User:Gholms/EC2 Primer

From FedoraProject

< User:Gholms
Revision as of 07:08, 11 October 2011 by Gholms (Talk | contribs)

Jump to: navigation, search

Amazon Web Services (AWS) comprise a public cloud, a collection of computing services that allows one to run services and virtual machines over the Internet on Amazon's computer infrastructure. Fedora publishes system images for AWS's virtual machine platform, Amazon Elastic Compute Cloud (EC2), which allows people to create Fedora virtual machines in the cloud with very little effort. The objective of this primer is to familiarize the reader with EC2's terminology and functionality. For more detailed documentation, see the AWS website.

Contents

EC2 Concepts

To use EC2 one needs to understand several bits of terminology.

Accounts

To use AWS you need to create an online account. You can do this by going to the AWS web site, clicking on "Create an AWS Account", and following the instructions.

AWS is designed as a pay-as-you-go online service. Much of EC2 is free for new users; the rest is available for per-hour or per-month fees that are detailed on the EC2 Website. As such, Amazon requests a credit card number to keep on file with your new account.

Idea.png
Resources for test days
The Fedora Cloud SIG may provide sponsored accounts or financial reimbursement for EC2 test days.

Regions and Availability Zones

Amazon hosts datacenters many parts of the world. Those from a particular part of the world make up a region. Regions' names are based on their locations, such as in us-east-1.

Regions are broken into availability zones. Distributing a web application amongst several availability zones can help improve its reliability if an availability zone has problems. Availability zones' names are based on the regions in which they reside, such as us-east-1a.

Images and Instances

A machine image is a snapshot of a Fedora installation that provides the basis for a virtual machine in EC2. When running a new virtual machine in EC2 you choose a machine image to use as a template. The new virtual machine is then an instance of that machine image that contains its own copy of everything in the image. This copy, called instance storage, lasts for the lifetime of the instance and is destroyed when the instance is terminated (i.e. destroyed).

You can create multiple instances of a single image. Each instance will be independent of the others.

Machine images have identifiers that begin with the letters ami, such as ami-6ebe4507. Instances have identifiers that begin with the letter i, such as i-12459dbd.

Machine images in EC2 are sometimes referred to as AMIs.

Security Groups

A security group defines firewall rules for your instances. These rules specify which incoming network traffic should be delivered to an instance (e.g., accept web traffic on port 80 or SSH traffic on port 22). All other traffic is ignored. You can modify the rules for a group at any time.

Every instance runs inside of a security group. You can create your own security groups, or you can use the default security group that EC2 provides for you. When you run a new instance it will run in the default security group unless you choose a different one.

Elastic Block Storage (EBS)

Volumes

A typical instance does not have a large amount of disk space. In addition, instance storage does not persist past the lifetime of an instance. Elastic block volumes are designed to solve this problem by allowing one to request disk space of arbitrary sizes and then attach them to instances. Think of a volume as a disk that you can attach and detach from instances just as one would attach and detach a USB drive from regular computers.

An EBS volume is not normally destroyed when the instance to which it is attached terminates. For this reason, EBS volumes are appropriate for storing important data or data that may need to move from one instance to another.

EBS volumes can also be quite large, so it is wise to put any data of significant size on them to prevent instances' limited instance storage from filling up.

EBS volumes have identifiers that begin with vol, such as vol-ffe93704.

Snapshots

Volume snapshots allow one to create backup copies of EBS volumes. These snapshots can then be used to re-create volumes. Snapshots provide a convenient way of making backups of important data in the cloud. They are also a convenient way to make an independent copy of a set of data for a number of instances.

EBS snapshots have identifiers that begin with snap, such as snap-773491a0.

Keypairs

A keypair is a pair of SSH keys that you can use to log into EC2 instances after they are running, just as you can use them to log into regular computers. EC2 makes the public key from a keypair available to instances so you can use the private key to log in with ssh.

Getting Started with Fedora on EC2

Getting account details

You can begin using Fedora on EC2 once you have an EC2 account. If you do not yet have one, go to the AWS web site to create one.

One can interact with EC2 through either a web-based management console or via euca2ools, a suite of command line tools designed for services like EC2. This document focuses on the command line tools.

To using the command line tools you first need to obtain access keys for your account. You can find them by going to the AWS management console on the web, clicking your name on the top, followed by Security Credentials, and scrolling down to the section titled Access Credentials. Make note of the Access Key ID and the Secret Access Key that appears beside it. Both of them should be long sets of alphanumeric characters. Create a file called .iamrc in your home directory that contains those keys in this format:

AWSAccessKeyId=your_access_key_id
AWSSecretKey=your_secret_key

Since euca2ools is designed to work with all AWS-compatible clouds, not just AWS itself, it needs to know which cloud to contact. Create a file called .eucarc in your home directory with the following content to point it toward AWS:

export AWS_CREDENTIAL_FILE=~/.iamrc
export EC2_URL=https://ec2.amazonaws.com/
export S3_URL=https://s3.amazonaws.com/
export EUARE_URL=https://iam.amazonaws.com/

source "$AWS_CREDENTIAL_FILE"
export EC2_ACCESS_KEY=$AWSAccessKeyId
export EC2_SECRET_KEY=$AWSSecretKey
export AWS_ACCESS_KEY=$AWSAccessKeyId
export AWS_SECRET_ACCESS_KEY=$AWSSecretKey
Finally, add these settings to your shell's environment by running:
source ~/.eucarc

Initial Setup

Install the Command Line Tools

Install the euca2ools package. To do so with yum, run:
yum install euca2ools

Choose a Region

Choose an EC2 region to use. Things to consider when choosing a region include how geographically close it is to you, the pricing for instances in that region, and whether the image you wish to use is available in that region. You can get a list of regions by running euca-describe-regions, which results in a list such as this:

REGION  eu-west-1       ec2.eu-west-1.amazonaws.com
REGION  us-east-1       ec2.us-east-1.amazonaws.com
REGION  ap-northeast-1  ec2.ap-northeast-1.amazonaws.com
REGION  us-west-1       ec2.us-west-1.amazonaws.com
REGION  ap-southeast-1  ec2.ap-southeast-1.amazonaws.com
When you choose an EC2 region you can make euca2ools start using it by editing the line that contains EC2_URL in your .eucarc file:
export EC2_URL=https://ec2.us-east-1.amazonaws.com/

Create a Keypair

Set up a Security Group

Run an Instance

Choose an Image

Run an Instance

Terminate the Instance

Using EBS

Creating and Deleting Volumes

Using Volumes

Using Snapshots