Installing Oracle Instant Client and Tools in an AWS EC2

I’m using the AWS Amazon Linux 2 AMI on my EC2. To download the Oracle Instant Client get the download urls for the instant client and instant client tools from: https://www.oracle.com/database/technologies/instant-client/linux-x86-64-downloads.html

Download using curl and install with rpm:

curl instant-client-url-from-page-above --output instant-client.rpm
rpm -i instant-client.rpm
curl instant-client-tools-from-page-above --output instant-client-tools.rpm
rpm -i instant-client-tools.rpm

To connect using sql-plus:

sqlplus 'admin@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=your-instance-endpoint.rds.amazonaws.com)(PORT=1521))(CONNECT_DATA=(SID=your-db-name)))'

Enter password when prompted.

Connecting to an AWS RDS Oracle instance from an EC2 in same VPC

I’ve created an RDS Oracle instance and I want to connect to it from an EC2 instance. I created both in the same VPC.

By default, even though they’re in the same VPC, the EC2 will not be able to connect to the Oracle instance because you still need to configure the Security Group to allow inbound traffic.

Let’s summarize the setup like this – both are in VPC1:

EC2 : Security Group SG-111

RDS Oracle instance: Security Group SG-222

Edit SG-222 for the Oracle instance, and add an inbound rule. Instead of adding a CIDR block range, start typing SG-111… and it will list matching SGs with that id – click to select the id for Security Group associated to the EC2. You’ve now allowed inbound traffic to your RDS Oracle instance from the EC2.

Done!

SSH to AWS EC2: ‘permissions 0644 are too open’ error

To connect to an EC2 instance over SSH, if the permissions on your .pem file are too broad then you’ll see this error:

Permissions 0644 for ‘keypair.pem’ are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

chmod the .pem file to 0400 and then you should be good. This is described here.

Troubleshooting User Data scripts when creating AWS EC2 instances

When an AWS EC2 User Data script fails, you’ll see something like this in /var/log/cloud-init.log in your instance:

2018-02-03 06:08:16,536 - util.py[DEBUG]: Failed running /var/lib/cloud/instance/scripts/part-001 [127]

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 806, in runparts

    subp(prefix + [exe_path], capture=False)

  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1847, in subp

    cmd=args)

cloudinit.util.ProcessExecutionError: Unexpected error while running command.

Command: ['/var/lib/cloud/instance/scripts/part-001']

Exit code: 127

Reason: -

Stdout: -

Stderr: -

2018-02-03 06:08:16,541 - cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)

2018-02-03 06:08:16,541 - handlers.py[DEBUG]: finish: modules-final/config-scripts-user: FAIL: running config-scripts-user with frequency once-per-instance

It tells you something failed, but not what. The trouble seems that output from your user data script does not go to the cloud-init.log by default.

One of the answers in this post suggests to pipe your script commands and output to logger into a separate log file like this:

set -x
exec > >(tee /var/log/user-data.log|logger -t user-data ) 2>&1
echo BEGIN
date '+%Y-%m-%d %H:%M:%S'

Now running my script with a ‘apt-get update -y’ looks like:

+ echo BEGIN
BEGIN
+ date '+%Y-%m-%d %H:%M:%S'
2018-02-03 23:37:55
+ apt-get update -y
... output continues here

And further down, here’s my specific error I was looking for:

+ java -Xmx1024M -Xms1024M -jar minecraft_server.1.12.2.jar nogui

/var/lib/cloud/instance/scripts/part-001: line 11: java: command not found

My EC2 running the Ubuntu AMI does not have Java installed by default, so I need to install it with (adding to my User Data script):

apt-get install openjdk-8-jre-headless -y

… and now my script runs as expected.