Provisioning an EC2 Instance
EC2 images are bare bones propositions, so you have to provision them that is, install whatever software you want running on them. Thus, you'll need to log into the EC2 images via SSH. And to do so, you'll need an EC2 private key pair created before you fire up an image. The easiest way to get the keys is to create them via the AWS management console.
For example, once you've signed into the AWS Management console, select the EC2 tab. From there, you should see a Key Pairs link in the left-hand navigation bar, as shown in Figure 1.
If you click the Key Pairs link, you will be presented with a view containing a button labeled Create Key Pair, which if you click, will allow you to name a key pair and consequently download it. Alternatively, you can also create a key pair using AWS's command-line tools. Configuring these tools is fairly simple, provided you're comfortable with the command line and altering your path. Once you've installed these tools, you can create a key pair effortlessly; like so:
This script will output an RSA private key, which you'll need to copy and paste into a file in this case, I'd call the file "my_new_keypair.pem"; don't forget to run chmod 600 on the file, so that it is indeed kept private.
Next, you'll need to create a security policy for your running image. In EC2 terms, this means specifying what ports are open to traffic. For the purposes of this article, I'll be enabling SSH and HTTP/HTTPS. If you need other services, like FTP or non-standard ports for HTTP (like 8080) open to the outside world, you'll need to explicitly enable those ports.
To define a security group, click the Security Groups link in the left-hand navigation bar of the EC2 tab. As with key pairs, there will be a button labeled Create Security Group, as in Figure 2.
Click it and you'll be asked to name your security group; what's more, you can then create rules for inbound traffic.
Security group rules are a bit confusing at first, but they are simple to define. For instance, a source of 0.0.0.0/0 means from any outside request, which is probably what you want for now. You can see though that you can fine tune your security policies using this scheme (Figure 3).
Once you've defined a security policy and created a private key pair, you are ready to fire up an EC2 AMI in one of two ways. You can programmatically fire one up or you can start an EC2 AMI via the AWS management console.
As I mentioned earlier, there are several languages to choose from when it comes to programmatically interacting with AWS and you are free to use AWS provided SDKs or open-source independent implementations.
Using the AWS Java SDK, for instance, is fairly easy to start an AMI all you need to do is tell AWS which AMI you'd like to start, what type of instance you'd like to provision, what security policy to apply, and finally what private key pair (Figure 4) to use:
AmazonEC2 ec2 = new AmazonEC2Client(new BasicAWSCredentials("....", "...")); RunInstancesRequest runInstancesRequest = new RunInstancesRequest() .withInstanceType("t1.micro") .withImageId("ami-46f4092f") .withMinCount(1) .withMaxCount(1) .withSecurityGroupIds("AMI-Def") .withKeyName("my_key"); RunInstancesResult runInstances = ec2.runInstances(runInstancesRequest);
Alternatively, you can sign into the AWS management console, and within a few clicks, launch an AMI. The provided wizard makes it very simple to select an AMI, an instance type, and you're free to select existing key pairs or even create them then and there.
For instance, from the Instances link on the left navigation bar, you can click the Launch Instance button, which starts a handy wizard (Figure 5).
Finally, you can also provision an instance via the command line using the
ec2-run-instances command, you can specify an AMI, key pair via the
-k flag, and security group via the
-g flag, to name a few of the available options.
ec2-run-instances ami-46f4092f -k dr_dbs_pair2 -g AMI-Def
It should be noted that with the command line, you can start an EC2 instance without any security group (in which case the default group will be added, which is to say no port is open!). You later add authorized ports via the
The EC2 AMI that I tend to favor these days is ami-46f4092f, which is an Ubuntu image provided by the Ubuntu team. Ubuntu has quite a few official AMIs to choose from running various versions of Ubuntu as well as AMIs for i386 or AMD64 architectures.
Of course, firing up an AMI on EC2 is the easy part making use of it is another story. When you provision a Linux AMI with EC2, like ami-46f4092f, you can SSH to it using the key pair you assigned to that instance. To do so, you tell SSH which key to use:
ssh -i .ec2/dr_dobbs.pem email@example.com
Most AMIs provide instructions on whom to SSH as, for instance, Ubuntu images use the ubuntu user, who has sudo privileges. Of course, once you're on your EC2 instance, you need to do something with it. In this case, I'm going to install a few packages namely, Java 1.6, Git, and a few system utilities.
Installing core libraries and platforms, such as Java or Ruby on an Ubuntu image can be somewhat of a pain; consequently, I ended up creating a series of scripts that make this process pretty simple. The project containing the scripts is hosted on Github and is dubbed ubuntu-equip. To install Java, for example, once you are on your desired EC2 instance via SSH, type
wget --no-check-certificate https://github.com/aglover/ubuntu-equip/raw/master/equip_java.sh && bash equip_java.sh
This script will install a few core libraries along with the official Sun (now Oracle) Java 1.6 JDK; what's more, this script also installs Git. At this point, you've got an EC2 instance running in the cloud ready for deployment of a Java application!
EC2, like the rest of AWS, is a game changer. The ability to rapidly provision a wide range of computing resources on a pay-as-you-go basis has ushered in a new era of innovation. Whether you're tinkering in a garage or working for a large company, you have a low-cost option to put working software into production. And should that application become the next Twitter or Facebook, it can quickly scale it to meet user needs.
In a future article, I'll get into the topic of running your own apps on the AWS instances.
Andrew Glover is the CTO of App47, a company specializing in enterprise mobility. He also is the author of easyb, a BDD framework that won the Jolt Award in 2009. Previously, he was the President of Stelligent.