ami
, such as ami-6ebe4507
. Instances have identifiers that begin with the letter i
, such as i-12459dbd
.
us-east-1
.
us-east-1a
.
vol
, such as vol-ffe93704
.
snap
, such as snap-773491a0
.
80
or SSH traffic on port 22
). All other traffic is ignored. By default, a security group has no rules, which causes it to block all incoming traffic. You can modify the rules for a security group at any time.
default
security group that EC2 provides for you. When you run a new instance it will run in the default
security group unless you choose a different one.
Amazon AWS is not free
Launch Web Browser
Sign In or Create an AWS Account
Login Credentials
Important — Password Security
Contact Information
*
next to them are required. Registration will not be allowed to proceed if they are not populated.
.iamrc
in your home directory that contains those keys in this format:
AWSAccessKeyId=your_access_key_id AWSSecretKey=your_secret_key
.eucarc
in your home directory with the following content to point it toward AWS:
export AWS_CREDENTIAL_FILE=~/.iamrc export EC2_URL=https://ec2.amazonaws.com/ export S3_URL=https://s3.amazonaws.com/ export EUARE_URL=https://iam.amazonaws.com/ source "$AWS_CREDENTIAL_FILE" export EC2_ACCESS_KEY=$AWSAccessKeyId export EC2_SECRET_KEY=$AWSSecretKey export AWS_ACCESS_KEY=$AWSAccessKeyId export AWS_SECRET_ACCESS_KEY=$AWSSecretKey
$
source ~/.eucarc
root
user: #
yum install euca2ools
euca-describe-regions
, which results in a list such as this:
REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
EC2_URL
in your .eucarc
file. For example:
export EC2_URL=https://ec2.us-east-1.amazonaws.com/
.eucarc
file, reset the settings in your shell's environment by running this command: $
source ~/.eucarc
euca-add-keypair
command to create it and write the private key to a file. Be sure to choose a name that is easy to remember. To create your new key pair, run the following command, replacing mykey with a memorable name:
$
euca-add-keypair mykey > mykey.pem
Key pairs are irreplaceable
euca-add-keypair
is the only chance you will have to save a copy of the private key. There is no way to recover a lost private key from EC2.
euca-describe-keypairs
to display a list of your keypairs.
$
euca-describe-keypairs
KEYPAIR mykey1 7b:9b:33:cf:bf:12:4d:62:b6:7c:fa:02:f2:f7:bc:59:e3:7e:40:fb
KEYPAIR mykey2 f9:93:1e:73:4b:2e:c1:0d:7f:79:e1:bc:c0:d0:7c:95:32:55:b7:dd
euca-delete-keypairs
to delete a keypair. Deleting a keypair does not remove it from instances that are already running; it merely prevents new instances from using it.
$
euca-delete-keypair mykey1
default
security group that EC2 provides for you, you can also create your own security groups.
euca-authorize
command lets you tell EC2 to allow traffic from ranges of IP addresses and ports into a security group. To allow access to SSH (TCP port 22
) running on instances in the default
security group, run the following command replacing 1.2.3.4 with the IP address from which you will connect to your EC2 instances.
$
euca-authorize default -p 22 -s 1.2.3.4/32
$
euca-authorize default -p 22
$
euca-authorize default -P icmp
euca-authorize
is euca-revoke
. You can use euca-describe-groups
to obtain a list of security groups and the firewall permissions you have applied to them.
ami
.
m1.small
and t1.micro
, though each of those carries a restriction: m1.small
instances must use the i386 architecture. t1.micro
instances have no instance storage and therefore must boot from EBS. If the image you choose fits neither of these criteria or if you simply need more resources than they can provide then you need to use a larger and more expensive instance type.
