Currently Being Moderated

Now that John Moy has done all of the hard work setting up an EC2 instance and installing NetWeaver Gateway from scratch, and documented the process in his three blogs, I thought I’d just add my two cents as a wannabe-system administrator on some AWS features which make operating an EC2 system a little simpler.

 

First things first: networking. AWS EC2 instances get assigned a public IP address and matching DNS name upon start-up. However, this is a dynamic address and will be different every time the instance is started. It’s also not terribly nice to remember - for example, right now the DNS name is ec2-54-251-14-47.ap-southeast-1.compute.amazonaws.com, but it would be different the next time we started it.

 

 

Elastic IP Addresses

Amazon of course offers a solution for this - Elastic IP addresses. Basically these are static IP addresses on the public Internet which are “rented” to your account and can be assigned to any running EC2 instance via the management console. Since IPv4 addresses are getting quite rare, they are not free. But they are cheap: $0.005 per hour when not assigned to a system. When it is assigned to a running EC2 instance, it’s free!

 

So let’s get one of those:

 

 

Step

Screenshot

In the EC2 Management console, go to Elastic IPs under the Network & Security group. image02.jpg
Click Allocate New Addressimage06.jpg
The default is fine - we want an address for EC2 - so just click Yes, Allocatezimage07.jpg
And we’re done! Our new, static IP address is shown zimage10.jpg
Now, we could manually assign this Elastic IP address to a running EC2 instance by right-clicking the IP address and choosing Allocate, but this assignment is lost every time the instance is shut down. So to avoid having to do this step every time, we’re going to automate it!image22.jpg

 

 

 

 

The Amazon EC2 API Tools

Luckily for us, almost any functionality in AWS is available via rich APIs, and Amazon even supplies tools which interact with those APIs. Which is convenient because we can automate otherwise tedious manual tasks, such as assigning that Elastic IP address every time we start the system.

 

 

Step

Screenshot

Log on to your EC2 instance using Remote Desktop. Using the Firefox browser you installed earlier, go to this URL: http://aws.amazon.com/developertools/351/
Click the Download the Amazon EC2 API Tools link under the Download heading and save the ZIP file to the D: drive of your server.
Open the zip file, and copy the folder ec2-api-tools-1.5.6.0 into the clipboard using Ctrl+C
Open a Windows Explorer window, and browse to C:\Program Files\Amazon and paste the directory here using Ctrl+V.
image03.png
Before we can actually use the tools, we need to meet a few more prerequisites such as a Java Runtime Environment. Using Firefox again, browse to http://www.java.com and follow the prompts to download the installer.

 

Double-click the installer and run through its prompts.

Next we need to set some environment variables. We do this by going to the Control Panel in Windows via Start > Control Panelimage05.png
In the search box in the top right, type variable to quickly find the entry Edit the system environment variables. Click on it to open the dialog. image15.png
Click on the Environment Variables buttonimage16.png
In the bottom section, find the variable called Path, and click the Edit button.

 

Assuming you installed the EC2 API tools in the folder mentioned earlier, simply add the following text to the end of the string:

 

;C:\Program Files\Amazon\ec2-api-tools\bin

 

Please make sure you include the semicolon!
image27.png
While we’re here, let’s add a new variable called JAVA_HOME using the New button. If you installed the latest version of the Java Runtime Environment into the default location, then the variable value should be:

 

C:\Program Files (x86)\Java\jre7

 

Click OK to save this.
image19.png
For the moment, we need one more variable called EC2_HOME. Follow the same process as above, and set its value to:

 

C:\Program Files\Amazon\ec2-api-tools-1.5.6.0

 

Leave this window open, we’ll need to create more variables in a moment.
image01.png
Now that we have set up the prerequisites for running the EC2 API tools, let’s configure them for our account. The AWS documentation provides some details on this here
First of all, we need to tell our tools which AWS Availability Zone the server is in. Earlier during the install process, we chose South-East Asia; if you chose a different region then the URL here will be different for you. To find out, go to Start > Run and enter cmd followed by the Enter key. image25.png
Run the command ec2-describe-regions, and note down the long string ending in “amazonaws.com” which matches the Availability Zone our EC2 instance is running in.

 

In our case, this is ec2.ap-southeast-1.amazonaws.com
zimage18 - Version 2.jpg
Going back to the Environment Variable screen, create a new System Variable called EC2_URL with a value of https://, followed by the string we just found from the commandline.

