常用地址
S3大全地址:https://docs.aws.amazon.com/zh_cn/general/latest/gr/s3.html
AWS 定价:https://aws.amazon.com/cn/pricing/
AWS EC2服务器定价:https://aws.amazon.com/cn/ec2/pricing/on-demand/
Amazon EC2 实例配置:https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ebs-optimized.html
Amazon EBS 功能:https://aws.amazon.com/cn/ebs/features/
AWS 如何选择Centos
CentOS 7 (x86_64) - with Updates HVM
亚马逊云AWS EC2 SSH密钥丢失后的解决方案
首先对当前正在运行状态的EC2点击关闭。关机成功后,选中这个EC2,点击右上角的Actions操作按钮,展开Instance settings菜单,选择Edit user data。如下截图。
AWS EC2 的SSH密钥只能在创建实例或者新建密钥的时候下载,所以,储存时候需要放在一个固定的地方,小心重名而被替换,如果,不小心删掉了,而无法远程登陆时,可以采用此方法重新创建一个,然后替换掉原来的密钥。
该方法需要用到一些limux 编程命令,如果有不清楚的地方,可以上网搜索,也可以留言。
相关操作命令:
SSH 登陆: ssh -i "(密钥)" (用户名)@IPv4( DNS)
例如:ssh -i "new-key.pem" ubuntu@ec2-3-***.compute.amazonaws.com
密钥权限修改:chmod 400 new-key.pem
显示密钥内容:ssh-keygen -y -f new-key.pem
查询密钥文件是否存在:ls -all ~/.ssh/
显示文件内容:cat ~/.ssh/authorized_keys
修改文件:vim ~/.ssh/authorized_keys
切换root用户: sudo su
文件vim操作:请自行查找
Edit user data修改内容:
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
- name: username
ssh-authorized-keys:
- PublicKeypair
替换后的效果
Content-Type: multipart/mixed; boundary="//"
MIME-Version: 1.0
--//
Content-Type: text/cloud-config; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="cloud-config.txt"
#cloud-config
cloud_final_modules:
- [users-groups, once]
users:
- name: ec2-user
ssh-authorized-keys:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCNCwYGHZaabUBUHLxd3bJMTZQO/CaXvFxVBkn5vUVkeUEK+8uORh3431l3hI0WEnuF8G5V3MOc4HTS4IJ9uablXTuHILDQ3MIXHstd73s0vuMGAjjvXhil9hSbOFjjlMF5gquiYQ7jn5dr3pOGB0AR+0VxGNtz2lUZOoMjZ80u4vUQi765vF/yRpiAvUUGmYTmLmzep+ym6gJeiRmrF5+VhPCPrOJowIRo+tFGyy6IQ4mhf/9TnLc4GZ4z0/8Pe9N9Os0VNTzdSfgyuZh49jEUPm4IW4QOsAlnTlMewX53OHoAqdWQJemlT3gRLaxZQLeus1kFCI9CdXJwuJgQSAYX
确认EC2已经启动完成后,使用新的密钥登录EC2进行验证,删除Userdata中的公钥
LAM策略"工单和账单只读"权限
该策略允许用户访问和回复支持工单,并允许用户查看 AWS 账单。该策略的 "Action" 字段值现在包括 "aws-portal:ViewBilling",这表示用户可以查看账单信息。该策略的 "Resource" 字段值仍然为 "*",表示允许用户对所有支持工单资源和账单资源进行操作。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AccessWorkOrders",
"Effect": "Allow",
"Action": [
"support:*",
"aws-portal:ViewBilling"
],
"Resource": [
"*"
]
}
]
}
对象存储s3
配置公共读
{
"Version": "2012-10-17",
"Id": "S3PolicyId1",
"Statement": [
{
"Sid": "statement1",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-bucket/*"
}
]
}
“Resource”: “arn:aws:s3:::my-bucket/*” 这个地方“my-bucket”改成给自己的存储桶的名称
跨域配置
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"x-amz-server-side-encryption",
"x-amz-request-id",
"x-amz-id-2"
],
"MaxAgeSeconds": 3000
}
]
CDN配置参数选择
选择使用哪种 AWS CDN 默认策略取决于你的具体需求和应用场景。以下是这些策略的一些简要说明:
CachingOptimized
Policy with caching enabled. Supports Gzip and Brotli compression.
