Starting with an Existing AMI

To quickly and easily get a new working AMI, start with an existing public AMI or one of your own. You can then modify it and create a new AMI with the ec2-bundle-vol utility described in Bundling an AMI.

Note

Before selecting an AMI, determine whether the instance types you plan to launch are 32-bit or 64-bit. For more information, see Instance Types

Make sure you are using GNU Tar 1.15 or later.

To use an existing AMI to create a new AMI, complete the following tasks:

Using an Existing AMI

1	Select an AMI
2	Generate a Key Pair
3	Launch the Instance
4	Authorize Network Access
5	Connect to the Instance
6	Upload the Key and Certificate

Select an AMI

First, locate an AMI that contains the packages and services you require. This can be one of your own AMIs or a public AMIs provided by Amazon EC2.

To select an AMI

Get a list of available AMIs by entering the ec2-describe-images command:
```
PROMPT>  ec2-describe-images -a 
```
The response includes the image ID, the location of the file in Amazon S3, and whether the file is available.
Choose an AMI from the list and write down its AMI ID.

Example

PROMPT>  ec2-describe-images -o self -o amazon 
IMAGE ami-60a54009 ec2-public-images/base-fc4-apache.manifest.xml 475219833042 available public
IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml 495219933132 available private
IMAGE ami-2bb65342 ec2-public-images/getting-started.manifest.xml 475219833042 available public
IMAGE ami-6ea54007 ec2-public-images/base-fc3-mysql.manifest.xml 475219833042 available public

Generate a Key Pair

This step is only required if you selected one of the public AMIs provided by Amazon EC2. You must create a public/private key pair to ensure that only you have access to instances that you launch.

After you generate a key pair, the public key is stored in Amazon EC2 using the key pair name you selected. Whenever you launch an instance using the key pair name, the public key is copied to the instance metadata. This allows you to access the instance securely using your private key.

To create a public/private key pair

Enter the following command:
```
PROMPT>  ec2-add-keypair <keypair-name>
```
The <keypair-name> is the name you select for the key pair.
The resulting private key is displayed.
Open a text editor.
Paste the entire private key, starting with the line "-----BEGIN RSA PRIVATE KEY-----" and ending with the line "-----END RSA PRIVATE KEY-----".
Save the file and exit.
Note
This file should only be readable by the file owner.

Example

PROMPT>  ec2-add-keypair gsg-keypair
KEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f 
-----BEGIN RSA PRIVATE KEY-----

MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp

HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg

5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/

ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5

i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5

91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM

ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7

3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA

SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI

tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1

jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco

xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC

iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm

rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB

gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC

DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V

rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm

gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4

JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT

P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe

2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==

-----END RSA PRIVATE KEY-----

Launch the Instance

You are now ready to launch an instance of the AMI that you previously selected.

To launch an instance

Start the launch by entering the following command:
```
PROMPT>  ec2-run-instances <ami_id> -k <keypair-name> 
```
The <ami_id> is the AMI ID you selected earlier and <keypair-name> is the name of the key pair. The command will return the AMI instance ID, a unique identifier for each launched instance. You use the instance ID to manipulate the instance. This includes viewing the status of the instance, terminating the instance, and so on.
Launching the instance will take a few minutes.
View the progress of the instance by entering the following command:
```
PROMPT>  ec2-describe-instances <instance_id> 
```
The <instance_id> is the ID of the instance.
When the status field displays "running," the instance was created and is booting. However, the instance might not be immediately accessible over the network. Make sure to use the appropriate DNS name provided by the ec2-describe-instances command.

	Important
	Once you launch an instance, you will be billed for all usage, including hourly CPU time. Make sure to terminate any instances that you do not want to leave running. For information on Amazon EC2 pricing, go to the Amazon EC2 home page.

Example

The following example launches an instance of ami-2bb65342.

PROMPT> ec2-run-instances ami-2bb65342 -k gsg-keypair
RESERVATION     r-302dc059      416161254515    default
INSTANCE        i-eb977f82      ami-2bb65342                    pending gsg-keypair     0    m1.small   2007-10-16T07:56:20+0000    us-east-1a

The following shows the status of the launch:

PROMPT>  ec2-describe-instances i-eb977f82 
RESERVATION     r-302dc059      416161254515    default
INSTANCE        i-eb977f82      ami-2bb65342    ec2-72-44-40-222.compute-1.amazonaws.com    10-251-50-83.ec2.internal   running gsg-keypair     0     m1.small    2007-10-16T07:56:20+0000    us-east-1a

Authorize Network Access

To reach a running instance from the Internet, you must enable access for the SSH service on port 22.

To enable SSH service on port 22

Enter the following command:

PROMPT>  ec2-authorize default -p 22
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   0.0.0.0/0

Connect to the Instance

After starting an instance, you can log in and modify it according to your requirements.

To connect to an instance

If you are launching an AMI that supports SSH login (e.g., public AMIs), use the following command to log in with your private key:
```
PROMPT>  ssh -i <private-keyfile> root@<dns_location> 
```
The <private-keyfile> is the file that contains the private key and dns_location is the DNS location of the instance within Amazon EC2. Your instance displays a prompt that contains your username and the hostname of the instance.

You now have complete control over the instance. You can add, remove, modify, or upgrade packages and files to suit your needs.

	Important
	We recommend exercising extreme care when changing some of the basic Amazon EC2 configuration settings, such as the network interface configuration and the `/etc/fstab` contents. Otherwise, the AMI might become unbootable or inaccessible from the network once running.

Example

The following example shows logging in to an AMI using SSH.

PROMPT>  ssh -i id_rsa-gsg-keypair 
root@ec2-67-202-51-223.compute-1.amazonaws.com 
root@ec2-67-202-51-223 #

Upload the Key and Certificate

Your new AMI is encrypted and signed to ensure that only you and Amazon EC2 can access it. Therefore, you must upload your Amazon EC2 private key and X.509 certificate to the running instance, for use in the AMI bundling process.

	Note
	For information on obtaining your Amazon EC2 private key and X.509 certificate, refer to the Amazon Elastic Compute Cloud Getting Started Guide.

To upload your Amazon EC2 private key and X.509 certificate

Copy your Amazon EC2 private key and X.509 certificate to the /mnt directory.
Enter the following command:
```
PROMPT> scp <private_keyfile> <certificate_file> root@<dns_location>:/mnt
```
The <private_keyfile> is the file that contains the private key, certificate_file is the file that contains the certificate, and dns_location is the DNS location of the instance within Amazon EC2.
Amazon EC2 returns the name of the files and some performance statistics.
Note
It is important that the key and cert files are uploaded into /mnt to prevent them from being bundled with the new AMI.

You are ready to bundle the volume and uploading the resulting AMI to Amazon S3. For more information, see Bundling an AMI.

Example

PROMPT> scp pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 
root@ec2-67-202-51-223.compute-1.amazonaws.com:/mnt 
-i id_rsa-gsg-keypair 
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem  100%  717     0.7KB/s   00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem  
100%  685     0.7KB/s   00:00

	Note
	It is important that the key and cert files are uploaded into /mnt to prevent them from being bundled with the new AMI.

	Note
	This file should only be readable by the file owner.