EC2 Guide: Preparing required tools (2 / 7)

If you are using Amazon EC2 the following steps are necessary, but if not (i.e. you are just following this guide to set up a server) please skip this page and install Ubuntu 10.04 Lucid Lynx (LTS) from a DVD.

Register with Amazon AWS

I'm not going to go into detail for the actual registration of services, but you need a credit / debit card, a valid e-mail address and a phone(!). It takes a while to get all of it done / activated, and there are several services you can use, but for now only EC2 needs configuring.

There are several pieces of information that are required to manage your instances and they are configured / obtained in the Security Credentials section of your Amazon account. You will need to create and write down / save:

Install Firefox / Elasticfox

If you don't use Firefox then please download the latest version. Because Amazon haven't maintained Elasticfox for quite some time I no longer use the official one, instead I recommend you install this enhancement of Elasticfox which is a simple and bug free tool to manage all things AWS. To add it to Firefox:

Configure Elastic Fox

Launch Elasticfox by opening Firefox and selecting Tools -> Elasticfox - N.B. it is not under the Ad-ons section, it has it's own button. You should be prompted to enter your AWS credentials. You can enter new details or modify existing ones by clicking on the "Credentials" button in the top centre of the Elasticfox window:

You now need to create a Key Pair:

Download PuTTY / PuTTYgen (Windows only)

To manage your instance you will need and SSH tool and for Windows systems that basically means PuTTY, so please grab a copy, it's free (and legal in most countries - please check yours!).

The Key Pair file that you created earlier (mykey.pem) is sadly not compatible with PuTTY, but it does have a tool to convert it into a usable format called PuTTYgen. Download this too, run it, load in your key file (you might need to select "All Files" under the "Files of Type" dropdown) and press Generate. Save this new key (mykey.ppk) with your original (mykey.pem) - don't delete either!

Configure Elasticfox SSH

Launch Elasticfox and visit the Tools panel in the top right of the Elasticfox window.

Windows

Update the following:

Linux / OSX

Update the following:

Choose a Region and Availability Zone

These should be a reasonably easy choice, but still one that needs making. There are currently 15 main regions each with several availability zones:

Now, if you were using this in an enterprise environment you would probably want multiple servers in at least two of these regions so that if one malfunctioned the other could take over sole operation. However, given we are interested in a single server set up for now, it's best just to choose a region / zone nearest to you / your audience and stick with it. In Elasticfox just choose your option from the top left drop down menu.

Define Security Group(s)

A Security Group is a set of rules applied to an instance defining what ports are available to who. In general this boils down to 5 options per port, it is either: closed, open to the internal Amazon network, open to an IP of your choice, open to everyone or open to a combination of the last 3 options. It is easiest to understand with a couple of examples:

  1. Apache (the web-server) allows people to view web pages on port 80 (http://) or port 443 (https://) by default. It is likely that you want both of these options available to everybody, so you would set unrestricted access (0.0.0.0/0) to these two ports.
  2. SSH (the secure shell) allows you to connect to your server to manage it directly on port 22 by default. It is likely that you want this option only available to you on your IP only, so you would restrict access to only your IP address (18.232.99.123/32) on this port
  3. If you had a separate MySQL database server it would accept requests on port 3306 by default. You would need to let your web-server connect to it, but in this instance it would be wise to restrict access to only internal cloud machines (10.0.0.0/8). You could also allow your IP (18.232.99.123/32) direct access or of course allow everyone (0.0.0.0/0) if you had a non-cloud based server requiring access.

You only need one security group, but as mentioned previously there may come a time when you would like to separate your server into different parts. So I created 5 security groups which would allow a combo server set up (add all 5 groups) or individualised servers (with only the necessary groups added). My groups were:

Web-server

Protocol From Port / ICMP Type To Port / ICMP Code Source User: Group Source CIDR
tcp 80 80 0.0.0.0/0
tcp 443 443 0.0.0.0/0

Database Server

Protocol From Port / ICMP Type To Port / ICMP Code Source User: Group Source CIDR
tcp 3306 3306 10.0.0.0/8

E-mail Server

Protocol From Port / ICMP Type To Port / ICMP Code Source User: Group Source CIDR
tcp 25 25 0.0.0.0/0
tcp 110 110 0.0.0.0/0
tcp 143 143 0.0.0.0/0
tcp 465 465 0.0.0.0/0
tcp 993 993 0.0.0.0/0
tcp 995 995 0.0.0.0/0

SSH / SFTP / RDP

Protocol From Port / ICMP Type To Port / ICMP Code Source User: Group Source CIDR
tcp 22 22 18.232.99.123/32
tcp 3389 3389 18.232.99.123/32

FTP (optional)

Protocol From Port / ICMP Type To Port / ICMP Code Source User: Group Source CIDR
tcp 21 22 18.232.99.123/32

You can then load these in any combination you like to create servers fit for most purposes.

Assign and Whitelist an Elastic IP

Your machine will need an ip address (X.X.X.X) so that you can configure your zone files and point your domain to it. This is very easy to do in Elasticfox:

Until relatively recently Amazon had real trouble with ip blacklisting (especially bad for e-mails), but they now have a process in place which whitelists a new IP for you within a few days. For this to happen you need to fill out a use case request form to remove sending restrictions. It only takes a minute or two to inform them of your intentions and get your IP whitelisted.

Choose an Instance Size and AMI file

Before you can launch an instance you must first decide which type you need, there are many available and all have different costs associated with them so it's best not to be greedy! One key matter to consider is that some are 32 bit and some are 64 bit. This will dictate which AMI you choose to run.

Once you have made your choice you can visit Ubuntu's AMI list and choose the right one for you. Choose the correct (either 64 bit or 32 bit) EBS backed version for your chosen region and copy the AMI reference down.

Launch an AMI

Launching an AMI file is quite straightforward. In Elasticfox:

Associate your Elastic IP

Connect to your Instance

You should now see a terminal window open and be logged in to your server!

Download this guide

To make this guide more useful I've added a feature to allow you to save it offline in a simple HTML format. If you have not customised this guide to your own values you may wish to do so here before you download it. There are a few options here:

Guide contents

  1. Hosting a website on Amazon EC2 - The goals and assumptions of this guide
  2. Preparing required tools - Create an AWS account, configure Elastic Fox and add an SSH tool
  3. Customise this guide - Allow all commands to be tailored to you (optional)
  4. Core software installation - Install some common software to the server image
  5. Depending upon your chosen configuration there is a choice here:
    1. Create and attach new EBS volumes - New server that you may want to split in future
    2. Attach existing EBS volumes - If you have used this guide before and have EBS volumes
    3. No attached EBS volumes - If you are not using the cloud or don't want to use them
  6. Depending upon your chosen configuration there is another choice here:
    1. Software Configuration - Set up the system to work as a multi-function server (from 5a or 5c)
    2. Software Configuration from existing EBS volumes - Use settings from EBS volumes (from 5b)
  7. Backing up and clean up - Configure Crons, log rotation etc