AWS Lab

AWS Lab

• AWS Lab
• 1. beginning
  • 启动实例
  • 2 连接实例
    • remote desktop
  • 1.3 终止您的实例
• 2. begin
  • 2.1 Active directory
    • 2.1.1 部署AD
      • 2.1.1.1 部署环境
      • 2.1.1.2 森林模型
      • 2.1.1.3 角色安装
      • 2.1.1.4 运行AD DS部署向导
    • 2.1.2 新建组织单位、组、用户
      • 2.1.2.1 新建组织单位
      • 2.1.2.2 新建组
      • 2.1.2.3 新建用户
• DNS 配置
  • Assigning a FQDN (Fully Qualified Domain Name) to an EC2 Instance Using Route 53
    • 2.1.4 Active Directory Deployment and Management \& Administration
      • 2.1.4.1 Deploying Remote Domain Controllers
        • 2.1.4.1.1 Add Active Directory Domain Services
        • 2.1.4.1.2 Deploy a second domain controller
        • 2.1.4.1.3 Verify the new domain controller
        • 2.1.4.1.4 Deploy a third domain controller
        • 2.1.4.1.5 Verify the new domain controller
• 3. web server
  • 3.1 IIS manage
    • 3.1.1 server certificates
    • 3.1.2 mmc
    • 3.1.3 CA locally
• 4. file server
  • 4.1 NAS
    • 4.1.1 shares
  • 4.2 SAN
• 5. DNS
  • 5.1 install roles: DNS
  • 5.3 DNS 设置
  • registry editor
• 6. VPN
• Database

–

1. beginning

prepare a launch instance

ref: https://darrenoneill.eu/?p=816

启动实例

1. EC2
2. Launch Instance
3. choose Amazon Machine Image.AMI.Amazon 系统映像 :
   • Windows_Server-2016-English-Full-Base-2018.09.15 (ami-01945499792201081)
4. Choose Instance Type 实例硬件配置: t2.micro 类型.
5. Review and Launch
6. [dont]Review Instance Launch (查看实例启动) > Security Groups (安全组) > Edit security groups > 在 Configure Security Group 页面上，确保 *Select an existing security group* 处于选中状态。> 从现有安全组列表中选择您的安全组 > *Review and Launch*。> 在 Review Instance Launch 页面上 > *Launch*。
7. security group
   • RDP for Windows
   • SSH for Linus
8. select an existing key pair or create a new key pair 提供密钥
   • Choose an existing key pair，然后选择您在进行设置时创建的密钥对。
   • Create a new key pair, 新建密钥对。
     • 输入密钥对的名称，然后选择 Download Key Pair。
       • kay pair name: 3rdQAQ
     • 保存 私有密钥文件 的唯一机会，因此务必单击进行下载。
     • 将私有密钥文件保存在安全位置。当您启动实例时，您将需要提供密钥对的名称；
     • 每次连接到实例时，您将需要提供相应的私有密钥。
   • 准备好后，选中确认复选框，然后选择 Launch Instances。

Click your instance ID to see the instance: i-0af1171b0089f1cdf

1. 确认页面会让您知道自己的实例已启动。选择 View Instances 以关闭确认页面并返回控制台。
2. 在实例屏幕上，您可以查看启动状态。启动实例只需很短的时间。
   • 实例初始状态为 pending, 启动后变为 running
   • 并收到一个公有 DNS 名称。
   • (如果 Public DNS (IPv4) 列已隐藏，请选择页面右上角的 Show/Hide Columns (齿轮状图标)，然后选择 Public DNS (IPv4)。)

1. 需要几分钟准备好实例，以便您能连接到实例。检查您的实例是否通过了状态检查；您可以在 Status Checks 列中查看此信息。

2 连接实例

remote desktop

---

for windows

1. 在 Amazon EC2 控制台 > 选择实例 > Connect。
2. Connect To Your Instance > Download Remote Desktop File。保存 .rdp 文件。
3. Connect To Your Instance 对话框中 > Get Password (密码在实例启动几分钟之后才可用)。
4. 选择 Browse > 启动实例时所创建的私有密钥文件 > 选择文件并打开，以便将文件的全部内容复制到 Contents 字段。
5. 选择 Decrypt Password。控制台将在对话框中显示实例的 默认管理员密码，会将先前显示的 Get Password (获取密码) 链接替换为实际密码。
6. 记录默认管理员密码，复制到剪贴板。需要使用此密码连接实例。

