AWS Academy Lab - Working with EBS (Elastic Block Store)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome back this is barrett from cypress college and in this lab today we're going to cover the aws academy working with ebs or elastic block store so this is a pretty straightforward lab we're just going to look at creating volumes we're going to then look at attaching and mounting those volumes to an ec2 instance and we'll also see how we can create snapshots do those very simple point in time backups of our volumes and then how to essentially restore um a snapshot volume back to an ec2 instance so in in the case of this lab we let's say we accidentally delete something and then we need to restore from a previous snapshot so that's this lab in a nutshell um and really ebs the the easiest way to think of it is just a hard drive or storage for your ec2 instances and the cool thing about these is they can be mounted to across different ec2 instances not necessarily at the same time mind you that's something we'll look at more when we look at efs or elastic file system but with ebs you know you could have a storage volume and then if in the future you need to attach that to other ec2 instances it makes it very easy to do that um and also you know looking at snapshots you could easily create a snapshot of a current volume and then attach that snapshot to a second ec2 instance for whatever your um requirements might be so but um so let's just go ahead and hop right into the lab um i already have it started up here so you can see i have my management console if you're following along you will likely have the very detailed walkthrough as usual so i'm going to move this over to my left side here so you don't so i don't have to be switching back and forth and something i wanted to mention too the really cool thing about this lab it kind of has a little bit of linux system administration built into it because you get to kind of mess around with mounting these drives mounting these volumes i should say to the ec2 instance and we're also going to look at using putty since i'm currently running on a windows machine if you are on a mac or linux machine while working on this the lab documentation also details how to ssh into the ec2 instance through your terminal but in this lab video we're going to use putty from a windows machine which i think a large majority of um people may also be using so let's go ahead and get started by creating our first ebs volume so to do that we want to actually move into the ec2 service so i'm just going to go search for ec2 and you can see we have a lab instance here which is what we're going to be working with and attaching volumes to now on the left hand side here under elastic block store you see we have volumes and one one thing i do want to mention just make sure that throughout this lab um it will default to usc 1 north virginia just make sure that you do remain in this region for the lab so that everything is you know created in the same region okay so you see we currently have two different volumes they don't have a name which isn't necessarily best practice i would definitely give them more descriptive names but if you scroll over here and see attachment information we can see which one is attached to that lab instance so it's this one up at the top here and you can see when you when you select it you get information about the volume down below here but we're going to go ahead and create a new volume so we'll just click the create volume button up here let's just keep it simple we'll do a one gigabyte volume very important make sure that you keep within the us east dash 1a availability zone but do note that you'd have six different options if you wanted to you know have an ebs volume in multiple availability zones for potential high availability now i will say that security best practice we should encrypt this volume um ebs should always be encrypted but we will leave this unencrypted for this lab just to keep it keep it simple and make sure we don't run into any dependencies that maybe this free lab does not provide but equally important is tagging so this one here we'll just say the name of this is my volume it's always best practice to tag your resources accordingly so that not only you but other people who you may be working with understand very quickly what um what this volume is is potentially used for okay so we'll go ahead and create that volume and you can see it was pretty much as simple as that and pretty straightforward we now have this volume available so now we want to go ahead and attach this to that lab instance that ec2 instance that we saw so here you see we've we've named it my volume i'm going to select it and just go to actions attach volume and here we will select the lab instance very important you select the right one here and you notice that it automatically gives it a device name so this is kind of where we kind of touch on linux system administration and you don't need to know full in-depth um how to use linux to get through this lab just just know that linux essentially treats everything as a file so even a mounted drive gets placed in the slash dev which is short for devices it gets placed in the slash dev folder and then this will be the drive folder sdf so we'll just go ahead and click attach and you notice the change happened over here it's currently in a attaching phase which generally this stuff yeah there you go it's already attached so they it happens pretty quickly you can get to see other things like volume status make sure it's healthy and if we were to have encrypted it it would give the encryption information over here all right so now the next step is to connect to our ec2 instance so for some of you this may be the first time you're actually remotely connecting to an ec2 instance through ssh or remotely connecting to anything in general so for that the lab does have a download link and let me grab it here so this link right here that's from the lab um it is safe to download um so this putty.exe i know normally sometimes you might