Richard's Diary

Thursday, January 8, 2009

Amazon Hosting Setup

Create AWS account and enable S3 and EC2 services
Create ec2 directory locally
1. create X.509 certificate and place files with keys in ec2 directory. Make sure private key is only readable by owner
2. install ec2 API scripts in directory and set environment variables for keys' path, ec2 home and add ec2 binary to PATH
create keypair (ec2-add-keypair gsg-keypair) so that my instance can only be launched by me. copy private key (22 lines) to a owner readonly file in directory where one usually runs ec2-run-instances
ec2dim -o amazon to find all Amazon owned images as a starting point
ec2-run-instances ami-5647a33f -k gsg-keypair
RESERVATION r-141eb67d 122430389923 default
INSTANCE i-34f4735d ami-b44bafdd pending gsg-keypair 0 m1.small 2009-01-09T04:54:59+0000 us-east-1a aki-a71cf9ce ari-a51cf9cc
ec2din i-34f4735d
RESERVATION r-141eb67d 122430389923 default
INSTANCE i-34f4735d ami-b44bafdd ec2-67-202-59-192.compute-1.amazonaws.com domU-12-31-39-02-5D-93.compute-1.internal running gsg-keypair 0 m1.small 2009-01-09T04:54:59+0000 us-east-1a aki-a71cf9ce ari-a51cf9cc
Configure firewall by setting up groups
ec2-authorize default -p 22
ec2-authorize default -p 80
ssh -i id_rsa-gsg-keypair root@ec2-67-202-59-192.compute-1.amazonaws.com or use https://console.aws.amazon.com/
Made an edit to file and saw it show up immediately in http://ec2-67-202-59-192.compute-1.amazonaws.com/
shutdown -h now terminates the instance

The access key and secret access key are for accessing S3
The X.509 certificate/pem keys are for the SOAP calls
The RSA key pair is for logging into the root account of instance. Rather than have a default login, you would create a key pair anyway after logging in. You can create different pairs for different server types but all servers of a given tier would have the same login which is how you would administer in real life.