Stockholm, Seoul, Tokyo

Amazon EC2 Quickstart

Posted Tue, 2009/12/15 - 6:36pm by alex

EC2 Preparation

First you need to sign up for Amazon's EC2 service and download your X.509 certificate and private key. The certificate and private key files are named as cert-<GUID>.pem and pk-<GUID>.pem

Create a directory to hold your EC2 access credentials.

$ mkdir ~/.ec2
$ mv ~/Downloads/*.pem ~/.ec2

Next download the EC2 API command line tools, add it to your PATH and create a few environment variables.

$ cd ~/bin
$ unzip ~/Downloads/ec2-api-tools.zip
$ ln -s /ec2-api-tools-1.3-46266 ec2
$ export $EC2_HOME=~/bin/ec2
$ export PATH=$EC2_HOME/bin:$PATH
$ export EC2_PRIVATE_KEY=~/.ec2/pk-<guid>.pem 
$ export EC2_CERT=~/.ec2/cert-<guid>.pem
$ # JAVA_HOME is needed for ec2 tools to work
$ export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home

Let's list some publicly available Amazone Machine Images (AMI) to verify that the tools are working properly.

$ ec2-describe-images -o amazon
...
IMAGE	ami-a21affcb	ec2-public-images/fedora-core-6-x86_64-base-v1.06.manifest.xml	amazon	available	public		x86_64	machine	aki-a53adfcc	ari-a23adfcb		instance-store
IMAGE	ami-2d5fba44	ec2-public-images/fedora-core-6-x86_64-base-v1.07.manifest.xml	amazon	available	public		x86_64	machine	aki-a53adfcc	ari-a23adfcb		instance-store
IMAGE	ami-225fba4b	ec2-public-images/fedora-core4-apache-mysql-v1.07.manifest.xml	amazon	available	public		i386	machine				instance-store
IMAGE	ami-25b6534c	ec2-public-images/fedora-core4-apache-mysql.manifest.xml	amazon	available	public		i386	machine				instance-store
...

Launch an AMI instance

In order to access an AMI instance via SSH we need to create a EC2 key pair. This can easily be done using the web based AWS management console or following the steps below.

$ ec2-add-keypair alex-keypair
KEYPAIR alex-keypair    4f:37:70:ae:b7:8e:08:ad:38:f8:da:43:6e:89:83:23:73:94:24:03
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5D9wiCUJKSl12mRwPiDx3L3DOYt5zTspExM3UMdPbw0s4yGtQpKEZYYbUStp
VIA4N+8de0uj2e5ypU29oi2y1BYjjuWvN8x7yJLHL/ELSAWQQP2JbNzz1+jtf25mqboGsnEZjw8I
IMy2pV6ieEtN0VweL2j9jXVcWysIrVT6VLFNixXom5yN9HQ0uuWPF6bQ+yQKS3lPHh15BObm5L4k
xZSDvr3wZ890FDmWOKBQKH4nYuulg34q3exSpY6FdBe0AF6HtfQ/fJA4YHQOBi3c7GiFOEJw6Yeg
...

The public key will be stored by EC2 while the private key is displayed on the console. Paste the output for save keeping to a file like ~/.ec2/pk-alex-keypair, you need to pass the key when logging in with SSH.

So now we are ready to launch an AMI image with our newly created key and authorize access to port 22 for SSH access. 

$ # launch an AMI instance
$ ec2-run-instances ami-225fba4b -k alex-keypair
RESERVATION     r-cbca7ea3      242055002701    default
INSTANCE        i-bb155fd3      ami-225fba4b                    pending alex-keypair    0               m1.small       2009-12-15T10:23:32+0000 us-east-1b                              monitoring-disabled                                    instance-store
$ # list AMI instances
$ ec2-describe-instances
RESERVATION     r-cbca7ea3      242055002701    default
INSTANCE        i-bb155fd3      ami-225fba4b    ec2-174-129-50-139.compute-1.amazonaws.com      domU-12-31-39-00-A0-61.compute-1.internal       running alex-keypair    0               m1.small        2009-12-15T10:23:32+0000        us-east-1b                              monitoring-disabled     174.129.50.139  10.254.167.143                  instance-store

Authorize access on port 22 from any source and logon using SSH.

$ ec2-authorize default -p 22
GROUP           default 
PERMISSION              default ALLOWS  tcp     22      22      FROM    CIDR    0.0.0.0/0
$ ssh -i ~/.ec2/pk-alex-keypair root@ec2-174-129-50-139.compute-1.amazonaws.com
Last login: Tue Dec 15 05:42:13 2009 from 118.8.53.1

         __|  __|_  )  Rev: 2
         _|  (     / 
        ___|\___|___|

 Welcome to an EC2 Public Image
                       :-)

    Apache2+MySQL4


    __ c __ /etc/ec2/release-notes.txt

[root@domU-12-31-39-00-A0-61 ~]#

Terminate your AMI instance using the instance name. It might take some time so verify that the instance has actually been shutdown by doing ec2-describe-instances again.

$ ec2-terminate-instances i-bb155fd3
INSTANCE        i-bb155fd3      running shutting-down

Allocate and associate a static/elastic IP address

A public EC2 IP address is mapped to an AMI instance at launch and is not usuable after an instance termination (only reboots). This is where an EC2 elastic/static IP address can be used instead since the IP is associated with the EC2 account rather than an instance. So when an instance terminates/fails you can then remap the elastic IP to another running(standby) instance.

$ ec2-allocate-address
ADDRESS 174.129.251.39
$ ec2-associate-address -i i-bb155fd3 174.129.251.39
ADDRESS 174.129.251.39  i-bb155fd3
$ ec2-describe-addresses 
ADDRESS 174.129.251.39  i-ebb155fd3
$ ssh -i ~/.ec2/pk-alex-keypair root@174.129.251.39Last login: Tue Dec 15 06:29:30 2009 from 118.8.53.1

         __|  __|_  )  Rev: 2
         _|  (     /         ___|\___|___|

 Welcome to an EC2 Public Image
                       :-)

    Apache2+MySQL4


    __ c __ /etc/ec2/release-notes.txt

[root@domU-12-31-39-09-18-84 ~]#

Disassociate and release a static/elastic IP address

Terminating an instance will automatically disassoicate the IP with the instance.

$ ec2-describe-addresses 
ADDRESS 174.129.251.39  i-e1246e89
$ ec2-disassociate-address 174.129.251.39
ADDRESS 174.129.251.39  
$ ec2-describe-addresses
ADDRESS 174.129.251.39  
$ ec2-release-address 174.129.251.39
ADDRESS 174.129.251.39

If you prefer a nice GUI then AWS management console or the Elasticfox plugin for Firefox are very nice to use!

Next step is to create your own AMI image.