think like i shouldn't download an executable like this but just make sure that it comes directly from the aws academy lab you'll be fine you could also google search for putty it's a very widely used remote terminal application for windows specifically and you could even go to putty.org and you could download it right here and i would say yeah if you're on 64-bit windows it would be this one right here up at the top so a couple of different ways you can get this it's a very lightweight application not very large at all and i'll go ahead and start it up so you can see what it looks like and this is putty okay so let me close out of here so essentially what we want to do here and one thing that the lab does recommend once you launch putty to come to connection and change this seconds between keep alives to 30. this will just help keep the um the session open longer than normal in case you're like kind of going back and forth between the lab and then if we come back to session here this is where we need to enter in the public ip address of our ec2 or our lab ec2 instance so how do we get that so we have to come back to our management console we'll search for ec2 and so this is the instance right here so a couple different ways you can get it straight away from right here or down below as long as you've selected it here you have a icon here that you can actually click and you can you can see that it actually copies it to your clipboard for you so that way i can come back to putty copy and paste that in now we're almost there but the next thing we need is um a private key so currently when you do this remote ssh connection it takes place through asymmetric encryption meaning there is a public key and a private key so the public key sits on the ec2 instance and then we as the administrator must also have a private key that corresponds with that public key so i'm actually going to drag over the lab documentation and this is essentially where this is the console for your running lab right so you can download the private key specifically for this lab only if you click on details go to and it's going to pop up a window here so there's a lot of information here but honestly the only thing we need is the ssh key and if you're running on windows and using putty all you have to download is the ppk now if you're on linux or mac you would download the pem so i'm on i'm running on windows i'm going to download the ppk for my putty instance let me go ahead and save that all right let me go ahead and load in you basically just have to browse or actually i'm sorry let me show you here first you will go down to ssh go ahead and click that plus sign and then you'll see this auth section so short for authorize right and now here you can see private key for authentication or i'm sorry i said authorize i meant authentication so now let me go ahead and find where i save that to okay there we go so it looks like i had a couple other different lab labs user.ppk in my folder so to fix that number three but you likely will just say labs user dot ppk so don't worry that it's slightly different but as long as you loaded in that ppk file that you downloaded from the um lab details then you'll be good to go so once again just to review putty configuration it's pretty straightforward once you get the hang of it we are connecting to the lab instance you see behind here at its public ip address which is 44.195.128.240. we're connecting on port 22 which is ssh secure shell and then finally we had to load under connection ssh authentication we had to load that private key that dot ppk file that we downloaded now when we press open let me drag this over you're going to get this warning the server's host key is not cached in the registry so you just want to say yes to this and then you are greeted with a terminal screen and it says log in as so on most of the um aws amazon 2 linux amis the user the default i guess you can call it the default root user is ec2 dash user so that's what you're going to want to log in as and now you can see that we have successfully logged in and it is displaying our private ip address now which actually you can confirm behind here is in fact the private ip address of that machine all right now this is the part of the lab where we're gonna kind of get into the linux sysadmin kind of kind of mode here um and there's a really handy website that i want to share with you it's called explain shell.com and hopefully we could use this um and you could also use this in the future if you're working on labs and they use linux commands and you don't quite understand yet or don't understand the full context of what's what's going on with those commands but i'll do my best to explain here as as we move along and recall that the aws academy lab walkthrough pretty much lays out which commands you need to run but this video it's all about adding context so i want to make sure that you understand what these commands are actually doing so first thing we could do is run a command called df h so df is short for disk free and this is basically just showing us what available storage we have currently so you can see there's some temp temp drives but specifically here's that eight gigabytes instance i'm sorry not instance volume that was originally attached to the instance but we don't see that new one gigabyte volume that we created and technically we attached it right but we haven't mounted it yet so we don't see that displayed here yet and just to give you an example if we came to explainshell.com typed in df-h i know it's a it's a fairly simple command but you could see it'll tell you okay the command df report file system disk space usage and then dash h well this gives it in human readable form print sizes and human readable format so that is largely related to it gives you slightly better more approximate sizes so for example if we just did df you could see that it doesn't tell you if it's 4 or 4k or if it's 1.5 gig and you kind of have to do a little bit more thinking on that so human readable is often preferred for for quicker analysis