I found out about IAM (Identity and Access Management) these days while I was searching for a way not to give my email/pass for my AWS account. Seems that IAM is pretty easy to use:
1. You add a group where you define the rights. Here you can select either one or multiple of the default values (Administrator full access, Read only, EC2 full access, EC2 read only…etc) or you can even define custom policies by adding the rules in the Custom profile page. I’ve selected the default EC2 full access that looks like :
2. Once the group is defined next step is to add users to this group. Once the user name is defined a Access Key Id and Secret Access Key will be generated. Also here you need to define a password for the newly created account.
3. Final step is to test this by accessing a URL like : https://xxxxxxxxx.signin.aws.amazon.com/console where xxxxxxxxx AWS account ID (you find that in your “Security credentials” page)
Installing proftpd on an amazon ec2 instance is not rocket since, but after installing you need to configure it to work correct.Because amazon ec2 instances use an internal IP address as their ethernet interface address, proftpd needs to be configured for passive FTP.
First, you need to apply for an Elastic IP address which you will allocate to your instance. This will be the IP address that will be show to the world.
Second step is to configure the firewall properly for that instance. Go to the “Security group” assigned to the instance and add the following rules:
* Connection Method: Custom
* Protocol: TCP
* From Port: 20
* To Port: 21
* Source (IP or group): 0.0.0.0/0 (that is, if you want to permit to the whole internet to access your ftp server; if not, replace this with the IP address or class that you want to give access to your ftp server)
We need to add another rule for the passive ports that will be used by proftpd:
* Connection Method: Custom
* Protocol: TCP
* From Port: 49152
* To Port: 65535
* Source (IP or group): 0.0.0.0/0
Now, go to your machine end edit /etc/proftpd/proftpd.conf and add the following lines:
PassivePorts 49152 65535
Restart proftpd and enjoy:
For Vsftpd configuration is slightly different. You need to edit vsftpd.conf and make sure that you add these lines:
Range 1024-1080 or whatever other range needs to be added in the Security group, same way we did for Proftpd. Then run: /etc/init.d/vsftpd restart
When running the running ec2-run-instances command, I received the following error:
Client.InvalidKeyPair.NotFound: The key pair ‘.ssh/campusfork’ does not exist
Seems that the EC2_KEYPAIR_NAME system variable was set incorrectly. You can find the correct value using the ec2-describe-keypairs command. Here is an example of its use:
[amazon@shifu ~]$ ec2-describe-keypairs
KEYPAIR cf-host01-keypair01 34:ce:19:bb:48:d9:3a:6f:36:c1:04:f8:ae:d6:97:ba:ae:1f:81:a2
KEYPAIR campusfork 5f:ca:32:07:07:f3:15:ef:f9:a0:0c:64:b4:30:a2:be:67:a1:8a:75
So the correct value is campusfork not the filename.
While trying to create a RDS security group that error appears. Seems like you need to go on http://aws.amazon.com then go to the Console management and Sign Up for using RDS.
These days Amazon sent me an email saying that the a instance that I’m using is on a server that is
failing. To clone I had to:
1. Install ec2-api-tools from http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip on the failing instance
2. Install Java from http://javadl.sun.com/webapps/download/AutoDL?BundleId=39484 (I’m using a small instance)
3. Set .bashrc as follows:
4. Create a directory for the bundled files (/mnt/myimage in my case)
5. Bundle the actual instance using:
ec2-bundle-vol –cert ec2/cert.pem –privatekey ec2/pk.pem -s 2048 -u Your_AWS_Account_ID -d /mnt/myimage/
-u : AWS Account ID is taken from AWS page Security Credentials, e.g: 1234-5678-9012-3456. Make sure to skip the “-” when using it.
-s : size of the image
-d : directory from step 4
6. Upload the files to a S3 account using:
ec2-upload-bundle -a access_key -s secret_key -b bucket_name –manifest /mnt/myimage/image.manifest.xml
-a : access_key from Security Credentials page
-s : secret_key from Security Credentials page
-b : bucket name
–manifest : name of the manifest file
7. Register the AMI by going to your AWS EC2 console->AMI->Images->Register new AMI and enter:
8. Create a new EC2 instance by using the newly registered AMI
Note that you will need the [pk,cert].pem files too.