Abstract

Version 7.6.1810

August 28, 2019

Introduction

This guide depicts the configuration of the CentOS 7.x AMI by Faro Source, available through the AWS Marketplace. All changes described were made to establish a functioning AMI that complies with AWS rules for AWS Marketplace. The following sections will describe in detail all of the changes that were made.

Operating System Defaults

The following sections outline the baseline operating system configurations included with this distribution.

Users / Passwords

The default user account included with this AMI is ec2-user, the required default for an AMI. As required, this account does not contain a password, has been granted sudo privileges, and has been authorized for SSH login. To make changes to this user account, please refer to Managing User Accounts on Your Linux Instance and EC2 Password Login articles on AWS.

SSH Configuration

To SSH into the instance, an SSH key is required for the specified user ( in this case, ec2-user). The SSH key will be pre-populated by AWS during instance creation. For more information on how to define an AWS security group for managing access, refer to the article AWS: Amazon EC2 Security Groups for Linux Instances.

A password isn’t required for SSH access. For information on how to change this, see Linux: sshd_config – Linux main page.

Filesystem Configuration

The system was built on the GPT file partitioning format with 1Mb boot partition. Upon deployment, the file system will auto-scale the partitioning to match the allocated storage space. This is accomplished using cloud-init , growpart, and gfdisk.

Information on how to make changes to these sub-systems can be found in cloud-init and growpart documentation.

SELinux

SELinux is enabled by default. The SELinux Policy article, depicts the list of policies that have been enabled or disabled. To check the status of your system, refer to the usage of the sestatus -b.

Enabled Services

The Enabled Services article, depicts the list of services that have been enabled. To check the status of your system, refer to the usage of the systemctl list-unit-files --type=service.

Firewall Configuration

AWS manages network access through the usage of security groups. As such, the firewalld service is disabled by default. For details, see AWS: Amazon EC2 Security Groups for Linux Instances.

Ready to switch to CentOS?