Getting Started with AWS and Amazon EC2

Exclusive offer: get 50% off this eBook here
Amazon Web Services: Migrating your .NET Enterprise Application

Amazon Web Services: Migrating your .NET Enterprise Application — Save 50%

Evaluate your Cloud requirements and successfully migrate your .NET Enterprise Application to the Amazon Web Services Platform using this book and eBook

€20.99    €10.50
by Rob Linton | July 2011 | Enterprise Articles

Amazon Web Services is an Infrastructure as a Service (IaaS) platform in the Cloud, which businesses can take advantage of as their needs demand. The Amazon Cloud provides the enterprise with the flexibility to choose whichever solution is required to solve specific problems, ultimately reducing costs by only paying for what you use.

In this article by Rob Linton, author of Amazon Web Services: Migrate your .NET Enterprise Application to the Amazon Cloud: RAW, we show how to set up an AWS account and start an EC2 instance. We will also take a look at the creation of AMI images that we will use.

 

Amazon Web Services: Migrate your .NET Enterprise Application to the Amazon Cloud

Amazon Web Services: Migrate your .NET Enterprise Application to the Amazon Cloud

Evaluate your Cloud requirements and successfully migrate your Enterprise .NET application to the Amazon Web Services Platform with this book and eBook

        Read more about this book      

(For more resources on this subject, see here.)

Creating your first AWS account

Well, here you are, ready to log in; create your first AWS account and get started!

AWS lives at http://aws.amazon.com, so browse to this location and you will be greeted with the Amazon Web Services home page. From November 1st, 2010, Amazon has provided a free usage tier, which is currently displayed prominently on the front page.

Getting Started with AWS and Amazon EC2

So, to get started click on the Sign Up Now button. You will be prompted with the Web Services Sign In screen. Enter the e-mail address that you would like to be associated with your AWS account and select I am a new user. When you have entered your e-mail address, click on the Sign in using our secure server button.

Getting Started with AWS and Amazon EC2

Multi-factor authentication

One of the things worth noting about this sign in screen is the Learn more comment at the bottom of the page, which mentions multi-factor authentication. Multi-factor authentication can be useful where organizations are required to use a more secure form of remote access. If you would like to secure your AWS account using multi-factor authentication this is now an option with AWS.

To enable this, you will need to continue and create your AWS account. After your account has been created, go to the following address http://aws.amazon.com/ mfa/#get_device and follow the instructions for purchasing a device:

Getting Started with AWS and Amazon EC2

Once you have the device in hand, you'll need to log in again to enable it:

Getting Started with AWS and Amazon EC2

You will then be prompted with the extra dialog when signing in:

Getting Started with AWS and Amazon EC2

Registration and privacy details

Once you have clicked on the Sign in using our secure server button, you will be presented with the registration screen. Enter your full name and password that you would like to use:

Getting Started with AWS and Amazon EC2

Note the link to the Privacy Notice at the bottom of the screen. You should be aware that the privacy notice is the same privacy notice used for the Amazon.com bookstore and website, which essentially means that any information you provide to Amazon through AWS may be correlated to purchases made on the Amazon bookstore and website.

(Move the mouse over the image to enlarge it.)

Fill out your contact details, agree to the AWS Customer Agreement, and complete the Security Check at the bottom of the form:

Getting Started with AWS and Amazon EC2

If you are successful, you will be presented with the following result:

Getting Started with AWS and Amazon EC2

AWS customer agreement

Please note that the AWS Customer agreement is worth reading, with the full version located at http://aws.amazon.com/agreement. The agreement covers a lot of ground, but a couple of sections that are worth noting are:

Section 10.2 – Your Applications, Data, and Content

This section specifically states that you are the intellectual property and proprietary rights owner of all data and applications running under this account. However, the same section specifically gives the right to Amazon to hand over your data to a regulatory body, or to provide your data at the request of a court order or subpoena.

Section 14.2 – Governing Law

This section states that by agreeing to this agreement, you are bound by the laws of the State of Washington, USA, which—read in conjunction with section 10.2— suggests that any actions that fall out of section 10.2 will be initiated from within the State of Washington.

Section 11.2 – Applications and Content

This section may concern some users as it warrants that you (as the AWS user) are solely responsible for the content and security of any data and applications running under your account. I advise that you seek advice from your company's legal department prior to creating an account, which will be used for your enterprise.

Amazon Web Services: Migrating your .NET Enterprise Application Evaluate your Cloud requirements and successfully migrate your .NET Enterprise Application to the Amazon Web Services Platform using this book and eBook
Published: July 2011
eBook Price: €20.99
Book Price: €34.99
See more
Select your format and quantity:
        Read more about this book      

(For more resources on this subject, see here.)

