Amazon Elastic Compute Cloud: Getting Started Guide API Version 2011-01-01
Amazon Elastic Compute Cloud: Getting Started Guide API Version 2011-01-01
Table of Contents
Get Started with EC2 ......................................................................................................................................... 1
Sign Up for EC2 .................................................................................................................................................. 2
Launch an Instance ............................................................................................................................................ 3
Connect to Your Linux/UNIX Instance ................................................................................................................. 9
Connect to Your Windows Instance .................................................................................................................. 17
Terminate Your Instance ................................................................................................................................... 20
Where Do I Go from Here? .............................................................................................................................. 21
Please Provide Feedback ................................................................................................................................. 27
About This Guide .............................................................................................................................................. 28
Amazon Elastic Compute Cloud Getting Started Guide
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that enables you to launch and manage
Linux/UNIX and Windows server instances in Amazon's data centers. You can get started with Amazon
EC2 by following the tasks shown in the following diagram. You'll primarily use the AWS Management
Console, a point-and-click web-based interface.
This guide walks you through launching and connecting to your first Amazon EC2 instance.
To use Amazon EC2, you need an AWS account. If you don't already have one, you'll be prompted to
create one when you sign up for Amazon EC2. Signing up for Amazon EC2 also automatically signs you
up for Amazon Simple Storage Service (Amazon S3) and Amazon Virtual Private Cloud (Amazon VPC),
which are closely integrated with Amazon EC2. You're not charged for any of the services unless you
use them.
Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.
Launch an Instance
Now that you're signed up for Amazon EC2, you're ready to launch an instance using the AWS Management
Console.
Important
The instance you're about to launch will be live (and not running in a sandbox). You will incur the
standard Amazon EC2 usage fees for the instance until you terminate it in the last task in this
tutorial. The total charges will be minimal (typically less than a dollar). For more information about
Amazon EC2 usage rates, go to the Amazon EC2 product page.
To launch an instance
a. From the AWS Management Console, click Sign in to the AWS Console and log in with the
email address and password you used when signing up for Amazon EC2.
Tip
If you pause for a long period of time during this procedure, the AWS Management
Console automatically logs you out. To stay logged in while you work through this tutorial,
click Settings in the top right corner of the console window and clear the Sign out on
inactivity check box.
b. From the Amazon EC2 Console Dashboard, click Launch Instance to start the Request Instances
Wizard.
The first page of the wizard displays a list of basic AMIs on the Quick Start tab.
An Amazon Machine Image (AMI) contains all the information needed to create a new instance
of a server. For example, an AMI might contain all the software to act as a web server (e.g.,
Linux, Apache, and your web site), or all the software to act as a Windows database server (e.g.,
Windows and SQL Server).
2. Choose an AMI: Select either the Basic 32-bit Amazon Linux AMI, or a Windows AMI from the list.
After you select an AMI, the wizard steps to the Instance Details page. This is where you control
settings such as the number and size of instances to launch (in this tutorial you'll launch a single
small instance).
3. The default settings on this page of the wizard and the next two pages are what you want, so just
click Continue on each page.
A key pair is a security credential similar to a password, which you use to securely connect to your
instance after it's running. If you're new to Amazon EC2 and haven't created any key pairs yet, when
the wizard displays the Create Key Pair page, the Create a new Key Pair button is selected by
default. We assume you'll want a new key pair.
4. Create a key pair:
a. On the Create Key Pair page, enter a name for your key pair (e.g., GSG_Keypair). This will be
the name of the private key file associated with the pair (with a .pem extension).
The wizard displays the Configure Firewall page, where you create a security group.
A security group defines firewall rules for your instances.These rules specify which incoming network
traffic should be delivered to your instance (e.g., accept web traffic on port 80). All other traffic is
ignored. You can modify rules for a group at any time. The new rules are automatically enforced for
all running instances.