Public DNS:	ec2-54-208-4-102.compute-1.amazonaws.com
User name:	Administrator
Password: xpEJy2MC;gB%kNmgoloMu6l57Pm7TmOy

---

forLinux Ubuntu

1. access

chmod 400 forubuntu.pem
cd ~
cd .ssh
vi/touch config

# IPv4 Public IP  3.22.168.152
// add follow line
// public ipv4 will Change
// update it every time
Host awsubuntu
    HostName 3.22.168.152
    User ubuntu
    IdentityFile /Users/luo/Documents/code/aws/forubuntu.pem

Esc -> :wq

1. remote access

Create new user with password login

sudo useradd -m username
sudo passwd username
sudo usermod -aG admin username

sudo vim /etc/ssh/sshd_config
# edit line
"PasswordAuthentication" no to yes

sudo /etc/init.d/ssh restart

-------------------------------

Setting up ui based ubuntu machine on AWS.
In security group open port 5901. Then ssh to the server instance. Run following commands to install ui and vnc server:
sudo apt-get update    //long time
sudo apt-get install ubuntu-desktop
sudo apt-get install vnc4server

-------------------------------

sudo apt install x11vnc

x11vnc -storepasswd
Enter VNC password:
Verify password:
Write password to /home/bob/.vnc/passwd?  [y]/n y
Password written to: /home/bob/.vnc/passwd

x11vnc -usepwsudo

-------------------------------

// doesnt works
Then run following commands
enter the login password for vnc connection:


su - username

vncserver

vncserver -kill :1
sudo apt-get install gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal
exec sh /etc/X11/xinit/xinitrc.  //error: can open
vim /home/bob/.vnc/xstartup


#修改后的配置文件如下所示（原先文件中的可以通过#注释掉）
#!/bin/sh

export XKL_XMODMAP_DISABLE=1
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
gnome-session &
gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &

关闭之前建立的那个桌面。再新建一次，此时图形化界面0已经可以用了

vncserver -kill :0
vncserver :0

#或利用如下语句桌面0的限定分辨率

1. linkit

// use your IPv4 Public IP
nmap -T4 -F 3.22.168.152
//see the port number
5900/tcp open     vnc

//use VNC viewer
3.22.168.152:5900
// run

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

1. connect

   $ ssh -p 22 -i path/to/pemfile centos@ec2-3-20-204-154.us-east-2.compute.amazonaws.com
   

2. Install apt-get in CentOS ```bash curl https://raw.githubusercontent.com/dvershinin/apt-get-centos/master/apt-get.sh -o /usr/local/bin/apt-get chmod 0755 /usr/local/bin/apt-get apt-get update

