Working with Amazon EC2 API-tools
4/12/2011 10:43:00 PM
It's actually quite simple. You just need to know some basic concepts and the rest is common sense.
The concepts:
Regions and Availability Zones (from http://aws.amazon.com/ec2/)
Amazon EC2 provides the ability to place instances in multiple locations. Amazon EC2 locations are composed of Regions and Availability Zones. Availability Zones are distinct locations that are engineered to be insulated from failures in other Availability Zones and provide inexpensive, low latency network connectivity to other Availability Zones in the same Region. By launching instances in separate Availability Zones, you can protect your applications from failure of a single location. Regions consist of one or more Availability Zones, are geographically dispersed, and will be in separate geographic areas or countries. The Amazon EC2 Service Level Agreement commitment is 99.95% availability for each Amazon EC2 Region. Amazon EC2 is currently available in five regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore), and Asia Pacific (Tokyo).
Instance:
In simple terms, an Instance is a virtual server running on top of a cloud provider, in our case Amazon AWS. There are several types of instances:
http://aws.amazon.com/ec2/instance-types/
Depending on application requirements, you may choose to run the smallest instance or a big one.
Pre-reqs:
Linux Workstation (mine is Ubuntu 10.10)
API Tools (http://aws.amazon.com/developertools/351)
So why work from command-line?
+ It's faster to work from CLI
+ Some of the AWS/EC2 features are only available from the API tools
Part 1: API Tools Installation
1. Download API Tools from the link above to your home directory (eg. /home/juan)
2. Extract the downloaded file
unzip -d ec2 ec2-api-tools.zip
This will create an ec2 folder containing the api files.
3. Make sure you have Java JRE
apt-get install sun-java6-jre
4. Setup environment variables. In your at ~/.bashrc you will need to put the following configuration -- at the bottom of the file is fine.
export EC2_HOME=/home/juan/ec2 export PATH=$PATH:$EC2_HOME/bin export JAVA_HOME=/usr export EC2_PRIVATE_KEY=/home/juan/pk-xxxxxx.pem export EC2_CERT=/home/juan/cert-yyyyyy.pem export EC2_URL=https://ec2.ap-southeast-1.amazonaws.comEC2_HOME is where you extracted the API files
EC2_PRIVATE_KEY is the private key file from AWS Console -> Account -> Security Credentials -> Access Credentials
EC2_CERT is from the same location. You need the Private Key and Certificate for the API to communicate with AWS
EC2_URL depends on where you will be deploying your instances
Here is a list of possible EC2_URL:
https://ec2.eu-west-1.amazonaws.com
https://ec2.us-east-1.amazonaws.com
https://ec2.ap-northeast-1.amazonaws.com
https://ec2.us-west-1.amazonaws.com
https://ec2.ap-southeast-1.amazonaws.com
5. Test.
[email protected]:~/ec2$ ec2-describe-regions REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.comIf you see the a similar output as above. You are now in business.
Part 2: Working with CLI
# List Regions and Availabibility Zones ec2-describe-regions ec2-describe-availability-zones # Create Security Group / Add Rules to Security Group ec2-create-group <GroupName> -d "Web Servers" ec2-authorize <GroupName> -P tcp -p 80 -s 0.0.0.0/0 ec2-authorize <GroupName> -P tcp -p 3306 -o <GroupName> # List Groups ec2-describe-group ec2-describe-group <GroupName> # Remove Rule / Delete Group ec2-revoke <GroupName> -P tcp -p 80 -s 0.0.0.0/0 ec2-revoke <GroupName> -P tcp -p 3306 -o Webs ec2-delete-group <GroupName> # Key-Pairs ec2-create-keypair <key-pair name> ec2-delete-keypair <key-pair name> ec2-describe-keypairs # Create keypair from linux ssh-keygen -b 2048 -t rsa -f <key-pair name> # Import Keys (if you want to you your own keys to login to your instances) ec2-import-keypair <key-pair name> --public-key-file .ssh/id_rsa.pub # run instance ec2-run-instance <ami-id> -n <count> -g <security group> -k <key-pair name> -t <instance type> --availability-zone <av-zone> --instance-initiated-shutdown-behavior stop Other switches: -f user data -b block device mapping # Console ec2-get-console-output <instance id> # List Instances, see above list for EC2_URL ec2-describe-instances # Elastic IP ec2-allocate-address ec2-associate-address <ip> -i <instance id> ec2-disassociate-address <ip address> ec2-release-address <ip address> # Terminate instance ec2-terminate-instances <instance id> # Start / Stop instance (for EBS-based intances) ec2-start-instances <instance id> ec2-stop-instance <instance id> # Reboot instance ec2-reboot-instances <instance id> # EBS Volumes ec2-create-volume --size <size-GB> --availability-zone <av-zone> ec2-describe-volumes ec2-attach-volume <vol-id> -i <instance id> -d /dev/xvdf ec2-detach-volume <vol-id> ec2-delete-volume <vol-id> ec2-create-snapshot <vol-id> -d "Description"
Subscribe to:
Post Comments (Atom)
November 2, 2011 at 4:29 PM
Hi John,
i get following error when i enter any command of ec2.
Please let know ur reply.
[email protected]:~$ ec2-describe-regions
Client.MalformedSOAPSignature: Invalid SOAP Signature. Failed to check signature with X.509 cert
November 2, 2011 at 7:01 PM
Hello Sunil. Please check that you have the correct certificates (x509 and private key). Note that the private key can only be downloaded once from AWS console. Once you have the correct certificate, make sure that the location of the certificate is properly exported so that it may be found by api commands.
export EC2_PRIVATE_KEY=/home/juan/pk-xxxxxx.pem
export EC2_CERT=/home/juan/cert-yyyyyy.pem
export EC2_URL=https://ec2.ap-southeast-1.amazonaws.com
it's also helpful to include EC2_URL so that you wont be passing that parameter for every api command.
I hope that helps.