Tag: ec2

Posted on

Connecting to an AWS RDS Oracle instance from an EC2 in same VPC

I’ve created an RDS Oracle instance and I want to connect to it from an EC2 instance. I created both in the same VPC.

By default, even though they’re in the same VPC, the EC2 will not be able to connect to the Oracle instance because you still need to configure the Security Group to allow inbound traffic.

Let’s summarize the setup like this – both are in VPC1:

EC2 : Security Group SG-111

RDS Oracle instance: Security Group SG-222

Edit SG-222 for the Oracle instance, and add an inbound rule. Instead of adding a CIDR block range, start typing SG-111… and it will list matching SGs with that id – click to select the id for Security Group associated to the EC2. You’ve now allowed inbound traffic to your RDS Oracle instance from the EC2.

Done!

Posted on

SSH to AWS EC2: ‘permissions 0644 are too open’ error

To connect to an EC2 instance over SSH, if the permissions on your .pem file are too broad then you’ll see this error:

Permissions 0644 for ‘keypair.pem’ are too open.

It is required that your private key files are NOT accessible by others.

This private key will be ignored.

chmod the .pem file to 0400 and then you should be good. This is described here.

Posted on

Troubleshooting User Data scripts when creating AWS EC2 instances

When an AWS EC2 User Data script fails, you’ll see something like this in /var/log/cloud-init.log in your instance:

2018-02-03 06:08:16,536 - util.py[DEBUG]: Failed running /var/lib/cloud/instance/scripts/part-001 [127]

Traceback (most recent call last):

  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 806, in runparts

    subp(prefix + [exe_path], capture=False)

  File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1847, in subp

    cmd=args)

cloudinit.util.ProcessExecutionError: Unexpected error while running command.

Command: ['/var/lib/cloud/instance/scripts/part-001']

Exit code: 127

Reason: -

Stdout: -

Stderr: -

2018-02-03 06:08:16,541 - cc_scripts_user.py[WARNING]: Failed to run module scripts-user (scripts in /var/lib/cloud/instance/scripts)

2018-02-03 06:08:16,541 - handlers.py[DEBUG]: finish: modules-final/config-scripts-user: FAIL: running config-scripts-user with frequency once-per-instance

It tells you something failed, but not what. The trouble seems that output from your user data script does not go to the cloud-init.log by default.

One of the answers in this post suggests to pipe your script commands and output to logger into a separate log file like this:

set -x
exec > >(tee /var/log/user-data.log|logger -t user-data ) 2>&1
echo BEGIN
date '+%Y-%m-%d %H:%M:%S'

Now running my script with a ‘apt-get update -y’ looks like:

+ echo BEGIN
BEGIN
+ date '+%Y-%m-%d %H:%M:%S'
2018-02-03 23:37:55
+ apt-get update -y
... output continues here

And further down, here’s my specific error I was looking for:

+ java -Xmx1024M -Xms1024M -jar minecraft_server.1.12.2.jar nogui

/var/lib/cloud/instance/scripts/part-001: line 11: java: command not found

My EC2 running the Ubuntu AMI does not have Java installed by default, so I need to install it with (adding to my User Data script):

apt-get install openjdk-8-jre-headless -y

… and now my script runs as expected.

 

Posted on

AWS EC2 Pricing (Feb 2018) – per second vs hourly?

EC2 pricing at first look seems simple: for on-demand pricing the current prices are listed here, as fractions of a dollar per hour, Here’s a quick look (below) at how these prices are listed for the first few t2 instance types. The list of different instance types is pretty extensive (check out the link for the complete list):

The page says the price is:

by the hour or second (minimum of 60 seconds) with no long-term commitments

and further down:

Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed as a full hour or per-second depending on which Amazon EC2 instances you run

I added the emphasis as this part is not entirely clear. So to summarize:

  • charged by the second, minimum 60 seconds (this was a recent change, introduced in October 2017, see here)

or

  • charged as a full hour depending on which Amazon EC2 instances you run

The last part of this last statement is (I think) the key. It refers to which AMI image you’re running, since some images have an hourly charge (if I’m wrong, please leave me a comment and let me know!) :

If you click the Marketplace link, you’ll notice AMI images with commercial products, along with an hourly charge for usage. Ahah, there you go!

Proudly powered by WordPress