right okay so moving on um first thing we need to do is and i'm going to go ahead and clear the screen by typing clear first thing we need to do is create an ext3 file system on the new volume so we could do that by typing sudo mkfs and kind of think of that short for make file system and then dash t we're telling it a type and that's going to be ext3 and this is for remember when we created that volume in aws we were given the slash dev slash sdf for the the volume and essentially sudo is in fact you know what let's use this as an example let's come to explain shell so you can see how you could potentially use this in fact i had searched for this earlier you can see how you could use this in the future so sudo is a very common command execute a command as another user so this is usually used to elevate to root privileges especially needed when you're doing like system administration type tasks like mounting new hard drives changing configuration files things like that because if likely if i hadn't added sudo it would maybe give me a permission denied and then this ec2 user is essentially in what's called a pseudoers file meaning that it is allowed to do to make sudo commands and run as administrator from time to time when needed all right so moving on now like i was mentioning earlier linux with linux everything is a file even hard drives that you're mounting they are located on the file system and so because of that we need to first make a directory so the command for that will be mkdir sure for make directory and we want to make a forward slash mnt forward slash datastore okay so that's going to be the location that we mount the drive to and we'll go ahead and do that next with sudo mounts which volume arrow mounting we're mounting forward slash dev forward slash sdf and we're going to mount that to that newly created directory whoops okay and now one final step it's technically mounted now but if we were to reboot this instance it would not be mounted any longer so we need to add something to a configuration file so that it will go ahead and mount this volume whenever the instance is restarted so to do this we're going to say echo so we're basically echoing out this entire command which is going to get placed into a configuration file so i'll explain this a little bit more once once i'm done typing it out okay so and this is another one where we can actually utilize explain shell in fact i have it in my previous searches here so echo essentially is just saying whatever i type next just just echo this out to the terminal um so this entire this is this is essentially a line it's it's considered a string basically it's actually not technically a command even though it kind of looks like it but what we're doing is we're sending this entire string and when you see the pipe command here actually let me go ahead and search here so the pipe a pipeline is a sequence of one or more commands separated by one of the control operators long story short i don't want to go into the details your the pipe is saying whatever this string is send it to what comes next so it's sending it to this command which is t and t is a way to basically write to a file so it's taking this string it's going to write it to the fstab file that's in the etsy folder in this dash a if you look down here that is telling it i want to append this string so i don't want to overwrite what's in there i want to add to whatever is currently in that file so this is a good example of a way of just adding a something you want to be a recurring thing such as mounting this volume at startup into an existing configuration file okay so that's essentially what we're doing here so now we're almost there and in fact we can verify that that file was updated by running cat which is short for concatenate and this is basically just going to print the contents of this configuration file out onto the terminal and you can see here that this was the previous line in that file and then this is that string that we added into the file just now and now if we i'm going to clear the screen if we do df-h we could see that that new volume has now been mounted right here it's showing a little bit under the underneath the gigabytes um but um yeah that is our newly created volume right there so we're on our way and now one more thing that we're gonna do that's gonna become useful when we start working with snapshots and restoring we're just going to create a very simple text file on this drive so to do that we're to run this command here let me go ahead and get this typed out so this is basically saying i want to run a shell command which is echoing this text into this file so that's basically all we're doing we're just sending literally the line some text has been written this this caret command is is redirecting so it's redirecting this output into this folder and then into file.txt so it's actually creating new files as well because it currently doesn't exist so when we press enter there we could use that cat command again to verify that it was created and this should print it out onto the terminal yep there we go some text has been written cool so now we currently have a new text file that we created sitting on that new volume that we just mounted attached and mounted so now let's move into the next part of lab which is i'm creating a snapshot of this volume so you want to make sure let's i'm just going to navigate back to the front this is the main aws management console just make sure that you go travel back to ec2 and then down here we'll click on volumes okay so we want to take a snapshot of my volume the one gigabyte volume that we just created if we come to actions create snapshot we can leave the description blank once again this should have been encrypted it is best practice just just so you know but just for lab simplicity we are leaving that unencrypted but we will add a tag so we'll call this name my snapshot and create snapshot go and close and now it won't show up here so down on the left hand side menu you see a separate snapshot section and wow that was