Amazon Elastic Compute Cloud Developer Guide API
Contents
1. API Version 2007 03 01 68 Amazon Elastic Compute Cloud Developer Guide Describelnstances lt ownersSet gt lt imagesSet gt lt item gt lt imageId gt ami 61a54008 lt imageld gt lt imageId gt ami 72 53012 lt imagelId gt lt item gt lt imagesSet gt lt DescribeImages gt Sample Response lt DescribeImagesResponse xmlns lt imagesSet gt lt item gt http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imagelId gt lt imageLocation gt aes ttylinux image manifest xml lt imageLocation gt lt imageState gt available lt imageState gt lt imageOwnerId gt UYY3TLBUXI EON5NQVUUX60MPWBZIONFM lt imageOwnerlId gt lt isPublic gt true lt isPublic gt lt productCodes gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodes gt lt item gt lt imagesSet gt lt DescribeImagesResponse gt Related Operations e DescribeInstances e DescribeImageAttribute Describelnstances The DescribeInstances operation returns information about instances owned by the user making the request An optional list of instance IDs may be provided to request information for those instances only If no instance IDs are provided information of all relevant instances information will be returned If an instance is specified that does not exist a fault is returned If an instance is specified that exists but is not owned by2. raw key bytes SecretKeySpec signingKey new SecretKeySpec key getBytes HMAC_SHA1 ALGORITHM get an hmac_shal Mac instance and initialize with the signing Mac getInstance HMAC_SHA1 ALGORITHM mac doFinal data getBytes ncodeBytes rawHmac HMAC Exception Failed to generat key Mac mac mac init signingKey compute the hmac on input data bytes byte rawHmac base64 encode the hmac result Base64 catch Exception e throw new Signature e getMessage return result Note cS You must import a base 64 Example Request encoder to perform the last step in the above method Here is a complete example request including all required parameters AWSAccessKeyId 100MXF EV71ZS32XOFTR2 amp Action DescribelImages amp SignatureVersion 1 amp Timestamp 2006 12 08T07 3A48 3A03Z amp Version 2007 01 03 amp Signature 69DSJs1z 2B0 wWJmdB77 S2BLmM0NOTrs 3D API Version 2007 03 01 42 Amazon Elastic Compute Cloud Developer Guide API Conventions API Reference Amazon EC provides two APIs SOAP and Query These APIs allow developers to launch and control instances from their own applications This section discusses the operations available in the Amazon EC2 APIs the semantics of those calls and the parameters that must be supplied Examples of requests and responses are also provided Note Es The same XML body is returned
3. C cert HKZYK TAIG2ECMXY IBH3HXV4ZB ZQ55CLO pe m N A N A N A N A ec2 descri be instances grep running cut f 2 ec2 termin ate instances i API Version 2007 03 01 115 Amazon Elastic Compute Cloud Developer Guide API Tools e ec2 delete bundle API Tools Images e ec2 register e ec2 deregister e ec2 describe images Instances e ec2 run instances e ec2 describe instances e ec2 terminate instances e ec2 confirm product instance Keypairs e ec2 add keypair e ec2 describe keypairs e ec2 delete keypair e ec2 fingerprint key Image Attributes e ec2 modify image attribute e ec2 describe image attribute e ec2 reset image attribute Security Groups e ec2 add group ec2 delete group e ec2 describe groups e ec2 authorize e ec2 revoke ec2 add group Synopsis API Version 2007 03 01 116 Amazon Elastic Compute Cloud Developer Guide Description ec2 add group GROUP d Description Description Creates a new security group named GROUP Group names must be unique per user Output A table containing the following information is returned e Output type identifier GROUP e Group name e Group description Errors are displayed on stderr Options Option Definition d Descrip Description of the group This is in tion formational only Example ec2 add group websrv d Web servers GROUP websrv Web servers See Also e CreateSecurit
4. We recommend against storing sensitive data or software on any AMI that you share Users who launch a shared AMI potentially have access to rebundle it and register it as their own Follow these guidelines to help you to avoid some easily overlooked security risks API Version 2007 03 01 14 Amazon Elastic Compute Cloud Developer Guide Sharing AMIs e Always delete the shell history before bundling If you attempt more than one bundle upload in the same image the shell history will contain your secret access key e Bundling a running instance requires your private key and X509 certificate Put these and other credentials in a location that will not be bundled such as the ephemeral store Exclude the ssh authorized keys when bundling the image The Amazon public images store the public key an instance was launched with in that instance s ssh authorized keys file It is not possible for this list to be exhaustive Build your shared AMIs carefully and consider where you might be exposing sensitive data Sharing AMIs Introduction Amazon EC2 makes it possible for users to share their AMIs with other users This section describes how to do this using the Amazon EC2 command line tools Please be sure to read the section called Building Shared AMIs which highlights the security considerations of sharing AMIs before proceeding AMIs have a launchPermission property that controls which users besides the owner are allowed t
5. tp 169 254 169 254 2007 03 01 user data Response general instances 4 instance 0O s3 bucket fred instance 1 reboot on error yes Request GET ht tp 169 254 169 254 2007 03 01 user data Response GIF89axXfgsl3qa Example of Using the AMI Launch Index Value Alice wants four instances of her favorite database AMI The first instance will be the master with the remainder acting as replicants The master database configuration specifies various database parameters the size of store say while the replicants configuration specifies different parameters replication strategy say Alice decides to provide this data as an ASCII string with delimiting the various instances data store size 123PB backup every 5min replicate every lmin replicate every 2min replicat very 10min replicate every 20min The example above breaks down as follows e store size 123PB backup every 5min defines the master database configuration e replicate every 1min defines the first replicant s configuration e Etc Alice launches her instances API Version 2007 03 01 23 Amazon Elastic Compute Cloud Developer Guide Example of Using the AMI Launch Index Value ec2 run instances ami 5bae4b32 n 4 d store size 123PB backup every 5min replicate every lmin replicate every 2min replicate every 10min rep licate every 20min RESERVATION NSTANCE NSTANCE NST
6. ec2 describe groups GROUP Description Describes the current state of each GROUP specified on the command line If no GROUPs are explicitly listed then all GROUPs owned by the current user are included in the output Output A table containing the following information is returned e Output type identifier GROUP PERMISSION e User ID of group owner e Group name e Description of the group e Firewall rule Errors are displayed on stderr Example ec2 describe groups websrv GROUP 495219933132 websrv Web servers See Also e DescribeSecurityGroups PERMISSION 495219933132 websrv ALLOWS tcp 80 80 FROM CIDR 0 0 0 0 0 API Version 2007 03 01 128 Amazon Elastic Compute Cloud Developer Guide ec2 describe image attribute e ec2 add group e ec2 delete group e ec2 authorize e ec2 revoke ec2 describe image attribute Synopsis ec2 describe image attribute AMI 1 p Description Describes an attribute for the specified AMI Output A table containing the following information is returned e Attribute type identifier e ID of the AMI of which an attribute is being described e Attribute value type or attribute list item value type e Attribute or attribute list item value Errors are displayed on stderr Options Option Definition Required Example 1 Describes the launchPermission at Choice 1 tribute p Describes the productCodes attrib Choice p ute Example
7. lt ipRanges gt lt item gt lt ipPermissions gt lt RevokeSecurityGroupIngress gt Sample Response lt RevokeSecurityGroupIngressResponse xm ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt RevokeSecurityGroupIngressResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e DeleteSecurityGroup RunInstances The RunInstances operation launches a specified number of instances A call to Runinstances is guaranteed to start no fewer than the requested minimum for each AMI specified If there is insufficient capacity available then no instances will be started Amazon EC2 will make a best effort attempt to satisfy the requested maximum values If there is capacity to cover the specified minimum values but not the maximum values then instances of each image specified will be launched in a round robin fashion As an example consider a request to launch two images A and B with minimum and maximum values of 5 10 and 20 40 respectively If there is sufficient capacity for less than 25 instances then no instances will be launched since the minimums of 5 and 20 cannot both be satisfied If there is capacity available for only 30 instances then 5 instances of A and 20 instances of B will be launched The remaining 5 instances will be allocated in round robin fashion Every instance is launched in a security group This m
8. spool my first bundle Manifest acl public read ec2cert etc aes amiutil cert ec2 pem d var run my bundle part url ht tps s3 amazonaws ie retry skipmanifest help manual API Version 2007 03 01 147 Amazon Elastic Compute Cloud Developer Guide See Also ec2 upload bundle b my s3 bucket m bundled fred manifest xml a 10QMXFEV71ZS32XQFTR2 s DMADSSfPfdaDjbK RRUhS aDrjsiZadgAUm8gRU2 d bundled Encrypting bundle manifest Completed encryption Uploading encrypted manifest Uploaded encrypted manifest to ht tp s3 amazonaws com 80 alpowell images fred manifest xml Uploading bundled AMI parts to http s3 amazonaws com 80 alpowell images Uploaded fred part 00 to ht tp s3 amazonaws com 80 alpowell images fred part 00 Uploaded fred part 01 to ht tp s3 amazonaws com 80 alpowell images fred part 01 Uploaded fred part 02 to ht tp s3 amazonaws com 80 alpowell images fred part 02 Uploaded fred part 03 to ht tp s3 amazonaws com 80 alpowell images fred part 03 Uploaded fred part 04 to ht tp s3 amazonaws com 80 alpowell images fred part 04 Uploaded fred part 05 to ht tp s3 amazonaws com 80 alpowell images fred part 05 Uploaded fred part 06 to ht tp s3 amazonaws com 80 alpowell images fred part 06 Uploaded fred part 07 to ht tp s3 amazonaws com 80 alpowell images fred part 07 Upl
9. Note EN The Amazon EC2 DHCP server ignores hostname requests If you set DHCP_HOSTNAME the local hostname will be set on the instance but not externally In addition this local hostname will be the same for all instances of the AMI which may prove confusing Enable Networking After configuring the network interface you need to ensure that networking will come up when the system is started To do this ensure that at least the following appears in mnt ec2 fs etc sysconfig network NETWORKING yes Set up Hard Drives in etc fstab Amazon EC2 provides the instance with additional local storage by way of a disk drive on dev sda2 In addition swap space is provided on dev sda3 To ensure both these are mounted at system start up time add the following lines to mnt ec2 fs etc fstab dev sda2 mnt ext3 defaults 12 dev sda3 swap swap defaults 0 0 Configure Additional Services Finally make sure that all of your required services will be started at system start up time by allocating them to the appropriate system run levels To enable the service my service on multi user and networked run levels for example execute chroot mnt ec2 fs bin sh chkconfig level 345 my service on exit API Version 2007 03 01 9 Amazon Elastic Compute Cloud Developer Guide Bundling an AMI Unmount the Loopback File Your new installation has now been successfully installed and configured to operate in the Amazon EC2 e
10. Sample Request Launch Permission lt ModifyImageAttribute xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt launchPermission gt lt add gt lt item gt lt group gt all lt group gt lt item gt lt item gt lt useriId gt 495219933132 lt userId gt lt item gt lt add gt lt launchPermission gt lt ModifyImageAttribute gt Sample Request Product Codes API Version 2007 03 01 75 Amazon Elastic Compute Cloud Developer Guide RebootInstances lt ModifyImageAttribute xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt productCodes gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodes gt lt ModifyImageAttribute gt Sample Response lt ModifyImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt ModifyImageAtt ributeResponse gt Related Operations e ResetImageAttribute e DescribeImageAttribute Rebootinstances The Reboot Instances operation requests a reboot of one or more instances This operation is asynchronous it only queues a request to reboot the specified instance s The operation will succeed provided the instances are valid and belong to the user Terminated instances will be ignored Request Parameters The following table describes the request parameters for Reboot Instances Param
11. my first bundle Manifest a gt The user s AWS access key ID Yes a access key 10QMXFEV71ZS32XQ USER FTR2 The user s AWS secret access key Yes s DMADSSfPfdaD secret key jbK RRUhS aDrjsiZadg PASSWORD AUm8gRU2 k The user s private key used to decrypt Yes k pk API Version 2007 03 01 133 Amazon Elastic Compute Cloud Developer Guide Example Option Definition Required Example privatekey the manifest HKZYK KEY TAIG2ECMX YIBH3HX V4ZBZQ55CLO pem p prefix The filename prefix for the bundled No p my image PREFIX AMI files Defaults to image d The directory into which the down No d directory loaded bundles are saved Defaults to tmp DIRECTORY the current working directory my downloaded bundle Note cS The directory must exist url URL The S3 service URL Defaults to ht No url ht tps s3 amazonaws com tps s3 amazonaws ie help Display the help message No help Example mkdir bundled ec2 download bundle b my s3 bucket m fred manifest xml a 10QMXFEV71ZS32XQFTR2 s DMADSSfPfdaDjbK RRUhS aDrjsiZadgAUm8gRU2 k pk HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO pem d bundled downloading mani to bundled imag downloading part bundled image part 00 Downloaded image downloading part bundled image part 01 o Downloaded image downloading part bundled image pa Downloaded image downloading part bundled image pa Downloaded image downloading part bundled image pa
12. 12 34 31 00 00 05 usmal compute amazonaws com tmp pk HKZYKTAIG2ECMXYIBH3HXV4ZBZ055CLO pem 100 717 0 7KB s 00 00 cert HKZYKTAIG2ECMXYIBH3HXV4ZBZ055CLO pem 100 685 0 7KB s 00 00 Note E It is important that the key and cert files are uploaded into tmp to prevent them being bundled with the new AMI You are now ready to proceed to the next step which involves bundling the volume and uploading the resulting AMI to Amazon S3 This is described in the section called Bundling an AMT Creating through a Loopback File This method entails doing a full operating system installation on a clean root file system but avoids having to create a new root disk partition and file system on a physical disk Once you have installed your operating system the resulting image can be bundled as an AMI with the ec2 bundle image utility Create a File to Host the AMI The dd utility can be used to create files of arbitrary sizes In this case make sure to create a file large enough to host the operating system tools and applications that you will install For example a baseline Linux installation requires about 700MB so your file should be at least 1GB The command below creates a file of 1024 1MB 1GB dd if dev zero of my image fs bs 1M count 1024 1024 0 records in 1024 0 records out Create a Root File System Inside the File There are several variations on the generic mkfs utility that can be used to create a file system inside
13. A security group is a named collection of access rules These access rules specify which ingress i e incoming network traffic should be delivered to your instance All other ingress traffic will be discarded A group s rules may be modified at any time The new rules are automatically enforced for all running as well as for subsequently launched instances affected by the change in rules Note Currently there is a limit of one hundred rules per group Group Membership When an AMI instance is launched it may be assigned membership to any number of groups API Version 2007 03 01 32 Amazon Elastic Compute Cloud Developer Guide Examples If no groups are specified the instance is assigned to the default group This group can be modified by you like any other group you have created Be default this group allows all network traffic from other members of the default group and discards traffic from other IP addresses and groups Group Access Rights The access rules define source based access either for named security groups or for IP addresses i e CIDRs For CIDRs you may also specify the protocol and port range or ICMP type code Examples We illustrate the use of the Amazon EC2 firewall in the following two examples Note that we use the command line tools throughout the examples The same results can be achieved using the SOAP API Default Group 1 Albert launches a copy of his favorite public AMI ec2 run
14. There are two kinds of IP addresses and DNS names associated with Amazon EC2 instances Each instance is assigned a private RFC1918 address which is allocated by DHCP This is the only address the operating system knows about This is the address that should be used when communicating between Amazon EC2 instances This address is not reachable from the Internet Additionally Amazon EC2 also provides a public Internet routable address for each instance using Network Address Translation NAT This is the address that must be used from outside the Amazon EC2 network i e the Internet Amazon EC2 also provides an internal DNS name and a public DNS name which map to the private and public IP addresses respectively The internal DNS name is only resolvable from within Amazon EC2 The public DNS name resolves to the public IP address from outside of Amazon EC2 and currently resolves to the private IP address from with Amazon EC2 Private RFC 1918 Addresses All Amazon EC2 instances are allocated a private address by DHCP These addresses come from a range defined in RFC 1918 Address Allocation for Private Internets These addresses are routable only within Amazon EC2 and are used for communication between instances This private address is associated exclusively with the instance for its lifetime It is returned to Amazon EC2 when the instance terminates You should always use the internal address when you know you are communicating b
15. Type quired imageId ID of the AMI on which the attribute Yes xsd string will be reset launchPermis Resets the AMI s launch permissions Yes ec2 EmptyElementTyp sion All public and explicit launch permis e sions for the AMI are revoked Response Tags The following table describes the default response tags included in Reset ImageAttribute responses Element Name Definition Type return true if the operation succeeded otherwise xsd boolean false Sample Request lt ResetImageAttribute xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt launchPermission gt lt ResetImageAttribute gt Sample Response API Version 2007 03 01 78 Amazon Elastic Compute Cloud Developer Guide RevokeSecurityGroupIngress lt ResetImageAttributeResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt ResetImageAttributeResponse gt Related Operations e ModifyImageAttribute e DescribeImageAttribute RevokeSecurityGroupIngress The RevokeSecurityGroupIngress operation revokes existing permissions that were previously granted to a security group The permissions to revoke must be specified using the same values originally used to grant the permission Permissions are specified in terms of the IP protocol TCP UDP or ICMP the source of the request by IP range or an Amazon EC2 user group pair source and destination port ranges for
16. groupId gt lt item gt lt groupSet gt lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instancelId gt lt imageId gt ami 6ea54007 lt imageld gt lt instanceState gt lt code gt 0 lt code gt lt name gt running lt name gt lt instanceState gt lt privateDnsName gt domU 12 31 35 00 1E 01 z 2 compute 1 internal lt privateDnsName gt T lt dnsName gt ec2 72 44 33 4 z 2 compute 1 amazonaws com lt dnsName gt lt keyName gt example key name lt keyName gt lt amiLaunchIndex gt 23 lt amiLaunchIndex gt lt productCodesSet gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodesSet gt lt item gt lt instancesSet gt lt item gt lt reservationSet gt lt DescribeInstancesResponse gt Related Operations e RunInstances e TerminatelInstances API Version 2007 03 01 70 Amazon Elastic Compute Cloud Developer Guide DescribeKeyPairs DescribeKeyPairs The DescribeKeyPairs operation returns information about keypairs available for use by the user making the request Selected keypairs may be specified or the list may be left empty if information for all registered keypairs is required Request Parameters The following table describes the request parameters for DescribeKeyPairs Parameter names are case sensitive Element Name Definition Re Type quired keySet Keypair IDs to describe Yes but xsd string may be empty
17. my image fs Typical Linux installations default to ext 2 or ext3 file systems Create an ext 3 file system by issuing the following command mke2fs F j my image fs mke2fs 1 38 30 Jun 2005 Filesystem label OS type Linux Block size 4096 log 2 Fragment size 4096 log 2 131072 inodes 262144 blocks 13107 blocks 5 00 reserved for the super user First data block 0 Maximum filesystem blocks 268435456 8 block groups API Version 2007 03 01 6 Amazon Elastic Compute Cloud Developer Guide Mount the File through Loopback 32768 blocks per group 32768 fragments per group 16384 inodes per group Superblock backups stored on blocks 32768 98304 163840 229376 Writing inode tables don Creating journal 8192 blocks done Writing superblocks and filesystem accounting information done This filesystem will be automatically checked every 24 mounts or 180 days whichever comes first Use tune2fs c or i to override Mount the File through Loopback The loopback module allows you to use a normal file as if it were a raw device In this manner you get a file system in a file Mounting a file system image file through loopback presents it as part of the normal file system You can then modify it using your favorite file management tools and utilities Create a mount point in the file system where the image will be attached and then mount the file system image as follows mkdir mnt ec2 fs mount o loop
18. 03 01 gt lt return gt true lt return gt lt CreateSecurityGroupResponse gt Related Operations e RunInstances e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress e DeleteSecurityGroup DeleteKeyPair The DeleteKeyPair operation deletes a keypair Request Parameters The following table describes the request parameters for DeleteKeyPair Parameter names are case sensitive API Version 2007 03 01 91 Amazon Elastic Compute Cloud Developer Guide DeleteSecurityGroup Element Name Definition Re Type quired KeyName Name of the keypair to delete Yes string Response Tags The following table describes the default response tags included in DeleteKeyPair responses Element Name Definition return true if the key was successfully deleted Sample Request https ec2 amazonaws com Action DeleteKeyPair amp KeyName example key nam amp auth parameters Sample Response lt DeleteKeyPair xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt DeleteKeyPair gt Related Operations e CreateKeyPair e DescribeKeyPairs DeleteSecurityGroup The DeleteSecurityGroup operation deletes a security group If an attempt is made to delete a security group and any instances exist that are members of that group a fault is returned Request Parameters The following table describes the request parameters for DeleteSecurityGroup Paramete
19. 112 Amazon Elastic Compute Cloud Developer Guide Terminatelnstances The following table describes the default response tags included in TerminateInstances responses Element Name Definition Type instancesSet A complex type containing describing the ec2 TerminateInstances current and new state of each instance spe ResponselInfoType cified Sample Request https ec2 amazonaws com Action TerminateInstances amp Instanceld 1 i 2ea64347 amp Instanceld 2 i 21a64348 amp auth parameters Sample Response lt TerminateInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instanceld gt lt shutdownState gt lt code gt 32 lt code gt lt name gt shutting down lt name gt lt shutdownState gt lt previousState gt lt code gt 16 lt code gt lt name gt running lt name gt lt previousState gt lt item gt lt item gt lt instancelId gt i 21a64348 lt instanceld gt lt shutdownState gt lt code gt 32 lt code gt lt name gt shutting down lt name gt lt shutdownState gt lt previousState gt lt code gt 16 lt code gt lt name gt running lt name gt lt previousState gt lt item gt lt instancesSet gt lt TerminateInstancesResponse gt Related Operations e DescribeInstances API Version 2007 03 01 113 Amazon Elastic Compute Cloud Developer Guide Introduction Command Line Tools Refer
20. Action Version AWSAccessKeyld Timestamp Description Indicates the action to perform The API version to use as specified in the WSDL The Access Key ID for the request sender This identifies the account which will be charged for usage of the ser vice The account with which the Access Key ID is asso ciated must be signed up for EC2 or requests will not be accepted The date and time at which the request is signed in the format YY YY MM DDThh mm ssZ as specified in the ISO 8601 standard Example Value RuniIn stances 2007 03 0 1 LOQMXFEV7 1ZS32XOFT R2 2006 07 0 7715 04 5 ER API Version 2007 03 01 84 Amazon Elastic Compute Cloud Developer Guide By Function Parameter Name Description Example Value Expires The date and time at which the signature included in the 2006 07 0 request expires in the format YYYY 7715 04 5 MM DDThh mm ssZ as specified in the ISO 8601 stand ez ard Signature A request signature is calculated as explained in Request Qn Authentication pl4Qk 7tI NHz fX CiT7VbBat DA SignatureVersion A value of 0 or 1 indicates the method chosen to con 1 struct the string to be signed Currently only a value of 1 is valid Note E The Timestamp parameter can be used instead of Expires Requests must include either Timestamp or Expires but cannot contain both Parameter values must be URL encoded This is true for any Query parameter passed to EC2 and is typic
21. Compute Cloud Developer Guide Example Option Definition Required Example The destination directory must exist help Display the help message No help Example mkdir unbundled ec2 unbundle m fred manifest xml s bundled d unbundled cat bundled fred part 00 bundled fred part 01 bundled fred part 02 bundled fred part 03 bundled fred part 04 bundled fred part 05 bundled fred part 06 bundled fred part 07 bundled fred part 08 bundled fred part 09 bundled fred part 10 bundled fred part 11 bundled fred part 12 bundled fred part 13 bundled fred part 14 openssl enc d aes 128 cbc K a8fbe9586b7 d3d 893b237F88e351a9 iv 121lfebdf64b0322cd4ffda03aalab535 zip gt unbundled fred img Unbundle complete ls 1 unbundled total 1025008 rw r r 1 root root 1048578048 Aug 25 23 46 fred img See Also e ec2 bundle image e ec2 bundle vol e ec2 upload bundle e ec2 download bundle e ec2 delete bundle ec2 upload bundle Synopsis ec2 upload bundle b S3 BUCKET m MANIFEST PATH a AWS ACCESS KEY ID s AWS SECRET KEY acl ACL ec2cert PATH d DIRECTORY part PART url URL retry skipmanifest Description Upload a bundled AMI to S3 storage Output Status messages indicating the various stages of the upload process are displayed Options API Version 2007 03 01 146 Example Amazon Elastic Compute Cloud Developer Guide cS Note Note that this tool does not
22. DescribeImageAttribute gt Sample Response Launch Permission lt DescribeImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt launchPermission gt lt item gt lt group gt all lt group gt lt item gt lt item gt API Version 2007 03 01 66 Amazon Elastic Compute Cloud Developer Guide Describelmages lt userId gt 495219933132 lt userlId gt lt item gt lt launchPermission gt lt DescribeImageAtt ributeResponse gt Sample Request Product Codes lt DescribeImageAttribute xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imagelId gt lt productCodes gt lt DescribeImageAttribute gt Sample Response Product Codes lt DescribeImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt productCodes gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodes gt lt DescribeImageAttributeResponse gt Related Operations e DescribeImages e ModifyImageAttribute e ResetImageAttribute Describelmages The DescribeImages operation returns information about AMIs available for use by the user This includes both public AMIs those available for any user to launch and private AMIs those owned by the user making the request and those owned by other users that the user making the request has exp
23. How can I determine if a public AMI is paid By describing images ec2dim An AMI is a paid AMI if a product code is returned Example run ec2dim a amazon and the AMI ami bd9d78d4 will be returned with a product code A79ECODB Is there anything that prevents a paid AMI from being rebundled How can this be restricted Paid AMIs are comparable to shared AMIs with regards to rebundling and trying to restrict rebundling If you allow a user running the AMI to see all of its contents the user could rebundle these into their own AMI For more information review the following sections of this guide Building Shared AMIs Sharing AMIs Using Shared AMIs Why can t I query a particular AMI s attributes to see if the AMI is paid Only the owner of an AMI can query the AMI attributes However anyone can tell if an AMI is paid by describing images ec2dim An AMI is paid if a product code is returned Example run ec2dim a amazon and the AMI with ID ami bd9d78d4 will be returned with a product code A79ECODB Who can use the confirm product instance command Only the owner of the AMI can use this command Owners use this command with supported AMIs to determine if a supported instance with a given product code attached is up and running Miscellaneous Are there any special requirements to use FTP The File Transfer Protocol FTP has a PORT command by which a client sends its address back to the server The server then connects to the
24. Si WA Ase acca sen 104 Registerlmage seii ee ee eeaeee ae aR E EE E ae PE TE eE E 105 ResetlmageAttri bute cc cccccccccs cisscestevtes sie cvepscnevs cs sessnevs crostet essre tonet essipessi 106 RevokeSecurityGroupIngress eee ceseeeceseeeeceeeeesceseeeeecseseaecaeesaecseesaeenees 107 RUD INStAN COS seg neee Sege secs eier deeg tele E EES 109 Terminate Instances siirre i E onua e E Eo EE EISEN Ea 112 Command Line Tools Reference ss ccisssccesdessesvess sessg cuoeh scpie od sub eee a Ose OEE OSEE REENE TEESE SPE EE oiera 114 By BUnGton e Siti nig Be hee EE Roh ed ae 115 E EU EE 116 ec2 confirm product instance cceseesececceseceeceseeesceseeeeceseeeeceseeeeeeneeesecaeeeaeensesaeenees 117 OC2 add Key panty sii ssssesbessesysstidedssassssabtesescoageiasascas sebiessssavseisdsssasscassseyieassedspascsaseeseescs 118 OC 22AUtHOLIZE ee sds oder Eege Eeer Wa detente Sete red 119 GE E 121 E UE EE 122 OC2 delete Dundle is secscsssssvctesscsseusbesissesssctaditascsatissenicheses Eao K rarae Ea EEEE ra aaa EES 124 c 2 dElete BOUP eri innra Ate esheets dee EE E EE EA Ni Atos esos 126 C2 delete key EE 127 CC2 CETERISLER oo occs ec rodscBees siccsvecospesins teste dE Ger R E E EEEREN 127 GE EE 128 e 2 deserl E ale 129 ec2 describe mages nenea ee a r ites is Sih ates Rens iei Eao ira 130 Gen 131 6C2 d scribe keypars Eeer Ee Eed eer 132 e 2 download bundle ssicciscssssivscesaseadsshan sgssdess tu ckeapsasussey abessuspepascapncbun E
25. SourceSecurityGroupOwnerId must be specified When authorizing a CIDR IP permission GroupName IpProtocol FromPort ToPort and CidrIp must be specified Mixing these two types of parameters is not allowed Request Parameters The following table describes the request parameters for AuthorizeSecurityGroupIngress Parameter names are case sensitive Element Name Definition Re Type quired GroupName Name of the group to modify Yes string SourceSecur Name of security group to authorize ac When string ityGroupName cess to when operating on a user group author pair izing user group pair per mission SourceSecur Owner of security group to authorize ac When string API Version 2007 03 01 86 Amazon Elastic Compute Cloud Developer Guide AuthorizeSecurityGroupIngress Element Name Definition Re Type quired ityGroupOwn cess to when operating on a user group author erlId pair izing user group pair per misison IpProtocol IP protocol to authorize access to when When string operating on a CIDR IP Valid values are author tcp udp and icmp izing CIDR IP per mission FromPort Bottom of port range to authorize access When int to when operating on a CIDR IP This author contains the ICMP type if ICMP is being izing authorized CIDR IP per mission ToPort Top of port range to authorize access to When int when operating on a CIDR IP This con author tains the ICMP code if ICMP is being izing au
26. TCP and UDP and ICMP codes and types for ICMP Note EN Changes are anticipated in this API that may restrict further what is allowable Please consult the section called Anticipated API changes for more details Permission changes are propagated to instances within the security group being modified as quickly as possible However a small delay is likely depending on the number of instances that are members of the indicated group Request Parameters The following table describes the request parameters for RevokeSecurityGroupIngress Parameter names are case sensitive Element Name Definition Re Type quired userId AWS Access Key ID Yes xsd string groupName Name of the group to modify Yes xsd string ipPermissions Set of permissions to remove from the Yes ec2 IpPermissionTyp group e Response Tags The following table describes the default response tags included in RevokeSecurityGroupIngress responses Element Name Definition Type return true if permissions successfully revoked xsd boolean API Version 2007 03 01 79 Amazon Elastic Compute Cloud Developer Guide RunInstances Sample Request lt RevokeSecurityGroupiIngress xmlns http ec2 amazonaws com doc 2007 03 01 gt lt userlId gt lt groupName gt RangedPort sBySource lt groupName gt lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 6000 lt fromPort gt lt toPort gt 7000 lt toPort gt lt groups gt
27. The following table describes the request parameters for ModifyImageAttribute Parameter names are case sensitive Element Name ImageId Attribute OperationType UserId n UserGroup n ProductCode n Attributes Definition AMI Id to modify an attribute on Specifies the attribute to modify See the attributes table below for supported at tributes Specifies the operation to perform on the attribute See the attributes table below for supported operations for attributes Currently only add and remove are sup ported This parameter is not required for the ProductCodes attribute User ids to add to or remove from the launchPermission attribute User groups to add to or remove from the LaunchPermission attribute Cur rently only the a11 group is available specifiying all Amazon EC2 users Attaches product codes to the AMI Cur rently only one product code may be as sociated with an AMI Once set the product code can not be changed or re set Re Type quired Yes string Yes string Yes string Not for Product Codes With string launch Per mis sion at tribute With string launch Per mis sion at tribute With string pro duct Codes attribute API Version 2007 03 01 103 Amazon Elastic Compute Cloud Developer Guide RebootInstances Attribute Name Description Supported Oper ations launchPermission Modifies the AMI s launch permissions add rem
28. appserver d Mary s app server GROUP appserver Mary s app server then starts twenty instances as members of this group ec2run ami e3a5408a n 20 g appserver and grants network access between her web server group and the application server group ec2 authorize appserver o apache u 598916040194 GROUP appserver PERMISSION appserver ALLOWS all FROM USER 598916040194 GRPNAME apache She checks to ensure access to her app server is indeed restricted by port scanning one of the app servers nmap P0 p1 100 domU 12 31 33 00 03 D1l usmal compute amazonaws com Starting nmap 3 81 http www insecure org nmap at 2006 08 07 15 42 SAST All 100 scanned ports on domU 12 31 33 00 03 D1 usmal compute amazonaws com 216 182 228 12 are filtered Nmap finished 1 IP address 1 host up scanned in 31 008 seconds 3 To confirm that her web servers have access to her application servers she needs to do a little extra work a She temporarily grants SSH access from her workstation to the web server group ec2 authorize apach P tep p 22 s 192 168 1 130 32 b She logs in to one of her web servers and connects to an application server on TCP port 8080 telnet domU 12 31 33 00 03 Dl usmal compute amazonaws com 8080 Trying 216 182 228 3120 Connected to domU 12 31 33 00 03 D1 usmal compute amazonaws com 216 182 228 12 Escape character is LAJA c Satisfied with the setup she revokes SSH
29. can interact with them as you would any machine Best Practices Here are some suggestions for making the best use of Amazon EC2 instances e Do not rely on an instance s local storage for valuable long term data Instances can fail and when they fail the data on the local disk is lost You should use a replication strategy across multiple instances to keep your data safe or store your persistent data in Amazon S3 e Define images based on the type of work your instances perform For internet applications you may choose to define one image for database instances and one image for your webservers Image creation and storage are cheap and easy operations Individualize and customize as necessary Keeping your images specialized will mean that the resulting AMIs can be smaller Smaller AMIs will boot considerably faster e Monitor the health of your instances Make your instances work for you by monitoring each other You may choose to create an image which contains one of the various open source monitoring tools such as Nagios or OpenNMS Each worker instance based on your other images might then report its health to your monitoring instance e Keep your Amazon EC2 firewall permissions as restrictive as possible Only open up permissions you need to open Use separate groups to deal with instances that have different network ingress requirements Consider using additional security measures inside your instance including your own firewall If
30. default response tags included in Get ConsoleOutput responses Element Name Definition instanceId The instance ID timestamp The time the output was last updated output The console output Base64 encoded Sample Request Type xsd string xsd dateTime xsd string lt GetConsoleOutput xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancelId gt i 28a64341 lt instancelId gt lt GetConsoleOutput gt Sample Response lt GetConsoleOutputResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instanceId gt i 28a64341 lt instanceld gt lt timestamp gt 2007 01 03 15 00 00 lt timestamp gt lt output gt TGludxggdmVyc21vbiAyLjJYuMTYteGVuVSAoYnVpbG SkgKGdj YyB2ZXJzaW9uIDOQUMC4 xIDIWwMDUWNzI3IChSZWOgSGF0IDQUMC dCAyNiAwODoOMToyNiBTOVNUIDIWMDYKOk1PUylwcm92aWR1ZC RlckBwYXRjaGJhdC5ShbWF 6b25zyY 4xLTUpKSAJMSBTTVAgVGh1IE94 BwaH1zaWNhbCBSQUOgbWEwOgpY ZW4 6 IDAWMDAwMDAWMDAwMDAwMDAgLSAwMDAWMDAWMDZhHNDAWMDAwICh1c2FibGUpC jk4ME1CIEhJ ROhHNRUOgYXZhaWxhYmx1lLgo3MjdNQiBMT1dNRUOgYXZhaWxhYmx1LgpOWCAoRXh1Y3VOZSBEaXNh Ymx1KSBwcm90ZWNOaW9u0iBhY 3RpdmUKSVJRIGXKVY2t1CcCBkZxX bHOGMSB6b251bG1zdHMKS2VybmVsIGNvbWlhbmQgbGluZTogem bmF ibGluZyBmYXNOTEZOVSBzYXZ1LIGFuZCByZXNOb3JU1Li4uIG lt GetConsoleOutputResponse gt ModifylmageAttribute RLY3Rpb24gZG1zYWJIJsZWOKOnVp 9vdDOVZGV2L3NkKYTEgcm8gNApF RvbmUuCg lt output gt The ModifyImageAttribute operation modifies an attribute of an AMI At
31. describes the default response tags included in TerminateInstances responses Element Name Definition Type instancesSet A complex type containing describing the ec2 TerminateInstances current and new state of each instance spe ResponselInfoType cified Sample Request lt TerminateInstances xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instanceld gt API Version 2007 03 01 83 Amazon Elastic Compute Cloud Developer Guide EC2 Query API lt item gt lt instancesSet gt lt TerminateInstances gt Sample Response lt TerminateInstancesRespons lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instancelId gt lt shutdownState gt lt code gt 32 lt code gt lt name gt shutting down lt name gt lt shutdownState gt lt previousState gt lt code gt 16 lt code gt lt name gt running lt name gt lt previousState gt lt item gt lt instancesSet gt lt TerminateInstancesResponse gt Related Operations e DescribeInstances EC2 Query API xmlns http ec2 amazonaws com doc 2007 03 01 gt The Amazon EC2 API consists of web service operations for every task the service can perform This section describes each operation in detail Common Query Parameters Request Parameters All Query operations share a set of common parameters that must be present in each call Parameter Name
32. for more information on instance address ing Re Type quired No string No string The following table describes the default response tags included in RunInstances responses Element Name RunInstances Response Sample Request Definition Type Status information about the instances started ec2ReservationInfoType https ec2 amazonaws com Action RunInstances amp ImageId ami 60a54009 amp MaxCount 3 amp MinCount 1 amp AddressingType public amp auth parameters Sample Response lt RunInstancesRespons lt reservationId gt r 47a5402e lt reservationId gt lt ownerId gt 495219933132 lt ownerId gt lt groupset gt lt item gt lt grouplId gt default lt groupId gt lt item gt lt groupSet gt lt instancesSet gt lt item gt lt instanceld gt i 2ba64342 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt xmlns http ec2 amazonaws com doc 2007 03 01 gt API Version 2007 03 01 111 Amazon Elastic Compute Cloud Developer Guide Terminatelnstances lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt item gt lt item gt lt instanceld gt i 2bc64242 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt l
33. in openssh key format GET ht tp 169 254 169 254 2007 03 01 meta data public keys 0 openssh key Get product codes GET ht tp 169 254 169 254 2007 03 01 meta data product codes Retrieving User Data Example domU 12 34 31 00 00 05 usmal compute amazo naws com Request GET ht tp 169 254 169 254 2007 03 01 meta data public keys Response O my public key Request GET ht tp 169 254 169 254 2007 03 01 meta data public keys 0 Response openssh key Request GET ht tp 169 254 169 254 2007 03 01 meta data public keys 0 openssh key Response ssh rsa AAAA wZEf my public key Request GET ht tp 169 254 169 254 2007 03 01 meta data product codes Response 774F4FF8 Requests for the user data returns the data as is content type application x octetstream Note US As mentioned previously all user supplied data is treated as opaque data what you give us is what you get back It is thus the responsibility of the instance to interpret this data appropriately API Version 2007 03 01 22 Amazon Elastic Compute Cloud Developer Guide Example of Using the AMI Launch Index Value Resource amp URI Examples Request Get the user supplied data GET ht eae ie tp 169 254 169 254 2007 03 01 user tp 169 254 169 254 2007 03 01 user 53 data Response 1234 fred reboot true 4512 jimbo LAB EN Request GET ht
34. it was launched with in the new image unless you explicitly clear out or delete the authorized_keys file You can also exclude this file from rebundling Disable sshd DNS Checks This is an optional step It slightly weakens your sshd security although not significantly but ensures that should DNS resolution fail ssh logins will still work If you leave this setting at its default DNS resolution failures will prevent logins altogether To disable password based logins for root edit the etc ssh sshd_config file and find and change the following line UseDNS yes to this UseDNS no The location of this configuration file may differ for your distribution or if you re not running OpenSSH Consult the relevant documentation if this is the case Identify Yourself Currently there is no easy way of knowing who provides a shared AMI All you are presented with is a numeric user id We suggest that you post a description of your ami and the ami id in the Amazon EC2 developer forum This will provide users interested in trying new shared AMIs with a central location to find information about those AMIs We are working on making it easier to share and find new AMIs Protect Yourself We have looked at making shared AMIs safe secure and useable for the users who launch them but if you publish a shared AMI you should also take steps to protect yourself against the users of you AMI This section looks at steps you can take to do this
35. key nam amp auth parameters Sample Response lt DescribeKeyPairsResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keySet gt lt item gt lt keyName gt example key name lt keyName gt API Version 2007 03 01 99 Amazon Elastic Compute Cloud Developer Guide DescribeSecurityGroups lt keyFingerprint gt 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f 5 f1 6f lt keyFingerprint gt lt item gt lt keySet gt lt DescribeKeyPairsResponse gt Related Operations e CreateKeypair e DeleteKeypair e RunInstances DescribeSecurityGroups The DescribeSecurityGroups operation returns information about security groups owned by the user making the request An optional list of security group names may be provided to request information for those security groups only If no security group names are provided information of all security groups will be returned If a group is specified that does not exist a fault is returned Request Parameters The following table describes the request parameters for DescribeSecurityGroups Parameter names are case sensitive Element Name Definition Re Type quired GroupName n List of security groups to describe No string Response Tags The following table describes the default response tags included in DescribeSecurityGroups responses Element Name Definition Type security Information about security groups ec2 SecurityGroupItemT GroupInfo vpell S
36. lt ds Reference gt lt ds Reference URI id 15778003 gt lt ds Transforms gt lt ds Transform Al gorithm http www w3 org 2001 10 xml exc cl14n gt lt ds Transform gt lt ds Transforms gt lt ds DigestMethod Al gorithm http www w3 org 2000 09 xmldsig shal gt lt ds DigestMethod gt gorithm h ATA API Version 2007 03 01 38 Amazon Elastic Compute Cloud Developer Guide Understanding Responses lt ds DigestValue gt HhRbxBBmc200348 f 8nLNZyo4A0M lt ds DigestValue gt lt ds Reference gt lt ds SignedInfo gt lt ds SignatureValue gt bmVx24Qom4kd900tc1lxWI1lgLk4QsQBPaKESi79x479xgbO9PESt XMiHZuB Ai9luuKdNTcfQ8UE d 3 JHKZKEQR CO1LLVy0Dn5ZL1R1MHsv OzJzzvIJFTQ3LOKNrzJzsNe lt ds SignatureValue gt lt ds KeyInfo Id KeyId 17007273 gt lt wsse SecurityTokenReference xm lns wsu http docs oasis open org wss 2004 01 0oasis 200401 wss wssecurity u tility 1 0 xsd wsu Id STRId 22438818 gt lt wsse Reference URI CertId 1064304 ValueType http docs oasis open org wss 2004 01 0oasis 200401 wss x509 token profile 1 0 X509v3 gt lt wsse Reference gt lt wsse SecurityTokenReference gt lt ds KeyInfo gt lt ds Signature gt lt wsu Timestamp xm lns wsu http docs oasis open org wss 2004 01 0oasis 200401 wss wssecurity u tility 1 0 xsd wsu Id id 17984263 gt lt wsu Created gt 2006 06 09T10 57 352 lt wsu Created gt lt wsu Expires gt 2006 06 09T11 02 352 lt wsu
37. my image fs mnt ec2 fs Prepare for the Installation Before the operating system installation can proceed some basic files have to be created and prepared on the newly created root file system Create dev Create a dev directory and populate it with a minimal set of devices you can ignore the errors in the output mkdir mnt ec2 fs dev sbin MAKEDEV d mnt ec2 fs dev x console EV mkdir File exists EV mkdir File exists EV mkdir File exists in MAKEDEV d mnt ec2 fs dev x null EV mkdir File exists EV mkdir File exists EV mkdir File exists in MAKEDEV d mnt ec2 fs dev x zero EV mkdir File exists EV mkdir File exists EV mkdir File exists pp a a D D D H H H H H H 8 ess dess dese PE Create ete Create an etc directory mkdir mnt ec2 fs etc Create mnt ec2 fs etc fstab and add the following entries to it dev sdal ext3 defaults I 2 none dev pts devpts gid 5 mode 620 0 0 none dev shm tmpfs defaults 0 0 none proc proc defaults 0 0 none sys sysfs defaults 0 0 API Version 2007 03 01 7 Amazon Elastic Compute Cloud Developer Guide Create yum xen conf Create yum xen conf Create a temporary yum configuration file that will ensure all the required basic packages and utilities are installed This configuration file can be created anywhere on your main file system but for now we ll
38. not val id Specified instance ID does not exist Specified keypair name does not exist API Version 2007 03 01 45 Amazon Elastic Compute Cloud Developer Guide Summary of Client Error Codes Error Code Inval idKeyPair Dupli cate Invalid Group NotFound Invalid Group Duplicate Invalid Group InUse Invalid Group Reserved InvalidParamet erValue InvalidPermis sion Duplicate InvalidPermis sion Malformed InvalidReserva tionID Malforme d InvalidReserva tionID NotFound InstanceLimi tExceeded InvalidPara meterCombina tion Invalid UserID Malforme d InvalidAMIAt tributeItem Value UnknownParamet er Definition Attempt to create a duplicate keypair Specified group name does not exist Attempt to create a duplicate group Specified group can not be de leted because it is in use Specified group name is a re served name The value supplied for a para meter was invalid Attempt to authorize a permis sion that has already been au thorized Specified permission is invalid Specified reservation ID is in valid Specified reservation ID does not exist User has max allowed concur rent running instances RunInstances was called with minCount and maxCount set to 0 or minCount gt maxCount The user ID is neither in the form of an AWS account ID or one of the special values accep ted by
39. part part part part part part part part part Generating digests for each part Digests generated Creating bundle manifest Bundle Imag See Also complet e ec2 bundle vol e ec2 unbundle e ec2 upload bundle e ec2 download bundle e ec2 delete bundle ec2 bundle vol Synopsis ec2 bundle vol k PRIVATE KEY u USER ID c EC2 CERT s SIZE d DESTINATION DIR Description e EXLCUDE DIR 1 EXCLUDE DIR 2 VOLUME ec2cert PATH p AMI PREFIX v Create a bundled AMI by taking a snapshot of the local machine s root file system compressing API Version 2007 03 01 122 Amazon Elastic Compute Cloud Developer Guide Output encrypting and signing the snapshot Output Status messages indicating the various stages of the bundling process are displayed Options Note cS Note that this tool does not support the common arguments Option Definition Required Example k The path to the user s PEM encoded Yes k pk privatekey RSA key file HKZYK KEY TAIG2ECMX YIBH3HX V4ZBZQ55CLO pem c cert The user s PEM encoded RSA public Yes c cert EC2 CERT key certificate file HKZYK TAIG2ECMX YIBH3HX V4ZBZQ55CLO pem u user The user s EC2 user ID a k a AWS Yes u 123456789 USER account number s size The size in MB 1024 1024 bytes No s 2048 SIZE of the image file to create The maxim um size is 10240 MB Defaults to 10240 d The di
40. succeeded otherwise false API Version 2007 03 01 93 Amazon Elastic Compute Cloud Developer Guide DescribelmageAttribute Sample Request https ec2 amazonaws com Action DeregisterImag amp ImageId ami 61a54008 amp auth parameters Sample Response lt DeregisterImageResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt DeregisterImageResponse gt Related Operations e Registerlmage e DescribeImages DescribelmageAttribute The DescribeImageAttribute operation returns information about an attribute of an AMI Only one attribute may be specified per call Request Parameters The following table describes the request parameters for DescribeImageAttribute Parameter names are case sensitive Element Name Definition Re Type quired ImageId Id of the AMI for which an attribute will Yes string be described Attribute Specifies the attribute to describe Cur Yes string rently only launchPermission is sup ported Attributes Attribute Name Description launchPermission The AMIs launch permissions productCodes The product codes attached to the AMI Response Tags The following table describes the default response tags included in DescribeImageAttribute responses API Version 2007 03 01 94 Amazon Elastic Compute Cloud Developer Guide DescribelmageAttribute Element Name Definition Type imageId ID of the AMI being described xsd string la
41. the owner or execut ableBy flags in the De scribeImages call The value of an item added to or removed from an image at tribute is invalid An unknown or unrecognized parameter was supplied Notes Requests that could cause this error include for example supplying an invalid image attribute to the DescribeImageAttrib ute request or an invalid version or en coding value for the userData ina Run Instances request Each user has a concurrent running instance limit For new users during public beta this limit is 20 If you are specifying a userId check that it is in the form of an AWS account ID Requests that could cause this error include for example supplying a misspelt paramet er or a parameter that is not supported for API Version 2007 03 01 46 Amazon Elastic Compute Cloud Developer Guide Summary of Server Error Codes Error Code Definition Summary of Server Error Codes Error Code Intern alError Insuffi cientIn stance Capacity Unavail able Definition Internal Error Not enough available instances to satisfy your minimum request Indicates the server is overloaded and cannot handle request Common Data Types Notes the specific API version being used Notes Should not occur Please let us know Try to re produce You can lower your request or wait for additional capacity to become available The Amazon EC2 API contains several data types
42. the user has not subscribed the RuniInstances call will fail Request Parameters The following table describes the request parameters for RunInstances Parameter names are case sensitive Element Name Definition Re Type quired instancesSet Description of the instances to launch Yes ec2 RunInstanceItem Type groupSet Description of the security groups to as Yes ec2 GroupSetType sociate the instances with userData The user data available to the launched No ec2 UserDataType instances addressingType The addressing scheme with which to No xsd string launch the instance The supported ad dressing type is public For the public scheme the instance has a private and public IP address that are mapped through NAT See the section called Instance Addressing for more informa tion Note SS To support our legacy cluster early beta custom ers can also specify dir ect In the direct scheme the instance has a single public IP address Response Tags The following table describes the default response tags included in RunInstances responses API Version 2007 03 01 81 Amazon Elastic Compute Cloud Developer Guide RunInstances Element Name Definition Type RunInstances Status information about the instances started ReservationInfoType Response Sample Request lt RunInstances xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt lt item gt lt imageId gt ami 60a54009 lt
43. the user making the request then that instance will not be included in the returned results Recently terminated instances will be included in the returned results for a small interval subsequent to their termination This interval is typically of the order of one hour Request Parameters The following table describes the request parameters for DescribeInstances Parameter names are case sensitive Element Name Definition Re Type quired instancesSet Set of instances IDs to get the status of Yes but xsd string may be empty API Version 2007 03 01 69 Amazon Elastic Compute Cloud Developer Guide DescribeKeyPairs Response Tags The following table describes the default response tags included in DescribeInstances responses Element Name Definition Type reservationSet A list of structures describing the status of all ec2 ReservationInfoTyp requested instances e Sample Request lt DescribeInstances xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instancelId gt lt item gt lt instancesSet gt lt DescribeInstances gt Sample Response lt DescribeInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt reservationSet gt lt item gt lt reservationId gt r 44a5402d lt reservationId gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerId gt lt groupset gt lt item gt lt groupld gt default lt
44. this attribute cannot be changed or removed PROMPT gt ec2 modify image attribute ami 5bae4b32 product code 774F4FF8 productCodes ami 5bae4b32 productCode 774F4FF8 No extra parameters are required for the run instances call The instance will be charged according to the rates set by the owner of the product API Version 2007 03 01 27 Amazon Elastic Compute Cloud Developer Guide Using Get Console Output and Reboot Instances ec2 run instances ami 5bae4b32 INSTANCE i 10a64379 ami 5bae4b32 pending A product owner can confirm that an instance qualifies for support by calling ec2 confirm product instance Given a product code and an instance ID this command returns true to indicate the instance is running with the specified product code You must own the product code passed to the ec2 confirm product instance command PROMPT gt ec2 confirm product instance 6883959E i i 10a64379 6883959E i 10a64379 true 495219933132 Billing for Paid and Supported AMIs At the end of each month you will receive a bill for any paid or supported AMIs for which you signed up This bill is separate from your regular Amazon Amazon EC2 bill Using Get Console Output and Reboot Instances Introduction Amazon EC2 instances don t have a physical monitor to display their console output on They also don t have physical controls to allow them to be powered up rebooted or shutdown Instead these actions are enabled through the EC2 SOAP and Quer
45. version of the request begins with the following lt SOAP ENV Envelope xm Ins SOAP ENV http schemas xmlsoap org soap envelope gt lt SOAP ENV Header gt lt wsse Security xm Ins wsse http docs oasis open org wss 2004 01 oasis 200401 wss wssecurity secext 1 0 xsd gt lt wsse BinarySecurityToken xm lns wsu http docs oasis open org wss 2004 01 0oasis 200401 wss wssecurity u tility 1 0 xsd Encoding Type http docs oasis open org wss 2004 01 oasis 200401 wss soap message s curity 1 0 Base64Binary ValueType http docs oasis open org wss 2004 01 oasis 200401 wss x509 token profile 1 0 X509v3 wsu Id CertId 1064304 gt many many lines of base64 encoded X 509 certificate lt wsse BinarySecurityToken gt lt ds Signature xmlns ds http www w3 org 2000 09 xmldsig gt lt ds SignedInfo gt lt ds CanonicalizationMethod Al gorithm http www w3 org 2001 10 xml exc cl4n gt lt ds CanonicalizationMethod ds SignatureMethod Al tp www w3 org 2000 09 xmldsig rsa shal gt lt ds SignatureMethod gt ds Reference URI id 17984263 gt lt ds Transforms gt lt ds Transform Al gorithm http www w3 org 2001 10 xml exc cl1l4n gt lt ds Transform gt lt ds Transforms gt lt ds DigestMethod Al gorithm http www w3 org 2000 09 xmldsig shal gt lt ds DigestMethod gt lt ds DigestValue gt 0pjZ1 TvgPf6uG7o0tYp312YdGZ4 lt ds DigestValue gt
46. xml 100 693 kB 00 00 comps xml 100 693 kB 00 00 Setting up repositories Reading repository metadata in from local files primary xml gz 100 824 kB 00 00 base Dt dd dd dd dd dd dd RHEE EEREEE REE REAR EERE 2772 2772 Added 2772 new packages deleted 0 old in 15 32 seconds primary xml gz 100 824 kB 00 00 updates re FHHEHEEEEEEREEREEEREERREEEREEREEEEEERHEEEPEERRE ER HEE 2772 2772 Added 2772 new packages deleted 0 old in 10 74 seconds Complete Congratulations API Version 2007 03 01 8 Amazon Elastic Compute Cloud Developer Guide Configure the Installed Operating System You now have a base installation in the image file you ve created The next steps are to configure the installation to operate inside Amazon EC2 and to customize the installation for your use Configure the Installed Operating System The base operating system has now successfully been installed You must now configure the networking and hard drives to work in the Amazon EC2 environment Configure the Network Interface The Amazon EC2 environment provides a networking interface card that needs to be configured to provide external network access for the running instance Edit or create the following file mnt ec2 fs etc sysconfig network scripts ifcfg eth0 making sure it contains at least the following information EVICE eth0 OOTPROTO dhcp NBOOT yes YPE Ethernet SERCTL yes ERDNS yes PV6INIT no HUGCHOWD
47. you need to login interactively ssh consider creating a bastion security group that allows external login while the remainder of your instances are in a group that does not allow external login API Version 2007 03 01 18 Amazon Elastic Compute Cloud Developer Guide Using Instance Data Using Instance Data Introduction Amazon EC2 instances may access instance specific metadata as well as data supplied when launching the instances This data can be used to build more generic AMIs e g behavior could be modified by configuration files supplied at launch time Example Scenario Perhaps you run web servers for various Mom and Pop stores All the instances use the same AMI At launch time you could specify which Amazon S3 bucket the AMI should retrieve its content from This allows you to launch multiple Mom and Pop sites serving different content using the same AMI by doing the following e Create an Amazon S3 bucket e Place your content in the Amazon S3 bucket e Launch an instance of your web server AMI specifying the Amazon S3 bucket containing the web content Categories of Available Data The data available to instances is categorized into metadata This data is specific to an instance Currently we provide Data Description Version Intro duced ami id The AMI id the instance was launched with 1 0 ami manifest path The manifest path of the AMI the instance was 1 0 launched with ami launch index The index of this in
48. 14030 1X 0f 2UcPOKCOVUR 4x71Sg 5AU52EQOfanIn3Z081FW7Edp5a3q4DhjGLUKToHVbicL5E g45zfB9I5wlyywwWZfeW UUF 3LpGZyq ebIULqlqTbHkLbCC2r7RTn8vpOQWp47BGVYGt GSBMpTRP 5hnbzzuqj3itkiLHjU39S2sJCIJOTrJUx5 i8BygR4s3mHKBj81 ePOxG1kGbF 6R4yg6sECmxXn1 7MROVXODNHZbAgMBAAECggEAY1tsiUsIwD15 91CXirkYGuVfLyLf1lXenxf1I50mDFms mumTqloHO7tr0oriHDR5K7wMcY YY5YkcXNo7mvUVD1pM ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rxh6406Wgw4SrsB6 lCmr1kGQI7 cfgt5eclu4TZf00E9IHjn 2eR1srjBdeORi 7KiUNC pAG2 31 6MdDOFEQORcCSigCj 4 mciFUSA S4dMbrpb9FNSIcf9dcLxVM7 6KxgJN Zc9XWZ2Uw7 7Jg8x92Zd0fVAHOux51IZC UVSKWB4dyfecl 8C3p 9bbUIVGyY5vLCAi lb4qQKBgQDLi024GXrikswF32YtBBMuVgLGCwU9h9H1O9IMKAc2m8Cm1 E5IpzRjTedc9l2qilMUTwt gnw42auSCzbUeYMURPtDaqyQ7p6AjMu jp 9EPemcSVOK9VXYLOPtco 9MCOdtV6iPkCN7gOqgiZXPRKaFbWADp1 6p8UAIVS a5XxXk5 JwKBgOCKkpHi2EISh1luRkhxljyWc CikK6JBRsMvpLbc0v5dKwP 5alolfmdR5PJaV2qvZs j5CYNpMAy1 EDNTY50SIJU 0KFmQbyhsbm NLDL4 TcnT7c62 aHOlohYaf VCbRhtL1IBfqGoQc7 sAc8vmKkesnF 7CqCEKDyF dhrxYdQKB 0iZzzNAapayz1 JcVTwwEid6 j9JqQNXbBct Z2YwMit TOFV P hwkX ypeOXnIUcw0Ih YtGBVAC bsz7LcYlHqxXiHKYNWNvXgwwO0 oiChjxvEkSdsTTIfnK4VSCVU9BxDbOH jdiNDJbL60ar92UN7V YvChJUZF7LVUH4 YmVpHAOGAbZ2X7XvoeE0 uZ58 BGKOIGHByHBDixt zMhdJr15HTYjxK7OgTZm 8 zp4L9IbvLGDMJO8vft 32XPEWuvI 8twCzFH CsWLOQADZMZKSsBasOZ h1lFwhdMgCMcY Q1zd4 KjTSu31i7vhvx6RzdSedXEMNTZWN4qgl1Ix3kR5aHcukCgYA9T Zrvm1FO0seQPbLknn7EghXI jBaT TTIVW 6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv x2xALIf 91UBtv5o0hyloDoasLOgijlhouRe ERKKdwz0ZL9SWq6VTdhr 5
49. 2 EC2 pending gsg keypair 0 The instance ID in the second field of the output is a unique identifier for the instance and can be used subsequently to manipulate your instance e g to terminate it Q Important Once you launch an instance you will be billed per hour for CPU time Make sure you terminate any instances which you don t intend to leave running indefinitely It will take a few minutes for the instance to launch You can follow its progress by running PROMPT gt ec2 describe instances i 10a64379 RESERVATION r fea54097 495219933132 EC2 INSTANCE i 10a64379 ami 5bae4b32 domU 12 34 31 00 00 05 usmal compute amazonaws com EC2 running gsg keypair 0 When the status field reads running the instance has been created and has started booting There may still be a short time before it is accessible over the network however The DNS name displayed in the sample output above will be different from that assigned to your instance Make sure you use the appropriate one Authorize Network Access In order to be able to reach the running instance from the Internet you need to enable access for the ssh service which runs on port 22 PROMPT gt ec2 authorize default p 22 PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0 0 0 0 0 Connect to the Instance Now that you have a running instance you can log in and modify it according to your requirements If you launched a public Amazon EC2 AMI you can use th
50. 6040194 apache ALLOWS tcp 80 80 FRO CIDR 0 0 0 0 0 She then launches seven instances of her web server AMI as members of this group ec2run ami fba54092 n 7 g apache RESERVATION r 01927768 598916040194 INSTANCE i cfd732a6 ami fba54092 pending ec2din i cfd732a6 RESERVATION r 0592776c 598916040194 INSTANCE i cfd732a6 ami fba54092 domU 12 31 33 00 04 16 usmal compute amazonaws com running Having studied at the same school of paranoia as Albert Mary does a port scan to confirm the permissions she just configured nmap P0 p1 100 domU 12 31 33 00 04 16 usmal compute amazonaws com Starting nmap 3 81 http www insecure org nmap at 2006 08 07 16 21 SAST Interesting ports on domU 12 31 33 00 04 16 usmal compute amazonaws com 216 182 231 20 The 99 ports scanned but not shown below are in state filtered POR STATE SERVICE 80 tcp open http Nmap finished 1 IP address 1 host up scanned in 33 409 seconds And then she tests to make sure her web server is contactable telnet domU 12 31 33 00 04 16 usmal compute amazonaws com 80 Trying 2163182 231 20 6 Connected to domU 12 31 33 00 04 16 usmal compute amazonaws com 216 182 231 20 API Version 2007 03 01 34 Amazon Elastic Compute Cloud Developer Guide Tools and APIs Escape character is Excellent 2 She now creates a separate group for her application server ec2 add group
