Categories
Amazon Web Services AWS EC2

Recover From 120 Day Terminal Services Eval Time Bomb in Windows Servers on EC2

I’ve always been frustrated by Windows messages like, “please see your administrator. . .”  I AM the administrator, I don’t need to see myself, I need useful information to lead me in the right direction to troubleshoot and correct a problem.

Here’s a new one that really frustrated me this week.  I have several Amazon EC2 servers.  Most of which run Windows 2003 or Windows 2008.  Often when I start a server for our development team I will install Terminal Services (120 day eval) so more than two developers can connect at a time with RDP.  Usually those servers are in use for a few weeks to a couple months.  Every so often they are used over four months.  Well, as that time approaches Windows kindly displays reminders as to how many days remain in the trial.  We see this so often it just gets ignored.

Well, after the 120 days we can’t login to the box any longer, which sucks in and of itself, especially since we can only use RDP (unless we installed something else) to connect to these servers and cannot log on to the console.  The first few times this happened I had to scrap the server and start a new instance.  I have since figured out a work-around. . .

It used to be that after the 120 days was up a nice, informative message was displayed (don’t remember the exact wording) that basically said, “time is up you cheap bastard.  You cannot log in to this server any longer and must pay the mighty Micro$oft.”  Or something like that.

Now for some reason I’m getting the message, “To log on to this remote computer, you must have Terminal Server user Access permissions on this computer.  by default, members of the Remote Desktop Users group have these permissions.  If you are not a member of the Remote Desktop users group or another group that has these permissions, or if the Remote Desktop User group does not have these permissions, you must be granted these permissions manually.”

When I first saw this new message it scared me.  Recently we had some employees leave under less-than-ideal circumstances.  And while I was careful to disable their accounts on our production servers I missed a couple of the dev servers.  My first thought was that one of these guys removed my account and all others from the Administrators group.  After all, that’s what the message indicated.  I was able to connect to the crippled server from another EC2 server with Computer Management where I reviewed the security event logs and found nothing afoul.  I also checked the date on NTUSER.DAT for all users.  Again, no smoking gun.

When the same thing happened to another server last night I began to get more worried.  What in the world was happening?  After some crack investigation on my part I was also not able to find anything on this other server which would lead me to the culprit.

I did discover though that both servers had been started initially about four months ago.  This really got me thinking that perhaps the 120 day terminal services time bomb might be the problem.

As I mentioned earlier I discovered how to reset this 120 days on a Windows server running on EC2 – image the machine.  While imaging an EC2 server has a couple of annoying side-effects, like resetting the timezone to Pacific time and creating a new certificate, it does whatever is required by Windows to reset the time to 0 for things like 120 day eval of TS.

Not trying to cheat the system here, just pointing out a way I found to logon to a server I thought was toast.  We are actually done with both of these servers and can terminate them now anyway.

Categories
Amazon Web Services AWS EC2

What is the Maximum Drives for an EC2 Windows Instance? – EBS Volume Limit

Yesterday while I was doing some performance testing on Amazon EBS (elastic block storage) volumes attached to a Windows AMI (Amazon machine instance) I ran into an unanticipated issue – the maximum number of drives associated with an EC2 Windows server was lower than I expected.  The max connected drives is 12 – this includes both ephemeral drives and EBS volumes.  This is a little bit of a surprise, especially since Linux instances are supposed to handle 16.

NOTE: This article is about instance-store instances.  For information about drive limitations on EC2 Windows EBS-backed instances see, “Maximum EBS Volumes on EC2 Windows EBS-backed Instances.”

I haven’t run across this little tidbit anywhere, nor could I find it today when specifically searching for it, so I thought I’d post a few details about my findings.

First off, yesterday I spun up an Extra Large Instance (AKA m1.xlarge) and created a dozen or so 5GB EBS volumes and began attaching them to the instance.  Since I was creating several I used the EC2 command line tool ec2-create-volume:

ec2-create-volume -s 5 -z us-east-1d

In the preceding command the “-s 5” creates a 5GB volume and “-z us-east-1d” creates the volume in the specified Amazon Availability Zone, which by the way, has to match that of the instance to which you will attach the volume.

