Setting up a Linux Instance in AWS (New GUI)
This chapter describes how to set up a Linux instance in AWS. The purpose for which the instance is created will determine the prerequisites for image and instance type used.
This page reflect the AWS GUI changes in spring 2022.
Content
As this description shows the basic setup of a Linux instance in AWS, it does not list specific prerequisites. However, depending on the use case, the following prerequisites should be considered: Please note that the AWS GUI occasionally changes. This may lead to screenshots not always reflecting the exact appearance of an configuration screen. To start the creation of a new cloud instance, perform the following steps: 1. Log in to your AWS management console. 2. Find and select the EC2 service. You can find it in the Recently visited section, or use the services drop down menu (alternatively, you can also start from your Manage Subscriptions page and launch the instance there): This will open the E2C dashboard. Please note: The following sample image shows the new E2C dashboard. The old dashboard looks somewhat different, but still has the Launch instance button. 3. On the EC2 dashboard click on the Launch Instance button. Clicking on Launch Instance and selecting the launch instance option will allow you to initiate the instance creation process consisting of seven steps: These steps are described in the next section. The instance creation and configuration process will guide you through a number of configuration steps and allow you to start the new instance when done. 1. Enter an instance name: If needed, you can add additional tags to the instance. When done, proceed to the Application and OS Images section to choose an AMI (Amazon Machine Image). 2. Choose AMI: AMIs are prepackaged images used to launch cloud instances. They usually include the operating system and applicable application software. Which AMI you select depends on the planned use of the instance: After deciding on which AMI is required, select a matching Linux or Charon product AMI in the Marketplace or (depending on your environment) from My AMIs. You can use the search field or select one of the categories displayed to start your search. Select the Linux AMI appropriate to your planned use of the instance, that is, Then proceed to the next section, the Instance type selection. 3. Choose Instance Type: Amazon EC2 offers instance types with varying combinations of CPU, memory, storage, and networking capacity. Select an instance type that matches the requirements of the Charon product to be used. Please note that some marketplace images have a restricted selection of instance types. When done, proceed to the Key pair configuration. In this section, you can Please note: if your management system supports it, for RHEL 9.x, Rocky Linux 9.x, and Oracle Linux 9.x use SSH key types ECDSA or ED25519. This will allow connecting to these Charon host Linux systems using an SSH tunnel without the default crypto-policy settings on the Charon host having to be changed for less secure settings. This is, for example, important for the Charon-SSP Manager. See also: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening. After configuring your key pair, proceed to the Network settings section. 5. Network configuration: This section offers basic default settings to connect your instance to the network. However, in most cases, you will have to adjust the settings to your environment. To do this, click on the Edit button at the top of the section: This will open the edit window and allow additional settings: The Advanced network configuration option at the bottom of the section opens an additional configuration section in which you can set more advanced interface options and add additional network interfaces (automatic assignment of a public IP address only works if there is only one network interface attached to the instance). Additional interfaces can also be added to the instance after it has been first launched. Once you are done with the network configuration, proceed to the Configure storage section. 6. Storage configuration: The size of the root volume (the system disk) must be appropriate for your environment (recommended minimum system disk size for the Linux system: 30GB). You can add more storage now or later to provide space for virtual disk containers and other storage requirements, but the system disk size should cover the Linux system requirements including any applications/utilities planned to be installed on it. Please note: It is recommended to create separate storage volumes for Charon application data (e.g., disk images). If required, such volumes can later easily be migrated to another instance. If needed, open the Advanced details section to access additional settings. 7. Advanced details: In this section, you can set many parameters. Three that are more likely to be useful to a Charon emulator environment are shown here as examples: CPU characteristics (enable or disable more than one thread per CPU core, options depend on the selected instance type). This can only be set at instance launch. It cannot be changed later. IAM role Only for a VE license server system with a version earlier than 1.1.23, you must assign the required IAM role (allowing the ListUsers action) to the instance. For more information see the Virtual Environment (VE) License Server Documentation. User data If your instance is based on a Charon AL marketplace image and planned to be used for AutoVE licensing (instead of the Stromasys-operated public license servers) or based on the Charon-SSP Amazon Linux image, you must add the corresponding information to the instance configuration before the first launch of the instance. Enter the information for the AutoVE license server as shown in the example below (it shows the public AutoVE servers): Valid User Data configuration options: where Please note: at least one license server must be configured at initial launch to enable AutoVE mode. This can be via the /opt/charon-license-server file with the default public servers (SSP 5.6.8 or higher) or via the manual user data configuration. Otherwise, the instance will bind to one of the public AL license servers operated by Stromasys. 8. Launch your instance: Click on Launch instance in the right-hand pane to launch your instance (if the launch button is not visible, you may have to close overlaying text panes first): Verify that instance is running: After starting your instance for the first time, you will see it in the initializing state in the list of your AWS instances. It will take a bit of time to get to the running state.You will eventually see a launch success message with a link to your instance. Clicking on this link will take you to your new instance in the instance overview list. In addition to the instance state, important information, for example, the public IP address and public DNS name (marked in red) of the instance will also be displayed. The following image shows an example: The following sections will show you how to access the instance and how to perform additional storage and network configurations. Please note:General Prerequisites
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services.
Please note that the Charon-SSP AL marketplace image and the VE license server software require updates for each new region added to AWS.
Should you get an error similar to Failed to verify the instance document's signature
when trying to create a new fingerprint or access an SSP public license server, you may use a region not yet supported in your version.
AWS Login and New Instance Launch
New Instance Configuration
4. SSH key pair configuration:
Please note:primary_server=<ip-address>[:<port>]
backup_server=<ip-address>[:<port>]
Initial Access to the Instance
Once you have access to the instance, you can create the access you require for your applications. This section just shows the basic steps for initial access to the instance.
SSH Interactive Access
To connect to the instance interactively, you must connect as the management user of your instance. Use the following command:
$ ssh -o ServerAliveInterval=30 -i
<path-to-your-private-key>
<management-user-name>
@
<cloudhost-IP-address>
The parameter ServerAliveInterval
will protect the connection from timing out.
Please note:
- Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
- The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
- The management user account normally allows sudo access to privileged commands (use sudo -i).
- If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for interactive login is the user sshuser.
File Transfer with SFTP
SFTP enables file transfers to and from the cloud instance. Use the management user of your instance. The security rules must allow SSH access to allow SFTP access to the cloud instance.
Please note: Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
To connect to the instance, use the following command:
$ sftp -i
<path-to-your-private-key>
<management-user-name>
@
<cloudhost-IP-address>
Please note:
- Depending on the type of connection, you will have to use either the public IP address of the cloud system or its address in a customer-specific VPN.
- The private key used must correspond to the public key installed in the authorized_keys file of the cloud instance management user. This is usually done during initial cloud instance launch.
- If the instance was created using a Stromasys-provided AL or VE marketplace image, the management user for file transfer is the user charon.
- If the user charon is used to transfer files, the home directory for the file transfer will be /charon/storage.
© Stromasys, 1999-2024 - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.