How to create an Amazon EC2 image from a running instance in the U.S., and make it available in the E.U. region.
Who are you? You are running a VPS server (AMI, image, running as an instance) in the US location, of the Amazon EC2 service. And you want to perform a simple task: have the instance run in the EU (European Union) location.
Why are you here? Because this 'simple task' can drive a normal person insane. There are bits of answers that are scattered all over the Internet, and you can't find your head from your tail in all that noise.
So, this user guide/ manual gives the needed stages for transferring a web server from the Amazon u.s. servers to the e.u. servers.
0. Prerequisites and tools that are good to have
- Some knowledge in managing a GNU/Linux server.
- A working instance of GNU/Linux, on which you will be performing all the work.
- The ElasticFox addon for Firefox.
- The S3 Organizer addon for Firefox.
- The Amazon API tools. You CAN use only the API tools, without the Firefox extensions, but why would you want to do that?
1. Create buckets in the USA and in Europe :-)
The buckets are folders in the Amazon S3 service. Yes, the guys and girls at Amazon sure don't like making things simple for you.
The easiest way to manage buckets and their content, is with the Firefox add-on called: S3 Organizer.
You'll need 2 'keys', that can be found in the AWS website, under 'Your account > Access identifiers'. Copy the Access Key and the Secret Key to the preferences, and that's that.
Then, when you browse the right pane, you can create a folder, which is actually a bucket. When you create the folder, make sure that you place the bucket in Europe, if this is your intention. We will have 2 buckets: eu-bucket and us-bucket
2. Deploy the API tools
Download the Amazon API tools. I suggest you deploy them in your home folder.
tar -C ~/ -zxvf API-tools.tar.gz
3. Prepare the environment
You need to have 2 files on your server: a private key (the file that starts with pk), and a certificate (the file that starts with cert). The private key can only be issued once! So when you create your certificate (only 1 per account), make sure that you save the PK file in a safe place. The cert file can be re-downloaded from the above-mentioned 'Access Identifiers' page.
If you want to re-create other AMIs later on, then you'd probably want to add the following lines to your ~/.bashrc file, instead of doing an EXPORT to each one of them every time:
- The AMI size is limited to 10GB. Bare it in mind, and use EBS volumes for high-storage mounting points, such as /home and others. Don't be tempted to use the default /mnt that is given, since it can't be duplicated like an EBS can.
- In RedHat/ CentOS/ Fedora distributions, edit the following file, and make sure you remark the line that starts with HWADDR since this line attaches the eth0 device to a specific MAC address. EC2 gives a new MAC address to each newly deployed AMI. This is the file:
4. Create (bundle) the AMI
The following ec2-bundle-vol command will create us the required files for a new AMI:
ec2-bundle-vol -d /mnt -k $EC2_PRIVATE_KEY -c $EC2_CERT -u xxxx-xxxx-xxxx -r i386 -p ourAMI
The different options are:
-d is the location in which the AMI will be created
-u is the Amazon account number that you see on the top-right corner after you log-in to the AWS site.
-r is your architecture
-p is the name of the AMI. This has to be unique.
-j is not an option, but it's nice to see that you're reading... Lighten up, you're almost there!
5. Upload the AMI to the US bucket
Use the following command ec2-upload-bundle:
ec2-upload-bundle -b us-bucket -m /mnt/ourAMI.manifest.xml -a ACCESS-KEY -s SECRET-KEY
Make sure you replace the access and secret keys with your own. It's in section 1...
6. Copy (migrate) it to the EU bucket
The action of copying an AMI between regions, is called migrating. Just like a migraine: long and painful. Just kidding! You just need to launch the ec2-migrate-image command, and wait for the files to be copied:
ec2-migrate-image ec2-migrate-image -o ACCESS-KEY -w SECRET-KEY --bucket us-bucket --destination-bucket eu-bucket --manifest ourAMI.manifest.xml --location EU
7. Publish it as a private AMI in the EU
The ec2-register command will register your AMI as a private image.
ec2-register eu-bucket/ourAMI.manifest.xml --region eu-west-1
If you want to see the available regions, then run the command:
You can now activate (launch) your new AMI from the list of available images.
One extremely important notice: do not halt, shutdown or terminate your original AMI, until you're 100% sure that the newly copied AMI is working flawlessly. Once an AMI is terminated (halt and shutdown terminate it as well...), it can not be recovered. It is lost for ever and ever. No regrets.
Having said that...
That's it. Congratulations! Relax, and enjoy the extra-super-ordinaire song Yeah Yeah by Salsedo. You've earned it.