 

In our case, this is https://ec2.ap-southeast-1.amazonaws.com
image26.png
Now we need to authorise the client tools to access our AWS account and act on our behalf in order to automate things. We do this by installing the private key and X.509 certificate associated with the AWS account.

 

Using Firefox on the server again, go to your AWS Account page and log in with your AWS account here: https://portal.aws.amazon.com/gp/aws/manageYourAccount

 

Once there, click on Security Credentials.
zimage28 - Version 2 (1).jpg
Under the Access Credentials heading, click on the X.509 Certificates tab, then on the Create a new Certificate link. image20 - Version 2 (1).jpg
Download both the Private Key File and X.509 Certificate to the server. I would suggest creating a new folder called D:\aws and saving both files there.

 

Once you click “Close”, these files will not be accessible again, so this is important!
image09.png
Once downloaded, D:\aws should look like this: image21.png
Now we need to tell the API tools where to find those certificates. You guessed it - more Environment Variables!

 

Going back to the Environment Variable screen, create two new System Variables: One called EC2_CERT with a value of the complete file path to the cert-... file we just downloaded, and another called EC2_PRIVATE_KEY whose value is the complete path of the pk-... file we downloaded.
image13.png
Now, it seems like a long time ago but the whole purpose behind setting up these tools was to automate the process of assigning an elastic IP address to this EC2 instance. So let’s go:
First we need to find the ID of our EC2 instance. Conveniently, this is at the top of the information printed on the Desktop background of our system!

 

Note this for the next step.
image14.jpg
Start Notepad by Going to Start > Run and typing notepad followed by the Enter key. image29.png
Enter the following into notepad:

 

ec2-associate-address -i <instance ID> <Elastic IP address>, substituting the instance ID from two steps ago and the Elastic IP address we created earlier.

 

Next, go to File > Save As and save the file in a convenient folder such as the D:\aws folder we created earlier.

 

Make sure you save it with a .bat file extension, which is possible once you select All Files from the second drop-down.

 

And we have a script which assigns the Elastic IP address automatically to our server!
image11 - Version 2 (1).jpg
Now we just need to execute this script as part of the server’s booting process. Here’s how to do that:

 

Go to Start > Run and launch GPEdit.msc (The Local Group Policy Editor):
image17.png
In the Local Group Policy Editor, go into Computer Configuration > Windows Settings > Scripts (Startup/Shutdown), and double-click the Startup entry on the right. image00 - Version 2.jpg
Click the Add button and Browse to the .bat script we created earlier.

 

In our example, this is D:\aws\assignElasticIP.bat
image12.png
Click OK and you should see this:image08.png
Click OK again and you’re done! Every time the system boots up now, it will run this script which will assign the static, unchanging Elastic IP address to itself. Your Gateway system now has an address which can be referenced from bookmarks, JavaScript code or anywhere else that a frequently-changing IP address or server name is not convenient.

 

Let’s test it!

Log out of Remote Desktop, and log into your AWS Management Console from your local PC here: http://console.aws.amazon.com/ec2

 

Stop your instance by right-clicking it in the list and choosing Stop from the menu. Wait for the shutdown to finish which could take a minute or so.

 

When the instance has shut down, start it again by choosing Start from the same right-click menu. Wait for it to start up, which could take a minute or two.
image23 - Version 2 (1).jpg
When the instance has finished booting, its status will change to green and the Elastic IP address we created and assigned via the script should now be displayed in the properties area.

 

You may need to click the Refresh button once or twice for this to update.

 

If this is the case, then our changes were successful and the server can not be accessed via this static IP address.

 


If you have control of a domain such as mydomain.com, you could now assign a DNS hostname such as gw.mydomain.com by creating an A record which maps gw.mydomain.com to your Elastic IP address! I won’t go into the details here as this will depend on how the DNS is setup for your domain if you have one.
image24 - Version 2 (1).jpg

 

That's it for now! The EC2 API tools are really a treasure-trove of functionality and there would be many more ways of automating manual tasks with the EC2 infrastructure. Chris Paine alluded to some of this in his recent blog on managing their AWS systems, and I'm sure there are many more!

Comments

Actions

Filter Blog

By author:
By date:
By tag: