常用地址
S3大全地址:https://docs.aws.amazon.com/zh_cn/general/latest/gr/s3.html
AWS 定价:https://aws.amazon.com/cn/pricing/
AWS EC2服务器定价:https://aws.amazon.com/cn/ec2/pricing/on-demand/
Amazon EC2 实例配置:https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ebs-optimized.html
Amazon EBS 功能:https://aws.amazon.com/cn/ebs/features/


AWS 如何选择Centos

CentOS 7 (x86_64) - with Updates HVM

亚马逊云AWS EC2 SSH密钥丢失后的解决方案

首先对当前正在运行状态的EC2点击关闭。关机成功后,选中这个EC2,点击右上角的Actions操作按钮,展开Instance settings菜单,选择Edit user data。如下截图。

AWS EC2 的SSH密钥只能在创建实例或者新建密钥的时候下载,所以,储存时候需要放在一个固定的地方,小心重名而被替换,如果,不小心删掉了,而无法远程登陆时,可以采用此方法重新创建一个,然后替换掉原来的密钥。
该方法需要用到一些limux 编程命令,如果有不清楚的地方,可以上网搜索,也可以留言。
相关操作命令:
SSH 登陆: ssh -i "(密钥)" (用户名)@IPv4( DNS)
例如:ssh -i "new-key.pem" ubuntu@ec2-3-***.compute.amazonaws.com

密钥权限修改:chmod 400 new-key.pem
显示密钥内容:ssh-keygen -y -f new-key.pem

查询密钥文件是否存在:ls -all ~/.ssh/
显示文件内容:cat ~/.ssh/authorized_keys
修改文件:vim ~/.ssh/authorized_keys
切换root用户: sudo su

文件vim操作:请自行查找

Edit user data修改内容:
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0

--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
  - name: username
    ssh-authorized-keys: 
    - PublicKeypair

替换后的效果

Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
​
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
​
#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
  - name: ec2-user
    ssh-authorized-keys: 
    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNCwYGHZaabUBUHLxd3bJMTZQO/CaXvFxVBkn5vUVkeUEK+8uORh3431l3hI0WEnuF8G5V3MOc4HTS4IJ9uablXTuHILDQ3MIXHstd73s0vuMGAjjvXhil9hSbOFjjlMF5gquiYQ7jn5dr3pOGB0AR+0VxGNtz2lUZOoMjZ80u4vUQi765vF/yRpiAvUUGmYTmLmzep+ym6gJeiRmrF5+VhPCPrOJowIRo+tFGyy6IQ4mhf/9TnLc4GZ4z0/8Pe9N9Os0VNTzdSfgyuZh49jEUPm4IW4QOsAlnTlMewX53OHoAqdWQJemlT3gRLaxZQLeus1kFCI9CdXJwuJgQSAYX

确认EC2已经启动完成后,使用新的密钥登录EC2进行验证,删除Userdata中的公钥


LAM策略"工单和账单只读"权限

该策略允许用户访问和回复支持工单,并允许用户查看 AWS 账单。该策略的 "Action" 字段值现在包括 "aws-portal:ViewBilling",这表示用户可以查看账单信息。该策略的 "Resource" 字段值仍然为 "*",表示允许用户对所有支持工单资源和账单资源进行操作。

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AccessWorkOrders",
      "Effect": "Allow",
      "Action": [
        "support:*",
        "aws-portal:ViewBilling"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

对象存储s3

配置公共读

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*"
        }
    ]
}

“Resource”: “arn:aws:s3:::my-bucket/*” 这个地方“my-bucket”改成给自己的存储桶的名称


跨域配置

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "x-amz-server-side-encryption",
            "x-amz-request-id",
            "x-amz-id-2"
        ],
        "MaxAgeSeconds": 3000
    }
]

CDN配置参数选择

选择使用哪种 AWS CDN 默认策略取决于你的具体需求和应用场景。以下是这些策略的一些简要说明:

CachingOptimized
Policy with caching enabled. Supports Gzip and Brotli compression.
1、CachingOptimized:启用了缓存,并支持 Gzip 和 Brotli 压缩。适合需要高速度传输和较少带宽的应用程序。

CachingDisabled
Policy with caching disabled
2、CachingDisabled:禁用缓存,适合传输内容频繁变化的动态应用程序。

CachingOptimizedForUncompressedObjects
Default policy when compression is disabled
3、CachingOptimizedForUncompressedObjects:当禁用压缩时使用的默认策略。适用于无需压缩且需要缓存的静态内容。

Elemental-MediaPackage
Policy for Elemental MediaPackage Origin
4、Elemental-MediaPackage:用于 Elemental MediaPackage Origin,适用于流媒体应用程序。

Amplify
olicy for Amplify Origin
5、Amplify:用于 Amplify Origin,适用于 Web 应用程序。

需要注意的是,这些默认策略是可以自定义的,你可以根据自己的具体需求进行配置。另外,在选择 CDN 策略时,还需要考虑一些其他因素,如成本、可用性和安全性等。


以下是源请求策略

UserAgentRefererHeaders
Policy to forward user-agent and referer headers to origin
UserAgentRefererHeaders:将用户代理(user-agent)和引用来源(referer)标头转发到原始服务器;

AllViewer
Policy to forward all parameters in viewer requests
AllViewerPolicy:将所有查看者请求中的参数都转发到原始服务器;

CORS-S3Origin
Policy for S3 origin with CORS
CORS-S3OriginPolicy:用于具有CORS的S3源的策略;

CORS-CustomOrigin
Policy for custom origin with CORS
CORS-CustomOrigin:用于具有CORS的自定义源的策略;

Elemental-MediaTailor-PersonalizedManifests
Policy for Elemental MediaTailor Origin
Elemental-MediaTailor-PersonalizedManifestsPolicy:用于Elemental MediaTailor源的个性化清单策略;

AllViewerAndCloudFrontHeaders-2022-06
Policy to forward all parameters in viewer reguests and all CloudFront headers as of June2022
AllViewerAndCloudFrontHeaders-2022-06Policy:将2022年6月之前所有CloudFront标头以及所有查看者请求中的参数都转发到原始服务器;

AllViewerExceptHostHeader
Policy to forward all parameters in viewer requests except for the Host header  
AllViewerExceptHostHeader:将除了Host标头之外的所有查看者请求中的参数都转发到原始服务器。

根据你的具体需求,选择适合你的策略即可。例如,如果你需要将所有查看者请求中的参数都转发到原始服务器,那么可以选择AllViewerPolicy;如果你使用具有CORS的S3源,则可以选择CORS-S3OriginPolicy。


响应标头策略

选择现有的响应标头策略或创建一个新的响应标头策略。

SimplecoRs
Allows all origins for simple CORS requests
SimplecoRs:允许所有来源(origin)进行简单的CORS请求;


CORS-With-Preflight
Allows all origins for CORS requests, including preflight requests
CORS-With-Preflight:允许所有来源进行CORS请求,包括预检请求(preflight requests);

CORS-with-preflight-and-SecurityHeadersPolicy
Allows all origins for CORS requests, including preflight requests, and adds security headers
CORS-with-preflight-and-SecurityHeadersPolicy:允许所有来源进行CORS请求,包括预检请求,并添加安全头(security headers);


CORS-and-SecurityHeadersPolicy
Allows all origins for simple CORS requests, and adds security headers
CORS-and-SecurityHeadersPolicy:允许所有来源进行简单的CORS请求,并添加安全头;


SecurityHeadersPolicy
Adds a set of security headers to every response
SecurityHeadersPolicy:向每个响应添加一组安全头。

根据你的具体需求,选择适合你的策略即可。

例如,如果你需要允许所有来源进行CORS请求,并且需要添加安全头,可以选择CORS-with-preflight-and-SecurityHeadersPolicy;如果你只需要允许所有来源进行简单的CORS请求,可以选择SimplecoRs。


