DOCSLIB.ORG

EC2 Image Builder User Guide EC2 Image Builder User Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EC2 Image Builder User Guide EC2 Image Builder User Guide EC2 Image Builder User Guide EC2 Image Builder User Guide EC2 Image Builder: User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. EC2 Image Builder User Guide Table of Contents What is EC2 Image Builder? ................................................................................................................. 1 Features of EC2 Image Builder ..................................................................................................... 1 Supported operating systems ...................................................................................................... 2 Supported image formats ........................................................................................................... 2 Concepts ................................................................................................................................... 2 Pricing ...................................................................................................................................... 4 Related AWS services .................................................................................................................. 5 How EC2 Image Builder works ............................................................................................................. 6 AMI elements ............................................................................................................................ 6 Default quotas ........................................................................................................................... 7 AWS Regions and Endpoints ........................................................................................................ 7 Service integrations .................................................................................................................... 7 Amazon CloudWatch Logs ................................................................................................... 7 Amazon EventBridge .......................................................................................................... 8 AWS CloudTrail .................................................................................................................. 9 Component management ............................................................................................................ 9 Image testing .................................................................................................................... 9 Semantic versioning ................................................................................................................... 9 Resources created ..................................................................................................................... 10 Distribution ............................................................................................................................. 11 Sharing Resources .................................................................................................................... 11 Compliance .............................................................................................................................. 11 Get started ...................................................................................................................................... 12 Prerequisites ............................................................................................................................ 12 EC2 Image Builder service-linked role ................................................................................. 12 Configuration requirements ............................................................................................... 12 Container repository (container image pipelines) ................................................................... 13 AWS Identity and Access Management (IAM) ........................................................................ 13 Access EC2 Image Builder .......................................................................................................... 14 Create an image pipeline (AMI) .................................................................................................. 14 Step 1: Specify pipeline details .......................................................................................... 14 Step 2: Choose recipe ....................................................................................................... 15 Step 3: Define infrastructure configuration - optional ........................................................... 16 Step 4: Define distribution settings - optional ...................................................................... 16 Step 5: Review ................................................................................................................. 16 Step 6: Clean up .............................................................................................................. 17 Create an image pipeline (Docker) .............................................................................................. 18 Step 1: Specify pipeline details .......................................................................................... 18 Step 2: Choose recipe ....................................................................................................... 19 Step 3: Define infrastructure configuration - optional ........................................................... 20 Step 4: Define distribution settings - optional ...................................................................... 21 Step 5: Review ................................................................................................................. 21 Step 6: Clean up .............................................................................................................. 21 Component manager ........................................................................................................................ 23 AWSTOE downloads ................................................................................................................. 23 Supported Regions ................................................................................................................... 24 Get started with AWSTOE ......................................................................................................... 25 Verify signature ................................................................................................................ 25 Step 1: Install AWSTOE ..................................................................................................... 29 Step 2: Set AWS credentials .............................................................................................. 29 Step 3: Develop component documents locally .................................................................... 30 Step 4: Validate AWSTOE components ................................................................................ 31 Step 5: Run AWSTOE components ...................................................................................... 31 Use component documents ....................................................................................................... 32 iii EC2 Image Builder User Guide Component document workflow ........................................................................................ 33 Component logging .......................................................................................................... 33 Input and output chaining ................................................................................................. 34 Document schema and definitions ...................................................................................... 35 Document example schemas .............................................................................................. 38 Define variables ............................................................................................................... 41 Use looping constructs ...................................................................................................... 45 Action modules ........................................................................................................................ 52 General execution ............................................................................................................. 53 File download and upload ................................................................................................. 56 File system operation ........................................................................................................ 65 System actions ................................................................................................................. 92 STIG components ..................................................................................................................... 96 Windows STIG components ............................................................................................... 97 Linux STIG components ..................................................................................................
