Are you running 10,30 or 100 instances in your single EC2 Account? How do you identify each one?
There have been lot of questions on how to tag and manage a bunch of EC2 instances. To tell you I’ve been into your situation, after working with several EC2 clients. What a pain to keep track which instance is which.
Existing posts about How-are-admins-managing-their-ec2-ebss-and-snapshots and answers like Tagging-ec2-instances-using-security.
But in some cases, placing a set of instances into a set of groups, would possibly create or block access to the other instances using the same group when trying to change a security settings.
Matt Juszczak describe an example of this problem in his blog here.
Proposed Solution: Set a unique security group for an instance.
1. It solves the tagging of each instance
2. Eliminates the possible problem describe above since the current instance is only affected when you try to change it’s security settings.
1. Unfortunately, you have to define individual group for each of the instance and that is extra work.
2. Existing instances (especially production instances) cannot make use of this solution unless by launching the production image and remapping Elastic IP.
mr.awsome is a simple tool where you can provision instance and define a unique security to identify each of them, and automatically accessh each instance via ssh. You can define servers, launch them and be able to tell which instance is which whether you will be going to use AWS Console or ElasticFox later. The security groups are defined and used by the instances.
Tested using Ubuntu Jaunty w/ Python 2.6
$ sudo apt-get install python-setuptools python-dev $ sudo easy_install mr.awsome $ export AWS_ACCESS_KEY_ID=accesskey $ export AWS_SECRET_ACCESS_KEY=secretkey $ ssh-add /path-to-/id_rsa-gsg-keypair
2. For your new EC2 Project, a simple directory structure for a project:
ec2-project/ etc/ aws.conf
$ mkdir -p ~/ec2-project/etc $ cd ~/ec2-project
3. Edit the etc/aws.conf and paste the line below (Note: change to use your own keypair)
[securitygroup:webserver1] description = webserver1 group connections = tcp 22 22 0.0.0.0/0 tcp 80 80 0.0.0.0/0 [securitygroup:dbserver1] description = dbserver group connections = tcp 22 22 0.0.0.0/0 tcp 80 80 0.0.0.0/0 [instance:webserver1] keypair = gsg-keypair securitygroups = webserver1 region = us-east-1 placement = us-east-1a # we use images from `http://alestic.com/` # Ubuntu 9.04 Jaunty image = ami-ccf615a5 [instance:dbserver1] keypair = gsg-keypair securitygroups = dbserver1 region = us-east-1 placement = us-east-1a # we use images from `http://alestic.com/` # Ubuntu 9.04 Jaunty image = ami-ccf615a5
4. Now we can launch the servers:
$ aws start webserver1 $ aws start dbserver1
5. After a while, checking the fingerprint status, you will be able to do:
$ aws status webserver1 $ aws ssh webserver1 $ aws terminate webserver $ aws terminate dbserver1
Dont forget to turn off the instances.
I have been extending the tool and added some basic improvements found here.
The latest update is to be able to run a set of servers in one command, but still be able to tag each instance easily. If you choose to use my updates:
$ git clone http://github.com/cocoy/mr.awsome $ cd mr.awsome $ sudo python setup.py develop $ cd ~/ec2-project $ aws -h
Now you can start your new servers. Tag and identify those instances. As in the old movie Highlander: “There can only be one”.
If you need more customization of the tool or in tagging your 100 instances contact me. 😉
With new boto featues added the tagging, mr.awsome need to be change to use that instead of using security group.