euca-run-instances
. To be able to log into the new instance, you must also specify the name of the key pair you created earlier. For example, to run a t1.micro
instance of the image ami-7f5a063a
with a key pair named mykey
, run the following command:
$
euca-run-instances ami-7f5a063a -t t1.micro -k mykey
RESERVATION r-4d5ea00a 0123456789ab default
INSTANCE i-910fbbd6 ami-7f5a063a pending 0 mykey t1.micro 2011-10-11T00:00:00.000Z us-east-1c aki-9ba0f1de
euca-run-instances
contains the ID of the instance you just started. In the example above, the instance's ID is i-910fbbd6
. You will need this ID to use tools that need to refer to the instance.
pending
state. When it finished booting it changes to the running
state. When you terminate it it changes to the shutting-down
and finally terminated
states.
running
state. You can check on your instances by running euca-describe-instances
, optionally with the ID of the instance in question. When the instance is ready (or nearly ready) to use, euca-describe-instances
will display the address you can use to log into it:
$
euca-describe-instances
RESERVATION r-4d5ea00a 0123456789ab default
INSTANCE i-910fbbd6 ami-7f5a063a ec2-204-236-168-22.us-east-1.compute.amazonaws.com ip-10-170-15-23.us-east-1.compute.internal running 0 mykey t1.micro 2011-10-11T00:00:00.000Z us-east-1c aki-9ba0f1de
ec2-204-236-168-22.us-east-1.compute.amazonaws.com
. Other useful bits of information from this command include the availability zone in which the instance is running (us-east-1c
in this case) and the time that the instance started.
running
you can log into it with ssh
. On Fedora's images you should log in as the user fedora
:
$
ssh -i mykey.pem fedora@ec2-204-236-168-22.us-east-1.compute.amazonaws.comFedora release 16 (Verne)
[fedora@i-910fbbd6 ~]$
cat /etc/fedora-release
euca-terminate-instances
command to free up resources and reduce your costs:
$
euca-terminate-instances i-910fbbd6
euca-create-volume
:
$
euca-create-volume -s 10 -z us-east-1c
VOLUME vol-23ca3542 10 creating 2011-10-11T00:00:00.000Z
vol-23ca3542
. You will need this ID to use tools that need to refer to the volume.
euca-describe-volumes
will provide a list of all volumes available to you in the entire region in addition to where they are attached:
$
euca-describe-volumes
VOLUME vol-23ca3542 10 us-east-1c available 2011-10-11T00:00:00.000Z
/dev/sdX
, where X is a letter. It will appear inside the instance as either /dev/sdX
or /dev/xvdX
.
$
euca-attach-volume -i i-910fbbd6 -d /dev/sdf vol-23ca3542
Volumes are zone-specific
[fedora@i-910fbbd6 ~]$
mkfs.ext4 /dev/xvdf
[fedora@i-910fbbd6 ~]$
mount /dev/xvdf /mnt
[fedora@i-910fbbd6 ~]$
umount /dev/xvdf
[fedora@i-910fbbd6 ~]$
logout
$
euca-detach-volume vol-23ca3542
$
euca-delete-volume vol-23ca3542
euca-create-snapshot
:
$
euca-create-snapshot vol-23ca3542
SNAPSHOT snap-00acc96e vol-23ca3542 pending 2011-10-11T00:00:00.000Z
snap-00acc96e
. You will need this ID to use tools that need to refer to the snapshot.
Volumes should not change while creating snapshots
euca-describe-snapshots
.
euca-describe-snapshots
will provide a list of all snapshots available to you in the region:
$
euca-describe-snapshots
SNAPSHOT snap-00acc96e vol-042d3a6a completed 2011-10-12T05:56:29.000Z 100%
Dealing with too much output
euca-describe-snapshots
will list all snapshots that you can access, including those that you do not own. To narrow down the command's output you can supply a list of snapshots to the command or use any of its numerous methods of filtering output.
euca-create-volume
and specify a snapshot instead of a size:
$
euca-create-volume --snapshot snap-00acc96e -z us-east-1c
euca-delete-snapshot
. Any volumes created from that snapshot will be unaffected.
$
euca-delete-snapshot snap-00acc96e