sudo yum install wget

**convert the key**


```py
Mac:
1. Installation using Homebrew: `sudo brew install putty`
2. Installation using MacPorts: `sudo port install putty`
3. PuTTY installed, convert PuTTY derived private key format to OpenSSH.

command –
# convert the private key to standard PEM format
$ puttygen privatekey.ppk -O private-openssh -o privatekey.pem
# Converting .Pem to .Ppk
$ sudo puttygen pemKey.pem -o ppkKey.ppk -O private

centos@ec2-3-20-204-154.us-east-2.compute.amazonaws.com

---

1.3 终止您的实例

1. EC2 > 选择 Instances。
2. 依次选择 Actions、Instance State 和 Terminate。
3. 当系统提示您确认时，选择 Yes, Terminate。
4. Amazon EC2 关闭并终止您的实例。您的实例在终止之后，短时间内仍将在控制台上可见，然后该条目将被删除。

---

2. begin

2.1 Active directory

2.1.1 部署AD

2.1.1.1 部署环境

编号|服务器名称|IP地址|操作系统 —|—|—|— 001|AD1|192.168.100.250|Windows Server 2016 Datacenter Evaluation

2.1.1.2 森林模型

forest root domain: YG division1: iKON division1: BP division1: WINNER

2.1.1.3 角色安装

1. server manager > dashboard > add roles and features
2. installation type > role-based or feature-based installation
3. server selection > select a server from the server pool > PC1
4. server roles > Active Directory domain services > add features
5. install
6. close

2.1.1.4 运行AD DS部署向导

1. (部署新的AD控制器)
2. promote this server to a domain controller > active directory domain services configuration wizard
3. deployment configuration > add a now forest > yg.com
   • add a domain controller to an existing domain：在现有的域控制器中添加新的域控制器
   • add a new domain to an existing forest：在现有的林中新建域，与林中现有的域不同
   • add a now forest：在没有林的情况下新建林
4. domain controller options 域控制器选项：

   • select functional level of the new forest and root domain:

     • forest functional level: 包含Windows Server 2008到Windows Server 2016级别都有 > Windows Server 2016
     • domain functional level: 只包含Windows Server 2016域功能 > Windows Server 2016

   • specify domain controller capabilities 指定域控制器功能 > 默认

   • type the Directory Services Restore Mode(DSRM) password 键入目录服务还原模式密码> Password1.

   • next

   • DNS options > create DNS delegation > 默认不选

5. additional options > the NetBIOS domain name > YG
6. paths > 默认
7. review options >

Configure this server as the first Active Directory domain controller in a new forest.

The new domain name is "yg.com". This is also the name of the new forest.

The NetBIOS name of the domain: YG

Forest Functional Level: Windows Server 2016

Domain Functional Level: Windows Server 2016

Additional Options:
  Global catalog: Yes
  DNS Server: Yes
  Create DNS Delegation: No

Database folder: C:\Windows\NTDS
Log file folder: C:\Windows\NTDS
SYSVOL folder: C:\Windows\SYSVOL

The DNS Server service will be configured on this computer.

This computer will be configured to use this DNS server as its preferred DNS server.

The password of the new domain Administrator will be the same as the password of the local Administrator of this computer.

1. prerequisites check > install
2. 正在进行自动部署，部署完成后会自动重启服务器
3. AD域控制器部署完成 > server manager > tool > Active Directory users and computers > 就可以看到我们刚才部署好的域，这样一个完整的域就部署完成了

2.1.2 新建组织单位、组、用户

2.1.2.1 新建组织单位

• 组织单位: OU Organizational Unit, 是可以将用户、组、计算机和组织单位放入其中的容器。是可以指派组策略设置或委派管理权限的最小作用域或单元。
  1. server manager > tool > Active Directory users and computers > yg.com(forest) > 右击新建 > OU，也可以单击工具栏中的“新建组织单位”按钮进行新建组织单位
  2. 设置组织单位名称 > client user > 打勾 protect container from accidental deletion > ok.

2.1.2.2 新建组

• Group: 组可以添加用户成员，也可以隶属于组
  1. server manager > tool > Active Directory users and computers > client user(OU) > 右击新建 > Group, 也可以单击工具栏中的“新建组”按钮进行新建组
  2. New object - group > group name: server user > ok

2.1.2.3 新建用户

• User: 登录到域中计算机的帐户
  1. server manager > tool > Active Directory users and computers > client user(OU) > 右击新建 > user, 也可以单击工具栏中的“新建组”按钮进行新建组
  2. new object - user > 设置用户pname info… ljy > 设置用户password 114114L0. > finish

Full name: Jy L
User logon name: ljy@yg.com
The user must change the password at next logon.

右击“Client User”组织单位-“新建”-“用户”，也可以单击工具栏中的“新建用户”按钮进行新建用户

DNS 配置

• 一般情况下， 域中有三种计算机:
  • 域控制器: 存储着 Active Directory；
  • 成员服务器: 负责提供邮件，数据库，DHCP等服务;
  • 工作站: 用户使用的客户机。

一 DNS前期准备

DNS 服务器对域来说是不可或缺的， 一方面，域中的计算机使用 DNS 域名，DNS 需要为域中的计算机提供域名解析服务； 另外一个重要的原因是域中的计算机需要利用 DNS 提供的 SRV 记录来定位域控制器，因此我们在创建域之前需要先做好 DNS 的准备工作。

究竟由哪台计算机来负责做 DNS 服务器呢？ 一般工程师有两种选择，要么使用域控制器来做 DNS 服务器，要么使用一台单独的 DNS 服务器。

这里使用一台独立的计算机来充当 DNS 服务器，这台 DNS 服务器不但为域提供解析服务，也为公司其他的业务提供 DNS 解析支持， 大家可以根据具体的网络环境来选择 DNS 服务器。

Assigning a FQDN (Fully Qualified Domain Name) to an EC2 Instance Using Route 53

1. create EC2

- On the Configure Instance Details page:
    - Network: Leave default
    - Subnet: us-east-1
    - Auto-assign Public IP: Enable
- On the Add Tags page, add the following tag:
    - Key: Name
    - Value: FQDN EC2
- Click Next: Configure Security Group.
    - Select Create a new security group.
    - Click Add Rule, and set the Type to HTTPS.
    - Click Add Rule, and set the Type to HTTP.

2. connect

chmod 400 lab.pem
ssh -i "lab.pem" ec2-user@public_dns_of_ec2

3. install
sudo yum update -y
sudo yum install -y httpd
sudo service httpd start
sudo chkconfig httpd on

4. Check http
ec2-100-25-33-79.compute-1.amazonaws.com


5. Create Record Sets

First Record Set
- Navigate to Route 53 in the AWS console.
- Click "Hosted zones".
- Select the listed zone.
- Click "Go to Record Sets".
- Click "Create Record Set".
- Set the following values:
    - Name: Leave as-is
    - Type: A — IPv4 address
    - Alias: No
    - TTL (Seconds): 300
    - Value: instances public IP address
    - Routing Policy: Simple
    - Click Create.

Second Record Set
- Click Create Record Set.
- Set the following values:
    - Name: www
    - Type: A — IPv4 address
    - Alias: No
    - TTL (Seconds): 300
    - Value: instances public IP address
    - Routing Policy: Simple
    - Click Create.

After a few minutes, open a new browser tab and paste in the domain names for both record sets we created. They should both result in the Linux Apache test page.

2.1.4 Active Directory Deployment and Management & Administration

Computers in this lab:

Virtual Machine | Role —|— DC | An existing domain controller. Server1 | A future domain controller created during the lab. Server2 | A future domain controller created during the lab. All user accounts in this lab use the password Passw0rd!

2.1.4.1 Deploying Remote Domain Controllers

2.1.4.1.1 Add Active Directory Domain Services

• add the Active Directory Domain Services role which is required before configuring the server as a domain controller.
• logged on to DC as Contoso\Administrator with the password Passw0rd!

1. Open Server Manager, and then click Add other servers to manage.
2. In the Name (CN): dialog box type Server1, and then click Find Now.
3. Click Server1, and then click the add arrow.
4. Repeat steps 2-4 to add Server2, and then click OK.
5. In Server Manager, click All Servers
6. Highlight Server1, click Manage, and then click Add Roles and Features.
7. Click Next until you reach Select destination server.
8. Click Server1, and then click Next.
9. Check the Active Directory Domain Services check box, click Add Features, and then click Next.
10. Click Next until you reach the end of the wizard, and then click Install. NOTE: This does not configure a domain controller, but installs the Active Directory components.
11. Once the installation has started, click Close.

2.1.4.1.2 Deploy a second domain controller

• use Server Manager to deploy a second domain controller on a remote server in your domain.
• logged on to DC as Contoso\Administrator with the password Passw0rd!

1. In Server Manager > notification flag > click Task Details.
   • IMPORTANT: You may need to wait for the installation activity from the previous exercise to complete before proceeding.
2. When the feature installation is complete, in the Task Details dialog box, > Add Roles and Features action. A configuration is required message is displayed. Click Close.
3. In the Task Details dialog box, locate the task with the message Configuration required for Active Directory Domain Services at Server1, and then click Promote this server to a domain controller.
4. On the Deployment Configuration page, click Change, type Contoso\administrator and the password Passw0rd! > OK.
5. Click Next.
6. On the Domain Controller Options page, under Type the Directory Services Restore Mode (DSRM) password, in Password and Confirm password, type Passw0rd! > click Next.
7. Click Next until you reach the Review Options page.
8. Click View Script.
9. Save the script file as InstallDC.txt on your desktop.
10. Close Notepad.
11. Click Next, and then when the prerequisites check completes, click Install.
    • NOTE: The installation progress will be shown in Server Manager. Wait until complete.
12. Click OK if prompted > Close.
13. Close the Task Details dialog box.
    • IMPORTANT: wait for the server to restart before moving to the next step in this lab.

2.1.4.1.3 Verify the new domain controller

• verify that the new domain controller is operational.
• Perform this task logged on to DC as Contoso\Administrator with the password Passw0rd!

1. Open Server Manager
2. On the Tools menu, click Active Directory Sites and Services.
3. Navigate to Sites/Default-First-Site-Name > click Servers.
4. Verify that you see DC and Server1 as domain controllers.
5. Minimize the Active Directory Sites and Services console.