I attached some volumes using ElasticFox. . .

. . . then attached some with the EC2 command line tool ec2-attach-volume:

ec2-attach-volume vol-0d62c264 -i i-999919f2 -d xvdk
ec2-attach-volume vol-0362c26a -i i-999919f2 -d xvdl
ec2-attach-volume vol-0562c26c -i i-999919f2 -d xvdm

Doing this particular task isn’t for the faint of heart as you have to specify the device name (-d xvdm, for example) which has to be unique for each volume attached to a server instance.  You may find it easier generally to use ElasticFox or the AWS Management Console.

Let me take just a moment to point out that, depending on the instance type, you will already have two or more drives.  For example the instance I used here, m1.xlarge, has a 10GB “C drive,” and four 420GB drives, D, E, F & G (by default) in Windows.  In Windows Disk Management these will be disks 0-4.  As you add an EBS volume it will be Disk 5, and so on.

I actually attached five EBS volumes in one fell swoop from the command line, and much to my chagrin I immediately lost connectivity to my instance – I had an RDP session open at the time which immediately quit responding.

Since I lost connectivity to the instance and couldn’t re-establish a Remote Desktop connection I manually rebooted the instance with ElasticFox.  However, this didn’t work.  Initially I thought I had overlapped a device name which the instance couldn’t handle so I detached the five EBS volumes previously attached from the command line and rebooted the instance.  I was overjoyed when I was able to login again.

Next I set about to more carefully attach the volumes, which I did one at a time with ElasticFox.  Again, after attaching the five additional volumes my instance stopped responding.  At this point I wasn’t sure if I had reached the limit of attached volumes, if one or more volumes had some sort of problem, or if someone at Amazon was messing with me.  I had to find out so I did some testing. . .

I starting running a continuous ping (tcping actually) to the instance (so I would know if/when it crapped out and when it was back online after rebooting) and set about testing connecting EBS volumes to the instance. Sure enough, every time I connected too many EBS volumes the instance would hang.  I wanted to test this against instances with more (and less) ephemeral drives so I also started up a Small Instance (AKA m1.small) and the mack-daddy of them all a High-Memory Quadruple Extra Large Instance (AKA m2.4xlarge).  These two instance types come “out-of-the-box” with two and three drives each, respectively.

Don’t believe me on the m2.4xlarge instance?

So, with all three server types, m1.small, m1.xlarge and m2.4xlarge running Windows the magic number of (total) drives was 12 before I started having problems.  An interesting note is that you can actually add a 13th drive and everything appears to be fine.  It’s when you add the 14th drive that all hell breaks loose & you instantly lose access to the instance.  Once this happens you have to detach two volumes then forcibly reboot the instance before it starts to respond.  It certainly is good that you can at least regain access.

Remember how I said everything appears to be fine after adding the 13th drive?  Well, appearances aren’t everything. . .  What I found was that although you could connect the 13th drive/volume & the instance seems fine, when you reboot it the instance doesn’t come back online.  I had to detach the 13th drive then forcibly reboot the instance before I could connect.

Another interesting note is that the device names went up to xvdp (which is actually displayed as the highest device letter when attaching volumes in ElasticFox) then started back at xvdf.

Device range when attaching volumes in ElasticFox:

Attached EBS volumes:

The bottom line is that through a little work yesterday and today I was able to determine definitively that Windows instances (at least instance-store, or S3-backed instances running Windows 2003 – not sure about Windows 2008 on EBS-backed storage) cannot have more than 12 total drives attached.

See also:

Categories
AWS EC2 tcping tcping examples tcping.exe

Ping Amazon EC2 Server Instances – How To

By default Amazon EC2 instances don’t respond to ICMP requests, i.e. ping.  Of course there are several reasons why one may want to ping an Amazon EC2 instance, including verifying if it is online and to test latency.  As with most things there is more than one approach to this issue.

