Category: Amazon

            • Convert from instance store to EBS 
              Convert from instance store to EBS

One client that was running a older EC2 instance was using instance store.
              From my point of view the only benefit for instance store is that it has
              better IO..though if you build a RAID using several EBS volumes.
              Anyway steps are : 

1. create 1 EBS volume
2. attach this volume to your EC2 instance store 

3. format it as ext3
mkfs.ext3 /dev/sdf

4. mount it
mkdir /mnt/ebs
mount /dev/sdf /mnt/ebs

5. sync the instance with the volume
rsync -avHx / /mnt/ebs
rsync -avHx /dev /mnt/ebs

(you can edit /mnt/ebs/fstab and delete the reference towards the /mnt partition)

6. sync && umount /mnt/ebs

7. create a snapshot of that volume

8. register the ami based on that snapshot
              ec2-register -s snap-ID -name "EBS instance" -description "EBS instance" -architecture i386
               -ramdisk ari-d23cd6bb -kernel aki-c43cd6ad

As a result it should show something like:

IMAGE   ami-newID
              

              Tags: , , , , , 
               Posted in Amazon, Cloud Computing |   No Comments »
              
			
              
	
					
              • 

		
	


		
            • 
			
              
			Amazon IAM – Identity and Access Management


				
              
				
              I found out about IAM (Identity and Access Management) these days while I was searching for a way not to give my email/pass for my AWS account. Seems that IAM is pretty easy to use:
              

              1. You add a group where you define the rights. Here you can select either one or multiple of the default values (Administrator full access, Read only, EC2 full access, EC2 read only…etc) or you can even define custom policies by adding the rules in the Custom profile page. I’ve selected the default EC2 full access that looks like :
              

              {
              
"Statement": [
              
{
              
"Action": "ec2:*",
              
"Effect": "Allow",
              
"Resource": "*"
              
},
              
{
              
"Effect": "Allow",
              
"Action": "elasticloadbalancing:*",
              
"Resource": "*"
              
},
              
{
              
"Effect": "Allow",
              
"Action": "cloudwatch:*",
              
"Resource": "*"
              
},
              
{
              
"Effect": "Allow",
              
"Action": "autoscaling:*",
              
"Resource": "*"
              
}
              
]
              
}
              

              2. Once the group is defined next step is to add users to this group.  Once the user name is defined a Access Key Id and Secret Access Key will be generated. Also here you need to define a password for the newly created account.
              

              3. Final step is to test this by accessing a URL like : https://xxxxxxxxx.signin.aws.amazon.com/console where xxxxxxxxx AWS account ID (you find that in your “Security credentials” page)
              

               
              

              Tags: , , , , , 
               Posted in Amazon, Cloud Computing |   No Comments »
              
			
              
	
					
              • 

		
	


		
            • 
			
              
			Using Passive FTP on Amazon EC2


				
              
				
              Installing proftpd on an amazon ec2 instance is not rocket since, but after installing you need to configure it to work correct.Because amazon ec2 instances use an internal IP address as their ethernet interface address, proftpd needs to be configured for passive FTP.
              

              First, you need to apply for an Elastic IP address which you will allocate to your instance. This will be the IP address that will be show to the world.
              

              Second step is to configure the firewall properly for that instance. Go to the “Security group” assigned to the instance and add the following rules:
              

              * Connection Method: Custom
              
* Protocol: TCP
              
* From Port: 20
              
* To Port: 21
              
* Source (IP or group): 0.0.0.0/0 (that is, if you want to permit to the whole internet to access your ftp server; if not, replace this with the IP address or class that you want to give access to your ftp server)
              

              We need to add another rule for the passive ports that will be used by proftpd:
              

              * Connection Method: Custom
              
* Protocol: TCP
              
* From Port: 49152
              
* To Port: 65535
              
* Source (IP or group): 0.0.0.0/0
              

              Now, go to your machine end edit /etc/proftpd/proftpd.conf and add the following lines:
              

              PassivePorts 49152 65535
              

              MasqueradeAddress  your_elastic_ip_address
              

              Restart proftpd and enjoy:
              

              /etc/init.d/proftpd restart
              

              For Vsftpd configuration is slightly different. You need to edit vsftpd.conf and make sure that you add these lines:
              

              pasv_min_port=1024
              
pasv_max_port=1080
              
pasv_address=elastic IP
              

              Range 1024-1080 or whatever other range needs to be added in the Security group, same way we did for Proftpd. Then run: /etc/init.d/vsftpd restart
              

              Tags: , , , , , , 
               Posted in Amazon, Cloud Computing |   No Comments »
              
			
              
	
					
              • 

		
	


		
            • 
			
              
			Getting Client.InvalidKeyPair.NotFound


				
              
				
              When running the running ec2-run-instances command, I received the following error:
              

              Client.InvalidKeyPair.NotFound: The key pair ‘.ssh/campusfork’ does not exist
              

              Seems that the EC2_KEYPAIR_NAME system variable was set incorrectly. You can find the correct value using the ec2-describe-keypairs command. Here is an example of its use:
              

              [amazon@shifu ~]$ ec2-describe-keypairs
              
KEYPAIR cf-host01-keypair01     34:ce:19:bb:48:d9:3a:6f:36:c1:04:f8:ae:d6:97:ba:ae:1f:81:a2
              
KEYPAIR campusfork      5f:ca:32:07:07:f3:15:ef:f9:a0:0c:64:b4:30:a2:be:67:a1:8a:75
              

              So the correct value is campusfork not the filename.
              

              Tags: , 
               Posted in Amazon |   No Comments »
              
			
              
	
					
              • 

		
	


		
            • 
			
              
			“Service error: The AWS Access Key Id needs a subscription for the service”


				
              
				
              While trying to create a RDS security group that error appears. Seems like you need to go on http://aws.amazon.com then go to the Console management and Sign Up for using RDS.
              

              Tags: , , 
               Posted in Amazon, Cloud Computing |   No Comments »
              
			
              
	
					
              • 

		
	


		
            • 
			
              
			Clone an EC2 instance


				
              
				
              These days Amazon sent me an email saying that the a instance that I’m using is on a server that is
              
failing. To clone I had to:
              

              1. Install ec2-api-tools from http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip on the failing instance
              
2. Install Java from http://javadl.sun.com/webapps/download/AutoDL?BundleId=39484 (I’m using a small instance)
              
3. Set .bashrc as follows:
              

              export EC2_HOME=~/ec2
              
export PATH=$PATH:$EC2_HOME/bin
              
export EC2_PRIVATE_KEY=$EC2_HOME/pk.pem
              
export EC2_CERT=$EC2_HOME/cert.pem
              
export JAVA_HOME=/usr

              

              Run : 
              

              source /root/.bashrc
              

              4. Create a directory for the bundled files (/mnt/myimage in my case)
              
5. Bundle the actual instance using:
              

              ec2-bundle-vol –cert ec2/cert.pem –privatekey ec2/pk.pem -s 2048 -u Your_AWS_Account_ID -d /mnt/myimage/

              

              -u : AWS Account ID is taken from AWS page Security Credentials, e.g: 1234-5678-9012-3456. Make sure to skip the “-” when using it.
              
-s : size of the image
              
-d : directory from step 4
              

              6. Upload the files to a S3 account using:
              

              ec2-upload-bundle -a access_key -s secret_key -b bucket_name  –manifest /mnt/myimage/image.manifest.xml
              

              -a : access_key from Security Credentials page
              
-s : secret_key from Security Credentials page
              
-b : bucket name
              
–manifest : name of the manifest file
              

              7. Register the AMI by going to your AWS EC2 console->AMI->Images->Register new AMI and enter:
              
bucket_name/image.manifest.xml
              
8. Create a new EC2 instance by using the newly registered AMI
              

              Note that you will need the [pk,cert].pem files too.
              

              Tags: , , , , 
               Posted in Amazon, Cloud Computing |   No Comments »
              
			
              
	
					
              •