Amazon Elastic Compute Cloud User Guide for Linux Instances Amazon Elastic Compute Cloud User Guide for Linux Instances Amazon Elastic Compute Cloud User Guide for Linux Instances Amazon Elastic Compute Cloud: User Guide for Linux Instances Copyright © 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. Amazon Elastic Compute Cloud User Guide for Linux Instances Table of Contents What Is Amazon EC2? .................................................................................................................. 1 Features of Amazon EC2 ....................................................................................................... 1 How to Get Started with Amazon EC2 ..................................................................................... 2 Related Services ................................................................................................................... 2 Accessing Amazon EC2 ......................................................................................................... 3 Pricing for Amazon EC2 ........................................................................................................ 3 PCI DSS Compliance ............................................................................................................ 4 Instances and AMIs .............................................................................................................. 4 Instances ..................................................................................................................... 5 AMIs ........................................................................................................................... 6 Regions and Availability Zones ............................................................................................... 7 Region and Availability Zone Concepts ............................................................................ 7 Available Regions ......................................................................................................... 8 Regions and Endpoints .................................................................................................. 9 Describing Your Regions and Availability Zones ................................................................ 9 Specifying the Region for a Resource ............................................................................ 11 Launching Instances in an Availability Zone .................................................................... 12 Migrating an Instance to Another Availability Zone ............................................................ 13 Root Device Volume ............................................................................................................ 14 Root Device Storage Concepts ..................................................................................... 14 Choosing an AMI by Root Device Type .......................................................................... 16 Determining the Root Device Type of Your Instance ......................................................... 16 Changing the Root Device Volume to Persist .................................................................. 17 Setting Up .................................................................................................................................. 19 Sign Up for AWS ................................................................................................................ 19 Create an IAM User ............................................................................................................ 19 Create a Key Pair ............................................................................................................... 21 Create a Virtual Private Cloud (VPC) ..................................................................................... 23 Create a Security Group ...................................................................................................... 23 Getting Started ........................................................................................................................... 26 Overview ............................................................................................................................ 26 Prerequisites ...................................................................................................................... 27 Step 1: Launch an Instance .................................................................................................. 27 Step 2: Connect to Your Instance .......................................................................................... 28 Step 3: Clean Up Your Instance ............................................................................................ 29 Next Steps ......................................................................................................................... 30 Best Practices ............................................................................................................................ 31 Tutorials ..................................................................................................................................... 33 Tutorial: Installing a LAMP Web Server on Amazon Linux .......................................................... 33 Related Topics ............................................................................................................ 42 Tutorial: Hosting a WordPress Blog ....................................................................................... 42 Prerequisites .............................................................................................................. 43 Install WordPress ........................................................................................................ 43 Next Steps ................................................................................................................. 50 Help! My Public DNS Name Changed and now my Blog is Broken ...................................... 50 Tutorial: Configure Apache Web Server on Amazon Linux to use SSL/TLS ................................... 51 Prerequisites .............................................................................................................. 52 Step 1: Enable SSL/TLS on the Server .......................................................................... 52 Step 2: Obtain a CA-signed Certificate ........................................................................... 54 Step 3: Test and Harden the Security Configuration .......................................................... 57 Troubleshooting .......................................................................................................... 59 Tutorial: Increase the Availability of Your Application ................................................................ 60 Prerequisites .............................................................................................................. 61 Scale and Load Balance Your Application ....................................................................... 61 Test Your Load Balancer .............................................................................................. 63 iv Amazon Elastic Compute Cloud User Guide for Linux Instances Tutorial: Remotely Manage Your Instances ............................................................................. 64 Launch a New Instance ............................................................................................... 64 Grant Your User Account Access to SSM ....................................................................... 65 Install the SSM Agent .................................................................................................. 65 Send a Command Using the EC2 Console ...................................................................... 66 Send a Command Using the AWS CLI ........................................................................... 67 Amazon Machine Images ............................................................................................................. 