EC2 Guide: Preparing required tools (2 / 7)

If you are using Amazon EC2 the following steps are necessary, but if not (i.e. you are just following this guide to set up a server) please skip this page and install Ubuntu 10.04 Lucid Lynx (LTS) from a DVD.

Register with Amazon AWS

I’m not going to go into detail for the actual registration of services, but you need a credit / debit card, a valid e-mail address and a phone(!). It takes a while to get all of it done / activated, and there are several services you can use, but for now only EC2 needs configuring.

There are several pieces of information that are required to manage your instances and they are configured / obtained in the Security Credentials section of your Amazon account. You will need to create and write down / save:

• Your Access Key ID (under Access Keys e.g. XXXXXXXXXXXXXXXXXXXX)
• Your Secret Access Key (under Access Keys e.g. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
• Your X.509 Certificate (under X.509 Certificates e.g. cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem)
• Your Private Key (under X.509 Certificates e.g. pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem)

Install Firefox / Elasticfox

If you don’t use Firefox then please download the latest version. Because Amazon haven’t maintained Elasticfox for quite some time I no longer use the official one, instead I recommend you install this enhancement of Elasticfox which is a simple and bug free tool to manage all things AWS. To add it to Firefox:

• Open Firefox
• Select File -> Open File (Ctrl + O or Cmd + O)
• Browse to the extension and select Open
• Choose Install Now

Configure Elastic Fox

Launch Elasticfox by opening Firefox and selecting Tools -> Elasticfox – N.B. it is not under the Ad-ons section, it has it’s own button. You should be prompted to enter your AWS credentials. You can enter new details or modify existing ones by clicking on the “Credentials” button in the top centre of the Elasticfox window:

• Enter your Account Name, this can be anything you want
• Enter your Access Key (XXXXXXXXXXXXXXXXXXXX) and Secret Key (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
• Press Add
• Press Close

You now need to create a Key Pair:

• Click on the “KeyPairs” tab in Elasticfox
• Click on the green Key icon at the top of the tab
• Give your Key Pair a name (mykey)
• Press Ok
• You will be prompted for a location to save the .pem file
• Press Save

Download PuTTY / PuTTYgen (Windows only)

To manage your instance you will need and SSH tool and for Windows systems that basically means PuTTY, so please grab a copy, it’s free (and legal in most countries – please check yours!).

The Key Pair file that you created earlier (mykey.pem) is sadly not compatible with PuTTY, but it does have a tool to convert it into a usable format called PuTTYgen. Download this too, run it, load in your key file (you might need to select “All Files” under the “Files of Type” dropdown) and press Generate. Save this new key (mykey.ppk) with your original (mykey.pem) – don’t delete either!

Configure Elasticfox SSH

Launch Elasticfox and visit the Tools panel in the top right of the Elasticfox window.

Windows

Update the following:

• SSH Command: C:\path\to\putty\putty.exe
• SSH Key Template: C:\path\to\keys\mykey.ppk
• EC2 Private Key Template: C:\path\to\keys\mykey.ppk
• SSH User: ubuntu

Linux / OSX

Update the following:

• SSH Key Template: /var/home/keys/mykey.pem
• EC2 Private Key Template: /var/home/keys/mykey.pem
• SSH User: ubuntu

Choose a Region and Availability Zone

These should be a reasonably easy choice, but still one that needs making. There are at the time of writing 5 main regions each with several availability zones:

• US East (Northern Virginia): us-east-1, with zones: us-east-1a, us-east-1b, us-east-1c, us-east-1d
• US West (Northern California): us-west-1, with zones: us-west-1a, us-west-1b, us-west-1c
• EU (Ireland): eu-west-1, with zones: eu-west-1a, eu-west-1b, eu-west-1c
• Asia Pacific (Singapore): ap-southeast-1, with zones: ap-southeast-1a, ap-southeast-1b
• Asia Pacific (Japan): ap-northeast-1, with zones: ap-northeast-1a, ap-northeast-1b

Now, if you were using this in an enterprise environment you would probably want multiple servers in at least two of these regions so that if one malfunctioned the other could take over sole operation. However, given we are interested in a single server set up for now, it’s best just to choose a region / zone nearest to you / your audience and stick with it. In Elasticfox just choose your option from the top left drop down menu.

