Notes on using EC2 command line tools
Create AWS accounts
- Create an AWS account at http://aws.amazon.com/.
- Create an AWS EC2 account at http://aws.amazon.com/ec2/. (You will need to enter a credit card number.)
Create a X.509 Certificate
Note: A X.509 Certificate is one type of Access Identifier. Access Identifiers are used to "identify yourself as the sender of a request to an AWS web service". There are two types of access identifiers: AWS Access Key Identifiers and X.509 Certificates. AWS Access Key Identifiers are supported by all Amazon Web Services and X.509 Certificates are supported only by Amazon's EC2 and SQS services (see here for the chart). However, for some reason, the popular Java command line tools for EC2 only support X.509 Certificates (and not AWS Access Key Identifiers).
- From Your Account page, select Access Identifiers.
- In the "X.509 Certificate" section, click "Create New".
- Download both the "Private Key" file and the "X.509 Certificate" file to the directory,
~/.ec2. (The private key file will be named something like pk-XXXXXXXXXXXXXXXXXXXXXX.pem and the X.509 Certificate file will be named something like cert-XXXXXXXXXXXXXXXXXXXXXX.pem.)
Install Java
The command line tools require Java version 5 or later. Only the JRE is required.
$ sudo apt-get install sun-java6-jre
Download Java Command-line Tools
- Go to the Amazon EC2 Command-Line Tools library page, and Download the Amazon EC2 Command-Line Tools.
- Unzip the tools to
~/lib$ unzip ec2-api-tools.zip mv ec2-api-tools-1.3-24159 ~/lib
Define environment variables
- Add the following lines to your
~/.bashrc(or wherever you set your environment variables).export EC2_HOME=$HOME/lib/ec2-api-tools-1.3-24159 export JAVA_HOME=/usr export EC2_PRIVATE_KEY=$HOME/.ec2/pk-XXXXXXXXXXXXXXXXXXXX.pem export EC2_CERT=$HOME/.ec2/cert-XXXXXXXXXXXXXXXXXXXX.pem export PATH=$PATH:$EC2_HOME/bin
- Source your
.bashrcor whichever file you used$ source ~/.bashrc
Test the command-line tools
- Run the
ec2-describe-imagescommand to verify everything is working. It should list all the Ubuntu 8.xx images from Alestic.$ ec2-describe-images -a | grep alestic/ubuntu-8
Results:IMAGE ami-3a7c9953 alestic/ubuntu-8.04-hardy-base-20080419.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-75789d1c alestic/ubuntu-8.04-hardy-base-20080424.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-ce44a1a7 alestic/ubuntu-8.04-hardy-base-20080430.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-2048ad49 alestic/ubuntu-8.04-hardy-base-20080514.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-6a57b203 alestic/ubuntu-8.04-hardy-base-20080517.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-26bc584f alestic/ubuntu-8.04-hardy-base-20080628.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-179e7a7e alestic/ubuntu-8.04-hardy-base-20080803.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-c0fa1ea9 alestic/ubuntu-8.04-hardy-base-20080905.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-38d43051 alestic/ubuntu-8.04-hardy-base-20080922.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-1cd73375 alestic/ubuntu-8.04-hardy-base-20080924.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-337c995a alestic/ubuntu-8.04-hardy-desktop-20080419.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-4f789d26 alestic/ubuntu-8.04-hardy-desktop-20080424.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-f744a19e alestic/ubuntu-8.04-hardy-desktop-20080430.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-1f4bae76 alestic/ubuntu-8.04-hardy-desktop-20080514.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-0e57b267 alestic/ubuntu-8.04-hardy-desktop-20080517.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-b5bc58dc alestic/ubuntu-8.04-hardy-desktop-20080628.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-f39e7a9a alestic/ubuntu-8.04-hardy-desktop-20080803.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-44c4202d alestic/ubuntu-8.04-hardy-desktop-20080905.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-f7d4309e alestic/ubuntu-8.04-hardy-desktop-20080922.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-88d733e1 alestic/ubuntu-8.04-hardy-desktop-20080924.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-bcbe5ad5 alestic/ubuntu-8.04-hardy-rightscale-20080701.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-27b95d4e alestic/ubuntu-8.04-hardy-rightscale-20080703.