 | - Choose Windows 2016 AMI 
 8 | - Choose EC2 Instance Type of t2.micro
 9 | - Configure Instance
10 |   - There are many parameters  we can configure  but for this lab, we will leave them default. 
11 | - Click "Next:Add Storage" leave it default
12 | - Click "Next: Add Tags" and Tag Instance
13 | - Configure Security Group
14 | - Click Review and Launch Instance
15 | - Create a Key Pair, download it  , check the I Acknowledge box and Launch Instance.
16 | 
17 | Your instance will now launch. 
18 | 
19 | - Click Connect
20 | - Decrypt Password by supplying the key pair
21 | - Use Microsoft Remote desktop to login. If you download RDP file from the EC2 instance, it's going to be easier to Connect
22 | ![image](https://user-images.githubusercontent.com/22568316/52907912-3843c180-3239-11e9-8b4a-8b36857b2f48.png)
23 | - Congratultions EC2 Windows instance should ask you username and password which you can type and login to the instance. 
24 | 
25 | 
26 | 
27 | ## Cleanup
28 | Terminate the EC2 instance after the lab
29 | 
30 | 


--------------------------------------------------------------------------------
/labs/lab10-wordpress-and-small-features.MD:
--------------------------------------------------------------------------------
 1 | ## Lab 10: Setting Up WordPress on Amazon EC2 and using small EC2 features
 2 | 
 3 | 
 4 | - From the Amazon EC2 dashboard, choose Launch Instance.
 5 | 
 6 | - On the Choose an Amazon Machine Image (AMI) page, choose the AWS Marketplace category on the left.  Using the search functionality, search for 'WordPress Certified by Bitnami and Automattic' Choose Select to choose your product.
 7 | 
 8 | - On the dialog box that shows the pricing , click continue
 9 | - Select t2 micro as instance type 
10 | - Select all the default setting
11 | - Launch Instance
12 | - You will be directed to a page titled Launch Status
13 | - Click on View Usage Instructions
14 | - You can  access your instance via SSH using the username 'bitnami' and your Amazon private key. 
15 | 
16 | 
17 | >Once the instance is running, enter the public DNS provided by Amazon into your browser. You will then see the WordPress application. You can go to '/wp-admin/' from your browser to access the application administration panel. The default server administrator is 'user'. Please check our documentation at https://docs.bitnami.com/aws/faq/#how-to-find-application-credentials to learn how to get your password.
18 | 
19 | - Write a sample blog
20 | 
21 | 
22 | ---
23 | - Enable Termination Protection
24 | - Snapshot of your volume 
25 | 
26 | 
27 | 


--------------------------------------------------------------------------------
/labs/lab05-ec2-command-line-interface.MD:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | ## Lab 05 : AWS EC2 Command Line Interface commands 
 4 | 
 5 | **Use Amazon Linux  AMI* to launch an EC2 instance with port 22 open
 6 | **Make a note of AMI ID in your region**
 7 | Make
 8 | 
 9 | 1) Create an EC2 instance with the CLI:
10 | ```console
11 | aws ec2 run-instances --image-id ami-8c1be5f6 --instance-type t2.micro 
12 | ```
13 | 
14 | 2) Let's launch another instance with Windows AMI
15 | 
16 | ```console
17 | aws ec2 run-instances --image-id ami-07a29e78aeb420471 --instance-type t2.micro 
18 | ```
19 | 
20 | 
21 | 3) List all the instance and their details. 
22 | ```console
23 | aws ec2 describe-instances
24 | ```
25 | 
26 | 4) Describe and query specific things( List specific attributes). Let's query IP of all the instances.