2.1.4.1.4 Deploy a third domain controller

• use the Active Directory module for Windows PowerShell to deploy a third domain controller.
• Perform this task logged on to DC as Contoso\Administrator with the password Passw0rd!

1. On the taskbar, click Windows PowerShell.
2. Type the following commands, pressing ENTER after each one.

Install
-WindowsFeature
–Name AD-Domain-Services
–ComputerName Server2
Invoke
-Command
–ComputerName Server2
–ScriptBlock {
Import-Module ADDSDeployment;Install
-ADDSDomainController
–NoGlobalCatalog:$False
–CreateDNSDelegation:$False
–Credential (Get-Credential)
–CriticalReplicationOnly:$False
–DatabasePath “C:\Windows\NTDS”
–DomainName “Contoso.com”
–InstallDNS:$True
–LogPath “C:\Windows\NTDS”
–NoRebootOnCompletion:$False
–SiteName “Default-First-Site-Name”
–SysVolPath “C:\Windows\SysVol”
}

TIP: You can use tab completion on all parameters to simplify typing.

1. When prompted for credentials, enter the username Contoso\Administrator and the password Passw0rd!.
2. prompted for a SafeModeAdministratorPassword > type Passw0rd! > press ENTER.
3. prompted to confirm the SafeModeAdministratorPassword > type Passw0rd!> press ENTER.
4. prompted that the server will be configured as a domain controller > press Y > press ENTER.
5. Wait for the command to complete, and then close the Windows PowerShell window.

2.1.4.1.5 Verify the new domain controller

• verify that the new domain controller is deployed.
• Perform this task logged on to DC as Contoso\Administrator with the password Passw0rd!
  1. From the taskbar, maximize the Active Directory Sites and Services console you minimized in a previous step.
  2. Navigate to Sites/Default-First-Site-Name > click Servers.
  3. Verify that you see DC, Server1 and Server2 as domain controllers.
  • TIP: You need to press F5 to refresh the view.
    1. Close Active Directory Sites and Services.

3. web server

add role - web server (IIS) (24 of 43 installed)

3.1 IIS manage

• windows administrative tools > internet information services IIS
• server manager > tools > internet information services IIS

  3.1.1 server certificates

  1. get a csr
  • create a certificate request

  • distinguished name properties > put your company info

  • get a csr
    1. export > copy to server
  • get reply p7b form company emial

  • p7b > global root xx, host lmsr.

  • lms > right clip all task > export lms.cer

    1. complete certificate install

  • complete certificate request > load lms.cer

    1. blindling
  • sites

  • default web site > right clip > edit blinding

  • add > https

  • add site blinding > edit info, host name > SSL certificate > select lms.cer > ok

3.1.2 mmc

1. run > mmc

2. console1 > file > add or remove snap-ins

3. available snap-ins > certificates > add

4. computer account > next

5. local computer > finish

6. ok

7. get a certificates (Local computer)

3.1.3 CA locally

4. file server

4.1 NAS

1. NAS(file): network attached storage
   • multiple pc connected with switch and then connected with NAS
   • like facebook
2. file system
   • emc isilon: oneFS
     • one the owner has access to the date at his shares
   • windows: NTFS

4.1.1 shares

1. computer management > share folders > shares
2. right clip> new share

3. create a shared folder wizard > folder path (the file you ant to share) > xx folder > next

4. nect

5. shared folder permission > customer permissions > custom

6. customize permissions > add > enter the object names to select

7. next until finish

8. get a new shared named “xx”
9. reviewed the shared folder
10. xx folder > properties > sharing > advanced settings

4.2 SAN

1. SAN(block): storage area network
   • storage thats based on fiber channel/SCSI to create pool of storage
   • biliding VMs, servers,

5. DNS

DNS服务器是(Domain Name System)域名系统或者域名服务,域名系统为Internet上的主机分配域名地址和IP地址。用户使用域名地址，该系统就会自动把域名地址转为IP地址。 transfer ip address to domain name. 域名服务是运行域名系统的Internet工具。执行域名服务的服务器称之为DNS服务器，通过DNS服务器来应答域名服务的查询。

5.1 install roles: DNS

5.3 DNS 设置

registry editor

• to remote someone pc
  1. Pc > regedit

  2. Computer > local_user > system > currentcontrolset > control > Terminal Sserver

  • fDenyTSConnections

  • 1 > noone can remote my pc
  • 0 > allow remote control

    1. file > connect network registry

• computer management

• service and application > services

• remote registry > change disable to automatically

// but it can be change remotely

• computer management

• right clip > remote other computer

• System tools > task viewer > create basic task

• computer management

• System tools> task viewer > create basic task

  • Shutdown -r

---

6. VPN

1. create VPC

1. Create Subnet
