🔗 Supported Cloud Objects🔗 Portal🔗 REST API🔗 tuono.com

5.1 - Compute Guide

Add to the Environment

  • Click back to the Environment tab

  • Click theicon and add the Module_105_Compute Blueprint to the existing Environment

Set your Variables

  • Click on the Value field for each Variable that was added when you added the Compute Blueprint and set the values.

You can leave the default values, but if you would like to be able to SSH to the machine, you should use the values the SSH Keys that you generated in advance.

Apply the Environment

  • Click Apply

  • Click the Job in the Jobs pane at the bottom of the page

  • Review the progress

Testing

  • Select the Details pane of the Job and acquire the public_ip of the VM from the Summary.

  • The inventory pane should display your public IP. Take a note of this and paste it in to your browser

Success!

  • Now from a command prompt ping the IP address to verify ICMP

Making a Change

Now, what if you wanted to disable ICMP? Surely you would need to tear everything down and redeploy. Not so, this can be done on-the-fly.

  • From the Environment screen, click on the Module 103 Security Blueprint and click edit

  • Go ahead and edit the Blueprint so that it now looks like this by commenting out the firewall ping protocols section.

#
# This is an example blueprint that demonstrates securing a subnet 
# and the groundwork for security groups and NACLs
#
---
networking:
# Module 3 Protocols
  protocol:
    web-server:
      ports:
        - port: 22
          proto: tcp
        - port: 80
          proto: tcp
    ping:
      ports:
        - proto: icmp

# Module 3 adds a Firewall using a protocol
  firewall:
    fw-external-access:
      rules:
        - protocols: web-server
          to: self
        #- protocols: ping
        #  to: self

Notice the way that the core ports are group together under web-server and a stand-alone ping stanza. These protocols are both attached to the firewall. This practice makes a distinction between required application ports and ancillary functionality and makes it easy for us to understand intent. The same configuration could be implemented like this, but this has the effect of obscuring intent:

      ports:
        - port: 22
          proto: tcp
        - port: 80
          proto: tcp
        - proto: icmp

  • Now hit Apply

  • Once complete, try to ping the deployed VM, using the Public IP from an earlier step

AWS Console Login

Instances

Image Type

Modified NACL

Previous105 - ComputeNext5.2 - Compute Blueprint

Last updated

Was this helpful?