27 | 
28 | ```console
29 |  aws ec2 describe-instances --query 'Reservations[].Instances[].PublicIpAddress'
30 | 
31 | 
32 | ```
33 | 
34 | 5) Describe and filter to show only windows Instance
35 | 
36 | ```console
37 | aws ec2 describe-instances --query 'Reservations[].Instances[].PublicIpAddress' --filters "Name=platform,Values=windows"
38 | 
39 | ```
40 | 
41 | 6) Stop EC2
42 | 
43 | 
44 | ```console
45 | aws ec2 stop-instances --instance-ids i-0b20d7680fa0e6ba0
46 | ```
47 | 
48 | 
49 | 7) Terminate EC2
50 | 
51 | ```console
52 | aws ec2 terminate-instances --instance-ids i-0b20d7680fa0e6ba0
53 | ```
54 | 
55 | 
56 | Congratulations! You now know the basic AWS EC2 CLI Commands. 
57 | 
58 | 
59 | 
60 | ## Reference
61 | https://docs.aws.amazon.com/cli/latest/userguide/cli-services-ec2.html
62 | 


--------------------------------------------------------------------------------
/labs/lab01-create-a-basic-linux-ec2.MD:
--------------------------------------------------------------------------------
 1 | ## Lab01 Configure and Launch a simple Linux EC2 instance
 2 | 
 3 | - Login to AWS console 
 4 | - From the top Navigation Bar/menu Click Services 
 5 | - Select ec2 service
 6 | - Click on Launch Instance
 7 | - Choose Amazon Linux AMI
 8 | - Choose EC2 Instance Type of t2.micro
 9 | - Configure Instance Details
10 |   - There are many parameters  we can configure  but for this lab, we will leave them default. 
11 | - Click "Next:Add Storage , we leave it default
12 | - Click "Next: Add Tags" and Tag Instance
13 | - Configure Security Group, either create a new security group or select an existing one
14 | - Click Review and Launch Instance
15 | - Create a Key Pair, download it  , check the I Acknowledge box and Launch Instance.
16 | 
17 | Your instance will now launch. 
18 | 
19 | - Click on View Instance or go back to EC2 dashboard and select the Instance. 
20 | - Click Connect
21 | - Copy the connection string.
22 | 
23 | 
24 | If your're on Windows, 
25 | - Download the ssh client for windows https://git-scm.com/downloads 
26 | - Then you can open the git bash terminal to use ssh tool for logging in to your EC2
27 | 
28 | 
29 | If you're on Linux/Mac ssh client is already there
30 | 
31 | - Navigate to the folder with the key pair. Most of the time it's on the downloads folder. 
32 | - If on Linux , use this command to secure your key pair
33 | ```console
34 | chmod 400 your-key-name.pem
35 | ```
36 | - Paste the connection string in the command line and type yes when prompted. 
37 | 
38 | 
39 | You should now be logged into the EC2 linux instance!
40 | 
41 | 


--------------------------------------------------------------------------------
/labs/lab07-ec2-userdata-ssh-with-password.MD:
--------------------------------------------------------------------------------
 1 | ## Lab 7 SSH With passoword instead of ssh keys
 2 | 
 3 | ## Steps
 4 | 1. From an SSH client, log in to your EC2 instance. Create one like in the lab 1 if you don't have an EC2 Instance running. 
 5 | 
 6 | 
 7 | 2. Set a password for user. The example below uses ec2-user as the user:
 8 |  ```console
 9 |     sudo passwd ec2-user
10 |     Changing password for user ec2-user.
11 |     New password:
12 |     Retype new password:
13 |     For example, a successful response looks like this:
14 |     passwd: all authentication tokens updated successfully.
15 |  ```
16 | 
17 | 
18 | 
19 | 3. Update the PasswordAuthentication parameter in the /etc/ssh/sshd_config file:
20 |   
21 |   ```console
22 |   PasswordAuthentication yes
23 |   ```
24 | 
25 | 4. **Restart the SSH service.**
26 |     For Amazon Linux, RHEL 5, and SUSE Linux, use this command:
27 |   ```console
28 |     sudo service sshd restart
29 |   ```
30 |    For Ubuntu, use this command:
31 |   ```console
32 |     sudo service ssh restart
33 |   ```
34 | 
35 | 5. Exit out of the EC2 session, and then log in to test the password authentication. 