   • Subnets > Create subnet
2. Create Network Access Control Lists (NACLs)
   • Network ACLs > Create network ACL
   • inbound/outbound rules
   • subnet association: associate Each with the Proper Subnet
3. Create Internet Gateway
   • Create internet gateway.
   • Actions > Attach to VPC.
4. Create Route Tables
   • if link to internet:
   • add Add route
     • Destination: 0.0.0.0/0
     • Target: Internet Gateway > IGW

---

Database

1. Configure the Security Groups, Route Tables, and NACL
   • NACL permits
     • port 22 for SSH
     • port 3306 for MySQL/Aurora.
   • two route tables exist: one utilizing an internet gateway and another with no IGW/NAT routes.
   • Verify the private subnet is associated with the route table that does not contain an internet gateway.
   • Verify the public subnet is associated with the route table that does contain an internet gateway.
   • security group
     • containing rules to permit port 22 and 3306 from 0.0.0.0/0, and assign this security group to the EC2 bastion.
2. Create an RDS Aurora Database
   • Create a T2.small RDS Aurora database, ensuring the database is launched in a private subnet.
   • Ensure the security group associated with the RDS Aurora database permits traffic on TCP 3306.
   • Use MySQL Workbench to verify connectivity, ensuring the Connection Method is set to Standard TCP/IP over SSH, and SSH Key File is set to your previously downloaded .pem key.
3. Create Database Subnet Group
   • Navigate to RDS.
   • Click Subnet groups in the left-hand menu.
   • Click Create DB Subnet Group, and set the following values:
   • Click Add all the subnets related to this VPC.
   • When the list of subnets appear, click to Remove the public subnet.
4. Create Database
   • Click Databases in the left-hand menu.
   • Click Create database.
   • Engine options section:
     • Engine type: Amazon Aurora
     • Edition: Amazon Aurora with MySQL compatibility
     • Version: Aurora(MySQL)-5.6.10a
     • Database Location: Regional
   • Database features section: select One writer and multiple readers.
   • Templates section: Dev/Test.
   • Settings:
     • DB cluster identifier: AuroraInstance
     • Master username: Admin
     • Master password:
   • DB instance size section:
     • DB instance class: Burstable classes (includes t classes) > select db.t2.small
   • Availability & durability section:
     • set Multi-AZ deployment to Create an Aurora Replica/Reader node in a different AZ.
   • Connectivity section, ensure the LinuxAcademy VPC is selected.
     • Expand Additional connectivity configuration.
     • Select the Aurora Subnet Group
     • Set the Publicly accessible flag to No.
     • Under VPC security group, select Choose existing, remove the default security group, and select the previously created security group named Database.
   • Additional configuration section, set the following values:
     • Database Options section: DB instance identifier to AuroraInstance
     • Database Options section: Initial database name to Testdb
     • Monitoring section, disable enhanced monitoring
     • Deletion protection section, disable deletion protection
   • Create database. It will take a few minutes to finish being created.

On the database dashboard, click aurorainstance. Copy the endpoint name that’s associated with the Writer type, and paste it into text file, as we’ll need it for the next step. (Note: Make sure you wait until its status is Available before attempting to connect in the next step.)

1. Verify Connectivity Using MySQL Workbench
   • Open MySQL Workbench.
   • Click the plus sign by MySQL Connections.
   • Setup New Connection dialog, set the following values:
     • Connection Name: Aurora
     • Connection Method: Standard TCP/IP over SSH
     • SSH Hostname: Paste in the public IP address of our EC2 instance (which you copied earlier)
     • SSH Username: ec2-user
     • SSH Key File: Select the .pem key file we previously downloaded
     • MySQL Hostname: Paste in the endpoint name you copied in the previous part of the lab
     • Username: Admin
     • Password: Store in Vault…, and enter the password you entered when creating the database
     • Click Test Connection.
   • If an error pops up, this is fine — click Ok.
   • You should eventually see the connection was successful.

   • Click OK in the Setup New Connection dialog.

   • Double-click the new Aurora connection option that now exists, which will open the SQL Editor.
   • Run the query SHOW DATABASES; return the TestDb schema — the one we identified while creating the Aurora database.
   • Conclusion
   • Congratulations on completing this hands-on lab!

.