Launching and Using Instances

Amazon Elastic Compute Cloud: 2009-07-15

previous page next page

Launching and Using Instances

Topics

How to Find a Suitable AMI

How to Generate an SSH Key Pair

How to Add Rules to the Default Security Group

How to Run an Instance

Instance Metadata

Instance Storage

Using Shared AMIs

Paying for AMIs

Getting Console Output and Rebooting Instances

How to Find a Suitable AMI

This section describes how to find an AMI.

AWS Management Console

To find a suitable AMI

Log in to the AWS Management Console and click the Amazon EC2 tab.
Click AMIs in the Navigation pane.

The console displays your AMIs and all public AMIs.
To reduce the number of displayed AMIs, select options from the Viewing list boxes. For example, you might want to display Amazon images.
After locating your desired AMI, write down its AMI ID. You can use this to launch instances of the AMI or register your own AMI, using this as a baseline.

Command Line Tools

To find a suitable AMI

Use the ec2-describe-images command.

PROMPT> ec2-describe-images -o self -o amazon | grep machine

IMAGE    ami-2c5fba45    ec2-public-images/demo-paid-AMI-v1.07.manifest.xml    amazon    available    public    A79EC0DB    i386    machine
IMAGE    ami-bd9d78d4    ec2-public-images/demo-paid-AMI.manifest.xml     amazon    available    public    A79EC0DB    i386    machine
IMAGE    ami-2f5fba46    ec2-public-images/developer-image-i386-v1.07.manifest.xml    amazon     available    public        i386    machine
IMAGE    ami-26b6534f    ec2-public-images/developer-image.manifest.xml    amazon    available     public        i386    machine
IMAGE    ami-f51aff9c    ec2-public-images/fedora-8-i386-base-v1.06.manifest.xml    amazon    available    public        i386    machine    aki-a71cf9ce    ari-a51cf9cc
IMAGE    ami-2b5fba42    ec2-public-images/fedora-8-i386-base-v1.07.manifest.xml    amazon     available    public        i386    machine    aki-a71cf9ce    ari-a51cf9cc
IMAGE    ami-f21aff9b    ec2-public-images/fedora-8-x86_64-base-v1.06.manifest.xml    amazon     available    public        x86_64    machine    aki-b51cf9dcari-b31cf9da
IMAGE    ami-2a5fba43    ec2-public-images/fedora-8-x86_64-base-v1.07.manifest.xml    amazon    available    public        x86_64    machine    aki-b51cf9dcari-b31cf9da
IMAGE    ami-a21affcb    ec2-public-images/fedora-core-6-x86_64-base-v1.06.manifest.xml    amazon    available    public        x86_64    machine    aki-a53adfccari-a23adfcb
IMAGE    ami-2d5fba44    ec2-public-images/fedora-core-6-x86_64-base-v1.07.manifest.xml     amazon    available    public        x86_64    machine    aki-a53adfccari-a23adfcb
IMAGE    ami-225fba4b    ec2-public-images/fedora-core4-apache-mysql-v1.07.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-25b6534c    ec2-public-images/fedora-core4-apache-mysql.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-2e5fba47    ec2-public-images/fedora-core4-apache-v1.07.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-23b6534a    ec2-public-images/fedora-core4-apache.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-215fba48    ec2-public-images/fedora-core4-base-v1.07.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-20b65349    ec2-public-images/fedora-core4-base.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-205fba49    ec2-public-images/fedora-core4-i386-base-v1.07.manifest.xml    amazon    available    public        i386    machine    aki-9b00e5f2
IMAGE    ami-255fba4c    ec2-public-images/fedora-core4-mysql-v1.07.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-22b6534b    ec2-public-images/fedora-core4-mysql.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-36ff1a5f    ec2-public-images/fedora-core6-base-x86_64.manifest.xml    amazon    available    public        x86_64    machine
IMAGE    ami-235fba4a    ec2-public-images/getting-started-v1.07.manifest.xml    amazon    available    public        i386    machine
IMAGE    ami-2bb65342    ec2-public-images/getting-started.manifest.xml    amazon    available    public        i386    machine

The command lists your AMIs and Amazon's public AMIs. The output might not exactly match the preceding example.

