Amazon Linux AMI User Guide

Version 1.0

This document provides an introduction the Amazon Linux AMI. This includes an overview of a few key technologies in
the AMI, adding and building packages, the product lifecycle of the AMI, how to get support, and a brief FAQ. This
document assumes general knowledge of Linux system administration, EC2, and instance launch and management.

Introduction

The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon
Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution
environment for applications running on Amazon EC2. It also includes several packages that enable easy integration
with AWS, including launch configuration tools and many popular AWS libraries and tools. Amazon Web Services also
provides ongoing security and maintenance updates to all instances running the Amazon Linux AMI. The Amazon Linux
AMI is provided at no additional charge to Amazon EC2 users.

Finding the AMI

Please visit http://aws.amazon.com/amazon-linux-ami for the latest list of AMI IDs to launch.

Logging In

To prevent remote root exploits the Amazon Linux AMI does not allow remote root login via SSH. Also, password
authentication is disabled to prevent brute force password attacks. To enable SSH logins to a running Amazon Linux AMI
you must provide your key pair to the instance at launch. You must also set the security group used to launch your
instance to allow SSH access. By default the only account that can be logged into remotely via SSH is ‘ec2-user’. The
ec2-user has sudo privileges.

The AWS Management Console provides a web user interface for performing the same actions. More information can
be found here:

http://aws.amazon.com/console/

Identifying Images

Each image contains a unique /etc/image-id that identifies the AMI. This file contains information about the image.
Here is an example /etc/image-id file:

# cat /etc/image-id

Page 1 of 7
image_name="amzn-ami"

image_version="0.9.0-beta"

image_arch="i386"

image_file="amzn-ami-0.9.0-beta.i386.ext3"

image_stamp="da09-2005"

image_date="20100724050055"

recipe_name="amznami"

recipe_id="50594033-b85f-4ba6-a150-edaadb63b73b"

The image_name, image_version, and image_arch items come from the build recipe that Amazon used to construct the
image. The image_stamp is simply a unique random hex value generated during image creation. The image_date item is
in YYYYMMDDhhmmss format, and is the UTC time of image creation. The reciple_name and recipe_id refer to the refer
to the name and ID of the build recipe Amazon used to construct the image.

Included AWS Command Line Tools

Several popular command line tools for AWS integration and usage have been included in the Amazon Linux AMI:

aws-apitools-common
aws-apitools-mon
aws-apitools-ec2
aws-apitools-elb
aws-apitools-rds
aws-apitools-as

To simplify the configuration of these tools a simple script has been included to prepare the AWS_CREDENTIAL_FILE,
JAVA_HOME, AWS_PATH, PATH, and product specific environment variables after a credential file has been installed.

Also, to allow the installation of multiple versions of the API and AMI tools we have placed symlinks to the desired
versions of these tools in /opt/aws, as described below:

/opt/aws/bin - symlink farm to /bin directories in each of the installed tools directories
/opt/aws/{apitools|amitools} - products are installed in directories of the form [name]-version and symlink
[name] attached to most recently installed version
/opt/aws/{apitools|amitools}/[name]/environment.sh - used by /etc/profile.d/aws-apitools-common.sh to set
product-specific environment variables (EC2_HOME, etc)

Cloud-init

Page 2 of 7
Cloud-init is an open source application built by Canonical which is used to bootstrap Linux images in a cloud computing
environment such as EC2. The Amazon Linux AMI contains a version of Cloud-init. It allows you to specify actions that
should happen to your instance at boot time. You can pass the actions you want to have happen to Cloud-init through
the user -data fields when launching an instance. This means you can use a common AMI for many use cases and
configure them dynamically at startup. The Amazon Linux AMI also uses Cloud-init to perform initial configuration of the
ec2-user account.

Public documentation can be found on Canonical's website: https://help.ubuntu.com/community/CloudInit

The Amazon Linux AMIs use the following Cloud-init features (configurable in /etc/sysconfig/cloudinit):

action: INIT (always runs)

o Setting a default locale
o Setting the hostname
o Parsing and handling user-data
action: CONFIG_SSH
o Generating host private SSHkeys
o Adding user's public SSHkeys to .ssh/authorized_keys for easy login and administration
action: PACKAGE_SETUP
o Preparing Yum repo
o Handles package actions defined in user-data (see cloud-config syntax)
action: RUNCMD
o runs a shell command (see cloud-config syntax)
action: RUN_USER_SCRIPTS
o Executes user scripts found in user-data (see formats section)
action: CONFIG_MOUNTS
o Mounts ephemeral drives

