Amazon EC2 Technical FAQs

Articles & Tutorials>Amazon EC2 Technical FAQs
A collection of those issues that keep coming up over time. This is a must read for new Amazon EC2 users and a great refresher for those developers already using the service.

Details

Submitted By: Justin@AWS
AWS Products Used: Amazon EC2
Created On: January 11, 2008 8:32 PM GMT
Last Updated: July 16, 2009 3:29 PM GMT

Notes for Newbies

  1. Client.AuthFailure: AWS was not able to validate the provided access credentials
  2. What happens to my data when my instance terminates?
  3. What Amazon EC2 images are available?
  4. Can I run Microsoft Windows in EC2?
  5. When I try to bundle my AMI, it fails. Why?
  6. Why is my AMI upload failing?
  7. I'm unable to register my image.
  8. I'm unable to ssh into my instance.
  9. My AMI won't start, what should I do?
  10. Can I have a static IP address?

Other Questions

  1. How can I get more than one IP address?
  2. Why do I have two IP addresses and two host names?
  3. Is it possible to move an instance from one security group to another?
  4. Can I manage my DNS within Amazon EC2?
  5. Does Amazon EC2 support reverse DNS lookups for email sent from my instance?
  6. How do I increase my EC2 instance, EBS volume, or Elastic IP limit?
  7. How do I report Amazon EC2 abuse?
  8. Why can't I ping my instance?
  9. What about load balancing and auto scaling?

Reporting an Issue

  1. What do you need from me when I report an issue?


Client.AuthFailure: AWS was not able to validate the provided access credentials

I have an active AWS account, but I get this error when I try to use EC2: 'Client.AuthFailure: AWS was not able to validate the provided access credentials'.

It is possible you signed up for AWS, but have not yet opted-in to Amazon EC2. To check this, go to http://aws.amazon.com, hover over 'Your Web Services Account', and select 'Account Activity'. If you do not see 'Amazon Elastic Compute Cloud' listed on your Account Activity page, then you haven't signed up for Amazon EC2, yet. Just go to http://aws.amazon.com/ec2, click on 'Sign up for this Web Service', and follow the instructions from there.

If you are certain that you already signed up for EC2, please make sure that you have a valid credit card on file with us (double check expiration date and address).

If you continue to receive this error after double-checking your account details, feel free to email webservices@amazon.com and we will take a closer look.


What happens to my data when my instance terminates?

Once the instance is terminated (on your command, or due to a hardware or system software failure), your data is gone.

Most people use Amazon Elastic Block Store (EBS) or Amazon S3 for storage of data produced and consumed by their Amazon EC2 applications.

Feature Guide: Elastic Block Store: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1667&categoryID=100

You should also take a look at Amazon SimpleDB to see if it fits the needs of your application.

Note: your data will be preserved if you explicitly reboot an instance.


What Amazon EC2 images are available?

You can check out the Public AMIs in the AWS Resource Center: http://developer.amazonwebservices.com/publicamis

You can also use the EC2 command line tools to display images that are available to you. Use -o (--owner) to list AMIs owned by a given user, or -x (--executable-by) to list AMIs that are executable by a given user.

//display all the images that are owned by you and Amazon
Prompt> ec2-describe-images -o self -o amazon

//view all the images that are executable by everyone
Prompt> ec2-describe-images -x all


Can I run Microsoft Windows in EC2?

Amazon Elastic Compute Cloud (Amazon EC2) now offers you the ability to run Microsoft Windows Server or Microsoft SQL Server.

You'll find more information here: http://aws.amazon.com/windows


When I try to bundle my AMI, it fails. Why?

Make sure you have specified a storage destination that has enough space for your image files. By default, the ec2-bundle-vol command will store your image part files in the /tmp directory, which typically is not large enough.

Try using the -d parameter to store your image in the /mnt directory (the ephemeral store).

Also make sure you are not specifying too small of an image size with the -s parameter.

The maximum size of an image is 10240MB.

Check out this page for more details about bundling a Windows AMI.


Why is my AMI upload failing?

  1. You may not be signed up for Amazon S3. Log into your web services account and confirm that you have signed up for Amazon S3.
  2. You may not have access to store data in the bucket you have specified. Confirm that you have WRITE access to the bucket.
  3. One of the image part files specified in the manifest.xml file may be missing. If this is the case, you will need to re-bundle the image before trying to upload again.
  4. Your connection to Amazon S3 may have been broken during the upload. Try setting the --retry parameter or try starting the upload again with the --part parameter.

Note: The --retry parameter should be used with caution, as the API tools will continue to try and PUT your image parts until they succeed. This could result in a few thousand tries, if for example, you are trying to PUT your image in to a bucket that you do not have WRITE access.


I'm unable to register my image.

This typically happens when a user tries to register an image with different credentials than those that were used to bundle it.

You should also confirm that you used your Account Id, and not your Access Key when you bundled the image. You can check which id you used when bundling your image by looking at the "user" node in your manifest.xml file.

Please refer to the Amazon EC2 Getting Started Guide for more information on locating your Account Id.


I'm unable to ssh into my instance.

Make sure you have authorized access to port 22 for the security group your instances are running in. Use the ec2-authorize command included in the command line tools to open up port 22.

You can check what security group your instance is running in by executing the ec2-describe-instances command.

Make sure that your local network firewall allows outbound connections on port 22.


My AMI won't start, what should I do?

Take a look at the console output using the Amazon EC2 command line tools. e.g.: 'ec2-get-console-output'


Can I have a static IP address?

Amazon EC2 instances are automatically assigned an IP address at launch time. You should expect this IP address to change each time you launch a new instance.

If you reboot an instance, the IP address is maintained.

If you require a more static IP address, you can assign an Elastic IP to your instance. More information about Elastic IP addresses can be found here: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1346&categoryID=112


How can I get more than one IP address?

An Amazon EC2 instance is limited to only one public IP address for external use from outside the Amazon EC2 network. Each instance is also assigned a single IP address for internal use within the cloud.

You'll find more information about instance addressing in our tech docs.


Why do I have two IP addresses and two host names?

Each instance is provided an external DNS name and an internal DNS name.

The external DNS name (which looks like ec2-72-44-45-204.compute-1.amazonaws.com) resolves to the public IP address of the instance outside the Amazon EC2 network and the private IP address from within Amazon EC2 network.

The internal DNS name (which looks like domU-12-31-35-00-35-F3.compute-1.internal) resolves to the private IP address of the instance from within the Amazon EC2 network; it will not resolve outside of the Amazon EC2 network.

Communication between your instances in the cloud should use their internal DNS names. From within the cloud, the external DNS name will resolve to the private IP address.


Is it possible to move an instance from one security group to another?

No, it is not. The security group for an instance is set at launch time and can not be changed.

You have two options:

  1. modify the settings for the current security group - which will affect all instances running in the specific group
  2. launch a new instance in the second security group and terminate the old instance in the first security group

Can I manage my DNS within Amazon EC2?

All instances come with an internal and external DNS name. Amazon EC2 does not provide access to modify these DNS settings. If you would like to map an existing domain name to an Amazon EC2 instance you will need to use one of the many DNS management services that are available on the Internet today.

Within Amazon EC2, DNS requests for the external DNS name of an instance will resolve to the internal IP address of the corresponding instance.

When using your own domain name, we recommended mapping to the instance's external DNS name using a CNAME, not by using an A record pointing at the instance's IP address.


Does Amazon EC2 support reverse DNS lookups for email sent from my instance?

If you modified the DNS for your domain (mydomain.com) to include a CNAME to the external DNS name of an instance, and send an email to someone from your instance [user@mydomain.com] a reverse DNS lookup will result in the external EC2 DNS name, not mydomain.com.


How do I increase my EC2 instance, EBS volume, or Elastic IP limit?

All new users start with a 20 instance limit.

If you'd like us to raise your instance limit, please let us know by filling out our instance limit increase form. Please include a few details regarding the project you are working on, how many instances are you planning to launch with, how much traffic are you expecting, and how much data are you planning to store on Amazon S3.

http://aws.amazon.com/contact-us/ec2-request/

If you'd like us to raise your Elastic Block Store volume limit, please let us know by filling out our volume limit increase form.

http://aws.amazon.com/contact-us/ebs_volume_limit_request/

If you'd like us to raise your Elastic IP limit, please let us know by filling out our Elastic IP increase form.

http://aws.amazon.com/contact-us/eip_limit_request/


How do I report Amazon EC2 abuse?

