ENABLING YOUR COURSE FOR AWS
1. Go to your Course Setting page -
2. Under "Course Parameters," set the Lab Session Length. This is the default duration that a student's AWS Cloud credential will be active for each lab in the course. Note: this parameter may be overridden at the part level (below).
3. By default, all cloud resources are terminated at the end of a user session, however if you need resources to remain in place, you may choose "stop resources" under "End Lab Behavior". This will retain all the data (S3, databases) and stop (but not terminate) any VMs in the user accounts.
4. Click "Save Class"
CREATING A LAB ASSIGNMENT
5. Click "Edit Assignments" to return to your course assignment page -
6. Click "New Assignment" to create a new lab and name your lab, then click "Save and Continue" -
7. Under "Advanced Settings," enable "No Submission" and "No Workarea" -
8. Click "Save" to commit the settings -
SETTING UP A PART
9. Under the "Parts" section, click "+" to add a part -
10. Name the Part and Save Part
11. Select your Lab Type -
12. Under the "Lab Resources" section, select the "Cloud Labs" option -
13. Enter the allowed spend (budget) for each student -
14. Click "Save Part" to commit your changes -
14. Click "Configure Workspace" to create instructions and policy for your AWS Lab -
CREATING A LAB POLICY (lab.policy)
15. From the file browser, navigate to the "asnlib" directory under "resource," then click "New" > "File" -
16. Name your file "lab.policy" -
17. Select "lab.policy" in the file browser, then create your instructions in the File editor. You may copy-paste the following simple policy file as a starting point, which only permits the launch of smaller EC2 instances.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:ListStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"CloudWatch:List*",
"CloudWatch:Get*",
"CloudWatch:Describe*",
"iam:List*",
"iam:Get*",
"iam:Describe*",
"ec2:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t2.micro",
"t2.small"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"NumericGreaterThan": {
"ec2:VolumeSize": "13"
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:StartInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceType": [
"t2.micro",
"t2.small"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Sid": "OnlyAllowTheseInstances"
},
{
"Action": [
"ec2:*Spot*"
],
"Effect": "Deny",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVolume"
],
"Condition": {
"NumericGreaterThan": {
"ec2:VolumeSize": "13"
}
},
"Effect": "Deny",
"Resource": "*",
"Sid": "LimitVolumeSize"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"StringNotEqualsIgnoreCase": {
"ec2:Owner": "amazon"
}
},
"Effect": "Deny",
"Resource": [
"arn:aws:ec2:*:*:image/*"
]
}
]
}<br>CREATING LAB INSTRUCTIONS (README.html)
18. From the file browser, navigate to the "asnlib/public/docs" directory, then click "New" > "File" -
19. Name your file "README.html", then create your instructions in the File Editor. You may copy-paste the following simple instructions as a starting point -
<h1>Sandbox Environment</h1>
<h3>Lab Overview</h3>
<p>This is a sandbox for ad-hoc exploration of AWS services.</p>
<ul>
<li>Click "Start Lab" to start/restart the session timer and launch lab CloudFormation script (if any).</li>
<li>Click "AWS" to launch the AWS Console in a new browser tab.</li>
<li>Click "End Lab" to end your session.</li>
</ul>
<p>NOTE: All resources are automatically cleaned up after your session is over.</p><br>
20. Click "Update" to commit all your changes, then the Assignment name to return to the Assignment Settings -