51. ANCE NSTANCE 1 3ea74257 1 31a74258 1 31a74259 1 31a7425a r fea54097 598916040194 default ami 5bae4b32 pending 0 ami 5bae4b32 pending 1 ami 5bae4b32 pending 2 ami 5bae4b32 pending 3 Note that only 4 instances were launched Once launched the instances all have a copy of the user data and the common metadata e AMI id ami Sbae4b32 e AMI manifest path ec2 public images getting started manifest xml e Reservation id r fea54097 e Public keys none e Security group names default However each instance has certain unique metadata Instance 1 Metadatum instance id ami launch index hostname local ipv4 Instance 2 Metadatum instance id ami launch index hostname local ipv4 Instance 3 Metadatum instance id ami launch index Value i 3ea74257 0 domU 12 43 33 00 01 27 usma1 compute amazonaws c om 216 182 228 87 Value i 31a74258 1 domU 12 31 33 00 01 72 usma1 compute amazonaws c om 216 182 228 88 Value i 31a74259 2 API Version 2007 03 01 24 Amazon Elastic Compute Cloud Developer Guide Using Shared AMIs Metadatum Value hostname domU 12 31 33 00 01 73 usmal compute amazonaws c om local ipv4 216 182 228 89 Instance 4 Metadatum Value instance id 1 31a7425a ami launch index 3 hostname domU 12 31 33 00 01 74 usmal compute amazonaws c om local ipv4 216 182 228 90 Therefore an instance can determine its portion of the user su
52. Amazon Elastic Compute Cloud Developer Guide API Version 2007 03 01 Amazon Elastic Compute Cloud Developer Guide Amazon Elastic Compute Cloud Developer Guide Copyright 2007 Amazon com AMAZON and AMAZON COM are registered trademarks of Amazon com Inc or its Affiliates All other trademarks are the property of their respective owners Third Party Information This guide contains links to third party websites that are not under the control of Amazon com and Amazon com is not responsible for the content of any linked site If you access a third party website mentioned in this guide then you do so at your own risk Amazon com provides these links at your own convenience and the inclusion of the link does not imply that Amazon com endorses or accepts any responsibility for the content on those third party sites Amazon Elastic Compute Cloud Developer Guide Table of Contents KEE 1 ees eene H KE E EE 3 Creating an AML buede kate Rie aie eee 3 Bundling am AM ieree ergegied geg teg saps Aen dE Eege EE eat essay dee Seege 10 Building Shared AMIS AAA 11 Sharing A EE 15 Launching and Using Instances 200 0 eee eeeeeceeeeeeceseeeeecaeeesecaeesaeceaesaecneceaeseseseeeeeseseeseaeseaseas 18 Using Instances is vscsscetsecsyostsissesspesotasseessatied tas ianesseesssecbusesssasscasssbsssavied g O EESE E ASSER 18 Using Instance Data ies ccd actin eked tense AE Eder EEN 19 Using Shared AMIS erte ENEE SEENEN sess EE E aae aE E a
53. Downloaded image downloading part bundled image pa Downloaded image downloading part bundled image pa Downloaded image fest https s3 amazonaws com my s3 bucket image manifest xml manifest xml https s3 amazonaws com my s3 bucket image part 00 to part 00 from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 01 to part 01 from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 02 to Pea EE part 02 from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 03 to PE OB ses part 03 from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 04 to rt 04 part D from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 05 to nes wen Oho mere part 05 from https s3 amazonaws com my s3 bucket https s3 amazonaws com my s3 bucket image part 06 to EE SOG sax part 06 from https s3 amazonaws com my s3 bucket Download Bundle complete See Also e ec2 bundle image e ec2 bundle vol e ec2 unbundle e ec2 upload bundle API Version 2007 03 01 134 Amazon Elastic Compute Cloud Developer Guide ec2 fingerprint key e ec2 delete bundle ec2 fingerprint key Synopsis ec2 fingerprint key KEYFILE Description Computes and displays the fingerprint for a private key produced by Amazon EC2 KE
54. E 25 Paying for AMIS tegen eg ieee EEE E E EEE E EE EEEE ER sures E 26 Using Get Console Output and Reboot Instances ssseesesseeesseiesesresrsresrerresreresresesee 28 Using and Securing the NetWork vcccc cissicscdeneis tegt ege Kee 30 Instance Addressing EE 31 Securing the Network 2 ceveasecadessuesdess cote ee erg Ed conse idee ee dE ee dee 32 COnCepts cies ARs Ae sh ER i RS NE a Rg hole 32 Examples aeieeiaii saunas Ae geheie e ee ere 33 Tools and APIS geet 35 Using the EE 37 Using the SOAP API cso citer Shih e SEENEN AE cae EE 37 Using the Query APE nirst eene a Ea EE EEEE EE aS 40 RN EE 43 API ConvemtOns siers sois eroii sorene tascssucducs Sia E o s i apar os asai s rasai 43 APD VerslOmin gs oeeie era eaan E a census EA EEE R EE EA T E cet 44 API Error Codes a a E CAE eee 45 Common D ta TYPES ses cvvesse tases sie sds sects od s eE ESEE N TE TE EE TE E EEE TRE EEEE Si 47 Descrbelmagesbesponseltem Twvpe eee eeeeeeecseeesececeseceeceseeeeeeseeeeeeeeees 47 DescribeKeyPairsResponseltemT ype 0 0 0 0 ee eeeecceseeeceeeeeeeeseeeeecaeeaeeeeaeenees 48 EmptyBlement T ype saiae e eae e R NEEN 48 DO HD EEN EAE EEEE EE EE Piatt EEEE 49 Instances tate Type EE 49 IpPermi sion ype serren nrar nsei dep uptssaedebin chee EEEE EEEE Ee Seso 50 LaunchPermissionltemType seseeseseeesesseesesreessreeerrsrrsrsserrssrerrsresreresresrereressee 51 LaunchPermissionOperationType s eesseessesesesseeesrsseersstesssreeresrer
55. EC2_JVM_ARGS Dhttp proxyHost http my proxy com Dht tp proxyPort 8080 The following properties are supported for configuring a proxy Setting Description https proxyHost HTTPS proxy host https proxyPort HTTPS proxy port http proxyHost HTTPS proxy host http proxyPort HTTPS proxy port http proxyRealm Proxy realm https and http http proxyUser Proxy username https and http http proxyPass Proxy password https and http Note E https proxyHost should be used when EC2_URL points to an https host and http proxyHost when EC2_URL points to an http host IP Information How do I host a public domain if I have to DHCP an IP address API Version 2007 03 01 151 Amazon Elastic Compute Cloud Developer Guide Monitoring Errors and Unexpected Behavior You can use a dynamic DNS service such as DynDNS or ZoneEdit Why can t I connect to my instances public IP address from another instance There is a known limitation today that prevents instances from contacting other instances through their public IP address This is being addressed Even when this is fixed you should favor the internal IP DNS name when you know you are communicating between EC2 instances This will assure you use the lowest latency highest throughput and lowest cost network route Why do I get an internal RFC 1918 IP address when I look up a DNS name that I expect to map to my instance s external IP address Amazon EC2 instances cannot cu
56. ENS 133 GEREENT EE 135 OC2 get CONSOlE OUUPUL EE 135 ec2 modify image attriDUte ee eee eee cee cecnseeeceseesecesceseceeeeeeseaeesaseaeeseecaeenaesaee 136 ec2 reboot instances cceeeesescscsececececceccecececesevecsesesescssescsescsesesececescescecesenenecseeeeees 138 Amazon Elastic Compute Cloud Developer Guide GE E E 139 GE e es e a eased pete eets E be eee te ES 139 CC D TEVOK Gis e ee EERSTEN 140 CC 2 TUMAIMS TAN CES dree dee tee dyin EE ege Eege de dE dt 142 EC2 LEPMIMALE INStAN EE 144 SCDE em eteg eege ege E EEEE TA E 145 ec 2 Upload bundle E 146 Technical FAQ eek 3 ics tk eege ere Ee arises ented eee ae 149 General ee e EE 149 Operation Information eer besten ss satsastg cess EEE E SERES EEEE EEEo 150 IP Tif Oration RE 151 Monitoring Errors and Unexpected Behavior o ce ceeceeeecsecseceseesecsseeseenseeseeeeees 152 Erro Message Sneen aanere Geet Eder See 153 Paid AMIS nna a E Bin Soa ee E R 154 EE EE 155 GIOSSALY er een eis ls Rath ee RAE Nal ae asd Bes a RON Ne ed ak aes 156 Document Conventions cccccseeeseessescccecececccceseccecescececesececnscscssnsnsssssssceeseseseecesceseseseseeeeeeaes 157 Amazon Elastic Compute Cloud Developer Guide What s New This What s New is associated with the 2007 03 01 release of Amazon EC2 The following table describes the important changes since the last release of the Amazon EC2 Developer Guide Change Description Paid AMIs Paid AMIs allow A
57. ET Errors are displayed on stderr Options Option Definition Required Example 1 Reset the launchPermissionattrib Yes l ute Example ec2 reset image attribute ami 6ba54002 1 launchPermission ami 6ba54002 RESET See Also ResetImageAttribute e ec2 modify image attribute e ec2 describe image attribute Sharing AMIs ec2 revoke Synopsis ec2 revoke GROUP P PROTOCOL p PORT_RANGE t ICMP_TYPE_CODE u SOURCE_GROUP_USER o SOURCE_GROUP s SOURCE_SUBNET Description Revokes a rule from the security group named GROUP To identify the rule to be removed you must provide exactly the same set of options used to create that rule Output A table containing the following information is returned API Version 2007 03 01 140 Amazon Elastic Compute Cloud Developer Guide Options Output type identifier GROUP PERMISSION e Group name Currently this will report an empty string e Type of rule Currently only ALLOW rules are supported e Protocol to allow e Start of port range e End of port range e FROM e Source Errors are displayed on stderr Options Option P PROTOCOL p PORT_RANGE t ICMP_TYPE_CODE u SOURCE_GROUP_USER 0o SOURCE_GROUP s SOURCE_SUBNET Definition The protocol to allow This can bet cp udp or icmp This option only applies when specifying a CIDR subnet as the source The range of ports to revoke This may b
58. Expires gt lt wsu Timestamp gt lt wsse Security gt lt SOAP ENV Header gt Let s take a quick look at the most important elements in case you are matching this against requests generated by Amazon EC2 supplied libraries or those of another vendor e BinarySecurityToken contains the X 509 certificate in base64 encoded PEM format e Signature contains XML digital signature created using the canonicalization signature algorithm and digest method described within e Timestamp Any request is only valid to Amazon EC2 within 5 minutes of this value Used to prevent replay attacks Understanding Responses In response to a request the Amazon EC2 web service returns an XML data structure that conforms to an XML schema defined as part of the Amazon EC2 WSDL The structure of a XML response is specific to the associated request In general the response data types with be named according to the operation performed and whether the data type is a container may have children Examples of containers include groupSet for security groups and instancesSet for instances Item elements are children of containers and their contents vary according to the container s role An example response is lt RunInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt reservationId gt r 47a5402e lt reservationId gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerI
59. G994CK72fy5WhyERbD jUIdHaK3M849JJuf 8cSrvSb4g Ss END RSA PRIVATE KEY lt keyMaterial gt E HH es ONNWOQORVECHSae NUQAQA HK JQK HKU TUW API Version 2007 03 01 61 Amazon Elastic Compute Cloud Developer Guide CreateSecurityGroup lt CreateKeyPairResponse gt Related Operations e DescribeKeyPairs e DeleteKeyPair e RunInstances CreateSecurityGroup The CreateSecurityGroup operation creates a new security group Every instance is launched in a security group If none is specified as part of the launch request then instances are launched in the default security group Instances within the same security group have unrestricted network access to one another Instances will reject network access attempts from other instances in a different security group As the owner of instances you may grant or revoke specific permissions using the AuthorizeSecurityGroupIngress and RevokeSecurityGroupIngress operations Request Parameters The following table describes the request parameters for CreateSecurityGroup Parameter names are case sensitive Element Name Definition Re Type quired groupName Name for the new security group Yes xsd string groupDescrip Description of the new security group Yes xsd string tion Response Tags The following table descr
60. GBVAC L6car92UN7V v1 5HTYjxK7OgTZm whdMgCMcY Q1zd4 I DoasLOgijlhouRe vSb4g PE_CODE u T al Adds a rule to the security group named GROUP If no source host group or subnet is provided requests from any source address will be honored Output A table containing the following information is returned Protocol to allow Start of port range Output type identifier GROUP PERMISSION Group name Currently this will report an empty string Type of rule Currently only ALLOW rules are supported API Version 2007 03 01 119 Amazon Elastic Compute Cloud Developer Guide Options e End of port range e FROM e Source Errors are displayed on stderr Options Option P PROTOCOL p PORT_RANGE t ICMP_TYPE_CODE mld SOURCE_GROUP_USER 0o SOURCE_GROUP s SOURCE_SUBNET Example Definition The protocol to allow This can be tcp udp or icmp This option only applies when specifying a CIDR subnet as the source For the TCP or UDP protocols this specifies the range of ports to al low This may be specified as a single integer or as a range min max This option only ap plies when specifying a CIDR sub net as the source For the ICMP protocol the ICMP type and code must be specified This must be specified as type code where both are integers Type or code or both may be spe cified as 1 which is a wildcard This option only applies when spe cifying a C
61. H4YmVp 9Ibv LOSWq6VTd LFW7 GDMJO8vft32XPI 6RzdSedx 6bdP1i23ExzxZn7KOdrfclYRphiL hr 5G994CK72fy5WhyERbD jUIdHaK3M849JJuf8cSr T K vpLbcOv5dKwP5alolfmdR5 HOlohYaf VCbRh HAOGADZ2X7Xvoel tml jnutSuo08Xe56L1T UTwt gnw42auSCzbUeYMURPtDqyQ7p6Aj4 kCN7gOqiZXPRKaFbWADp1 6p8UAIvVS a5XXk5 jwKBgQCK Bid6j9dqNXbBc Z2YwMi TOFVv P hw EkSdsTTIfnK4VSCVU9BxXDbOQH jdiNDJbI EWuvi8twCzF EMNTZWN4q11x3kR5aHcukCgYA9T Zrvm1F0seQPbLknn7EqhXIjBaT HM8v xkaa39Est UM114030 1X E g45zfB95wlyywwWZ ET EwqaQHWAS Of2UcPOKCOV ElQiJLChp UR jx71Sg feW UUF3LpGZyq aFxTHg kiLHjJU39S2sICJ0Trdx5 ECg gEAY1tsiUsIwD15 h64o06wgw4 EORCC U9h 9EPem kpHi2 EDNTY50S D ujp PJaV2qvZsS j5CYNpMAy1 LIBfqGoQc7 sAc8vmK kX ypeOXn P 0 uZ58 BGKOIGHByHBDixt zMhdJ H CsWLQADZMZKSsBasOZ h1F D RSA PRIVATI e CreateKeypair e ec2 describe keypairs e ec2 delete keypair ec2 authorize Synopsis P K ec2 authorize GROUP P PROTOCOL SOURCE_GROUP_USER Description o SOURCE_GROUP HMpAONV x2xALI 91UBtv5ohylo p PORT_RANGE t ICMP_TY s SOURCE_SUBNE mi H m kesnF7CqcC kcXNo7mvUVD1pM SrsB6ICmr1kGQI7 SigCj 4 mciFUSA 9dcLxVM7 6KxgJN 2Zc9XWzUw7 7Jg8x 92200 fVhHOux51ZC UVSKWB4dyfcl 9H1O9mKAc2m8Cm1 cSVOK9VXYLOPtco IShluRkhxljyWC JU 0KFmQbyhsbm KDyF dhrxYdQKB Ucw0OTh Yt
62. I creation tools This ensures that new AMIs based on your shared AMIs contain the latest AMI creation tools On Fedora adding the following to rclocal will update the AMI tools at boot Update the EC2 AMI creation tools echo Updating ec2 ami tools wget http s3 amazonaws com ec2 downloads ec2 ami tools noarch rpm amp amp rpm Uvh ec2 ami tools noarch rpm amp amp echo Updated ec2 ami tools You may wish to use this pattern to auto update other software on your image It s up to you to decide which if any of the software components installed on your AMI should be updated at boot time Two things to consider when making this decision are how much WAN traffic will the update generate bearing in mind your users will be charged for it and how much risk is there that the update will break other software on the AMI Disable Password Based Logins for Root A fixed root password for a public AMI is a security risk It won t be long before it becomes well known It s not sufficient to rely on users changing the password after logging in for the first time since this leaves a small window of opportunity for someone looking for a chance to do something bad or cheap thrills The solution is to disable password based logins for the root user In fact we recommend you go one step further and randomize the root password at boot just in case Defense in depth is always a good strategy To disable password based login
63. ICMP code if ICMP is being authorized CIDR IP range to revoke access to when operating on a CIDR IP Re quired Yes When revok ing user group pair per mission When revok ing user group pair per misison When revok ing CIDR IP per mission When revok ing CIDR IP per mission When revok ing CIDR IP per mission When revok ing CIDR IP per Type string string string string int ant string API Version 2007 03 01 108 Amazon Elastic Compute Cloud Developer Guide RunInstances Element Name Definition Re Type quired mission Response Tags The following table describes the default response tags included in RevokeSecurityGroupIngress responses Element Name Definition Type return true if permissions successfully revoked xsd boolean Sample Request https ec2 amazonaws com Action AuthorizeSecurityGroupIngress amp IpProtocol tcp amp FromPort 80 amp ToPort 80 amp CidrIp 0 0 0 0 0 amp auth parameters Sample Response lt RevokeSecurityGroupIngressResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt RevokeSecurityGroupIngressResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e DeleteSecurityGroup RunInstances The RunInstances operation launches a specified number of instances Note VS The Query v
64. IDR subnet as the source The owner of a group specified us ing o If this is not specified all groups will refer to the current user If specified more than once there must be exactly one u per o and each user will be mapped to the corresponding group The network source from which traffic is to be authorized specified as a security Group See the de scription of the u parameter for group owner information The network source from which traffic is to be authorized specified as a CIDR Subnet range Required Yes Yes Yes No No No ec2 authorize websrv P tcp p 80 s 205 192 0 0 16 GROUP websrv Di PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205 192 0 0 16 Example P tcp p 80 t 2 5 u 495219933132 o headoffice s 205 192 8 45 24 API Version 2007 03 01 120 Amazon Elastic Compute Cloud Developer Guide ec2 bundle image See Also e AuthorizeSecurityGroupIngress e ec2 add group e ec2 describe groups e ec2 delete group e ec2 revoke ec2 bundle image Synopsis ec2 bundle image k PRIVATE KEY c EC2 CERT u USER ID i IMAGE d DESTINATION DIR p AMI PREFIX Description Create a bundled AMI of an operating system image that was created in a loopback file Output Status messages indicating the various stages of the bundling process are displayed Options Note US This tool does not support the common options Option Definition Required Ex
65. IpPermissionTyp ell Response Tags The following table describes the default response tags included in AuthorizeSecurityGroupIngress responses API Version 2007 03 01 58 Amazon Elastic Compute Cloud Developer Guide ConfirmProductInstance Element Name Definition Type return true if permissions successfully added xsd boolean Sample Request lt AuthorizeSecurityGroupIngress xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt userld gt lt groupName gt WebServers lt groupName gt lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 80 lt fromPort gt lt toPort gt 80 lt toPort gt lt groups gt lt ipRanges gt lt item gt lt cidrip gt 0 0 0 0 0 lt cidrIp gt lt item gt lt ipRanges gt lt item gt lt ipPermissions gt lt AuthorizeSecurityGroupIngress gt Sample Response lt AuthorizeSecurityGroupIngressResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt AuthorizeSecurit yGroupIngressResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e RevokeSecurityGroupIngress e DeleteSecurityGroup ConfirmProductinstance The ConfirmProduct Instance operation returns true if the given product code is attached to the instance with the given instance id False is returned if the product code is not attached to the instance The ConfirmProduct Instance operation can only be ex
66. LAUNCH PERMISSION ec2 describe image attribute ami 5bae4b32 1 launchPermission ami 5bae4b32 group all launchPermission ami 5bae4b32 userId 495219933132 Example PRODUCT CODES ec2 describe image attribute ami 5bae4b32 p productCodes ami 5bae4b32 productCode 774F4FF8 See Also API Version 2007 03 01 129 Amazon Elastic Compute Cloud Developer Guide ec2 describe images e DescribeImageAttribute e ec2 modify image attribute e ec2 reset image attribute e Sharing AMIs ec2 describe images Synopsis ec2 describe images AMI a o OWNER x USER Description Describes the current state of each AMI specified on the command line If no AMIs are explicitly listed the AMIs described can be controlled with the optional parameters If no optional parameters are specified it returns all AMIs owned by the user AMIs for which the user has explicit launch permissions public AMIs and Amazon owned AMIs Note Ss The default behaviour of ec2 describe images changed from version 2006 06 26 to version 2006 10 01 In the 2006 06 26 version all images to which the user has access including public images are returned In the version 2006 10 01 and later only images which the user owns or has explicit access are returned Public images are not returned Output A table containing the following information is returned A record type identifier IMAGE e image identifier e manifest location e user identi
67. LFg5ujHrtml jnut Suo08Xe56L1T HM8v xkaa3 9EStM3 aFxTHgE1LOQiJLChp HungXQ2 9VTc8rclbW01kdi230H5eqkMHGhvEwqa0HWASUM114030 1X 0f 2UcPOKCOVUR 4x71Sg 5AU52EQOfanIn3Z081FW7Edp5a3q4DhjGLUKToHVbicL5E g45zfB9I5wlyywwWZfeW UUF 3LpGZyq ebIULqlqTbHkLbCC2r7RTn8vpOQWp4 7BGVYGt GSBMpTRP 5hnbzzuqj3itkiLHjU39S2sJCIJOTrJUx5 i8BygR4s3mHKBj81 ePOxG1kGbF 6R4yg6sECmXn1 7MROVXODNHZbAgMBAAECggEAY1tsiUsIwD15 91CXirkYGuVfLyLf1lXenxf150mDFms mumTqloHO7tr0oriHDR5K7wMcY YY5YkcXNo7mvUVD1pM ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rxh6406Wgw4SrsB6 lCmr1kGQI7 cfgt5eclu4TZf00E9IHjn 2eR1srjBdeORi 7KiUNC pAG2 31 6MdDOFEQORcCSigCj 4 mciFUSA S4dMbrpb9FNSIcf9dcLxVM7 6KxgJNfZC9XWZUw77Jg8x92Zd0fVhHOux5IZC UvVSKWB4dyfcI 8C3p 9bbUIVGyY5vLCAi lb4qQKBgQDLi024GXrikswF32YtBBMuVgLGCwU9h9H1O9MKAc2m8Cm1 E5IpzRjTedc9l2qilMUTwtgnw42auSC zbUeYMURPtDqyQ7p6A jMu jp 9EPemcSVOK9VXYLOPtco 9MCOdtV6iPkCN7gOqgiZXPRKaFbWADp1 6p8UAIvS a5XXk5 JwKBgQCKkpHi2EISh1luRkhxljyWc iDCiK6JBRsMvpLbcOv5dKwP5alolfmdR5PJaV2qvZs j5CYNpMAy1 EDNTY50SIJU 0KFmOQbyhsbm rdLNLDL4 TcnT7c62 aHO0OlohYaf VCbRht L1IBfqGoQc7 sAc8vmKkesnF7CqCEKDyF dhrxYdQKB gC0iZzzNAapayz1 JcVTwwEid6 j9JqNXbBc Z2YwMi TOFV P hwkX ypeOXnilUcw0Ih YtGBVAC DQbsz7LcY1lHqXiHKYNWNvXgwwOt oiChjxvEkSdsTTIfnkK4VSCVU9BxDbOH JdiNDJbL60ar92UN7V cBYVChUZF7LVUH4 YmVpHAOGAbDZ2X7XvoeEO uZ58 BGKOIGHByHBDixt zMhdJr15HTYjxK7OgTZm gK 8zp4L9IbvLGDMJO8vft 32XPEWuv1 8twCzFH CSWLOADZMZKSsBasOZ h1FwhdMgCMcY Ql1zd4 JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T Zrvm1lFO0seQPbLk
68. LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rxh6406Wgw4SrsB6 lCmr1kGQI7 cfgt5eclu4TZf00E9IHjn 2eR1srjBdeORi 7KiUNC pAG2 31 6MdDOFEORcCSigCj 4 mciFUSA S4dMbrpb9FNSIcf 9dcLxXVM7 6KxgJN Zc9XWZ2Uw7 7Ig8x92Zd0fVhAHOux51ZC UVSKWB4dyfecl 8C3p 9bbUIVGYyY5vLCAi lb4qQKBgQDLi024GxXrikswF32YtBBMuVgLGCwU9h9H10O9mKAc2m8Cm1 E5IpzRjTedc9Il2qilMUTwtgnw42auSCzbUeYMURPtDaqyQ7p6A jMu jp 9EPemcSVOK9VXYLOPtco 9MCOdtV6iPkCN7gOqgiZXPRKaFbWADp1 6p8UAIvS a5XXk5 JwKBgOCKkpHi2EISh1luRkhxljyWc iDCiK6JBRsMvpLbcOv5dKwP5alolfmdR5PJaV2qvZs j5CYNpMAy1 EDNTY50SIJU 0KFmQbyhsbm rdLNLDL4 TenT7c62 aHOlohYaf VCbRhtL1IBfqGoQc7 sAc8vmKkesnF 7CqCEKDyF dhrxYdQKB gC0izZzzNAapayz1 JcVTIwwEid6 j9JqNXbBc Z2YwMi TOFV P hwkX ypeOXnIUcw0OIh YtGBVAC DObsz7LcY1lHqXiHKYNWNvXgwwOt oiChjxvEkSdsTTIf nK4VSCVU9BxDbOH jJdiNDJbL60ar92UN7V rBYVChJUZF7LVUH4 YmVpHAOGAbDZ2X7XvoeEO uZ58 BGKOIGHByHBDixt zMhdJr15HTYjxK7OgTZm gK 8zp4L9IbvLGDMJO8vft 32XPEWuv1 8twCzFH CsWLOQADZMZKSsBasOZ h1FwhdMgCMcY Qlzd4 JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T Zrvm1F0seQPbLknn7EghXxI jBaT P8TTvW 6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv x2xALI 91UBtv5o0hyloDoasL0gijlhouRe 2ERKKdwz0ZL9SWq6VTdhr 5G6994CK72fy5WhyERbD jUIdHaK3M849JJuf8cSrvSb4g SSS END RSA PRIVATE KEY lt keyMaterial gt lt CreateKeyPairResponse gt 3 S C j x D sScOss FH m Related Operati
69. PI Version 2007 03 01 64 Amazon Elastic Compute Cloud Developer Guide DescribelmageAttribute The DeregisterImage operation deregisters an AMI Once deregistered instances of the AMI may no longer be launched Request Parameters The following table describes the request parameters for DeregisterImage Parameter names are case sensitive Element Name Definition Re Type quired imageId Unique ID of a machine image returned Yes xsd string by a call to Registerlmage or De scribeImages launchPermis Specifies launch permissions of the Choice xsd EmptyElementTyp sion AMI e productCodes Specifies product codes of the AMI Choice xsd EmptyElementTyp KE Response Tags The following table describes the default response tags included in DeregisterImage responses Element Name Definition Type return true if deregistration succeeded otherwise xsd boolean false launchPermission Returns launch permissions of the AMI if ec2 LaunchPermissionIt launchPermission is specified emType productCodes Returns product codes of the AMI if launch ec2 ProductCodeItemTyp Permission is specified ell Sample Request lt DeregisterImage xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt DeregisterImage gt Sample Response lt DeregisterImageResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt Deregiste
70. PROMPT gt ec2 describe image attribute ami 5bae4b32 1 launchPermission ami 5bae4b32 group all An AML is be made private again by removing the a11 group from its launch permissions This will not affect any explicit launch permissions the AMI may have or any running instances of the AMI PROMPT gt ec2 modify image attribute ami 5bae4b32 1 r all launchPermission ami 5bae4b32 REMOVE group all API Version 2007 03 01 15 Amazon Elastic Compute Cloud Developer Guide Publishing Shared AMIs Sharing an AMI with Specific Users It is possible to share an AMI with specific users without making the AMI public This is done by adding explicit launch permissions To do this you need the user s AWS account id PROMPT gt ec2 modify image attribute ami 5bae4b32 1 a 495219933132 launchPermission ami 5Sbae4b32 ADD userId 495219933132 Explicit launch permissions are removed in the same way as public launch permissions PROMPT gt ec2 modify image attribute ami 5bae4b32 1 r 495219933132 launchPermission ami 5bae4b32 REMOVE userId 495219933132 Another way to remove launch permissions is to use the ec2 reset image attribute command This will remove any launch permissions that have been added to an AMI public and explicit Owners always have launch permissions for their AMIs and will not lose those permissions by using c2 reset image attribute PROMPT gt ec2 reset image attribute ami 5bae4b32 1 launchPer
71. RFC3548 with the additional restrictions e Implementations MUST NOT add linefeeds to encoded data e Implementations MUST pad end of encoded data with if required e Implementations MUST ignore characters in the encoded stream that are not in the encoding alphabet Note that this differs from what RFC3548 says It is included because it provides more leeway for clients Encoding alphabet as per table 1 in RFC3548 i e A Za z0 9 e The size limit on the user data applies to the data before base64 encoding UserldGroupPairType The UserIdGroupPairType data type API Version 2007 03 01 56 Amazon Elastic Compute Cloud Developer Guide EC2 SOAP API Relevant Operations Operations that use this data type include e AuthorizeSecurityGroupIngress e DescribeSecurityGroups e RevokeSecurityGroupIngress Contents The following table describes and shows the elements contained in UserldGroupPairT ype Member Description Type userId AWS Access Key ID of a user xsd string groupName Name of a security group xsd string EC2 SOAP API The Amazon EC2 API consists of web service operations for every task the service can perform This section describes each operation in detail By Function Operations Images e Registerlmage e DescribeImages e DeregisterImage Instances e Runlnstances e DescribeInstances e TerminateInstances e ConfirmProductInstance Keypairs e CreateKeyPair e DescribeKeyPairs e DeleteKeyPa
72. Response Tags The following table describes the default response tags included in DescribeKeyPairs responses Element Name Definition Type keySet A list of keypair descriptions c2 DescribeKeypairsRe sponseltemType Sample Request lt DescribeKeyPairs xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keySet gt lt item gt lt keyName gt example key name lt keyName gt lt item gt lt keySet gt lt DescribeKeyPairs gt Sample Response lt DescribeKeyPairsResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keySet gt lt item gt lt keyName gt example key name lt keyName gt lt keyFingerprint gt 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f 5 f1 6f lt keyFingerprint gt lt item gt lt keySet gt lt DescribeKeyPairsResponse gt Related Operations e CreateKeypair e DeleteKeypair API Version 2007 03 01 71 Amazon Elastic Compute Cloud Developer Guide DescribeSecurityGroups e RunInstances DescribeSecurityGroups The DescribeSecurityGroups operation returns information about security groups owned by the user making the request An optional list of security group names may be provided to request information for those security groups only If no security group names are provided information of all security groups will be returned If a group is specified that does not exist a fault is returned Request Parameters The following table describes the requ
73. SecurityGroupIngress Element Name Definition Re Type quired be described Attribute Specifies the attribute to reset Currently Yes string only launchPermission is supported In the case of launchPermission all public and explicit launch permissions for the AMI are revoked Response Tags The following table describes the default response tags included in Reset ImageAttribute responses Element Name Definition return true if the operation succeeded otherwise false Sample Request https ec2 amazonaws com Action ResetImageAttribute amp ImageId ami 61a54008 Attribute launchPermission amp auth parameters Sample Response lt ResetImageAttributeResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt ResetImageAttributeResponse gt Related Operations e ModifyImageAttribute e DescribeImageAttribute RevokeSecurityGroupIngress The RevokeSecurityGroupIngress operation revokes existing permissions that were previously granted to a security group The permissions to revoke must be specified using the same values originally used to grant the permission Permissions are specified in terms of the IP protocol TCP UDP or ICMP the source of the request by IP range or an Amazon EC2 user group pair source and destination port ranges for TCP and UDP and ICMP codes and types for ICMP When authorizing ICMP 1 may be used as a wildcard in the type and code f
74. WS developers to charge other Amazon EC2 users for the use of AMIs they have created and shared Sellers of AMIs set the price and their customers then purchase one or more AMIs and are billed through Amazon com for their use of these paid AMIs For more informa tion see the section called Paying for AMIs API Version 2007 03 01 1 Amazon Elastic Compute Cloud Developer Guide Introduction Welcome to the Amazon Elastic Compute Cloud Amazon EC2 Developer Guide This guide picks up where the Getting Started Guide ends and will provide you with the information necessary for creating more sophisticated AMIs using advanced service features and writing applications using Amazon EC2 This guide assumes you have worked through the Getting Started Guide installed the command line and API tools as described and have a general understanding of the service The chapters presented in the guide are Working with AMIs walks you through the steps required to create the customized package of software that will execute on your host essentially packaging your desired Operating System configuration Launching and Using Instances provides an overview of the Amazon EC2 instances and some tips for using them effectively Using and Securing the Network provides an overview of instance network addressing the distributed firewall and usage examples Using the APIs explains the basics of using the SOAP and Query APIs including signing r
75. YFILE must be the path to a file containing an unencrypted PEM encoded PKCS 8 private key This operation is performed entirely on the client side Network access is not required Output A key fingerprint This is formatted as a hash digest with each octet separated by a colon Errors are displayed on stderr Example ec2 fingerprint key mykey pem 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f f5 f1 6f See Also e ec2 create keypair e ec2 describe keypairs ec2 get console output Synopsis ec2 get console output INSTANCEID r Description Retrieve the console output for instance INSTANCEID if available and display it to stdout Output Two fields e A timestamp indicating the time of the last update e The instance console output By default the Esc character is escaped and duplicate new lines are removed to facilitate reading API Version 2007 03 01 135 Amazon Elastic Compute Cloud Developer Guide Options Errors are displayed on stderr Options Option Definition Required Example r Raw output Do not escape the output No to facilitate reading Example ec2 get console output i 10a64379 2007 01 03 12 00 00 Linux version 2 6 16 xenU builder patchbat amazonsa gcc version 4 0 1 20050727 Red Hat 4 0 1 5 1 SMP Thu Oct 26 08 41 26 SAST 2006 BIOS provided physical RAM map Xen 0000000000000000 000000006a400000 usable 980MB HIGHMEM available 727MB LOWMEM available X E
