Monday, December 21, 2015

Setting up Amazon EC2 Tools for Docker in OS X - Short Version

From Amazon Docs: Amazon EC2 Container Registry (ECR) is a fully-managed Docker container registry that makes it easy for developers to store, manage, and deploy Docker container images.

The EC2 Tools therefore allow you to interact with the EC2 API though your terminal through a special set of bash commands for EC2.  I'm then going to be deploying a new personal site to Amazon via Docker Container to my virtual AWS Ubuntu server via the Amazon EC2 Container Registry.

This is a very quick and dirty shortened version of their docs.  A lot of this is straight from AWS docs but I've cut out all the clutter and more importantly also added a little more about the IAM user creation where I include some screen shots because if you don't give the user permissions, you won't be able to authenticate when EC2 tries to make calls on behalf of your user's AWS Key & Secret.

Download the EC2 Tools
Run this in terminal:
curl -O http://s3.amazonaws.com/ec2-downloads/ec2-api-tools.zip

Extract the Tools
I extracted them here but you don't have to to it here necessarily:
sudo unzip ec2-api-tools.zip -d /usr/local/ec2

Install Java
First verify if you have Java Installed or not:
which java
If it's present you'll see:
/usr/bin/java
If not then install Java.

Set Environment Variables

$JAVA_HOME 
This will allow EC2 to find your java install location

First, manually set it
We will manually set it by running it explicitly in terminal.  But..after this it'll be in your bash profile so you no longer have to worry about manually setting it anymore:
export JAVA_HOME=$(/usr/libexec/java_home)
(when this environment variable is accessed, the /usr/libexec/java_home will return the filepath to the java install on the fly.  If you want, try it out yourself, jsut run /usr/libexec/java_home in terminal)

Set the environment variable in your bash_profile
Set it in your .bash_profile so that it sets it on startup every time.  
Open your bash profile in /users/[yourusername]/.bash_profile
Now paste that export JAVA_HOME line above in your bash_profile

Test the Environment Variable
Now close your terminal then re-open it and run this to verify that the environment variable is working:
$JAVA_HOME/bin/java -version
it should return its version info, example:
java version "1.7.0_55"
OpenJDK Runtime Environment (IcedTea6 2.4.7) (7u55-2.4.7-1ubuntu0.12.04.2)
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

$EC2_HOME
This variable specifies where the installation of the CLI tools lie.

Manually Set it
To set it, put in the path to the folder where you extracted the tools tool earlier:
export EC2_HOME=/usr/local/ec2/ec2-api-tools-0.0.0.0 
(if you extracted it somewhere else, change the path above.  Replace the 0.0.0.0 with your version of the CLI tools)

Set the environment variable in your bash_profile
also, copy that line to your .bash_profile

Replace your $PATH variable in your .bash_profile with this line:
export PATH=$PATH:$EC2_HOME/bin

$AWS_ACCESS_KEY, $AWS_SECRET_KEY
We need to tell AWS how we're going to authenticate calls when we use EC2 tools.

Create a new IAM User
First, create a new IAM user account if you don't have one where you know the key and secret for it.

Click on your profile and select Security Credentials. 







Copy the Key and Secret and also download the file that contains that for future reference





Be sure that the user also has a policy set 
(note: you can also setup groups) 

Your users must have appropriate permissions in order to auth API wrapper calls you make from OS X terminal to the Amazon EC2 API or AWS API, ect.  

Click on users, and then click attach policy and then select the Administrator policy for your user:















Explicitly Set them
Now go back to your terminal to set the AWS_ACCESS_KEY and AWS_ACCESS_SECRET environment variables by running this in terminal:

use the access key and secret key from the user you created above below
export AWS_ACCESS_KEY=your-aws-access-key-id
export AWS_SECRET_KEY=your-aws-secret-key

Set the environment variables in your bash_profile
copy and paste those 2 lines into your bash_profile.

Verify the CLI Tools Work

verify it works by running a command, so run this:
ec2-describe-regions
you should then see this:





Here's what your .bash_profile should look like
example (I've x'd out my real key values for the sake of this blog post):


1 comment: