 |  |
| | |
Here's a quick checklist to run through before we start an instance. These are all things that have been covered in this guide up to this point, so if you've missed anything now's a good time to go back and correct it.
Ensure you have a version 1.5.0 compatible Java Runtime
installation, and that the JAVA_HOME
environment variable has been correctly set. If not,
revisit the section called “The Java Runtime Environment”.
Ensure you have an active Amazon Web Services Account, and that you've signed up for both Amazon S3 and Amazon EC2. If not, revisit Chapter 3, Setting up an Account.
Ensure that you have created a directory called
.ec2 in your home directory,
that it contains your X.509 certificate and private key,
and that they're named correctly. If not, revisit the section called “Signing up for Amazon EC2”.
Ensure that the EC2_HOME environment
variable has been correctly set. If not, revisit the section called “Telling the Tools Where They Live”.
Ensure that the EC2_CERT and EC2_PRIVATE_KEY environment
variables have been correctly set. If not, revisit the section called “Telling the Tools Who You Are”.
Once these are correct, you are ready to launch your first instance.
The first step in running an instance is finding a suitable AMI to run.
PROMPT>ec2-describe-images -o self -o amazonIMAGE ami-5bae4b32 ec2-public-images/getting-started.manifest.xml amazon available public IMAGE ami-68ae4b01 ec2-public-images/fedora-core4-base.manifest.xml amazon available public IMAGE ami-69ae4b00 ec2-public-images/fedora-core4-apache-mysql.manifest.xml amazon available public IMAGE ami-6dae4b04 ec2-public-images/fedora-core4-apache.manifest.xml amazon available public IMAGE ami-6fae4b06 ec2-public-images/fedora-core4-mysql.manifest.xml amazon available public IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml 495219933132 available private
This command will list your AMIs and Amazon's public AMIs.
The output you'll see might not exactly match that shown above. Look for
the line containing the public image identified by the
ec2-public-images/getting-started.manifest.xml value in the third
column and note the corresponding value in the second column (in this example, ami-5bae4b32). This is the AMI ID you need.
You will be running an instance of a public AMI. Since it has no password
you will need a public/private keypair to login to the instance.
One half of this keypair will be embedded into your instance,
allowing you to login securely without a password using the other half
of the keypair. Once you learn to create your own images, you can
choose other mechanisms to allow you to securely login to your new
instances. Every keypair you generate requires a name. Be sure to
choose a name that is easy to remember, perhaps one that describes the
image's content. For our example we'll use the name gsg-keypair.
PROMPT>ec2-add-keypair gsg-keypairKEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f -----BEGIN RSA PRIVATE KEY----- MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg 5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/ ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5 i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5 91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7 3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1 jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4 JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe 2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g== -----END RSA PRIVATE KEY-----
The private key returned needs to be saved in a local file so
that you can use it later. Using your favorite text editor,
create a file named id_rsa-gsg-keypair and
paste everything between (and including) the
"-----BEGIN RSA PRIVATE KEY-----" and
"-----END RSA PRIVATE KEY-----" lines
into it. Confirm that the file contents looks exactly like this,
then save the file. You can save the file in any directory you wish, but if you do not put it in your current directory, you should specify the full path when using the ssh command below.
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----
If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you. On Linux/Unix the following will accomplish this:
$chmod 600id_rsa-gsg-keypair; ls -lid_rsa-gsg-keypair-rw------- 1 fred flintstones 1701 Jun 19 17:57 id_rsa-gsg-keypair
![[Note]](images/note.png) | Note |
|---|---|
| If you are using PuTTY in Windows you will need to convert the private key to PuTTY's format. See Chapter 8, Appendix: PuTTY for more information on using PuTTy with Amazon EC2. |
Now that you have an AMI ID, you can launch an instance of it
PROMPT>ec2-run-instancesami-5bae4b32-k gsg-keypairRESERVATION r-fea54097 495219933132 default INSTANCE i-10a64379 ami-5bae4b32 pending gsg-keypair 0
The instance ID in the second field of the output is a unique identifier for the instance and will be used later to manipulate this instance (including terminating it when you are finished).
![[Important]](images/important.png) | Important |
|---|---|
Once you launch an instance, you will be billed per hour for running time. If you leave this tutorial at any time, make sure you terminate any instances you have started as described in the section called “Terminating Your Instances”. |
It will take a few minutes for the instance to launch. To check on its status, do the following:
PROMPT>ec2-describe-instancesi-10a64379RESERVATION r-fea54097 495219933132 INSTANCE i-10a64379 ami-5bae4b32 ec2-72-44-33-55.z-2.compute-1.amazonaws.com domU-12-34-31-00-00-05.z-2.compute-1.internal running gsg-keypair 0
When the instance state in the field just before the keypair name reads "running" the instance has started booting. There may still be a short time before it is accessible over the network, however. The first DNS name is your instance's external DNS name, i.e. the one that can be used to contact it from the Internet. The second DNS name is your instance's local DNS name, and is only contactable by other instances within the Amazon EC2 network. Your instance's DNS names will be different to the ones shown above and you should use yours instead. In the examples in the getting started guide we use the public DNS name.
Before you can reach your instance over the internet, you have to authorize traffic to it.
PROMPT>ec2-authorize default -p 22PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0PROMPT>ec2-authorize default -p 80PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
Since we didn't specify otherwise, your instance was
launched in your default group. The
first command authorizes network access to instances in
your default group on the standard SSH port (22).
Similarly, the second command opens up the standard HTTP
port (80). For more details on controlling network security groups,
see the Amazon EC2 Developer Guide.
Now that you have authorized network access to your instance, you can
connect to it. Open your favorite web browser and go to
http://<hostname>/, where <hostname> is your
instance's public hostname as returned in ec2-describe-instances,
ec2-72-44-33-55.z-2.compute-1.amazonaws.com in the example.
This will display a webpage welcoming you to your instance.
| Note |
|---|---|
If the website times out, your instance may not have finished starting up yet. Wait for a minute or two and try again. |
Now you can login as root and can exercise full control over this instance as you would any host.
PROMPT>ssh -i id_rsa-gsg-keypair root@ec2-72-44-33-55.z-2.compute-1.amazonaws.comThe authenticity of host 'ec2-72-44-33-55.z-2.compute-1.amazonaws.com (216.182.225.42)' can't be established. RSA key fingerprint is 9d:0a:a9:51:32:38:11:83:a8:a7:1c:9c:1c:e6:58:b0. Are you sure you want to continue connecting (yes/no)?yesWarning: Permanently added 'ec2-72-44-33-55.z-2.compute-1.amazonaws.com' (RSA) to the list of known hosts. Last login: Wed Jun 21 08:02:08 2006root@my-instance #
| Note |
|---|---|
Your machine may have a different name for the ssh command shown above or even use different command line options. Consult the documentation for your machine or download one of the clients described in the section called “SSH Clients” if you are unsure whether you have such a client installed. See Chapter 8, Appendix: PuTTY if you are using PuTTY on Windows. |
You've set up the tools and used them to run an instance based on a public AMI. You have learned enough to successfully use Amazon EC2 to run as many standard Linux instances as you wish. You can run instances based on any of the public AMIs by following this process.
The next section will build on this success by having you connect to the running instance and customize it to create your own image. If you wish to save this for a later date, be sure to terminate any instances you have started as described in the section called “Terminating Your Instances”.
