Now that Amazon EC2 has been set up, it’s time to create a server instance.
Choose an AMI
Amazon offers their own AMIs in both 32- and 64-bit versions, each backed by either S3 or EBS. They don’t document what distribution they’re based on, but the package management system is YUM, which suggests Red Hat/Fedora or CentOS.
Canonical publishes AMIs of various versions of their Ubuntu distribution, also in 32- and 64-bit versions and with different backing stores. As Ubuntu is derived from Debian, it uses APT as its package management system.
AMIs from both Amazon and Canonical are preloaded with support for CloudInit.
YUM on the Amazon AMIs is configured to use an Amazon-specific package repository stored in S3; bandwidth used to access this repository doesn’t count toward your charged limit. On the other hand, the version of neither the distribution used nor the Linux kernel running is documented, whereas with the Canonical AMIs it is.
Create a new instance
Look up the identifier for the AMI you want to launch, from either
Amazon or
Canonical. Be sure to choose an appropriate region; as The Day Job
is based on the American East Coast, I’m going to use us-east
. Also, for this go-around,
I’m going to use a 32-bit instance from Amazon that uses S3 as a backing store.
$ ec2-run-instances --group default --key ec2-keypair ami-e8249881
About the parameters and their values:
- Replace
ec2-keypair
with the name of the keypair you generated in the initial setup, if necessary.
Open the firewall for SSH and ICMP connections. Note that these operations are on a
security group (default
by, well, default); once you have done them once for your account,
you shouldn’t need to again. 1
$ ec2-authorize default -P tcp -p 22 -s 0.0.0.0/0
$ ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0
Make sure that the instance is running:
$ ec2-describe-instances
RESERVATION r-bc640bd1 331055354537 default
INSTANCE i-fe56b891 ami-d59d6bbc ec2-50-17-139-123.compute-1.amazonaws.com \
ip-10-244-15-197.ec2.internal running ec2-keypair 0 \
m1.small 2011-03-15T22:10:26+0000 us-east-1b aki-407d9529 \
monitoring-disabled 50.17.139.123 10.244.15.197 \
instance-store paravirtual xen
$ ping 50.17.139.123
PING 50.17.139.123 (50.17.139.123): 56 data bytes
64 bytes from 50.17.139.123: icmp_seq=0 ttl=43 time=83.324 ms
64 bytes from 50.17.139.123: icmp_seq=1 ttl=43 time=84.487 ms
64 bytes from 50.17.139.123: icmp_seq=2 ttl=43 time=81.306 ms
^C
--- 50.17.139.123 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 81.306/83.039/84.487/1.314 ms
$ ping ec2-50-17-139-123.compute-1.amazonaws.com
PING ec2-50-17-139-123.compute-1.amazonaws.com (50.17.139.123): 56 data bytes
64 bytes from 50.17.139.123: icmp_seq=0 ttl=43 time=82.973 ms
64 bytes from 50.17.139.123: icmp_seq=1 ttl=43 time=81.292 ms
64 bytes from 50.17.139.123: icmp_seq=2 ttl=43 time=81.086 ms
^C
--- ec2-50-17-139-123.compute-1.amazonaws.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 81.086/81.784/82.973/0.845 ms
Note that your instance ID (i-fe56b891
), DNS name (ec2-50-17-139-123.compute-1.amazonaws.com
),
and public IP address (50.17.139.123
) will be different from mine, and the latter two will change
each time you start the instance. I’ll cover how to get a persistent IP address in a later post.
Log in and look around
The Amazon Linux AMIs are preconfigured with a single user account named ec2-user
. Since we
opened up the SSH port, we can log in as this user:
$ ssh -i $EC2_KEYPAIR ec2-user@50.17.139.123
The authenticity of host '50.17.139.123 (50.17.139.123)' can't be established.
RSA key fingerprint is dc:35:e8:86:fd:9f:63:2f:6a:cc:bc:d6:1d:6b:32:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '50.17.139.123' (RSA) to the list of known hosts.
__| __|_ ) Amazon Linux AMI
_| ( / Beta
___|\___|___|
See /usr/share/doc/amzn-ami/image-release-notes for latest release notes. :-)
[ec2-user@ip-10-244-15-197 ~]$
This is a full-fledged Linux system, albeit a little light on the installed packages. 2 You can do all the things you’d expect to be able to do on a Linux system:
[ec2-user@ip-10-244-15-197 ~]$ yum check-update
Loaded plugins: fastestmirror, security
Skipping security plugin, no data
aws-amitools-ec2.noarch 1.3.57676-1.1.amzn1 amzn
aws-apitools-as.noarch 1.0.33.1-1.1.amzn1 amzn
aws-apitools-ec2.noarch 1.3.62308-1.1.amzn1 amzn
aws-apitools-mon.noarch 1.0.9.5-1.1.amzn1 amzn
aws-apitools-rds.noarch 1.3.003-1.1.amzn1 amzn
cloud-init.noarch 0.5.14-23.amzn1 amzn
java-1.6.0-openjdk.i686 1:1.6.0.0-44.1.9.1.18.amzn1 amzn
system-release.noarch 2010.11-2 amzn
[ec2-user@ip-10-244-15-197 ~]$ yum upgrade
Loaded plugins: fastestmirror, security
You need to be root to perform this command.
…except, apparently, the things requiring root privileges. Not a problem, as
ec2-user
has sudo privileges:
[ec2-user@ip-10-244-15-197 ~]$ sudo yum upgrade
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
amzn | 2.1 kB 00:00
Skipping security plugin, no data
Setting up Upgrade Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
...
Finally, just to prove we have full access to the outside world:
[ec2-user@ip-10-244-15-197 ~]$ ping craigcottingham.github.com
PING craigcottingham.github.com (207.97.227.245) 56(84) bytes of data.
64 bytes from pages.github.com (207.97.227.245): icmp_seq=1 ttl=51 time=2.72 ms
64 bytes from pages.github.com (207.97.227.245): icmp_seq=2 ttl=51 time=2.34 ms
64 bytes from pages.github.com (207.97.227.245): icmp_seq=3 ttl=51 time=2.53 ms
^C
--- craigcottingham.github.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2382ms
rtt min/avg/max/mdev = 2.342/2.531/2.720/0.159 ms
Don’t forget to shut down
As soon as the instance launches, you start racking up charges – granted, at the rate of USD0.085 per hour, more or less. Shut the instance down when you’re done with it, to avoid surprises on your credit card bill later.
First, if you’re still logged into the instance, log out.
Next, terminate the instance: 3
$ ec2-terminate-instances i-fe56b891
INSTANCE i-fe56b891 running shutting-down
Give it a minute or two, then double-check that the instance is no longer running:
$ ec2-describe-instances
RESERVATION r-bc640bd1 331055354537 default
INSTANCE i-fe56b891 ami-d59d6bbc terminated ec2-keypair 0 \
m1.small 2011-03-15T22:10:26+0000 us-east-1b aki-407d9529 \
monitoring-disabled instance-store paravirtual xen
At some point in the near future, this record will be garbage collected, and won’t show
up in ec2-describe-instances
any more.
-
But it won’t hurt if you do. You’ll just get a warning to that effect. ↩
-
On purpose. Amazon’s stated intention is to make a small, quick-booting Linux system, and let you add on the stuff you need. ↩
-
S3-backed instances like this can only be terminated, which means that they will be deleted after they shut down, and any data stored or changed in the instance will be lost. EBS-backed instances can be stopped without terminating, which means they remain known to EC2 and can be restarted again. I’ll show an example of this in a later post. ↩