Amazon Web Services
From Consultancy.EdVoncken.NET
Amazon Web Services is a leading provider of Cloud Computing. In our business, we're actively investigating Cloud Computing as the ultimate form of flexible hosting (pay-as-you-go model).
Cloud Computing is completely API-driven, and allows you to explore new Cloud Architectures as well as re-use existing design patterns.
Contents |
Account Setup
This process is fairly involved (I created my account in 2008, things may have changed since):
- Create an Amazon AWS account at http://aws.amazon.com/, click "Sign Up Now".
You will be asked for an email address and password.
Note: These are your "Sign-In Credentials". - Next, try to log in using the email address and password. Amazon will now prompt you to set a "nickname".
- You now need to sign up for specific services; S3 first, then EC2. This is needed because most AMI (Amazon Machine Images) are stored on S3.
- In the Infrastructure Services box on the left, click Amazon Simple Storage Service (S3). You will now be prompted for additional information, most importantly your creditcard info.
- In the Infrastructure Services box on the left, click Amazon Elastic Compute Cloud and complete the signup process. At this point, you will need to create an X.509 certificate which is needed for authentication.
- Click "Create a New X.509 Certificate" and follow the steps.
- Download and store your Private Key (pk-*.pem) and Certificate (cert-*.pem).
- Create Access Keys:
- Download and store your Access Key ID + Secret Access Key
Note: I stored all the PEM-files in a subdirectory ~/aws/credentials/.
Security Credentials
Summarizing, you have now created the following sets of security credentials for use with Amazon Web Services:
- Sign-In Credentials
- Your E-mail Address, Password (and optionally, an AWS Multi-Factor Authentication Device).
These are used to interactively log on to the AWS website. - Account Identifiers
- Your AWS Account ID and Canonical User ID
- Access Credentials
- Your Access Keys, X.509 Certificates, and EC2 Key Pairs.
Access Keys are used to make secure REST or Query protocol requests to any AWS service API. X.509 Certificates are used to make secure SOAP protocol requests to AWS service APIs.
These are used to launch and then securely access your Amazon EC2 instances (they are a bit like your Secure Shell keys)
For more information, go to your Security Credentials page on AWS.
Amazon Command Line Tools
If you're running Unix/Linux (for example, Mac OS X), download and install the relevant command-line tools:
- Command Line Reference (documentation)
- ec2-api-tools
- ec2-ami-tools
- cloud formation cli (optional)
- iam cli (optional)
Installation is quite easy: I created a subdirectory "aws" in my homedirectory and unpacked the ZIP-files there. Create symlinks to the current version of the API/AMI tools (optional, but used in my profile script):
ln -s ec2-api-tools-1.4.2.4 ec2-api-tools ln -s ec2-ami-tools-1.3-66634 ec2-ami-tools
Environment settings
Now, add the appropriate settings to your profile. I created a separate profile "~/aws/.awsprofile":
# Profile settings for Amazon Web Services
# Source this file to configure the AWS Command Line tools
#
# Note: API and AMI tools are kept in separate subdirectories
# to allow for different versions to co-exist peacefully.
#
# File $Id: .awsprofile,v 1.2 2010/01/05 10:53:03 ed Exp ed $
# Configure installation directories
export EC2_HOME=~/aws/ec2-api-tools
export EC2_AMITOOL_HOME=~/aws/ec2-ami-tools
# Add scripts to path
export PATH=$PATH:${EC2_AMITOOL_HOME}/bin:${EC2_HOME}/bin
# Tools need to know where Java is installed (Mac OS X 10.6 Snow Leopard)
export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home
# Set credentials
export EC2_PRIVATE_KEY=~/aws/credentials/aws_x509/pk-DSFGFDFGFDHGFDFGHGFDFGHGRT.pem
export EC2_CERT=~/aws/credentials/aws_x509/cert-DSFGFDFGFDHGFDFGHGFDFGHGRT.pem
# Set default region (consult ec2-describe-regions first)
#export EC2_URL=export EC2_URL=https://ec2.eu-west-1.amazonaws.com/
# EOF
This file is sourced by my main profile, "~/.bash_profile", by adding these two lines near the top:
# If present, set up the Amazon Web Services commandline tools [ -r ~/aws/.awsprofile ] && source ~/aws/.awsprofile
Log off; log on. Your environment should now be set up properly.
Testing your environment
The following script should produce a list of Amazon EC2 regions plus the availability zones in each region:
for region in $(ec2-describe-regions |awk '{print $2}'); do \
echo "----------------------"; \
echo "Checking region $region:"; \
ec2-describe-availability-zones --region $region; \
done
The output will look somewhat like this:
----------------- Checking eu-west-1: AVAILABILITYZONE eu-west-1a available eu-west-1 AVAILABILITYZONE eu-west-1b available eu-west-1 AVAILABILITYZONE eu-west-1c available eu-west-1 ----------------- Checking us-east-1: AVAILABILITYZONE us-east-1a available us-east-1 AVAILABILITYZONE us-east-1b available us-east-1 AVAILABILITYZONE us-east-1c available us-east-1 AVAILABILITYZONE us-east-1d available us-east-1 [ ... ]
AWS Management Console
Amazon offers a nice web-interface called the "AWS Management Console" that you can use for starting up your first Linux AMI. Follow the instructions to start your cloud instance, and log on as "ec2-user" using Secure Shell. The Management Console will give you an example commandline:
ssh -i ~/aws/credentials/aws-ec2-eu-west-ireland.pem ec2-user@ec2-22-11-130-44.eu-west-1.compute.amazonaws.com
Instance meta-data
While logged on to your virtual Linux host, you can find the public hostname and IP-address from within the instance:
wget -q -O - http://169.254.169.254/latest/meta-data/public-hostname wget -q -O - http://169.254.169.254/latest/meta-data/public-ipv4
This information can be used by your own configuration scripts. An overview of all meta-data can be obtained
wget -q -O - http://169.254.169.254/latest/meta-data/
References
- Getting Started Guide
- User Guide
- Amazon EC2
- Amazon Linux AMI (based on CentOS 5.x)