Starting with an Existing AMI

Amazon Elastic Compute Cloud: 2009-10-31

previous page next page

Starting with an Existing AMI

To quickly and easily get a new working AMI, start with an existing public AMI or one of your own. You can then modify it and create a new AMI as described in Creating an AMI.

[Note] Note

Before selecting an AMI, determine whether the instance types you plan to launch are 32-bit or 64-bit. For more information, see Instance Types

Make sure you are using GNU Tar 1.15 or later.

To use an existing AMI to create a new AMI, complete the following tasks.

Tasks to Use an Existing AMI

1

How to Select an AMI

2

How to Generate a Key Pair

3

How to Launch the Instance

4

How to Authorize Network Access

5

How to Connect to the Instance

6

How to Upload the Key and Certificate

How to Select an AMI

First, locate an AMI that contains the packages and services you require. This can be one of your own AMIs or a public AMI provided by Amazon EC2.

To select an AMI

  1. Get a list of available AMIs by entering the ec2-describe-images command:

                  $ 
               ec2-describe-images -a

    The response includes the image ID, the location of the file in Amazon S3, and whether the file is available.

  2. Choose an AMI from the list and write down its AMI ID.

Example 

$  ec2-describe-images -o self -o amazon 
IMAGE ami-60a54009 ec2-public-images/base-fc4-apache.manifest.xml 475219833042 available public
IMAGE ami-61a54028 <your-s3-bucket>/image.manifest.xml AIDADH4IGTRXXKCD available private
IMAGE ami-2bb65342 ec2-public-images/getting-started.manifest.xml 475219833042 available public
IMAGE ami-6ea54007 ec2-public-images/base-fc3-mysql.manifest.xml 475219833042 available public

[Note] Note

If you are planning on creating an AMI that uses an Amazon EBS volume as its root device, we recommend selecting an existing AMI backed by Amazon EBS and modifying it to meet your needs. For more information, see AMI and Instance Concepts

How to Generate a Key Pair

This task is only required if you selected one of the public AMIs provided by Amazon EC2. You must create a public/private key pair to ensure that only you have access to instances that you launch.

After you generate a key pair, the public key is stored in Amazon EC2 using the key pair name you selected. Whenever you launch an instance using the key pair name, the public key is copied to the instance metadata. This allows you to access the instance securely using your private key.

To create a public/private key pair

  1. Enter the following command:

                  $ 
               ec2-add-keypair <keypair-name>

    The <keypair-name> is the name you select for the key pair.

    The resulting private key is displayed.

  2. Open a text editor.

  3. Paste the entire private key, starting with the line "-----BEGIN RSA PRIVATE KEY-----" and ending with the line "-----END RSA PRIVATE KEY-----".

  4. Save the file and exit.

    [Note] Note

    This file should only be readable by the file owner.

Example 

$  ec2-add-keypair gsg-keypair
KEYPAIR gsg-keypair 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQBuLFg5ujHrtm1jnutSuoO8Xe56LlT+HM8v/xkaa39EstM3/aFxTHgElQiJLChp
HungXQ29VTc8rc1bW0lkdi23OH5eqkMHGhvEwqa0HWASUMll4o3o/IX+0f2UcPoKCOVUR+jx71Sg
5AU52EQfanIn3ZQ8lFW7Edp5a3q4DhjGlUKToHVbicL5E+g45zfB95wIyywWZfeW/UUF3LpGZyq/
ebIUlq1qTbHkLbCC2r7RTn8vpQWp47BGVYGtGSBMpTRP5hnbzzuqj3itkiLHjU39S2sJCJ0TrJx5
i8BygR4s3mHKBj8l+ePQxG1kGbF6R4yg6sECmXn17MRQVXODNHZbAgMBAAECggEAY1tsiUsIwDl5
91CXirkYGuVfLyLflXenxfI50mDFms/mumTqloHO7tr0oriHDR5K7wMcY/YY5YkcXNo7mvUVD1pM
ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rXh64o6WgW4SrsB6ICmr1kGQI7
3wcfgt5ecIu4TZf0OE9IHjn+2eRlsrjBdeORi7KiUNC/pAG23I6MdDOFEQRcCSigCj+4/mciFUSA
SWS4dMbrpb9FNSIcf9dcLxVM7/6KxgJNfZc9XWzUw77Jg8x92Zd0fVhHOux5IZC+UvSKWB4dyfcI
tE8C3p9bbU9VGyY5vLCAiIb4qQKBgQDLiO24GXrIkswF32YtBBMuVgLGCwU9h9HlO9mKAc2m8Cm1
jUE5IpzRjTedc9I2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6AjMujp9EPemcSVOK9vXYL0Ptco
xW9MC0dtV6iPkCN7gOqiZXPRKaFbWADp16p8UAIvS/a5XXk5jwKBgQCKkpHi2EISh1uRkhxljyWC
iDCiK6JBRsMvpLbc0v5dKwP5alo1fmdR5PJaV2qvZSj5CYNpMAy1/EDNTY5OSIJU+0KFmQbyhsbm
rdLNLDL4+TcnT7c62/aH01ohYaf/VCbRhtLlBfqGoQc7+sAc8vmKkesnF7CqCEKDyF/dhrxYdQKB
gC0iZzzNAapayz1+JcVTwwEid6j9JqNXbBc+Z2YwMi+T0Fv/P/hwkX/ypeOXnIUcw0Ih/YtGBVAC
DQbsz7LcY1HqXiHKYNWNvXgwwO+oiChjxvEkSdsTTIfnK4VSCvU9BxDbQHjdiNDJbL6oar92UN7V
rBYvChJZF7LvUH4YmVpHAoGAbZ2X7XvoeEO+uZ58/BGKOIGHByHBDiXtzMhdJr15HTYjxK7OgTZm
gK+8zp4L9IbvLGDMJO8vft32XPEWuvI8twCzFH+CsWLQADZMZKSsBasOZ/h1FwhdMgCMcY+Qlzd4
JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T+Zrvm1F0seQPbLknn7EqhXIjBaT
P8TTvW/6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv/x2xALIf91UB+v5ohy1oDoasL0gij1houRe
2ERKKdwz0ZL9SWq6VTdhr/5G994CK72fy5WhyERbDjUIdHaK3M849JJuf8cSrvSb4g==
-----END RSA PRIVATE KEY-----

How to Launch the Instance

You are now ready to launch an instance of the AMI that you previously selected.