36 | ```console
37 | ssh ec2-user@your-instance-up.address
38 | ```
39 |  You will be prompted for a password. Enter the password and you should be successfully logged in to the ec2 instace
40 |  
41 | 
42 | 
43 | ---
44 | ## Part 2: Steps to enable password authentication and set password for first login on EC2
45 | Paste this script to your EC2 userdata during launch to enable password ssh for your first login. Change user and pass by changing lines under TODO in the below script.
46 | 
47 | ```
48 | #!/bin/bash
49 | sed 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc/ssh/sshd_config
50 | systemctl restart sshd
51 | service sshd restart
52 | 
53 | #TODO: replace bob with your desired username
54 | useradd bob
55 | # TODO: replace password123 with desired password and change bob to your username chosen in useradd 
56 | echo "password123" | passwd --stdin bob
57 | ```
58 | 
59 | If you make no changes to the script , you can login to EC2 after a few minutes using this command. Passoword is password123 . Replace the IP with your EC2 IP
60 | ```
61 | ssh bob@11.22.23.24
62 | ```
63 | ## Assumptions
64 | - Amazon Linux AMI is used , may not work for all linux distros
65 | 
66 | 
67 | 
68 | 
69 | 


--------------------------------------------------------------------------------
/labs/lab09-instance-logs-using-cloudwatch.MD:
--------------------------------------------------------------------------------
 1 | ## Lab 9: Send Apache web server logs to cloudwatch
 2 | 
 3 | In the last 2 labs ( 8 and 9) we first installed cloudwatch unified agent and set up custom metrics and viewed custom metrics on the AWS Management console.
 4 | 
 5 | In this lab we will send our apache httpd logs to cloudwatch and check our logs from the AWS Managemenet Console. 
 6 | 
 7 | ## Steps 
 8 | 
 9 | 1) First let's install and start a web server to generate some web traffic logs. This commmad works for RHEL and Amazon Linux.
10 | ```console
11 | sudo yum install httpd -y
12 | sudo service httpd start
13 | 
14 | ```
15 | 2) Copy the public IP of the instance you're on and paste that in a web browser and refresh a few times. 
16 | 
17 | 3) That should generate some logs. You can verify by taking look inside the log file
18 | ```console
19 | sudo cat /var/log/httpd/access_log
20 | ```
21 | 
22 | Now we're ready to setup cloudwatch logs. 
23 | 
24 | 3) Reconfigure the cloudwatch agent with the wizard
25 | ```console
26 | sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
27 | ```
28 | Check my choices here. Most of the choices are default except for some. If you don't see the number in the image, that means I chose the default option. Sometimes I explicitly select the default option. 
29 | ![image](https://user-images.githubusercontent.com/22568316/51447423-f97b2400-1ceb-11e9-9f2e-b1b7d1f7cffb.png)
30 | ![image](https://user-images.githubusercontent.com/22568316/51447468-7d351080-1cec-11e9-8aa8-79b3ce297a00.png)
31 | ![image](https://user-images.githubusercontent.com/22568316/51447477-93db6780-1cec-11e9-8264-148d89b54450.png)
32 | ![image](https://user-images.githubusercontent.com/22568316/51447481-a655a100-1cec-11e9-8063-988821831d5d.png)
33 | ![image](https://user-images.githubusercontent.com/22568316/51447488-b5d4ea00-1cec-11e9-9ea7-ef46be24751e.png)
34 | 
35 | 
36 | 
37 | 4) We're done setting up. 
38 | 5) Let's start the cloudwatch agent 
39 | ```
40 | sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s
41 | ```
42 | 
43 | 
44 | wait a few minutes and the logs should be visible in the cloudwatch Management console.Search for **access_logs** in the Logs page on the AWS Management console.
45 | 
46 | ![image](https://user-images.githubusercontent.com/22568316/51448163-8f19b200-1cf2-11e9-9015-93bbede299e4.png)
47 | 
48 | Click on the instance-id 
49 | ![image](https://user-images.githubusercontent.com/22568316/51448197-c4be9b00-1cf2-11e9-9a03-979c338d25f6.png)
50 | 
51 | You should see logs from your web server now. 
