Amazon AWS EC2 Introduction

Amazon Web Services (AWS) is a collection of remote computing services (also called web services) that together make up a cloud computing platform, offered over the Internet by Amazon.com. Because AWS is huge and complex, is not possible cover all the topics on an simple post, so we will cover here the basis of Amazon EC2.

Open a free account

This post assumes that you have an amazon account. If you don't have one, you can create one for free with the instructions on the video Create an AWS account

Getting your access key ID and secret access key

Is not a good practice use you account keys to access you resources because this key has access to your bills information, unlimited resources, etc. Is better create another user with limited access with diferent keys. The article IAM Best Practices contains a list of recommended practices to avoid security issues with your keys.

Create individual IAM users

Inside your dashboard go to users options click Create new users button , write the username and click. AWS will create a new AIM user with a new keypair. Click download keys and store on a secure location.

Installing and configuring AWS Command Line Interface

AWS-cli is a command line interface written in python that is used to send commands and get information from AWS. As any standard package from python can be installed via pip:

  pip install awscli

You can test if the installation was successfull executing the next command:

    aws help

Configuring the AWS Command Line Interface

You can setup the environment variables – AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY or you can run awscli configure:

    $aws configure

    AWS Access Key ID [None]: IGMAOKYKYYLNEDIEYDF
    AWS Secret Access Key [None]: ASDA=JSADFJJJ;Jj;kdfu=asdf
    Default region name [None]: us-west-1
    Default output format [None]: json

Amazon Elastic Compute Cloud EC2

(EC2) provides scalable virtual private servers using Xen. The user can create by demand one or many virtual servers that can be deleted by demand as well. Resources for an instance such as disk, network interfaces, cpu, memory can be changed at any moment so it is possible scale an application at low cost. All the physical and infraestructure is run by Amazon, so as user you don't have to take care of aspects as physical security, maintenance, etc.

The command aws ec2 help show you all the options that you have to manage ec2 instances.

Listing EC2 Regions

  $ aws ec2 describe-regions


    {
        "Regions": [
            {
                "Endpoint": "ec2.eu-west-1.amazonaws.com", 
                "RegionName": "eu-west-1"
            }, 
            {
                "Endpoint": "ec2.sa-east-1.amazonaws.com", 
                "RegionName": "sa-east-1"
            }, 
            {
                "Endpoint": "ec2.us-east-1.amazonaws.com", 
                "RegionName": "us-east-1"
            }, 
            {
                "Endpoint": "ec2.ap-northeast-1.amazonaws.com", 
                "RegionName": "ap-northeast-1"
            }, 
            {
                "Endpoint": "ec2.us-west-2.amazonaws.com", 
                "RegionName": "us-west-2"
            }, 
            {
                "Endpoint": "ec2.us-west-1.amazonaws.com", 
                "RegionName": "us-west-1"
            }, 
            {
                "Endpoint": "ec2.ap-southeast-1.amazonaws.com", 
                "RegionName": "ap-southeast-1"
            }, 
            {
                "Endpoint": "ec2.ap-southeast-2.amazonaws.com", 
                "RegionName": "ap-southeast-2"
            }
        ]
    }  

Security Groups

A security group acts like a virtual Firewall that control access to one or more instances, you can define custom rules to manage traffic associated to every instance and associate one or more users to one or more security groups.

Listing Security Groups

You can use the command aws ec2 describe-security-groups to get a list of your security groups:


  $ aws ec2 describe-security-groups
    {
        "SecurityGroups": [
            {
                "IpPermissionsEgress": [
                    {
                        "IpProtocol": "-1", 
                        "IpRanges": [
                            {
                                "CidrIp": "0.0.0.0/0"
                            }
                        ], 
                        "UserIdGroupPairs": []
                    }
                ], 
                "Description": "default VPC security group", 
                "IpPermissions": [
                    {
                        "IpProtocol": "-1", 
                        "IpRanges": [], 
                        "UserIdGroupPairs": [
                            {
                                "UserId": "495087967", 
                                "GroupId": "sg-85u5mch"
                            }
                        ]
                    }
                ], 
                "GroupName": "default", 
                "VpcId": "vpc-34985c", 
                "OwnerId": "098765454", 
                "GroupId": "sg-adfa3545"
            }
        ]
    }  


Creating Security Groups

We wil create a security group named security_test to do that we use the command aws ec2 create-security-group

    $ aws ec2 create-security-group --group-nam "security_test" --description "Security test for blog"

    {
        "return": "true", 
        "GroupId": "sg-fdasd"
    }

Giving ssh access to groups

We will want to access ec2 instances via ssh, to do that, we must add ssh access to the security group associated with an instance. We can use the command aws ec2 authorize-security-group-ingress

     $aws ec2 authorize-security-group-ingress --group-name security_test --protocol tcp --port 22 --cidr 0.0.0.0/0

  {
    "return": "true"
  }

Note: 0.0.0.0/0 address is ok for short time testing porposal but unnaceptable for production.

SSH keypair

In order to access ec2 instances a ssh keypair is required, you can create one using the command aws ec2 create-key-pair

    $aws ec2 create-key-pair --key-name manuel_dev_key --query 'KeyMaterial' --output text > manuel_key.pem

Amazon Machine Images (AMIs)

An AMI is a template that contains a software configuration (Operative System, Applications, etc.). From an AIM you can create an instance wich is a running copy of this template. From one AMI can be created one or more Instances.

Amazon Linux AMIs

Amazon Linux is Linux flavor pretty similar to Red Hat/ CentOs with the advantange that is developed and maintained by Amazon, so if you choose one of this AMI you will get for free:

  • Security updates relased by Amazon
  • Drivers tunned for optimal performance inside Amazon enviroment
  • AWS support

We will choose for this post an AMI ami-a8d3d4ed which is available only for us-west-1 region . Here a link where you can find a list of Amazon Linux AMIs for every region .

You can see the ami list using the aws ec2 describe-images command:

  $aws ec2 describe-images --image-ids '["ami-a8d3d4ed"]'
    {
        "Images": [
            {
                "VirtualizationType": "paravirtual", 
                "Name": "amzn-ami-pv-2014.03.2.x86_64-ebs", 
                "Hypervisor": "xen", 
                "ImageOwnerAlias": "amazon", 
                "ImageId": "ami-a8d3d4ed", 
                "RootDeviceType": "ebs", 
                "State": "available", 
                "BlockDeviceMappings": [
                    {
                        "DeviceName": "/dev/sda1", 
                        "Ebs": {
                            "DeleteOnTermination": true, 
                            "SnapshotId": "snap-d6bea21a", 
                            "VolumeSize": 8, 
                            "VolumeType": "standard", 
                            "Encrypted": false
                        }
                    }
                ], 
                "Architecture": "x86_64", 
                "ImageLocation": "amazon/amzn-ami-pv-2014.03.2.x86_64-ebs", 
                "KernelId": "aki-880531cd", 
                "OwnerId": "137112412989", 
                "RootDeviceName": "/dev/sda1", 
                "Public": true, 
                "ImageType": "machine", 
                "Description": "Amazon Linux AMI x86_64 PV EBS"
            }
        ]
    }  


Listing EC2 Instances

We can query the list of instances for account/user usign the next command:

    $aws ec2 describe-instances

    {
        "Reservations": []
    }  

Note: Because we haven't create any instance yet, the returned list is empty.

Runing EC2 Instances

The command aws ec2 run-instances has a lot of parameters that won't be covered on this post. To run an instance you will need some basic params:

  $aws ec2 run-instances --image-id ami-a8d3d4ed --instance-type t1.micro --key-name manuel_dev_key --security-groups security_test 

Connecting to EC2 instances via ssh

Run the command aws ec2 describe-instance check the public url for your instace in the value PublicDnsName . Now you can use ssh with your key and the ec2-user

  ssh -i ./manuel_key.pem ec2-user@ec2-856-3632-56665-fdad.us-west-1.compute.amazonaws.com  

    Last login: Sat Aug 30 16:15:27 2014 from xx.xxx

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

Terminanting an instance

Use the command aws ec2 terminate-instances passing the instance id as a param


  $ aws ec2 terminate-instances --instance-ids i-3f522861
 
    {
        "TerminatingInstances": [
            {
                "InstanceId": "i-3f522861", 
                "CurrentState": {
                    "Code": 32, 
                    "Name": "shutting-down"
                }, 
                "PreviousState": {
                    "Code": 16, 
                    "Name": "running"
                }
            }
        ]
    }  

References