69 Using an AMI ..................................................................................................................... 69 Creating Your Own AMI ....................................................................................................... 70 Buying, Sharing, and Selling AMIs ......................................................................................... 70 Deregistering Your AMI ........................................................................................................ 70 Amazon Linux ..................................................................................................................... 70 AMI Types ......................................................................................................................... 71 Launch Permissions .................................................................................................... 71 Storage for the Root Device ......................................................................................... 71 Virtualization Types ............................................................................................................. 74 Finding a Linux AMI ............................................................................................................ 75 Finding a Linux AMI Using the Amazon EC2 Console ....................................................... 75 Finding an AMI Using the AWS CLI ............................................................................... 76 Shared AMIs ...................................................................................................................... 76 Finding Shared AMIs ................................................................................................... 77 Making an AMI Public .................................................................................................. 78 Sharing an AMI with Specific AWS Accounts ................................................................... 80 Using Bookmarks ........................................................................................................ 81 Guidelines for Shared Linux AMIs .................................................................................. 81 Paid AMIs .......................................................................................................................... 85 Selling Your AMI ......................................................................................................... 86 Finding a Paid AMI ..................................................................................................... 86 Purchase a Paid AMI ................................................................................................... 87 Getting the Product Code for Your Instance .................................................................... 87 Using Paid Support ..................................................................................................... 88 Bills for Paid and Supported AMIs ................................................................................. 88 Managing Your AWS Marketplace Subscriptions .............................................................. 88 Creating an Amazon EBS-Backed Linux AMI ........................................................................... 89 Overview of Creating Amazon EBS-Backed AMIs ............................................................. 89 Creating a Linux AMI from an Instance ........................................................................... 90 Creating a Linux AMI from a Snapshot ........................................................................... 91 Creating an Instance Store-Backed Linux AMI ......................................................................... 92 Overview of the Creation Process for Instance Store-Backed AMIs ...................................... 93 Prerequisites .............................................................................................................. 93 Setting Up the AMI Tools ............................................................................................. 94 Creating an AMI from an Instance Store-Backed Instance ................................................ 120 Converting to an Amazon EBS-Backed AMI .................................................................. 129 AMIs with Encrypted Snapshots ........................................................................................... 132 AMI Scenarios Involving Encrypted EBS Snapshots ........................................................ 132 Copying an AMI ................................................................................................................ 135 Copying an AMI You Own .......................................................................................... 135 Copying an AMI Across AWS Accounts ........................................................................ 136 Copying an AMI Across Regions ................................................................................. 136 Copying to Encrypt .................................................................................................... 137 AMI Copying Scenarios .............................................................................................. 138 Copying an AMI Using the Console or Command Line .................................................... 139 Stopping a Pending AMI Copy Operation ...................................................................... 140 Deregistering Your AMI ...................................................................................................... 140 Cleaning Up Your Amazon EBS-Backed AMI ................................................................. 141 Cleaning Up Your Instance Store-Backed AMI ............................................................... 141 Amazon Linux ................................................................................................................... 142 Finding the Amazon Linux AMI .................................................................................... 143 v Amazon Elastic Compute Cloud User Guide for Linux Instances Launching and Connecting to an Amazon Linux Instance ................................................. 143 Identifying Amazon Linux AMI Images .......................................................................... 143 Included AWS Command Line Tools ............................................................................ 144 cloud-init ............................................................................................................. 145 Repository Configuration ............................................................................................. 146 Adding Packages ...................................................................................................... 147 Accessing Source Packages for Reference ................................................................... 147 Developing Applications .............................................................................................. 148 Instance Store Access ................................................................................................ 148 Product Life Cycle ..................................................................................................... 148 Security Updates ....................................................................................................... 148 Support .................................................................................................................... 149 User Provided Kernels ....................................................................................................... 149 HVM AMIs (GRUB) .................................................................................................... 149 Paravirtual AMIs (PV-GRUB) ....................................................................................... 150 Instances .................................................................................................................................. 156 Instance Types .................................................................................................................. 156 Available Instance Types ............................................................................................ 157 Hardware Specifications ............................................................................................. 158 Virtualization Types .................................................................................................... 158 Networking and Storage Features ................................................................................ 158 Instance Limits .......................................................................................................... 159 T2 Instances ............................................................................................................. 160 C4 Instances ............................................................................................................ 163 GPU Instances .......................................................................................................... 166 I2 Instances .............................................................................................................. 169 D2 Instances ............................................................................................................ 170 HI1 Instances ............................................................................................................ 173 HS1 Instances .......................................................................................................... 174 T1 Micro Instances .................................................................................................... 175 X1 Instances ............................................................................................................. 187 Resizing Instances ..................................................................................................... 189 Instance Purchasing Options ............................................................................................... 193 Determining the Instance Lifecycle ............................................................................... 193 Reserved Instances ................................................................................................... 194 Scheduled Instances .................................................................................................. 218 Spot Instances .......................................................................................................... 222 Dedicated Hosts ........................................................................................................ 267 Instance Lifecycle .............................................................................................................. 278 Instance Launch ........................................................................................................ 278 Instance Stop and Start (Amazon EBS-backed instances only) ......................................... 279 Instance Reboot ........................................................................................................ 279 Instance Retirement ................................................................................................... 279 Instance Termination .................................................................................................. 279 Differences Between Reboot, Stop, and Terminate ......................................................... 280 Launch ..................................................................................................................... 281 Connect ................................................................................................................... 292 Stop and Start .......................................................................................................... 302 Reboot ..................................................................................................................... 305 Retire ....................................................................................................................... 306 Terminate ................................................................................................................. 308 Recover ................................................................................................................... 313 Configure Instances ........................................................................................................... 314 Common Configuration Scenarios ................................................................................ 314 Managing Software .................................................................................................... 315 Managing Users ........................................................................................................ 323 Processor State Control .............................................................................................. 325 Setting the Time ........................................................................................................ 329 vi Amazon Elastic Compute Cloud User Guide for Linux Instances Changing the Hostname ............................................................................................. 333 Setting Up Dynamic DNS ........................................................................................... 335 Running Commands at Launch .................................................................................... 337 Instance Metadata and User Data ................................................................................ 340 Remotely Manage Your Instances ........................................................................................ 355 Components and Concepts ......................................................................................... 355 Prerequisites ............................................................................................................. 358 Installing the SSM Agent ............................................................................................ 360 Delegating Access ..................................................................................................... 368 Setting Up Run Command On Managed Instances ......................................................... 374 Executing Commands ................................................................................................ 377 Viewing Command Output .......................................................................................... 379 Creating SSM Documents ........................................................................................... 381 Sharing SSM Documents ............................................................................................ 384 Walkthroughs ............................................................................................................ 390 Cancelling a Command .............................................................................................. 397 Monitoring Commands ................................................................................................ 397 Troubleshooting Run Command ................................................................................... 406 Importing and Exporting Virtual Machines .............................................................................. 409 Monitoring ................................................................................................................................ 410 Automated and Manual Monitoring ....................................................................................... 412 Automated Monitoring Tools ........................................................................................ 412 Manual Monitoring Tools ............................................................................................ 413 Best Practices for Monitoring ............................................................................................... 413 Monitoring the Status of Your Instances ................................................................................ 