52 | ![image](https://user-images.githubusercontent.com/22568316/51448221-f9caed80-1cf2-11e9-8412-630bb2b89f75.png)
53 | 
54 | 
55 | Congratulations!! Now you can collect any kind of logs from your Linux machines. 
56 | 
57 | 


--------------------------------------------------------------------------------
/labs/lab03-configure-web-server-and-create-golden-image.MD:
--------------------------------------------------------------------------------
 1 | ## Lab 3 : Install the Apache web server in EC2 instance and create a golden image from it
 2 | 
 3 | - Launch an Amazon Linux EC2 Instance and SSH into it like we did in Lab 1 
 4 | 
 5 | 
 6 | - Install the Apache web server
 7 | 
 8 | ```console
 9 | sudo yum -y install httpd
10 | ```
11 | - Start the HTTPD service.
12 | 
13 | ```console
14 | sudo service httpd start  
15 | ```
16 | 
17 | - Enable HTTPD server on startup
18 | ```console
19 | sudo chkconfig httpd on
20 | 
21 | ```
22 | - Go to the EC2 Dashboard and Select the instance. 
23 | - Under Instance description and Click on the Security Group's name. 
24 | - Add edit rules and add an inbound rule with port 80 and source IP of  0.0.0.0/0 
25 | 
26 | - Test the Web Server is running by pasting the the Public IP adress of the Instance in a Web browser. The Public IP is found under Instance Description tab .
27 | 
28 | - You should see the Apache Web Server Welcome Web Page
29 | 
30 | - Become the root user
31 | ```console
32 | sudo su - 
33 | ```
34 | - Create a simple custom index.html page and put it on /var/www/html . This directory is the default directory where Apache webserver will look for index.html file. 
35 | ```console
36 | echo "Hello. This page is hosted on my AWS EC2 Linux Instance.">/var/www/html/index.html
37 | ```
38 | - Change the permission of the html folder to give public access to the index.html file
39 | ```console
40 | chmod -R 755 /var/www/html
41 | ```
42 | 
43 | - Now browse the IP of the instance in a webserver again. You should see your Message 
44 | ```
45 | Hello. This page is hosted on my AWS EC2 Linux Instance.
46 | ```
47 | 
48 | 
49 | ------
50 | - Select your instance, and then choose **Actions**, **Image**, **Create Image**\.
51 | - In the **Create Image** dialog box, specify the following information, and then choose **Create Image**\.
52 |    + **Image name** – A unique name for the image\.
53 |    + **Image description** – An optional description of the Image
54 |    + **No reboot** – This option is not selected by default\. Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance\. Select **No reboot** to avoid having your instance shut down\.
55 | 
56 | -  To view the status of your AMI while it is being created, in the navigation pane, choose **AMIs**\. Initially, the status is `pending` but should change to `available` after a few minutes\.
57 | 
58 |   
59 | -  Launch an instance from your new AMI. Follow Lab 1 and in the AMI page when choosing the AMI select My AMI and select the AMI you created. 
60 | - Browse the IP address of the new instance. You should see the same message as before. 
61 | 
62 | We just created a golden image that we can now use to launch more instances. A golden image is , in simple terms an image that you have customized to with liking with data/configuration of your choice. It's saved as a personal AMI from which you can launch instances.
63 | 


--------------------------------------------------------------------------------
/labs/lab08-cloudwatch-agent-and-memory-metric.MD:
--------------------------------------------------------------------------------
 1 | ## Lab 8 : Install Cloudwatch unified agent on EC2 instance. Gather Custom Metrics using Amazon Linux AMI
 2 | 
 3 | 1)  First of all create required IAM roles for the EC2 instances to be able to send metrics to cloudwatch
 4 |   - In the list of policies while creating IAM Role for EC2 Instance, select the check box next to **CloudWatchAgentServerPolicy**. Use the search box to find the policy, if necessary.
 5 | 
 6 | 2) Launch an EC2 instance with port 80 and 22 open in the security group.
