Create a Custom AMI in AWS


Launch a Configuration Instance

Launch an instance from a Base AWS Linux AMI:

  • Login to the Management Console
  • Launch EC2 instance using AWS Linux AMI:
    • t2.micro
    • Public IP
    • Create a Security Group with SSH an HTTP access
    • Download a Key Pair

Install Apache and PHP

SSH to the instance and execute the following commands to install Apache and PHP:

  • sudo yum update -y
  • sudo yum install -y httpd24 php70
  • sudo service httpd start
  • sudo chkconfig httpd on

Create a PHP page with the following commands:

  • sudo usermod -a -G apache ec2-user
  • sudo chown -R ec2-user:apache /var/www
  • echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

Create a Custom AMI

In the EC2 Management Console, create an image from the config instance:

  • Select the instance in the console
  • Under the Actions menu, choose Create Image:
    • Name the Image

      Create-a-Custom-AMI-in-AWS-

      how-to-Create-a-Custom-AMI-in-AWS-

      Custom-AMI-is-available

 

  • Launch an instance from the new Image

    Custom-AMI-Available-under-instance

Want to pass AWS Certified Solutions Architect – Associate Level?  Check out https://linuxacademy.com training

AWS Certified Solutions Architect IAM Questions and Answers – Sample


1.What best describes an IAM role?

A. A role is used when configuring multi-factor authentication.
B. A role is a policy that determines an IAM user’s access to AWS resources.
C. A role is something that a user, application or service can “assume” to receive temporary security credentials that provide access to a resource.
D. A role is a policy that is applied directly to an AWS resource, such as an EC2 instance.

Correct Answer : C

2.You work for a large consulting firm that has just hired a junior consultant, named Jessica, who will be working on a large AWS project. She will be working remotely and, therefore, is not present in the office. You create a new IAM user for her named “Jessica” in your company’s AWS account. On Jessica’s first day, you ask her to make a change to a CloudWatch alarm in an Auto Scaling group. Jessica reports back that she does not have access to CloudWatch or Auto Scaling in the AWS console. What is a possible explanation for this?

A. Only IAM account admins can make changes to Auto Scaling groups.
B. Because she is working remotely, she would need to SSH into the instances in the Auto Scaling group via her terminal to make the changes
C. You have not added the appropriate IAM permissions and access policies to her IAM user.
D. When you created the new user, you forgot to assign access keys.

Correct Answer : C

3.Which of the following are managed using IAM? (Choose 2)

A. Multi-Factor Authentication
B. Bucket Policies
C. Billing Reports
D. Roles

Correct Answer: A, D

4.When requested through an STS API call, credentials are returned with what components?

A. Signed URL, Security Token, Username
B. Security Token, Access Key ID, Secret Access Key, Expiration
C. Security Token, Secret Access Key, Personal Pin Code
D. Security Token, Access Key ID, Signed URL

Correct Answer: B
5.API Access Keys are required in which scenarios below? (Choose 2)

A. Retrieving data from an ElastiCache cluster.
B. On premise servers connecting to RDS databases
C. AWS CLI
D. Windows PowerShell
E. Managing AWS resources through the AWS console

Correct Answer: C and D
6.You would like to use STS to allow end users to authenticate from third-party providers such as Facebook, Google, and Amazon. What is this type of authentication called?

A. Web Identity Federation
B. Cross-Account Access
C. Enterprise Identity Federation
D. Commercial Federation

Correct Answer: A
7.Which of the following is NOT required as part of AWS’s suggested “best practices” for new accounts?

A. Delete the root account
B. Create individual IAM users
C. Use user groups to assign permissions
D. Apply an IAM password policy

Correct Answer: A
8.You have hired an engineer, Kathy Johnson, and have created an IAM user for her in the company’s AWS account. She will be overseeing the company’s DynamoDB database, so you attached the “AmazonDynamoDBFullAccess” IAM Policy to her IAM user. Six months later, Kathy was promoted to a manager and you added her to the “Managers” IAM group. The “Managers” group does not have the “AmazonDynamoDBFullAccess” policy attached to it. What will happen to Kathy’s DynamoDB access?
A. It is not possible for an IAM group to have IAM permission policies, they need to be placed at the user level
B. Nothing, as an IAM user can have multiple IAM permission policies attached to them at the same time, either directly to the user or through an associated IAM group. The multiple policies are combined and evaluated together.
C. Only one IAM policy can be attached to a user at a time. You need to create another IAM user for her to use for her to perform her DynamoDB activities.
D. You would need to remove the DynamoDB policy from her IAM user and add it to the manager’s group policy

Correct Answer: C

 

Want to pass AWS Certified Solutions Architect – Associate Level (2018)?  Join https://linuxacademy.com

Simple Storage Service or S3 Questions and answers


1) What is the S3 feature that allows you to store and access older iterations of objects?
– Versioning

Explanation
If versioning is enabled, S3 will keep track of and store older versions of a file each time a newer version is uploaded.
2) By setting proper permissions on the object level, you can allow the public to download the object via a URL.

Correct answer
True
3) If you have an object that is easily reproducible and must be quickly accessible, what would be the best storage class to use for it?

Correct answer
One Zone-Infrequent Access

Explanation
You should only use Amazon S3 One Zone-Infrequent Access for objects that are easily reproducible due to objects being stored in one AZ. As a trade-off, it is a cheaper storage class than standard.

4) S3 is a bulk storage service where you can store any type of file.

Correct answer
True
5) An S3 bucket name can have any name and format you like.

Correct answer
False

Explanation
S3 names must be unique across all AWS accounts worldwide, and must follow specific naming rules.
6) S3 stands for Simple Storage Solutions.
True or False: FALSE
Explanation:
S3 stands for Simple Storage Service
8) What feature MUST be used to change an object’s storage class to Glacier?

Correct answer
Lifecycles

Explanation
The only way to set an objects storage class to Glacier is through object lifecycles.

Programmatic way to reboot EC2 instances


Sometimes we might have to reboot EC2 instances. If the requirement is to restart EC2 instances regularly, we can achieve it by writing a small piece of code. I also came across a similar requireme…

Source: Programmatic way to reboot EC2 instances

How to create new policy in AWS


How to create new and modify existing policies in AWS

1. Login into AWS Console and go to Identity & Access Management

Identity_Access_Management

 

2. Click on Policies

AWS-Policy

 

3. Create Policy

Create_new_policy_in_aws

4. When you click on Create Policy, following options will show up

Create Policy

A policy is a document that formally states one or more permissions. Create a policy by copying an AWS Managed Policy, using the Policy Generator, or typing your own custom policy.

Copy an AWS Managed Policy

Start with an AWS Managed Policy, then customize it to fit your needs.

Select

Policy Generator

Use the policy generator to select services and actions from a list. The policy generator uses your selections to create a policy.

Select

Create Your Own Policy

Use the policy editor to type or paste in your own policy.

aws-create-policy-screen

You can either copy AWS managed policy or Create a policy using AWS Policy Generator. The other options would be create your own policy.

Copy an AWS Managed Policy

copy_an_aws_managed_policy

Create a policy using AWS Policy Generator:

The policy generator enables you to create policies that control access to Amazon Web Services (AWS) products and resources. For more information about creating policies, see Overview of Policies in Using AWS Identity and Access Management.

aws-policy-generator

Create Your Own Policy in AWS

Customize permissions by editing the following policy document. For more information about the access policy language, see Overview of Policies in the Using IAM guide. To test the effects of this policy before applying your changes, use the IAM Policy Simulator.

creating_custom_policy_in_aws

Third Party Tools: