Copying key pairs to your bastion host

When using a bastion host to protect your Oracle database from anyone on the internet getting into your database instance, you will need to copy the 1024-bit SSH-2 RSA key to your bastion EC2 instance.  This is can be done using Linux secure copy (SCP):

scp -i /Users/tom/EC2KeyPairs/AWSThreeDayIAM.pem DBSysOPS.pem ec2-user@54.22.37.178:~/.

Where:
1. -i /Users/tom/EC2KeyPairs/AWSThreeDayIAM.pem : Is the key to the bastion host.
2. DBSysOPS.pem is the key file for your Oracle database server.
3. ec2-user@54.22.37.178:~/. is your EC2 instance and file location where the key file will be copied.

EC2 instances life cycle

Here is a mapping of server hardware lifecycle to AWS EC2:

1. Start : On AWS - ec2-start-instances  

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-StartInstances.html

Note: This is different then instantiating an instance for the the first time (from an AMI).  The command for this is ec2-run-instances.

2. Reboot : On AWS - ec2-reboot-instances

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RebootInstances.html

(If a Linux/UNIX instance does not cleanly shut down within four minutes, Amazon EC2 will perform a hard reboot)

Note: Instance reboots are reboots of your virtual instance, and are equivalent to an operating system reboot.  You can also reboot your instance from the operating system of your instance. More here: http://serverfault.com/questions/350581/differences-between-reboot-and-ec2-reboot-instances

3. Hard kill : ec2-stop-instances 

http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-StopInstances.html

4.AWS option : ec2-terminate-instances http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-TerminateInstances.html

Note: This would be like throwing away a machine but keeping the hard drive.

Tagging instances can be done at anytime using the ec2-create-tags command.

Route 53 as your DNS service

    Navigate to your Route 53 service.  
     1. Go the Hosted zones page and Click the “Create Hosted Zone” button. Type in any hosted zone name. For example, saponaws.com

       2. After zone is created you will see a page that includes the four domain name services (aka the delegation set).  Select the Delegation set to place into your domain details for your domain on godaddy (in this case saponaws.com)

       3.Go to your domain name registry (in this case godaddy) and launch (godaddy terminology) your domain name to set your Nameservers.  Use the four name services/delegation set retrieved in step 2.

       4.Go to your web site: saponaws.com. Two issues: DNS has not been propagated to the servers on the internet and your domain does not point to anything on Route 53. Let’s take care of the second issue.

       5. Go to create record set for the hosted domain saponaws.com.  Create the record set and point it to your elastic ip, elastic load balancer, or S3 bucket.  In this case, I will use an elastic IP.  This means I have no automatic HA for my web site.  If my EC2 instances goes down, I my web site goes down.  I should either but my web site on S3 (static web pages only) or use an ELB.  I could even point my web site to a private EC2 instance IP. This would be even less resilient than using an elastic IP.  

      6.  Test the web site again.  It will not come up until all internet routing tables have been propagated.  This can take a couple hours.