Starting an EC2 instance

Before we start our very first instance, we are going to create a security group that you will use to secure your instance. The security groups that your instance is a part of cannot be changed after your instance is started, so we will need to create this first.

Creating a security group

  1. To create a basic security group, click on the Security Groups link in the left-hand Navigation pane, and then click on the Create Security Group button in the toolbar of the Security Groups pane on the right, then enter a Name and a Description.

    (Move the mouse over the image to enlarge it.)

  2. For your first security group, we will be creating a group whose sole purpose is to secure communications from your enterprise, directly to AWS. Type in "migrate_to_aws" as the Security Group Name and "Secure endpoint connection" as the Description. To find your enterprise's external IP address, you will need to either talk to your network administrator, or alternatively you can use an external service such as http://whatismyipaddress.com/ to determine what IP address is seen by the external web services.
  3. Once you have determined your external IP address, create an RDP entry using this IP address as a Source IP. Make sure to specify /32 after the IP to indicate that only this specific IP is allowed:

    (Move the mouse over the image to enlarge it.)

  4. This new setting will only allow traffic for the source IP at the location you are currently at. If you need to RDP in from another location, you'll need to add those IPs to the "migrate_to_aws" security group.

Starting the EC2 instance

  1. To start your very first EC2 instance, click on the EC2 Dashboard link in the left navigation page and then click on the Launch Instance button in the middle of the screen. This will launch the Request Instances Wizard:

    (Move the mouse over the image to enlarge it.)

  2. Scroll down to the bottom of the Quick Start tab and you will see an instance called Microsoft Windows Server 2008 R2 Base. This is the instance that will be used for most of the servers in our sample application stack. Choose the Select button next to the image to continue.
  3. The Amazon Machine Images (AMIs) listed in this dialog are all created by Amazon and are base images that your new server will be based on. After selecting your base image you will be prompted with the Availability Zone and the Instance Type:

    (Move the mouse over the image to enlarge it.)

  4. In this case, I have selected the us-east-1a Availability Zone, which is the first availability zone in the US Standard or US East region. I have also selected a Micro instance, which is the smallest instance that you can provision in AWS. Click on Continue. In the next dialog after selecting Enable CloudWatch detailed monitoring for this instance, click on Continue:

    (Move the mouse over the image to enlarge it.)

  5. The next dialog enables you to choose an optional name for your server. I recommend that you fill out the name box with the role of the instance so you can easily distinguish these servers from one another:

    (Move the mouse over the image to enlarge it.)

  6. In this case, we have named our server Web Server 01. Click on Continue and you will be requested to either Choose from your existing Key Pairs or to Create a new Key Pair. Because this is the first time we have created an instance on EC2, we will need to create a new key pair:

    (Move the mouse over the image to enlarge it.)

  7. The key pair is a public/private key used to secure access to your new EC2 instances as they are created. When you create a new key pair, the public key is kept up in AWS, but your private key is downloaded only once, at the time of creation. It is up to you to keep your private key secure. Make sure your pop-up blocker is turned off before this step or there might be issues with the key download.

    We will see how the key pairs are used when we try to log on to our new EC2 instance.

  8. Enter a name for your key pair and click on the Create & Download your Key Pair link in the dialog. You will be prompted to save your private key locally on your hard disk.
  9. Once you have saved your key pair you will be prompted to select a security group for your new instance:

    (Move the mouse over the image to enlarge it.)

  10. Select the security group that was created earlier (migrate_to_aws_secure) and click on Continue as shown in the previous screenshot. You are now ready to launch your first AWS EC2 instance!

    (Move the mouse over the image to enlarge it.)

  11. Your instance will take a while to launch, so be patient, but usually an instance is up and running in just a few minutes. Once the instance is up and running, you can view your instances by selecting the Instances link in the Navigation pane of the AWS Console. This is what your instance will look like when you click on the instance (in this case called Web Server 01):

    (Move the mouse over the image to enlarge it.)

Accessing your EC2 instance

  1. Now that our instance has started, to access it we will need to determine its administrator password. When our instance started, AWS created a temporary password, encrypted it with our public key and stored it in the system log for our running instance. To get the administrator password, we will need to get the encrypted version from the log and decrypt it. Luckily, AWS makes this easy for us.

    The system log can take up to 15 minutes to be available after your instance has started, so be patient.

  2. To decrypt it, right-click on the running instance and select Get Windows Admin Password:

    (Move the mouse over the image to enlarge it.)