To launch an instance

  1. Start the launch by entering the following command:

                  $ 
               ec2-run-instances <ami_id> -k <keypair-name>

    The <ami_id> is the AMI ID you selected earlier and <keypair-name> is the name of the key pair. The command will return the AMI instance ID, a unique identifier for each launched instance. You use the instance ID to manipulate the instance. This includes viewing the status of the instance, terminating the instance, and so on.

    Launching the instance will take a few minutes.

  2. View the progress of the instance by entering the following command:

    $  ec2-describe-instances <instance_id>

    The <instance_id> is the ID of the instance.

    When the status field displays "running," the instance was created and is booting. However, the instance might not be immediately accessible over the network. Make sure to use the appropriate DNS name provided by the ec2-describe-instances command.

[Important] Important

Once you launch an instance, you will be billed for all usage, including hourly CPU time. Make sure to stop (Amazon EBS-backed instances only) or terminate any instances that you do not want to leave running. For information on Amazon EC2 pricing, go to the Amazon EC2 home page.

Example

The following example launches an instance of ami-2bb65342.

$ ec2-run-instances ami-2bb65342 -k gsg-keypair
RESERVATION     r-302dc059      416161254515    default
INSTANCE        i-eb977f82      ami-2bb65342                    pending gsg-keypair     0    m1.small   2007-10-16T07:56:20+0000    us-east-1a

The following shows the status of the launch:

$  ec2-describe-instances i-eb977f82 
RESERVATION     r-302dc059      416161254515    default
INSTANCE        i-eb977f82      ami-2bb65342    ec2-72-44-40-222.compute-1.amazonaws.com    10-251-50-83.ec2.internal   running gsg-keypair     0     m1.small    2007-10-16T07:56:20+0000    us-east-1a

How to Authorize Network Access

To authorize access to your instance

  1. Enter the ec2-authorize command to allow all IP addresses to access your instance through the port 80 (public web) IP address.

    $  ec2-authorize default -p 80
PERMISSION     default  ALLOWS  tcp     80      80      FROM    CIDR   0.0.0.0/0

  2. Get the public IP address of your local machine by going to a search engine, entering "what is my IP address," and using one of the provided services.

  3. Enter the ec2-authorize command to open port 22 (SSH port) to your IP address.

    $  ec2-authorize default -p 22 -s your_ip_address/32
PERMISSION     default  ALLOWS  tcp     22      22      FROM    CIDR   your_ip_address/32

    This command allows access from your IP address only. If your IP address is dynamic, you will need to use this command each time it changes. To allow additional IP address ranges, use this command for each range.

How to Connect to the Instance

After starting an instance, you can log in and modify it according to your requirements.

To connect to an instance

  • If you are launching an AMI that supports SSH login (e.g., public AMIs), use the following command to log in with your private key:

                  $ 
               ssh -i <private-keyfile> root@<dns_location>

    The <private-keyfile> is the file that contains the private key and dns_location is the DNS location of the instance within Amazon EC2. Your instance displays a prompt that contains your username and the hostname of the instance.

You now have complete control over the instance. You can add, remove, modify, or upgrade packages and files to suit your needs.

[Important] Important

We recommend exercising extreme care when changing some of the basic Amazon EC2 configuration settings, such as the network interface configuration and the /etc/fstab contents. Otherwise, the AMI might become unbootable or inaccessible from the network once running.

Example

The following example shows logging in to an AMI using SSH.

$  ssh -i id_rsa-gsg-keypair
root@ec2-67-202-51-223.compute-1.amazonaws.com 
root@ec2-67-202-51-223 #

How to Upload the Key and Certificate

Your new AMI is encrypted and signed to ensure that only you and Amazon EC2 can access it. Therefore, you must upload your Amazon EC2 private key and X.509 certificate to the running instance, for use in the AMI bundling process.

[Note] Note

For information on obtaining your Amazon EC2 private key and X.509 certificate, refer to the Amazon Elastic Compute Cloud Getting Started Guide.

To upload your Amazon EC2 private key and X.509 certificate

  1. Copy your Amazon EC2 private key and X.509 certificate to the /mnt directory.

  2. Enter the following command:

                  $ 
              scp <private_keyfile> <certificate_file> root@<dns_location>:/mnt

    The <private_keyfile> is the file that contains the private key, certificate_file is the file that contains the certificate, and dns_location is the DNS location of the instance within Amazon EC2.

    Amazon EC2 returns the name of the files and some performance statistics.

    [Note] Note

    It is important that the key and cert files are uploaded into /mnt to prevent them from being bundled with the new AMI.

Example 

$ scp pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
root@ec2-67-202-51-223.compute-1.amazonaws.com:/mnt
-i id_rsa-gsg-keypair
pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem  100%  717     0.7KB/s   00:00
cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
100%  685     0.7KB/s   00:00

How to Load Software and Make Changes

Now that you are logged into the instance, you can load software and make changes as you would with any Linux or UNIX server. When you are finished with your changes, you can create a new AMI and launch an identical copy at any time. For more information AMIs, see Creating an AMI

previous page start next page