Starting with an Existing AMI
To quickly and easily get a new working AMI, start with an existing public AMI or one of your own.
You can then modify it and create a new AMI with the ec2-bundle-vol
utility
described in Bundling an AMI.
Note | |
---|---|
Before selecting an AMI, determine whether the instance types you plan to launch are 32-bit or 64-bit. For more information, see Instance Types Make sure you are using GNU Tar 1.15 or later. |
To use an existing AMI to create a new AMI, complete the following tasks.
Select an AMI
First, locate an AMI that contains the packages and services you require. This can be one of your own AMIs or a public AMIs provided by Amazon EC2.
To select an AMI
-
Get a list of available AMIs by entering the
ec2-describe-images
command:$
ec2-describe-images -a
The response includes the image ID, the location of the file in Amazon S3, and whether the file is available.
-
Choose an AMI from the list and write down its AMI ID.
Example
$
ec2-describe-images -o self -o amazon
IMAGE ami-60a54009 ec2-public-images/base-fc4-apache.manifest.xml 475219833042 available public IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml AIDADH4IGTRXXKCD available private IMAGE ami-2bb65342 ec2-public-images/getting-started.manifest.xml 475219833042 available public IMAGE ami-6ea54007 ec2-public-images/base-fc3-mysql.manifest.xml 475219833042 available public
Generate a Key Pair
This step is only required if you selected one of the public AMIs provided by Amazon EC2. You must create a public/private key pair to ensure that only you have access to instances that you launch.
After you generate a key pair, the public key is stored in Amazon EC2 using the key pair name you selected. Whenever you launch an instance using the key pair name, the public key is copied to the instance metadata. This allows you to access the instance securely using your private key.
To create a public/private key pair
-
Enter the following command:
$
ec2-add-keypair
<keypair-name>
The
<keypair-name>
is the name you select for the key pair.The resulting private key is displayed.
-
Open a text editor.
-
Paste the entire private key, starting with the line "
-----BEGIN RSA PRIVATE KEY-----
" and ending with the line "-----END RSA PRIVATE KEY-----
". -
Save the file and exit.
Note This file should only be readable by the file owner.
Example
$
ec2-add-keypair
gsg-keypair
KEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f -----BEGIN RSA PRIVATE KEY----- MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg 5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/ ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5 i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5 91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7 3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1 jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4 JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe 2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g== -----END RSA PRIVATE KEY-----
Launch the Instance
You are now ready to launch an instance of the AMI that you previously selected.
To launch an instance
-
Start the launch by entering the following command:
$
ec2-run-instances
<ami_id>
-k<keypair-name>
The
<ami_id>
is the AMI ID you selected earlier and<keypair-name>
is the name of the key pair. The command will return the AMI instance ID, a unique identifier for each launched instance. You use the instance ID to manipulate the instance. This includes viewing the status of the instance, terminating the instance, and so on.Launching the instance will take a few minutes.
-
View the progress of the instance by entering the following command:
$
ec2-describe-instances
<instance_id>
The
<instance_id>
is the ID of the instance.When the status field displays "running," the instance was created and is booting. However, the instance might not be immediately accessible over the network. Make sure to use the appropriate DNS name provided by the
ec2-describe-instances
command.
Important | |
---|---|
Once you launch an instance, you will be billed for all usage, including hourly CPU time. Make sure to terminate any instances that you do not want to leave running. For information on Amazon EC2 pricing, go to the Amazon EC2 home page. |
Example
The following example launches an instance of ami-2bb65342.
$
ec2-run-instances
ami-2bb65342
-kgsg-keypair
RESERVATION r-302dc059 416161254515 default INSTANCE i-eb977f82 ami-2bb65342 pending gsg-keypair 0 m1.small 2007-10-16T07:56:20+0000 us-east-1a
The following shows the status of the launch:
$
ec2-describe-instances
i-eb977f82
RESERVATION r-302dc059 416161254515 default INSTANCE i-eb977f82 ami-2bb65342 ec2-72-44-40-222.compute-1.amazonaws.com 10-251-50-83.ec2.internal running gsg-keypair 0 m1.small 2007-10-16T07:56:20+0000 us-east-1a
Authorize Network Access
To authorize access to your instance
-
Enter the
ec2-authorize
command to allow all IP addresses to access your instance through the port 80 (public web) IP address.$
PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
-
Get the public IP address of your local machine by going to a search engine, entering "what is my IP address," and using one of the provided services.
-
Enter the
ec2-authorize
command to open port 22 (SSH port) to your IP address.$
your_ip_address
/32PERMISSION default ALLOWS tcp 22 22 FROM CIDR
your_ip_address
/32This command allows access from your IP address only. If your IP address is dynamic, you will need to use this command each time it changes. To allow additional IP address ranges, use this command for each range.
Connect to the Instance
After starting an instance, you can log in and modify it according to your requirements.
To connect to an instance
-
If you are launching an AMI that supports SSH login (e.g., public AMIs), use the following command to log in with your private key:
$
ssh
-i<private-keyfile>
root@<dns_location>
The
<private-keyfile>
is the file that contains the private key anddns_location
is the DNS location of the instance within Amazon EC2. Your instance displays a prompt that contains your username and the hostname of the instance.
You now have complete control over the instance. You can add, remove, modify, or upgrade packages and files to suit your needs.
Important | |
---|---|
We recommend exercising extreme care when changing some of the basic Amazon EC2
configuration settings, such as the network interface configuration and the
|
Example
The following example shows logging in to an AMI using SSH.
$
ssh
-i id_rsa-gsg-keypair root@ec2-67-202-51-223.compute-1.amazonaws.com
root@ec2-67-202-51-223 #
Upload the Key and Certificate
Your new AMI is encrypted and signed to ensure that only you and Amazon EC2 can access it. Therefore, you must upload your Amazon EC2 private key and X.509 certificate to the running instance, for use in the AMI bundling process.
Note | |
---|---|
For information on obtaining your Amazon EC2 private key and X.509 certificate, refer to the Amazon Elastic Compute Cloud Getting Started Guide. |
To upload your Amazon EC2 private key and X.509 certificate
-
Copy your Amazon EC2 private key and X.509 certificate to the /mnt directory.
-
Enter the following command:
$
scp
<private_keyfile>
<certificate_file>
root@<dns_location>
:/mntThe
<private_keyfile>
is the file that contains the private key,certificate_file
is the file that contains the certificate, anddns_location
is the DNS location of the instance within Amazon EC2.Amazon EC2 returns the name of the files and some performance statistics.
Note It is important that the key and cert files are uploaded into /mnt to prevent them from being bundled with the new AMI.
You are ready to bundle the volume and uploading the resulting AMI to Amazon S3. For more information, see Bundling an AMI.
Example
$
scp
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
root@
ec2-67-202-51-223.compute-1.amazonaws.com
:/mnt -i id_rsa-gsg-keypair pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 717 0.7KB/s 00:00 cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem 100% 685 0.7KB/s 00:00