414 Instance Status Checks .............................................................................................. 414 Scheduled Events ...................................................................................................... 418 Monitoring Your Instances Using CloudWatch ........................................................................ 422 Enable Detailed Monitoring ......................................................................................... 422 List Available Metrics ................................................................................................. 424 Get Statistics for Metrics ............................................................................................. 429 Graph Metrics ........................................................................................................... 444 Create a CloudWatch Alarm ........................................................................................ 447 Create Alarms That Stop, Terminate, Reboot, or Recover an Instance ................................ 453 Monitoring Memory and Disk Metrics .................................................................................... 468 Prerequisites ............................................................................................................. 469 Getting Started .......................................................................................................... 471 mon-put-instance-data.pl ............................................................................................. 472 mon-get-instance-stats.pl ............................................................................................ 474 Viewing Your Custom Metrics in the Console ................................................................. 476 Network and Security ................................................................................................................. 477 Key Pairs ......................................................................................................................... 478 Creating Your Key Pair Using Amazon EC2 .................................................................. 479 Importing Your Own Key Pair to Amazon EC2 ............................................................... 479 Retrieving the Public Key for Your Key Pair on Linux ...................................................... 481 Retrieving the Public Key for Your Key Pair on Windows ................................................. 482 Verifying Your Key Pair's Fingerprint ............................................................................ 482 Deleting Your Key Pair ............................................................................................... 483 Connecting to Your Linux Instance if You Lose Your Private Key ....................................... 483 Security Groups ................................................................................................................ 486 Security Groups for EC2-Classic .................................................................................. 487 Security Groups for EC2-VPC ..................................................................................... 487 Security Group Rules ................................................................................................. 488 Default Security Groups .............................................................................................. 489 Custom Security Groups ............................................................................................. 490 Creating a Security Group .......................................................................................... 491 Describing Your Security Groups ................................................................................. 492 Adding Rules to a Security Group ................................................................................ 492 vii Amazon Elastic Compute Cloud User Guide for Linux Instances Deleting Rules from a Security Group ........................................................................... 493 Deleting a Security Group ........................................................................................... 493 API and Command Overview ...................................................................................... 494 Controlling Access ............................................................................................................. 495 Network Access to Your Instance ................................................................................ 495 Amazon EC2 Permission Attributes .............................................................................. 495 IAM and Amazon EC2 ............................................................................................... 495 IAM Policies ............................................................................................................. 497 IAM Roles ................................................................................................................ 533 Network Access ........................................................................................................ 538 Amazon VPC .................................................................................................................... 540 Benefits of Using a VPC ............................................................................................. 540 Differences Between EC2-Classic and EC2-VPC ............................................................ 541 Sharing and Accessing Resources Between EC2-Classic and EC2-VPC ............................. 543 Instance Types Available Only in a VPC ....................................................................... 545 Amazon VPC Documentation ...................................................................................... 545 Supported Platforms .................................................................................................. 546 ClassicLink ............................................................................................................... 547 Migrating from EC2-Classic to a VPC ........................................................................... 557 Instance IP Addressing ...................................................................................................... 567 Private IP Addresses and Internal DNS Hostnames ........................................................ 568 Public IP Addresses and External DNS Hostnames ........................................................ 569 Elastic IP Addresses .................................................................................................. 570 Amazon DNS Server .................................................................................................. 570 IP Address Differences Between EC2-Classic and EC2-VPC ............................................ 570 Determining Your Public, Private, and Elastic IP Addresses .............................................. 571 Assigning a Public IP Address ..................................................................................... 572 Multiple Private IP Addresses ...................................................................................... 573 Elastic IP Addresses .......................................................................................................... 578 Elastic IP Address Basics ........................................................................................... 578 Elastic IP Address Differences for EC2-Classic and EC2-VPC .......................................... 579 Working with Elastic IP Addresses ............................................................................... 580 Using Reverse DNS for Email Applications .................................................................... 584 Elastic IP Address Limit .............................................................................................. 584 Elastic Network Interfaces ................................................................................................... 