 7 | 
 8 | 3) SSH into the instance
 9 | 
10 | 4) Find the cloudwatch agent download link here:
11 | https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-first-instance.html
12 | 
13 | 5) Download the Cloudwatch Unified Agent. Find the right agent link for your OS by visiiting the above link
14 | ```console
15 | wget https://s3.amazonaws.com/amazoncloudwatch-agent/amazon_linux/amd64/latest/amazon-cloudwatch-agent.rpm
16 | ```
17 | 
18 | 
19 | 6) Install the Cloudwatch Agent
20 | ```console
21 | sudo rpm -U ./amazon-cloudwatch-agent.rpm
22 | ```
23 | 
24 | 7) Configure the Cloudwatch agent with the help of a setup wizard:
25 | 
26 | ```console
27 | sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
28 | ```
29 | 
30 | Choose all the default option except don't install statd and collectd. Selecy **YES** when asked to collect Memory Utilization metric.  Select **NO** when asked if you want to monitor log files.
31 | 
32 | 8) Start the agent
33 | 
34 | 
35 | ```console
36 | sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json -s
37 | ```
38 | 
39 | 9) You should be set! We'll explore the collected metrics now.
40 | 
41 | ## Part 2 : View the collected cloudwatch custom metrics
42 | 
43 | 
44 | 
45 | In the first part of this lab we configured the cloudwatch Unified agent. Now let's look at the metrics collected by the agent.
46 | 
47 | Remember: RAM/Memory metrics are not collected by Cloudwatch by default. Cloudwatch agent enables us to collect those metrics not collected by default.
48 | 
49 | 
50 | In the config wizard we selected to collect Metrics like Ram etc.
51 | 
52 | 
53 | ## Steps
54 | 1. Navigate to Cloudwatch Management Console
55 | ![image](https://user-images.githubusercontent.com/22568316/51443494-8e175f00-1cb7-11e9-94a5-d738cdaa5cad.png)
56 | 
57 | 2. On the left navigation pane select Metrics and you should see a window like this:
58 | ![image](https://user-images.githubusercontent.com/22568316/51443506-adae8780-1cb7-11e9-89b3-aecb59a641fc.png)
59 | 
60 | 3. Click on the CWAgent. This is the metrics sent by the Unified cloudwatch agent
61 | ![image](https://user-images.githubusercontent.com/22568316/51443506-adae8780-1cb7-11e9-89b3-aecb59a641fc.png)
62 | 
63 | 4). Click on the ImageId, InstanceId, InstanceType Box
64 | ![image](https://user-images.githubusercontent.com/22568316/51443521-ea7a7e80-1cb7-11e9-86df-0ce2b046c8e8.png)
65 | 
66 | 
67 | 5) Select/Check  the Mem Used metric and you should see something like this
68 | ![image](https://user-images.githubusercontent.com/22568316/51443528-0c740100-1cb8-11e9-9b11-b80a9df0c049.png)
69 | 
70 | 
71 | 6) Congratulations! you just collected and graphed EC2 Custom metrics using the Cloudwatch Unified Agent
72 | 
73 | 
74 | 
75 | 
76 | 
77 | 
78 | 
79 | 
80 | 
81 | ## Reference
82 | https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html
83 | 


--------------------------------------------------------------------------------
/labs/lab04-ec2-permissions-with-iam-role.MD:
--------------------------------------------------------------------------------
 1 | # Give EC2 Instance permissions with IAM Role
 2 | 
 3 | 
 4 | ## Steps
 5 | - Go to IAM Dashboard
 6 | - Click on User in the left navigation pane
 7 | - Add a user and give him programmatic access
 8 | ![image](https://user-images.githubusercontent.com/22568316/52908358-814c4380-3242-11e9-8283-bc449a588e60.png)
 9 | - Click Next and Select the Attach Existing policy directly 
10 | - Search and add **AmazonS3FullAccess**  Use the search box to search for those policies and click the checkbox
11 | ![image](https://user-images.githubusercontent.com/22568316/52908368-d25c3780-3242-11e9-86a0-d0c0f590e798.png)
12 | 
13 | - Click Next Tags and review and create a user. 