76. a public ipv4 Monitoring Errors and Unexpected Behavior How do I monitor my systems Amazon EC currently only provides the most basic monitoring You can tell from DescribeInstances whether we believe your instance is running or not However you may regard your systems running in Amazon EC2 as your data center and so any monitoring instrumentation that you wish to include on the systems be it SNMP or some other mechanism is entirely up to you Why can t I talk to my instances Here are a few common reasons for broken connectivity to your instance API Version 2007 03 01 152 Amazon Elastic Compute Cloud Developer Guide Error Messages An instance s state is changed to running as soon as we start to boot your OS This means there will be some delay possibly a few minutes depending on your configuration during which your instance will not have been fully set up After this period it should be fully functional Additionally you will need to make sure you have authorized the appropriate access to your host through the Amazon EC2 firewall If you have launched your instances without specifying a security group the default group is used Permissions on the default group are very strict by default and disallow all access from the Internet and other groups You will need to add permissions to your default group or you will have to set up a new group with appropriate permissions For more information see Securing the Ne
77. access to the web server group ec2 revoke apach P tcp p 22 s 192 168 1 130 32 Creating the group for database servers and granting access to them from the application server group is left as an exercise for the reader Tools and APIs Below we highlight the most relevant command line tools and SOAP API calls used to manipulate security groups Please refer to the appropriate sections of this guide for the specific details API Version 2007 03 01 35 Amazon Elastic Compute Cloud Developer Guide Notes Purpose Command line tool SOAP API List the rules belonging to spe ec2 describe group DescribeSecurityGroups cified groups Create a new security group ec2 add group CreateSecurityGroup Delete an existing security ec2 delete group DeleteSecurityGroup group Add an access rule to an existing ec2 authorize AuthorizeSecurityGroupIngress security group Remove an access rule from an ec2 revoke RevokeSecurityGroupIngress existing security group Notes e Defining firewall rules in terms of groups is flexible enough to allow you to implement functionality equivalent toa VLAN e In addition to the distributed firewall you can maintain your own firewall on any of your instances This may be useful if you have specific requirements not catered for by the distributed firewall API Version 2007 03 01 36 Amazon Elastic Compute Cloud Developer Guide Using the SOAP API Using the APIs This section details the APIs ava
78. al DNS name is only resolvable from within Amazon EC2 The public DNS name resolves to the public IP address from outside of Amazon EC2 and currently resolves to the private IP address from with Amazon EC2 More detail can be found in the section called Instance Addressing Note SS During earlier stages of the Amazon EC2 Beta program instances used direct addressing This addressing scheme used the same address for internal and external access This approach is being deprecated and the documentation therefore does not discuss this addressing scheme Introduction to Securing the Network The Amazon EC2 service provides the ability to dynamically add and remove instances However this flexibility can complicate firewall configuration and maintenance which traditionally relies on IP addresses subnet ranges or DNS host names as the basis for the firewall rules The Amazon EC2 firewall allows you to assign your compute resources to user defined groups and define firewall rules for and in terms of these groups As compute resources are added to or removed from groups the appropriate rules are enforced Similarly if a group s rules are changed these changes are automatically applied to all members of the affected group the section called Securing the Network discusses this topic in more detail API Version 2007 03 01 30 Amazon Elastic Compute Cloud Developer Guide Private RFC 1918 Addresses Instance Addressing
79. alidate this registration If you do have to make changes and upload a new image deregister the previous image and register the new image Request Parameters The following table describes the request parameters for RegisterImage Parameter names are case sensitive Element Name Definition Re Type quired imageLocation Full path to your AMI manifest in Yes xsd string Amazon S3 storage Response Tags The following table describes the default response tags included in RegisterImage responses Element Name Definition Type imageId Unique ID of the newly registered machine xsd string image Sample Request lt RegisterImage xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageLocation gt mybucket myimage manifest xml lt imageLocation gt lt RegisterImage gt API Version 2007 03 01 77 Amazon Elastic Compute Cloud Developer Guide ResetIlmageAttribute Sample Response lt RegisterImageResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt RegisterImageResponse gt Related Operations e DescribeImages e DeregisterImage ResetiImageAttribute The Reset ImageAttribute operation resets an attribute of an AMI to its default value The productCodes attribute cannot be reset Request Parameters The following table describes the request parameters for Reset ImageAttribute Parameter names are case sensitive Element Name Definition Re
80. ally necessary in the Signature parameter Some clients do this automatically but this is not the norm By Function Operations Images e Registerlmage e DescribeImages e DeregisterImage Instances e RunInstances e DescribeInstances e TerminateInstances e ConfirmProductInstance Keypairs e CreateKeyPair e DescribeKeyPairs API Version 2007 03 01 85 Amazon Elastic Compute Cloud Developer Guide AuthorizeSecurityGroupIngress e DeleteKeyPair Image Attributes e ModifyImageAttribute e DescribeImageAttribute e ResetImageAttribute Security Groups e CreateSecurityGroup e DescribeSecurityGroups e DeleteSecurityGroup e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress AuthorizeSecurityGroupIngress The AuthorizeSecurityGroupIngress operation adds permissions to a security group Permissions are specified in terms of the IP protocol TCP UDP or ICMP the source of the request by IP range or an Amazon EC2 user group pair source and destination port ranges for TCP and UDP and ICMP codes and types for ICMP When authorizing ICMP 1 may be used as a wildcard in the type and code fields Permission changes are propagated to instances within the security group being modified as quickly as possible However a small delay is likely depending on the number of instances that are members of the indicated group When authorizing a user group pair permission GroupName SourceSecurit yGroupName and
81. ample k The path to the user s PEM encoded Yes k pk privatekey RSA key file HKZYK KEY TAIG2ECMXYIBH3HX V4ZBZQ55CLO pem c cert The user s PEM encoded RSA public Yes c cert EC2 CERT key certificate file HKZYK TAIG2ECMXYIBH3HX V4ZBZQ55CLO pem u user The user s EC2 user ID i e AWS ac Yes u 123456789 USER count number not the Access Key ID i image The path to the image to bundle Yes i PATH var spool my im age version 2 debian img d The directory in which to create the No d var run my bundle destination bundle Defaults to the current direct DESTINATION ory API Version 2007 03 01 121 Amazon Elastic Compute Cloud Developer Guide Example Option p prefix PREFIX help manual Example Definition Required The filename prefix for bundled AMI No files Defaults to image Display the help message No Display the help Example p my image is special help manual ec2 bundle image k pk HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem c cert HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO pem u 495219933132 i image img d bundled p fred Splitting bundled fred gz crypt Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred Created fred part part part part part part
82. ample Request https ec2 amazonaws com Action DescribeSecurityGroups amp GroupName 1 WebServers amp GroupName 2 RangedPortsBySource amp auth parameters Sample Response API Version 2007 03 01 100 Amazon Elastic Compute Cloud Developer Guide GetConsoleOutput lt DescribeSecurityGroupsResponse xm ins http ec2 amazonaws com doc 2007 03 01 gt lt securityGroupInfo gt lt item gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerId gt lt groupName gt WebServers lt groupName gt lt groupDescription gt Web lt groupDescription gt lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 80 lt fromPort gt lt toPort gt 80 lt toPort gt lt groups gt lt ipRanges gt lt item gt lt cidrip gt 0 0 0 0 0 lt cidrIp gt lt item gt lt ipRanges gt lt item gt lt ipPermissions gt lt item gt lt item gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerlId gt lt groupName gt RangedPort sBySource lt groupName gt lt groupDescription gt A lt groupDescription gt lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 6000 lt fromPort gt lt toPort gt 7000 lt toPort gt lt groups gt lt ipRanges gt lt item gt lt ipPermissions gt lt item gt lt securityGroupInfo gt lt DescribeSecurityGroupsResponse gt Related Operations e CreateSecurityGroup e AuthorizeSecurityGro
83. ances INSTANCEID Description Describes the current state of each instance indicated by the respective INSTANCEID specified on the command line If no instances are explicitly listed then all instances owned by the current user are included in the output Output A table containing the following information is returned e Output type identifier RESERV ATION INSTANCE e Instance ID which uniquely identifies each running instance API Version 2007 03 01 131 Amazon Elastic Compute Cloud Developer Guide Example e AMI ID of the image the instance is based on e Public DNS name associated with the instance Only present for instances in the running state e Private DNS name associated with the instance Only present for instances in the running state launched with public addressing type e Instance state e Key name If a key was associated with the instance at launch it s name will be displayed in this column e AMI launch index See using instance data for more info e Product codes attached to the instance Errors are displayed on stderr Example ec2 describe instances RESERVATION r 15a4417c 495219933132 INSTANCE i 3ea74257 ami 6ba54002 ec2 72 44 33 4 z 2 compute 1 amazonaws com domU 12 31 33 00 00 01 z 2 compute 1l internal running 0 774F4FF8 E d NSTANCE i 31a74258 ami 6ba54002 ec2 72 44 34 23 z 2 compute 1 amazonaws com omU 12 31 33 00 00 02 z 2 compute 1 internal run
84. assume that you create it in your working directory Just to clarify it does not need to be created in the loopback file system It is used only during installation of the loopback file system Create yum xen conf with the following content main cachedir var cache yum debuglevel 2 logfile var log yum log exclude debuginfo gpgcheck 0 obsoletes 1 reposdir dev null base name Fedora Core 4 Sbasearch Bas mirrorlist http fedora redhat com download mirrors fedora core Sreleasever enabled 1 updates released name Fedora Core 4 Sbasearch Released Updates mirrorl ist http fedora redhat com download mirrors updates released fcSreleasever enabled 1 Mount proc Due to a bug in the groupadd utility from the snhadow utils package versions prior to 4 0 7 7 the new proc file system needs to be mounted by hand at this point mkdir mnt ec2 fs proc mount t proc none mnt ec2 fs proc Install the Operating System At this stage all the basic directories and files have been created and you are ready to do the operating system installation This process might take a while depending on the speed of the host and the network link to the repository yum c yum xen conf installroot mnt ec2 fs y groupinstall Base Setting up Group Process Setting up repositories base 100 1 1 kB 00 00 updates released 100 1 1 kB 00 00 comps
85. ay be specified as part of the launch request If a security group is not indicated then instances are started in a the default security group An optional keypair ID may be provided for each image in the launch request All instances that are created from images for which this is provided will have access to the associated public key at boot time detailed below This key may be used to provide secure access to an instance of an image on a API Version 2007 03 01 80 Amazon Elastic Compute Cloud Developer Guide RunInstances per instance basis Amazon EC2 public images make use of this functionality to provide secure passwordless access to instances and launching those images without a keypair ID will leave them inaccessible The public key material is made available to the instance at boot time by placing it in a file named openssh_id pub on a logical device that is exposed to the instance as dev sda2 the ephemeral store The format of this file is suitable for use as an entry within ssh authorized_keys the OpenSSH format This can be done at boot time as part of rclocal for example allowing for secure password less access As the need arises other formats will also be considered Optional user data may be provided in the launch request All instances comprising the launch request have access to this data see the section called Using Instance Data for details If any of the AMIs have product codes attached for which
86. beKeypairs Contents The following table describes and shows the elements contained in DescribeKeyPairsResponseltemType Member Description Type keyName The user supplied name for this key xsd string pair keyFingerprint A fingerprint for the private key of xsd string this keypair This is computed as the SHA 1 digest of the DER encoded form of the private key EmptyElementType The Empt yElement Type data type Relevant Operations Operations that use this data type include API Version 2007 03 01 48 Amazon Elastic Compute Cloud Developer Guide GroupSetType e ResetImageAttribute e DescribeImageAttribute Contents The empty element is just that an empty element and has no contents GroupSetType The GroupSet Type data type Relevant Operations Operations that use this data type include e RunInstances Contents The following table describes and shows the elements contained in GroupSetType Member Description Type grouplId Name of a security group xsd string InstanceStateType The InstanceStateType data type Relevant Operations Operations that use this data type include e RunInstances e DescribeInstances e TerminatelInstances Contents The following table describes and shows the elements contained in InstanceStateType Member Description Type code A 16 bit unsigned integer The high xsd int byte is an opaque internal value and should be ignored when consulting this valu
87. beSecurityGroups Contents Type xsd string ec2 ProductCodelItemType The following table describes and shows the elements contained in SecurityGroupItemType Member Description ownerId AWS Access Key ID of the owner of the security group described groupName Name of the security group groupDescription Description of the security group ipPermissions Set of IP permissions associated with the security group TerminatelInstancesResponselnfoType The TerminateInstancesResponseInfoType data type Relevant Operations Operations that use this data type include e TerminatelInstances Contents Type xsd string xsd string xsd string ec2 IpPermissionType API Version 2007 03 01 55 Amazon Elastic Compute Cloud Developer Guide UserDataType The following table describes and shows the elements contained in TerminateInstancesResponselInfoType Element Name Description Type instancelId Instance ID returned from previous xsd string call to RunInstances UserDataType The UserDataType data type Relevant Operations Operations that use this data type include e RunInstances Contents The following table describes and shows the elements contained in UserDataType Member Description Type data The user data xsd string Notes e The data element must specify the attributes Attribute name Required Value version Yes 1 0 encoding Yes base64 e The user data is base64 encoded as per
88. ces for building shared AMIs Building safe secure useable AMIs for public consumption is a fairly straightforward process if you stick to a few simple guidelines You re welcome to choose to ignore any or all of these guidelines They re not requirements for publishing an AMI However we believe that following these guidelines will make for a far smoother user experience and help ensure your users instances are secure Platform Notes These guidelines are generally written with Fedora distros in mind but the principles hold for any AMI You may need to tweak the examples we ve provided to get them to work on other distributions Many of the steps below involve automating something during the boot sequence We ve made a few notes for some of the more common distributions below For other distros check your local documentation or search the AWS forums in case someone else has done it already e On Red Hat and Fedora systems you can add these steps to your etc rc d rc 1local script e On Gentoo systems you can add them to etc conf d local local e On Ubuntu systems you can add them to etc re local e On Debian you may need to create a start up script in etc init dand use update re d lt scriptname gt defaults 99 where lt scriptname gt is the name of the script you created and add the steps to this script Update the AMI Tools at Boot Time We recommend that during the boot process your AMIs should fetch and upgrade the EC2 AM
89. client at that address to send the file data If the client looks up its own internal address and sends this to the server the connection will fail In this specific case there are two solutions to the problem First the implementation of NAT that EC2 uses recognizes FTP as a special case and rewrites the PORT command address if the ftp client connects to the server on the standard port Second the client can use passive FTP which makes connections only to the server rather than from the server to the client In general applications which encode local addresses and port numbers in data sent to external servers may have problems with NAT Care must always be taken to send the public address rather than the internal one API Version 2007 03 01 155 Amazon Elastic Compute Cloud Developer Guide Glossary Amazon Machine Image AMD Explicit Launch Permission Instance Group Launch Permission Public AMI Reservation Shared AMI An Amazon Machine Image AMI is an encrypted machine image stored in Amazon S3 It contains all the information necessary to boot instances of your software Launch permission granted to a specific user Once an AMI has been launched the resulting running system is referred to as an instance All instances based on the same AMI start out identical and any information on them is lost when the instances are terminated or fail A set of customer instances that have been designated by the custom
90. d e Attribute type identifier e ID of the AMI on which attributes are being modified e Action performed on the attribute e Attribute or attribute list item value type e Attribute or attribute list item value Errors are displayed on stderr Options Option Definition Required Example 1 Modifies the launchPermission prop Yes l erty API Version 2007 03 01 137 Amazon Elastic Compute Cloud Developer Guide Example LAUNCH PERMISSION Option Definition Required Example a ITEM_VALUE Adds or removes an attribute item The Yes a all r value of the item is ITEM_VALUE The ITEM_VALUE type of the item is inferred from the item value For launchPermission there are two item types e group The only group currently supported is the a11 group Adding this group sets public launch per missions for the AMI e userId Userld must be in the form of an AWS account id Adding userld items grants explicit launch permissions to that user for the AMI p Sets the productCodes property Yes p 774F4FF8 PRODUCT_CODE Example LAUNCH PERMISSION ec2 modify image attribute ami 5bae4b32 1 a 495219933132 launchPermission ami 5bae4b32 ADD userId 495219933132 Example PRODUCT CODE ec2 modify image attribute ami 5bae4b32 p 774F4FF8 productCodes ami 5bae4b32 productCode 774F4FF8 See Also e ModifyImageAttribute e ec2 reset image attribute e ec2 describe image attribute e Sharing AMI
91. d as an unencrypted PEM encoded PKCS 8 private key If a key with the specified name already exists an error is returned Output A table containing the following information is returned e Output type identifier KEYPAIR e Keypair name e Private key fingerprint e Private key This value is displayed on a new line Errors are displayed on stderr API Version 2007 03 01 118 Amazon Elastic Compute Cloud Developer Guide See Also Example ec2 add keypair gsg keypair KEY JE MII 5AU521 ebl i8Byg cfg B UlgilgqTbHk R4s3mHKBj814 91CXirkYGuVvft ZNUJs7rw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rx E9THjn 2eR1sr jBdeORi 7KiUNC pAG2 31 6MdDOF EI EOfanIn3Z08 1 LbCC2r7RI t5eclu4 brpb9F 8C3p 9bbUIVGyY5vLCAi Ib4qQOKBgQDLi024GxXrikswF32YtBBMuVgLGCw PAIR gsg keypair Sliae 28 b 89 e9 d8 1 25 5d 37 2d 7d b8 ca 9f 5 f1 6F EGIN RSA PRIVA FOQIBAAKCAQBuLFg5ujHr HungX029VTc8rclbW01kdi230H5eqkMHGhv Edp5a3q4DhjGlLUKToHVbicLS In8vpQWp4 7BGVYGtGSBMpTRP 5hnbzzuqj3it tePOxG1kGbF 6R4yg6sECmXn1 7MRQOVXODNHZbAgMBAA lXenxfI50mDFms mumTqloHO7tr0oriHDRSK7wMcY YY5Y LyLf zf0O SICE 3 S t j x D SC biss rd E5Ipz 9MCOd iDCiK6JBRs INLDL gC0izZzzNAapayzl JcVIww DQbsz7 HKYNWNvXgwwOt oiChjxv rBYVChJZF7I K 8zp4 ZK jTSu3i7vhavx g See Also 8TTvW ERKKdwz0Z EN 4 LCY1 RjTedc9I2qiI tV6iP cnT7c62 a HqXi LVU
92. d gt lt groupset gt lt item gt lt grouplid gt default lt groupId gt lt item gt lt groupSet gt lt instancesSet gt lt item gt lt instancelId gt i 2ba64342 lt instanceld gt lt imageId gt ami 60a54009 lt imageld gt lt instanceState gt API Version 2007 03 01 39 Amazon Elastic Compute Cloud Developer Guide Additional Web Services References lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt dnsName gt lt dnsName gt lt item gt lt item gt lt instancelId gt i 2bc64242 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt dnsName gt domU 13 35 33 00 00 5C dc2 compute amazonaws com lt dnsName gt lt item gt lt item gt lt instancelId gt i 2be64332 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt dnsName gt domU 12 34 28 00 00 5C dc2 compute amazonaws com lt dnsName gt lt item gt lt instancesSet gt lt RunInstancesResponse gt Additional Web Services References e Web Service Description Language WSDL e WS Security BinarySecurityToken Profile Using the Query API Making Requests HTTP Query based requests are defined as any HTTP requests using the HTTP verb GET or POST and a Query paramete
93. d with the pub lic addressing type have an internal and an external IP address See the section called Introduction to In stance Addressing for more informa tion on instance addressing Note cS To support the early beta legacy networking scheme direct is also supported for early beta users Instances launched Required No No No No Example n5 g fooGroup k fooKeyPair d my user data f data zip API Version 2007 03 01 143 Amazon Elastic Compute Cloud Developer Guide Example Option Definition Required Example with the direct addressing type have a single public IP address ec2 run instances ami 6ba54002 n 5 RESERVATION r 0ea54067 joeuser default INSTANCE i 3ea74257 ami 6ba54002 pending INSTANCE i 31a74258 ami 6ba54002 pending I I I I NSTANCE i 31a74259 ami 6ba54002 pending NSTANCE i 31a7425a ami 6ba54002 pending NSTANCI NSTANCI i1 31a7425b ami 6ba54002 pending i 31a7425c ami 6ba54002 pending D GA O See Also e Runlnstances e ec2 terminate instances e ec2 describe instances e ec2 add keypair e Using instance data ec2 terminate instances Synopsis ec2 terminate instances INSTANCEID INSTANCEID Description All instances indicated by the respective INTANCEID specified on the command line are terminated At least one INSTANCEID must be specified Output A table containing the following information is r
94. ddress of the instance in the new NAT environment must be used From your instance you can determine your public IP address by referring to the instance data PROMPT gt curl http 169 254 169 254 latest meta data public ipv4 Public DNS Each instance is also given an external DNS name This name is of the form c2 72 44 45 204 z 2 compute 1 amazonaws com This DNS name will resolve to the public IP address described above when resolved from outside Amazon EC2 and currently will resolve to the private IP address from within Amazon EC2 See note below Note VS Amazon EC2 instances cannot currently access other instances in the new NAT environment using their public NAT IP address Instead the private address of the instance in the new NAT environment must be used Securing the Network Anticipated API changes At present the API calls for authorizing and revoking permissions are still under development The remainder of this section outlines what you can depend on from this part of our API The command line API tools expose only the subset of the functionality that is expected to remain unchanged Callers may depend on now and in future being able to grant permissions to source address ranges specified with CIDRs specific protocol and ports or ICMP type code source user group tuples No additional granularity such as protocol and port or ICMP type code should be expected Concepts Security Groups
95. dentifier of the Secret Access Key used to AWS 4 AWS uses the Access Key ID to look up the Secret Access Key 5 AWS generates a signature from the request data and the Secret Access Key using the same algorithm used to calculate the signature in the request 6 If the signatures match the request is considered to be authentic If the comparison fails the request is discarded and AWS returns an error response Note VS If a request contains a Timestamp parameter the signature calculated for the request expires 15 minutes after the Timestamp value If a request contains an Expires parameter the signature expires at the time specified as the value for the Expires parameter Calculating Request Signatures The following steps demonstrate how to calculate a signature for requests to AWS 1 Based on the API Query SOAP REST being used construct a string 2 Compute an RFC 2104 compliant HMAC using the Secret AWS Access Key as the key This value should be base64 encoded and then included as the value for the Signature parameter for the request Calculating the string to sign The following steps demonstrate how to calculate the string to be signed 1 The query parameters not URL encoded need to be sorted case insensitively 2 Concatenate the parameter names and values without the initial or the separating amp and characters Given the following Query string to sign linebreaks added for clarity Action Descr
96. e The low byte is set based on the state represented e pending 0 API Version 2007 03 01 49 Amazon Elastic Compute Cloud Developer Guide IpPermissionType Member name IpPermissionType Description Type e running 16 e shutting down 32 e terminated 48 The current state of the instance xsd string e pending the instance is in the process of being launched e running the instance has been launched although it may not yet have completed the boot process e shutting down the instance has begun the shutdown process e terminated the instance has been terminated The IpPermissionType data type Relevant Operations Operations that use this data type include e AuthorizeSecurityGroupIngress e DescribeSecurityGroups e RevokeSecurityGroupIngress Contents The following table describes and shows the elements contained in IpPermissionType Member ipProtocol fromPort COPOrt groups Description Type IP Protocol xsd Start of port range for the TCP and xsd UDP protocols or an ICMP type number An ICMP type number of 1 indicates a wildcard i e any ICMP type number End of port range for the TCP and xsd UDP protocols or an ICMP code An ICMP code of 1 indicates a wildcard i e any ICMP code List of security group and user ID ec2 pairs string int int UserIdGroupPairType API Version 2007 03 01 50 Amazon Elastic Compute Cloud Develop
97. e and register the new image Request Parameters API Version 2007 03 01 105 Amazon Elastic Compute Cloud Developer Guide ResetIlmageAttribute The following table describes the request parameters for RegisterImage Parameter names are case sensitive Element Name Definition Re Type quired ImageLocation Full path to your AMI manifest in Yes string Amazon S3 storage Response Tags The following table describes the default response tags included in RegisterImage responses Element Name Definition Type imageId Unique ID of the newly registered machine xsd string image Sample Request https ec2 amazonaws com Action RegisterImag amp ImageLocation mybucket myimage manifest xml amp auth parameters Sample Response lt RegisterImageResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt RegisterImageResponse gt Related Operations e DescribeImages e DeregisterImage ResetimageAttribute The Reset ImageAttribute operation resets an attribute of an AMI to its default value The productCodes attribute cannot be reset Request Parameters The following table describes the request parameters for Reset ImageAttribute Parameter names are case sensitive Element Name Definition Re Type quired ImageId Id of the AMI for which an attribute will Yes string API Version 2007 03 01 106 Amazon Elastic Compute Cloud Developer Guide Revoke
98. e bundle a modified running instance of an existing AMI as described in the previous section ec2 bundle vol k pk HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem c cert HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem s 1000 u 495219933132 As with ec2 bundle image ec2 bundle vol will create image parts files and a manifest file Note EN If selinux is enabled when ec2 bundle vol is run the filesystem creation step may fail Selinux should be disabled while this is done Uploading a Bundled AMI The bundled AMI needs to be uploaded for storage in Amazon S3 before it can be accessed by Amazon EC2 Use ec2 upload bundle to upload the bundled AMI that you created as described above S3 stores data objects in buckets which are similar in concept to directories Buckets must have globally unique names The ec2 upload bundle utility will upload the bundled AMI to a specified bucket If the specified bucket does not exist it will be created However if the specified bucket already exists and belongs to another user then ec2 upload bundle will fail ec2 upload bundle b my bucket m image manifest xml a my aws access key id s my secret key id The AMI manifest file and all image parts are uploaded to S3 The manifest file is encrypted with the Amazon EC 2 public key before being uploaded Building Shared AMIs API Version 2007 03 01 11 Amazon Elastic Compute Cloud Developer Guide Platform Notes This section describes best practi
99. e following command to log in with your own private key PROMPT gt ssh i id_rsa gsg keypair root domU 12 34 31 00 00 05 usmal1 compute amazonaws com root my instance Otherwise use the plain ssh command and supply the appropriate password when prompted PROMPT gt ssh root domU 12 34 31 00 00 05 usmal compute amazonaws com root my instance You now have complete control over the instance and may add remove modify or upgrade packages and files to suit your needs Some of the basic configuration settings related to the Amazon EC2 environment such as the network interface configuration and etc fstab contents should only be changed with extreme care to avoid making the AMI unbootable or inaccessible from the network once running Upload the Key and Certificate API Version 2007 03 01 5 Amazon Elastic Compute Cloud Developer Guide Creating through a Loopback File The new AMI will be encrypted and signed to ensure that it can only be accessed by you and Amazon EC2 You therefore need to upload your Amazon EC private key and X 509 certificate to the running instance for use in the AMI bundling process Assuming the private key and X 509 certificate are contained in files pk HKZYKTAIG2ECMXY IBH3HXV4ZBZQ055CLO pem and cert HKZYKTAIG2ECMXY IBH3HXV4ZBZQ55CLO pem copy both of these files to your instance PROMPT gt scp pk HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem cert HKZYK TAIGZECMXYIBH3HXV4ZBZQ55CLO pem root domU
100. e specified as a single integer or as a range min max This op tion only applies when specifying a CIDR subnet as the source If the protocol is ICMP the ICMP type and code must be specified This must be specified as type code where both are integers Type or code or both may be spe cified as 1 which acts as a wild card This option only applies when specifying a CIDR subnet as the source The owner of a group specified us ing o If this is not specified all groups will refer to the current user If specified more than once there must be exactly one u per o and each user will be mapped to the corresponding group The network source from which traffic is to be revoked specified as a security Group See the descrip tion of the u parameter for group owner information The network source from which traffic is to be revoked specified as a CIDR Subnet range Required Example Yes P tcp Yes p 80 Yes t 2 5 No u 495219933132 No o outsideworld No s 205 192 8 45 24 API Version 2007 03 01 141 Amazon Elastic Compute Cloud Developer Guide See Also Example ec2 revoke websrv P tcp p 80 s 205 192 0 0 16 GROUP websrv PERMISSION websrv ALLOWS tcp 80 80 FROM CIDR 205 192 0 0 16 See Also RevokeSecurityGroupIngress ec2 add group ec2 describe groups ec2 delete group ec2 authorize ec2 run instances Synopsis ec2 run instances AMI n INSTANCE_COUNT g GROUP g GROUP