  3. You will be prompted with the following dialog in which the Encrypted Password has been retrieved from the instance's system log and displayed along with the option to input our Private Key:

    Getting Started with AWS and Amazon EC2

  4. Open up the private key that you downloaded earlier and cut and paste it into the dialog, as shown in the previous screenshot. Make sure you include all the text in your private key file. Click on the Decrypt Password button and you will be presented with the administrator password for your running instance:

    Getting Started with AWS and Amazon EC2

  5. If the Internet Explorer prompts you to "Stop running this script", click on No until the decrypted password appears.
  6. At this point, you now have all of the three items required to RDP to your running instance.
    • An administrator username (Administrator)
    • The Administrator password
    • The Public IP address

    When you RDP to your running EC2 instance, make sure you use the Public DNS entry displayed, not the Private IP address.

So congratulations!

You have just started your first Amazon EC2 instance and hopefully logged onto it.

Amazon Web Services: Migrating your .NET Enterprise Application Evaluate your Cloud requirements and successfully migrate your .NET Enterprise Application to the Amazon Web Services Platform using this book and eBook
Published: July 2011
eBook Price: €20.99
Book Price: €34.99
See more
Select your format and quantity:
        Read more about this book      

(For more resources on subject, see here.)

Configuring your instance

  1. Now that you have started and logged into your first EC2 instance, run Microsoft update on this instance and install your preferred virus checkers.

    We won't go into detail on this as I assume that you will have existing knowledge of how to install and configure these items.

  2. Once you have updated your instance and installed your virus checkers, we are going to bundle your running instance and use it as a copy for our other instances.
  3. To do this is a two-step process:
    • Step one is to Sysprep your image from within Microsoft Windows
    • Step two is to run the Amazon Bundle command
  4. To run Sysprep on your running instance, go to the Start menu and run the EC2 Config Service application. This application has been pre-installed on to your running image and is similar to VMware Tools, in that, it allows you to configure certain behaviors for EC2 from within the running EC2 image.

    Getting Started with AWS and Amazon EC2

  5. The EC2 Config Service has been provided primarily to configure how your Windows EC2 instance behaves within the EC2 environment. When your instance starts, there are a number of steps that are required to be executed against your EC2 instance on startup.

    Getting Started with AWS and Amazon EC2

    Set Computer Name: When your instance is started, by default EC2 will create a computer name, that is based on your IP address in the following format:

    Ip<hex internal IP>

    This means that it is possible to startup multiple copies of your AMI bundle and ensure that each of them have unique names. It is also a requirement for EC2, as EC2 must also ensure that new instances have unique names. However, it is likely that you do not want a new name allocated to your bundle, if the bundle is for a specific instance. Also, in the case of database servers and some other application servers, changing the name of your server may, in fact, break the current installation of that application or service.
    For our sample application, we will be creating a separate bundle for each of our servers, but for now, leave this checked.
    Initialize Drives: Because we want to control how our instance manages new drives, this checkbox should be deselected. In fact, I recommend that this checkbox always be deselected to ensure that we control this manually.
    Set Password: When new instances are created from a Sysprep bundle, the administrator password needs to be reset to a new random password. This is because Sysprep wipes the original password that was in place prior to the bundle being created. Leave the checkboxes, as shown in the previous screenshot, for the Set Password section of the dialog.
    Event Log: One of the useful things that Amazon provides is the ability to send events from the event log of our Windows instance to the instance system log as displayed by AWS. I recommend that all errors be passed into the system log, and that you select a number greater than 3:

    Getting Started with AWS and Amazon EC2

    Running Sysprep: Now that we have finished the configuration of our new base EC2 instance, it is time to Sysprep it in readiness for creating our new EC2 bundle:

    Getting Started with AWS and Amazon EC2

    The Bundle tab shows the Run Sysprep and Shutdown Now button, which you will use to kick off the process.
    One thing you will notice at this point is the comment referring to time zones in the Sysprep file. This is important to note. The reason for doing a Sysprep on an image is to ensure that the System Identifier (SSID) of the Windows Server is unique. Windows Domain Controller expects these to be different when adding servers to the domain, and it is a good practice to always ensure that these are unique.
    However, the process of doing this to a running server instance removes configuration data, such as time zones and international settings. If you are not proficient at modifying the Sysprep answer file, then I recommend that you modify these settings after creating your EC2 instances from this bundle file.

  6. Clicking on the Run Sysprep and Shutdown Now button will prompt the following dialog box:

    Getting Started with AWS and Amazon EC2

  7. Click on Yes to continue.
    The EC2 base instance will be shut down to a stopped state.

    Remember that our Windows instance is based on an EBS or persistent AMI, so stopping it does not cause it to lose its current state.

  8. In the AWS Management Console, right-click on the instance and select Create Image (EBS AMI) from the pop-up menu. This will begin the second step of the bundling process to create your base AMI bundle:

    (Move the mouse over the image to enlarge it.)

  9. After selecting the menu option, you will be presented with the following dialog:

    Getting Started with AWS and Amazon EC2

  10. Enter an Image Name and Image Description and click on Create This Image.
    Your create image request will now be added to the queue. To see the status of your image request select the AMIs link in the Navigation sidebar, your image status will be shown on the right:

    (Move the mouse over the image to enlarge it.)

Starting new EC2 instances from our base image

  1. Now that we have created our base image, it's time to create our five sample application servers.
  2. To do this, we are going to create new instances in EC2, except this time we will be using our base AMI as the starting AMI, rather than the AMIs which are provided in the Quick Start tab. To find our AMI bundle, select the My AMIs tab:

    (Move the mouse over the image to enlarge it.)

  3. You will see your new AMI bundle listed with its new AMI ID. This AMI ID is unique to your new bundle and can be used to reference your AMI bundle from the command line or when searching for your AMI bundle in the AWS console.
  4. Select 5 as the Number of Instances we would like to start. Make sure you select a specific Availability Zone because if you do not, these instances may be created in different availability zones depending on the resource availability:

    (Move the mouse over the image to enlarge it.)

  5. Use the same security groups and key pairs that you used in the previous example.
  6. Once your new instances are up and running, you will see the following in your AWS console:

    (Move the mouse over the image to enlarge it.)

  7. Note that all of the names are blank because we did not set them when they started up. So select each instance individually and give each one a name as follows:

    You cannot edit a tag by clicking on the tag directly; you will need to click on the Add/Edit Tags.

    (Move the mouse over the image to enlarge it.)

  8. Here we see all of the instances, each named for the services they provide:

    (Move the mouse over the image to enlarge it.)

  9. Now that we have our five basic EC2 instances we are going to use for our sample application, we still need to do some final configuration steps. These are:
    • Retrieve the new Windows password by following the same steps as discussed previously for each instance.
    • Log on to each instance and deselect the Set Computer Name checkbox in the Ec2 Service Properties:

      Getting Started with AWS and Amazon EC2

    • Set the computer name to match our instance tag Name.
    • If you were not confident in setting the time zone and international settings in the Sysprep answer file, then you will need to set these as well on each of the instances.

Saving your new instances as AMIs

Now that you have created the five instances that we will require for our sample application, you will need to create a separate bundled AMI for each instance. By having a saved AMI for each instance, we can change the security groups and also change the machine type that each instance is based on. When you finish, you should have the following AMIs:

(Move the mouse over the image to enlarge it.)

Once your AMIs have been created, terminate your running instances so we can create them again from the command line.

Summary

In this article we set up an actual AWS account and started our first EC2 instance.


Further resources on this subject:


About the Author :


Rob Linton

Rob Linton is the CTO and co-founder of LogicalTech SysTalk, a successful integration company based in Melbourne, Australia. He has been a database professional for the past 15 years, and for the 5 years before that was a spatial information systems professional, making him a data specialist for over 20 years.

He is a certified Security Systems ISO 27001 auditor and more recently has been specializing in cloud data persistence and security. He is a certified DBA and is proficient in both Oracle and Microsoft SQL Server and is a past Vice President of the Oracle User Group in Melbourne, Australia.

In his spare time he enjoys coding in C++ on his MacBook Pro and chasing his kids away from things that break relatively easily

Books From Packt


Amazon SimpleDB Developer Guide
Amazon SimpleDB Developer Guide

Microsoft SQL Azure Enterprise Application Development
Microsoft SQL Azure Enterprise Application Development

Microsoft Azure: Enterprise Application Development
Microsoft Azure: Enterprise Application Development

Oracle GoldenGate 11g Implementer's guide
Oracle GoldenGate 11g Implementer's guide

Oracle Information Integration, Migration, and Consolidation: RAW
Oracle Information Integration, Migration, and Consolidation: RAW

SAP BusinessObjects Dashboards 4.0 Cookbook
SAP BusinessObjects Dashboards 4.0 Cookbook

Microsoft Data Protection Manager 2010
Microsoft Data Protection Manager 2010

Microsoft Visual Studio LightSwitch Business Application Development
Microsoft Visual Studio LightSwitch Business Application Development


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software