Look for the line containing the public image identified by the ec2-public-images/getting-started.manifest.xml value in the third column and note the corresponding value in the second column.

This is the AMI ID you need. In this example, it is ami-2bb65342.

How to Generate an SSH Key Pair

When you run an instance of a public AMI, it has no password and you need a public/private key pair to log in to the instance. One half of this key pair is embedded in your instance, allowing you to log in securely without a password using the other half of the key pair. After learning to create your own images, you can choose other mechanisms to allow you to securely login to your new instances. Every key pair you generate requires a name. Be sure to choose a name that is easy to remember.

	Note
	If you are using PuTTY in Windows, convert the private key to PuTTY's format. For more information on using PuTTy with Amazon EC2, go to the Amazon Elastic Compute Cloud Getting Started Guide.

AWS Management Console

To generate a key pair

Log in to the AWS Management Console and click the Amazon EC2 tab.
Click Key Pairs in the Navigation pane.

The console displays a list of key pairs associated with your account.
Click Create Key Pair.

The Key Pair dialog box appears.
Enter a name for the new key pair in the Key Pair Name field and click Create.

You are prompted to download the key file.
Download the key file and keep it in a safe place. You will need it to access any instances that you launch with this key pair.

Command Line Tools

To generate a key pair using gsg-keypair

Enter the following information.

PROMPT>  ec2-add-keypair gsg-keypair

Amazon EC2 returns a key pair, similar to the key pair in the following example.

KEYPAIR gsg-keypair  1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----

The private key returned must be saved to a local file so that you can use it later.

Create a file named id_rsa-gsg-keypair and paste the entire key generated in step 1, including the following lines.
```
"-----BEGIN RSA PRIVATE KEY-----"
"-----END RSA PRIVATE KEY-----" 
```

Confirm that the file contents looks similar to the following and save the file.

You can save the file in any directory, but if you do not put it in your current directory, you should specify the full path when using commands that require the key pair.

If you're using OpenSSH (or any reasonably paranoid SSH client), you should set the permissions of this file so it is only readable by you.

On Linux and UNIX, enter the information in the following example.
```
$  chmod 700 id_rsa-gsg-keypair ; ls -l id_rsa-gsg-keypair  
```
You receive output similar to the following example.
```
-rw-------  1 fred flintstones 1701 Jun 19 17:57 id_rsa-gsg-keypair 
```

How to Add Rules to the Default Security Group

Before you can log in to an instance, you must authorize access.

This section describes how to add rules that allow HTTP access on port 80, SSH access on port 22, and Remote Desktop (RDP) access on port 3389. This enables the instance to be reached on port 80 from the Internet and enables you to administer the instance over SSH or RDP.

AWS Management Console

To authorize access to your instance

Log in to the AWS Management Console and click the Amazon EC2 tab.
Click Security Groups in the Navigation pane.

The console displays a list of security groups that belong to the account.
Select the default security group.

Its rules appear in the lower pane.
To add the HTTP rule, enter the following:
- Select HTTP from the Connection Method list box.
- Select TCP from the Protocol list box.
- Enter 80 in the From Port and To Port fields.
- Enter 0.0.0.0/0 in the Source field.
Then, click Save.
To add the SSH rule, enter the following:
- Select SSH from the Connection Method list box.
- Select TCP from the Protocol list box.
- Enter 22 in the From Port and To Port fields.
- Enter your public IP address in the Source field.
Then, click Save.
To add the RDP rule, enter the following:
- Select RDP from the Connection Method list box.
- Select TCP from the Protocol list box.
- Enter 22 in the From Port and To Port fields.
- Enter your public IP address in the Source field.
Then, click Save.

