Now that John Moy has done all of the hard work setting up an EC2 instance and installing NetWeaver Gateway from scratch, and documented the process in his three blogs, I thought I’d just add my two cents as a wannabe-system administrator on some AWS features which make operating an EC2 system a little simpler.
First things first: networking. AWS EC2 instances get assigned a public IP address and matching DNS name upon start-up. However, this is a dynamic address and will be different every time the instance is started. It’s also not terribly nice to remember - for example, right now the DNS name is ec2-54-251-14-47.ap-southeast-1.compute.amazonaws.com, but it would be different the next time we started it.
Elastic IP Addresses
Amazon of course offers a solution for this - Elastic IP addresses. Basically these are static IP addresses on the public Internet which are “rented” to your account and can be assigned to any running EC2 instance via the management console. Since IPv4 addresses are getting quite rare, they are not free. But they are cheap: $0.005 per hour when not assigned to a system. When it is assigned to a running EC2 instance, it’s free!
So let’s get one of those:
The Amazon EC2 API Tools
Luckily for us, almost any functionality in AWS is available via rich APIs, and Amazon even supplies tools which interact with those APIs. Which is convenient because we can automate otherwise tedious manual tasks, such as assigning that Elastic IP address every time we start the system.
|Log on to your EC2 instance using Remote Desktop. Using the Firefox browser you installed earlier, go to this URL: http://aws.amazon.com/developertools/351/|
|Click the Download the Amazon EC2 API Tools link under the Download heading and save the ZIP file to the D: drive of your server.|
|Open the zip file, and copy the folder ec2-api-tools-188.8.131.52 into the clipboard using Ctrl+C. |
Open a Windows Explorer window, and browse to C:\Program Files\Amazon and paste the directory here using Ctrl+V.
|Before we can actually use the tools, we need to meet a few more prerequisites such as a Java Runtime Environment. Using Firefox again, browse to http://www.java.com and follow the prompts to download the installer.|
Double-click the installer and run through its prompts.
|Next we need to set some environment variables. We do this by going to the Control Panel in Windows via Start > Control Panel|
|In the search box in the top right, type variable to quickly find the entry Edit the system environment variables. Click on it to open the dialog.|
|Click on the Environment Variables button|
|In the bottom section, find the variable called Path, and click the Edit button.|
Assuming you installed the EC2 API tools in the folder mentioned earlier, simply add the following text to the end of the string:
Please make sure you include the semicolon!
|While we’re here, let’s add a new variable called JAVA_HOME using the New button. If you installed the latest version of the Java Runtime Environment into the default location, then the variable value should be:|
C:\Program Files (x86)\Java\jre7
Click OK to save this.
|For the moment, we need one more variable called EC2_HOME. Follow the same process as above, and set its value to:|
Leave this window open, we’ll need to create more variables in a moment.
|Now that we have set up the prerequisites for running the EC2 API tools, let’s configure them for our account. The AWS documentation provides some details on this here.|
|First of all, we need to tell our tools which AWS Availability Zone the server is in. Earlier during the install process, we chose South-East Asia; if you chose a different region then the URL here will be different for you. To find out, go to Start > Run and enter cmd followed by the Enter key.|
|Run the command ec2-describe-regions, and note down the long string ending in “amazonaws.com” which matches the Availability Zone our EC2 instance is running in.|
In our case, this is ec2.ap-southeast-1.amazonaws.com
|Going back to the Environment Variable screen, create a new System Variable called EC2_URL with a value of https://, followed by the string we just found from the commandline.|
In our case, this is https://ec2.ap-southeast-1.amazonaws.com
|Now we need to authorise the client tools to access our AWS account and act on our behalf in order to automate things. We do this by installing the private key and X.509 certificate associated with the AWS account.|
Using Firefox on the server again, go to your AWS Account page and log in with your AWS account here: https://portal.aws.amazon.com/gp/aws/manageYourAccount
Once there, click on Security Credentials.
|Under the Access Credentials heading, click on the X.509 Certificates tab, then on the Create a new Certificate link.|
|Download both the Private Key File and X.509 Certificate to the server. I would suggest creating a new folder called D:\aws and saving both files there.|
Once you click “Close”, these files will not be accessible again, so this is important!
|Once downloaded, D:\aws should look like this:|
|Now we need to tell the API tools where to find those certificates. You guessed it - more Environment Variables!|
Going back to the Environment Variable screen, create two new System Variables: One called EC2_CERT with a value of the complete file path to the cert-... file we just downloaded, and another called EC2_PRIVATE_KEY whose value is the complete path of the pk-... file we downloaded.
|Now, it seems like a long time ago but the whole purpose behind setting up these tools was to automate the process of assigning an elastic IP address to this EC2 instance. So let’s go:|
|First we need to find the ID of our EC2 instance. Conveniently, this is at the top of the information printed on the Desktop background of our system!|
Note this for the next step.
|Start Notepad by Going to Start > Run and typing notepad followed by the Enter key.|
|Enter the following into notepad:|
ec2-associate-address -i <instance ID> <Elastic IP address>, substituting the instance ID from two steps ago and the Elastic IP address we created earlier.
Next, go to File > Save As and save the file in a convenient folder such as the D:\aws folder we created earlier.
Make sure you save it with a .bat file extension, which is possible once you select All Files from the second drop-down.
And we have a script which assigns the Elastic IP address automatically to our server!
|Now we just need to execute this script as part of the server’s booting process. Here’s how to do that:|
Go to Start > Run and launch GPEdit.msc (The Local Group Policy Editor):
|In the Local Group Policy Editor, go into Computer Configuration > Windows Settings > Scripts (Startup/Shutdown), and double-click the Startup entry on the right.|
|Click the Add button and Browse to the .bat script we created earlier.|
In our example, this is D:\aws\assignElasticIP.bat
|Click OK and you should see this:|
Let’s test it!
|Log out of Remote Desktop, and log into your AWS Management Console from your local PC here: http://console.aws.amazon.com/ec2|
Stop your instance by right-clicking it in the list and choosing Stop from the menu. Wait for the shutdown to finish which could take a minute or so.
When the instance has shut down, start it again by choosing Start from the same right-click menu. Wait for it to start up, which could take a minute or two.
|When the instance has finished booting, its status will change to green and the Elastic IP address we created and assigned via the script should now be displayed in the properties area.|
You may need to click the Refresh button once or twice for this to update.
If this is the case, then our changes were successful and the server can not be accessed via this static IP address.
If you have control of a domain such as mydomain.com, you could now assign a DNS hostname such as gw.mydomain.com by creating an A record which maps gw.mydomain.com to your Elastic IP address! I won’t go into the details here as this will depend on how the DNS is setup for your domain if you have one.
That's it for now! The EC2 API tools are really a treasure-trove of functionality and there would be many more ways of automating manual tasks with the EC2 infrastructure. Chris Paine alluded to some of this in his recent blog on managing their AWS systems, and I'm sure there are many more!