Commercial Products
Dec '08
10

Using Amazon EC2 In Europe

posted by delano

If you're worked with EC2 before, there are a couple things you need to know to get started with launching machine instances in Europe. SSH Keys and AMIs are not shared between regions. We're going to create both of these and then launch an instance in Europe. There's also a new parameter --region which you need to use to interact with the new availability zones. Let's giver'.

Create an S3 bucket in Europe

AMIs are stored in S3 so you need a bucket in Europe if you don't have one already (you'll probably want a new one for your machine images anyway). There's a Firefox extension called S3Fox that can help you do this (check the box labeled, "Place this bucket in Europe"). Note that S3Fox is quirky and ugly almost to the point where it's offensive. But it works and it's easier than writing a script. The free version of RightScale can do this too. You can also use S3Tools to create buckets but I've never used them so I can't recommend them.

Copy an AMI from the US to EU

You have two choices: re-bundle your running instance(s) or copy your existing images with the ec2-migrate-bundle tool. If you choose to re-bundle, follow the steps you normally would (described in the developer guide) and then upload the bundle to Europe (also in the developer guide).

The easiest approach is to use the ec2-migrate-bundle tool. You'll need to install the latest AMI tools to a Linux or Windows machine near you (these will not work on OSX). As a side note, the AMI tools are written in Ruby which is interesting because the API tools are written in Java.

$ ec2-migrate-bundle --location EU --cert /mnt/cert-*.pem --privatekey /mnt/pk-*.pem \
--access-key ORANGEJUICE --secret-key SUp0rS3kRu7 \
--bucket BUCKET-IN-US --destination-bucket BUCKET-IN-EU \ 
--manifest IMAGE.manifest.xml 

Note: If you're running this command on an EC2 instance, you'll need to upload your encryption keys first:

$ scp -i PATH/2/private-key PATH/2/cert-*.pem PATH/2/pk-*.pem root@YOURMACHINE:/mnt/

From your local machine, run the follow to tell EC2 that your new Europe image exists:

$ ec2-register --region eu-west-1 BUCKET-IN-EU/IMAGE.manifest.xml

Update API Tools

You won't be able to see your image yet b/c you need to update your API tools. You should run these on a real, physical machine. Why? Because it's a good rule of thumb for keeping your keys secure. If you copy them to a machine instance, you could forget them and they could end up being available on every instance you startup.

Now you'll be able to see your machine images in Europe:

$ ec2-describe-images --region eu-west-1 -o self

You'll be able to see the regions and availability zones:

$ ec2-describe-regions
REGION  eu-west-1   eu-west-1.ec2.amazonaws.com
REGION  us-east-1   us-east-1.ec2.amazonaws.com

$ ec2-describe-availability-zones --region eu-west-1
AVAILABILITYZONE    eu-west-1a   available  eu-west-1
AVAILABILITYZONE    eu-west-1b   available  eu-west-1

You can make Europe your default region by adding the EC2_URL variable to your environment:

# Unix and Unix-like:
export EC2_URL=https://eu-west-1.ec2.amazonaws.com

# Windows:
set EC2_URL=https://eu-west-1.ec2.amazonaws.com

Create an SSH key in Europe

Before you can launch an instance in Europe, you need to create a new SSH key:

$ ec2-add-keypair eu-west-1-key --region eu-west-1

The output of this command is your private key. Save it in a secure location! You'll need to make sure it's only readable by you (chmod 600 eu-west-1-key). SSH won't use it otherwise.

Create a security group in Europe

The default security group won't allow you to SSH in to your new instance. You can create a new group with these commands:

$ ec2-add-group --region eu-west-1 -d "Potato Storage" potato
GROUP   potato  Potato Storage

$ ec2-authorize --region eu-west-1 -p 22 potato
GROUP       potato  
PERMISSION      potato  ALLOWS  tcp 22  22  FROM    CIDR    0.0.0.0/0

If security groups are new to you, be sure to check out the documentation and firewall examples. Twenty Rules for Amazon Cloud Security is a good read too.

Launch an instance in Europe (finally!)

$ ec2-run-instances --region eu-west-1 --availability-zone eu-west-1b \
--key eu-west-1-key --group potato -t m1.small ami-XXXXXXXX

Use the following command to see when it becomes available:

$ ec2-describe-instances --region eu-west-1

Once it does, log in and have some fun!

$ ssh -i PATH/2/eu-west-1-key root@ec2-XX-XXX-XX-XXX.eu-west-1.compute.amazonaws.com

Don't forget to terminate the instance!

$ ec2-terminate-instances --region eu-west-1 i-XXXXXXXX

Extra Stuff

There's more information about regions in the Amazon EC2 Regions Guide.

Enjoy running your apps in style!

I'm Delano Mandelbaum, the founder of Solutious Inc. I've worked for companies large and small and now I'm putting everything I've learned into building great tools. I recently launched a monitoring service called Stella.

You can also find me on:

-       Delano (@solutious.com)

Solutious is a software company based in Montréal. We build testing and development tools that are both powerful and pleasant to use. All of our software is on GitHub.

This is our blog about performance, development, and getting stuff done.

-       Solutious