1、CachingOptimized:启用了缓存,并支持 Gzip 和 Brotli 压缩。适合需要高速度传输和较少带宽的应用程序。
CachingDisabled
Policy with caching disabled
2、CachingDisabled:禁用缓存,适合传输内容频繁变化的动态应用程序。
CachingOptimizedForUncompressedObjects
Default policy when compression is disabled
3、CachingOptimizedForUncompressedObjects:当禁用压缩时使用的默认策略。适用于无需压缩且需要缓存的静态内容。
Elemental-MediaPackage
Policy for Elemental MediaPackage Origin
4、Elemental-MediaPackage:用于 Elemental MediaPackage Origin,适用于流媒体应用程序。
Amplify
olicy for Amplify Origin
5、Amplify:用于 Amplify Origin,适用于 Web 应用程序。
需要注意的是,这些默认策略是可以自定义的,你可以根据自己的具体需求进行配置。另外,在选择 CDN 策略时,还需要考虑一些其他因素,如成本、可用性和安全性等。
以下是源请求策略
UserAgentRefererHeaders
Policy to forward user-agent and referer headers to origin
UserAgentRefererHeaders:将用户代理(user-agent)和引用来源(referer)标头转发到原始服务器;
AllViewer
Policy to forward all parameters in viewer requests
AllViewerPolicy:将所有查看者请求中的参数都转发到原始服务器;
CORS-S3Origin
Policy for S3 origin with CORS
CORS-S3OriginPolicy:用于具有CORS的S3源的策略;
CORS-CustomOrigin
Policy for custom origin with CORS
CORS-CustomOrigin:用于具有CORS的自定义源的策略;
Elemental-MediaTailor-PersonalizedManifests
Policy for Elemental MediaTailor Origin
Elemental-MediaTailor-PersonalizedManifestsPolicy:用于Elemental MediaTailor源的个性化清单策略;
AllViewerAndCloudFrontHeaders-2022-06
Policy to forward all parameters in viewer reguests and all CloudFront headers as of June2022
AllViewerAndCloudFrontHeaders-2022-06Policy:将2022年6月之前所有CloudFront标头以及所有查看者请求中的参数都转发到原始服务器;
AllViewerExceptHostHeader
Policy to forward all parameters in viewer requests except for the Host header
AllViewerExceptHostHeader:将除了Host标头之外的所有查看者请求中的参数都转发到原始服务器。
根据你的具体需求,选择适合你的策略即可。例如,如果你需要将所有查看者请求中的参数都转发到原始服务器,那么可以选择AllViewerPolicy;如果你使用具有CORS的S3源,则可以选择CORS-S3OriginPolicy。
响应标头策略
选择现有的响应标头策略或创建一个新的响应标头策略。
SimplecoRs
Allows all origins for simple CORS requests
SimplecoRs:允许所有来源(origin)进行简单的CORS请求;
CORS-With-Preflight
Allows all origins for CORS requests, including preflight requests
CORS-With-Preflight:允许所有来源进行CORS请求,包括预检请求(preflight requests);
CORS-with-preflight-and-SecurityHeadersPolicy
Allows all origins for CORS requests, including preflight requests, and adds security headers
CORS-with-preflight-and-SecurityHeadersPolicy:允许所有来源进行CORS请求,包括预检请求,并添加安全头(security headers);
CORS-and-SecurityHeadersPolicy
Allows all origins for simple CORS requests, and adds security headers
CORS-and-SecurityHeadersPolicy:允许所有来源进行简单的CORS请求,并添加安全头;
SecurityHeadersPolicy
Adds a set of security headers to every response
SecurityHeadersPolicy:向每个响应添加一组安全头。
根据你的具体需求,选择适合你的策略即可。
例如,如果你需要允许所有来源进行CORS请求,并且需要添加安全头,可以选择CORS-with-preflight-and-SecurityHeadersPolicy;如果你只需要允许所有来源进行简单的CORS请求,可以选择SimplecoRs。
AWS Organizations
策略
服务控制策略
Only_allowed
编辑策略
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "DenyOtherServices",
"Effect": "Deny",
"NotAction": [
"support:*",
"Lightsail:*",
"DevOps-Guru:*",
"s3:*",
"ec2:*",
"route53:*",
"route53domains:*",
"cloudshell:*",
"mobiletargeting:*",