101. eImages responses Element Name Definition Type imagesSet A list of image descriptions c2 DescribeImagesResp onselItemType Sample Request https ec2 amazonaws com Action DescribeImages amp ImagelId 1l ami 61a54008 amp auth parameters Sample Response lt DescribeImagesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imagesSet gt lt item gt lt imageId gt ami 61a54008 lt imageld gt lt imageLocation gt aes ttylinux image manifest xml lt imageLocation gt lt imageState gt available lt imageState gt lt imageOwnerId gt UYY3TLBUXIEON5NQVUUX 60MPWBZIOQNFM lt imageOwnerlId gt lt isPublic gt false lt isPublic gt lt productCodes gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodes gt lt item gt lt imagesSet gt lt DescribeImagesResponse gt Related Operations e DescribeInstances e DescribeImageAttribute Describelnstances The DescribeInstances operation returns information about instances owned by the user making the request API Version 2007 03 01 97 Amazon Elastic Compute Cloud Developer Guide Describelnstances An optional list of instance IDs may be provided to request information for those instances only If no instance IDs are provided information of all relevant instances information will be returned If an instance is specified that does not exist a fault is returned If an instance is specified that e
102. eated image part 01 Created image part 02 Created image part 03 Created image part 22 Created image part 23 Generating digests for each part Digests generated Creating bundle manifest Bundle Volume complet See Also e ec2 bundle image e ec2 unbundle e ec2 upload bundle e ec2 download bundle e ec2 delete bundle ec2 delete bundle Synopsis ec2 delete bundle b S3 BUCKET a AWS ACCESS KEY ID s AWS SECRET KEY m MANIFEST PATH p PREFIX url URL retry y Description Delete the specified bundle from S3 storage Output API Version 2007 03 01 124 Amazon Elastic Compute Cloud Developer Guide Options Status messages indicating the various stages of the delete process are displayed Options Note cS Note that this tool does not support the common arguments Option b bucket S3 BUCKET a access key USER s secret key PASSWORD m manifest MANIFEST PATH p prefix PREFIX url URL retry Yr yes help manual Example Definition The name of the Amazon S3 bucket containing the bundled AMI The user s AWS access key ID The user s AWS secret access key The path to the unencrypted manifest file The bundled AMI part filename prefix The S3 service URL Defaults to ht tps s3 amazonaws com Automatically retry failed uploads Use with caution Automatically assume the answer to all prom
103. ection called GetConsoleOutput The corresponding command line tool described in the section called ec2 get console output can be used to retrieve the console output for an instance and display it to the user Console output can only be accessed by the instance owner Reboot Instances As machines can be rebooted by pressing the reset button EC2 instances can be rebooted through the SOAP API described in the section called RebootInstances and the Query API described in the section API Version 2007 03 01 28 Amazon Elastic Compute Cloud Developer Guide Reboot Instances called RebootInstances The corresponding command line tool described in the section called ec2 reboot instances can be used to reboot a set of specified instances from the command line API Version 2007 03 01 29 Amazon Elastic Compute Cloud Developer Guide Introduction to Instance Addressing Using and Securing the Network Introduction to Instance Addressing All Amazon EC2 instances are assigned two IP addresses at launch a private address and a public address The public IP address is directly mapped to the private address through Network Address Translation NAT Private addresses are only reachable from within the Amazon EC2 network Public addresses are reachable from the Internet Amazon EC2 also provides an internal DNS name and a public DNS which map to the private and public IP addresses respectively The intern
104. ecuted by the owner of the AMI This feature is useful when an AMI owner is providing support and wants to verify whether a user s instance is eligible Request Parameters The following table describes the request parameters for ConfirmProduct Instance Parameter names are case sensitive API Version 2007 03 01 59 Amazon Elastic Compute Cloud Developer Guide CreateKeyPair Element Name Definition Re Type quired productCode The product code to confirm is attached Yes xsdstring to the instance instancelId The instance to confirm the product code Yes xsdstring is attached to Response Tags The following table describes the default response tags included in ConfirmProduct Instance responses Element Name Definition Type return True if the product code is attached to the in xsd boolean stance false if it is not ownerId The instance owner s account id Only present xsdstring if the product code is attached to the instance Sample Request lt ConfirmProductInstance xmlns http ec2 amazonaws com doc 2007 03 01 gt lt productCode gt 774F4FF8 lt productCode gt lt instancelId gt i 10a64379 lt instancelId gt lt ConfirmProductInstance gt Sample Response lt ConfirmProductInstanceResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt ownerlId gt 254933287430 lt ownerId gt lt ConfirmProduct InstanceResponse gt Related Operations e DescribeInsta
105. ed and signed for integrity and non repudiation WS Security defines profiles which are used to implement various levels of security Amazon EC2 secure SOAP messages use BinarySecurityToken profile consisting of an X 509 certificate with an RSA public key Programming Language Support in Amazon EC2 Since the SOAP requests and responses in the Amazon EC2 Web Service follow current standards any API Version 2007 03 01 37 Amazon Elastic Compute Cloud Developer Guide Request Authentication programming language with the appropriate library support may be used Languages known to have such support include C C Java Perl Python and Ruby Currently we only supply java libraries for our API but expect to release additional language bindings in the future Request Authentication The following is an insecure request to run instances lt RunInstances xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt lt item gt lt imageId gt ami 60a54009 lt imageld gt lt minCount gt 1 lt minCount gt lt maxCount gt 3 lt maxCount gt lt item gt lt instancesSet gt lt groupSet gt lt RunInstances gt In order to secure the request we must add the BinarySecurityToken element mentioned above The Java libraries we supply rely on the Apache Axis project for XML security canonicalization and SOAP support The Sun Java Web Service Developer s Pack supplies libraries of equivalent functionality The secure
106. ence Introduction The Amazon EC2 command line tools provide a command line interface to the web service API This section describes each tool and its command line arguments in detail Command line options and arguments are based on the GNU getopt conventions Optional parameters are indicated by means of flags Flags typically come in a short and long form although not all flags exist in both forms In their short form flags are a single character prefixed with a single dash In their long form flags use a longer more expressive name prefixed with a double dash Optional parameters typically have default values or may be required only when other optional parameters are specified and order is unimportant For all remaining parameters order does matter A number of command line options apply to all of the command line tools These are covered below and for reasons of brevity are not included in the description of each of the specific tools Errors Any service errors encountered by the command line tools will be passed straight through from the API A list of these errors can be seen in the section called API Error Codes Common Options Most command line tools covered in the following sections accept a common set of optional parameters as follows Element Name Definition Valid Values _ Example Types U URL URL is the uniform resource locator of the URL U ht Amazon EC2 web service entry point This op tp ec2 a tion de
107. ephemeral store dev sda2 This file is named openssh_id pub and its format is compatible with the OpenSSH authorized_keys file Note EN The HTTP request is the preferred method of retrieving the public key The second method is deprecated and will be phased out in future versions of the service This means at boot all your AMI need do is retrieve the key value and append it to root ssh authorized_keys or the equivalent for any other user account on the AMI and users will be able to launch instances of your AMI with a keypair and log in without requiring a root password if d root ssh then mkdir p root ssh chmod 700 root ssh fi Fetch public key using HTTP curl http 169 254 169 254 2007 03 01 meta data public keys 0 openssh key gt tmp my key if eq 0 then cat tmp my key gt gt root ssh authorized_keys API Version 2007 03 01 13 Amazon Elastic Compute Cloud Developer Guide Disable sshd DNS Checks chmod 600 root ssh authorized_keys rm tmp my key fi or fetch public key using the file in th phemeral store if e mnt openssh_id pub then cat mnt openssh_id pub gt gt root ssh authorized_keys chmod 600 root ssh authorized_keys ESP This can be applied to any user account There is no reason to restrict it to root Note SS There s an implication of this step that you should be aware of rebundling an instance based on this image will include the key
108. equests API Reference provides a comprehensive reference to the SOAP and Query APIs Command Line Tools Reference provides a comprehensive reference to the command line tools supplied by Amazon EC2 Technical FAQ is a collection of interesting and commonly asked questions Glossary is a simple glossary of Amazon EC2 terminology API Version 2007 03 01 2 Amazon Elastic Compute Cloud Developer Guide Creating an AMI Working with AMIs This section details how to build store and share AMIs Creating an AMI There are several techniques for creating an AMI offering a mix of ease of use and detailed customization levels The easiest method involves starting from an existing public AMI and modifying it according to your requirements as described in the section called Starting with an Existing AMT Another approach is to build a fresh installation either on a stand alone machine or on an empty file system mounted by loopback This essentially entails building an operating system installation from scratch and is described in the section called Creating through a Loopback File Once the installation package has been built to your satisfaction it needs to be bundled and uploaded to Amazon S3 as described in the section called Bundling an AMPT Starting with an Existing AMI This is the quickest and easiest of the methods to get a new working AMI Start with an existing public AMI or one of your own You can then mod
109. equire lt info gt tags around each member Throughout the API type references for parameters that accept such a list of values are specified using the notation type The type referred to in these instances is the type nested within the lt info gt tag for Amazon EC2 types this is defined in the WSDL For example the lt imagesSet gt element in the following XML snippet is of type xsd string lt imagesSet gt lt item gt lt imageId gt ami 61a54008 lt imageld gt lt item gt lt item gt lt imageId gt ami 61b54608 lt imageld gt lt item gt lt imagesSet gt And the lt instancesSet gt element in the following XML snippet is of type ec2 RuninstancelItemType lt instancesSet gt lt item gt lt imageId gt ami 60a54009 lt imageld gt lt minCount gt 10 lt minCount gt lt maxCount gt 30 lt maxCount gt lt item gt lt item gt lt imageId gt ami 60b54209 lt imageld gt lt minCount gt 5 lt minCount gt lt maxCount gt 20 lt maxCount gt lt item gt lt instancesSet gt API Versioning All Amazon EC2 API updates are versioned This helps to minimize the impact of API changes on client software by making it possible to always send back a response that the client is capable of processing We endeavor as far as possible to retain backwards compatibility with new API revisions However there may be occasions where an incompatible API change is required In addition in newer API releases existing respon
110. er Guide LaunchPermissionltemType Member Description Type ipRanges List of CIDR IP range specifications xsd string LaunchPermissionItemType The LaunchPermissionItemType data type Relevant Operations Operations that use this data type include e ModifyImageAttribute e DescribeImageAttribute Contents The following table describes and shows the elements contained in LaunchPermissionItemType Element Name Description Required group A launch permission for a group Cur Choice between group and rently only all is supported which gives userId public launch permissions userId A launch permission for a user userIdis Choice between group and an AWS account id userId LaunchPermissionOperationType The LaunchPermissionOperationType data type Relevant Operations Operations that use this data type include e ModifyImageAttribute Contents The following table describes and shows the elements contained in LaunchPermissionOperationType Element Name Description Required add Adds launch permissions Choice between add and remove remove Removes launch permissions Choice between add and remove API Version 2007 03 01 51 Amazon Elastic Compute Cloud Developer Guide ProductiInstanceResponseltemType ProductCodeltemType The ProductCodeItemType data type Relevant Operations Operations that use this data type include e ModifyImageAttribute e DescribeImageAttribute Contents The following table d
111. er as being related by assigning them the same security group when the instances were first run The Amazon EC2 firewall controls access to instances based on the instance s group membership and the rules defined for the group AMI attribute allowing users to launch an AMI An AMI that all users have launch permissions for A collection of instances started as part of the same launch request An AMI that users other than the owner have launch permissions for API Version 2007 03 01 156 Amazon Elastic Compute Cloud Developer Guide Typographical Conventions Document Conventions This section establishes the common typographical and symbol use conventions for AWS technical publications Typographical Conventions This section describes common typographical use conventions Convention Call outs Code in text Code blocks Emphasis Internal cross refer ences Description Example A call out is a number in the body text to give you a visual reference The reference point is for further discussion elsewhere You can use this resource regularly Inline code samples including XML and commands are identified with a special font You can use the command java version Blocks of sample code are set apart from the body and marked accordingly ls l var www html index html rw rw r 1 root root 1872 Jun 21 09 33 var www html index html date Wed Jun 21 09 33 42 EDT 2006 Unusual or impor
112. err Options Option si IN STANCE_COUNT g GROUP k KEY d USER DATA f FILE_NAME addressing ADDRESS_TYPE Definition The number of instances to launch If not specified a value of 1 will be as sumed If it is not possible to launch at least this many instances due to a lack of capacity or funds no instances will be launched If specified as a range min max Amazon EC2 will try to launch as many instances as possible up to max but will launch no fewer than min instances The security group s within which the instance s should be run This determ ines the ingress firewall rules that will be applied to the instances By default instances will run in the user s default group If more than one group is spe cified the security policy of the in stances will be the union of the secur ity policies of the specified groups The keypair to make available to these instances at boot time The data to make available to these in stances The data is read off the com mand line from the USER_DATA argu ment If you want the data to be read from a file see the f option The data to make available to these in stances The data is read from the file specified by FILE_NAME If you want to specify user data on the command line use the a flag d option The address type with which the in stance will be launched The supported values for ADDRESS_TYPE is pub lic Instances launche
113. ersion of RunInstances only allows instances of a single AMI to be launched in one call This is different from the SOAP API call of the same name but similar to the ec2 run instances command line tool A call to RuniInstances is guaranteed to start no fewer than the requested minimum If there is insufficient capacity available then no instances will be started Amazon EC2 will make a best effort API Version 2007 03 01 109 Amazon Elastic Compute Cloud Developer Guide RunInstances attempt to satisfy the requested maximum values Every instance is launched in a security group This may be specified as part of the launch request If a security group is not indicated then instances are started in a the default security group An optional keypair ID may be provided for each image in the launch request All instances that are created from images for which this is provided will have access to the associated public key at boot time detailed below This key may be used to provide secure access to an instance of an image on a per instance basis Amazon EC2 public images make use of this functionality to provide secure passwordless access to instances and launching those images without a keypair ID will leave them inaccessible The public key material is made available to the instance at boot time by placing it in a file named openssh_id pub on a logical device that is exposed to the instance as dev sda2 the ephemeral store The format of
114. es e ModifyImageAttribute e ResetImageAttribute Describelmages The DescribeImages operation returns information about AMIs available for use by the user This includes both public AMIs those available for any user to launch and private AMIs those owned by the user making the request and those owned by other users that the user making the request has explicit launch permissions for The list of AMIs returned can be modified through optional lists of AMI IDs owners or users with launch permissions If all three optional lists are empty all AMIs the user has launch permissions for are returned Launch permissions fall into three categories Launch Permis Description sion public The all group has launch permissions for the AMI All users have launch per missions for these AMIs explicit The owner of the AMIs has granted a specific user launch permissions for the AMI implicit A user has implicit launch permissions for all AMIs he or she owns If one or more of the lists are specified the result set is the intersection of AMIs matching the criteria of the individual lists Providing the list of AMI IDs requests information for those AMIs only If no AMI IDs are provided information of all relevant AMIs will be returned If an AMI is specified that does not exist a fault is returned If an AMI is specified that exists but the user making the request does not have launch permissions for then that AMI will not be included in the re
115. escribes the elements contained in Product CodelItemType Element Name Description Required Type productCode A product code Yes xsd string ProductInstanceResponseltemType The Product InstanceResponselItemType data type Relevant Operations Operations that use this data type include Sg ConfirmProductInstance Contents The following table describes the elements contained in ProductInstanceResponseltemType Member Description Type productCode The product code attached to the in xsd string stance that matches one of the product codes in the ConfirmPro ductInstance request instancelId Unique ID of the instance xsd string ownerId The account ID of the owner of the xsd string instance ReservationInfoType The ReservationInfoType data type Relevant Operations API Version 2007 03 01 52 RunInstanceltemType Amazon Elastic Compute Cloud Developer Guide Operations that use this data type include e RunInstances e DescribeInstances Contents The following table describes and shows the elements contained in ReservationInfoType Member Description reservationId Unique ID of the reservation being described ownerId AWS Access Key ID of the user who owns the reservation groupSet Set of security groups these in stances were launched in instancesSet Information about instances started RuniInstanceltemType The RunInstanceItemType data type Relevant Operations Operations that use t
116. esrsserrrsrrerereee 51 ProductCodeltemType sneinen ana ereen e ees aeai asi aiies sisak 52 ProductInstanceResponseltemType sseseesesseeeeeseesesstererrsseessserreseeresrrerrrresrersse 52 Reserv toninfo Type viscose Sects ss seceseeed cass eoe e OE AR R NRE ren pen EE ENPE deed 52 RunInstanceltemType ssesssesesseeesesesessstesrsrterstessesresesteserresrertsreeresrnresenerreneeees 53 R nnimeInstancesItem Typs iire i e E E E S 54 SecurityGroupltemTy pessi aeee ee e r eE a EEE EEES Ao aa E e AaS 55 TerminateInstancesResponselnfoType sseesseesseseeesseeeereseeessreererreresrssererseeees 55 UserData Type gesi See EE EE 56 UserldGroupPair Ty pe ugeet ENEE SEENEN ENNER 56 BC2SOAP EE 57 By Gelee 57 AuthorizeSecurityGroupIngress esesssesesseerseesrrsssrerssrersseeersreserrenrrrrerrereseeess 58 ConfirmProductlnstance s sristi triest repere se rse a EE e iens 59 Create EE 60 CreateSecurityGroup se ee rea ne ene eee E eree eE aoe E aeae i iT 62 DeleteKey Pare eisiea E E E bs wee ede OR ees 63 DeleteSecurity Groups ini a E A E a E E N 64 D reesterlttage rrr Sesope tee neire e ee d operae O O E ege 64 Amazon Elastic Compute Cloud Developer Guide DescribeImageAttribute ii a een r aa Ena araa p E E EEE Eee a EE 66 Describe lmages ss iener tees E dE AE 67 Deseribelnstances oaie a a ra ENEE 69 Describe Key Pats a a a a ea e a aati eaa 71 DescribeSecurityGroups censire niessessies dees cases d EEEE E Ea 72 GetConsoleOut
117. est parameters for DescribeSecurityGroups Parameter names are case sensitive Element Name Definition Re Type quired securityGroup List of security groups to describe Yes xsd string Set Response Tags The following table describes the default response tags included in DescribeSecurityGroups responses Element Name Definition Type security Information about security groups ec2 SecurityGroupItemT GroupInfo vpell Sample Request lt DescribeSecurityGroups xmlns http ec2 amazonaws com doc 2007 03 01 gt lt securityGroupSet gt lt item gt lt groupName gt WebServers lt groupName gt lt item gt lt item gt lt groupName gt RangedPort sBySource lt groupName gt lt item gt lt securityGroupSet gt lt DescribeSecurityGroups gt Sample Response lt DescribeSecurityGroupsResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt securityGroupInfo gt lt item gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerId gt lt groupName gt WebServers lt groupName gt lt groupDescription gt Web lt groupDescription gt API Version 2007 03 01 72 Amazon Elastic Compute Cloud Developer Guide GetConsoleOutput lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 80 lt fromPort gt lt toPort gt 80 lt toPort gt lt groups gt lt ipRanges gt lt item gt lt cidrip gt 0 0 0 0 0 lt cidrIp gt lt item gt lt ipRanges gt lt item gt l
118. eter names are case sensitive Element Name Definition Re Type quired instancesSet One or more instance IDs returned from Yes xsd string previous calls to RunInstances Response Tags The following table describes the default response tags included in Reboot Instances responses Element Name Definition Type result An indication of whether the request was suc xsd boolean cessful Sample Request lt RebootInstances xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instancesSet gt API Version 2007 03 01 76 Amazon Elastic Compute Cloud Developer Guide Registerlmage lt item gt lt instancelId gt i 28a64341 lt instancelId gt lt item gt lt instancesSet gt lt RebootInstances gt Sample Response lt RebootInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt Reboot InstancesResponse gt Registerlmage The RegisterImage operation registers an AMI with Amazon EC2 Images must be registered before they can be launched Each AMI is associated with an unique ID which is provided by the EC2 service through the Registerimage operation As part of the registration process Amazon EC2 will retrieve the specified image manifest from Amazon S3 and verify that the image is owned by the user requesting image registration The image manifest is retrieved once and stored within the Amazon EC2 network Any modifications to an image in Amazon S3 inv
119. eturned e Output type identifier INSTANCE e The instance ID of the instance being terminated e The state of the instance prior to being terminated e The new state of the instance Errors are displayed on stderr API Version 2007 03 01 144 Amazon Elastic Compute Cloud Developer Guide See Also Example ec2 terminate instances i 3ea74257 INSTANCE i 3ea74257 running shutting down See Also e TerminatelInstances e ec2 run instances e ec2 describe instances ec2 unbundle Synopsis ec2 unbundle m MANIFEST PATH k PRIVATEKEY d DESTINATION DIRECTORY s SOURCE DIRECTORY Description Recreates the AMI from the bundled AMI parts Output Status messages indicating the various stages of the unbundling process are displayed Options Note cS Note that this tool does not support the common arguments Option Definition Required Example m The path to the unencrypted AMI Yes m manifest manifest file var MANIFEST spool my first bundle Manifest k The path to the user s PEM encoded Yes k privatekey RSA key file HOME pk 234242DEA KEY DCAFE pem s source The directory containing the bundled No s SOURCE AMI parts Defaults to the current dir tmp my bundled image DIRECTORY ectory d The directory to unbundle the AMI in No d tmp my image destination Defaults to the current directory DESTINATION DIRECTORY Note IS API Version 2007 03 01 145 Amazon Elastic
120. etween Amazon EC2 instances Using this address assures that your network traffic follows the highest bandwidth lowest cost and lowest latency path through our network From your instance you can determine your private IP address by asking the operating system PROMPT gt ifconfig eth0 or by referring to the instance data PROMPT gt curl http 169 254 169 254 latest meta data local ipv4 Internal DNS Name Each instance is given an internal DNS name This name is of the form domU 12 31 35 00 35 F3 z 2 compute 1 internal It will resolve to the private IP address described above when resolved from within Amazon EC2 and will not resolve outside of Amazon EC2 Public Addresses At launch time a public address is also associated with each Amazon EC2 instance using Network Address Translation NAT See RFC 1631 The IP Network Address Translator NAT for more information on NAT This public address is associated exclusively with the instance for its lifetime It is returned to Amazon EC2 when the instance terminates You must use this public address to access your instance from outside of Amazon EC2 and you should distribute this address to clients most likely through a DNS name that maps to it Note IS Amazon EC2 instances cannot currently access other instances through their public NAT API Version 2007 03 01 31 Amazon Elastic Compute Cloud Developer Guide Public DNS IP address Instead the private a
121. faults to the value of the EC2_URL envir mazon onment variable or http ec2 amazonaws com aws com if that is not set K The private key to use when constructing re File name K pk EC2 PRIVATE KE quests to Amazon EC2 This parameter defaults HKZYK API Version 2007 03 01 114 Amazon Elastic Compute Cloud Developer Guide By Function Element Name C EC2 CERT show empty fields debug By Function AMI Tools Definition to the value of the 1 ment variable EC2_PRIVATE_ EY environ The X509 certificate to use when constructing requests to Amazon EC2 This parameter de faults to the value of the EC2_c ment variable ERT environ Increase output verbosity This will print the SOAP request and response on the command line This is particularly useful if you re trying to build your own tools to talk directly to our SOAP API Shows empty columns as nil Print internal debugging information This is in tended to assist us to troubleshoot problems Show help If is specified as an argument to one of the parameters a list of arguments will be read from stdin This is useful for piping the output of one command into the input of another e ec2 bundle image e ec2 bundle vol es ec2 unbundle e ec2 upload bundle e ec2 download bundle Valid Values Types File name N A N A N A N A N A Example TAIG2ZECMXY IBH3HXV4ZB ZQ55CLO pe m
122. fier of the user that registered the image e image status e public or private indicating whether or not the image is visible to all users e product codes if any are attached the instance Errors are displayed on stderr Options Option Definition Required Example a All AMIs the user owns and has exe No a cution permissions for both public and explicit are returned 0o OWNER AMIs owned by the specified owner No o 123456789012 are returned Multiple owners may be specified OWNER is a AWS user ac API Version 2007 03 01 130 Amazon Elastic Compute Cloud Developer Guide Example Option Definition Required Example count ID the same ID in the result set for the user that registered the AMI The IDs amazon self and explicit may be specified to include AMIs owned by Amazon AMIs owned by the user and AMIs for which the user has explicit launch permissions re spectively x USER Only AMIs for which the specified No x self user has explicit launch permissions are returned USER can be a user s ac count ID self to return AMIs for which the sender of the request has ex plicit launch permissions or all to re turn AMIs with public launch permis sions Example ec2 describe images ami 78a54011 IMAGE ami 78a54011 powerdns image manifest xml 495219933132 available private 774F4FF8 See Also e DescribeImages e ec2 register e ec2 deregister ec2 describe instances Synopsis ec2 describe inst
123. g8x92Zd0fVhHOux51IZC UVSKWB4dyfecl tE8C3p9bbUIVGyY5vLCAi Ib4qQKBgQDLi024GXrikswF32YtBBMuVgLGCwU9h9H109mKAc2m8Cm1 J x UE5IpzRjTedc9Il2qiIMUTwtgnw42auSCzbUeYMURPtDqyQ7p6A jMu jp 9EPemcSVOK9IVXYLOPtco WOMCOdtV6iPkCN7gOqgiZXPRKaFbWADp1 6p8UAIvVS a5XXk5 JwKBgOCKkpHi2EISh1luRkhxljyWwc iDCikK6JBRsMvpLbc0Ov5dKwP5alolfmdR5PJaV2qvZs J 5CYNpMAy1 EDNTY50SIJU 0KFmObyhsbm rdLNLDL4 TcnT7c62 aHOlohYaf VCbRhtLIBfqGoQc7 sAc8vmKkesnF7CqCEKDyF dhrxYdQKB gC0iZzzNAapayz1 J3cVTwwEid6 j9JqNXbBc Z2YwMi TOFV P hwkX ypeOXnIUcw0OlTh YtGBVAC DObsz7LcY1lHgXiHKYNWNvXgww0 oiChjxvEkSdsTTIfnk4VSCvU9IBxXDbOHjJdiNDJbLb60ar92UN7V vrBYVChUZF7LVUH4 YmVpHAOGAbZ2X7XvoeEO uZ58 BGKOIGHByHBDixt zMhdJr15HTYjxK7OgTZm gK 8zp4L9IbvLGDMJO8vft 32XPEWuv1 8twCzFH CSWLOADZMZKSsBasOZ h1FwhdMgCMcY Qlzd4 JZKjTSu3i7vhvx6RzdSedXEMNTZWN4qlIx3kR5aHcukCgYA9T Zrvm1F0seQPbLknn7EghXI jBaT P8TTvVW 6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv x2xALI 91UBtv5o0hyloDoasL0OgijlhouRe 2ERKKdwz0ZL9SWq6VTdhr 5G6994CK72fy5WhyERbD jUIdHaK3M849JJuf 8cSrvSb4g SSS 5 END RSA PRIVATE KEY Launch an Instance You are now ready to launch an instance of the AMI you selected above API Version 2007 03 01 4 Amazon Elastic Compute Cloud Developer Guide Starting with an Existing AMI PROMPT gt ec2 run instances ami 5bae4b32 k gsg keypair INSTANCE i1 10a64379 ami 5bae4b3
124. gt 1 lt amiLaunchIndex gt lt item gt lt item gt lt instancelId gt i 2be64332 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt API Version 2007 03 01 82 Amazon Elastic Compute Cloud Developer Guide Terminatelnstances lt instanceState gt lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt amiLaunchIndex gt 2 lt amiLaunchIndex gt lt item gt lt instancesSet gt lt RunInstancesResponse gt Related Operations e DescribeInstances e TerminateInstances e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress e DescribeSecurityGroups TerminatelInstances The TerminateInstances operation shuts down one or more instances This operation is idempotent and terminating an instance that is in the process of shutting down or already terminated will succeed Terminated instances remain visible for a short period of time approximately one hour after termination after which their instance ID is invalidated Request Parameters The following table describes the request parameters for TerminateInstances Parameter names are case sensitive Element Name Definition Re Type quired instancesSet One or more instance IDs returned from Yes xsd string previous calls to RunInstances Response Tags The following table
