Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 2202 views
  • Users 0 members are here
Options
Suggested

New Amazon EC2 features

da_merlin
Hi guys,

version 9.1 has a few additional amazon gimmicks:

Start UTM instance and restore backup from URL:

ec2-run-instances --region eu-west-1 -t m1.small -d "{ backup_file => 'http://example/backup_clean.abf' }" ami-8abfb0fe



Start UTM instance and restore encrypted backup from URL with given secret:

ec2-run-instances --region eu-west-1 -t m1.small -d "{ backup_file => 'http://example/backup_encrypted.ebf', backup_password => 'secret' }" ami-8abfb0fe



Start UTM instance, apply basic setup, install ssh_eu SSH keys and install beta license file:

ec2-run-instances --region eu-west-1 -t m1.small -k ssh_eu -d "{ hostname => 'ec2-demo.local', organization => 'Astaro', city => 'Karlsruhe', country => 'de', email => 'ulrich.weber@sophos.com', password => 'geheim', license => 'http://people.astaro.com/uweber/UTM91_Beta_Software_Virtual_Cloud.txt' }" ami-8abfb0fe




Note: You can also paste the user data (everything between the quotes after -d) in the Amazon EC2 start wizard.

See https://community.sophos.com/products/unified-threat-management/astaroorg/f/80/t/64785 for the AMI IDs.

Cheers
 Ulrich
Parents Reply Children
  • 0 in reply to AngeloC
    Actually, you do restrict interface configuration in AWS -- I think you misunderstood my statement.  The eth0 interface, in the current AMI, is restricted (see Ulrich's comments above my post) so that you cannot rename the interface or add additional IPs to it, without going into the shell and manually removing the locks -- this causes confusion for newer (and in my case more experienced) AWS users.  I think that maybe you should change this "safety" mechanism so the eth0's primary IP can't be changed from DHCP to anything else, but we should be able to rename and add addition IPs without stepping into the shell.

    To be clear, AFTER one disables the "locks" from the shell, what you said is true, there are no restrictions.  I was just asking to make this process more transparent or unnecessary.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?