Supported User-data formats

Cloud-init supports user-data handling of a variety of formats:

Gzip
o If user-data is gzip compressed, Cloud-init will decompress the data and handle as appropriate.
MIME multipart
o Using a mime-multi part file allows the user to specify more than one type of data. For example, both a
user-data script and a cloud-config type could be specified. Each part of the multi-part file may be
handled by Cloud-init if it is one of the supported formats.
Base64 decoding
o If user-data is base64 encoded, Cloud-init will determine if it can understand the decoded data as one of
the supported types. If it understands the decoded data, it will decode the data and handle as
appropriate. If not, it will return the base64 data intact.
User-Data Script
o Begins with: "#!" or "Content-Type: text/x-shellscript"

Page 3 of 7
 o The script will be executed by "/etc/init.d/Cloud-init-user-scripts" level during first boot. This occurs late
in the boot process (after the initial configuration actions were performed).
Include File
o Begins with "#include" or "Content-Type: text/x-include-url"
o This content is an "include" file. The file contains a list of URLs, one per line. Each of the URLs will be
read, and their content will be passed through this same set of rules, i.e., the content read from the URL
can be gzipped, mime-multi-part, or plain text .
Cloud Config Data
o Begins with "#cloud-config" or "Content-Type: text/cloud-config"
o This content is "cloud-config" data. See the examples for a commented example of supported config
formats.
Cloud Boothook
o Begins with "#cloud-boothook" or "Content-Type: text/cloud-boothook"
o This content is "boothook" data. It is stored in a file under /var/lib/cloud and then executed
immediately.
o This is the earliest "hook" available. Note, that there is no mechanism provided for running only once.
The boothook must take care of this itself. It is provided with the instance ID in the environment variable
"INSTANCE_ID". This could be made use of to provide a “once-per-instance'”.

Adding Packages

In addition to the packages included in the Amazon Linux AMI, Amazon provides a Yum repository of additional common
Linux applications for use inside of EC2. The Amazon Linux AMI is configured to point to this repository by default for all
Yum actions. The packages can be installed by issuing Yum commands. For example:

# sudo yum install httpd

The packages available from the Amazon Linux Yum repository in EC2 are designed to work with the Amazon Linux AMI.
In addition, this version of the Amazon Linux AMI has been built to be binary compatible with the CentOS 5.x series of
releases, and therefore packages that are built to run on CentOS should run on the Amazon Linux AMI as well.

Accessing Source Packages For Reference

You can view source packages inside of EC2 for reference purposes using tools provided in the Amazon Linux AMI.
Source packages are available for all of the packages that are included in the Amazon Linux AMI and the online package
repository. Simply determine the package name for the source package you wish to install and use the
get_reference_source command to view source within your running instance. For example:

#get_reference_source -p httpd
Please enter your AWS account id: 123456789012

Requested package: httpd

Found package from local RPM database: httpd-2.2.15-2.9.amzn1
Corresponding source RPM to found package : httpd-2.2.15-2.9.amzn1.src.rpm

Page 4 of 7
 Your AWS account id: 123456789012

Are these parameters correct? Please type 'yes' to continue: yes

Source RPM downloaded to: /usr/src/srpm/debug/httpd-2.2.15-2.9.amzn1.src.rpm

You will need to enter your AWS account ID once you run the command. The source RPM will be placed in the
/usr/src/srpm/debug directory of your running EC2 instance. From there it can be unpacked and the source tree can be
viewed for reference using standard RPM tools. After you are through debugging, the package will be available for use
in EC2.

Developing Applications

A full set of Linux development tools are provided in the Yum repository for the Amazon Linux AMI. To develop
applications on the Amazon Linux AMI, simply select the development tools you need with Yum. Alternatively, many
applications developed on CentOS and other similar distributions will run on the Amazon Linux AMI.

Ephemeral Store Access

The ephemeral drive ephemeral0 is mounted in /media/ephmeral0 only on S3 backed AMIs.

Product Lifecycle

Customers can get started by launching the latest Amazon Linux AMI in Amazon EC2. The Amazon Linux AMI will be
updated regularly with security and feature enhancements. Customers who do not need to preserve data or
customizations on their running Amazon Linux AMI instances can simply re-launch new instances with the latest updated
Amazon Linux AMI. Customers who do need to preserve data or customizations on their running Amazon Linux AMI
instances can maintain those instances through the Amazon Linux AMI yum repositories. As the Amazon Linux AMI is
updated, all of the updated packages will also be provided through these repositories and customers can chose to apply
these updates to their running instances. Older versions of the AMI and update packages will continue to be available
for launch in Amazon EC2 and for installation from the Amazon Linux AMI yum repository even as new Amazon Linux
AMI versions are released. However, in some cases, customers seeking support for an older version of the Amazon
Linux AMI through Amazon Premium Support may be asked to move to newer versions as part of the support process.