125. he following table describes the request parameters for Reboot Instance Parameter names are case sensitive Element Name Definition Re Type quired InstancelId n One or more instance IDs returned from Yes string previous calls to RunInstances Response Tags The following table describes the default response tags included in Reboot Instances responses Element Name Definition Type result An indication of whether the request was suc xsd boolean cessful Sample Request https ec2 amazonaws com Action RebootInstances amp InstancelId 1 i 2ea64347 amp Instanceld 2 i 21a64348 amp auth parameters Sample Response lt RebootInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt Reboot InstancesResponse gt Registerlmage The RegisterImage operation registers an AMI with Amazon EC Images must be registered before they can be launched Each AMI is associated with an unique ID which is provided by the EC2 service through the Registerimage operation As part of the registration process Amazon EC2 will retrieve the specified image manifest from Amazon S3 and verify that the image is owned by the user requesting image registration The image manifest is retrieved once and stored within the Amazon EC2 network Any modifications to an image in Amazon S3 invalidate this registration If you do have to make changes and upload a new image deregister the previous imag
126. hed e running the instance has been launched although it may not yet have completed the boot process e shutting down the instance has begun the shutdown process e terminated the instance has been terminated The private DNS name assigned to xsd string the instance This DNS name is only contactable from inside the Amazon EC2 network This element remains empty until the instance enters a running state See Using and Securing the Network for more info The public DNS name assigned to xsd string the instance This DNS name is con tactable from outside the Amazon EC2 network This element remains empty until the instance enters a running state See Using and Securing the Network for more info An optional reason for the most re xsd string cent state transition This may be an empty string An optional key name If this in xsd string stance was launched with an associ ated key pair this is the name of that API Version 2007 03 01 54 Amazon Elastic Compute Cloud Developer Guide SecurityGroupltemType Element Name Description key pair amiLaunchIndex An optional AMI launch index which can be used to determine which instance this is in the launch group See using instance data for more info productCodes Product codes attached to this in stance SecurityGroupitemType The SecurityGroupItemType data type Relevant Operations Operations that use this data type include e Descri
127. his data type include e RunInstances Contents Type xsd string xsd string ec2 GroupSetType ec2 RunningInstancesItemTyp ell The following table describes and shows the elements contained in RunInstancelItemType Member imageId minCount maxCount keyName Description Unique ID of a machine image re turned by a call to Registerlmage Minimum number of instances to launch If minCount is more than Amazon EC2 can launch no in stances are launched at all Maximum number of instances to launch If maxCount is more than Amazon EC2 can launch the largest possible number above minCount will be launched instead The name of the keypair Type xsd string xsd int xsd int xsd string API Version 2007 03 01 53 Amazon Elastic Compute Cloud Developer Guide RunningInstancesltemType RunningInstancesitemType The RunningInstancesItemType data type Relevant Operations Operations that use this data type include e RunInstances Contents The following table describes and shows the elements contained in RunningInstancesItemType Element Name instanceld imageId instanceState privateDnsName dnsName reason keyName Description Type Unique ID of the instance launched xsd string Image ID of the AMI used to launch xsd string the instance The current state of the instance ec2 InstanceStateType e pending the instance is in the process of being launc
128. ibelImages amp AWSAccessKeyId 100MXFEV712ZS32X0OFTR2 amp SignatureVersion 1 amp Timestamp 2006 12 08T07 3A48 3A032 amp Version 2007 01 03 The HMAC signature should be calculated over the following string ActionDescribeImagesAWSAccessKey Id1LOQMXFEV71ZS32XOFTR2SignatureVersionlTimestamp2006 12 08T07 48 03ZVersion20 07 01 03 Calculating the HMAC signature Given the Query string above and the secret key DMADSS P fdaD jbK RRUhS aDr jsiZadgAUm8gRU2 the base64 encoded signature is as follows GjH39411Be6 qsgQutk7FpCJjpne API Version 2007 03 01 41 Amazon Elastic Compute Cloud Developer Guide Exa mple Request Shown below is a Java code sample to compute the signature from the string and the private key import import import java security Signaturel jJavax crypto Mac jJavax crypto spec Secr Exception public class Hmacl Example private static final String HMAC_SHA1l_ ALGORITHM tKeySpec HmacSHA1 ncoded RFC 2104 compliant HMAC signature Exception when signature generation fails Computes RFC 2104 compliant HMAC signature param data The data to be signed param key E The signing key return K The base64 throws 8 java security Signaturel public static String calculate throws java security Signa String result try get an hmac_shal key from th RFC2104HMAC String data tureException String key
129. ibes the default response tags included in CreateSecurityGroup responses Element Name Definition Type return true if call succeeded xsd boolean Sample Request lt CreateSecurityGroup xmlns http ec2 amazonaws com doc 2007 03 01 gt lt groupName gt WebServers lt groupName gt lt groupDescription gt Web lt groupDescription gt lt CreateSecurityGroup gt Sample Response lt CreateSecurityGroupResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt API Version 2007 03 01 62 Amazon Elastic Compute Cloud Developer Guide DeleteKeyPair lt return gt true lt return gt lt CreateSecurityGroupResponse gt Related Operations e RunInstances e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress e DeleteSecurityGroup DeleteKeyPair The DeleteKeyPair operation deletes a keypair Request Parameters The following table describes the request parameters for DeleteKeyPair Parameter names are case sensitive Element Name Definition Re Type quired keyName Name of the keypair to delete Yes xsd string Response Tags The following table describes the default response tags included in DeleteKeyPair responses Element Name Definition Type return true if the key was successfully deleted xsd boolean Sample Request lt DeleteKeyPair xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keyName gt example key name lt keyName gt lt DeleteKeyPair gt Samp
130. ication On the File menu click Properties When you see this style you must change the value of the content when you copy the text of a sample to a command line ec2 register lt your s3 bucket gt image manifest See also the symbol convention below Symbol Conventions This section describes the common use of symbols API Version 2007 03 01 158 Amazon Elastic Compute Cloud Developer Guide Symbol Conventions Convention Symbol Description Example Mutually exclusive parameters Parentheses and vertical bars Within a code description bar separators denote options from which one must be chosen data hdfread start stride edge square brackets Optional parameters Within a code description square brackets denote com XML variable text pletely optional commands or parameters o sed n quiet Use square brackets in XML ex amples to differentiate them from tags lt CustomerId gt ID lt Custom erlId gt Variables lt arrow brackets gt Within a code sample arrow brackets denote a variable that must be replaced with a valid value o ec2 register lt your s3 bucket gt image m anifest API Version 2007 03 01 159
131. ields Permission changes are propagated to instances within the security group being modified as quickly as possible However a small delay is likely depending on the number of instances that are members of API Version 2007 03 01 107 RevokeSecurityGroupIngress Amazon Elastic Compute Cloud Developer Guide the indicated group When revoking a user group pair permission GroupName SourceSecurit yGroupName and SourceSecurityGroupOwnerId must be specified When authorizing a CIDR IP permission GroupName IpProtocol FromPort ToPort and CidrIp must be specified Mixing these two types of parameters is not allowed Request Parameters The following table describes the request parameters for RevokeSecurityGroupIngress Parameter names are case sensitive Element Name GroupName SourceSecur ityGroupName SourceSecur ityGroupOwn erlId IpProtocol FromPort ToPort CidrIp Definition Name of the group to modify Name of security group to revoke access to when operating on a user group pair Owner of security group to revoke ac cess to when operating on a user group pair IP protocol to revoke access to when op erating on a CIDR IP Valid values are tcp udp and icmp Bottom of port range to revoke access to when operating on a CIDR IP This con tains the ICMP type if ICMP is being au thorized Top of port range to revoke access to when operating on a CIDR IP This con tains the
132. ies install under usr 1ib site_ruby Ruby should pick up this path automatically but if you see a load error when running one of the AMI utilities it may be because Ruby isn t looking there To fix this add usr 1ib site_ruby to Ruby s library path which is set in the RUBYLIB environment variable Documentation The manual describing the operation of each utility can be displayed by invoking it with the manual parameter For example ec2 bundle image manual API Version 2007 03 01 10 Amazon Elastic Compute Cloud Developer Guide Using the AMI Tools Invoking a utility with the help parameter displays a summary and list of command line parameters For example ec2 bundle image help Using the AMI Tools Once a machine image has been created it must be bundled as an AMI for use with Amazon EC2 as follows Use ec2 bundle image to bundle an image that you have prepared in a loopback file as described in the previous section ec2 bundle image i my image img k pk HKZYKTAIGZECMXYIBH3HXV4ZBZQ55CLO pem c cert HKZYKTAIGZECMXYIBH3HXV4ZBZQ55CLO pem u 12345678 This will create the bundle files image part 00 image part 01l image part NN image manifest xml Alternatively an AMI could be created by snapshotting the local machine root file system and bundling it all at once by using ec2 bundle vol note you will need to have root privileges to do this and SELinux must be disabled Use ec2 bundle vol to r
133. ify that as you see fit and subsequently create a new AMI with the ec2 bundle vol utility as decribed later in the section called Bundling an AMI Select an AMI The first step is to locate an AMI that contains the packages and services that you require This can be one of your own AMIs or one of the public AMIs provided by Amazon EC2 Use ec2 describe images to get a list of available AMIs as is shown below then select one of the listed AMIs and note its AMI ID e g ami Sbae4b32 PROMPT gt ec2 describe images IMAGE ami 60a54009 ec2 public images base fc4 apache manifest xml 475219833042 available public IMAGE ami 61a54028 lt your s3 bucket gt image manifest xml 495219933132 available private IMAGE ami 5bae4b32 ec2 public images getting started manifest xml 475219833042 available public IMAGE ami 6ea54007 ec2 public images base fc3 mysql manifest xml 475219833042 available public API Version 2007 03 01 3 Amazon Elastic Compute Cloud Developer Guide Starting with an Existing AMI Generate a Keypair This step is only required if you ve selected one of the public AMIs provided by Amazon EC2 A public private keypair must be created to ensure that you and only you have access to the instances that you launch PROMPT gt ec2 create keypair gsg keypair KEYPAIR gsg keypair livolrae 28 sbi 89 e9 d8s1is25 5a 37 2dt7d b8 ca 9f 25 12 6 BEGIN RSA PRIVA KEY aS MIIEoQIBAAKCAQBu
134. ilable Currently the APIs are available as SOAP calls and HTTP Query requests Using the SOAP API WSDL and Schema Definitions The Amazon EC2 web service can be accessed using the SOAP web services messaging protocol This interface is described by a Web Services Description Language WSDL document which defines the operations and security model for the service The WSDL references an XML Schema document which strictly defines the data types that may appear in SOAP requests and responses For more information on WSDL and SOAP please see the references in the section called Additional Web Services References All schemas have a version number The version number appears in the URL of a schema file and in a schema s target namespace The latest version is 2007 03 01 Upgrading is made easy by differentiating requests based on the version number In addition to the latest version the service will support the older versions for some time Once customer transition to the new version is complete the older versions will be retired The Amazon EC2 services API WSDL can be found at URLs of the form http ec2 amazonaws com doc VERSION ec2 wsdl where VERSION indicates the version of the API The current API version is 2007 03 01 and can thus be found at URL http ec2 amazonaws com doc 2007 03 01 AmazonEC2 wsdl Making Requests The Amazon EC2 web service complies with the current WS Security standard requiring SOAP request messages to be hash
135. imageld gt lt minCount gt 1 lt minCount gt lt maxCount gt 3 lt maxCount gt lt keyName gt example key name lt keyName gt lt item gt lt instancesSet gt lt groupSet gt lt userData version 1 0 encod ing base64 gt lt data gt VGhpcyBpcyBiYXNLIDYOIQO lt data gt lt userData gt lt addressingType gt public lt addressingType gt lt RuniInstances gt Sample Response lt RunInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt reservationId gt r 47a5402e lt reservationId gt lt ownerlId gt 495219933132 lt ownerId gt lt groupset gt lt item gt lt grouplId gt default lt groupId gt lt item gt lt groupSet gt lt instancesSet gt lt item gt lt instancelId gt i 2ba64342 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt amiLaunchIndex gt 0 lt amiLaunchIndex gt lt item gt lt item gt lt instanceld gt i 2bc64242 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt amiLaunchIndex
136. in both the Query API and SOAP API We recommend you familiarize yourself with the conventions we ve used in describing the API API Conventions Overview This topic discusses the conventions used in the Amazon EC2 API reference This includes terminology notation and any abbreviations used to illuminate the API The API reference is broken down into a collection of Actions and Data Types Actions Actions encapsulate the possible interactions with Amazon EC2 These can be viewed as remote procedure calls and consist of a request and response message pair Requests must be signed allowing Amazon EC2 to authenticate the caller For clarity the sample requests and responses illustrating each of the operations described in this reference are not signed Data Types and the Amazon EC2 WSDL The current version of the Amazon EC2 WSDL is available at the following location http ec2 amazonaws com doc 2007 03 01 AmazonEC2 wsdl Some libraries can generate code directly from the WSDL Other libraries require a little more work on your part Values provided as parameters to the various operations must be of the indicated type Standard XSD API Version 2007 03 01 43 Amazon Elastic Compute Cloud Developer Guide API Versioning types like string boolean int are prefixed with xsd Complex types defined by the Amazon EC2 WSDL are prefixed with ec2 Parameters that consist of lists of information are defined within our WSDL to r
137. instances ami eca54085 RESERVATION r 01927768 598916040194 INSTANCE i cfd732a6 ami eca54085 pending 0 n 2 After a little wait for image launch to complete Albert who is a cautious type checks the access tules of the default group S ec2 describe group default GROUP 598916040194 default default group PERMISSION default ALLOWS all FROM USER 598916040194 GRPNAME default and notices that it only accepts ingress network connections from other members of the default group for all protocols and ports 3 Albert being paranoid as well as cautious port scans his instance nmap P0 pl 100 domU 12 31 33 00 01 56 usmal compute amazonaws com Starting nmap 3 81 http www insecure org nmap at 2006 08 07 15 42 SAST All 100 scanned ports on domU 12 31 33 00 01 56 usmal compute amazonaws com 216 182 228 116 are filtered Nmap finished 1 IP address 1 host up scanned in 31 008 seconds 4 Albert decides he should be able to SSH into his instance but only from his own machine ec2 authorize default P tcp p 22 s 192 168 1 130 32 ROUP default ERMISSION default ALLOWS tcp 22 22 FROM CIDR 192 168 1 130 32 U Q 5 Repeating the port scan nmap P0 p1 100 domU 12 31 33 00 01 56 usmal compute amazonaws com Starting nmap 3 81 http www insecure org nmap at 2006 08 07 15 43 SAST Interesting ports on domU 12 31 33 00 01 56 usmal compute amazonaws com 216 182 228 116 The 99 po
138. ir API Version 2007 03 01 57 Amazon Elastic Compute Cloud Developer Guide AuthorizeSecurityGroupIngress Image Attributes e ModifyImageAttribute e DescribeImageAttribute e ResetImageAttribute Security Groups e CreateSecurityGroup e DescribeSecurityGroups e DeleteSecurityGroup e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress AuthorizeSecurityGroupIngress The AuthorizeSecurityGroupIngress operation adds permissions to a security group Permissions are specified in terms of the IP protocol TCP UDP or ICMP the source of the request by IP range or an Amazon EC2 user group pair source and destination port ranges for TCP and UDP and ICMP codes and types for ICMP Note VS Changes are anticipated in this API that may restrict further what is allowable Please consult the section called Anticipated API changes for more details Permission changes are propagated to instances within the security group being modified as quickly as possible However a small delay is likely depending on the number of instances that are members of the indicated group Request Parameters The following table describes the request parameters for AuthorizeSecurityGroupIngress Parameter names are case sensitive Element Name Definition Re Type quired userId AWS Access Key ID Yes xsd string groupName Name of the group to modify Yes xsd string ipPermissions Set of permissions to add to the group Yes ec2
139. k KEY d USER_DATA f FILE_NAME addressing ADDRESSING_TYPE Description Launches one or more instances of the specified AMI Optional parameters include A security group New instances will be launched in this group If no group is specified instances are launched in the default group A keypair name The public key associated with this keypair name will be made available to the instances at boot time User data This data will be made available to the launched instances See using instance data for more info Addressing type This specifies if the instance will have a NATted address or not See Using and Securing the Network for more information on instance addressing If the AMI has a product code attached for which the user has not subscribed the ec2 run instances call will fail Output A table containing the following information is returned Output type identifier INSTANCE Instance ID which uniquely identifies each running instance AMI ID of the image the instance is based on DNS name associated with the instance only present for instances in the running state Instance state This will in most cases be pending which indicates that the instance is being prepared for launch Key name If a key was associated with the instance at launch it s name will be displayed in this column API Version 2007 03 01 142 Options Amazon Elastic Compute Cloud Developer Guide Errors are displayed on std
140. le Response lt DeleteKeyPair xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt DeleteKeyPair gt Related Operations e CreateKeyPair API Version 2007 03 01 63 Amazon Elastic Compute Cloud Developer Guide DeleteSecurityGroup e DescribeKeyPairs DeleteSecurityGroup The DeleteSecurityGroup operation deletes a security group If an attempt is made to delete a security group and any instances exist that are members of that group a fault is returned Request Parameters The following table describes the request parameters for DeleteSecurityGroup Parameter names are case sensitive Element Name Definition Re Type quired groupName Name of the security group to delete Yes xsd string Response Tags The following table describes the default response tags included in DeleteSecurityGroup responses Element Name Definition Type return true if group deleted xsd boolean Sample Request lt DeleteSecurityGroup xmlns http ec2 amazonaws com doc 2007 03 01 gt lt groupName gt RangedPort sBySource lt groupName gt lt DeleteSecurityGroup gt Sample Response lt DeleteSecurityGroupResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt DeleteSecurityGroupResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress Deregisterlmage A
141. licit launch permissions for The list of AMIs returned can be modified through optional lists of AMI IDs owners or users with launch permissions If all three optional lists are empty all AMIs the user has launch permissions for are returned Launch permissions fall into three categories Launch Permis Description sion public The all group has launch permissions for the AMI All users have launch per missions for these AMIs explicit The owner of the AMI granted launch permissions to a specific user for the AMI implicit A user has implicit launch permissions for all AMIs he or she owns If one or more of the lists are specified the result set is the intersection of AMIs matching the criteria of the indivdual lists API Version 2007 03 01 67 Amazon Elastic Compute Cloud Developer Guide Describelmages Providing the list of AMI IDs requests information for those AMIs only If no AMI IDs are provided information of all relevant AMIs will be returned If an AMI is specified that does not exist a fault is returned If an AMI is specified that exists but the user making the request does not have launch permissions for then that AMI will not be included in the returned results Providing the list of owners requests information for AMIs owned by the specified owners only Only AMIs the user has launch permissions for are returned The items of the list may be account ids for AMIs owned by users with those account ids amazo
142. lt name gt lt instanceState gt lt privateDnsName gt domU 12 31 35 00 1E 01 z 2 compute 1 internal lt privateDnsName gt T lt dnsName gt ec2 72 44 33 4 z 2 compute 1 amazonaws com lt dnsName gt lt keyName gt example key name lt keyName gt API Version 2007 03 01 98 Amazon Elastic Compute Cloud Developer Guide DescribeKeyPairs lt productCodesSet gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodesSet gt lt item gt lt instancesSet gt lt item gt lt reservationSet gt lt DescribeInstancesResponse gt Related Operations e RunInstances e TerminatelInstances DescribeKeyPairs The DescribeKeyPairs operation returns information about keypairs available for use by the user making the request Selected keypairs may be specified or the list may be left empty if information for all registered keypairs is required Request Parameters The following table describes the request parameters for DescribeKeyPairs Parameter names are case sensitive Element Name Definition Re Type quired KeyName n Keypair IDs to describe No string Response Tags The following table describes the default response tags included in DescribeKeyPairs responses Element Name Definition Type keySet A list of keypair descriptions c2 DescribeKeypairsRe sponseltemType Sample Request https ec2 amazonaws com Action DescribeKeyPairs amp KeyName 1 example
143. lt output gt TGludxggdmVyc21vbiAyLjYuMTYteGVuVSAoYnVpbG SkgKGdj YyB2ZXJzaW9uIDOQuMC4 xIDIwMDUWNzI3IChSZWOgSGF0IDQUMC dCAyNiAwODoOMToyNiBTOVNUIDIWMDYKOk1PUylwcm92aWR1ZC RlckBwYXRjaGJhdC5ShbWF 6b25zyY 4xLTUpKSAJMSBTTVAgGVGh1IE94 BwaH1zaWNhbCBSQUOgbWEwOgpY ZW4 6 IDAWMDAwMDAWwMDAWwMDAWMDAgLSAwMDAWMDAWMDZhHNDAWMDAWwICh1c2FibGUpC jk4ME1CIEhJ ROHNRUOgGYXZhaWxhYmx1lLgo3MjdNQiBMT1dNRUOgYXZhaWxhYmx1LgpOWCAoRXh1Y3VOZSBEaXNh Ymx1KSBwcm90ZWNOaW9u0iBhY 3RpdmUKSVJRIGKVY2t1cCBkZxX bHOGMSB6b251bG1zdHMKS2VybmVsIGNvbWlhbmQgbGluZTogem bmF ibGluZyBmYXNOTEZOVSBzYXZ1LIGFuZCByZXN0Ob3JU1Li4uIG lt GetConsoleOutputResponse gt ModifylmageAttribute RLY3Rpb24gZG1zYWJIJsZWOKOnVp 9vdDOVZGV2L3NkKYTEgcm8gNApF RvbmUuCg lt output gt The ModifyImageAttribute operation modifies an attribute of an AMI Attributes Attribute Name Type launchPermission List Description Controls who has permission to launch the AMI Launch permis sions can be granted to specific users by adding userlds The AMI can be made public by adding the all group API Version 2007 03 01 102 ModifylmageAttribute Amazon Elastic Compute Cloud Developer Guide Attribute Name productCodes Request Parameters Type List Description Associates product codes with AMIs This allows a developer to charge a user extra for using the AMIs productCodes is a write once attribute once it has been set it can not be changed or removed
144. mission ami 5bae4b32 RESET Publishing Shared AMIs AMIs can be published by posting them in the Amazon Web Services Resource Center Public AMIs Folder The following information must be included when publishing AMIs e AMI id e AMI manifest We recommend the following information should also be included when publishing AMIs e Publisher e Publisher URL e OS Distribution e Key Features e Description e Daemons Services e Release Notes The following template can be cut and pasted into the document You must be in HTML edit mode lt strong gt AMI amp nbsp ID lt strong gt ami id lt br gt lt strong gt AMI amp nbsp Manifest lt strong gt bucket image manifest xml lt br gt lt h2 gt About this AMI lt h2 gt lt ul gt lt li gt Published by Publisher lt a href http www mysite com gt http www mysite com lt a gt lt br gt lt li gt lt li gt Key Features lt br gt lt li gt lt li gt Description lt li gt lt li gt This image contains the following daemons services lt ul gt API Version 2007 03 01 16 Amazon Elastic Compute Cloud Developer Guide Publishing Shared AMIs lt li gt Daemon 1 lt 1li gt lt li gt Daemon 2 lt 1li gt lt ul gt lt li gt lt ul gt lt h2 gt lt strong gt What amp 39 s New lt strong gt lt h2 gt The following changes were made on Date lt br gt lt ul gt lt li gt Release Notes 1 lt li g
145. n for AMIs owned by Amazon or se1f for AMIs owned by the user making the request The executable list may be provided to request information for AMIs that only the specified users have launch permissions for The items of the list may be account ids for AMIs owned by the user making the request that the users with the specified account ids have explicit launch permissions for ze 7 for AMIs the user making the request has explicit launch permissions for or a11 for public AMIs Deregistered images will be included in the returned results for an unspecified interval subsequent to deregistration Request Parameters The following table describes the request parameters for DescribeImages Parameter names are case sensitive Element Name Definition Re Type quired imageSet AMI IDs to describe Yes but xsd string may be empty ownersSet Owners of AMIs to describe Yes but xsd string may be empty execut Describe AMIs that the specified users Yes but xsd string ableBySet have launch permissions for may be empty Response Tags The following table describes the default response tags included in DescribeImages responses Element Name Definition Type imagesSet A list of image descriptions c2 DescribeImagesResp onselItemType Sample Request lt DescribeImages xmlns http ec2 amazonaws com doc 2007 03 01 gt lt executableBySet gt lt item gt lt user gt all lt user gt lt item gt lt executableBySet gt
146. nces e RunInstances CreateKeyPair The CreateKeyPair operation creates a new 2048 bit RSA keypair and returns a unique ID that can be used to reference this keypair when launching new instances Request Parameters API Version 2007 03 01 60 Amazon Elastic Compute Cloud Developer Guide CreateKeyPair The following table describes the request parameters for CreateKeyPair Parameter names are case sensitive Element Name Definition Re Type quired keyName A unique name for this key Yes xsd string Response Tags The following table describes the default response tags included in CreateKeyPair responses Element Name Definition Type keyName The key name provided in the original re xsd string quest keyFingerprint A SHA 1 digest of the DER encoded private xsd string key keyMaterial An unencrypted PEM encoded RSA private xsd string key Sample Request lt CreateKeyPair xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keyName gt example key name lt keyName gt lt CreateKeyPair gt Sample Response lt CreateKeyPairResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keyName gt example key name lt keyName gt lt keyFingerprint gt 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f f5 f1 6f lt keyFingerprint gt lt keyMaterial gt BEGIN RSA PRIVATE KEY MI TEOQIBAAKCAQBuLFg5ujHrtml jnut Suc08Xe56L1T HM8v xkaa3 9EStM3 aFxTHgGELOiJLChp HungXQ2 9VTc8rclbW01lkdi230H5eqkMHGhvEwqa0HWASUM1
147. ning 1 See Also e DescribeInstances e ec2 run instances e ec2 terminate instances ec2 describe keypairs Synopsis ec2 describe keypairs KEY Description Describes the current state of each KEY specified on the command line If no KEYs are explicitly listed then all KEYs owned by the current user are included in the output Output A table containing the following information is returned e A output type identifier KEYPAIR e Keypair identifier e Private key fingerprint Errors are displayed on stderr API Version 2007 03 01 132 Amazon Elastic Compute Cloud Developer Guide See Also Example ec2 describe keypairs gsg keypair KEYPAIR gsg keypair 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f f5 f1 6f See Also e DescribeKeypairs e ec2 add keypair e ec2 delete keypair ec2 download bundle Synopsis ec2 download bundle b S3 BUCKET m MANIFEST a AWS ACCESS KEY ID s AWS SECRET KEY k PRIVATE KEY p PREFIX d DIRECTORY url URL Description Download the specified bundles from S3 storage Output Status messages indicating the various stages of the download process are displayed Options Note cS Note that this tool does not support the common arguments Option Definition Required Example b bucket The name of the Amazon S3 bucket Yes b aes cracked S3 BUCKET from which to fetch the bundles m The manifest filename Yes m manifest var MANIFEST spool
148. nn7EqghXI jBaT P8TTvVW 6bdPi23ExzxZn7KOdrfclYRph1LHMpAONv x2xALI 91UBtv5o0hyloDoasL0gijlhouRe 2ERKKdwz0ZL9SWq6VTdhr 5G6994CK72fy5WhyERbD jUIdHaK3M849JJuf 8cSrvSb4g eege END RSA PRIVATE KEY T 3 S t J x D SC biz s wi H Di H The resulting private key must be saved in a local file for later use Create a file named id_rsa gsg keypair and paste into it all lines starting with the line EE BEGIN PRIVATE KEY and ending with the line END PRIVATE KEY Confirm that the file contents looks exactly as shown below T EES BEGIN RSA PRIVA RE Se MI TEOQIBAAKCAQBuLFg5ujHrtml jnut Suc08Xe56L1T HM8v xkaa3 9EStM3 aFxTHgGE1LOQiJLChp HungXQ2 9VTc8rclbW01kdi230H5eqkMHGhvEwqa0HWASUM114030 1X 0f 2UcPOKCOVUR 4x71Sg 5AU52EQOfanIn3Z081FW7Edp5a3q4Dh jGLUKToHVbicL5E g45zfB9I5wlyywwWZfewW UUF 3LpGZyq ebIULqlqTbHkLbCC2r7RTn8vpOQWp47BGVYGt GSBMpTRP 5hnbzzuqj3itkiLHjU39S2sJCIJOTrJUx5 i8BygR4s3mHKBj81 ePOxG1kGbF 6R4yg6sECmXn1 7MROVXODNHZbAgMBAAECggEAY1tsiUsIwD15 91CXirkYGuVfLyLf1lXenxf150mDFms mumTqloHO7tr0oriHDR5K7wMcY YY5YkcXNo7mvUVD1pM ZNUJs7Trw9gZRTrf7LylaJ58kOcyajw8TsC4e4LPbFaHwS1d6K8rxh6406Wgw4SrsB 6 lCmr1kGQI7 3wefgtS5eclu4TZf00E9THjn t2eR1sr jBdeORi 7KiUNC pAG2 31 6MdDOFEQORcCSigCj 4 mciFUSA SWS 4dMbrpb9FNSIcf9dcLxXVM7 6KxgJUNf Zc9XWzZUw77I
149. nts that may allow backdoor entry to your instance Accounts with super user privileges are particularly dangerous e Check that all cron jobs are legitimate Paying for AMIs Introduction This section describes how to discover paid AMIs launch paid AMIs and launch instances with support product codes Paid AMIs are AMIs you can purchase from other developers API Version 2007 03 01 26 Amazon Elastic Compute Cloud Developer Guide Signing Up for a Paid AMI Finding Paid AMIs There are several ways you can determine what paid AMIs are available for you to purchase You can look for information about them on the the Amazon Amazon EC2 resource center and forums Alternatively a developer might give you information about a paid AMI directly You can also tell if an AMI is a paid AMI by describing the image with the ec2 describe images command This command lists product codes associated with the AMI see the example below If the AMI is a paid AMI it has a product code associated with it Otherwise it does not You can then go to the Amazon Amazon EC2 resource center and forums which might have more information about the paid Amazon EC2 and where you can sign up to use it The example below shows an ec2 describe images call describing a paid AMI The product code is exampleamiid ec2 describe images ami 5bae4b32 IMAGE ami 5bae4b32 awesome ami webserver manifest xml 495219933132 available private 774F4FEF8 Signing U