AWS Organizations

策略
服务控制策略
Only_allowed
编辑策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DenyOtherServices",
      "Effect": "Deny",
      "NotAction": [
        "support:*",
        "Lightsail:*",
        "DevOps-Guru:*",
        "s3:*",
        "ec2:*",
        "route53:*",
        "route53domains:*",
        "cloudshell:*",
        "mobiletargeting:*",
        "ssm:*",
        "servicecatalog:*",
        "workspaces:*",
        "cloudwatch:*",
        "billingconductor:*",
        "servicecatalog:*",
        "secretsmanager:*",
        "glue:*",
        "globalaccelerator:*",
        "ds:*",
        "ce:*",
        "codeartifact:*",
        "cloudtrail:*",
        "sdb:*",
        "rds:*",
        "rekognition:*",
        "ecr:*",
        "iam:*",
        "cloudfront:*",
        "cloudsearch:*",
        "acm:*",
        "acm-pca:*",
        "autoscaling:*",
        "application-autoscaling:*",
        "autoscaling-plans:*",
        "account:*",
        "billing:*",
        "aws-portal:*",
        "consolidatedbilling:*",
        "elasticloadbalancing:*",
        "codestar-notifications:*",
        "notifications:*",
        "notifications-contacts:*",
        "waf:ListWebACLs",
        "ec2-instance-connect:*",
        "kms:*",
        "wafv2:ListWebACLs",
        "aws-marketplace:*",
        "compute-optimizer:*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "DenyLaunchHighCPUInstanceTypes",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:*:*:instance/*",
      "Condition": {
        "ForAllValues:StringNotEquals": {
          "ec2:InstanceType": [
            "t2.nano",
            "t3.nano",
            "t3a.nano",
            "t4g.nano",
            "t1.micro",
            "t2.micro",
            "t3.micro",
            "t3a.micro",
            "t4g.micro",
            "c1.medium",
            "m1.small",
            "t2.small",
            "t3.small",
            "a1.medium",
            "c6g.medium",
            "c6gd.medium",
            "c6gn.medium",
            "t3a.small",
            "t4g.small",
            "m1.medium",
            "c3.large",
            "c4.large",
            "m3.medium",
            "t2.medium",
            "t3.medium",
            "a1.large",
            "c5.large",
            "c5a.large",
            "c5ad.large",
            "c5d.large",
            "c6a.large",
            "c6g.large",
            "c6gd.large",
            "c6gn.large",
            "c6i.large",
            "c6in.large",
            "t3a.medium",
            "t4g.medium",
            "c1.xlarge",
            "c3.xlarge",
            "c4.xlarge",
            "m1.large",
            "m3.large",
            "t2.large",
            "t3.large",
            "a1.xlarge",
            "c5.xlarge",
            "c5a.xlarge",
            "c5ad.xlarge",
            "c5d.xlarge",
            "c6a.xlarge",
            "c6g.xlarge",
            "c6gd.xlarge",
            "c6gn.xlarge",
            "c6i.xlarge",
            "c6in.xlarge",
            "g5g.xlarge",
            "im4gn.large",
            "inf1.xlarge",
            "m4.large",
            "m5.large",
            "m6a.large",
            "m6g.large",
            "m6gd.large",
            "m6i.large",
            "m6idn.large",
            "m6in.large",
            "r6g.medium",
            "r6gd.medium",
            "t3a.large",
            "t4g.large",
            "c5n.xlarge",
            "is4gen.large",
            "c3.2xlarge",
            "c4.2xlarge",
            "g2.2xlarge",
            "m1.xlarge",
            "m3.xlarge",
            "r3.large",
            "i3.large",
            "r4.large",
            "t2.xlarge",
            "t3.xlarge",
            "a1.2xlarge",
            "c5.2xlarge",
            "c5a.2xlarge",
            "c5ad.2xlarge",
            "c5d.2xlarge",
            "c6a.2xlarge",
            "c6g.2xlarge",
            "c6gd.2xlarge",
            "c6gn.2xlarge",
            "c6i.2xlarge",
            "c6in.2xlarge",
            "g4dn.xlarge",
            "g5g.2xlarge",
            "i3en.large",
            "i4i.large",
            "im4gn.xlarge",
            "inf1.2xlarge",
            "m4.xlarge",
            "m5.xlarge",
            "r5.large",
            "r5a.large",
            "r5ad.large",
            "r5b.large",
            "r5d.large",
            "r5dn.large",
            "r5n.large",
            "r6g.large",
            "r6gd.large",
            "r6i.large",
            "r6idn.large",
            "r6in.large",
            "t3a.xlarge",
            "t4g.xlarge",
            "z1d.large",
            "m2.xlarge",
            "c3.4xlarge",
            "c4.4xlarge",
            "m3.2xlarge",
            "d2.xlarge",
            "i2.xlarge",
            "i3.xlarge",
            "r3.xlarge",
            "r4.xlarge",
            "t2.2xlarge",
            "t3.2xlarge",
            "a1.4xlarge",
            "a1.metal",
            "c5.4xlarge",
            "c5a.4xlarge",
            "c5ad.4xlarge",
            "c5d.4xlarge",
            "c6a.4xlarge",
            "c6g.4xlarge",
            "aws-marketplace:*"
          ]
        }
      }
    },
    {
      "Sid": "DenyLaunchOver50Instances",
      "Effect": "Deny",
      "Action": "ec2:RunInstances",
      "Resource": "arn:aws:ec2:*:*:instance/*",
      "Condition": {
        "NumericLessThanEquals": {
          "aws:RequestTag/NumberOfInstances": "50"
        }
      }
    }
  ]
}