Please follow the instructions detailed on this page: http://aws.amazon.com/contact


Why can't I ping my instance?

Ping uses ICMP ECHO, which by default is blocked by your firewall. You'll need to grant ICMP access to your instances by updating the firewall restrictions that are tied to your security group.

ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0

Check out the latest developer guide for details.

Section: Instance Addressing and Network Security -> Network Security -> Examples


What about load balancing and auto scaling?

AWS now supports a number of new features that help to enhance the efficiency of applications running in the AWS cloud.


What do you need from me when I report an issue?

Aim to provide enough information so that follow-up or clarification questions aren't necessary. Include details about the request you are making and the response you are receiving. Posting the actual request and error response is always helpful. In particular, when troubleshooting be sure to include the following details:

General Inquires
  • Please provide both the instance id in addition to the approximate timestamp and time zone when issue occurred.
Networking
  • Instance-ID(s) Involved
  • Is connection being made from within or outside of EC2?
  • Source IP address from which connection was attempted?
  • Was DNS name or the IP address used to connect?
  • Which destination port/service failed?
  • Timestamp and timezone of failure(s)?
  • Traceroute from source->destination and destination->source (preferably using the protocol and port which is failing, rather than the default ICMP/UDP, e.g. traceroute -T on some distros).
Image registration
  • Please provide the location in Amazon S3 of your manifest file (ends in .manifest or .manifest.xml).
Image launch
  • Please provide the AMI ID and the results of ec2-get-console-output.
Instance network
  • Please provide the results of netstat -nr from within your instance.
Amazon EC2 web service requests
  • Please provide the results of a traceroute to ec2.amazonaws.com, the output of ec2-version, and the output generated by command in question (e.g. ec2-describe-instances) reattempted with the -v flag.
AMI tool commands
  • Please provide the version of tools installed.
  • RPM installation - run rpm -q ec2-ami-tools.
Access to instance
  • Please provide the results of ec2-describe-groups for any security group the instance is running in and the results of ec2-describe-instance for the instance in question.Please provide the results of ec2-describe-groups for any security group the instance is running in and the results of ec2-describe-instance for the instance in question.

Comments

Amazingly useless
delete this page, it has no use... I found more on google
Kambiz Nazridoust on July 22, 2010 5:15 AM GMT
I can't add a Region!!!
I want to add a Region,but when I press the add button, it does not respond。How can we solve?Thanks!!!
yuandongqing on April 21, 2010 9:53 AM GMT
AWS Server
Hi We have many servers with aws, one of them went down for like 3 hours we go back to AWS management console and it shows that the server is running but we cant connect to it using the remote desktop connection. but after rebooting the server everything went ok. can you please help me why this problem happend . it not the first time that it happend. Many Thanks Ahmed
xmgadmin on March 22, 2010 11:13 AM GMT
volumes
Hi when i create a new volumes and i want do attached for server it must write a device name what means a device name thanks
askzad on January 7, 2010 7:58 AM GMT
help me out
Dear all, I very much new here, My application is supports only on php4 version. I need to install the instance image in AWS EC2 console which image contains the php4 version.It is there Redhat 3 , but I didn't able to find the redhat 3 instance in the new instance wizard. Please help me out how can i install the redhat 3 version. thank you in advance
scottlessing on November 24, 2009 5:18 AM GMT
really not a FAQ
Having used Amazon cloud for 6 months, these really are not the most frequently asked questions. JMHO, these are the Amazon Easily Answered Questions : EAQ
Nancy W. Abramson on July 6, 2009 5:01 PM GMT
Outdated
This is terribly outdated for something that links off the main support page. For example, it doesn't mention anything about elastic ip's. That's means it's quite confusing to new users like myself and not useful at all since one isn't sure if any part of it is still accurate. I suggest updating it as soon as possible. Thanks.
pauc1 on November 8, 2008 1:05 AM GMT
Deploying Tomcat in Amazon ec2 instances
I would like to know if tomcat or any webserver is already present in the initially given instances by amazon ec2. If not, any such ami's available. If the instance is rebooted or run after termination for the first time, will the applications installed in it will remain installed or not?
coolteja on May 21, 2008 1:50 PM GMT
We are temporarily not accepting new comments.
©2014, Amazon Web Services, Inc. or its affiliates. All rights reserved.