Load more

Recommended publications
  • Security in Cloud Computing a Security Assessment of Cloud Computing Providers for an Online Receipt Storage
    Security in Cloud Computing A Security Assessment of Cloud Computing Providers for an Online Receipt Storage Mats Andreassen Kåre Marius Blakstad Master of Science in Computer Science Submission date: June 2010 Supervisor: Lillian Røstad, IDI Norwegian University of Science and Technology Department of Computer and Information Science Problem Description We will survey some current cloud computing vendors and compare them to find patterns in how their feature sets are evolving. The start-up firm dSafe intends to exploit the promises of cloud computing in order to launch their business idea with only marginal hardware and licensing costs. We must define the criteria for how dSafe's application can be sufficiently secure in the cloud as well as how dSafe can get there. Assignment given: 14. January 2010 Supervisor: Lillian Røstad, IDI Abstract Considerations with regards to security issues and demands must be addressed before migrating an application into a cloud computing environment. Different vendors, Microsoft Azure, Amazon Web Services and Google AppEngine, provide different capabilities and solutions to the individual areas of concern presented by each application. Through a case study of an online receipt storage application from the company dSafe, a basis is formed for the evaluation. The three cloud computing vendors are assessed with regards to a security assessment framework provided by the Cloud Security Alliance and the application of this on the case study. Finally, the study is concluded with a set of general recommendations and the recommendation of a cloud vendor. This is based on a number of security as- pects related to the case study’s existence in the cloud.
    [Show full text]
  • Automated Acceptance Testing on Macos – a Survey Study Focused On
    ASSIGNMENT OF BACHELOR’S THESIS Title: Automated Acceptance Testing on macOS – A survey study focused on Avast Passwords for mac Student: David Mokoš Supervisor: MSc Felix Javier Acero Salazar Study Programme: Informatics Study Branch: Web and Software Engineering Department: Department of Software Engineering Validity: Until the end of summer semester 2018/19 Instructions 1] Survey the different technologies available for writing acceptance tests on macOS. 2] Select an appropriate test stack: GUI driving technology, testing framework, etc. 3] Prepare application for acceptance testing based on the selected test stack. 4] Implement a suite of acceptance tests to cover the most relevant requirements of Avast Passwords for mac. References Will be provided by the supervisor. Ing. Michal Valenta, Ph.D. doc. RNDr. Ing. Marcel Jiřina, Ph.D. Head of Department Dean Prague November 28, 2017 Czech Technical University in Prague Faculty of Information Technology Department of Software Engineering Bachelor’s thesis Automated Acceptance Testing on macOS – A survey study focused on Avast Passwords for Mac David Mokoˇs Supervisor: MSc. Felix Javier Acero Salazar May 14, 2018 Acknowledgements First and foremost, I would like to thank my thesis supervisor, MSc. Felix Javier Acero Salazar, for his patient guidance, advice and encouragement he has provided throughout the whole time I have been working in Avast. I have been lucky to meet such a hardworking, inspirative and helpful person who cares so much about my work and who always keeps his word. His curiosity and positive mindset inspired me and helped me particularly when exploring new ideas. His careful revising contributed hugely to the creation of the thesis.
    [Show full text]
  • SQL Wildcard Operators
    SSQQLL -- WWIILLDDCCAARRDD OOPPEERRAATTOORRSS http://www.tutorialspoint.com/sql/sql-wildcards.htm Copyright © tutorialspoint.com We already have discussed SQL LIKE operator, which is used to compare a value to similar values using wildcard operators. SQL supports following two wildcard operators in conjunction with the LIKE operator: Wildcards Description The percent sign Matches one or more characters. Note that MS Access uses the asterisk ∗ wildcard character instead of the percent sign wildcard character. The underscore _ Matches one character. Note that MS Access uses a question mark ? instead of the underscore _ to match any one character. The percent sign represents zero, one, or multiple characters. The underscore represents a single number or character. The symbols can be used in combinations. Syntax: The basic syntax of '%' and '_' is as follows: SELECT FROM table_name WHERE column LIKE 'XXXX%' or SELECT FROM table_name WHERE column LIKE '%XXXX%' or SELECT FROM table_name WHERE column LIKE 'XXXX_' or SELECT FROM table_name WHERE column LIKE '_XXXX' or SELECT FROM table_name WHERE column LIKE '_XXXX_' You can combine N number of conditions using AND or OR operators. Here, XXXX could be any numeric or string value. Example: Here are number of examples showing WHERE part having different LIKE clause with '%' and '_' operators: Statement Description WHERE SALARY LIKE Finds any values that start with 200 '200%' WHERE SALARY LIKE Finds any values that have 200 in any position '%200%' WHERE SALARY LIKE Finds any values that have 00
    [Show full text]
  • Mastering Powershellpowershell
    CopyrightCopyright © 2009 BBS Technologies ALL RIGHTS RESERVED. No part of this work covered by the copyright herein may be reproduced, transmitted, stored, or used in any form or by any means graphic, electronic, or mechanical, including but not limited to photocopying, recording, scanning, digitizing, taping, Web distribution, information networks, or information storage and retrieval systems except as permitted under Section 107 or 108 of the 1976 United States Copyright Act without the prior written permission of the publisher. For permission to use material from the text please contact Idera at [email protected]. Microsoft® Windows PowerShell® and Microsoft® SQL Server® are registered trademarks of Microsoft Corporation in the United Stated and other countries. All other trademarks are the property of their respective owners. AboutAbout thethe AuthorAuthor Dr. Tobias Weltner is one of the most visible PowerShell MVPs in Europe. He has published more than 80 books on Windows and Scripting Techniques with Microsoft Press and other publishers, is a regular speaker at conferences and road shows and does high level PowerShell and Scripting trainings for companies throughout Europe. He created the powershell.com website and community in an effort to help people adopt and use PowerShell more efficiently. As software architect, he created a number of award-winning scripting tools such as SystemScripter (VBScript), the original PowerShell IDE and PowerShell Plus, a comprehensive integrated PowerShell development system. AcknowledgmentsAcknowledgments First and foremost, I’d like to thank my family who is always a source of inspiration and encouragement. A special thanks to Idera, Rick Pleczko, David Fargo, Richard Giles, Conley Smith and David Twamley for helping to bring this book to the English speaking world.
