构建访问AWS的本地命令行环境
并不是所有的EC2的功能,都可以通过基于web的AWS Management Console来操作,所以在本地配置一个访问EC2的命令行环境还是很重要的,特别是需要直接在EC2上去构筑服务器环境的时候。
AWS一共有三种访问证书,用于不同的目的,命令行环境下需要用到其中两种:
Access keys:用于基于REST和Query协议的请求
X.509 certificates:用于基于SOAP协议请求
Key pairs:访问EC2实例和保护CloudFront中的内容。
搭建命令行环境:
1:下载EC2 API tools,RDS Command Line Toolkit并解压到各自目录
- EC2 API tools(http://aws.amazon.com/developertools/351)
- RDS Command Line Toolkit(http://aws.amazon.com/developertools/2928)
https://portal.aws.amazon.com/gp/aws/securityCredentials页面生成X.509 certificates并下载
3:设置环境变量
其中EC2_HOME和AWS_RDS_HOME分别是EC2 API tools,RDS Command Line Toolkit的解压目录。
EC2_PRIVATE_KEY和EC2_CERT分别对应X.509 certificates的私钥和公钥。
# settings of AWS
export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home
export EC2_HOME=/Users/huzhanpeng/Documents/AWS/ec2-api-tools-1.5.5.0
export AWS_RDS_HOME=/Users/huzhanpeng/Documents/AWS/RDSCli-1.8.002
export PATH=$EC2_HOME/bin:$AWS_RDS_HOME/bin:$PATH
export EC2_KEY_DIR=/Users/huzhanpeng/.ec2
export EC2_PRIVATE_KEY=${EC2_KEY_DIR}/pk-34EGVLBUUROSPUP2MC2SBCPB2CM47EGQ.pem
export EC2_CERT=${EC2_KEY_DIR}/cert-34EGVLBUUROSPUP2MC2SBCPB2CM47EGQ.pem
4:验证一下环境是否OK
hu:~ huzhanpeng$ ec2-describe-regions
REGION eu-west-1 ec2.eu-west-1.amazonaws.com
REGION sa-east-1 ec2.sa-east-1.amazonaws.com
REGION us-east-1 ec2.us-east-1.amazonaws.com
REGION ap-northeast-1 ec2.ap-northeast-1.amazonaws.com
REGION us-west-2 ec2.us-west-2.amazonaws.com
REGION us-west-1 ec2.us-west-1.amazonaws.com
REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com
5:访问EC2 instance时需要key Pair,可以自己生成,然后upload上去,一个Key Pair不能在多个region之间公用
hu:~ huzhanpeng$ ssh-keygen -t rsa -C '[comment_or_your_id'
hu:~ huzhanpeng$ ec2-import-keypair --region ap-northeast-1 --public-key-file .ssh/id_rsa.pub [key_name]
6:启动instance之后,可以通过ssh访问instance(instance的public DNS和登陆用户需要去instance详细页面去确认)
hu:~ huzhanpeng$ ssh -i ~/.ssh/id_rsa ec2-user@ec2-54-248-41-157.ap-northeast-1.compute.amazonaws.com
这样的话就可以直接在本地用命令行访问AWS相关的服务。