14 | ![image](https://user-images.githubusercontent.com/22568316/52908385-1fd8a480-3243-11e9-9873-fa0e903bc82d.png)
15 | 
16 | - Click show and save the access key and secret key somewhere. Or download the CSV file if you want as well. 
17 | ![image](https://user-images.githubusercontent.com/22568316/52908451-1ac82500-3244-11e9-9562-52911735583f.png)
18 | 
19 | 
20 | 
21 | - Launch an Amazon Linux EC2 Instance
22 | - SSH into it 
23 | - Let's say you want to work with Amazon S3 from this isntance. Make some buckets and list some buckets. You can use the AWS Command Line interface. Amazon Linux AMI has this installed already. 
24 | - Configure the AWS CLI
25 | ```console
26 | aws configure
27 | ```
28 | - Enter the access key and secret access keys you generated earlier 
29 | 
30 | - Enter the name of your region
31 | - Create a S3 bucket from AWS CLI with a random name. If you have proper permissions you will be able to both create and list s3 buckets.
32 | ```console
33 | aws s3 mb s3://cloudyeti-test1212342323@mnsdsdcd
34 | ```
35 | 
36 | - List your S3 buckets. 
37 | ```
38 | aws s3 ls
39 | ```
40 | 
41 | - You just used Access keys to connect to S3 from EC2. 
42 | 
43 | - View the credential file. Hardcoded credentials are insecure from a security perspective. 
44 | ```
45 | cat ~/.aws/credentials
46 | ```
47 | - Delete the file . This will remove the credentials
48 | ```
49 | rm ~/.aws/credentials
50 | ```
51 | 
52 | - Try to list the buckets now. You shouldn't be able to because we cleared the access keys. 
53 | ```console
54 | aws s3 ls --region us-east-1
55 | ```
56 | 
57 | ## PART 2 : Permissions with IAM Roles
58 | - Go to IAM Dashboard and click on Roles 
59 | ![image](https://user-images.githubusercontent.com/22568316/52908460-3fbc9800-3244-11e9-933c-0e686380cb5c.png)
60 | 
61 | - Click Create Role and Select EC2 to be the service using this role
62 | ![image](https://user-images.githubusercontent.com/22568316/52908469-5e229380-3244-11e9-8699-2be4c3df60c8.png)
63 | 
64 | - Click next Permissions and select **AmazonS3FullAccess** policy and attach to this role. Also select **AmazonEC2FullAccess** policy for this role. We will reuse this role in the next lab.
65 | - Click Next Until you see the screen to enter the Role Name.Enter the name and description for the role.  Verify you have S3 and EC2 access policies attached and create the Role. 
66 | ![image](https://user-images.githubusercontent.com/22568316/52908497-046e9900-3245-11e9-89d5-93e383ec74d0.png)
67 | 
68 | - Go to EC2 Instance Page. Select the EC2 instance , Click Actions and Attach IAM Role. Attach the role we created in the previous step. 
69 | ![image](https://user-images.githubusercontent.com/22568316/52908517-76df7900-3245-11e9-91f1-ac59869d00f8.png)
70 | 
71 | - Now go back to the EC2 instance. 
72 | - Enter command to list s3 buckets. You should be able to 
73 | ```console
74 | aws s3 ls --region us-east-1
75 | ```
76 | - (OPTIONAL) Remove the Role we added a few steps back and try the S3 list command again. It shouldn't work.
77 | 
78 | Now you see how to give access to S3 and other AWS services using access keys and Role. And you also know Roles are safer because it uses temporary Credentials. 
79 | 
80 | - Let's keep the same instance for the Next Lab
81 | 
82 | 
83 | 
84 | 
85 | 
86 | ## How Roles work
87 | Roles use temporary credentials that rotate every 30 minutes or so and are a lot safer than hardcoding keys. 
88 | 
89 | - Type this command inside your EC2 to view temporary credentials for the role attached to EC2
90 | ```console
91 | curl 169.254.169.254/latest/meta-data/iam/security-credentials/{your-role-name}
92 | ```
93 | ```
94 | 


--------------------------------------------------------------------------------