    [Show full text]
  • List of NMAP Scripts Use with the Nmap –Script Option
    List of NMAP Scripts Use with the nmap –script option Retrieves information from a listening acarsd daemon. Acarsd decodes ACARS (Aircraft Communication Addressing and Reporting System) data in real time. The information retrieved acarsd-info by this script includes the daemon version, API version, administrator e-mail address and listening frequency. Shows extra information about IPv6 addresses, such as address-info embedded MAC or IPv4 addresses when available. Performs password guessing against Apple Filing Protocol afp-brute (AFP). Attempts to get useful information about files from AFP afp-ls volumes. The output is intended to resemble the output of ls. Detects the Mac OS X AFP directory traversal vulnerability, afp-path-vuln CVE-2010-0533. Shows AFP server information. This information includes the server's hostname, IPv4 and IPv6 addresses, and hardware type afp-serverinfo (for example Macmini or MacBookPro). Shows AFP shares and ACLs. afp-showmount Retrieves the authentication scheme and realm of an AJP service ajp-auth (Apache JServ Protocol) that requires authentication. Performs brute force passwords auditing against the Apache JServ protocol. The Apache JServ Protocol is commonly used by ajp-brute web servers to communicate with back-end Java application server containers. Performs a HEAD or GET request against either the root directory or any optional directory of an Apache JServ Protocol ajp-headers server and returns the server response headers. Discovers which options are supported by the AJP (Apache JServ Protocol) server by sending an OPTIONS request and lists ajp-methods potentially risky methods. ajp-request Requests a URI over the Apache JServ Protocol and displays the result (or stores it in a file).
    [Show full text]
  • AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions
    AWS Certified Developer – Associate (DVA-C01) Sample Exam Questions 1) A company is migrating a legacy application to Amazon EC2. The application uses a user name and password stored in the source code to connect to a MySQL database. The database will be migrated to an Amazon RDS for MySQL DB instance. As part of the migration, the company wants to implement a secure way to store and automatically rotate the database credentials. Which approach meets these requirements? A) Store the database credentials in environment variables in an Amazon Machine Image (AMI). Rotate the credentials by replacing the AMI. B) Store the database credentials in AWS Systems Manager Parameter Store. Configure Parameter Store to automatically rotate the credentials. C) Store the database credentials in environment variables on the EC2 instances. Rotate the credentials by relaunching the EC2 instances. D) Store the database credentials in AWS Secrets Manager. Configure Secrets Manager to automatically rotate the credentials. 2) A Developer is designing a web application that allows the users to post comments and receive near- real-time feedback. Which architectures meet these requirements? (Select TWO.) A) Create an AWS AppSync schema and corresponding APIs. Use an Amazon DynamoDB table as the data store. B) Create a WebSocket API in Amazon API Gateway. Use an AWS Lambda function as the backend and an Amazon DynamoDB table as the data store. C) Create an AWS Elastic Beanstalk application backed by an Amazon RDS database. Configure the application to allow long-lived TCP/IP sockets. D) Create a GraphQL endpoint in Amazon API Gateway. Use an Amazon DynamoDB table as the data store.
