Setting up with Amazon EC2

Here are the first 5 steps that is needed to launch first instance:

1. Sign Up for AWS

To create an AWS account

1. Open https://aws.amazon.com/, and then click Sign Up.

2. Follow the on-screen instructions.

Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.

Note your AWS account number, because you'll need it for the next task.

2. Create an IAM User

Services in AWS, such as Amazon EC2, require that you provide credentials when you access them, so that the service can determine whether you have permission to access its resources. The console requires your password.

To create the Administrators group

1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

2. In the navigation pane, click Groups, then click Create New Group.

3. In the Group Name box, type Administrators and then click Next Step.

4. In the list of policies, select the check box next to the AdministratorAccess policy. You can use the Filter menu and the Search box to filter the list of policies.

5. Click Next Step, then click Create Group.

Your new group is listed under Group Name.

To create an IAM user for yourself, add the user to the Administrators group, and create a password for the user

1. In the navigation pane, click Users and then click Create New Users.

2. In box 1, enter a user name. Clear the check box next to Generate an access key for each user, then click Create.

3. In the list of users, click the name (not the check box) of the user you just created. You can use the Search box to search for the user name.

4. In the Groups section, click Add User to Groups.

5. Select the check box next to the Administrators group, then click Add to Groups.

6. Scroll down to the Security Credentials section. Under Sign-In Credentials, click Manage Password.

7. Select Assign a custom password, then enter a password in the Password and Confirm Password boxes. When you are finished, click Apply.

To sign in as this new IAM user, sign out of the AWS console, then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 1234-5678-9012, your AWS account ID is 123456789012):

Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays " your_user_name @ your_aws_account_id ".

If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account alias. From the IAM dashboard, click Customize and enter an alias, such as your company name. To sign in after you create an account alias, use the following URL:

To verify the sign-in link for IAM users for your account, open the IAM console and check under IAM users sign-in link on the dashboard.

For more information about IAM, see IAM and Amazon EC2.

3. Create a Key Pair

To create a key pair

1. Sign in to AWS using the URL that you created in the previous section. Open the Amazon EC2 console.

2. From the navigation bar, select a region for the key pair. You can select any region that's available to you, regardless of your location. However, key pairs are specific to a region; for example, if you plan to launch an instance in the US West (Oregon) region, you must create a key pair for the instance in the US West (Oregon) region.

3. Click Key Pairs in the navigation pane.

4. Click Create Key Pair.

5. Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create. Choose a name that is easy for you to remember, such as your IAM user name, followed by -key-pair, plus the region name. For example, me -key-pair- uswest2.

6. The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is.pem. Save the private key file in a safe place.

Important

This is the only chance for you to save the private key file. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.

7. If you will use an SSH client on a Mac or Linux computer to connect to your Linux instance, use the following command to set the permissions of your private key file so that only you can read it.

For more information, see Amazon EC2 Key Pairs.

To connect to your instance using your key pair

To your Linux instance from a computer running Mac or Linux, you'll specify the.pem file to your SSH client with the -i option and the path to your private key. To connect to your Linux instance from a computer running Windows, you can use either MindTerm or PuTTY. If you plan to use PuTTY, you'll need to install it and use the following procedure to convert the.pemfile to a.ppk file.

(Optional) To prepare to connect to a Linux instance from Windows using PuTTY

1. Download and install PuTTY from https://www.chiark.greenend.org.uk/~sgtatham/putty/. Be sure to install the entire suite.

2. Start PuTTYgen (for example, from the Start menu, click All Programs > PuTTY > PuTTYgen).

3. Under Type of key to generate, select SSH-2 RSA.

4. Click Load. By default, PuTTYgen displays only files with the extension.ppk. To locate your.pem file, select the option to display files of all types.

5. Select the private key file that you created in the previous procedure and click Open. Click OK to dismiss the confirmation dialog box.

6. Click Save private key. PuTTYgen displays a warning about saving the key without a passphrase. Click Yes.

7. Specify the same name for the key that you used for the key pair. PuTTY automatically adds the.ppk file extension.

4. Create a Virtual Private Cloud (VPC)

Amazon VPC enables you to launch AWS resources into a virtual network that you've defined. If you have a default VPC, you can skip this section and move to the next task, Create a Security Group. To determine whether you have a default VPC, see Supported Platforms in the Amazon EC2 Console. Otherwise, you can create a non-default VPC in your account using the steps below.

