In this article, we will explore the process of building a virtual server on the site AWS Amazon Cloud. And so, don’t waste time, let’s start!
First, we will write a small work plan:
- Registering an account in AWS Amazon Cloud
- Choosing a tariff plan
- Setting up a virtual machine
- Setting up a network environment
- Starting a server and connecting via SSH
IMPORTANT: so that we speak the same language, we will agree on an abbreviation. In principle, the only ambiguous meaning can only be associated with the name of the Virtual Machine itself. It can be called:
- Virtual machine
- Instance (in the definition of Amazon)
Let’s start with our work plan.
Registering an account with AWS Amazon Cloud
Follow the link aws.amazon.com, on the page that opens, in the upper right corner, click the button “Create an AWS Account”
Go to the initial registration page:
fill in all the fields, and click the button “Continue”
Be sure to select account type “Personal”. Next, carefully fill in all the fields, enable the checkbox “Check here to indicate….”
After that we press the button “Create Account and Continue” and go to your payment:
Fill in your card details. Remember that on the card that you indicate here, the account must have an amount equivalent to 1 $ / EURO — this amount will be withdrawn to verify the card, and within 3–5 days it will be returned to your account. Click “Verify and Add” and proceed to confirmation. Indicate your country, your contact number, and enter the captcha for verification.
Click “Send SMS”, and in the form enter the code that will be sent to you by SMS.
Enter the code, click “Verify Code”
Congratulations — you are registered!
Choosing a tariff plan
After confirming your account, you will be presented with several tariff plans to choose from:
We are interested in “Basic Plan”. Its advantage is that it is free (for 12 months), and at the same time, the resources that Amazon offers for this tariff plan are quite sufficient to launch a test node. Select and click “Free”.
And we fill out the form about your interests.
Click “Submit”! This completes the registration!
You will receive 3 letters by mail, something similar to this:
Now go to your account. To do this, on the main page, click “Sign in to the Console”
On the page that opens, select “Root user”, enter your email, if necessary — in the lower right corner, the button for changing the interface language. Click “Next”
This is the main screen for AWS services. But we need a management console. In the main menu, in the upper left corner, click “Services”
Select “EC2” and get into the console for managing your instances.
We proceed to the main task:
Configuring the virtual machine.
In the main menu on the left, select “Instance” and then “Launch Instance”
At the first step , we need to select the type of instance. What we pay attention to: the “Free tier eligible” marker — this means that this configuration, in the basic version, will be provided to you free of charge for 1 year (if the consumption of basic resources is not exceeded)
In our case, we choose a free configuration (do not forget — for 1 year) and click the “Select” button, on the new page check again that the instance is of the “t2.micro” type and “Free tier eligible”
Click “Next: Configure Instance Detail”. Here is a detailed configuration. Let’s change only the “Auto-assign Public IP” field to “Enable” — so that our virtual machine will automatically receive the external published address. We just look at the rest and don’t change anything. an increase in resources will lead to an exit from the area of the “free” tariff.
Press the button “Next: Add Storage”. And in the specified field “Size GiB” we change 10 to 25. Please note that in the free configuration, the disk size is allowed no more than 30 GB. The rest will be for your money!
Go to the next item, click “Next: Add Tag”. Here you can create tags for your instance, for example “Name”: “MyNode”, I leave it to your choice — you can do it, you can not do it.
Configuring Network Neighborhood
The next step is “Next: Configure Security Group”. Here we will configure the port rules. Click “Add Rule” and in the line that appears, enter / select the values:
Type: Custom TCP port
Port range: 3000
and enter the values for IPv4 and IPv6 networks 0.0.0.0/0,::/0
This will create a rule allowing all users to access port 3000.
We do the same with port 7900. We do all the same steps, but instead of 3000 we write 7900! As a result, you should have the following table of rules:
Press “Review and Launch” and you will be taken to a page with a full description of our virtual machine.
Everything is ready to start! So don’t wait and click “Launch”!
But one more test awaits us on the way to success — the keys of safety! Yes, Amazon is very worried about the security of your data, and because everything related to access to your VM has increased security requirements! Well, let’s secure ourselves by creating a secret key to access our virtual machine.
Select the option “Create a new key pair” from the drop-down list, after which a field for entering the key name will appear below. enter a friendly name for the key (I have it “drcryptoskey”)
Then click “Download Key Pair”, save the generated key file in a safe place.
IMPORTANT: Be sure to remember where you saved it and its name — preferably a simple path and a “logical name”, something like d:/awsnodekey.pem
Then click “Launch Instances”. A notification appears on the screen that everything is fine and that our VM is running!
Click “View instance”. Before you will be a console with your VM.
As you can see, the “Instance State” field shows the “running” status, which means that the VM itself is already WORKING.
The only thing left is to connect to the console. And here there are “nuances” that do not let us get bored and go the easy way :) The
nuance here is that everything is not so simple here, as, for example, in Google Cloud, where they made it more convenient and without compromising security.
