Some concepts:
The AWS API is a resource that could be accessed from everywhere by an authenticated application to manage all kind of elements into the AWS infrastructure. You can create a new EC2 instance, manage the contents of your S3 Bucket, modify an alarm in Cloudwatch, etc. (the "programmable data center" concept). You could either create your own application to interact with the AWS API (example: create and Smartphone App to Start/Stop your EC2 instances) or you could use someone else application to do that (That's what I do). Amazon Web Services provides a convenient ready-to-use command line tools to use their API.
There are different API methods inside the AWS cloud and different methods of authentication. Currently, the official way to authenticate is using you Access Key and the Secret Key and the Certificate authentication is now obsolete.
By default all API calls are directed to the us-east-1 Region (N.Virgina).
First Step:
Deploy an EC2 instance using the Amazon Linux AMI. The basic AWS Linux AMI includes command line tools to interact with the previous mentioned APIs (and others). You still have the option to download those command line tools and use them from your laptop but to use this preconfigured AMI is the easiest way to start.
This is a list of the current APIs included in EC2 Amazon Linux and its versions:
$ ssh -i juankeys.pem ec2-user@ec2-50-16-155-40.compute-1.amazonaws.com Last login: Tue Oct 30 10:25:19 2012 from 28.red-28-28-28.adsl.static.ccgg.telefonica.net __| __|_ ) _| ( / Amazon Linux AMI ___|\___|___| https://aws.amazon.com/amazon-linux-ami/2012.09-release-notes/ $ sudo -i # ll /opt/aws/apitools/ total 36 lrwxrwxrwx 1 root root 11 Oct 25 18:51 as -> as-1.0.61.1 drwxr-xr-x 4 root root 4096 Oct 25 18:51 as-1.0.61.1 lrwxrwxrwx 1 root root 22 Oct 25 18:51 cfn-init -> ./cfn-init-1.3-6.amzn1 drwxr-xr-x 5 root root 4096 Mar 24 2012 cfn-init-1.1-0.amzn1 drwxr-xr-x 5 root root 4096 Oct 25 18:51 cfn-init-1.3-6.amzn1 lrwxrwxrwx 1 root root 11 Oct 25 18:51 ec2 -> ec2-1.6.3.0 drwxr-xr-x 4 root root 4096 Oct 25 18:51 ec2-1.6.3.0 lrwxrwxrwx 1 root root 12 Oct 25 18:51 elb -> elb-1.0.17.0 drwxr-xr-x 4 root root 4096 Oct 25 18:51 elb-1.0.17.0 lrwxrwxrwx 1 root root 9 Oct 25 18:51 iam -> iam-1.5.0 drwxr-xr-x 4 root root 4096 Oct 25 18:51 iam-1.5.0 lrwxrwxrwx 1 root root 12 Oct 25 18:51 mon -> mon-1.0.13.4 drwxr-xr-x 4 root root 4096 Oct 25 19:45 mon-1.0.13.4 lrwxrwxrwx 1 root root 12 Oct 25 18:51 rds -> rds-1.10.003 drwxr-xr-x 4 root root 4096 Oct 25 18:51 rds-1.10.003 lrwxrwxrwx 1 root root 14 Oct 25 18:51 ses -> ses-2012.07.09 drwxr-xr-x 3 root root 4096 Oct 25 18:51 ses-2012.07.09 |
Credentials for EC2 API command line tools:
(Logged with root) Export the variables AWS_ACCESS_KEY and AWS_SECRET_KEY with your credentials and test the configuration with a simple EC2 command like ec2-desbribe-regions The Access Key and the Secret Key are obtained when you create a new user using the IAM console. You have an example of creating a new user in this article. Please note you will need a user with admin privileges to interact with AWS API.
# export AWS_ACCESS_KEY=(your access key without parentheses) # export AWS_SECRET_KEY=(your secret key without parentheses) # ec2-describe-regions REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION sa-east-1 ec2.sa-east-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com REGION us-west-2 ec2.us-west-2.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com |
Credentials for Auto Scaling, Cloudwatch, RDS and ELB API command line tools:
- Create a text file with this name and path: /opt/aws/apitools/mon/credential-file-path.template with the following contents:
AWSAccessKeyId=(your access key without parentheses) AWSSecretKey=(your secret key without parentheses) |
- Prevent other users from reading it:
# chmod go-rwx /opt/aws/apitools/mon/credential-file-path.template # ll /opt/aws/apitools/mon/credential-file-path.template -rw------- 1 root root 91 Oct 25 19:45 /opt/aws/apitools/mon/credential-file-path.template |
export AWS_CREDENTIAL_FILE=/opt/aws/apitools/mon/credential-file-path.template |
- And test the configuration with some simple commands like as-describe-scaling-activities, mon-list-metrics, elb-describe-lbs and rds-describe-db-engine-versions:
# as-describe-scaling-activities
ACTIVITY fddbfad9-3383-4cdd-bbaa-fb843ff1141a 2012-10-29T14:30:50Z grupo-prueba Successful
ACTIVITY 02ff2071-1ec5-45c4-936d-76620a8ff0b0 2012-10-29T13:57:28Z grupo-prueba Successful
ACTIVITY a18a5ce2-c28f-4531-abe6-6bde9d3713fd 2012-10-29T13:57:13Z grupo-prueba Successful
ACTIVITY 320d8cf7-adab-4085-becf-25fbd29d89ee 2012-10-29T13:43:49Z grupo-prueba Successful
" AutoScalingGroupName grupo-prueba " AutoScalingGroupName grupo-prueba " AutoScalingGroupName grupo-prueba " AutoScalingGroupName grupo-prueba " AutoScalingGroupName grupo-prueba " AutoScalingGroupName grupo-prueba " # elb-describe-lbs LOAD_BALANCER domenech domenech-1821931935.us-east-1.elb.amazonaws.com 2012-05-31T15:16:17.630Z internet-facing LOAD_BALANCER elb-prueba elb-prueba-926661513.us-east-1.elb.amazonaws.com 2012-10-29T12:49:17.750Z internet-facing
# rds-describe-db-engine-versions | head
VERSION mysql 5.1.45 mysql5.1 MySQL Community Edition MySQL 5.1.45
VERSION mysql 5.1.49 mysql5.1 MySQL Community Edition MySQL 5.1.49
VERSION mysql 5.1.50 mysql5.1 MySQL Community Edition MySQL 5.1.50
VERSION mysql 5.1.57 mysql5.1 MySQL Community Edition MySQL 5.1.57
VERSION mysql 5.1.61 mysql5.1
|