Important

If your account supports EC2-Classic in a region, then you do not have a default VPC in that region. T2 instances must be launched into a VPC.

To create a nondefault VPC

1. Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

2. From the navigation bar, select a region for the VPC. VPCs are specific to a region, so you should select the same region in which you created your key pair.

3. On the VPC dashboard, click Start VPC Wizard.

4. On the Step 1: Select a VPC Configuration page, ensure that VPC with a Single Public Subnet is selected, and click Select.

5. On the Step 2: VPC with a Single Public Subnet page, enter a friendly name for your VPC in the VPC name field. Leave the other default configuration settings, and clickCreate VPC. On the confirmation page, click OK.

Create a Security Group

Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere.

To create a security group with least privilege

1. Open the Amazon EC2 console.

2. From the navigation bar, select a region for the security group. Security groups are specific to a region, so you should select the same region in which you created your key pair.

3. Click Security Groups in the navigation pane.

4. Click Create Security Group.

5. Enter a name for the new security group and a description. Choose a name that is easy for you to remember, such as your IAM user name, followed by _SG_, plus the region name. For example, me _SG_ uswest2.

6. In the VPC list, select your VPC. If you have a default VPC, it's the one that is marked with an asterisk (*).

Note

If your account supports EC2-Classic, select the VPC that you created in the previous task.

7. On the Inbound tab, create the following rules (click Add Rule for each new rule), and then click Create:

- Select HTTP from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).

- Select HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).

- Select SSH from the Type list. In the Source box, ensure Custom IP is selected, and specify the public IP address of your computer or network in CIDR notation. To specify an individual IP address in CIDR notation, add the routing prefix /32. For example, if your IP address is 203.0.113.25, specify 203.0.113.25/32. If your company allocates addresses from a range, specify the entire range, such as 203.0.113.0/24.

Caution

For security reasons, we don't recommend that you allow SSH access from all IP addresses (0.0.0.0/0) to your instance, except for testing purposes and only for a short time.

After the configuration and installation of the Putty, we will be connected to the remote computer in the Cloud using our unique Key Pair. When we are connected, we can install ownCloud web application on Amazon Linux.

ownCLoud:

ownCLoud is an open source application that allows for the synchronization of personal data (contacts, calendars, bookmarks, photos) from a variety of devices (desktop, tablet, phone). Some basic knowledge of Linux, networking, and computer security are necessary here but if these instructions are followed closely, no troubleshooting should be required. This discussion involves the use of AWS, and specifically the Amazon Linux AMI, yet any number of modern Linux installations would suffice. However, as there are many choices available in the open source world, your mileage may vary according to the various version and Linux distribution chosen. These instructions are known to work with the resources presented. To keep things predictable, this discussion assumes your EC2 Instance will be used solely for ownCloud. And lastly, the range of features demonstrated here will be limited to just the contact and calendar capability.

Features of ownCloud

ownCloud provides access to your data through a web interface or WebDAV while providing a platform to view, sync and share across devices easily—all under your control. ownCloud’s open architecture is extensible via a simple but poourful API for applications and plugins and works with any storage.

Figure 5.1 - ownCloud provides managed files sync and share

ownCloud Architecture Overview

In production, ownCloud is most often deployed as an n-tier load balanced web application running in a data center or managed cloud infrastructure. ownCloud can be deployed to physical, virtual, or private cloud servers using native binaries or a virtual appliance footprint. There is always a load balancer on the front-end of the deployment connected to at least two web servers. The ownC­loud web servers host the PHP code, and are most often deployed on Apache over Linux, though IIS and Apache on Windows are also supported. All of the web servers are then connected to a database (frequently a clustered MySQL database instance) for user information, including the virtualized file cache, user and group meta data, shared file lists, and storage required by enabled ownC­loud apps. The web servers are also all connected to shared back-end storage, often a clustered filesystem. With this configuration, ownCloud can be scaled up easily to meet load requirements, while providing whatever redundancy and backup requirements are needed to achieve system availability objectives.