If you're new to Amazon EC2 and haven't set up any security groups yet, you need to understand
how the wizard handles them. When the wizard displays the Configure Firewall page, the Create
a new Security Group button is selected by default, and a security group has already been defined
for you. The name and description for the group is quick-start-x. You can change the name and
description if you want. The group already has basic firewall rules that enable you to connect to the
type of instance you've chosen. The following image shows the rules for the quick-start group if you're
launching the Basic 32-bit Amazon Linux AMI 1.0. The rule enables SSH access to the instance from
anywhere.
The following image shows the rules for the quick-start group if you're launching the Getting Started
on Microsoft Windows Server 2008 AMI. The rules enable Remote Desktop (RDP), MS SQL, and
HTTP access to the instance from anywhere.
Caution
The quick-start security group enables all IP addresses to access your instance over the
specified ports (e.g., SSH). This is acceptable for the short exercise in this tutorial, but it's
unsafe for production environments. In production, you'll authorize only a specific IP address
or range of addresses to access your instance.
Tip
If your AWS account isn't new and has security groups already, the Request Instances
Wizard looks for a security group that has rules that might match the type of instance you're
launching and preselects that group. You can select a different group or create a new group
to launch the instance into.
If the wizard doesn't find an existing group to use, it displays a prepopulated quick-start
security group like the ones shown in the preceding images.
5. Make any changes you want to the security group name or description, and click Continue.
The security group is created and assigned an ID (e.g., sg-b1784ec5).Your instance will be launched
into this new security group. The wizard steps to the Review page where you can review the settings
and launch the instance.
6. Review your settings and launch the instance:
a. Click Launch.
A confirmation page is displayed to let you know your instance is launching.
b. Click Close to close the confirmation page, and then click Instances in the navigation pane to
view your instance's status. It takes a short time for an instance to launch. The instance's status
will be pending while it's launching.
After a short period, your instance's status switches to running.You can click Refresh to refresh
the display.
c. Record the public DNS name for your instance because you'll need it for the next task. If you
select the instance, its details (including the public DNS name) are displayed in the lower pane.
You can also click Show/Hide in the top right corner of the page to select which columns to
display.
When your instance's status is running, you can connect to it. If you launched a Linux/UNIX instance,
see Connect to Your Linux/UNIX Instance (p. 9). If you launched a Windows instance, see Connect
to Your Windows Instance (p. 17).
Topics
• Connecting from a Linux/UNIX Machine (p. 10)
• Connecting from a Windows Machine (p. 12)
Note
Most Linux and UNIX machines include an SSH client by default. If yours doesn't, the OpenSSH
project provides a free implementation of the full suite of SSH tools. For more information, go to
http://www.openssh.org.
1. In a command line shell, change directories to the location of the private key file that you created
when you launched the instance.
2. Use the chmod command to make sure your private key file isn't publicly viewable. For example, if
your file were GSG_Keypair.pem, you would enter:
3. Connect to your instance using the instance's public DNS name (which you should have recorded
earlier). For example, if the key file is GSG_Keypair.pem and the instance's DNS name is
ec2-184-72-204-112.compute-1.amazonaws.com, use the following command.
Tip
The AMI we launched in this exercise requires you to log in to your instance as ec2-user.
Some AMIs let you log in as root.
4. Enter yes.
You're now logged in as ec2-user and can work with the instance like you would any normal server. If
you need to run a command as root, you must prefix the command with sudo. For example:
Normally you'd continue using the instance. However, for the purposes of this tutorial, we're going to
show you how to terminate the instance immediately. Jump to Terminate Your Instance (p. 20).
Getting PuTTY
To download and install PuTTY
Note
Other tools in the PuTTY suite are PuTTYgen, a key generation program, and pscp, a secure
copy command line tool. The different PuTTY tools are separate applications. You can install
them separately or install the entire suite with a simple Windows installer.The following instructions
assume you've installed the entire suite and can access all the components from the Windows
Start menu.