that was pretty quick so yeah so the snapshot is uh was almost instantaneous i've seen these sometimes take a couple minutes so just in case if yours is taking a couple minutes don't worry it will likely complete you could always refresh in this top right corner up here okay so now let's we're still in our ssh session right so i should have reminded you make sure you don't close out a putty at all during this because we're going to be jumping back and forth but now let's go ahead and remove that file.txd that we just created so we can do that with the command sudo rm short for remove and we're just going to give the location of that file okay and now we could use the ls command which is will list the contents of a directory so we could say ls mnt datastore you can see that we no longer have file.txt located there so our file has been deleted from that new volume that we that we attached so the next step will be to restore that and we could do that from the snapshot section so we'll just have my snapshot selected we come up to actions that's gonna we're gonna create a volume from that snapshot make sure to keep it in the same u.s east 1a we will not encrypt this volume although this is um really useful if you ever have an unencrypted ebs that you want to encrypt for best security practices moving forward it's a bit of an annoyance and a bit of a you know operational issue um because you have to create a snapshot of the original unencrypted one and then create a new volume from that snapshot and in this process this is when you can encrypt it so just the security pro tip um like i said definitely best practice definitely something you'll run into from time to time an unencrypted ebs volume and that is essentially um this this process that we're kind of walking through right now is how you would fix that you would just once again create a snapshot of the unencrypted volume create a new volume from that snapshot and then encrypt it in that process and then you would reattach it to the ec2 instance which we're about to do in the next part so anyways i'm getting off track but wanted to share that that security best practice okay so we'll give it a name restored volume and we'll create the volume and go ahead and close cool so we still have that one snapshot now what do you think is going to happen when we go back to volumes we now have another volume here and this is the restored volume that we just restored from that snapshot and we can see that it's available so we're kind of at kind of in the same place we were before we have this available ebs volume well what do we want to do with it we want to attach that to the ec2 instance because we really want to get back that file.txt that we accidentally deleted all right so um we'll just go ahead and click restored volume actions attach volume let's go ahead and select the lab instance again and you notice that it gives it sdg it basically just keeps increments incrementing alphabetically before we had sdf and then you also do notice down here newer linux kernels may rename your devices and we did actually see this where it renamed the sdf to x vdf so that's just something that the newer linux kernels do but here we'll just go ahead and attach this and now we basically want to repeat the steps that we did before so we have this available um there we've attached the volume but now we need to remember create a new directory um for that volume and then we need to mount it so we'll do that by running sudo mkdir we're making a new directory in the mount mnt folder and we'll call this datastore2 and then let's go ahead and mount that to that new folder and now let's go ahead and list out the contents of that mnt folder and you can see we have the original datastore folder which is for um sdf and then this one here that we just created for sdg and if we go into let's let's actually change directory we're in a cd mnt data store 2 and if i do ls you can see we have file.txt in there so this was this is that volume that we restored from a snapshot and we could also cat file.txt and we have that text that we wrote out there cool so that's the lab um hopefully the the linux assist admin aspect of this didn't trip you up too much hopefully if you're new to linux you learn a little bit about um file system you know administration as well i know it's definitely very different than than working on windows but yeah this is this is a very common um workplace scenario even if it's not in terms of mounting volumes but even just as simple as remoting into an ec2 instance if you're going to be working in the cloud it's going to be almost like a day-to-day occurrence or something that you very commonly will do so that's very um good experience to have to get familiar with you know managing those private keys and uh and and remotely connecting in so great hope you enjoyed the lab and i will see in the next one
Info
Channel: Cypress College Cyber Club C4
Views: 130
Rating: 5 out of 5
Keywords: aws lab, aws academy, aws cloud lab, ebs lab, ssh to ec2, elastic block store, cypress college, c4cyberclub
Id: uQsW4CXnVhw
Channel Id: undefined
Length: 32min 38sec (1958 seconds)
Published: Sun Sep 26 2021
Related Videos
AWS Web Application Firewall | Control Web Traffic using Web Application Firewall | K21 Academy
K21Academy
1.7K
Ethical Hacking v2 NETLAB+ 14 - Understanding SQL Commands and Injections
Cypress College Cyber Club C4
139
Ethical Hacking NETLAB+ 10 - Web Pentesting w/ Nikto and Burp Suite
Cypress College Cyber Club C4
477
CySA+ NETLAB+ 8 - Extracting Data from a Compromised Machine w/ msfvenom, Metasploit, and a RAT
Cypress College Cyber Club C4
160
CySA+ NETLAB+ 04 - Host Hardening
Cypress College Cyber Club C4
164
AWS Academy : Lab 3 Introduction to Amazon EC2
Wahyu Surya
380
CySA+ NETLAB+ 11 - Log Analysis with Bash Scripting
Cypress College Cyber Club C4
127
AWS Tutorial - Launch a RDS MySQL instance and connect to it using Linux EC2
NamrataHShah
70K
AWS Academy Cloud Foundations: Lab 5 - Build a Database Server
Rayhan Haqi
685
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.