This document details the steps to create an AWS Cloud Lab as an assignment in Vocareum.
ENABLING YOUR COURSE FOR AWS
1. Go to your Course Setting page -
2. Under “Course Parameters,” set the Lab Session Length. This is the duration that a student's AWS Cloud credential will be active.
3. Enable “Cloud Resources,” and turn on the “Part Specific Account” option; and set other options as appropriate -
4. Click “Save class"
CREATING A LAB ASSIGNMENT
5. Click "Edit Assignments" to return to your course assignment page -
6. Click "New" to create a new lab and name your lab, then click "Save and continue" -
7. Under "Advanced Settings", enable "No Submission" and "No Workarea" -
8. Click "Save" to commit the settings -
SETTING UP A PART
9. Under the "Parts" section, click "+" to add a part -
10. Name the Part -
11. Under the "Workspace" section, set the Student IDE to "Basic" -
12. Under the "Resources" section, select the "Cloud Labs" option, then enter the permitted spend per student -
13. Click "Save Part" to commit your changes -
14. Click "Configure Workspace" to create instructions and policy for your AWS Lab -
CREATING A LAB POLICY (lab.policy)
15. From the file browser, navigate to the "asnlib" directory under "resource", then click "New > File" -
16. Name your file "lab.policy" -
17. Select "lab.policy" in the file browser, then create your instructions in the File editor. You may copy-paste the following simple policy file as a starting point, which only permits the launch of smaller EC2 instances.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:ListStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"CloudWatch:List*",
"CloudWatch:Get*",
"CloudWatch:Describe*",
"iam:List*",
"iam:Get*",
"iam:Describe*",
"ec2:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t2.micro",
"t2.small"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"NumericGreaterThan": {
"ec2:VolumeSize": "13"
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:StartInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t2.micro",
"t2.small"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Sid": "OnlyAllowTheseInstances"
},
{
"Action": [
"ec2:*Spot*"
],
"Effect": "Deny",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
],
"Condition": {
"NumericGreaterThan": {
"ec2:VolumeSize": "13"
}
},
"Effect": "Deny",
"Resource": "*",
"Sid": "LimitVolumeSize"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"StringNotEqualsIgnoreCase": {
"ec2:Owner": "amazon"
}
},
"Effect": "Deny",
"Resource": [
"arn:aws:ec2:*:*:image/*"
]
}
]
}
CREATING LAB INSTRUCTIONS (README.html)
18. From the file browser, navigate to the "asnlib/public/docs" directory, then click "New > File" -
19. Name your file "README.html", then create your instructions in the File Editor. You may copy-paste the following simple instructions as a starting point -
Sandbox Environment
Lab Overview
This is a sandbox for ad-hoc exploration of AWS services.
Click "Start Lab" to start/restart the session timer and launch lab CloudFormation script (if any).
Click "AWS" to launch the AWS Console in a new browser tab.
Click "End Lab" to end your session.
NOTE: All resources are automatically cleaned up after your session is over.
20. Click "Update" to commit all your changes, then the Assignment name to return to the Assignment Settings -