The resulting private key must be saved in a local file for later use. Create a file named
id_rsa-gsg-keypair and paste into it all lines starting with the line
"-----BEGIN PRIVATE KEY-----" and ending with the line "-----END PRIVATE KEY-----".
Confirm that the file contents looks exactly as shown below.
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQC2i/Sgs5BGGd4sunpYQfEkcprgzP9M/hnVJTc1j0nZBeIE2JBuLRSNoqkO7Gw8
nBcdNptaLedzqN8t78jGkX1TPWVAKJTfxRSvU/oViGJaRqIBar0Mpc/wC27kyzHezUNS5+mvONb3
4h/j2EZwDLY75Uxrpka0aN6OkvyIP5gYMQIDAQABAoGAOKH65tBOdjEYSHAh/LeYhGI5wnxWyCAd
C49cLXWix32XvUEircu2kKpiIIsgmT0jvqBuWe/b2noNo0a81z3TzzRYyLvn5J8mUlL6a8nsssQ3
xCHkGM+SE7ZzfBS5WUkbh5Exd3ZXKfCJvJW6auOzJ581JB5yUNbqixWzHuQGGAECQQDwq4LQoyb5
OVSpZwSy+GW/p0yRsqRp89ECNQ+hySGBjkSXBcbt75C+5ebo88/V2V4QOGGa0T0tMsMgKTJ8oukh
AkEAwiyoFM0Zwk0Os3rBZ8PyZoNW5e5SBwrEbLRv4JCaNiQme0ighsDr2bL/nGLI7p13g22+9REM
i/WAmsln50H9EQJASMun6tGepT2pFQBbFIM7y4egCmXdg0rDSoagLtB2eQh+SKvvquKOhp9lg8rT
b5yq7f8PztNBTN2Q1baAVeC04QJAGgN5kS/ZH5rLOWhcuNYbh3hZD/zZqG/c2ONjiaZVwqMdNK8K
MoNuFYBRllX1rWITPNxbFOHv2GBPlm0dKnJAwQJBAOgwjgLY3UpXFX9ZvG4RGEYgfui49Ffz10CH
5sSZpsFYn42E6a2NUJeL4hTzfbGTQ8iCIVjOXFH/9XLTDCNQEPM=
-----END RSA PRIVATE KEY-----
Launch an Instance
You are now ready to launch an instance of the AMI you selected above.
PROMPT> ec2-run-instances ami-61a54008 -k gsg-keypair
INSTANCE i-10a64379 ami-61a54008 EC2 pending gsg-keypair
The instance ID in the second field of the output is a unique identifier for the instance and can be used
subsequently to manipulate your instance, e.g. to terminate it.
Important
Once you launch an instance, you will be billed per hour for CPU time. Make sure you
terminate any instances which you don't intend to leave running indefinitely.
It will take a few minutes for the instance to launch. You can follow its progress by running:
PROMPT> ec2-describe-instances i-10a64379
RESERVATION r-fea54097 495219933132 EC2
INSTANCE i-10a64379 ami-61a54008 domU-
12-34-31-00-00-05.usma1.compute.amazonaws.com EC2 running gsg-keypair
When the status field reads "running", the instance has been created and has started booting. There may
still be a short time before it is accessible over the network, however. The DNS name displayed in the
sample output above will be different from that assigned to your instance. Make sure you use the
appropriate one.
Authorize Network Access
In order to be able to reach the running instance from the Internet, you need to enable access for the ssh
service which runs on port 22:
PROMPT> ec2-authorize default -p 22
PERMISSION default ALLOWS tcp 22 22 FROM CIDR
0.0.0.0/0
Connect to the Instance
Now that you have a running instance, you can log in and modify it according to your requirements. If
you launched a public Amazon EC2 AMI, you can use the following command to log in with your own
Amazon EC2
Developer Guide
4
private key:
PROMPT> ssh -i id_rsa-gsg-keypair root@domU-
12-34-31-00-00-05.usma1.compute.amazonaws.com
root@my-instance #
Otherwise, use the plain ssh command and supply the appropriate password when prompted.
PROMPT> ssh root@domU-12-34-31-00-00-05.usma1.compute.amazonaws.com
root@my-instance #
You now have complete control over the instance and may add, remove, modify or upgrade packages
and files to suit your needs. Some of the basic configuration settings related to the Amazon EC2
enviroment, such as the network interface configuration and /etc/fstab contents, should only be
changed with extreme care, to avoid making the AMI unbootable or inaccessible from the network once
running.
Upload the Key and Certificate
The new AMI will be encrypted and signed to ensure that it can only be accessed by you and
Amazon EC2. You therefore need to upload your Amazon EC2 private key and X.509 certificate to the
running instance, for use in the AMI bundling process.
Assuming the private key and X.509 certificate are contained in files
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem and
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem, copy both of these files to your instance:
PROMPT> scp pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem cert-HKZYK-
TAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem root@domU-
12-34-31-00-00-05.usma1.compute.amazonaws.com:/tmp
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 717
0.7KB/s 00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
100% 685 0.7KB/s 00:00
Note
It is important that the key and cert files are uploaded into /tmp to prevent them being bundled
with the new AMI.
You are now ready to proceed to the next step which involves bundling the volume and uploading the
resulting AMI to Amazon S3. This is described in the section called “Bundling an AMI” .
Creating via a Loopback File
This method entails doing a full operating system installation on a clean root file system, but avoids
having to create a new root disk partition and file system on a physical disk. Once you have installed
your operating system, the resulting image can be bundled as an AMI with the ec2-bundle-image
utility.
Create a File to Host the AMI
The dd utility can be used to create files of arbitrary sizes. In this case, make sure to create a file large
enough to host the operating system, tools and applications that you will install. For example, a baseline
Linux installation requires about 700MB, so your file should be at least 1GB. The command below
creates a file of 1024*1MB=1GB.
# dd if=/dev/zero of=my-image.fs bs=1M count=1024
1024+0 records in
1024+0 records out
Amazon EC2
Developer Guide
5
Previous Page Next Page