Monday, February 13, 2012

Getting Started with Amazon EC2 (part 1)

In the next series of tutorials I will document some of my experiences with Amazon EC2 cloud services, and provide a small guide which will hopefully help you with your first steps with Amazon.
 Being a command line guy I immediately wanted to put my hands on the Amazon CLI tool set called  "ec2-api-tools" ,which allows us to fully interact with the EC2 services.

It is of course possible to use the "traditional" Web GUI -
AWS Management Console, but in case you are a developer who really want to understand and feel EC2 true capabilities or a sys admin who is planning to create a decent automation solution for your instances in the Cloud, you will need to master the EC2 command line , so get it from here.

For my tests I have used a CentOS v5.5 x64 client.

Some pre-requirements first.

Check that Java is installed and operational (if not "yum install" it):
# rpm -qa|grep jdk
java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7

# java -version
java version "1.6.0_20"
OpenJDK Runtime Environment (IcedTea6 1.9.10) (rhel-1.23.1.9.10.el5_7-x86_64)
OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode)

We will create a folder that will be dedicated to Amazon related stuff:
#mkdir ~/.amazon
#mv ~/ec2-api-tools.zip ~/.amazon/;cd ~/.amazon
#unzip ec2-api-tools.zip

Connection to Amazon EC2 services is secured using .x509 certificates.
So, in order to be able to interact with EC2 from your client you will need to generate public and private keys and put them into  ~/.amazon folder.

Log-in to Amazon Web Services , and go to your account settings, from there select "Security Credentials" option.

Inside you should find "Access Credentials", with a tab called "x.509 Certificates".
Select "Create a new Certificate" and download both of the keys into ~/.amazon directory.












Your ~/.amazon folder should now contain the unzipped tools folder + the 2 keys:
ec2-api-tools-1.5.2.4
pk-YOURID.pem
cert-YOURID.pem

Make sure to set the appropriate permissions (private key should be only readable by it's owner!) on the keys:
#chmod 0400 pk-YOURID.pem
#chmod 0644 cert-YOURID.pem

Next, we will need to modify your ~/.bashrc file with the appropriate environment variables:
#vi ~/.bashrc

#Amazon related variables...
export EC2_HOME="~/.amazon/ec2-api-tools-1.5.2.4"
export PATH=$PATH:${EC2_HOME}/bin
export EC2_PRIVATE_KEY=pk-YOURID.pem
export EC2_CERT=cert-YOURID.pem
export JAVA_HOME="/usr" #or wherever "java" binary resides

Save the file and trigger the shell to re-read the changes:
#source ~/.bashrc


Lastly we need to configure a private key for SSH sessions into the instances:
#cd ~/.amazon
#ec2-add-keypair name-of-keypair

Copy the contents of the generated private key and paste them into a file:
#cat > ~/.amazon/id_rsa_name-of-keypair

And set the correct permissions on it:
#chmod 0400 ~/.amazon/id_rsa_name-of-keypair

We are now ready to begin Interacting with Amazon via ec2-* commands.
You can test that everything works as should with the following command:
  
#ec2-version
1.5.2.4 2011-12-15


More about the CLI basics and further explorations are soon to come, so stay tuned!

No comments: