Handy References

« | Main | »

Setting up Amazon EC2 Virtual Machine

By mkivela | April 4, 2008

Yes, I know the formatting is screwed to heck and back again…and I don’t really care to dicker with CSS at the moment to fix it. The information is here :)

Amazon has some really nifty utility type computing services. One of these is EC2 — Elastic Computing Cloud.

Here’s how I took a Public AMI and made a private, customized AMI from it. I configured both a Linux box as well as my Windows laptop to access EC2 — Linux by command line, Windows by the EC2 UI Firefox plug in. AMI is an Amazon Machine Instance, their name for a Virtual Machine.

1) References that helped me:

Amazon Getting Started:

2) You’ll need to setup an Amazon S3 and EC2 account. The Amazon Getting Started Docs are pretty helpful here and really quite painless to setup the accounts. You’re only charged for actual usage — my credit card has gotten billed 15 cents some months.Steps 3, 4, and 5 are documented here just for my reference. We will, however, primarily use the GUI.

3) Linux — Prerequisites:In my case, I installed JRE 1.6, which installed by default in /usr/java/jre1.6.0_05.

4) Linux — Configure .bash_profileThis is way the settings needed by the Amazon tools are persistent:

export PATH
export EC2_HOME=/usr/sbin/ec2-api-tools/
export EC2_PRIVATE_KEY=~/.ec2/pk-(snip).pem
export EC2_CERT=~/.ec2/cert-(snip).pem
export JAVA_HOME=/usr/java/jre1.6.0_05

5) Linux — Install the Amazon Tools, per the Getting Started Guide.

6) Windows — Configure EC2 UI.

7) Ok, let’s fire up EC2 UI:

8) Choose the Security Group tab, and click the refresh button to show the groups.Click the + button to add a new group. Let’s call it “Web Services”Security Groups are a firewall system — conservative practice is to launch a VM within a Security Group with limited rights/

9) Right click Web Services and choose “Grant new permission…”This will open a dialog. Here I’m adding Port 443 to those allowed.Security Groups help reduce the load on your virtual server by allowing the Security Group to reject unwanted traffic, before it hits the iptables or other firewall running on the virtual machine.

10) Go to KeyPairs and click the green key button to create a keypair — here I called it mkivela_amazonaws

11) Now let’s find a trusted public AMI image to copy. I’ve used the level22 ones before, so let’s chose a 32 bit Ubuntu Gutsy one:

12) Right click to launch it:We’ll launch this as a m1.small instance.Choose the mkivela_amazonaws keypair.Make sure “web servers” is in the Launch In security group — otherwise we won’t be able to access via ssh.

13) While it’s firing up, let’s configure Putty to access it. Images, properly done, are initially accessible only via SSH and Keys.Fire up PuttyGen and choose “Conversions” then “Import Key”Choose the key you configured earlier:

Save it as Putty Private Key (ppk)

14) Ok, returning to EC2 and doing a refresh under “Your Instances” we see it is running.Right click on it and copy the Public DNS to clipboard:

15) Open up Putty and set it to connect — paste in the Public DNS address, and set the Private Key:

16) Click “Open” in Putty to connect to the image. Log in as root.

17) Let’s set a password for root, create a user (mkivela), and give mkivela sudoer rights:Exit, and SSH back in using your non-root account.

18) Use your favorite SCP client to copy over your cert*.pem and pk*.pem files for Amazon AWS. In my example, they went to /home/mkivela/.ec2/

19) Now let’s bundle this puppy, for a i386 platform.-u is fed your Amazon account number without hyphens. You can get this from the page by signing in and going to “Account Activity”.First command will create the image in your home directory, second command will upload it to Amazon:

sudo ec2-bundle-vol -d ./image -k ~/.ec2/pk-(blahblahblah).pem -c ~/.ec2/cert-(blahblahblah).pem -u (blah) -r i386
ec2-upload-bundle -b <your-s3-bucket> -m ./image/image.manifest.xml -a <aws-access-key-id> -s <aws-secret-access-key>

20) Ok, now from EC2 UI, shutdown the Public AMI.

21) Register your new Private AMI. In this example, srv-mrk1 is the s3 bucket I uploaded the image to.

22) Now right click and Launch it. Use the settings like we did above for the public AMI.Once it is running, you’ll be able to SSH to it.

23) And you’re ready to run updates and install and configure software like you would like it.

24) You should also look at configuring an “Elastic IP” for boxes used frequently — that gives you a Static IP address you can assign as you wish to AMIs within certain rules. Otherwise you’re stuck with a dynamic IP only that changes on each boot.

Topics: Uncategorized | No Comments »


You must be logged in to post a comment.