AWS Quick Start

Featured

Amazon Web Services is now available at Illinois for research, instruction, and administrative use. You can request access or log into an account at the University of Illinois AWS service gateway: http://aws.illinois.edu/

Amazon will be on campus regularly to provide guided labs and consultation. More information is available in our Fall 2017 Lab Schedule.

You can contact the Illinois AWS team at aws-support@illinois.edu. We’re always available to sit down and discuss whether AWS is a good fit for your unit’s needs, design solutions, or take feedback on how we can improve the service.

git-secrets and AWS credential management

We’ve seen a few account compromises on campus resulting from AWS IAM credentials checked into a public Github repository.

I encourage our customers to implement Amazon’s git-secrets package, which will automatically scan your code for keys and reject a git check-in if they’re found.

But if you’re not putting keys in your code, where should they go? A few suggestions:

  1. If you’re running from an EC2 instance, you can use an EC2 role to grant access to any API calls originating from that instance. This is my preferred method because no key management is required.
  2. Create local profiles that store credentials outside your application. “aws configure” will get you started with the AWS CLI.
  3. Populate your environment variables, again pulling the data out of your code.

Amazon documents their best practices for managing AWS access keys, which includes more options and more detail.

Besides handling credentials carefully, it’s useful to give your application the least privileges it needs. I recommend creating a dedicated IAM user or role for each application and granting it only the permissions it needs. Attackers tend to be most interested in credentials that allow them to launch EC2 instances. If your application doesn’t need that capability, you can dramatically limit the potential for attack.

New AWS Labs Added for Fall 17

The Illinois Amazon Web Services (AWS) team has added additional lab dates to their fall schedule. An Amazon solutions architect and an Illinois AWS team member will be on-site to offer technical assistance and discuss cloud topics.

  • September 27: 9:15 to 11:15 a.m. in 27 Illini Hall
  • October 17: 9:15 to 11:15 a.m.in 28 Illini Hall
  • October 25: 9:00 to 11:00 a.m. in the Undergraduate Library ICS Lab
  • November 15: 2:00 to 4:00 p.m. in 27 Illini Hall
  • December 6: 3:00 to 5:00 p.m. in Wohlers Hall ICS Lab

During each lab session, you’ll have your choice of topics:

  • AWS 101: Introduction to EC2
  • Identity and Access Management
  • S3 and CloudFront for content distribution
  • Relational Database Service
  • Automating AWS with CloudFormation
  • Introduction to Lambda
  • Building clusters with Alces Flight
  • Elastic MapReduce

You may run through multiple labs if time allows.

Technology Services will grant you access to a shared AWS account for the lab; you don’t need your own. Computers will be available onsite, though you’re welcome to bring your own laptop if you prefer.

Please register here to reserve your seat.

Amazon Web Services Lab Reminder – Sept. 27

The Amazon Web Services team at Illinois will be holding the next AWS Lab Session on Wednesday, September 27 from 9:15-11:15am in 27 Illini Hall. Please register to attend.

During each lab session, you’ll have your choice of topics:

  • AWS 101: Introduction to EC2
  • Identity and Access Management
  • S3 and CloudFront for content distribution
  • Relational Database Service
  • Automating AWS with CloudFormation
  • Introduction to Lambda
  • Building clusters with Alces Flight
  • Elastic MapReduce

You may run through multiple labs if time allows. An Amazon solutions architect will be on-site with our local staff to offer technical assistance and discuss cloud topics.

Technology Services will grant you access to a shared AWS account for the lab; you don’t need your own. Computers will be available onsite, though you’re welcome to bring your own laptop if you prefer.

AWS Labs are scheduled through December. They are posted to cloud.illinois.edu.

Read-replica Support for Apache HBase

You can now create read-replica Apache HBase clusters pointed to the same underlying HBase tables in Amazon S3 on Amazon EMR release 5.7.0. Apache HBase is a distributed, non-relational database built for random, strictly consistent realtime access for tables with billions of rows and millions of columns. By using read-replicas, you can increase availability by creating HBase clusters in different Amazon EC2 Availability Zones that read from the same dataset in Amazon S3.

Continue reading