Prev		Next

Running an Instance

Before We Begin

Here's a quick checklist to run through before we start an instance. These are all things that have been covered in this guide up to this point, so if you've missed anything now's a good time to go back and correct it.

Ensure you have a version 1.5.0 compatible Java Runtime installation, and that the JAVA_HOME environment variable has been correctly set. If not, revisit the section called “The Java Runtime Environment”.
Ensure you have an active Amazon Web Services Account, and that you've signed up for both Amazon S3 and Amazon EC2. If not, revisit Chapter 3, Setting up an Account.
Ensure that you have created a directory called .ec2 in your home directory, that it contains your X.509 certificate and private key, and that they're named correctly. If not, revisit the section called “Signing up for Amazon EC2”.
Ensure that the EC2_HOME environment variable has been correctly set. If not, revisit the section called “Telling the Tools Where They Live”.
Ensure that the EC2_CERT and EC2_PRIVATE_KEY environment variables have been correctly set. If not, revisit the section called “Telling the Tools Who You Are”.

Once these are correct, you are ready to launch your first instance.

Finding a Suitable AMI

The first step in running an instance is finding a suitable AMI to run.

PROMPT> ec2-describe-images -o self -o amazon
IMAGE ami-5bae4b32 ec2-public-images/getting-started.manifest.xml amazon available public
IMAGE ami-68ae4b01 ec2-public-images/fedora-core4-base.manifest.xml amazon available public
IMAGE ami-69ae4b00 ec2-public-images/fedora-core4-apache-mysql.manifest.xml amazon available public
IMAGE ami-6dae4b04 ec2-public-images/fedora-core4-apache.manifest.xml amazon available public
IMAGE ami-6fae4b06 ec2-public-images/fedora-core4-mysql.manifest.xml amazon available public
IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml 495219933132 available private

This command will list your AMIs and Amazon's public AMIs. The output you'll see might not exactly match that shown above. Look for the line containing the public image identified by the ec2-public-images/getting-started.manifest.xml value in the third column and note the corresponding value in the second column (in this example, ami-5bae4b32). This is the AMI ID you need.

Generating a Keypair

You will be running an instance of a public AMI. Since it has no password you will need a public/private keypair to login to the instance. One half of this keypair will be embedded into your instance, allowing you to login securely without a password using the other half of the keypair. Once you learn to create your own images, you can choose other mechanisms to allow you to securely login to your new instances. Every keypair you generate requires a name. Be sure to choose a name that is easy to remember, perhaps one that describes the image's content. For our example we'll use the name gsg-keypair.

PROMPT>  ec2-add-keypair gsg-keypair 
KEYPAIR gsg-keypair  1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f 
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----

The private key returned needs to be saved in a local file so that you can use it later. Using your favorite text editor, create a file named id_rsa-gsg-keypair and paste everything between (and including) the "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" lines into it. Confirm that the file contents looks exactly like this, then save the file. You can save the file in any directory you wish, but if you do not put it in your current directory, you should specify the full path when using the ssh command below.

If you're using OpenSSH (or any reasonably paranoid SSH client) then you'll probably need to set the permissions of this file so that it's only readable by you. On Linux/Unix the following will accomplish this:

$  chmod 600 id_rsa-gsg-keypair ; ls -l id_rsa-gsg-keypair  
-rw-------  1 fred flintstones 1701 Jun 19 17:57 id_rsa-gsg-keypair

Note:

If you are using PuTTY in Windows you will need to convert the private key to PuTTY's format. See Chapter 8, Appendix: PuTTY for more information on using PuTTy with Amazon EC2.

Running an Instance

Now that you have an AMI ID, you can launch an instance of it

PROMPT>  ec2-run-instances ami-5bae4b32 -k gsg-keypair
INSTANCE        i-10a64379   ami-5bae4b32     pending   gsg-keypair  0

The instance ID in the second field of the output is a unique identifier for the instance and will be used later to manipulate this instance (including terminating it when you are finished).

Important:

Once you launch an instance, you will be billed per hour for running time. If you leave this tutorial at any time, make sure you terminate any instances you have started as described in the section called “Terminating Your Instances”.

It will take a few minutes for the instance to launch. To check on its status, do the following:

PROMPT>  ec2-describe-instances i-10a64379 
RESERVATION     r-fea54097  495219933132   
INSTANCE        i-10a64379  ami-5bae4b32   domU-12-34-31-00-00-05.usma1.compute.amazonaws.com      running   gsg-keypair  0

When the instance state in the field just before the keypair name reads "running" the instance has started booting. There may still be a short time before it is accessible over the network, however. Your instance's DNS name will be different to the one shown above and you should use yours instead.

Authorizing Network Access to Your Instances

Before you can reach your instance over the internet, you have to authorize traffic to it.

PROMPT>  ec2-authorize default -p 22
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   0.0.0.0/0
PROMPT>  ec2-authorize default -p 80
PERMISSION     default  ALLOWS  tcp     80      80      FROM    CIDR   0.0.0.0/0

Since we didn't specify otherwise, your instance was launched in your default group. The first command authorizes network access to instances in your default group on the standard SSH port (22). Similarly, the second command opens up the standard HTTP port (80). For more details on controlling network security groups, see the Amazon EC2 Developer Guide.

Connecting to your Instance

Now that you have authorized network access to your instance, you can connect to it. Open your favorite web browser and go to http://<hostname>/, where <hostname> is your instance's hostname as returned in ec2-describe-instances, domU-12-34-31-00-00-05.usma1.compute.amazonaws.com in the example. This will display a webpage welcoming you to your instance.

Note:

If the website times out, your instance may not have finished starting up yet. Wait for a minute or two and try again.

Now you can login as root and can exercise full control over this instance as you would any host.

PROMPT>  ssh -i id_rsa-gsg-keypair root@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com 
The authenticity of host 'domU-12-34-31-00-00-05.usma1.compute.amazonaws.com (216.182.225.42)' can't be established.
RSA key fingerprint is 9d:0a:a9:51:32:38:11:83:a8:a7:1c:9c:1c:e6:58:b0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'domU-12-34-31-00-00-05.usma1.compute.amazonaws.com' (RSA) to the list of known hosts.
Last login: Wed Jun 21 08:02:08 2006
root@my-instance #

Note:

Your machine may have a different name for the ssh command shown above or even use different command line options. Consult the documentation for your machine or download one of the clients described in the section called “SSH Clients” if you are unsure whether you have such a client installed. See Chapter 8, Appendix: PuTTY if you are using PuTTY on Windows.

Congratulations!

You've set up the tools and used them to run an instance based on a public AMI. You have learned enough to successfully use Amazon EC2 to run as many standard Linux instances as you wish. You can run instances based on any of the public AMIs by following this process.

The next section will build on this success by having you connect to the running instance and customize it to create your own image. If you wish to save this for a later date, be sure to terminate any instances you have started as described in the section called “Terminating Your Instances”.