Amazon的AWS提供相當完整的雲端產品,供個人、企業組織或其它團體依自身環境的條件與需求彈性使用。- 亞馬遜雲端服務主要提供超過 40 多種不同的服務,例如運算、儲存、內容傳輸、資料庫、 分析作業、應用服務、管理和部署、網路等,讓使用者能輕鬆建立其應用程式或服務, 並在
AWS雲端實際執行。 AWS的管理介面:AWS Management Console讓使用者可以方便管理其運算、儲存與其它雲端資源。EC2為雲端裡的虛擬伺服器,稱之為instance,是一項可供使用者在雲端上彈性調整計算效能的伺服器服務。除了Windows外,AWS亦提供多項主流Linux分支套件可取用,像是Red Hat Enterprise、SUSE與Ubuntu等。- 亞馬遜的簡易儲存服務(
Simple Storage Service,Amazon S3) - 亞馬遜
CloudFront為CDN服務,讓企業可透過該服務加速內容遞送、降低延遲。
亞馬遜雲端服務(AWS, Amazon Web Services)
虛擬私人雲(virtual private cloud,簡稱VPC)
Amazon的AWS提供相當完整的雲端產品,供個人、企業組織或其它團體依自身環境的條件與需求彈性使用。亞馬遜雲端服務主要提供超過 40 多種不同的服務,例如運算、儲存、內容傳輸、資料庫、 分析作業、應用服務、管理和部署、網路等,讓使用者能輕鬆建立其應用程式或服務, 並在AWS雲端實際執行。
AWS的管理介面:AWS Management Console讓使用者可以方便管理其運算、儲存與其它雲端資源。
EC2為雲端裡的虛擬伺服器,稱之為instance,是一項可供使用者在雲端上彈性調整計算效能的伺服器服務。除了Windows外,AWS亦提供多項主流Linux分支套件可取用,像是Red Hat Enterprise、SUSE與Ubuntu等。亞馬遜的簡易儲存服務(Simple Storage Service,Amazon S3) 亞馬遜
CloudFront為CDN服務,讓企業可透過該服務加速內容遞送、降低延遲。
Amazon EC2是一種可用來在雲端建立和執行虛擬機器的Amazon Web Service(我們稱這些虛擬機器為「執行個體」)Amazon Machine Image(AMI),AMI是包含軟體設定的範本 (例如,作業系統、應用程式伺服器和應用程式)。
亞馬遜雲端服務(AWS, Amazon Web Services)
虛擬私人雲(virtual private cloud,簡稱VPC)
计算
EC2
存储
S3
数据库
网络和内容分发
VPC
CloudFront
Route 53
安全、身份与合规
IAM
SES
实例
映像
负载均衡器
负载平衡
shell> export AWS_ACCESS_KEY=your-aws-access-key-id
shell> export AWS_SECRET_KEY=your-aws-secret-key
shell> file /etc/alternatives/java
shell> export JAVA_HOME=/usr/lib/jvm/java-6-openjdk-amd64/jre
shell> $JAVA_HOME/bin/java -version
shell> export EC2_HOME=/usr/local/ec2/ec2-api-tools-1.7.0.0
shell> export PATH=$PATH:$EC2_HOME/bin
shell> ec2-describe-regions
REGION eu-west-1 ec2.eu-west-1.amazonaws.com
REGION sa-east-1 ec2.sa-east-1.amazonaws.com
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION us-west-2 ec2.us-west-2.amazonaws.com
REGION us-west-1 ec2.us-west-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
REGION ap-southeast-2 ec2.ap-southeast-2.amazonaws.com
us-east-1 美国东部 (弗吉尼亚北部)
us-east-2 美国东部 (俄亥俄)
us-west-1 美国西部 (加利福尼亚北部)
us-west-2 美国西部 (俄勒冈)
ca-central-1 加拿大 (中部)
eu-west-1 欧洲 (爱尔兰)
eu-west-2 欧洲 (伦敦)
eu-central-1 欧洲 (法兰克福)
ap-southeast-1 亚太区域 (新加坡)
ap-southeast-2 亚太区域 (悉尼)
ap-northeast-1 亚太区域 (东京)
ap-northeast-2 亚太区域 (首尔)
ap-south-1 亚太区域 (孟买)
sa-east-1 南美洲 (圣保罗)
shell> export EC2_URL=https://<service_endpoint>
shell> export EC2_URL=https://ec2.us-west-1.amazonaws.com
shell> ec2-create-keypair my-key-pair
KEYPAIR my-key-pair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
---- BEGIN RSA PRIVATE KEY ----
MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE
-----END RSA PRIVATE KEY-----
my-key-pair.pem
---- BEGIN RSA PRIVATE KEY ----
-----END RSA PRIVATE KEY-----
shell> chmod 400 my-key-pair.pem
shell> ec2-create-group my-security-group -d "My security group"
shell> ec2-authorize my-security-group -p 3389 -s 203.0.113.25/32
shell> ec2-authorize my-security-group -p 22 -s 203.0.113.25/32
shell> ec2-create-group websrv -d "Web Servers"
shell> ec2-authorize websrv -P tcp -p 80 -s 192.0.2.0/24
