Run Java Applications on Amazon EC2
My book
My RSS Feeds
I am the founder of Cloud Foundry, which provides automated, outsourced data center management for Java applications on Amazon EC2.
I am the founder of Cloud Tools, which is an open-source project for automating the deployment of Java and Grails applications on Amazon EC2.
I run a training and consulting company that helps organizations build better software faster and deploy it on the cloud.
We provide a variety of services including:
- Development - we can build your application for you
- Deployment - we can find a hosting partner or deploy your application on Amazon EC2
- Training classes for Spring, Hibernate and Acegi Security
- Jumpstarts to get your project off to the right start
- Reviews to improve your architecture, code and development process
For more information contact me.
Amazon EC2 key pairs and other stumbling blocks
While working with Cloud Tools and Cloud Foundry users, I have noticed that EC2 key pairs and security group configuration are common stumbling blocks for people who are new to Amazon EC2. When you sign up for an AWS account you get what can be, at first, a confusing set of credentials: an access key id, a secret access key, X509 certificate and a corresponding private key. You authenticate an AWS request using either the access key id and secret access key or the X509 certificate and private key. Some APIs and tools support both options, where was others support just one. And, to make matters worse, to launch an EC2 instance and access it via SSH you must use a (named) EC2 key pair. This EC2 key pair is not the same as the X509 certificate/private key given to you by AWS during sign up. But they are easily confused since they both consist of private and public keys.
You create a EC2 key pair by using one of the AWS tools: command line tools, ElasticFox plugin or the rather nice AWS console. Under the covers these tools make an AWS request to create the key pair.
Here is a screenshot of the AWS Console showing how you create a key pair.
There are three steps:
- Select Key Pairs
- Click Create Key Pair
- Enter the name of the Key Pair you want to create - you chose the name
The console will then create the key pair and prompt you to save the private key.
You specify the key pair name in the AWS request that launches the instances and specify the private key file as the -i argument to ssh when connecting to the instance.Just make sure you save the key pair in safe place.
Another stumbling block is that you need to enable SSH in the AWS firewall. Both Cloud Tools and Cloud Foundry use SSH to configure the instances and deploy the application. If SSH is blocked then they won't work. Fortunately, the AWS firewall (a.k.a. security groups) is extremely easy to configure using the AWS tools - command line tools, ElasticFox plugin or the nice AWS console - by editing the default security group to allow SSH traffic.
The good news is that these are relatively minor hurdles to overcome. Once you have sorted out your EC2 key pair and edited the security groups to enable SSH using Cloud Tools or Cloud Foundry to deploy your web application is very easy.
Want to learn about Amazon EC2 and how to run Java and Grails applications on it. Checkout our February 17th half-day class.
When I get the .pem "keypair" file following your instructions. You only
seems get a Private Key, and you don't get a certificate file. Do you know
where is the public certificate is or how I can get it.. again, to be
clear, the key file only seems to include the private certificate. Thanks!
That's correct. You download only the private key. Amazon keeps the public
key. When you launch an image with a specified keypair, Amazon provides the
corresponding public key to the running instance.