Command Line Tools

To authorize access to your instance

Enter the ec2-authorize commands.

PROMPT>  ec2-authorize default -p 22 -s your-public-ip-address/32
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   your-public-ip-address/32
PROMPT>  ec2-authorize default -p 3389 -s your-public-ip-address/32
PERMISSION     default  ALLOWS  tcp     3389      3389      FROM    CIDR   your-public-ip-address/32
PROMPT>  ec2-authorize default -p 80
PERMISSION     default  ALLOWS  tcp     80      80      FROM    CIDR   0.0.0.0/0

Because we didn't specify otherwise, your instance was launched in your default group. The first command authorizes network access to instances in your default group on the standard SSH port (22). Similarly, the second command opens up the standard HTTP port (80).

How to Run an Instance

This section describes how to run an instance.

AWS Management Console

To launch an instance

Log in to the AWS Management Console and click the Amazon EC2 tab.

Click Instances in the Navigation pane.

The console displays a list of running instances.

Click Launch Instance.

The Launch Instance wizard appears.

Select the Quick Start tab.

If you are launching a Linux/UNIX instance, locate the Getting Started on Fedora Core 8 AMI and click its Select button. If you are launching a Windows instance, locate the Getting Started on Microsoft Windows Server 2003 AMI and click its Select button.

Note

We recommend launching basic AMIs for this tutorial, but you can launch any AMI.

If the Configure Firewall page of the wizard appears, click the Skip button because you already configured the default security group.

The Launch page of the wizard appears.

Confirm the following settings and click Launch.

Enter 1 in the Number of Instances field.

Select the m1.smallInstance Type option.

Select the key pair that you created from the Key Pair Name list box.

Select default from the Security Groups list box.

The instance(s) begin launching.

Command Line Tools

To launch an instance

Use the ec2-run-instances command.

PROMPT> ec2-run-instances ami-235fba4a -k gsg-keypair

Amazon EC2 returns output similar to the following example.

RESERVATION r-7430c31d 924417782495 default INSTANCE i-ae0bf0c7 ami-2bb65342 pending gsg-keypair 0 m1.small 2008-03-21T16:19:25+0000 us-east-1a

Look for the instance ID in the second field and write it down.

You use it to manipulate this instance (including terminating it when you are finished).

It takes a few minutes for the instance to launch.

The following command displays the launch status of the instance.

PROMPT> ec2-describe-instances i-ae0bf0c7 RESERVATION r-7430c31d 924417782495 default INSTANCE i-ae0bf0c7 ami-2bb65342 ec2-67-202-7-236.compute-1.amazonaws.com ip-10-251-31-162.ec2.internal running gsg-keypair 0 m1.small 2008-03-21T16:19:25+0000us-east-1a

Important

After launching an instance, you are billed hourly for running time. When you are finished, make sure to terminate any instances that you started.

When the instance state in the field just before the key pair name reads "running" the instance started booting. There might be a short time before it is accessible over the network, however. The first DNS name is your instance's external DNS name, i.e. the one that can be used to contact it from the Internet. The second DNS name is your instance's local DNS name, and is only contactable by other instances within the Amazon EC2 network. The DNS names of your instances are different than those shown in the preceding example and you should use yours instead. The examples in this guide use the public DNS name.

Related Topics

Amazon EC2 Flow

AMI and Instance Concepts

	Important
After launching an instance, you are billed hourly for running time. When you are finished, make sure to terminate any instances that you started.

previous page start next page

	Note
	If you create an instance in one region, you cannot launch it in another region without migrating it. For information on regions, see Region and Availability Zone Concepts. For information on migrating AMIs, refer to the `ec2-migrate-bundle` section in the Amazon Elastic Compute Cloud Command Line Reference.

	Note
	We recommend launching basic AMIs for this tutorial, but you can launch any AMI.