shell> ec2-authorize websrv -P tcp -p 80 -s 0.0.0.0/0
启动实例
shell> ec2-run-instances ami-xxxxxxxx -t t1.micro -k my-key-pair -g my-security-group
Ubuntu Server 14.04 LTS (HVM), SSD Volume Type
shell> ec2-run-instances ami-a7fdfee2 -t t2.micro -k my-key-pair -g my-security-group
shell> ec2-describe-instances
shell> ssh -i my-key-pair.pem [email protected]
shell> ssh -i my-key-pair.pem [email protected]
shell> ec2-stop-instances i-afb4bcf1
shell> ec2-start-instances i-afb4bcf1
shell> ec2-terminate-instances i-afb4bcf1
Install the AWS CLI
shell> brew install awscli
/usr/local/share/awscli/examples
shell> aws help
Configure the AWS CLI
shell> aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: ap-northeast-1
Default output format [None]: ENTER
~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[user2]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
~/.aws/config
[default]
region=us-west-2
output=json
[profile user2]
region=us-east-1
output=text
[default]
region = ap-northeast-1
shell> aws ec2 create-security-group --group-name devenv-sg --description "security group for development environment in EC2"
{
"GroupId": "sg-b018ced5"
}
shell> aws ec2 authorize-security-group-ingress --group-name devenv-sg --protocol tcp --port 22 --cidr 0.0.0.0/0
shell> aws ec2 create-key-pair --key-name devenv-key --query 'KeyMaterial' --output text > devenv-key.pem
shell> aws ec2 run-instances --image-id ami-6e1a0117 --security-group-ids sg-b018ced5 --count 1 --instance-type t2.micro --key-name devenv-key --query 'Instances[0].InstanceId'
"i-0787e4282810ef9cf"
shell> ssh -i devenv-key.pem [email protected]
shell> aws iam create-group --group-name MyIamGroup
{
"Group": {
"Path": "/",
"CreateDate": "2017-08-22T07:27:35.403Z",
"GroupId": "AGPAJJWVIVC7PURU45TPG",
"Arn": "arn:aws:iam::889276800424:group/MyIamGroup",
"GroupName": "MyIamGroup"
}
}
shell> aws iam create-user --user-name MyUser
{
"User": {
"UserName": "MyUser",
"Path": "/",
"CreateDate": "2017-08-22T07:29:06.227Z",
"UserId": "AIDAJM2PCYETVAGSSBAYW",
"Arn": "arn:aws:iam::889276800424:user/MyUser"
}
}
shell> aws iam add-user-to-group --user-name MyUser --group-name MyIamGroup
shell> aws iam get-group --group-name MyIamGroup
{
"Group": {
"Path": "/",
"CreateDate": "2017-08-22T07:27:35Z",
"GroupId": "AGPAJJWVIVC7PURU45TPG",
"Arn": "arn:aws:iam::889276800424:group/MyIamGroup",
"GroupName": "MyIamGroup"
},
"Users": [
{
"UserName": "MyUser",
"Path": "/",
"CreateDate": "2017-08-22T07:29:06Z",
"UserId": "AIDAJM2PCYETVAGSSBAYW",
"Arn": "arn:aws:iam::889276800424:user/MyUser"
}
]
}
Set an IAM Policy for an IAM User
MyPolicyFile.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}
shell> aws iam put-user-policy --user-name MyUser --policy-name MyPowerUserRole --policy-document file://C:\Temp\MyPolicyFile.json
shell> aws iam put-user-policy --user-name Bob --policy-name ExamplePolicy --policy-document file://AdminPolicy.json
shell> aws iam list-user-policies --user-name MyUser
