Confirming that shell is running on an Amazon WorkSpace - amazon-web-services

I am currently writing a number of shell scripts which will run both on an Amazon Workspaces Linux instance and elsewhere on other Linux hosts (e.g. Amazon Linux EC2 instances).
I would like to have certain Bash variable values configured differently depending on whether or not a given script is being run on a WorkSpaces instance.
Given this, I was wondering if there is a way of checking at the OS level whether the host is an Amazon WorkSpace or not?

Although possibly not fail proof, one method of identifying whether a Linux host is one of the Amazon Linux WorkSpaces hosts is to look for the presence of the /usr/share/icons/amazon-workspaces directory where the icon assets for MATE window manager theme are stored.

Related

Invoking Windows EC2 terminal remotely

I need to connect to my Windows EC2 terminal to invoke a local script on it from a different machine CMD.
I tried to search and I 'v found the following: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect.html. This solves the problem for Linux, not windows. Any suggestion or lead for a solution?
On Windows machines, you can remotely SSH onto your EC2 instance using a bash shell, which supports SSH.
If you have git bash installed, it can do the trick for you.
You will need the pem file which you can generate before launching your EC2 instance, at the very last step. Else, you can also use your own key - see docs from AWS here.
You can look into the option of session manager.
Please refer: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html
To give you a brief, Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon EC2 instances, on-premises instances, and virtual machines (VMs) through an interactive one-click browser-based shell or through the AWS CLI.

How to centrally manage of files/directories in AWS just like Redhat Satellite?

I am running instances with RHEL6 & 7 distributions on AWS cloud. As a system administrator, I need a mechanism to centrally manage and synchronize the files on all instances. For eg: /etc/sudoers.d/ , /etc/sudoers, /etc/resolv.conf , /etc/nsswitch.conf, etc.. A central repository to manage these files and should push to the servers when they are not in sync or send an email if the file is not in sync on any instances. It should be similar to Redhat Satellite but I need to use AWS native services to attain this.
Take a look at the ec2 systems manager. https://aws.amazon.com/systems-manager/getting-started/
It's the closest thing I know to what you're describing.
Note that aws is distro agnostic, and can't marshal files into the virtual machines ( after all, be they're virtual machines in a very real sense, and their file systems are not really accessible to the hypervisor).
But what you can do is he an agent running which can grab the files, which is surely how satellite works too.
If you want to be cloud native, you might also want to use an auto sanding group with a cfn -hup script running in the instances. It can detect configuration changes and run the supplied automation. But I'm guessing you're going for long lived instances, not cloud elasticity?

Securing Folder on EC2 Amazon Marketplace AMI

I'm planning to start a small business and submit an Linux AMI to Amazon's AWS Marketplace. As I'm reading the seller's guide, I see this:
AMIs MUST allow OS-level administration capabilities to allow for compliance requirements, vulnerability updates and log file access. For Linux-based AMIs this is through SSH." (6.2.2)
How can I protect my source code if anyone who uses my product can SSH to the machine and poke around? Can I lock down certain folders yet still allow "os-level administration"?
Here is a bit of context if needed:
I'm using Ubuntu Server 16.04 LTS (HVM), SSD Volume Type (ami-cd0f5cb6) as my base AMI
I'm provisioning a slightly modified MySQL database that I want my customers to be able to access. This is their primary way of interacting with my service.
I'm building a django web service that will come packaged on the AMI. This is what I'd like to lock down and prevent access to.
Whether or not you provide SSH access, it'll always be possible for your users to mount the root EBS-volume of your AMI on another EC2-instance to investigate its contents, so disabling SSH or making certain files unreadable for an SSH-user doesn't help you in this regard.
Instead of trying to to keep users away from your source code I suggest you simply state clearly what the users are allowed to do with it and what not in the terms of service.
Even large companies provide OS-images which contain the source code of their applications (whenever they use a scripting language) in clear form or just slightly obfuscated.

Creating an iso of a RHEL instance

I have an amazon ec2 instance with RHEL 7.3 on it. I would like to convert this into an iso so that I can migrate it wherever I want. What are the best tools to create an iso of a virtual machine. Or how do I clone/backup this VM so that I can restore it anywhere I want?
You can work with VM and AWS programatically via AWS CLI commands.
You want to get familiar with import-task and export-task commands.
The best place to start is by reading an official AWS guides for:
Exporting an Instance as a VM Using VM Import/Export
Importing a VM as an Image Using VM Import/Export
The key information you need to pick up from the guide is this quote:
"You can't export an instance from Amazon EC2 unless you previously
imported it into Amazon EC2 from another virtualization environment."
Yes, there are solutions, one of them linked by #Nicholas Smith. That being said, if you go the unofficial route you might end up in a dark alley where help might not be available. I highly recommend and warn here to not proceed with trying to clone EC2 into VM at this point. You will spend a lot of time with a huge risk factor for future.
For you to be able to achieve what you want, you need to create a RHEL VM using any VM software, you need to load this VM into AWS and then you will be able to work with VM in AWS making any necessary changes and export again for local or transportation needs.
As you are running a widely-used Linux distribution - RHEL, you can attempt to recreate your EC2 environment manually by launching a VM that runs the same kernel version along with the same package versions. From there, you can tarball what files you need from your production instance and copy them over to your on-premise site by using SCP/SFTP.
Just get your RHEL environment into VM locally and import to AWS and you set.
Clonezilla provides functionality to create images. Generated images can be converted to ISO files.
It doesn't seem to be something that Amazon promote as a service however the aws cli tools have an ec2-unbundle command for extracting from an AMI. There's a guide here on how to download and run an EC2 AMI locally by using it.
Caveat is it appears the ec2-unbundle command currently only works on Linux and not OS X or Windows.

Is it possible to compile a code in Amazon EC2?

I am writing an online judge like spoj.pl .I would like to compile the source code in EC2. Is it possible to compile and execute the C,C++,Java codes in Ec2 ? Do we have access to run shell commands ?
Yes - EC2 instances have operating systems just like your PC.
If you chose a Windows instance, you can Remote Desktop to it and install Eclipse or whatever.
If you chose Linux, it is a bit more tricky since you will have to do more work with the terminal
though you can install NX client and also "remote desktop" to your instance.
Yes it is possible. Since EC2 instances run standard operating systems, you can do pretty much anything you would do in a non-EC2 server.
On Linux, the usual way to run commands is through SSH. When you create an EC2 instance, you are asked to either create or provide a key pair. You must configure your SSH client to use the private key to connect to the EC2 instance.