Start the server and connect via SSH
And we get an offer on how you will connect.
I highly recommend using the first one — via a separate SSH client. You have to be extremely careful here. I can offer a couple of options:
Option 1. Built-in SSH client.
The easiest way is to use the built-in SSH client (Windows 8–10). This is done simply. Launch the CMD command line and enter the following in it:
ssh -l USERNAME_HERE -i yourkey.pem public-ec2-host
USERNAME_HERE- if you did everything according to this instruction, then substitute here ubuntu - this is the default name
yourkey.pem- this is the name of the file in which you saved your key. Do not forget that this is not only a name but also a path, which means it will look something like this: d:/mykeyfolder/demo2020.pem
public-ec2-host- nothing more than the external IP of your VM.Total
for our example it will look like this (for you will be with your data)
ssh -l ubuntu -i d:/drcryptos.pem 18.104.22.168
Press Enter and if everything is correct you get your server console!
If you did not receive the console, but received a message like this, do not be alarmed:
This is Amazon’s “paranoia” :) They want to say that a key to which certain security rights are not assigned cannot be used to connect to your server. It seems that everything is clear, but it is not clear what rights are and what should be! Everything is simple here — we need to obtain exclusive rights to this file for your Windows account. We do the following:
1. Find your file with the key in the explorer (for example d:/awsnodekey.pem)
2. Press the right mouse button. Select “Properties”
3. Select the “Security” tab
4. On it, click the “Advanced” button
5. In the form that appears, click “Disable inheritance”
And confirm by selecting “Delete all inherited permissions of this object”
All inheritance will disappear, and you will see empty field. Click “Ok”, the window will close. You will such see a form.
Press the “Change” button, in the new form, press “Add”
Now we enter the name of our user in Windows where it is indicated. Then click “Check Names”, and where you entered your name, something similar to “NOTEBOOK \ User12” will appear, where instead of NOTEBOOK there will be the name of your computer, and instead of User12 — the username under which you logged in.
If everything is so — press “Ok” / “Ok” / “Ok”. Your key file now has the required level of security. All you have to do is go to the “Starting the server and connecting via SSH” item, and repeat everything again!
Option 2. External client “PuTTY”.
This is perhaps the most “kosher” option :) First you need to install the program “PuTTY” — download here https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Be sure to choose the complete installation package! The choice also depends on your system:
after you have downloaded and installed “PuTTY”, we will need to do the following:
1. Convert the existing key file to the “PuTTY” format using the “PuTTYgen” utility
2. Configure the connection using “PuTTY”
Let’s get started!
Launch the “PuTTYgen” utility, select the “Import key” item
And in the window that opens, select your key file. In the window that opens, press the “Save private key” button. Save the
new key, in the same place as the previous one. Before saving you will be asked if you want to save the key without a password
Click “Yes”! This is acceptable for a test project, but in real systems — password protection is necessary !
Note — when saving, you can save the key with the same name, since the new key will have the extension “.ppk”. Close “PuTTYgen” and start “PuTTY”. On the main screen, in the “Host Name” field, write your data in the following format:
In my example it will be: email@example.com, and in the “Port” field, leave “22” — this is the port for connection over SSH protocol. You should get something similar to this:
On the left side, go to the “Auth” tab and click the “Browse” button. Then open the file with a new key (extension “.ppk”)
In the left menu, return to the “Session” item. For convenience, in the “Saved Session” field, write a name for this connection (for example, “aws-node”) and press the “Save” button to remember all the settings for this session. The preparation is over — we press the “Open” button, at the very bottom and we get an invitation to enter the username. enter “ubuntu”
Press “Enter” and in a moment we get into the console!
Then you can use the server at your discretion, and in our case, install the Symbol test node
During the experiment, a problem was identified with the operation of the nodes, within the framework of these settings.
The node starts up well, everything works.
After 1–2–3 days, the node stops returning its normal status (check via http: // your_external_node_IP_address: 3000 / node / info).
At the same time, with a high probability, it becomes impossible to connect to the console.
With a high probability, the problem is that 25 GB of disk space is not enough for the node to work, and as a result, the system cannot start the necessary services, including the SSH session. It is assumed that the most active use of disk space is the docker service.
1. If you have access to the node:
1.1. Log in to the server
1.2. Stop node
1.3. Stop server
1.4. Extend the disk to at least 30 GB, preferably up to 40 GB (be careful with billing and costs)
1.5. Start the server, go to the console
1.6. Create file /etc/docker/daemon.json with content
1.7. If you did not restart the server (items 1.1–1.3), restart the docker with the command:
service docker restart
1.8. Run the node.
2. If you do not have access to the node through the console:
2.1. Force the server to stop
2.2. Extend the drive to at least 30 GB, preferably up to 40 GB
(be careful with billing and costs)
2.3. Start the server
2.4. Try to connect to the console.
2.5. If it works out, follow the solution of p. 1
2.6. If you still can’t connect via SSH, you just have to delete this node and create a new one….