AWS Windows Instance for Service Catalog (YAML Config) - windows

Can anyone point me in the right direction for how to update an EFS OnDemand EC2 instance (YAML) to a Windows EC2 instance?
I.e. how to get the user's credentials to login to a launched Windows instance (Remote Desktop)?
Also, has anyone found a way to copy paste from the local machine to the Golden AMI instance?

You go to the EC2 console and click the checkmark for the EC2 instance. Then there's a menu option to show you the password. For copy paste... you should just be able to ctrl+c, ctrl+v just like anywhere else. "Golden AMI" isn't a real thing, it's just a phrase people use to mean "we made this AMI and it's got our special sauce" (could be configs, security scanners, whatever...).
I don't really understand the other question you're asking.

Related

How to make windows EC2 user data script NOT run when I RDP to EC2?

The user data on Windows EC2 works as expected when EC2 is launched programmatically by Lambda. However, it also executes when I manually start the machine and RDP into it for debugging/troubleshooting purposes. Is there a way to make sure it doesn't run when I start EC2 and RDP to it?
Well, EC2 user data doesn't differentiate between programmatic and manual launching. Commenting out user data script before RDP'ing into EC2 looks like the only way to prevent user data script from running.

Unreachable Amazon EC2 Instance

I have a running amazon-ec2 instance that contains a personal wiki. It has been running fine for years, and today suddenly I'm unable to logon using the private key .ppk file using either Putty or WinSCP! (An hour ago I still can!)
I was panicking and I rebooted the amazon EC2 instance. (I didn't stop and start the instance, I choose reboot).
My question is, is my data lost? And if not, how can I recover it? I can't ssh to the machine and it seems my .pem file or .ppk file which I generated long time back doesn't work anymore.
Your help is much appreciated, it saves me a lot of hard work! Thanks!
You can try starting another ec2 instance, and attaching the EBS volume(of the instance you care about) to it. Then all you have to do is to mount it and your data should be intact.
You'll have to turn off the original instance to do that first. Also, this presumes you don't have the drive encrypted.
Your data will be lost only if you used instance store. If you used EBS, your data is intact.
If you can't SSH to your server, use "AWS Systems Manager" to shell into your instance and debug SSH connection: check if sshd is up, .ssh/authorized_keys file contents and permissions, etc...

Opening Realm Dashboard on Amazon EC2

I'm trying to setup Realm Object Server on Amazon EC2.
I've used the public AMI on North Virginia, and I have a running instance. I'm doing all this from Europe as most of my users are in the USA.
Now I'm trying to access ec2-xx-xx-xx-xx.compute-1.amazonaws.com:9080.
I've tried to open the different ports as indicated but I feel that what I've done is incorrect.
I've also tried to open all traffic but I still have a timeout on the page. I'm probably doing something wrong here, I'm not sure what.
Thanks for your help!
Thanks for trying out our AWS AMI! It would be helpful to know the AMI ID that you ran, as that can help us track down problems for others. In fact, we've released new AMIs this morning. Check our website for the latest available AMI IDs.
In the meantime, can you check if the realm-object-server service is running? You can check this via SSH and by running:
sudo service realm-object-server status
So I managed to make things work!
I guess my issue is that I was somehow on the wrong security group.
When looking at your running instances, be sure to hit your security group at the right of the instance row, in order to be able to configure the correct one.
Then, configure a Custom TCP Rule with port 9080.
That's it!

AWS EC2 Instance Hacked

One of my EC2 instances was hacked a few days ago.
I tried logging in via SSH to the server, but I couldn't connect. I am the only one with access to the private key, and I keep it in a safe place.
Luckily, I had a backup of everything and was able to move the web app to a new instance quite fast.
My concern right now is that I don't know how my instance was hacked in the first place.
Why can't I log in via SSH using my private key? I would assume that the private key stored on the server can't be (easily) deleted.
Is there a way I can find out how the hacker gained access to the instance? Perhaps a log file that would point me in the right direction.
Should I attach the EBS volume in question to a new instance and see what's on it or what are my options in this case?
Right now, it seems I have to access at all to the hacked instance.
Thank you!
#Krishna Kumar R is correct about the hacker probably changing the ssh keys.
Next steps:
Security concerns (do these now!):
Stop the instance, but don't terminate yet
Revoke/expire any sensitive credentials that were stored on the instance, including passwords and keys for other sites and services. Everything stored on that instance should be considered compromised.
Post-mortem
Take an EBS snapshot of the instance's root volume (assuming that's where logs are stored)
Make a new volume from the snapshot and attach to a (non-production) instance
Mount and start reading logs. If this is a linux host and you have port 22 open in the firewall, I'd start with /<mount-point>/var/log/auth.log
They might have logged into your machine via password. In ssh config, check the value of: PasswordAuthentication. If it is set to yes, then users can login to the instance remotely via password. Check /var/log/secure for any remote logins. It will show up all logins (password or key based).
If someone logged in as 'root', they can modify the ssh keys.
The fact that you are unable to login to the machine does not mean that it has been "hacked". It could be due to a configuration change on the instance, or the instance might have changed IP address after a stop/start.
Do a search on StackOverflow for standard solutions to problems connecting to an instance and see if you can connect (eg recheck IP address, check security group, turn on ssh -v debugging, check network connectivity & VPC settings, view Get System Log, etc).
Worst case, yes, you could:
Stop the instance
Detach the EBS volume
Attach the EBS volume to another EC2 instance
Access the content of the EBS volume

Login as ec2-user won't go away

I have an Amazon EC2 instance based off of a RHEL 6.4 64bit AMI. After setting up this server with programs, etc; I created my own AMI Image off of it. All good, until I tried creating a new instance off of my AMI. When I try to login as root, it asks me to login in as ec2-user. My modified instance from which the AMI was built was already corrected for this and so I don't see how it can come back.
Your help, as always is appreciated!
--Roger

Resources