First, you could enable ICMP through Amazon security groups.  This can be done easily with the Amazon Management console, ElasticFox or EC2 command line tools.  You could open it up to the whole world:

ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0

. . . or, specific IP addresses or ranges:

ec2-authorize default -P icmp -t -1:-1 -s <IP Address>

Another approach would be to use TCPing (works with both Linux and Windows – see Ping Over TCP with tcping.exe in Windows or tcping for Linux).  I like to use this method because you can test general connectivity over specific ports.  For example you could use

tcping ec2-75-101-206-107.compute-1.amazonaws.com

to test connectivity to the specified server over the default port 80.  Or you could specify a port, like 22 for SSH or 3389 for RDP:

tcping ec2-75-101-206-107.compute-1.amazonaws.com 22

One method I use to determine when an EC2 instance that is first starting comes online, or when a restarting instance is again online (either from a reboot or bundling the EC2 instance), is to use tcping to send a ping continuously every second.  You could use the command:

tcping -t -i 1 ec2-75-101-206-107.compute-1.amazonaws.com

This very useful as you can essentially track the progress of the instance coming online, then becoming available.  At first you will receive the message, “Connection timed out. . .”  This indicates that tcping is not getting a response at all, i.e. that the instance cannot be reached.  Once the instance starts, but the OS isn’t fully available the message, “Connection refused. . .” will be the result.  This means tcping can reach the machine (the network card and TCP/IP stack are available), however, the port you are probing, 80 in this case, isn’t accepting connections.  Then, when it’s available (on the specified port) it will respond with the message, “Port is open. . .”

I like to use the interval of 1 second as it is useful in determining how long an instance was offline and the duration of each stage.

For more info see the following posts.

Categories
Amazon Web Services CloudBerry EC2 S3 S3.exe

Amazon S3 Command Line Utilities for Windows

I’ve searched high and low for a good all around command line utility to interact with Amazon S3 buckets from Windows.  While I’m still searching for just the right utility for me here are a few which I use from time-to-time.   Why use more than one, you ask?  Well, since I haven’t found just the right one for all occasions I use the one that works best for the particular task at hand.

S3.exe
S3.exe is a Windows command-line utility for Amazon’s S3 & EC2 web services that requires no installation, is a single .EXE file with no DLLs, and requires only .NET 2.0 or Mono, so it will work on a plain Windows installation.

Key Features

  • Efficiently uploads and downloads large numbers of files (or whole directories) between Amazon S3 and Windows PCs.
  • Everything is in one .EXE. Nothing to install or configure, just download it where it’s needed and run it.
  • Doesn’t require anything except .NET 2.0 or Mono.
  • Works well in an automated backup solution or as an ad-hoc system administration tool.
  • Can split large files into chunks for upload without creating any temporary files on disk.
  • Can use HTTP HEAD command to quickly determine which files don’t need to be uploaded because they haven’t been updated (/sync).
  • Support for various EC2 operations as well.

CloudBerry Explorer PowerShell Snap-in
CloudBerry Explorer offers PowerShell extension to manage file operations across Amazon Simple Storage Service (Amazon S3) and file system.  The CloudBerry Explorer PowerShell Snap-in allows using the majority of Amazon S3 functionality. You can combine CloudBerry Explorer commands with PowerShell commands. PowerShell is designed to operate with Net objects, so you are not limited with command syntax. You can write complicated scripts with loops and conditions. You can schedule periodical tasks like data backup or cleanup.

#Sh3ll (Amazon S3 command shell for C#)
#Sh3ll (pronounced sharp-shell) is a C# based command shell for managing your Amazon S3 objects.  It is open source and provided by SilvaSoft (click to download #sh3ll and for more information). #Sh3ll is built upon the Amazon S3 REST C# library, and it runs on both .NET 1.1 and .NET 2.0.