Security Updates

Security updates are provided via the Amazon Linux AMI yum repositories and updated Amazon Linux AMIs. Major
security alerts will be published in the AWS Security Center. For more information on AWS security policies or to report
a security problem, please visit the AWS Security Center: http://aws.amazon.com/security/

Support

Page 5 of 7
Support for installation and use of the base Amazon Linux AMI is included through subscriptions to AWS Premium
Support. For more information on Premium Support please visit: http://aws.amazon.com/premiumsupport/

Forums

You’re can post any questions you have on using the Amazon Linux AMI to the EC2 forums here:
http://developer.amazonwebservices.com/connect/forum.jspa?forumID=30&start=0

Frequently Asked Questions

Is the Amazon Linux AMI compatible with other Linux distributions?

The Amazon Linux AMI is very similar to CentOS in filesystem layout and package management. Applications built for
CentOS 5 and later should run without recompilation of the Amazon Linux AMI. However, the Linux AMI is configured
for use only in EC2.
How do I get root SSH access on my Amazon Linux AMI instance?
The Amazon Linux AMI does not allow remote root SSH by default. You should specify a keypair at instance launch and
login as ‘ec2-user’ using your keypair to access the command line. This user has sudo access by default to allow you to
run root actions. If you wish to enable remote root login, please be aware that it is significantly less secure than relying
on keypairs and a secondary user.
How do I get my application on my Amazon Linux AMI instance?
Just as you would with any image you boot in EC2 today. You simply upload your application directly to your instance
(such as with scp) and log in directly to the system to configure and launch it. Alternatively, you can pass commands to
your instance at startup via the User-data field when you launch and use the built in Cloud-init package to parse the
commands.
What applications are part of the Amazon Linux AMI?
The Amazon Linux AMI was designed to be small by default and lets you add additional applications from our online
package repository. For example, the base image contains Python and Perl, while Apache HTTP Server, PHP, MySQL,
PostgreSQL and many others are found on the repository server. The base image also contains all tools and libraries to
integrate with other AWS products.
Does the Amazon Linux AMI support third party Independent Software Vendor (ISV) applications?
Yes. The Amazon Linux AMI is focused on supporting open source server applications on the AMI and we will be supportive of
any ISVs who choose to support the Amazon Linux AMI.
What if I need an application the Amazon Linux AMI doesn’t offer?
If you find that the Amazon Linux AMI does not contain an application you need, you can simply install the application
directly on your Amazon Linux AMI instance just as you would any image today. The Amazon Linux AMI uses RPM and
Yum for package management and that will likely be the simplest way to install new applications. You should always
check to see if an application is available in our central Amazon Linux AMI repository first as many apps are available
there and can easily be added to your AMI instance.
Does Amazon offer phone or web support services for the Amazon Linux AMI?
Yes. The Amazon Linux AMI is supported through subscriptions to AWS Premium Support. More details can be found on the
Premium Support page http://aws.amazon.com/premiumsupport/
How frequently is the Amazon Linux AMI updated?
The AMI will be updated to include the latest components on a regular basis. Updates will also be made available in the yum
repositories for installation on running instances on a regular basis.

Page 6 of 7
Will Amazon release updates for all previous versions or only the most recent version?
Amazon Linux AMI updates are officially released and supported for the most recent version only. However, if you’re
running older versions of the Amazon Linux AMI, you can selectively apply updates from future versions using the
command line or update API.
Can I run Amazon Linux on my own servers outside of EC2?
No. The Amazon Linux AMI is only available for use inside of Amazon EC2.
Is the Amazon Linux AMI available in EC2 Virtual Private Cloud?
Yes.
Is a software development environment provided in the Amazon Linux AMI?
Yes. Complete development libraries and tools are incorporated in the Amazon Linux AMI so that you can develop
applications directly on the Amazon Linux AMI
Is there an Amazon Linux AMI community I can become a part of?
Yes. We encourage you to post your suggestions and feedback in the EC2 forum pages, which can be found here:
http://developer.amazonwebservices.com/connect/forum.jspa?forumID=30

Page 7 of 7