1. Start PuTTYgen (e.g., from the Start menu, click All Programs > PuTTY > PuTTYgen).
2. Click Load and browse to the location of the private key file that you want to convert (e.g.,
GSG_Keypair.pem). By default, PuTTYgen displays only files with extension .ppk; you'll need to
change that to display files of all types in order to see your .pem key file. The private key file must
end with a newline character or PuTTYgen cannot load it correctly.
When you click OK, PuTTYgen displays a dialog box with information about the key you loaded,
such as the public key and the fingerprint. The keys that Amazon EC2 generates are 1024-bit SSH-2
RSA keys.
4. Click Save private key to save the key in PuTTY's format.
PuTTYgen asks if you want to save the key without a passphrase.
5. Click Yes.
Note
A passphrase on a private key is an extra layer of protection, so even if your private key is
discovered, it will not be usable without the passphrase. The downside to using a passphrase
is that it makes automation harder because human intervention is needed to log on to an
instance, or copy files to an instance. For this exercise, we're not using a passphrase.
6. Name the key with the same name you used for the key pair (e.g., GSG_Keypair). PuTTY automatically
adds the .ppk file extension.
Your private key is now in the correct format for use with PuTTY. You can now connect to your instance
using PuTTY's SSH client.
1. Start PuTTY (e.g., from the Start menu, click All Programs > PuTTY > PuTTY).
A dialog box opens with a Category menu on the left side. On the right side, the basic options for
your PuTTY session are displayed.
2. In the Host Name field, enter the public DNS name of your instance (which you should have recorded
earlier).You can optionally prefix the DNS name with ec2-user@ to automatically log in as ec2-user
when the session opens.
3. In the Category menu, under Connection, click SSH, and then Auth.
The options controlling SSH authentication are displayed.
4. Click Browse and navigate to the PuTTY private key file you generated in the preceding section.
5. Click Open.
An SSH session window opens and PuTTY displays a security alert asking if you trust the host you're
connecting to.
6. Click Yes.
7. In the SSH session window, log in as ec2-user if you didn't as part of starting the SSH session.
Tip
The AMI we launched in this exercise requires you to log in to your instance as ec2-user.
Some AMIs let you log in as root.
Note
If you specified a passphrase when you converted your private key to PuTTY's format, you
must provide that passphrase when you log in to the instance.
You're now logged in as ec2-user and can work with the instance like you would any normal server. If
you need to run a command as root, you must prefix the command with sudo. For example:
Normally you'd continue using the instance. However, for the purposes of this guide, we're going to show
you how to terminate the instance immediately. Jump to Terminate Your Instance (p. 20).
To connect to a Windows instance, you must retrieve the initial administrator password first, and then
use it with Remote Desktop. You'll need the contents of the private key file that you created when you
launched the instance (e.g., GSG_Keypair.pem).
a. Navigate to the directory where you stored the private key file when you launched the instance.
b. Open the file in a text editor and copy the entire contents (including the first and last lines, which
contain BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY).
c. Go to the AWS Management Console and locate the instance on the Instances page.
d. Right-click the instance and select Get Windows Password.
The Retrieve Default Windows Administrator Password dialog box is displayed (it might take
a few minutes after the instance is launched before the password is available).
e. Paste the contents of the private key file into the Private Key field.
a. Start the Remote Desktop application (e.g., from the Start menu, point to All Programs >
Accessories, and then click Remote Desktop Connection).
Note
Most modern Windows operating systems from Windows XP onward already include
the Remote Desktop application. If you're using an old version of Windows, you can
download the Remote Desktop application from the Microsoft web site.
b. Enter the public DNS name of the instance (which you should have recorded earlier) and click
Connect.
c. Log in using Administrator as the username and the administrator password you got in the
previous task as the password.
You're now connected to your instance. You can work with it like you would any Windows server.
Caution
After you connect to any new Windows instance you've just launched, we recommend you change
the Windows administrator password from the default value.
Normally you'd continue using the instance. However, for the purposes of this tutorial, we're going to
show you how to terminate the instance immediately. Jump to Terminate Your Instance (p. 20).