Define Security Group(s)

A Security Group is a set of rules applied to an instance defining what ports are available to who. In general this boils down to 5 options per port, it is either: closed, open to the internal Amazon network, open to an IP of your choice, open to everyone or open to a combination of the last 3 options. It is easiest to understand with a couple of examples:

1. Apache (the web-server) allows people to view web pages on port 80 (http://) or port 443 (https://) by default. It is likely that you want both of these options available to everybody, so you would set unrestricted access (0.0.0.0/0) to these two ports.
2. SSH (the secure shell) allows you to connect to your server to manage it directly on port 22 by default. It is likely that you want this option only available to you on your IP only, so you would restrict access to only your IP address (23.22.252.150/32) on this port
3. If you had a separate MySQL database server it would accept requests on port 3306 by default. You would need to let your web-server connect to it, but in this instance it would be wise to restrict access to only internal cloud machines (10.0.0.0/8). You could also allow your IP (23.22.252.150/32) direct access or of course allow everyone (0.0.0.0/0) if you had a non-cloud based server requiring access.

You only need one security group, but as mentioned previously there may come a time when you would like to separate your server into different parts. So I created 5 security groups which would allow a combo server set up (add all 5 groups) or individualised servers (with only the necessary groups added). My groups were:

Web-server

Protocol	From Port / ICMP Type	To Port / ICMP Code	Source User: Group	Source CIDR
tcp	80	80		0.0.0.0/0
tcp	443	443		0.0.0.0/0

Database Server

Protocol	From Port / ICMP Type	To Port / ICMP Code	Source User: Group	Source CIDR
tcp	3306	3306		10.0.0.0/8

E-mail Server

Protocol	From Port / ICMP Type	To Port / ICMP Code	Source User: Group	Source CIDR
tcp	25	25		0.0.0.0/0
tcp	110	110		0.0.0.0/0
tcp	143	143		0.0.0.0/0
tcp	465	465		0.0.0.0/0
tcp	993	993		0.0.0.0/0
tcp	995	995		0.0.0.0/0

SSH / SFTP / RDP

Protocol	From Port / ICMP Type	To Port / ICMP Code	Source User: Group	Source CIDR
tcp	22	22		23.22.252.150/32
tcp	3389	3389		23.22.252.150/32

FTP (optional)

Protocol	From Port / ICMP Type	To Port / ICMP Code	Source User: Group	Source CIDR
tcp	21	22		23.22.252.150/32

You can then load these in any combination you like to create servers fit for most purposes.

Assign and Whitelist an Elastic IP

Your machine will need an ip address (X.X.X.X) so that you can configure your zone files and point your domain to it. This is very easy to do in Elasticfox:

• Visit the “Elastic IPs” tab
• Click the green plus button to allocate a new IP address
• When the IP address appears right click it and choose “Copy Elastic IP to Clipboard”

Until relatively recently Amazon had real trouble with ip blacklisting (especially bad for e-mails), but they now have a process in place which whitelists a new IP for you within a few days. For this to happen you need to fill out a use case request form to remove sending restrictions. It only takes a minute or two to inform them of your intentions and get your IP whitelisted.

Choose an Instance Size and AMI file

Before you can launch an instance you must first decide which type you need, there are many available and all have different costs associated with them so it’s best not to be greedy! One key matter to consider is that some are 32 bit and some are 64 bit. This will dictate which AMI you choose to run.

Once you have made your choice you can visit Ubuntu’s AMI list and choose the right one for you. Choose the correct (either 64 bit or 32 bit) EBS backed version for your chosen region and copy the AMI reference down.

Launch an AMI

Launching an AMI file is quite straightforward. In Elasticfox:

• Select the “Images” tab
• Type (or paste) your chosen Ubuntu AMI reference into the search box
• Right click the one remaining file and choose “Launch Instance(s) of this AMI”
• A popup box will appear
• In the KeyPair field, select the KeyPair you created earlier (mykey)
• In the Security Groups section, select the appropriate group and click on the right arrow to move it into the Launch in box. Do this from bottom to top because Elasticfox has a bug here where groups appear as undefined!
• Press Launch

Associate your Elastic IP

• Select the “Instances” tab (your new instance should appear there)
• Wait for the status to update to “running”
• Right click the instance row
• Select “Associate Elastic IP with Instance”
• Select your IP from the dropdown
• Press “Associate”
• Wait for 30 seconds or so

Connect to your Instance

• Right click the instance row again
• Select “Connect to Instance”
• You may need to point to your key file (Windows: C:\path\to\keys\mykey.ppk, Linux: /var/home/keys/mykey.pem)

You should now see a terminal window open and be logged in to your server!