585 Private IP Addresses Per Network Interface Per Instance Type ......................................... 586 Public IP Addresses for Network Interfaces ................................................................... 588 Creating a Management Network ................................................................................. 588 Use Network and Security Appliances in Your VPC ........................................................ 589 Creating Dual-homed Instances with Workloads/Roles on Distinct Subnets ......................... 589 Create a Low Budget High Availability Solution .............................................................. 589 Monitoring IP Traffic on Your Network Interface .............................................................. 590 Best Practices for Configuring Elastic Network Interfaces ................................................. 590 Configuring Your Network Interface Using ec2-net-utils .................................................... 590 Creating an Elastic Network Interface ........................................................................... 591 Deleting an Elastic Network Interface ........................................................................... 592 Viewing Details about an Elastic Network Interface ......................................................... 592 Attaching an Elastic Network Interface When Launching an Instance ................................. 593 Attaching an Elastic Network Interface to a Stopped or Running Instance ........................... 594 Detaching an Elastic Network Interface from an Instance ................................................. 595 Changing the Security Group of an Elastic Network Interface ............................................ 595 Changing the Source/Destination Checking of an Elastic Network Interface ......................... 596 Associating an Elastic IP Address with an Elastic Network Interface ................................... 596 Disassociating an Elastic IP Address from an Elastic Network Interface .............................. 597 Changing Termination Behavior for an Elastic Network Interface ....................................... 597 Adding or Editing a Description for an Elastic Network Interface ........................................ 598 Adding or Editing Tags for an Elastic Network Interface ................................................... 598 Placement Groups ............................................................................................................. 599 viii Amazon Elastic Compute Cloud User Guide for Linux Instances Placement Group Limitations ....................................................................................... 599 Launching Instances into a Placement Group ................................................................ 600 Deleting a Placement Group ....................................................................................... 601 Network MTU .................................................................................................................... 602 Jumbo Frames (9001 MTU) ........................................................................................ 602 Path MTU Discovery .................................................................................................. 603 Check the Path MTU Between Two Hosts ..................................................................... 603 Check and Set the MTU on your Amazon EC2 Instance .................................................. 604 Troubleshooting ......................................................................................................... 605 Enhanced Networking ........................................................................................................ 605 Enhanced Networking Types ....................................................................................... 605 Enabling Enhanced Networking on Your Instance ........................................................... 605 Enabling Enhanced Networking: Intel 82599 VF ............................................................. 606 Enabling Enhanced Networking: ENA ........................................................................... 614 Troubleshoooting ENA ................................................................................................ 623 Storage .................................................................................................................................... 630 Amazon EBS .................................................................................................................... 631 Features of Amazon EBS ........................................................................................... 632 EBS Volumes ........................................................................................................... 633 EBS Snapshots ......................................................................................................... 683 EBS Optimization ...................................................................................................... 690 EBS Encryption ......................................................................................................... 693 EBS Performance ...................................................................................................... 697 Instance Store ................................................................................................................... 713 Instance Store Lifetime ............................................................................................... 714 Instance Store Volumes ............................................................................................. 715 Add Instance Store Volumes ....................................................................................... 717 SSD Instance Store Volumes ...................................................................................... 720 Instance Store Swap Volumes ..................................................................................... 721 Optimizing Disk Performance ...................................................................................... 724 Amazon S3 ...................................................................................................................... 724 Amazon S3 and Amazon EC2 ..................................................................................... 725 Instance Volume Limits ...................................................................................................... 726 Linux-Specific Volume Limits ....................................................................................... 726 Windows-Specific Volume Limits .................................................................................. 727 Bandwidth vs Capacity ............................................................................................... 727 Device Naming .................................................................................................................. 727 Available Device Names ............................................................................................. 728 Device Name Considerations ...................................................................................... 728 Block Device Mapping ........................................................................................................ 729 Block Device Mapping Concepts .................................................................................. 729 AMI Block Device Mapping ......................................................................................... 732 Instance Block Device Mapping ................................................................................... 734 Using Public Data Sets ...................................................................................................... 738 Public Data Set Concepts ........................................................................................... 738 Finding Public Data Sets ............................................................................................ 