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-b1ea0ed8 alestic/ubuntu-8.04-hardy-rightscale-20080824.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-47c4202e alestic/ubuntu-8.04-hardy-rightscale-20080905.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-f4d4309d alestic/ubuntu-8.04-hardy-rightscale-20080922.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-89d733e0 alestic/ubuntu-8.04-hardy-rightscale-20080924.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-dcbc58b5 alestic/ubuntu-8.10-intrepid-base-20080628.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-db9e7ab2 alestic/ubuntu-8.10-intrepid-base-20080804.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-9de105f4 alestic/ubuntu-8.10-intrepid-base-20080814.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-c3fa1eaa alestic/ubuntu-8.10-intrepid-base-20080905.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-3bd43052 alestic/ubuntu-8.10-intrepid-base-20080922.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-1ad73373 alestic/ubuntu-8.10-intrepid-base-20080924.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-b6bc58df alestic/ubuntu-8.10-intrepid-desktop-20080628.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-d69e7abf alestic/ubuntu-8.10-intrepid-desktop-20080804.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-d4e206bd alestic/ubuntu-8.10-intrepid-desktop-20080815.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-7dc22614 alestic/ubuntu-8.10-intrepid-desktop-20080908.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-f5d4309c alestic/ubuntu-8.10-intrepid-desktop-20080922.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc IMAGE ami-b6d733df alestic/ubuntu-8.10-intrepid-desktop-20080924.manifest.xml 063491364108 available public i386 machine aki-a71cf9ce ari-a51cf9cc
Generate a keypair
In the second step, I generated a keypair as my X.509 Certificate. That was used to identifiy myself to Amazon Web Services. Now I need to create another keypair which is used to log into a running EC2 instance. (Note, there is exactly one X.509 Certificate per user (i.e. AWS account), but a user can have many keypairs used for logging into various EC2 instances.) See also the Generating a keypair section in the Getting Started Guide.
- Generate the keypair. I named the keypair,
disco-keypairbecause I will use this keypair with EC2 instances used to try out Disco.$ ec2-add-keypair disco-keypair > ~/.ec2/id_rsa-disco-keypair - Set the permissions on the private key
chmod 600 ~/.ec2/id_rsa-disco-keypair
Run an EC2 instance
- Select an image to run. I used the
alestic/ubuntu-8.04-hardy-base-20080924image with image IDami-1cd73375. - Run the instance
$ ec2-run-instances -k disco-keypair ami-1cd73375
It should return something like:RESERVATION r-568f5d3f 719606167433 default INSTANCE i-339f3c5a ami-1cd73375 pending disco-keypair 0 m1.small 2008-09-28T00:50:35+0000 us-east-1c aki-a71cf9ce ari-a51cf9cc
- Check the status of the running instance:
$ ec2-describe-instances
After a short period of time, it should return something like:RESERVATION r-568f5d3f 719606167433 default INSTANCE i-339f3c5a ami-1cd73375 ec2-75-101-200-13.compute-1.amazonaws.com ip-10-251-30-10.ec2.internal running disco-keypair 0 m1.small 2008-09-28T00:50:35+0000us-east-1c aki-a71cf9ce ari-a51cf9cc
Note the addressec2-75-101-200-13.compute-1.amazonaws.com. This is the external address used to connect to the instance. Also note the instance IDi-339f3c5a. This is needed to terminate the instance. - Authorize access to the instance through ports 22 (ssh) and 80 (http)
$ ec2-authorize default -p 22 GROUP default PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0$ ec2-authorize default -p 80 GROUP default PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
SSH into instance
- Use the address from the previous step to SSH into your instance:
$ ssh -i ~/.ec2/id_rsa-disco-keypair -l root ec2-75-101-200-13.compute-1.amazonaws.com
Terminate the instance
$ ec2-terminate-instance i-339f3c5a
which returns:INSTANCE i-339f3c5a running shutting-down
- Running
ec2-describe-instancesshows that the instance is terminated.$ ec2-describe-instances RESERVATION r-568f5d3f 719606167433 default INSTANCE i-339f3c5a ami-1cd73375 terminated disco-keypair 0 m1.small 2008-09-28T00:50:35+0000 aki-a71cf9ce ari-a51cf9cc
