AWS: The Easy Way To Manage EC2 From Linux

Amazon Web Services is a great way to spin up a virtual machine in the cloud using their EC2 service.  The one thing about the Amazon Console is that I'm not convinced it's the easiest way to do things... In fact it can get quite confusing sometimes, so for this little tutorial we're going to investigate managing EC2 instances using the AWS CLI.

Actually, I lied a little bit, the first part of this tutorial does start by using the AWS Web Console, but that's only because I can't find any other way to set it up via the CLI.  If you know how to do this, drop me a line.  Anyway, let's get started...

1) The first step is to get an Amazon account.  If you've ever bought something through Amazon you'll have one of these so I'm not going to tell you how to do this!

2) From there, we need to set up the accounts and keys that will allow us to securely connect, create and manage our instances.  Goto: https://console.aws.amazon.com/iam/home?#users

3) Now, click on the 'Create New Users' icon;
Create New Users

4) Then, create a new user by typing in the name you want to call it, in this case 'testuser';
Enter User Names

Then press the 'Create' button;
Create

5) At this point, you should see a screen which shows the Access Key ID and Secret Access Key for that user.  These are extremely important and should be kept safe!

Access Keys and Secret Keys

6) The next stage is to download these keys in a file and again, put somewhere safe as anyone who has these can work with your EC2 instances.  Click the 'Download Credentials' button as shown below;
Download Credentials

7) Now, we're at the stage where we have to do one more task in the console (to attach the policies we need to the user) and then we'll dive into the CLI.  First, click on the link below;

 https://console.aws.amazon.com/iam/home?region=us-east-1#users

8) Then click on the user we've just created and then click on the 'Attach Policy' button;

Attach Policy

10) You should then choose the following policies; 'AmazonEC2FullAccess' and 'AdministratorAccess' and then save it.
Policy Name

11) Finally, we are free of the GUI!  Everything else from now on comes from the Command Line...

 12) So, we're now at the stage we can actually download and install the AWS CLI for Linux and as you're probably using a recent distro, you should already Python 2.6.5 or greater installed and if so, you can simply type;

 sudo pip install awscli

13) This will perform everything you need for you to start using the CLI.  From here you can run the following to configure the CLI;

 aws configure

14) Now, at this stage you will be asked to put in the keys you downloaded earlier and also choose a default region for where your EC2 instances will live and also what the default output for CLI commands will be;
AWS Access Key ID [None]: 
AWS Secret Access Key [None]: 
Default region name [None]:Default output format [None]: 

 The options for default region are shown below;

Code
Name
ap-northeast-1 Asia Pacific (Tokyo)
ap-southeast-1 Asia Pacific (Singapore)
ap-southeast-2 Asia Pacific (Sydney)
eu-central-1 EU (Frankfurt)
eu-west-1 EU (Ireland)
sa-east-1 South America (Sao Paulo)
us-east-1 US East (N. Virginia)
us-west-1 US West (N. California)
us-west-2 US West (Oregon)
Please remember, that although any instance is available to you, the costs for spinning up an instance on each region varies, so please investigate what is more cost effective for you.

15) Now, we're ready to go.  To start off with, lets get a current list of current regions;

aws ec2 describe-regions

{
    "Regions": [
        {
            "Endpoint": "ec2.eu-central-1.amazonaws.com", 
            "RegionName": "eu-central-1"
        }, 
        {
            "Endpoint": "ec2.sa-east-1.amazonaws.com", 
            "RegionName": "sa-east-1"
        }, 
        {
            "Endpoint": "ec2.ap-northeast-1.amazonaws.com", 
            "RegionName": "ap-northeast-1"
        }, 
        {
            "Endpoint": "ec2.eu-west-1.amazonaws.com", 
            "RegionName": "eu-west-1"
        }, 
        {
            "Endpoint": "ec2.us-east-1.amazonaws.com", 
            "RegionName": "us-east-1"
        }, 
        {
            "Endpoint": "ec2.us-west-1.amazonaws.com", 
            "RegionName": "us-west-1"
        }, 
        {
            "Endpoint": "ec2.us-west-2.amazonaws.com", 
            "RegionName": "us-west-2"
        }, 
        {
            "Endpoint": "ec2.ap-southeast-2.amazonaws.com", 
            "RegionName": "ap-southeast-2"
        }, 
        {
            "Endpoint": "ec2.ap-southeast-1.amazonaws.com", 
            "RegionName": "ap-southeast-1"
        }
    ]
}

The 'strange' format it returns the data in, is JSON and this is default format.  You could also have it output as a table or plain text.

 16) Now use IAM to add the 'testuser' we created before to a new group called 'testgroup';
aws iam create-group --group-name testgroup

{
"Group": {
"Path": "/",
"CreateDate": "2015-03-07T22:27:12.110Z",
"GroupId": "AHPFJRXB4EOJSAGORC3C2",
"Arn": "arn:aws:iam::267176759287:group/testgroup",
"GroupName": "testgroup"
}
}

aws iam add-user-to-group --group-name testgroup --user-name testuser 

No comments:

Post a Comment

Subscribe to: Posts (Atom)