738 Creating a Public Data Set Volume from a Snapshot ....................................................... 739 Attaching and Mounting the Public Data Set Volume ....................................................... 740 Resources and Tags .................................................................................................................. 741 Resource Locations ........................................................................................................... 741 Resource IDs .................................................................................................................... 742 Working with Longer IDs ............................................................................................ 743 Controlling Access to Longer ID Settings ...................................................................... 746 Listing and Filtering Your Resources .................................................................................... 746 Advanced Search ...................................................................................................... 746 Listing Resources Using the Console ........................................................................... 747 Filtering Resources Using the Console ......................................................................... 748 Listing and Filtering Using the CLI and API ................................................................... 749 ix Amazon Elastic Compute Cloud User Guide for Linux Instances Tagging Your Resources .................................................................................................... 749 Tag Basics ............................................................................................................... 750 Tag Restrictions ........................................................................................................ 751 Tagging Your Resources for Billing .............................................................................. 752 Working with Tags Using the Console .......................................................................... 753 Working with Tags Using the CLI or API ....................................................................... 758 Service Limits ................................................................................................................... 758 Viewing Your Current Limits ........................................................................................ 759 Requesting a Limit Increase ........................................................................................ 760 Usage Reports .................................................................................................................. 760 Available Reports ...................................................................................................... 760 Getting Set Up for Usage Reports ................................................................................ 760 Granting IAM Users Access to the Amazon EC2 Usage Reports ....................................... 762 Instance Usage ......................................................................................................... 762 Reserved Instance Utilization ...................................................................................... 765 Troubleshooting ......................................................................................................................... 771 Launching Your Instance .................................................................................................... 771 Getting the Reason for Instance Termination ................................................................. 772 Connecting to Your Instance ............................................................................................... 772 Error connecting to your instance: Connection timed out .................................................. 773 Error: User key not recognized by server ...................................................................... 774 Error: Host key not found, Permission denied (publickey), or Authentication failed, permission denied ..................................................................................................... 775 Error: Unprotected Private Key File .............................................................................. 776 Error: Server refused our key or No supported authentication methods available .................. 776 Error using MindTerm on Safari Browser ....................................................................... 777 Error Using Mac OS X RDP Client ............................................................................... 777 Cannot Ping Instance ................................................................................................. 777 Stopping Your Instance ...................................................................................................... 777 Terminating Your Instance .................................................................................................. 779 Delayed Instance Termination ..................................................................................... 779 Terminated Instance Still Displayed .............................................................................. 779 Automatically Launch or Terminate Instances ................................................................ 779 Instance Recovery Failures ................................................................................................. 779 Failed Status Checks ......................................................................................................... 780 Initial Steps .............................................................................................................. 780 Retrieving System Logs .............................................................................................. 781 Troubleshooting System Log Errors for Linux-Based Instances ......................................... 781 Out of memory: kill process ........................................................................................ 782 ERROR: mmu_update failed (Memory management update failed) .................................... 783 I/O error (Block device failure) ..................................................................................... 784 IO ERROR: neither local nor remote disk (Broken distributed block device) ......................... 785 request_module: runaway loop modprobe (Looping legacy kernel modprobe on older Linux versions) .................................................................................................................. 785 "FATAL: kernel too old" and "fsck: No such file or directory while trying to open /dev" (Kernel and AMI mismatch) .................................................................................................... 786 "FATAL: Could not load /lib/modules" or "BusyBox" (Missing kernel modules) ...................... 787 ERROR Invalid kernel (EC2 incompatible kernel) ............................................................ 788 request_module: runaway loop modprobe (Looping legacy kernel modprobe on older Linux versions) .................................................................................................................. 789 fsck: No such file or directory while trying to open... (File system not found) ........................ 790 General error mounting filesystems (Failed mount) ......................................................... 792 VFS: Unable to mount root fs on unknown-block (Root filesystem mismatch) ....................... 793 Error: Unable to determine major/minor number of root device... (Root file system/device mismatch) ................................................................................................................. 794 XENBUS: Device with no driver... ................................................................................ 795 ... days without being checked, check forced (File system check required) .......................... 796 fsck died with exit status... (Missing device) ................................................................... 796 x