Also from SilvaSoft:

  • Sh3ll – Amazon S3 command shell for Java
  • rSh3ll – Amazon S3 command shell for Ruby
Categories
Amazon Web Services EC2 Linux Windows 2008

Windows 2008 Server on Amazon’s EC2 – a First Look

Within a couple hours of Amazon’s announcement of the availability of Windows 2008 machine images (AMI’s) on their EC2 (Elastic Compute Cloud) platform a few days ago I had to give it a try – see my previous post, “Amazon EC2 Now Offers Windows Server 2008 – Finally!”

I used RightScale to locate and launch a Windows 2008 instance.

Now that I know the AMI (ami-5a07e533) I can easily launch instances in the future from the command line using Amazon’s command line tools:

ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a

Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.

Here are a couple things I noticed:

  • I knew the 10GB “C” drive partition Windows 2003 instances have wouldn’t be big enough for Windows 2008 so I started there. I was pleasantly surprised to see a 30GB partition, however that’s all, it didn’t have a “D” drive like with other instances (both Linux and Windows 2003 have a 340GB partition, at least on m1.small instances, larger instances have larger data drives). Needless to say I was a little disappointed the Windows 2008 instance didn’t have an additional drive for data. Guess I’ll just have to use EBS (Elastic Block Storage) volume(s).
  • Looks like the Windows 2008 instances are priced the same as the Windows 2003 instances, albeit a with a little disk space – probably have to squeeze a little more $$$ out of us to pay the mighty Microsoft. When you break it down it could actually cost you quite a bit more for Windows 2008 than 2003.

Windows 2003 small instance: 720 hour/mo. * $.12 = $86.40 per month.
Windows 2008 small instance: 720 hour/mo. * $.12 = $86.40 per month + $36 (to make up for the lost disk space) = $122.40 per month, or 30% more.

Of course I had to check the Windows Update status & found it needed 14 “recommended” or critical updates, which I promptly installed. Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday. But even still I hoped the image would have been a little more up-to-date.

While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.

Another feature Amazon announced recently, “Booting From Amazon EBS,” is being used by the Windows 2008 instances. This is what enables the larger system partition, or “C” drive. This also enables the ability to “shutdown” the instance, then you can start it back up at a later time & it will pick up where it left off. While the machine is shutdown you won’t be charged for computing resources time, but you will still be charged for the EBS volume(s) on which the server is based.

Bundling an Instance Backed by Amazon EBS
One common use case is the desire to make a point‐in‐time copy of the contents of the root device so that another instance could boot off of that image. Images are typically created for backup purposes or to make clones of the existing instance. Previously, this process on Linux required you to create an image of your instance on the instance itself and no APIs were available to assist. On Windows, there was an API that you could call to create an image of the instance, but had to make another subsequent call to register the AMI. Now, there is one API for both Linux/UNIX and Windows that allows you to bundle your AMI backed by Amazon EBS and register it.

After setting up and playing with my new EC2 Windows 2008 server for a while I shut it down so I could start it up in the future when I’m ready to dive a little deeper into it. Right now it’s costing me $3 a month to sit there – not bad.

All in all I’m glad Amazon finally supports Windows 2008 & it seems to function just fine. My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus. I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I’ll have to pay $32/mo. more to get that back – the more I think about it I’m a lot disappointed about the hidden price increase.

Categories
Amazon Web Services AWS EC2 Linux Windows 2008

Amazon EC2 Now Offers Windows Server 2008 – Finally!

I opened my email this morning and much to my pleasure I found this announcement from Amazon:

Amazon EC2 Now Offers Windows Server 2008
Starting today, Amazon EC2 now offers Microsoft Windows Server 2008 and Microsoft SQL Server® Standard 2008 instances in all Amazon EC2 Regions. This new announcement extends Amazon EC2’s existing Microsoft-based offerings that include Windows Server 2003 and SQL Server 2005 instances. Like all services offered by AWS, Amazon EC2 running Windows Server or SQL Server offers a low-cost, pay-as-you-go model with no long-term commitments and no minimum fees. Please visit the Amazon EC2 service page for more information on using Amazon EC2 running Windows


It’s about time!


Of course, I had to give it a try.  I accessed my account with Elasticfox and browsed through the images, but didn’t immediately find a Windows 2008 image, so I headed over to RightScale, found what I was looking for and immediately launched an instance.  I launched it through RightScale (which I do sometimes anyway) because I was in a hurry to get to a meeting and didn’t see the AMI ID.  So I started it and headed to my meeting while it spun up.




Now that I know the AMI (ami-5a07e533) I can launch instances in the future from the command line using Amazon’s command line tools:

ec2-run-instances ami-5a07e533 -n 1 -g <group1> -g <group2> -g <group3> -k <My AWS Key> -t m1.small -z us-east-1a


Once it was up and running I got the administrator password in ElasticFox, launched RD & went to work checking it out and setting it up to suit my needs.


Here are some of the things I noticed:

  • I knew the 10GB “C” drive partition Windows 2003 instances have wouldn’t be big enough for Windows 2008 so I started there.  I was pleasantly surprised to see a 30GB partition, however that’s it.  No “D” drive like with other instances (both Linux and Windows 2003 have a 340GB partition, at least on m1.small instances, larger instances have larger data drives.)  Needless to say I was a little disappointed the 2008 instance didn’t have an additional drive for data.  Guess I’ll just have to use EBS (Elastic Block Storage).
  • Looks like the Windows 2008 instances are priced the same as the Windows 2003 instances, albeit a with a little disk space – probably have to squeeze a little more $$$ out of us to pay the mighty Microsoft.  When you break it down it could cost you quite a bit more for Windows 2008 than 2003.
    • Windows 2003 small instance: 720 hour/mo. * $.12 = $86.40 per month.
    • Windows 2008 small instance: 720 hour/mo. * $.12 = $86.40 per month + $36 (to make up for the lost disk space) = $122.40 per month, or 30% more.

Of course I had to check the Windows Update status & found it needed 14 “recommended” or critical updates, which I promptly installed.  Probably 1/2 of these were release two days ago by Microsoft on Patch Tuesday.  But even still I hoped the image would have been a little more up-to-date.


While the updates were downloading and installing I tweaked my desktop a little so it would be setup the way I like.


Next I bundled the instance and shut it down.  I used RightScale for the bundling because their interface is easy to use and does it all in one step.  Now I have my own “customized” image to start from when I’m ready to work with Windows 2008 on Amazon EC2 in the future.



All in all I’m glad Amazon finally supports Windows 2008 & it seems to function just fine.  My existing tools, from ElasticFox, to RightScale, to Amazon Command Line Tools, all work with Windows 2008 without any upgrade or modification, which is a definite plus.  I was a little disappointed my small instance has 320GB less storage than a small Linux or Windows 2003 instance, which means I’ll have to pay $32/mo. more to get that back – the more I think about it I’m a lot disappointed about the hidden price increase.

Categories
Amazon Web Services AMI AWS cloud computing EC2 Linux Windows

Amazon Announces Consolidation of Windows AMIs on EC2

Amazon EC2 no longer differentiates between Amazon EC2 running Windows and Amazon EC2 running Windows with Authentication Services. New and existing Windows instances can now run Authentication Services, such as LDAP and Kerberos, at no additional charge. Additionally, any currently running Windows with Authentication Services instances are now charged the same price as Windows instances.

Existing Windows AMIs will be removed starting October 15. If you need the current version of a Windows AMI, please rebundle your own copy of it.

For more information about Windows instances, go to the Amazon Elastic Compute Cloud Developer Guide or Amazon Elastic Compute Cloud User Guide.

Amazon announcement.

Categories
Amazon Web Services AWS CLI cloud computing Command Line EC2 FTP Grep Linux Passwords PuTTY PuTTYgen SSH Windows winscp

Connecting to Amazon AWS from Windows to a Linux AMI

Connecting from Windows to a Linux Server poses problems for the average person to connect, and use their Windows OS to connect to the Linux Server. For some this is enough to put off people from jumping in, or banging their head against the wall wondering why you cannot simply RDP into the server and where is the Admin Password for the Linux box. We are all used to what we are used to, and for many using a public/private key pair is part of the problem. We are not exposed to this in our daily lives, although with cloud computing via AWS you have to become smart in this process. The instructions at Amazon are not written in plain English and it’s hard to find the details.

Here are some handy steps that you can take to get access to your Amazon AWS server (Amazon Web Services) that takes place after you have set up your instance and downloaded your keys. You might want to read this article by Dave Winer to get through the set up of the AMI, downloading your keys and otherwise getting your first AWS instance set up and booted to the point where it is running. This is where this article steps in to help people connect to their Linux server from a Windows Box. For this process, we used the new Windows 7 as our Windows box, and all the software we recommend you download worked great.

When you are building out your system you want to have your instance up and running. You can use any AMI (Amazon Machine Image) that you want to use; in this case we are using the simple LAMP Linux version. You can find the LAMP AMI by searching for “LAMP”. There are some quick GotCha’s that you want to know about before you put a lot of time into an AMI getting it all prepped for what you want to do.

Windows or Linux does not matter, if you terminate the instance there is no way to restart it you will get the no valid actions error. When you terminate an instance you cannot restart it, it is gone, shutdown, lost forever. If you click on Launch, you will be prompted for a new image, regardless of what image you want to restart, so be very careful when you terminate an instance. If you terminate, it will be DOA for life. The image below shows what options you have using the AWS console provided by Amazon (via the Web). Remember, never click on Terminate unless you are completely done with the image and you never want to use it again.

A running Linux instance does not have the “get administrative password” option that Dave talks about in his EC2 for Poets article. With Linux there are some things you have to do to get access. If you search Amazon you will see a ton of words on this subject that again for the average person is a rambling diatribe written by computer geeks for computer geeks. They even offer you a set of tools to download, but if you are running windows many of these tools will not work properly. Here are the tools you need to get started.

Putty – Putty is an SSH terminal client that will tie in with another program that you will download here in a minute. Download PuTTY here.

PuttyGen – You can download this software from the same place you downloaded putty. You will want this program to convert your Amazon Key from Amazon format to PPK format that the next bit of software you will download needs to make the connection to your new Linux server.

WinSCP – WinSCP is a SFTP client and SSH client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol. You can download the software here.

You should have your private key from Amazon when you first started up your AMI. Find the Private key you downloaded from Amazon, or make another key if you have to. Making a key is very easy, you can use Dave’s article, or follow the directions from Amazon which are less cogent but still follow able.

Start the PuttyGen program as shown below.

[PuttyGen1.png]

Find the key that you made when you made your initial image and click on load. You will get a dialog box that wants you to load your key file that you got from Amazon. Find where you dropped your key file (again probably in downloads). Remember to set your file type to * to see all your files (otherwise it will default to looking for a PPK file, which you do not have yet).

Click on OK when you find and enter your file name. You should see the dialog below that shows the Amazon key was successfully converted from the Amazon format to the PPK format that WinSCP needs to work properly.

Click on OK.

Click on Save Private Key. You really need to save your private key at this point. Remember where you saved your brand new PPK extension key (if you forget where you saved it, search your computer for *.ppk). You have made it through the first hurdle, and now you need to fire up WinSCP.

WinSCP

If you skipped everything else and ended up here, WinSCP is a SFTP client and SSH client for Windows. Its main function is the secure file transfer between a local and a remote computer. It uses Secure Shell (SSH) and supports, in addition to Secure FTP, also legacy SCP protocol. You can download it from Source Forge.

Start (You should find it under start/all programs/WinSCP) WinSCP and you should see this after you have installed it

You only have to enter minimal data here, your host name is your EC2 instance, your user name is Root, leave the password BLANK, and click on the three dots for your private key file. If you do not know what your AWS instance is, you can go back to the AWS console and click on connect, you will get a connect help Secure Shell (SSH) help screen. This screen might look bad, but it has all the information you need for the Amazon instance you want to connect to. The screen below shows you what the help screen looks like.

The “enter the following command line” has a lot of information that you need. You can forget about everything before the “@”, you will not need that. Everything after the @ though is the public DNS that you will need to connect to your Amazon instance. You should copy everything after the @ symbol so that what you have looks like this

ec2-72-44-46-XXX.compute-1.amazonaws.com

This is your host name that you want to put into your WinSCP line for host name. The image below show the WinSCP entry screen with all the data filled out.

You want your WinSCP Login screen to look exactly like this, short of the instance name and the PPK key; yours will be different in terms of what is in the Host Name entry, and where you stored your own Private Key file. Remember that your Private Key file is the key you converted in PuttyGen. Click on Login and you will connect to your Amazon EC2 instance.

The good part is now you can tool around the Linux AMI using a graphical interface, and drag and drop files from your computer to the Amazon AMI that you are using.

In WinSCP on the top command ribbon bar you should see two icons as circled below. To get to the Command Line in Linux (remember this is why you downloaded Putty) you want to click on the two PC’s on the top command ribbon shown below.

This will launch the Putty command shell that will allow you to tool around the Amazon AMI. You need to be familiar with the Linux command line because you can do things here that you cannot do in the graphical interface, like bring up the update programs, tool around the OS to get an idea of where things are, use ps –ef |grep PROGRAM to see what programs are running (great for debugging MySQL), and to launch specific MySQL commands. This is what you should see when you click on the two computers graphic in the screen above.

Here are some discovered issues with the AMI that I built out.

MySQL has no password, it is root followed quickly by a blank password. You need to use the MySQL command line to set a password for this as soon as you can. The MySQL website can help you out setting the password.

The AMI in this instance when you look at the security group in the Amazon Web Services Console automatically opened up port 3306 for world wide access to your MySQL database. You want to take this rule out of the configuration, especially if you do not set a password. This is one excellent and easy way for hackers to get into your MySQL database; you need to fix this before you have the world hit your web site.

If you are interested in just web services you will find the root for HTTP under the home directory.

If you are interested in making sure that your Linux AMI is up to date, you need to use YUM, type in YUM update to update your whole computer or type in YUM update php if you want to make sure you are working with the latest version of PHP. Here is the catch, the YUM repo’s that come with the AMI we were using could not find any updates, and started throwing errors that it could not find any available mirrors. The problem with this is that you cannot update your software, which from a security viewpoint is very bad. If YUM is not finding updates, there are many resources on the internet to help you through this, the problem is that the repo’s that come with the image we were using goes right back to the Fedora repository, which is distressingly empty of updates for known vulnerable software. There are options on where you can go to get updates, but that will be another topic to talk about, updating your shiny new Amazon AMI for security when support is lacking from the people who make the software you are using.

If your program has dependencies on the version of PHP you are using (in my case the version was 5.0.4, and needed 5.1.X) you will have to hack your installation script if it checks the environmental variables for your PHP server. That means stepping through the entire install, and finding the call where it tests the PHP environment and changing that part of the install script. You can edit the file in WinSCP and save it back to the server, just remember what files you had to change (hack) when you get done.

Keywords:
windows amazon keyfile winscp
windows amazon key file winscp
winscp aws command line
winscp to linux ami

Categories
Amazon Web Services AWS CLI Command Line EC2 Encryption Linux S3 SSL Windows

Glossary of Amazon EC2 terms

Amazon machine image (AMI)
An Amazon Machine Image (AMI) is an encrypted machine image stored in Amazon S3. It contains all the information necessary to boot instances of your software.

Amazon EBS
A type of storage that enables you to create volumes that can be mounted as devices by Amazon EC2 instances. Amazon EBS volumes behave like raw unformatted external block devices. They have user supplied device names and provide a block device interface. You can load a file system on top of Amazon EBS volumes, or use them just as you would use a block device.

Availability Zone
A distinct location within a region that is engineered to be insulated from failures in other Availability Zones and provides inexpensive, low latency network connectivity to other Availability Zones in the same region.

compute unit
An Amazon-generated measure that enables you to evaluate the CPU capacity of different Amazon EC2 instance types.

EBS
See Amazon EBS.

