Amazon Web Services (AWS) comprise a public cloud, a collection of computing services that allows one to run services and virtual machines over the Internet on Amazon's computer infrastructure. Fedora publishes system images for AWS's virtual machine platform, Amazon Elastic Compute Cloud (EC2), which allows people to create Fedora virtual machines in the cloud with very little effort. The objective of this primer is to familiarize the reader with EC2's terminology and functionality. For more detailed documentation, see the AWS website.
To use EC2 one needs to understand several bits of terminology.
To use AWS you need to create an online account. You can do this by going to the AWS web site, clicking on "Create an AWS Account", and following the instructions.
AWS is designed as a pay-as-you-go online service. Much of EC2 is free for new users; the rest is available for per-hour or per-month fees that are detailed on the EC2 Website. As such, Amazon requests a credit card number to keep on file with your new account.
Regions and Availability Zones
Amazon hosts datacenters many parts of the world. Those from a particular part of the world make up a region. Regions' names are based on their locations, such as in
Regions are broken into availability zones. Distributing a web application amongst several availability zones can help improve its reliability if an availability zone has problems. Availability zones' names are based on the regions in which they reside, such as
Images and Instances
A machine image is a snapshot of a Fedora installation that provides the basis for a virtual machine in EC2. When running a new virtual machine in EC2 you choose a machine image to use as a template. The new virtual machine is then an instance of that machine image that contains its own copy of everything in the image. This copy, called instance storage, lasts for the lifetime of the instance and is destroyed when the instance is terminated (i.e. destroyed).
You can create multiple instances of a single image. Each instance will be independent of the others.
Machine images have identifiers that begin with the letters
ami, such as
ami-6ebe4507. Instances have identifiers that begin with the letter
i, such as
Machine images in EC2 are sometimes referred to as AMIs.
A security group defines firewall rules for your instances. These rules specify which incoming network traffic should be delivered to an instance (e.g., accept web traffic on port 80 or SSH traffic on port 22). All other traffic is ignored. You can modify the rules for a group at any time.
Every instance runs inside of a security group. You can create your own security groups, or you can use the
default security group that EC2 provides for you. When you run a new instance it will run in the
default security group unless you choose a different one.
Elastic Block Storage (EBS)
A typical instance does not have a large amount of disk space. In addition, instance storage does not persist past the lifetime of an instance. Elastic block volumes are designed to solve this problem by allowing one to request disk space of arbitrary sizes and then attach them to instances. Think of a volume as a disk that you can attach and detach from instances just as one would attach and detach a USB drive from regular computers.
An EBS volume is not normally destroyed when the instance to which it is attached terminates. For this reason, EBS volumes are appropriate for storing important data or data that may need to move from one instance to another.
EBS volumes can also be quite large, so it is wise to put any data of significant size on them to prevent instances' limited instance storage from filling up.
EBS volumes have identifiers that begin with
vol, such as
Volume snapshots allow one to create backup copies of EBS volumes. These snapshots can then be used to re-create volumes. Snapshots provide a convenient way of making backups of important data in the cloud. They are also a convenient way to make an independent copy of a set of data for a number of instances.
EBS snapshots have identifiers that begin with
snap, such as
A keypair is a pair of SSH keys that you can use to log into EC2 instances after they are running, just as you can use them to log into regular computers. EC2 makes the public key from a keypair available to instances so you can use the private key to log in with
Getting Started with Fedora on EC2
Getting account details
You can begin using Fedora on EC2 once you have an EC2 account. If you do not yet have one, go to the AWS web site to create one.
One can interact with EC2 through either a web-based management console or via euca2ools, a suite of command line tools designed for services like EC2. This document focuses on the command line tools.
To using the command line tools you first need to obtain access keys for your account. You can find them by going to the AWS management console on the web, clicking your name on the top, followed by
Security Credentials, and scrolling down to the section titled Access Credentials. Make note of the Access Key ID and the Secret Access Key that appears beside it. Both of them should be long sets of alphanumeric characters. Create a file called
.iamrc in your home directory that contains those keys in this format:
Since euca2ools is designed to work with all AWS-compatible clouds, not just AWS itself, it needs to know which cloud to contact. Create a file called
.eucarc in your home directory with the following content to point it toward AWS:
export AWS_CREDENTIAL_FILE=~/.iamrc export EC2_URL=https://ec2.amazonaws.com/ export S3_URL=https://s3.amazonaws.com/ export EUARE_URL=https://iam.amazonaws.com/ source "$AWS_CREDENTIAL_FILE" export EC2_ACCESS_KEY=$AWSAccessKeyId export EC2_SECRET_KEY=$AWSSecretKey export AWS_ACCESS_KEY=$AWSAccessKeyId export AWS_SECRET_ACCESS_KEY=$AWSSecretKeyFinally, add these settings to your shell's environment by running:
Install the Command Line ToolsInstall the euca2ools package. To do so with yum, run:
yum install euca2ools
Choose a Region
Choose an EC2 region to use. Things to consider when choosing a region include how geographically close it is to you, the pricing for instances in that region, and whether the image you wish to use is available in that region. You can get a list of regions by running
euca-describe-regions, which results in a list such as this:
REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.comWhen you choose an EC2 region you can make euca2ools start using it by editing the line that contains