{
"PolicyNames": [
"MyPowerUserRole"
]
}
shell> aws iam create-login-profile --user-name MyUser --password Ohwica8H
{
"LoginProfile": {
"UserName": "MyUser",
"CreateDate": "2017-08-22T08:23:47.432Z",
"PasswordResetRequired": false
}
}
shell> aws iam create-access-key --user-name MyUser
{
"AccessKey": {
"UserName": "MyUser",
"Status": "Active",
"CreateDate": "2017-08-22T08:28:33.417Z",
"SecretAccessKey": "c5mpLWkcPAXHv1v3Yy1v9rNBz+l61fsyDPdMZhBp",
"AccessKeyId": "AKIAJYZCWEORTVZPRULA"
}
}
shell> aws iam delete-access-key --user-name MyUser --access-key-id AKIAJYZCWEORTVZPRULA
shell> aws ec2 describe-instances
shell> aws ec2 describe-instances --profile user2
shell> aws ec2 describe-instances --instance-ids
shell> aws ec2 run-instances --image-id ami-29ebb519 --security-group-ids sg-0cd9dd68 --count 1 --instance-type t2.micro --key-name devenv-key --query 'Instances[0].InstanceId'
shell> aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
shell> aws ec2 create-security-group --group-name my-sg --description "My security group"
{
"GroupId": "sg-903004f8"
}
shell> aws ec2 delete-security-group --group-name MySecurityGroup
shell> aws ec2 delete-security-group --group-id sg-903004f8
向匿名用戶授予只讀權限
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal": "*",
"Action":["s3:GetObject"],
"Resource":["arn:aws:s3:::examplebucket/*"]
}
]
}
限制对特定 IP 地址的访问权限
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::examplebucket/*",
"Condition": {
"IpAddress": {"aws:SourceIp": "54.240.143.0/24"},
"NotIpAddress": {"aws:SourceIp": "54.240.143.188/32"}
}
}
]
}
示例:允许 IAM 用户访问您的一个存储桶
在本示例中,您需要授予您的 AWS 账户中的 IAM 用户访问一个存储桶 examplebucket 的权限,以便该用户能够添加、更新和删除对象。
除了授予该用户 s3:PutObject、s3:GetObject 和 s3:DeleteObject 权限外,此策略还授予 s3:ListAllMyBuckets、s3:GetBucketLocation 和 s3:ListBucket 权限。这些是控制台所需的其他权限。
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"s3:ListAllMyBuckets"
],
"Resource":"arn:aws:s3:::*"
},
{
"Effect":"Allow",
"Action":[
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource":"arn:aws:s3:::examplebucket"
},
{
"Effect":"Allow",
"Action":[
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource":"arn:aws:s3:::examplebucket/*"
}
]
}
- http://docs.aws.amazon.com/zh_cn/AmazonS3/latest/dev/example-bucket-policies.html
- http://docs.aws.amazon.com/zh_cn/AmazonS3/latest/dev/example-policies-s3.html
Amazon S3 的檔案命令
Creating Buckets
aws s3 mb s3://bucket-name
Removing Buckets
aws s3 rb s3://bucket-name
aws s3 rb s3://bucket-name --force
aws s3 ls
aws s3 ls s3://bucket-name
aws s3 ls s3://bucket-name/path/
shell> aws s3 ls
shell> aws s3 cp myfolder s3://mybucket/myfolder --recursive
shell> aws s3 sync myfolder s3://mybucket/myfolder --exclude *.tmp
`
run-instances
start-instances
stop-instances
terminate-instances
delete-security-group
- terminate-instances
- delete-security-group
- create-vpc
- cli-aws
- aws
- https://aws.amazon.com/tw/getting-started/tutorials/
- 啟動 Linux 虛擬機器
- 啟動 Windows 虛擬機器
參考網站: