Let’s talk for a moment about configuring your Linux system to work with Amazon EC2 via the command line.
The command line tools that you’ll want are either the Amazon EC2 API Tools or the
euca2ools package, depending on your language, license, and distro preferences.
In the examples below, change
ec2- if you are using the Amazon EC2 API Tools.
Note that everything in this blog post is something that you should only have to do once, and then you’ll be off and running with EC2 for a long time to come.
Setting environment variables
The first thing to do is to configure your system’s environment variables to handle AWS account credentials. Create
~/set-ec2-environment as follows:
$ cat ~/set-ec2-environment
export EC2_ACCESS_KEY EC2_SECRET_KEY EC2_CERT EC2_PRIVATE_KEY
Setting your region
EC2 is split into distinct regions. Typically you’ll choose a region based on your geographic location, and you will launch Amazon Machine Images (AMIs) in that region. For the most part, you should be able to do all of your work in one region, unless you make a conscious choice to spread your workload across regions, or if an AMI that you want to run is only available in a specific region.
REGION eu-west-1 ec2.eu-west-1.amazonaws.com
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION us-west-1 ec2.us-west-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
Create one or more
~/set-region-REGION-NAME as follows:
$ cat ~/set-region-us-east-1
Tying credential and regional settings together
source the two configuration files on login, or just
source the two files from the command line. Also, if you have multiple set-region-REGION-NAME files, it makes it very easy to change your region, simply by running
source on the new region file.
The reason why we’re going to all this trouble is because everything in EC2 is divided by regions, and the idea is to separate the global AWS configuration from the region currently in use, and to make it trivial to change that region from the command line.
Setting your EC2 ssh key
Now that you have your region set, it’s time to create your ssh key and upload it to the region to which your environment is pointing.
$ euca-add-keypair amazon-ssh > amazon-ssh
$ chmod 600 amazon-ssh
The default AWS security group in each region doesn’t allow inbound ssh access. It is a very simple command to enable this for all of your instances in that region.
$ euca-authorize -p 22 default
~/.ssh/config to set the proper identify file for EC2 logins:
$ cat ~/.ssh/config
NOTE: It is possible to use a single SSH key for multiple regions, but euca2ools 1.3.1 doesn’t currently support this. You have to generate your own ssh public/private keypair, and then use
ec2-import-keypair or the EC2 console in order to upload that public key to multiple regions.
Congrats! You’ve now finished all the one-time setup that is necessary to use EC2.
Launching your AMI
Launch your instance by running:
$ euca-run-instances -k amazon-ssh AMI_ID
I have added
alias euca-run-instances="euca-run-instances -k amazon-ssh" to my
~/.bashrc which allows me to simply run
$ euca-run-instances AMI_ID with no additional command line arguments needed, unless I choose to specify a particular instance type, etc.
Connecting to your AMI
$ euca-describe-intances to get a list of all instances you have running in the region. You’ll see the hostname of the instance that you just started, and you can now run
$ ssh HOSTNAME to connect. If everything is configured properly, you won’t need any other command line options.
Your home directory should contain:
~/.bashrc should contain:
alias euca-run-instances="euca-run-instances -k amazon-ssh"
~/.ssh/config should contain: