Creating an AWS Cloud Lab

This document details the steps to create an AWS Cloud Lab as an assignment in Vocareum.  

ENABLING YOUR COURSE FOR AWS

1. Go to your Course Setting page - 

2. Under “Course Parameters,” set the Lab Session Length.  This is the duration that a student's AWS Cloud credential will be active. 

3. Enable “Cloud Resources,” and turn on the “Part Specific Account” option; and set other options as appropriate -

4. Click “Save class"

CREATING A LAB ASSIGNMENT

5. Click "Edit Assignments" to return to your course assignment page -  

6. Click "New" to create a new lab and name your lab, then click "Save and continue" -  

7.  Under "Advanced Settings", enable "No Submission" and "No Workarea" - 

8.  Click "Save" to commit the settings - 

SETTING UP A PART

9. Under the "Parts" section, click "+" to add a part - 

10.  Name the Part - 

11.  Under the "Workspace" section, set the Student IDE to "Basic" - 

 12.  Under the "Resources" section, select the "Cloud Labs" option, then enter the permitted spend per student - 

13.  Click "Save Part" to commit your changes - 

14.  Click "Configure Workspace" to create instructions and policy for your AWS Lab - 

CREATING A LAB POLICY (lab.policy)

15.  From the file browser, navigate to the "asnlib" directory under "resource", then click "New > File" - 

16. Name your file "lab.policy" - 

17.  Select "lab.policy" in the file browser, then create your instructions in the File editor.  You may copy-paste the following simple policy file as a starting point, which only permits the launch of smaller EC2 instances.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
           "cloudformation:ListStacks",
           "cloudformation:DescribeStackEvents",
           "cloudformation:GetTemplate",
           "cloudformation:ListStackResources",
           "cloudformation:DescribeStacks",
	   "CloudWatch:List*",
	   "CloudWatch:Get*",
	   "CloudWatch:Describe*",
           "iam:List*",
           "iam:Get*",
           "iam:Describe*",
           "ec2:*"
        ],
          "Effect": "Allow",
          "Resource": "*"
    },
    {
      "Action": [
        "ec2:RunInstances"
      ],
      "Condition": {
        "StringNotEquals": {
          "ec2:InstanceType": [
            "t2.micro",
            "t2.small"
          ]
        }
      },
      "Effect": "Deny",
      "Resource": "arn:aws:ec2:*:*:instance/*"
    },
    {
      "Action": [
        "ec2:RunInstances"
      ],
      "Condition": {
        "NumericGreaterThan": {
          "ec2:VolumeSize": "13"
        }
      },
      "Effect": "Deny",
      "Resource": "arn:aws:ec2:*:*:volume/*"
    },
    {
      "Action": [
        "ec2:StartInstances"
      ],
      "Condition": {
        "StringNotEquals": {
          "ec2:InstanceType": [
            "t2.micro",
            "t2.small"
          ]
        }
      },
      "Effect": "Deny",
      "Resource": "arn:aws:ec2:*:*:instance/*",
      "Sid": "OnlyAllowTheseInstances"
    },
    {
      "Action": [
        "ec2:*Spot*"
      ],
      "Effect": "Deny",
      "Resource": "*"
    },
    {
      "Action": [
        "ec2:CreateVolume"
      ],
      "Condition": {
        "NumericGreaterThan": {
          "ec2:VolumeSize": "13"
        }
      },
      "Effect": "Deny",
      "Resource": "*",
      "Sid": "LimitVolumeSize"
    },
    {
      "Action": "ec2:RunInstances",
      "Condition": {
        "StringNotEqualsIgnoreCase": {
          "ec2:Owner": "amazon"
        }
      },
      "Effect": "Deny",
      "Resource": [
        "arn:aws:ec2:*:*:image/*"
      ]
    }
  ]
}<br>

CREATING LAB INSTRUCTIONS (README.html)

18.  From the file browser, navigate to the "asnlib/public/docs" directory, then click "New > File" - 

19.  Name your file "README.html", then create your instructions in the File Editor.  You may copy-paste the following simple instructions as a starting point -

<h1>Sandbox Environment</h1>
<h3>Lab Overview</h3>
<p>This is a sandbox for ad-hoc exploration of AWS services.</p>
<ul>
    <li>Click "Start Lab" to start/restart the session timer and launch lab CloudFormation script (if any).</li>
    <li>Click "AWS" to launch the AWS Console in a new browser tab.</li>
    <li>Click "End Lab" to end your session.</li>
</ul>
<p>NOTE:  All resources are automatically cleaned up after your session is over.</p><br>

20.  Click "Update" to commit all your changes, then the Assignment name to return to the Assignment Settings - 

Still need help? Contact Us Contact Us