"ssm:*",
"servicecatalog:*",
"workspaces:*",
"cloudwatch:*",
"billingconductor:*",
"servicecatalog:*",
"secretsmanager:*",
"glue:*",
"globalaccelerator:*",
"ds:*",
"ce:*",
"codeartifact:*",
"cloudtrail:*",
"sdb:*",
"rds:*",
"rekognition:*",
"ecr:*",
"iam:*",
"cloudfront:*",
"cloudsearch:*",
"acm:*",
"acm-pca:*",
"autoscaling:*",
"application-autoscaling:*",
"autoscaling-plans:*",
"account:*",
"billing:*",
"aws-portal:*",
"consolidatedbilling:*",
"elasticloadbalancing:*",
"codestar-notifications:*",
"notifications:*",
"notifications-contacts:*",
"waf:ListWebACLs",
"ec2-instance-connect:*",
"kms:*",
"wafv2:ListWebACLs",
"aws-marketplace:*",
"compute-optimizer:*"
],
"Resource": "*"
},
{
"Sid": "DenyLaunchHighCPUInstanceTypes",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"ForAllValues:StringNotEquals": {
"ec2:InstanceType": [
"t2.nano",
"t3.nano",
"t3a.nano",
"t4g.nano",
"t1.micro",
"t2.micro",
"t3.micro",
"t3a.micro",
"t4g.micro",
"c1.medium",
"m1.small",
"t2.small",
"t3.small",
"a1.medium",
"c6g.medium",
"c6gd.medium",
"c6gn.medium",
"t3a.small",
"t4g.small",
"m1.medium",
"c3.large",
"c4.large",
"m3.medium",
"t2.medium",
"t3.medium",
"a1.large",
"c5.large",
"c5a.large",
"c5ad.large",
"c5d.large",
"c6a.large",
"c6g.large",
"c6gd.large",
"c6gn.large",
"c6i.large",
"c6in.large",
"t3a.medium",
"t4g.medium",
"c1.xlarge",
"c3.xlarge",
"c4.xlarge",
"m1.large",
"m3.large",
"t2.large",
"t3.large",
"a1.xlarge",
"c5.xlarge",
"c5a.xlarge",
"c5ad.xlarge",
"c5d.xlarge",
"c6a.xlarge",
"c6g.xlarge",
"c6gd.xlarge",
"c6gn.xlarge",
"c6i.xlarge",
"c6in.xlarge",
"g5g.xlarge",
"im4gn.large",
"inf1.xlarge",
"m4.large",
"m5.large",
"m6a.large",
"m6g.large",
"m6gd.large",
"m6i.large",
"m6idn.large",
"m6in.large",
"r6g.medium",
"r6gd.medium",
"t3a.large",
"t4g.large",
"c5n.xlarge",
"is4gen.large",
"c3.2xlarge",
"c4.2xlarge",
"g2.2xlarge",
"m1.xlarge",
"m3.xlarge",
"r3.large",
"i3.large",
"r4.large",
"t2.xlarge",
"t3.xlarge",
"a1.2xlarge",
"c5.2xlarge",
"c5a.2xlarge",
"c5ad.2xlarge",
"c5d.2xlarge",
"c6a.2xlarge",
"c6g.2xlarge",
"c6gd.2xlarge",
"c6gn.2xlarge",
"c6i.2xlarge",
"c6in.2xlarge",
"g4dn.xlarge",
"g5g.2xlarge",
"i3en.large",
"i4i.large",
"im4gn.xlarge",
"inf1.2xlarge",
"m4.xlarge",
"m5.xlarge",
"r5.large",
"r5a.large",
"r5ad.large",
"r5b.large",
"r5d.large",
"r5dn.large",
"r5n.large",
"r6g.large",
"r6gd.large",
"r6i.large",
"r6idn.large",
"r6in.large",
"t3a.xlarge",
"t4g.xlarge",
"z1d.large",
"m2.xlarge",
"c3.4xlarge",
"c4.4xlarge",
"m3.2xlarge",
"d2.xlarge",
"i2.xlarge",
"i3.xlarge",
"r3.xlarge",
"r4.xlarge",
"t2.2xlarge",
"t3.2xlarge",
"a1.4xlarge",
"a1.metal",
"c5.4xlarge",
"c5a.4xlarge",
"c5ad.4xlarge",
"c5d.4xlarge",
"c6a.4xlarge",
"c6g.4xlarge",
"aws-marketplace:*"
]
}
}
},
{
"Sid": "DenyLaunchOver50Instances",
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Condition": {
"NumericLessThanEquals": {
"aws:RequestTag/NumberOfInstances": "50"
}
}
}
]
}