Elastic Block Store
See Amazon EBS.

elastic IP address
A static public IP address designed for dynamic cloud computing. Elastic IP addresses are associated with your account, not specific instances. Any elastic IP addresses that you associate with your account remain associated with your account until you explicitly release them. Unlike traditional static IP addresses, however, elastic IP addresses allow you to mask instance or Availability Zone failures by rapidly remapping your public IP addresses to any instance in your account.

ephemeral store
See instance store.

explicit launch permission
Launch permission granted to a specific user.

group
See security group.

instance store
Every instance includes a fixed amount of storage space on which you can store data. This is not designed to be a permanent storage solution. If you need a permanent storage system, use Amazon EBS.

instance type
A specification that defines the memory, CPU, storage capacity, and hourly cost for an instance. Some instance types are designed for standard applications while others are designed for CPU-intensive applications.

gibibyte (GiB)
a contraction of giga binary byte, a gibibyte is 2^30 bytes or 1,073,741,824 bytes. A gigabyte is 10^9 or 1,000,000,000 bytes. So yes, Amazon has bigger bytes.

image
See Amazon machine image.

instance
Once an AMI has been launched, the resulting running system is referred to as an instance. All instances based on the same AMI start out identical and any information on them is lost when the instances are terminated or fail.

instance store
The disk storage associated with an instance. In the event an instance fails or is terminated (not simply rebooted), all content on the instance store is deleted.

group
Also known as a security group, groups define firewall rules that can be shared among a group of instances that have similar security requirements. The group is specified at instance launch.

launch permission
AMI attribute allowing users to launch an AMI

Linux
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

paid AMI
An AMI that you sell to other Amazon EC2 users. For more information, refer to the Amazon DevPay Developer Guide.

private IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

public AMI
An AMI that all users have launch permissions for.

public data sets
Sets of large public data sets that can be seamlessly integrated into AWS cloud-based applications. Amazon stores the data sets at no charge to the community and, like all AWS services, users pay only for the compute and storage they use for their own applications. These data sets currently include data from the Human Genome Project, the U.S. Census, Wikipedia, and other sources.

public IP address
All Amazon EC2 instances are assigned two IP addresses at launch: a private address (RFC 1918) and a public address that are directly mapped to each other through Network Address Translation (NAT).

region
A geographical area in which you can launch instances (e.g., US, EU).

reservation
A collection of instances started as part of the same launch request.

Reserved Instance
An additional Amazon EC2 pricing option. With Reserved Instances, you can make a low one-time payment for each instance to reserve and receive a significant discount on the hourly usage charge for that instance.

security group
A security group is a named collection of access rules. These access rules specify which ingress (i.e., incoming) network traffic should be delivered to your instance. All other ingress traffic will be discarded.

shared AMI
AMIs that developers build and make available for other AWS developers to use.

Solaris
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

snapshot
Amazon EBS provides the ability to create snapshots or backups of your Amazon EBS volumes and store them in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes and to protect your data for long term durability.

supported AMIs
These AMIs are similar to paid AMIs, except that you charge for software or a service that customers use with their own AMIs.

tebibyte (TiB)
a contraction of tera binary byte, a tebibyte is 2^40 bytes or 1,099,511,627,776 bytes. A terabyte is 10^12 or 1,000,000,000,000 bytes. So yes, Amazon has bigger bytes.

UNIX
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Windows
Amazon EC2 instances are available for many operating platforms, including Linux, Solaris, Windows, and others.

Categories
Amazon Web Services CLI Command Line EC2 Linux S3 Windows

Amazon Elastic Compute Cloud (EC2) Command Line Tools Reference

The Amazon Elastic Compute Cloud Command Line Tools Reference Guide provides the syntax, a description, options, and usage examples for each command line tool. This section describes who should read this guide, how the guide is organized, and other resources related to Amazon Elastic Compute Cloud.

The Amazon Elastic Compute Cloud is occasionally referred to within this guide as simply “Amazon EC2”; all copyrights and legal protections still apply.

View guide here.

Amazon Elastic Compute Cloud
Command Line Tools Reference (straight to the meat and potatoes)