150. nvironment You may now unmount the image umount mnt ec2 fs proc umount d mnt ec2 fs Bundling an AMI A root file system image needs to be bundled as an AMI in order to be used with the Amazon EC2 service The bundling process first compresses the image to minimize bandwidth usage and storage requirements The compressed image is then encrypted and signed to ensure confidentiality of the data and authentication against the creator The encrypted image is finally split into manageable parts for upload A manifest file is created containing a list of the image parts with their checksums This chapter provides an overview of the AMI tools that automate this process and some examples of their use The AMI tools are three command line utilities 1 ec2 bundle image bundles an existing AMI 2 ec2 bundle vol creates an AMI from an existing machine or installed volume 3 ec2 upload bundle uploads a bundled AMI to S3 storage Installing the AMI Tools The AMI tools are packaged as an RPM suitable for running on Fedora Core 3 4 with Ruby 1 8 2 or greater installed On Fedora Core 4 Ruby can be installed by following the steps below You will need root privileges to install the software You can find the AMI tools RPM from our public S3 downloads bucket First install Ruby using the yum package manager yum install ruby Install the AMI tools RPM rpm i ec2 ami tools x x xxxx i386 rpm Installation Issues The AMI tools librar
151. o launch instances of that AMI By modifying an AMI s LaunchPermission property it is possible to allow all users to launch the AMI make the AMI public or to allow only a few specific users to launch the AMI explicit launch permissions The LaunchPermission attribute is a list of users and launch groups Launch permissions can be granted by adding items to the list and revoked by removing items from the list Explicit launch permissions for users are granted or revoked by respectively adding or removing their AWS account ids The only launch group currently supported is the a11 group which gives launch permissions to all users and makes the AMI public In the rest of this chapter we refer to launch groups simply as groups These launch groups are not the same as security groups and the two should not be confused An AMI may have both public and explicit launch permissions The owner of an AMI is not billed when their AMI is launched by another user Only the user launching the AMI is billed Making an AMI Public An AMI is made public by adding the a11 group to the AMI s launchPermission attribute This can be done with the ec2 modify image attribute command PROMPT gt ec2 modify image attribute ami 5bae4b32 launch permission a all launchPermission ami 5bae4b32 ADD group all To check the launch permissions on an AMI use the ec2 describe image attribute command In this example the shortened form of launch permission l is used
152. oaded fred part 08 to ht tp s3 amazonaws com 80 alpowell images fred part 08 Uploaded fred part 09 to ht tp s3 amazonaws com 80 alpowell images fred part 09 Uploaded fred part 10 to ht tp s3 amazonaws com 80 alpowell images fred part 10 Uploaded fred part 11 to ht tp s3 amazonaws com 80 alpowell images fred part 11 Uploaded fred part 12 to ht tp s3 amazonaws com 80 alpowell images fred part 12 Uploaded fred part 13 to ht tp s3 amazonaws com 80 alpowell images fred part 13 Uploaded fred part 14 to ht tp s3 amazonaws com 80 alpowell images fred part 14 Upload Bundle complete See Also e ec2 bundle image e ec2 bundle vol e ec2 unbundle e ec2 download bundle e ec2 delete bundle API Version 2007 03 01 148 Amazon Elastic Compute Cloud Developer Guide General Information Technical FAQ Select from the following General_Information e Operation Information e IP Information e Monitoring Errors and Unexpected Behavior e Error Messages e Paid AMIs e Miscellaneous General Information How many instances can I launch Each user has a concurrent running instance limit For new users during the public beta this limit is 20 How do I sign a request Signing SOAP requests are discussed in the section called Request Authentication Signing Query requests are discussed in the section called Making Requests What username do I use for the various Amazon EC2 tools When
153. ons e DescribeKeyPairs e DeleteKeyPair e RunInstances CreateSecurityGroup The CreateSecurityGroup operation creates a new security group Every instance is launched in a security group If none is specified as part of the launch request then instances are launched in the default security group Instances within the same security group have unrestricted network access to one another Instances will reject network access attempts from other instances in a different security group As the owner of instances you may grant or revoke specific permissions using the AuthorizeSecurityGroupIngress and RevokeSecurityGroupIngress operations Request Parameters The following table describes the request parameters for CreateSecurityGroup Parameter names are case sensitive API Version 2007 03 01 90 Amazon Elastic Compute Cloud Developer Guide DeleteKeyPair Element Name Definition Re Type quired GroupName Name for the new security group Yes string GroupDescrip Description of the new security group Yes string tion Response Tags The following table describes the default response tags included in CreateSecurityGroup responses Element Name Definition return true if call succeeded Sample Request https ec2 amazonaws com Action CreateSecurityGroup amp GroupName WebServers amp GroupDescription Web amp auth parameters Sample Response lt CreateSecurityGroupResponse xmlns http ec2 amazonaws com doc 2007
154. oo old or too new and an error is returned You need to ensure that your system clock is accurate and configured to use the correct timezone NTP is a good way to do this Paid AMIs How do I get a product code for a paid or supported AMI that I want to create We are currently conducting a limited beta enabling a small number of developers to create paid and supported AMIs This feature allows AWS developers to charge other Amazon EC2 users for the use of AMIIs they create Sellers of AMIs set the price and their customers then purchase and are billed through Amazon for their use of these AMIs Note EN You can still share AMIs without charging Public and Paid AMIs can be listed in the Resource Center Users interested in selling their Amazon EC2 AMIs through this program should send an e mail to aws amazon com Please include your name AWS account ID company name and a detailed description of your AMI We hope to open this capability up to the broader Amazon EC2 community once the beta program is complete How can I determine if a particular AMI is a paid AMI API Version 2007 03 01 154 Amazon Elastic Compute Cloud Developer Guide Miscellaneous By describing images ec2dim with the a flag This shows all AMIs to which you have access The AMIs with product codes listed are paid AMIs Example run ec2dim a and the result contains an AMI with ID ami bd9d78d4 This is our Demo Paid AMI with product code A79ECODB
155. ou The data will be base64 decoded before being presented to the instance Retrieving the Data An instance retrieves the data by querying a web server using a REST like API The base URI of all requests is http 169 254 169 254 2007 03 01 where 2007 03 01 indicates the API version Note SS Version 1 0 is part of a legacy versioning scheme Newer versions follow a date based versioning scheme See the section called API Versioning for more information on the versioning scheme used by Amazon EC2 The latest version of the API is always available using the URI http 169 254 169 254 latest Security of Launch Data Although this data is only accessible by your specific instance the data is not protected by cryptographic methods You should take suitable precautions to protect sensitive data such as long lived encryption keys You are not billed for these HTTP requests Retrieving Metadata Requests for a specific metadatum resource returns the appropriate value or a 404 HTTP error code if the resource is not available All metadata is returned as text content type text plain Requests for a general metadatum resource i e an URI ending with a return a list of the resources available at that level or a 404 HTTP error code if there is no such resource The list items are on separate lines with lines terminated by any combination of linefeed ASCII 10 and carriage return ASCII 13 API Version 2007 03 01 20 Ama
156. ove productCodes Attaches a product code to the AMIs The productCodes at operation not re tribute is a write once attribute quired Response Tags The following table describes the default response tags included in ModifyImageAttribute responses Element Name Definition return true if the operation succeeded otherwise false Sample Request Launch Permission https ec2 amazonaws com Action ModifyImageAttribute amp ImageId ami 61a54008 Attribute launchPermission amp OperationType add amp Group 1l all amp UserId 1 495219933132 amp auth parameters Sample Request Product Codes https ec2 amazonaws com Action ModifyImageAttribute amp ImageId ami 61a54008 Attribute productCodes amp ProductCode 1 774F4FF8 amp auth parameters Sample Response lt ModifyImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt ModifyImageAttributeResponse gt Related Operations e ResetImageAttribute e DescribeImageAttribute Rebootinstances The Reboot Instances operation requests a reboot of one or more instances This operation is API Version 2007 03 01 104 Amazon Elastic Compute Cloud Developer Guide Registerlmage asynchronous it only queues a request to reboot the specified instance s The operation will succeed provided the instances are valid and belong to the user Terminated instances will be ignored Request Parameters T
157. p for a Paid AMI This section describes how to discover paid AMIs launch paid AMIs and launch instances with support product codes Paid AMIs are AMIs you can purchase from other developers Launching Paid AMIs Once you ve signed up to use a paid AMI you can then launch instances of it Launching a paid AMI is the same as launching any other AMI No additional parameters are required The instance will be charged according to the rates set by the owner of the AMI the rates will be more than the base Amazon Amazon EC2 rate ec2 run instances ami 5bae4b32 INSTANCE i 10a64379 ami 5bae4b32 pending Note VS The owner of a paid AMI will be able to confirm if a particular instance was launched using their paid AMI Paying for Support The paid AMI feature also makes it possible for developers to offer support for software or derived AMIs Developers can create support products that you can sign up to use With this model the support provider provides you with a product As described above you must first sign up for this product During sign up you are given a product code which you must then associate with your own AMI This allows the support provider to confirm that your instance is eligible for support It also ensures that when you run instances of the product you are charged according to the developer s terms for the product To associate the product code with your AMI use the ec2 modify image attribute command Once set
158. pplied data by the simple process of 1 Determining which instance in the launch group it is GET http 169 254 169 254 2007 03 01 meta data ami launch index 1 2 Retrieving the user data GET http 169 254 169 254 2007 03 01 user data store size 123PB backup every 5min replicat very lmin licate every 2min replicat very l10min replicat very 20min 3 Extracting the appropriate part of the user data user_data split ami_launch_index Using Shared AMIs Introduction This section looks at how to find and safely use shared AMIs Finding Shared AMIs The following command displays a list of all public AMIs PROMPT gt ec2dim x all The x all flag shows AMIs executable by all users This includes AMIs you own To show AMIs for which you have explicit launch permissions run API Version 2007 03 01 25 Amazon Elastic Compute Cloud Developer Guide Safely Using Shared AMIs PROMPT gt ec2dim x self The x self flag shows AMIs you have explicit launch permissions for AMIs you own are excluded To show AMIs owned by Amazon run PROMPT gt ec2dim o amazon To find AMIs owned by a particular user run PROMPT gt ec2dim o 495219933132 Replace 495219933132 with the AWS account id of the user who owns the AMIs you are looking for Safely Using Shared AMIs AMIs are launched at the user s own risk Amazon cannot vouch for the integrity or security of AMIs shared by other use
159. pts is yes Display the help message Display the help Required Yes Yes Yes Example b aes crack er ami bucket a 10QMXFEV71ZS32XQ FTR2 s DMADSSfPfdaD jbK RRUhS aDrjsiZadg AUm8gRU2 m var spool my first bundle Manifest p eos url ht tps s3 amazonaws ie retry St help manual ec2 delete bundle b my s3 bucket a 10QMXFEV71ZS32XQFTR2 s DMADSS PfdaD jbK RRUMS aDrjsiZadgAUm8gRU2 p fred Deleting files my s3 bucket fred manifest xml my s3 bucket fred part 00 my s3 bucket fred part 01 my s3 bucket fred part 02 my s3 bucket fred part 03 my s3 bucket fred part 04 my s3 bucket fred part 05 my s3 bucket fred part 06 Continue y n Y Deleted my s3 bucket fred manifest xml Deleted my s3 bucket fred part 00 API Version 2007 03 01 125 Amazon Elastic Compute Cloud Developer Guide See Also Deleted my s3 bucket fred part 01 Deleted my s3 bucket fred part 02 Deleted my s3 bucket fred part 03 Deleted my s3 bucket fred part 04 Deleted my s3 bucket fred part 05 Deleted my s3 bucket fred part 06 c2 delete bundle complete See Also e ec2 bundle image e ec2 bundle vol e ec2 unbundle ec2 upload bundle e ec2 download bundle ec2 delete group Synopsis ec2 delete group GROUP Description Deletes the named GROUP Output A table containing the following information is returned e Output t
160. pts run it is best to have a strategy in place to deal with abnormal terminations How can I allow other people to launch my AMIs You can allow other users to launch your AMIs by modifying the AMI s launchPermission attribute It is possible to either grant public launch permissions which gives all users permission to launch the AMI or to only grant launch permissions to specific users To grant public launch permissions API Version 2007 03 01 150 Amazon Elastic Compute Cloud Developer Guide IP Information PROMPT gt ec2matt ami 5bae4b32 t launchPermission a i group all To grant a specific user launch permissions PROMPT gt ec2matt ami 5bae4b32 t launchPermission a i userId 495219933132 To clear additional launch permissions for an AMI PROMPT gt ec2ratt ami 5bae4b32 t launchPermission Why do I need to reregister a rebundled AMI Can t I keep the same AMI ID An AMI ID is associated with the physical bits in an image To protect users from images being modified we require you to reregister AMIs when rebundling Can I pass JVM properties to the command line tools Yes By setting the environment variable EC2_JVM_ARGS arbitrary JVM properties can be passed to the command line tools Can I use a proxy with the command line tools Yes By passing in JVM properties through the EC2_JVM_ARGS environment variable proxy settings can be specified for the command line tools For example in Linux export
161. put ireen i esre iE Eea Ena ESEE Ep EEEE SS 73 ModifylmageAttribute ei ri iene rn EEEE EE RE E EKE E E Ea a a a 74 REDOOtINStANCeS egene eicere assisar isins oios apetites ineens 76 UNENEE 77 ResetlmageA ttri Bute spriin ees sianar E E EEE E EEE Ene 78 RevokeSecurityGroupIngress esesseserersresrsrerererrerereresessererereersrererernensrereressee 79 Runlhstances eana ii aN E E ae he dia ees 80 Termimatelnstan ces soc cosse seve soeis ev ie Sdt SE ed 83 EC Query AER ug in Bateau pilin enn ton ie a SIE ee 84 Common Query Parameters 2 0 0 ee eeeeeecceseeeeecseeeeeceeesaeceaeeaeceecesecseeseeeeeeseees 84 By PUN N O a aerer esi edt ah eh nee Ohl ate Gah 85 AuthorizeSecurityGroupIngress 0 cei ee eee eeeeeeeeeecseeseecaeesaecaecaececnseeseennees 86 ConfirmProductInstance 00 0 0 cc eececeecesceseeeeceeeeeseeseecseeseecaecsaecseceseeeeseeeeeeeeees 88 Cr ateKey e E E TTE 89 CreateSecurity Group uer inuro i rE EEEE aus R SEET 90 Delete Key Pair nisce arasia er eE E ses eE EEEE EAEE EE EEEE EE 91 D leteSecurityGro p EE 92 Deregisterlima ges see oreet eepe Eed EE EE 93 Descpbelruage Attributen aea e a E NA REE 94 Describelmage sn Serenan an n E sions E E E EAE 96 ID seene EE 97 Describe Key Palis roe ee iee E EE E E ONEEN EEES 99 DescribeSecurity Groups en eaa Eiter E RR A ES 100 VEER E UE 101 Modifylmage tributes icss s sccsssessassiscisssas sxsteessuesesesesesessonssceussescdeitastessbasstees 102 Rebootnstances nesir Are os
162. r named either Action or Operation Action is used throughout this documentation although Operation is supported for backward compatibility with other AWS Query APIs Query Parameters Each Query request must include some common parameters to handle authentication and selection of an action These parameters are documented in the section called Common Query Parameters Some operations take lists of parameters These lists are specified using the param n notation Values of n should be integers starting from 1 Query API Authentication Every request to Amazon EC2 must contain a request signature A request signature is calculated by constructing a string and then calculating an RFC 2104 compliant HMAC SHAI hash using the Secret AWS Access Key as the key For more information see http www faqs org rfcs rfc2 104 html The following are the basic steps used in authenticating requests to AWS It is assumed that the developer has already registered with AWS and received an Access Key ID and Secret Access Key 1 The sender constructs a request to AWS API Version 2007 03 01 40 Amazon Elastic Compute Cloud Developer Guide Calculating Request Signatures 2 The sender calculates the request signature a Keyed Hashing for Message Authentication Code HMAC with a SHA 1 hash function as defined in the next section of this topic 3 The sender of the request sends the request data the signature and Access Key ID the key i
163. r names are case sensitive Element Name Definition Re Type quired GroupName Name of the security group to delete Yes string Response Tags API Version 2007 03 01 92 Amazon Elastic Compute Cloud Developer Guide Deregisterlmage The following table describes the default response tags included in DeleteSecurityGroup responses Element Name Definition Type return true if group deleted xsd boolean Sample Request https ec2 amazonaws com Action DeleteSecurityGroup amp GroupName RangedPortsBySource amp auth parameters Sample Response lt DeleteSecurityGroupResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt DeleteSecurityGroupResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress Deregisterlmage The DeregisterImage operation deregisters an AMI Once deregistered instances of the AMI may no longer be launched Request Parameters The following table describes the request parameters for DeregisterImage Parameter names are case sensitive Element Name Definition Re Type quired ImageId Unique ID of a machine image returned Yes string by a call to RegisterImage or De scribeImages Response Tags The following table describes the default response tags included in DeregisterImage responses Element Name Definition return true if deregistration
164. rImageResponse gt Related Operations e Registerlmage e DescribeImages API Version 2007 03 01 65 Amazon Elastic Compute Cloud Developer Guide DescribelmageAttribute DescribelmageAttribute The DescribeImageAttribute operation returns information about an attribute of an AMI Only one attribute may be specified per call Request Parameters The following table describes the request parameters for DescribeImageAttribute Parameter names are case sensitive Element Name Definition Re Type quired imageId ID of the AMI for which an attribute will Yes xsd string be described launchPermis Describes launch permissions of the Choice ec2 EmptyElementTyp sion AMI e productCodes Describes product codes of the AMI Choice ec2 EmptyElementTyp e Response Tags The following table describes the default response tags included in DescribeImageAttribute responses Element Name Definition Type imageId ID of the AMI of which parameters are being xsd string described launchPermission Launch permissions of the AMI Returned if ec2 LaunchPermissionIt launchPermissions are being described emType productCodes Product codes of the AMI Returned if pro ec ProductCodeItemTyp duct Codes are being described ell Sample Request Launch Permission lt DescribeImageAttribute xmlns http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt launchPermission gt lt
165. rectory in which to create the No d var run my bundle destination bundle Defaults to tmp DESTINATION e exclude A list of absolute directory paths to ex No e DIR1 DIR2 clude from the bundle operation Note tmp home secret data that it overrides the all parameter p prefix The filename prefix for bundled AMI No p my image is special PREFIX files Defaults to image v volume The absolute path to the mounted No v VOLUME volume to create the bundle from De mnt my customized ami faults to a all Bundle all directories including those No a on remotely mounted filesystems ec2cert The path to the EC2 X509 public key No ec2cert PATH certificate Defaults to etc etc aes amiutil cert ec2 pem aes amiutil cert ec2 pem help Display the help message No help manual Display the user manual No manual API Version 2007 03 01 123 Amazon Elastic Compute Cloud Developer Guide See Also Example ec2 bundle vol d mnt k pk HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem c cert HKZYKTAIG2ZECMXYIBH3HXV4ZBZQ55CLO pem u 495219933132 Copying into the image file mnt image img Excluding sys dev shm proc dev pts proc sys fs binfmt_misc dev media mnt proc sys tmp image img mnt img mnt 1 0 records in 1 0 records out mke2fs 1 38 30 Jun 2005 warning 256 blocks unused Splitting mnt image gz crypt Created image part 00 Cr
166. rrently access other instances in the new NAT environment using their public NAT IP address Instead they must use the private address Traffic originating from the Internet must use the public NAT IP address Within Amazon EC2 DNS requests for the external DNS name of an instance will resolve to the internal IP address of the corresponding instance Why is EC2 Using NAT Public IP space is a limited resource EC2 is adopting NAT to assure that we are able to efficiently make use of our public internet addresses Furthermore the new NAT networking will enable Amazon to deliver new features in the future For example users have asked for the ability to have instances that only have internal addresses This would allow for non internet routable clusters which will further preserve IPs and increase security for those not running public facing servers Can I use a static IP in my instances Not at present Your image must be configured as a DHCP client and it will be assigned an IP Currently all instances come with internet addressable IP addresses If you enable access through the firewall from the world you can address them from anywhere How Does The Instance Know Its Public And Private Addresses From within the instance issue the following HTTP queries To obtain the internal IP address curl http 169 254 169 254 2007 03 01 meta data local ipv4 To obtain the public IP address curl http 169 254 169 254 2007 03 01 meta dat
167. rs Therefore you should treat shared AMIs as you would any foreign code that you might consider deploying in your own data center and perform the appropriate due diligence Ideally you will get the AMI ID from a trusted source a website another user etc If you do not know the source of an AMI we recommended that you at least search the forums for comments on the AMI before launching it Conversely if you have questions or observations about a shared AMI feel free to use the forums to ask or comment Amazon s public images have an aliased owner and will display amazon in the userId field This allows users to find Amazon s public images easily Note EN Users are not currently able to alias an AMI s owner If you do choose to launch a shared AMI there are a number of steps you should take at a minimum after launch to confirm the AMI is not doing anything malicious e Check the ssh authorized keys file The only key in the file should be the key you launched the AMI with e Check open ports and running services e Change the root password if is not randomized on startup Take a look at the section called Disable Password Based Logins for Root for more information on randomizing the root password on startup e Check if ssh allows root password logins the section called Disable Password Based Logins for Root contains more information on disabling root based password logins e Check if there are any other user accou
168. rts scanned but not shown below are in state filtered POR STATE SERVICE 22 tcp open ssh Nmap finished 1 IP address 1 host up scanned in 32 705 seconds API Version 2007 03 01 33 Amazon Elastic Compute Cloud Developer Guide Examples Albert is happy or at least less paranoid Three Tier Web Service Mary wishes to deploy her public fault tolerant three tier web service in Amazon EC2 Her grand plan is to have her web tier start off executing in seven instances of ami fba54092 her application tier executing in twenty instances of ami e3a5408a and her multi master database in two instances of ami f1a54098 She s concerned that nasty people might gain access to her subscriber database so she wants to restrict network access to her middle and back tier machines When the traffic to her site increases over the holiday shopping period she adds additional instances to her web and application tiers to handle the extra load 1 First she creates a group for her Apache web server instances and allows HTTP access to the world ec2 add group apache d Mary s Apache group GROUP apache Mary s Apache group ec2 describe group apache GROUP 598916040194 apache Mary s Apache group ec2 authorize apach P tcp p 80 s 0 0 0 0 0 GROUP apache PERMISSION apache ALLOWS tcp 80 80 FROM CIDR 0 0 0 0 0 ec2 describe group apache GROUP 598916040194 apache Mary s Apache group PERMISSION 59891
169. s ec2 reboot instances Synopsis ec2 reboot instances INSTANCEID INSTANCEID Description All instances indicated by the respective INTANCEID specified on the command line are rebootd At least one INSTANCEID must be specified API Version 2007 03 01 138 Amazon Elastic Compute Cloud Developer Guide Example Output This command displays no output on success Errors are displayed on stderr Example ec2 reboot instances i 3ea74257 ec2 register Synopsis ec2 register MANIFEST Description Registers the Amazon Machine Image AMI described by the named MANIFEST file generating a new Amazon Machine Image AMI ID MANIFEST must specify a location of a manifest file in Amazon S3 and must be of the form bucket object Output The image ID that was assigned by Amazon ECH is displayed Errors are displayed on stderr Example ec2 register mybucket image manifest xml IMAGE ami 78a54011 See Also e Registerlmage e ec2 deregister e ec2 describe images ec2 reset image attribute Synopsis ec2 reset image attribute AMI 1 Description Resets an attribute for the specified AMI API Version 2007 03 01 139 Amazon Elastic Compute Cloud Developer Guide Output The productCodes attribute cannot be reset Output A table containing the following information is returned e Attribute type identifier e ID of the AMI on which the attribute is being reset e Action identifier RES
170. s for root edit the etc ssh sshd_config file and find and change the following line API Version 2007 03 01 12 Amazon Elastic Compute Cloud Developer Guide Install Public Key Credentials PermitRootLogin yes to PermitRootLogin without password The location of this configuration file may differ for your distribution or if you re not running OpenSSH Consult the relevant documentation if this is the case Randomizing the root password is also pretty simple Add the following to your boot process if IC root firstrun then dd if dev urandom count 50 md5sum passwd stdin root rm f root firstrun else echo Firstrun amp amp touch root firstrun fi Once again you may need to consult the relevant documentation if you re using a distro other than Fedora Install Public Key Credentials Now that we ve done a pretty thorough job of ensuring that no one can log into instances of our AMI using a password we need to make sure they can login using some other mechanism EC2 allows users to specify a public private keypair name when launching an instance When a valid keypair name is provided to the RunInstances API call or through the command line API tools the following happens behind the scenes The public key the only portion of the keypair EC2 retains on the server after a call to CreateKeyPair is made available to the instance through two methods 1 an HTTP query 2 a file on the instance s
171. se Operation Information How do I handle time synchronization between instances You can set up NTP the Network Time Protocol which does this for you You can find more information at http www ntp org This is particularly important if you plan on using any Amazon web services such as Amazon S3 or Amazon EC2 from within an instance since requests to these services need to be timestamped Is there any way for an instance to discover its own instance ID From within your instance you can use REST like queries to http 169 254 169 254 2007 03 01 to retrieve various instance specific meta data including the instance ID Refer to the Developer s Guide section Using Instance Data for the details Can I pass arbitrary configuration values to an instance at launch time Yes although the size of the data is limited to 16K at the moment Refer to the Developer s Guide for the details section Using Instance Data tells you how to retrieve data and the sections on the command line tools and APIs tell you how to supply the data when launching an instance Is there a way to run a script on instance termination Not with any reliability Amazon EC2 tries to shut an instance down cleanly in which case normal system shutdown scripts will run but there is only a short time available for things to happen and in some cases hardware failure for example this does not happen Since there is no entirely reliable way to ensure shutdown scri
172. se shutdown h when working inside an Amazon EC2 instance You can shut the instance down using the TerminateInstances call ec2 terminate on the command line Why are my instances stuck in a pending state or a shutting down state This situation should be rare and is the result of a software error or misconfiguration We actively monitor for it but please let us know if you do encounter this Why do I get an AuthFailure User is not AMI creator error when I try to register an image Make sure that you are using the correct user ID and certificate to create and upload the image You need to use the same ID and certificate to register the image with Amazon EC2 Error Messages Why do I get an InsufficientInstanceCapacity error when I try to launch an instance This error indicates that we do not currently have enough available capacity to service your request During our beta capacity is limited If you are requesting a large number of instances there may not be enough server capacity to host them You could try again at a different time or specify a smaller number of instances to launch API Version 2007 03 01 153 Amazon Elastic Compute Cloud Developer Guide Paid AMIs Why do I get an InstanceLimitExceeded error when I try to launch an instance This error indicates that you have reached your concurrent running instance limit For new users during the public beta this limit is 20 If you need additional capaci
173. ses may include additional fields and depending on how client software is written it may or may not be able to handle these additional fields By including a version in the request a client guarantees that it will always be sent a response it expects Each API revision is assigned a version in date form the current API version is 2007 03 01 This version is included in the request as part of the document namespace when using our SOAP API and as a Version parameter when using our Query API The response returned by Amazon EC2 will honor the version included in the request Fields introduced in a later API version will not be returned in the response SOAP clients that retrieve the Amazon EC2 WSDL at runtime and generate their requests dynamically using that WSDL should reference the WSDL for the version of the API the client was developed against This will ensure client software continues to work even in the face of backwards incompatible API changes The WSDL for each supported API version is available from the following URI http ec2 amazonaws com doc lt api version gt AmazonEC2 wsdl API Version 2007 03 01 44 Amazon Elastic Compute Cloud Developer Guide API Error Codes The WSDL for latest version of our API can always be retrieved from the following URI http ec2 amazonaws com doc AmazonEC2 wsdl Note cS The WSDL referenced in the above link should be treated as a moving target This WSDL will always track the lates
174. stance in the reservation per 1 0 AMI instance id The id of this instance 1 0 hostname The local hostname of this instance Deprecated 1 0 as of 2007 01 19 use Local hostname instead local hostname The local hostname of the instance 2007 01 19 public hostname The public hostname of the instance 2007 01 19 local ipv4 Public IP address if launched with direct address 1 0 ing private IP address if launched with public ad dressing public ipv4 NATted public IP Address 2007 01 19 public keys Public keys Only available if supplied at instance 1 0 launch time API Version 2007 03 01 19 Amazon Elastic Compute Cloud Developer Guide Retrieving the Data Data Description Version Intro duced reservation id Id of the reservation 1 0 security groups Names of the security groups the instance is 1 0 launched in Only available if supplied at instance launch time product codes Product codes associated with this instance 2007 03 01 user supplied data Any user supplied data is treated as opaque data what you give us is what you get back Note LS e All instances launched together get the same user supplied data You may use the AMI launch index as an index into the data example e User data is limited to 16K This limit applies to the data in raw form not base64 encoded form e The user data must be base64 encoded before being submitted to the API The API command line tools perform the base64 encoding for y
175. support the common options Option b bucket S3 BUCKET m manifest MANIFEST PATH a access key USER s secret key PASSWORD acl ACL ec2cert PATH d directory DIRECTORY part PART url URL retry skipmanifest help manual Example Definition The name of the Amazon S3 bucket in which the bundle will be stored If the bucket doesn t exist it will be created provided the bucket is available of course The path to the manifest file The manifest file is created during the bundling process and can be found in the directory containing the bundle The user s AWS access key ID The user s AWS secret access key The access control list policy of the bundled image It may be either pub lic read or aws exec read and de faults to aws exec read if not spe cified The path to the EC2 X509 public key certificate Defaults to etc aes amiutil cert ec2 pem The directory containing the bundled AMI parts Defaults to the directory containing the manifest file see the m option Start uploading the specified part and upload all subsequent parts The S3 service URL Defaults to ht tps s3 amazonaws com Automatically retry failed uploads Use with caution Do not upload the manifest Display the help message Display the help Required Yes Yes No No No No Example b aes cracker ami m var
176. t lt ul gt lt span style font size x small font family courier new courier gt amp nbsp amp nbsp amp nbsp amp nbsp nbsp amp nbsp Note 1 lt span gt lt br gt lt span style font size x small font family courier new courier gt amp nbsp amp nbsp amp nbsp amp nbsp nbsp amp nbsp Note 2 lt span gt lt br gt lt span style font size x small font family courier new courier gt amp nbsp amp nbsp amp nbsp amp nbsp nbsp amp nbsp Note 3 lt span gt lt br gt lt ul gt API Version 2007 03 01 17 Amazon Elastic Compute Cloud Developer Guide Using Instances Launching and Using Instances This section details how to launch instances and retrieve instance specific data from within the image It also covers launching shared AMIs and security risks associated with running shared AMIs Using Instances The instance is your basic computation building block It is a medium sized host that provides you with the same predictable performance you would expect from a physical host You can run on as many or as few as you need at any given time Each instance predictably provides the equivalent of a system with a 1 7Ghz x86 CPU 1 75GB of RAM 160GB of local disk and 250Mb s of network bandwidth Once launched an instance looks very much like a traditional host You have complete control of your instances You have root access to each one and you
177. t ipPermissions gt lt item gt lt item gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerId gt lt groupName gt RangedPort sBySource lt groupName gt lt groupDescription gt A lt groupDescription gt lt ipPermissions gt lt item gt lt ipProtocol gt tcp lt ipProtocol gt lt fromPort gt 6000 lt fromPort gt lt toPort gt 7000 lt toPort gt lt groups gt lt ipRanges gt lt item gt lt ipPermissions gt lt item gt lt securityGroupInfo gt lt DescribeSecurityGroupsResponse gt Related Operations e CreateSecurityGroup e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress e DeleteSecurityGroup GetConsoleOutput The GetConsoleOutput operation retrieves console output that has been posted for the specified instance Instance console output is buffered and posted shortly after instance boot reboot and once the instance is terminated Only the most recent 64 KB of posted output is available Console output is available for at least 1 hour after the most recent post Request Parameters The following table describes the request parameters for Get ConsoleOutput Parameter names are case sensitive Element Name Definition Re Type quired An instance ID re Yes xsd st turned from a pre ring vious call to Run Instances API Version 2007 03 01 73 Amazon Elastic Compute Cloud Developer Guide ModifylmageAttribute Response Tags The following table describes the
178. t name gt pending lt name gt lt instanceState gt lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt item gt lt item gt lt instancelId gt i 2be64332 lt instanceld gt lt imageId gt ami 60a54009 lt imagelId gt lt instanceState gt lt code gt 0 lt code gt lt name gt pending lt name gt lt instanceState gt lt privateDnsName gt lt privateDnsName gt lt dnsName gt lt dnsName gt lt keyName gt example key name lt keyName gt lt item gt lt instancesSet gt lt RunInstancesResponse gt Related Operations e DescribeInstances e TerminateInstances e AuthorizeSecurityGroupIngress e RevokeSecurityGroupIngress e DescribeSecurityGroups Terminatelnstances The TerminateInstances operation shuts down one or more instances This operation is idempotent and terminating an instance that is in the process of shutting down or already terminated will succeed Terminated instances remain visible for a short period of time approximately one hour after termination after which their instance ID is invalidated Request Parameters The following table describes the request parameters for TerminateInstances Parameter names are case sensitive Element Name Definition Re Type quired InstancelId n One or more instance IDs returned from Yes string previous calls to RunInstances Response Tags API Version 2007 03 01
179. t release of the Amazon EC2 SOAP API If your software depends on fetching the WSDL at runtime then we strongly recommend you reference the specific version of the WSDL you are developing against API Error Codes Overview There are two types of error codes client and server Client error codes suggest that the error was caused by something the client did such as an authentication failure or an invalid AMI identifier In the SOAP API These error codes are prefixed with Client For example Client AuthFailure In the Query API these errors are accompanied by a 40x HTTP response code Server error codes suggest that the error was caused by a server side issue and should be reported In the SOAP API These error codes are prefixed with Server For example Server Unavailable In the Query API these errors are accompanied by a 50x HTTP response code Summary of Client Error Codes Error Code Definition Notes AuthFailure User not authorized Common cause is trying to run an AMI for which you do not have permission InvalidManifest Specified AMI has an unpars able Manifest Invalid Specified AMI ID is not valid AMIID Malformed Specified AMI ID does not ex Invalid AMIID NotFound Invalid AMIID Unavailab le InvalidIn stanceID Malfor med InvalidIn stanceID NotFou nd Inval idKeyPair NotFo und ist Specified AMI ID has been de registered and is no longer avail able Specified instance ID is
180. tant words and phrases are marked with a special font You must sign up for an account before you can use the service References to a section in the same document are marked See Document Conventions in Chapter 3 API Version 2007 03 01 157 Amazon Elastic Compute Cloud Developer Guide Symbol Conventions Convention Logical values con stants and regular ex pressions abstracta Product and feature names Operations Parameters Response elements Technical publication references User entered values User interface controls and labels Variables Description Example A special font is used for expressions that are important to identify but are not code If the value is nu11 the returned response will be false Named AWS products and features are identified on first use Create an Amazon Machine Image AMI In text references to operations Use the Get HITResponse operation In text references to parameters The operation accepts the parameter Account ID In text references to responses A container for one CollectionParent and one or more Collection Items References to other AWS publications If the reference is hyperlinked it is also underscored For detailed conceptual information see the Amazon Mechanical Turk De veloper Guide A special font marks text that the user types At the password prompt type MyPassword Denotes named items on the UI for easy identif
181. this file is suitable for use as an entry within ssh authorized_keys the OpenSSH format This can be done at boot time as part of rclocal for example allowing for secure password less access As the need arises other formats will also be considered If the AMI has a product code attached for which the user has not subscribed the RunInstances call will fail Request Parameters The following table describes the request parameters for RunInstances Parameter names are case sensitive Element Name Definition Re Type quired ImageId Id of the AMI to launch instances based Yes string on MinCount Minimum number of instances to launch Yes int MaxCount Maximum number of instances to Yes int launch KeyName Name of the keypair to launch instances No string with Names of the security groups to asso No string ciate the instances with API Version 2007 03 01 110 Amazon Elastic Compute Cloud Developer Guide RunInstances Element Name n UserData AddressingType Response Tags Definition The user data available to the launched instances This should be base64 encoded See the UserData Type data type for encoding details The addressing scheme to launch the in stance with The addressing type can be direct or public In the direct scheme the instance has one IP address that is not NATted For the public scheme the in stance has a NATted IP address See the section called Instance Addressing
182. thorized CIDR IP per mission CidrIp CIDR IP range to authorize access to When string when operating on a CIDR IP author izing CIDR IP per mission Response Tags The following table describes the default response tags included in AuthorizeSecurityGroupIngress responses Element Name Definition return true if permissions successfully added Sample Request https ec2 amazonaws com Action AuthorizeSecurityGroupIngress amp IpProtocol tcp amp FromPort 80 amp ToPort 80 amp CidrIp 0 0 0 0 0 amp auth parameters API Version 2007 03 01 87 Amazon Elastic Compute Cloud Developer Guide ConfirmProductInstance Sample Response lt AuthorizeSecurityGroupIngressResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt return gt true lt return gt lt AuthorizeSecurityGroupIngressResponse gt Related Operations e CreateSecurityGroup e DescribeSecurityGroups e RevokeSecurityGroupIngress e DeleteSecurityGroup ConfirmProductinstance The ConfirmProduct Instance operation returns true if the given product code is attached to the instance with the given instance id The operation returns false if the product code is not attached to the instance The ConfirmProduct Instance operation can only be executed by the owner of the AMI This feature is useful when an AMI owner is providing support and wants to verify whether a user s instance is eligible Request Parameters The follo
183. tributes Attribute Name Type launchPermission List productCodes List Description Controls who has permission to launch the AMI Launch permis sions can be granted to specific users by adding userlds The AMI can be made public by adding the all group Associates product codes with AMIs This allows a developer to charge a user extra for using the AMIs The user must be signed up for the product before they can launch the AMI pro API Version 2007 03 01 74 Amazon Elastic Compute Cloud Developer Guide ModifylmageAttribute Attribute Name Type Description ductCodes is a write once attrib ute once it has been set it can not be changed or removed Request Parameters The following table describes the request parameters for ModifyImageAttribute Parameter names are case sensitive Element Name Definition Re Type quired imageId AMI ID to modify an attribute on Yes xsd string launchPermis Adds or removes launch permissions for Choice ec2 LaunchPermissio sion the AMI nOperationType productCodes Attaches product codes to the AMI Cur Choice ec2 ProductCodeItem rently only one product code may be as Type sociated with an AMI Once set the product code can not be changed or re set Response Tags The following table describes the default response tags included in ModifyImageAttribute responses Element Name Definition Type return true if the operation succeeded otherwise xsd boolean false
184. turned results Providing the list of owners requests information for AMIs owned by the specified owners only Only AMIs the user has launch permissions for are returned The items of the list may be account ids for AMIs owned by users with those account ids amazon for AMIs owned by Amazon or self for AMIs owned by the user making the request The executable list may be provided to request information for AMIs that only the specified users have launch permissions for The items of the list may be account ids for AMIs owned by the user making the request that the users with the specified account ids have explicit launch permissions for ze 7 for AMIs the user making the request has explicit launch permissions for or a11 for public AMIs Deregistered images will be included in the returned results for an unspecified interval subsequent to deregistration Request Parameters The following table describes the request parameters for DescribeImages Parameter names are case sensitive Element Name Definition Re Type quired ImageId n A list of image descriptions No string API Version 2007 03 01 96 Amazon Elastic Compute Cloud Developer Guide Describelnstances Element Name Definition Re Type quired Owner n Owners of AMIs to describe No string ExecutableBy n Describe AMIs that the specified users No string have launch permissions for Response Tags The following table describes the default response tags included in Describ
185. twork in the Developer Guide Assuming you have authorized port 22 a useful debugging tool is to try to open an ssh connection with verbose output You should use the man page to get the exact syntax for your system but the command is likely to look like ssh vv root hostname This output would be very useful if posting to the forum Why did my instance terminate immediately after launch Launch errors may be the result of an internal error during launch or a corrupt Amazon EC2 image The former should be rare and we actively test for and isolate suspect hosts You should use the DescribeInstances API to look for more details on why your instance failed to launch NB the ec2 describe instances command line tool does not conveniently print out this information yet You can use the v flag to read the SOAP response from this tool and get the information discussed above You can always feel free to attempt to launch the image again but if you run into a persistent problem especially with a shared image you should post to the Amazon EC2 forum Iran shutdown from within an ssh session but my instance still shows up as running when I query it with DescribeInstances and I can t shell into it What s happening This is a feature of the shutdown command If you issue shutdown without a h halt flag it shuts down the network and switches to single user mode The instance is still running but without a network You should always u
186. ty please contact us at aws amazon com Why can t I retrieve my instance specific data from within a running instance when querying http 169 254 169 254 2007 03 01 The Parameterized Launches feature is only available to instances that were launched after the feature was released Therefore if you launched your instance before then this data will not be available We suggest you relaunch your instances if you want to use this functionality If after relaunching your instance you still experience problems retrieving the data you should check e Are you using the correct base URI http 169 254 169 254 2007 03 01 e Are you using the correct URI for the data you re trying to retrieve Remember that trailing may be required depending on the data you re trying to retrieve e Did you specify any launch data when launching your instances If not you will get a HTTP error response 404 when trying to retrieve the user data Note that the instance s meta data is always available even if you do not specify data at instance launch Why do I get keep getting Request has expired errors To reduce the risk of replay attacks our requests include a timestamp This along with the most important parts of the request is signed to ensure the message including the timestamp can t be modified without detection If the difference between the timestamp in the request and the time on our servers is larger than 5 minutes the request is deemed t
187. unchPermission Launch permissions of the AMI Returned if ec2 LaunchPermissionIt launchPermissions are being described emType productCodes Product codes of the AMI Returned if pro ec2 ProductCodeItemTyp ductCodes are being described ell Sample Request Launch Permission https ec2 amazonaws com Action DescribeImageAttribute amp ImageId ami 61a54008 Attribute launchPermission amp auth parameters Sample Response Launch Permission lt DescribeImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt imageId gt ami 61a54008 lt imageld gt lt launchPermission gt lt item gt lt group gt all lt group gt lt item gt lt item gt lt useriId gt 495219933132 lt userId gt lt item gt lt launchPermission gt lt DescribeImageAttributeResponse gt Sample Request Product Codes https ec2 amazonaws com Action DescribeImageAttribute amp ImageId ami 61a54008 Attribute productCodes amp auth parameters Sample Response Product Codes lt DescribeImageAttributeResponse xm Ins http ec2 amazonaws com doc 2007 01 03 gt lt imageId gt ami 61a54008 lt imageld gt lt productCodes gt lt item gt lt productCode gt 774F4FF8 lt productCode gt lt item gt lt productCodes gt lt DescribeImageAttributeResponse gt Related Operations API Version 2007 03 01 95 Amazon Elastic Compute Cloud Developer Guide Describelmages e DescribeImag
188. upIngress e RevokeSecurityGroupIngress e DeleteSecurityGroup GetConsoleOutput The GetConsoleOutput operation retrieves console output that has been posted for the specified instance Instance console output is buffered and posted shortly after instance boot reboot and once the instance is terminated Only the most recent 64 KB of posted output is available Console output is available for at least 1 hour after the most recent post Request Parameters The following table describes the request parameters for Get ConsoleOutput Parameter names are case sensitive API Version 2007 03 01 101 Amazon Elastic Compute Cloud Developer Guide ModifylmageAttribute Element Name Definition Re Type quired InstancelId An instance ID returned from a previous Yes string call to RunInstances Response Tags The following table describes the default response tags included in Get ConsoleOutput responses Element Name Definition instanceId The instance ID timestamp The time the output was last updated output The console output Base64 encoded Sample Request https ec2 amazonaws com Action GetConsoleOutput amp Instanceld 1 i 2ea64347 amp auth parameters Sample Response Type xsd string xsd dateTime xsd string lt GetConsoleOutputResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt instanceId gt i 28a64341 lt instanceld gt lt timestamp gt 2007 01 03 15 00 00 lt timestamp gt
189. used by the various operations This section describes each operation in detail Since both the Query and SOAP APIs return the same XML body the data types described in the WSDL are used in both DescribelmagesResponseltemType The DescribeImagesResponselItemType data type Relevant Operat ions Operations that use this data type include e DescribelImages Contents The following table describes and shows the elements contained in DescribelmagesResponseltemType Member imageId imageState Description Type Unique ID of the AMI being de xsd string scribed Current state of the AMI xsd string e available the image has been successfully registered and is available for launching API Version 2007 03 01 47 Amazon Elastic Compute Cloud Developer Guide DescribeKeyPairsResponseltemType Member Description Type e deregistered the image has re cently been deregistered and is no longer available for launching imageOwnerId AWS Access Key ID of the image xsd string owner isPublic Returns true if this image has pub xsd boolean lic launch permissions Returns false if it only has implicit and ex plicit launch permissions productCodes Product codes associated with this ec2 ProductCodelItemType image DescribeKeyPairsResponseltemType The DescribeKeyPairsResponseItemType data type Relevant Operations Operations that use this data type include Ss DeleteKeypair e Descri
190. wing table describes the request parameters for ConfirmProduct Instance Parameter names are case sensitive Element Name Definition Re Type quired ProductCode The product code to confirm is attached Yes xsdstring to the instance InstancelId The instance to confirm Yes xsdstring Response Tags The following table describes the default response tags included in ConfirmProduct Instance responses Element Name Definition Type result True if the product code is attached to the in xsd boolean stance false if it is not ownerId The instance owner s account id Only present xsdstring if the product code is attached to the instance API Version 2007 03 01 88 Amazon Elastic Compute Cloud Developer Guide CreateKeyPair Sample Request https ec2 amazonaws com Action ConfirmProductInstance amp ProductCode 774F4FF8 amp InstancelId i 10a64379 amp auth parameters Sample Response lt ConfirmProductiInstanceResponse xm Ins http ec2 amazonaws com doc 2007 03 01 gt lt result gt true lt result gt lt ownerlId gt 254933287430 lt ownerId gt lt ConfirmProductInstanceResponse gt Related Operations e DescribeInstances e RunInstances CreateKeyPair The CreateKeyPair operation creates a new 2048 bit RSA keypair and returns a unique ID that can be used to reference this keypair when launching new instances Request Parameters The following table describes the request parameters for CreateKe
191. xecute Disable protection active IRQ lockup detection disabled Built 1 zonelists Kernel command line root dev sdal ro 4 Enabling fast FPU save and restore done ec2 modify image attribute Synopsis ec2 modify image attribute AMI 1 a ITEM_VALUE r ITEM_VALUE ec2 modify image attribute AMI p PRODUCT_CODE p PRODUCT_CODE Description Modifies an attribute for the specified AMI ATTRIBUTES Attribute Name Type launchPermission List Description Controls who has permission to launch the AMI You can grant launch permissions by adding user IDs or make the AMI pub lic by adding the a11 group To learn more about sharing AMIs see the section called Sharing AMIS Note SC If another user launches your AMI API Version 2007 03 01 136 Amazon Elastic Compute Cloud Developer Guide Output Attribute Name Type Description there is no mech anism to prevent that user from re bundling the image and registering it as anew AMI productCodes List Associates product codes with an AMI This allows a developer to charge a user for using the AMI Note IEN The user must be signed up for the product before they can launch the AMI The product code attribute is a write once attribute After a product code is set for an AMI it can not be altered or removed AMIs are currently limited to one product code Output A table containing the following information is returne
192. xists but is not owned by the user making the request then that instance will not be included in the returned results Recently terminated instances will be included in the returned results for a small interval subsequent to their termination This interval is typically of the order of one hour Request Parameters The following table describes the request parameters for DescribeInstances Parameter names are case sensitive Element Name Definition Re Type quired InstancelId n Set of instances IDs to get the status of No string Response Tags The following table describes the default response tags included in DescribeInstances responses Element Name Definition reservationSet A list of structures describing the status of all requested instances Sample Request https ec2 amazonaws com Action DescribeInstances amp Instanceld 1 i 28a64341 amp auth parameters Sample Response lt DescribeInstancesResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt reservationSet gt lt item gt lt reservationiId gt r 44a5402d lt reservationId gt lt ownerlId gt UYY3TLBUXIEON5NQVUUX60MPWBZIQNFM lt ownerlId gt lt groupset gt lt item gt lt grouplId gt default lt groupId gt lt item gt lt groupSet gt lt instancesSet gt lt item gt lt instancelId gt i 28a64341 lt instanceld gt lt imageId gt ami 6ea54007 lt imageld gt lt instanceState gt lt code gt 0 lt code gt lt name gt running
193. y APIs Console output is a valuable tool for problem diagnosis It is especially useful for troubleshooting kernel problems and service configuration issues that may cause an instance to terminate or become unreachable before its ssh daemon can be started Amazon EC2 provides a way to programmatically access instance console output through both the SOAP and Query APIs and the corresponding command line tool Similarly the ability to reboot instances that are otherwise unreachable is valuable for both trouble shooting and general instance management Amazon EC2 provides such a facility through the SOAP and Query APIs and the corresponding command line tool Get Console Output Amazon EC2 instance console output reflects exactly the character based console output that would otherwise be displayed on a physical monitor attached to a machine This output is buffered as it is produced by the instance and then posted to a store from which it can be retrieved by the instance s owner The posted output is not continuously updated Rather it is updated shortly after instance boot reboot and once the instance terminates when it is likely to be of most value Only the most recent 64KB of posted output is stored and it is available for a period of at least 1 hour after the last posting The console output for an instance can be retrieved through the SOAP API call described in the section called GetConsoleOutput and the Query API call described in the s
194. yGroup e ec2 describe groups e ec2 delete group e ec2 authorize e ec2 revoke ec2 confirm product instance Synopsis Required Example Yes d Web servers ec2 confirm product instance PRODUCT_CODE i INSTANCE_ID Description Returns a boolean indicating if the instance with INSTANCE_ID has PRODUCT_CODE attached to it It returns true if the given product code is attached to the instance with the given instance id It returns false if the product code is not attached to the instance API Version 2007 03 01 117 Amazon Elastic Compute Cloud Developer Guide Output This command can only be executed by the owner of the AMI This is useful when an AMI owner is providing support and wants to verify whether a user s instance is eligible Output A table containing the following information is returned e Product code e Instance ID e Boolean indicating if the product code is attached to the instance e The instance owner s account id Only returned if the product code is attached Errors are displayed on stderr Example Summary ec2 confirm product instance 774F4FF8 i i 10a64379 TI4F4FF8 i 10a64379 true See Also e DescribelInstances e ec2 modify image attribute ec2 add keypair Synopsis ec2 add keypair KEY Description A new 2048 bit RSA key pair is created with the specified name The public key is stored by Amazon EC2 and the private key is displayed on the console The private key is returne
195. yPair Parameter names are case sensitive Element Name Definition Re Type quired KeyName A unique name for this key Yes string Response Tags The following table describes the default response tags included in createKeyPair responses Element Name Definition keyName The key name provided in the original request KeyFingerprint A SHA 1 digest of the DER encoded private key KeyMaterial An unencrypted PEM encoded RSA private key Sample Request API Version 2007 03 01 89 Amazon Elastic Compute Cloud Developer Guide CreateSecurityGroup https ec2 amazonaws com Action CreateKeyPair amp KeyName example key nam amp auth parameters Sample Response lt CreateKeyPairResponse xmlns http ec2 amazonaws com doc 2007 03 01 gt lt keyName gt example key name lt keyName gt lt keyFingerprint gt 1f 5l ae 28 bf 89 e9 d8 1f 25 5d 37 2d 7d b8 ca 9f 5 f1 6f lt keyFingerprint gt lt keyMaterial gt BEGIN RSA PRIVATE KEY MIIEoQIBAAKCAQBuLFg5ujHrtml jnut Suo08Xe56L1T HM8v xkaa3 9EStM3 aFxTHgE1LQiJLChp HungXQ2 9VTc8rclbW01kdi230H5eqkMHGhvEwqa0HWASUM114030 1X 0f2UcPOKCOVUR 4x71Sg 5AU52EQOfanIn3Z081FW7Edp5a3q4DhjG1LUKToHVbicL5E g45zfBI5wlyywwWZfeW UUF3LpGZyq ebIULgqlqTbHkLbCC2r7RTn8vpOWp4 7BGVYGt GSBMpTRP 5hnbzzuqj3itkiLHjU39S2sJCJOTrJUx5 i8BygR4s3mHKBj81 ePQxG1kGbF 6R4yg6sECmXn1 7MROVXODNHZbAGMBAAECggEAY1tsiUsIwD15 91CXirkYGuVfLyLf1Xenxf1I50mDFms mumTqloHO7tr0oriHDR5K7wMcY YY5YkcXNo7mvUVD1pM ZNUJs7rw9gZRTrf7
196. you sign up with Amazon Web Services you are given an AWS Account ID This is your username More detail is provided in the Getting Started Guide Why do my instances take so long to start Amazon EC2 has to move the images around the network before they can be launched For big images and or congested networks this can take several minutes Images are cached to alleviate this problem so it should be less noticeable as you use your images more frequently What happens to my running instances if the machines they are running on go down The instances themselves will be terminated and will have to be relaunched The data on the instances API Version 2007 03 01 149 Amazon Elastic Compute Cloud Developer Guide Operation Information hard drives will be lost Always replicate important data or store it in Amazon S3 Can I use my own kernel Not at present Can I get a bigger smaller differently optimized virtual machine Not at present For now if you need more capacity launch more instances Is there a REST interface to Amazon EC2 Not at present For now you will have to use the SOAP or Query API or the provided API command line tools How does Amazon EC2 handle load balancing With a service as flexible as Amazon EC2 customers can launch any number of load balancing systems within Amazon EC2 The load balancing instances can forward traffic to other systems There are several open source solutions that are in wide u
197. ype identifier GROUP e Name of the deleted group Errors are displayed on stderr Example ec2 delete group websrv GROUP websrv See Also e DeleteSecurityGroup e ec2 add group e ec2 describe groups e ec2 authorize e ec2 revoke API Version 2007 03 01 126 Amazon Elastic Compute Cloud Developer Guide Synopsis ec2 delete keypair Synopsis ec2 delete keypair KEY Description Deletes the named KEY purging the public key from Amazon EC2 Output A table containing the following information is returned e Output type identifier KEYPAIR e Identifier of the deleted keypair e Private key fingerprint Errors are displayed on stderr Example ec2 delete keypair gsg keypair KEYPAIR gsg keypair See Also e DeleteKeypair e ec2 add keypair e ec2 describe keypairs ec2 deregister Synopsis ec2 deregister AMI Description The AMI identified is deregistered This AMI may no longer be used to launch new instances The AMI is not deleted from Amazon S3 Output A table containing the following information is returned e A record type identifier IMAGE API Version 2007 03 01 127 Amazon Elastic Compute Cloud Developer Guide Example e the image identifier that was deregistered Errors are displayed on stderr Example ec2 deregister ami 4f a54026 IMAGE ami 4fa54026 See Also e DeregisterImage e ec2 register e ec2 describe images ec2 describe groups Synopsis
198. zon Elastic Compute Cloud Developer Guide Retrieving the Data Resource amp URI Get the available API versions Q ET http 169 254 169 254 Get the top level metadata items GET ht tp 169 254 169 254 2007 03 01 meta data Get the value of metadatum X where X is from the above list GET ht tp 169 254 169 254 2007 03 01 meta data X Example Request GET http 169 254 169 254 Response 1 0 2007 03 01 Request GET ht tp 169 254 169 254 2007 03 01 meta data Response ami id ami launch index ami manifest path instance id hostname local ipv4 public keys reservation id security groups Request GET ht tp 169 254 169 254 2007 03 01 meta data ami manifest path Response my amis spamd image manifest xml Request GET ht tp 169 254 169 254 2007 03 01 meta data ami id Response ami 5bae4b32 Request GET ht tp 169 254 169 254 2007 03 01 meta data reservation id Response r fea54097 Request GET ht tp 169 254 169 254 2007 03 01 meta data hostname Response API Version 2007 03 01 21 Amazon Elastic Compute Cloud Developer Guide Retrieving the Data Resource amp URI Get the list of available public keys GET ht tp 169 254 169 254 2007 03 01 meta data public keys In which formats is public key 0 available GET ht tp 169 254 169 254 2007 03 01 meta data public keys 0 Get public key 0
Download Pdf Manuals
Related Search