    [Show full text]
  • D4.6 Real-Time Executor Software Release Y3
    D4.6 Real-time Executor Software Release Y3 Grant agreement no. 780785 Project acronym OFERA (micro-ROS) Project full title Open Framework for Embedded Robot Applications Deliverable number D4.6 Deliverable name Real-time Executor – Software Release Y3 Date December 2020 Dissemination level public Workpackage and task 4.2 Author Jan Staschulat (Bosch) Contributors Ralph Lange (Bosch) Keywords micro-ROS, robotics, ROS, microcontrollers, scheduling, executor Abstract This document provides links to the released software and documentation for deliverable D4.6 Real-time Execu- tor Software Release Y3 of the Task 4.2 Predictable Scheduling and Execution. D4.6: Real-time Executor – Software Release Y3 Contents 1 Overview to Results 2 2 Links to Software Repositories 2 3 Annex 1: Webpage on Real-Time Executor 3 3.1 Table of contents ....................................... 3 3.2 Introduction ......................................... 4 3.3 Analysis of rclcpp standard Executor ........................... 5 3.3.1 Architecture ..................................... 5 3.3.2 Scheduling Semantics ................................ 6 3.4 RCLC-Executor ........................................ 7 3.4.1 Requirement Analysis ................................ 7 3.4.2 Features ........................................ 12 3.4.3 Executor API ..................................... 13 3.4.4 Examples ....................................... 14 3.4.5 Summary ....................................... 17 3.4.6 Future work ..................................... 18 3.4.7 Download
    [Show full text]
  • Introduction to Amazon Web Services
    Introduction to Amazon Web Services Jeff Barr Senior AWS Evangelist @jeffbarr / [email protected] What Does It Take to be a Global Online Retailer? The Obvious Part… And the Not-So Obvious Part How Did Amazon Get in to Cloud Computing? • We’d been working on it for over a decade • Development of a platform to enable sellers on the Amazon global infrastructure • Internal need for centralized, scalable deployment environment for applications • Early forays into web services proved developers were hungry for more This Led to a Broader Mission • Enable businesses and developers to use web services (what people now call “the cloud”) to build scalable, sophisticated applications. “It's not the customers' job to invent for themselves. It's your job to invent on their behalf. You need to listen to customers. You need to invent on their behalf. Kindle, EC2 would not have been developed if we did not have an inventive culture.” - Jeff Bezos, Founder & CEO, Amazon.com Attributes of Cloud Computing No Up-Front Capital Low Cost Pay Only for What Expense You Use Self-Service Easily Scale Up and Improve Agility & Time- Infrastructure Down to-Market Deploy Last-Generation IT Services Cloud-Generation IT Services Cloud-Generation IT Services What’s the Difference? Last-Generation Cloud-Generation • IT department • Empowered users • Manual Setup • Automated Setup • Hours/Days/Weeks • Seconds/Minutes • Error-prone • Scripted & repeatable • Small scale • Any scale AWS PLATFORM Cloud-Powered Applications Management & Administration Administration Identity &
    [Show full text]
  • Implementación De Los Algoritmos De Factorización 201
    Universidad Complutense de Madrid Facultad de Informática Sistemas Informáticos 2010/2011 RSA@Cloud Criptoanálisis eficiente en la Nube Autores: Directores de proyecto: Alberto Megía Negrillo José Luis Vázquez-Poletti Antonio Molinera Lamas Ignacio Martin Llorente José Antonio Rueda Sánchez Dpto. Arquitectura de Computadores Página 0 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Se autoriza a la Universidad Complutense a difundir y utilizar con fines académicos, no comerciales y mencionando expresamente a sus autores, tanto la propia memoria, como el código, la documentación y/o el prototipo desarrollado. Alberto Megía Negrillo Antonio Molinera Lamas José Antonio Rueda Sánchez Página 1 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 2 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Agradecimientos Un trabajo como este no habría sido posible sin la cooperación de mucha gente. En primer lugar queremos agradecérselo a nuestras familias que tanto han confiado y nos han dado. A nuestros directores José Luis Vázquez-Poletti e Ignacio Martín Llorente, por conseguir llevar adelante este proyecto. Por último, a todas y cada una de las personas que forman parte de la Facultad de Informática de la Universidad Complutense de Madrid, nuestro hogar durante estos años. Página 3 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Página 4 Facultad de Informática UCM RSA@Cloud Sistemas Informáticos – FDI Resumen En el presente documento se describe un sistema que aprovecha las virtudes de la computación Cloud y el paralelismo para la factorización de números grandes, base de la seguridad del criptosistema RSA, mediante el empleo de diferentes algoritmos matemáticos como la división por tentativa y criba cuadrática.