As soon as your instance starts to boot, you're billed for each hour or partial hour that you keep the
instance running (even if the instance is idle). When you've decided that you no longer need the instance,
you can terminate it.
Note
You cannot restart a terminated instance. However, you can launch additional instances of the
same AMI.
To terminate an instance
1. In the AWS Management Console, locate the instance in your list of instances on the Instances
page.
2. Right-click the instance, and then click Terminate.
3. Click Yes, Terminate when prompted for confirmation.
Amazon EC2 begins terminating the instance. As soon as the instance status changes to shutting
down or terminated, you stop incurring charges for that instance.
Congratulations! You successfully launched, connected to, and terminated an instance. For more
information about Amazon EC2 and how to continue, see Where Do I Go from Here? (p. 21).
Your input is important to us. Help make our documentation helpful and easy to use. Please take a minute
to provide feedback on your getting started experience with Amazon EC2. To begin the survey, see
Please Provide Feedback (p. 27). Thank you.
Topics
• AWS Account and Security Credentials (p. 21)
• Other Ways to Access Amazon EC2 (p. 21)
• Designing Your Application for the Cloud (p. 22)
• Learn More about Amazon EC2 (p. 22)
• Amazon EC2 Resources (p. 25)
Amazon EC2 is a rich service offering many things we haven't covered in this guide, such as creating
your own AMIs, using persistent file storage, monitoring instance health, load balancing, and virtual private
networking. This section provides links to additional resources, which will help you deepen your
understanding and use of Amazon EC2.
If you're an account owner or administrator and would like to know more about AWS Identity and Access
Management, go to the product description at http://aws.amazon.com/iam or to the technical documentation
at Using AWS Identity and Access Management.
Compute Cloud User Guide. The console also has online Help to assist you (just click the Help button in
the console).
• Java
• PHP
• Python
• Ruby
• Windows and .NET
For libraries and sample code in all languages, go to Amazon EC2 Sample Code & Libraries.
You can choose between Amazon S3 or Amazon Elastic Block Store as the root device for your AMI (for
a brief description of Amazon EBS, see Amazon Elastic Block Store (p. 24) later in this section). We
recommend using instances backed by Amazon EBS, because they launch faster and use persistent
storage. For more information, go to AMIs Backed by Amazon EBS in the Amazon Elastic Compute Cloud
User Guide.
Instance Types
To meet the needs of different organizations and applications, Amazon EC2 instances are available in
different sizes and CPU/memory configurations. For more information, go to Instances in the Amazon
Elastic Compute Cloud User Guide.
Tags
You can add optional metadata to your instances, AMIs, and other EC2 resources to help you categorize
and manage them. For more information, go to Using Tags in the Amazon Elastic Compute Cloud User
Guide.
Elastic IP Addresses
You might want to have static IP addresses for your instances. Amazon EC2 provides elastic IP addresses
that can be dynamically remapped to different instances. For more information, go to Elastic IP Addresses
in the Amazon Elastic Compute Cloud User Guide.
Security Groups
You might be concerned about keeping others from accessing your instances, both inside and outside
the Amazon network.You can create other security groups (beyond the basic group we used in this guide)
to meet your security requirements. For more information, go to Network Security Concepts in the Amazon
Elastic Compute Cloud User Guide.
Availability Zones
You might want to build a geographically dispersed, fault tolerant architecture on Amazon EC2. You can
place instances in different geographic regions and isolate instances within those regions using Availability
Zones. This provides geographic flexibility and affordable fault tolerance. For more information, go to
Region and Availability Zone Concepts in the Amazon Elastic Compute Cloud User Guide.
Amazon Linux
AWS provides Amazon Linux AMIs, which are supported and maintained Linux images optimized for the
EC2 environment. For more information, go to Amazon Linux AMI.
Reserved Instances
You might want to run a set of full-time or nearly full-time instances but also bring down your costs.
Amazon EC2 supports an additional pricing option that enables you to make a low one-time payment for
each instance to reserve and receive a significant discount on the hourly usage charge for that instance.
For more information, go to On-Demand and Reserved Instances and to Reserving Amazon EC2 Instances
in the Amazon Elastic Compute Cloud User Guide.
Spot Instances
If you're flexible about when you need instances and want to bring down your costs, Amazon EC2 lets
you bid for unused Amazon EC2 capacity and run your instances for as long as your bid exceeds the
current Spot Price. For more information, go to the Amazon EC2 Spot Instances product page and
Introduction to Spot Instances.
Monitoring Instances
You might need a solution for monitoring your instances. Amazon CloudWatch is a monitoring service
for Amazon EC2 that is designed to gather, aggregate, store, and retrieve metrics. For more information,
go to the Amazon CloudWatch product page and the Amazon CloudWatch Developer Guide.
Load Balancing
You might need a solution for load balancing requests to your instances. Elastic Load Balancing offers
the ability to evenly spread requests across your running Amazon EC2 instances. For more information,
go to the Elastic Load Balancing product page and the Elastic Load Balancing Developer Guide.
response to your web application’s usage and the configuration you define. For more information, go to
the Auto Scaling product page and the Amazon Auto Scaling Developer Guide.
Micro Instances
Amazon EC2 offers micro instances, which provide a small amount of consistent CPU resources and
allow you to burst CPU capacity when additional cycles are available. They are well suited for lower
throughput applications and web sites that consume significant compute cycles periodically. For more
information, go to Micro Instance Concepts in the Amazon Elastic Compute Cloud User Guide.
Cluster Instances
Amazon EC2 offers cluster instances for your High-Performance Computing (HPC) applications. These
instances provide you with high-bandwidth, low-latency inter-node communications for advanced
computational applications such as computational fluid dynamics, computational biology, and materials
research. For more information, go to Using Cluster Instances in the Amazon Elastic Compute Cloud
User Guide.
Resource Description
Amazon Elastic Compute Cloud User Provides conceptual information about Amazon EC2 and
Guide describes how to use Amazon EC2 features using the AWS
Management Console, command line tools, and Query API.
Amazon Elastic Compute Cloud API Contains a comprehensive description of the API actions,
Reference data types, and errors.
Amazon Elastic Compute Cloud Contains a comprehensive description of all the command
Command Line Reference line tools and their options.
Amazon EC2 Technical FAQ Covers the top questions developers have asked about this
product.
Amazon EC2 Release Notes Give a high-level overview of the current release. They
specifically note any new features, corrections, and known
issues.
AWS Developer Resource Center A central starting point to find documentation, code samples,
release notes, and other information to help you build
innovative applications with AWS.
AWS Management Console The console lets you perform most of the functions of Amazon
EC2 and other AWS products without programming.
Resource Description
AWS Support Center The home page for AWS Technical Support, including access
to our Developer Forums, Technical FAQs, Service Status
page, and AWS Premium Support (if you are subscribed to
this program).
AWS Premium Support Information The primary web page for information about AWS Premium
Support, a one-on-one, fast-response support channel to help
you build and run applications on AWS Infrastructure Services.
Amazon EC2 Product Information The primary web page for information about Amazon EC2.
Form for questions related to your AWS This form is only for account questions. For technical
account: Contact Us questions, use the Discussion Forums.
Terms of Use Detailed information about the copyright and trademark usage
at Amazon.com and other topics.
Your input is important to us. Help make our documentation helpful and easy to use. Please take a minute
to provide feedback on your getting started experience with Amazon EC2. To begin the survey, see
Please Provide Feedback (p. 27). Thank you.
Your input is important to help make our documentation helpful and easy to use. Please tell us about
your experience getting started with Amazon EC2 by completing our Getting Started Survey.
Thank you.
This is the Amazon Elastic Compute Cloud Getting Started Guide. It was last updated on March 15, 2011.
Amazon Elastic Compute Cloud is often referred to within this guide as "Amazon EC2" or simply "EC2";
likewise the Amazon Simple Storage Service is referred to in this guide as "Amazon S3"; all copyrights
and legal protections still apply.