Tuesday, October 30, 2012


Dealing with the Amazon Web Services API could be frustrating for a beginner. Here you are a small example that will help you to start with.

Some concepts:
The AWS API is a resource that could be accessed from everywhere by an authenticated application to manage all kind of elements into the AWS infrastructure. You can create a new EC2 instance, manage the contents of your S3 Bucket, modify an alarm in Cloudwatch, etc. (the "programmable data center" concept). You could either create your own application to interact with the AWS API (example: create and Smartphone App to Start/Stop your EC2 instances) or you could use someone else application to do that (That's what I do). Amazon Web Services provides a convenient ready-to-use command line tools to use their API.
There are different API methods inside the AWS cloud and different methods of authentication. Currently, the official way to authenticate is using you Access Key and the Secret Key and the Certificate authentication is now obsolete.
By default all API calls are directed to the us-east-1 Region (N.Virgina).

First Step:
Deploy an EC2 instance using the Amazon Linux AMI. The basic AWS Linux AMI includes command line tools to interact with the previous mentioned APIs (and others). You still have the option to download those command line tools and use them from your laptop but to use this preconfigured AMI is the easiest way to start.

This is a list of the current APIs included in EC2 Amazon Linux and its versions:

$ ssh -i juankeys.pem ec2-user@ec2-50-16-155-40.compute-1.amazonaws.com
Last login: Tue Oct 30 10:25:19 2012 from 28.red-28-28-28.adsl.static.ccgg.telefonica.net
       __|  __|_  )
       _|  (     /   Amazon Linux AMI

$ sudo -i

# ll /opt/aws/apitools/
total 36
lrwxrwxrwx 1 root root   11 Oct 25 18:51 as -> as-
drwxr-xr-x 4 root root 4096 Oct 25 18:51 as-
lrwxrwxrwx 1 root root   22 Oct 25 18:51 cfn-init -> ./cfn-init-1.3-6.amzn1
drwxr-xr-x 5 root root 4096 Mar 24  2012 cfn-init-1.1-0.amzn1
drwxr-xr-x 5 root root 4096 Oct 25 18:51 cfn-init-1.3-6.amzn1
lrwxrwxrwx 1 root root   11 Oct 25 18:51 ec2 -> ec2-
drwxr-xr-x 4 root root 4096 Oct 25 18:51 ec2-
lrwxrwxrwx 1 root root   12 Oct 25 18:51 elb -> elb-
drwxr-xr-x 4 root root 4096 Oct 25 18:51 elb-
lrwxrwxrwx 1 root root    9 Oct 25 18:51 iam -> iam-1.5.0
drwxr-xr-x 4 root root 4096 Oct 25 18:51 iam-1.5.0
lrwxrwxrwx 1 root root   12 Oct 25 18:51 mon -> mon-
drwxr-xr-x 4 root root 4096 Oct 25 19:45 mon-
lrwxrwxrwx 1 root root   12 Oct 25 18:51 rds -> rds-1.10.003
drwxr-xr-x 4 root root 4096 Oct 25 18:51 rds-1.10.003
lrwxrwxrwx 1 root root   14 Oct 25 18:51 ses -> ses-2012.07.09
drwxr-xr-x 3 root root 4096 Oct 25 18:51 ses-2012.07.09

Credentials for EC2 API command line tools:
(Logged with root) Export the variables AWS_ACCESS_KEY and AWS_SECRET_KEY with your credentials and test the configuration with a simple EC2 command like ec2-desbribe-regions The Access Key and the Secret Key are obtained when you create a new user using the IAM console. You have an example of creating a new user in this article. Please note you will need a user with admin privileges to interact with AWS API.

# export AWS_ACCESS_KEY=(your access key without parentheses)
# export AWS_SECRET_KEY=(your secret key without parentheses)

# ec2-describe-regions
REGION eu-west-1 ec2.eu-west-1.amazonaws.com
REGION sa-east-1 ec2.sa-east-1.amazonaws.com
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION us-west-2 ec2.us-west-2.amazonaws.com
REGION us-west-1 ec2.us-west-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com 

Credentials for Auto Scaling, Cloudwatch, RDS and ELB API command line tools:
- Create a text file with this name and path: /opt/aws/apitools/mon/credential-file-path.template with the following contents:

AWSAccessKeyId=(your access key without parentheses)                      
AWSSecretKey=(your secret key without parentheses)

- Prevent other users from reading it:

# chmod go-rwx /opt/aws/apitools/mon/credential-file-path.template

# ll /opt/aws/apitools/mon/credential-file-path.template
-rw------- 1 root root 91 Oct 25 19:45 /opt/aws/apitools/mon/credential-file-path.template

- Export the AWS_CREDENTIAL_FILE variable with the file location:

export AWS_CREDENTIAL_FILE=/opt/aws/apitools/mon/credential-file-path.template

- And test the configuration with some simple commands like as-describe-scaling-activities, mon-list-metrics, elb-describe-lbs and rds-describe-db-engine-versions:

# as-describe-scaling-activities
ACTIVITY  fddbfad9-3383-4cdd-bbaa-fb843ff1141a  2012-10-29T14:30:50Z  grupo-prueba  Successful
ACTIVITY  02ff2071-1ec5-45c4-936d-76620a8ff0b0  2012-10-29T13:57:28Z  grupo-prueba  Successful
ACTIVITY  a18a5ce2-c28f-4531-abe6-6bde9d3713fd  2012-10-29T13:57:13Z  grupo-prueba  Successful
ACTIVITY  320d8cf7-adab-4085-becf-25fbd29d89ee  2012-10-29T13:43:49Z  grupo-prueba  Successful

# mon-list-metrics | head
"             AutoScalingGroupName             grupo-prueba        
"             AutoScalingGroupName             grupo-prueba        
"             AutoScalingGroupName             grupo-prueba        
"             AutoScalingGroupName             grupo-prueba        
"             AutoScalingGroupName             grupo-prueba        
"             AutoScalingGroupName             grupo-prueba                  "    

# elb-describe-lbs
LOAD_BALANCER  domenech    domenech-1821931935.us-east-1.elb.amazonaws.com   2012-05-31T15:16:17.630Z  internet-facing
LOAD_BALANCER  elb-prueba  elb-prueba-926661513.us-east-1.elb.amazonaws.com  2012-10-29T12:49:17.750Z  internet-facing

# rds-describe-db-engine-versions | head
VERSION  mysql          5.1.45            mysql5.1            MySQL Community Edition                  MySQL 5.1.45                                
VERSION  mysql          5.1.49            mysql5.1            MySQL Community Edition                  MySQL 5.1.49                                
VERSION  mysql          5.1.50            mysql5.1            MySQL Community Edition                  MySQL 5.1.50                                
VERSION  mysql          5.1.57            mysql5.1            MySQL Community Edition                  MySQL 5.1.57                                
VERSION  mysql          5.1.61            mysql5.1                

1 comment:

  1. Getting this error while running this command

    as-describe-scaling-activities: Refused: The security token included in the request is invalid

    I am able to run ec2 tools fine