    [Show full text]
  • Cisco Workload Automation Amazon EC2 Adapter Guide
    Cisco Workload Automation Amazon EC2 Adapter Guide Version 6.3 First Published: August, 2015 Last Updated: September 6, 2016 Cisco Systems, Inc. www.cisco.com THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Regular Expressions
    APPENDIX A Regular Expressions This appendix explains regular expressions and how to use them in Cisco NX-OS software commands. It also provides details for composing regular expressions. This appendix has the following sections: • General Concepts About Regular Expressions • Cisco Regular Expression Pattern Matching Characters • Single-Character Patterns • Multiple-Character Patterns • Multipliers • Alternation • Anchoring • Parentheses for Recall • Regular Expression Examples • General Concepts About Regular Expressions A regular expression is entered as part of a command and is a pattern made up of symbols, letters, and numbers that represent an input string for matching (or sometimes not matching). Matching the string to the specified pattern is called pattern matching. Pattern matching either succeeds or fails. If a regular expression can match two different parts of an input string, it will match the earliest part first. Cisco configurations uses regular expression pattern matching in several implementations. The following is a list of some of these implementations: • BGP IP AS-path and X.29 access lists • Modem (or chat) and system scripts • X.25 route substitute destination feature • Protocol translation ruleset scripts • Cisco Regular Expression Pattern Matching Characters Table A-1 summarizes the basic Cisco regular expression characters and their functions. Cisco NX-OS Unicast Routing Command Reference, Release 4.0 OL-14973-01 A-1 Appendix A Regular Expressions Table A-1 Cisco Regular Expression Characters Regular Expression Character Function Examples . Matches any single character. 0.0 matches 0x0 and 020. For example, t..t matches strings such as test, text, and tart. \ Matches the character following the 172\.1\.. matches 172.1.10.10 but not backslash.
    [Show full text]
  • OPINION Sysadmin NETWORKING Security Columns
    October 2010 VOLUME 35 NUMBER 5 OPINION Musings 2 RikR FaR ow SYSADMin Teaching System Administration in the Cloud 6 Jan Schaumann THE USENIX MAGAZINE A System Administration Parable: The Waitress and the Water Glass 12 ThomaS a. LimonceLLi Migrating from Hosted Exchange ­Service to In-House Exchange Solution 18 T Roy mckee NETWORKING IPv6 Transit: What You Need to Know 23 mT aT Ryanczak SU EC RITY Secure Email for Mobile Devices 29 B Rian kiRouac Co LUMNS Practical Perl Tools: Perhaps Size Really Does Matter 36 Davi D n. BLank-eDeLman Pete’s All Things Sun: The “Problem” with NAS 42 Pe TeR BaeR GaLvin iVoyeur: Pockets-o-Packets, Part 3 48 Dave JoSePhSen /dev/random: Airport Security and Other Myths 53 RoT BeR G. FeRReLL B OOK reVIEWS Book Reviews 56 El izaBeTh zwicky, wiTh BRanDon chinG anD Sam SToveR US eniX NOTES USA Wins World High School Programming Championships—Snaps Extended China Winning Streak 60 RoB koLSTaD Con FERENCES 2010 USENIX Federated Conferences Week: 2010 USENIX Annual Technical Conference Reports 62 USENIX Conference on Web Application Development (WebApps ’10) Reports 77 3rd Workshop on Online Social Networks (WOSN 2010) Reports 84 2nd USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’10) Reports 91 2nd Workshop on Hot Topics in Storage and File Systems (HotStorage ’10) Reports 100 Configuration Management Summit Reports 104 2nd USENIX Workshop on Hot Topics in Parallelism (HotPar ’10) Reports 106 The Advanced Computing Systems Association oct10covers.indd 1 9.7.10 1:54 PM Upcoming Events 24th Large InstallatIon system admInIstratIon ConferenCe (LISA ’10) Sponsored by USENIX in cooperation with LOPSA and SNIA november 7–12, 2010, San joSe, Ca, USa http://www.usenix.org/lisa10 aCm/IfIP/USENIX 11th InternatIonaL mIddLeware ConferenCe (mIddLeware 2010) nov.
    [Show full text]