Notes for Newbies
- Client.AuthFailure: AWS was not able to validate the provided access credentials
- What happens to my data when my instance terminates?
- What Amazon EC2 images are available?
- Can I run Microsoft Windows in EC2?
- When I try to bundle my AMI, it fails. Why?
- Why is my AMI upload failing?
- I'm unable to register my image.
- I'm unable to ssh into my instance.
- My AMI won't start, what should I do?
- Can I have a static IP address?
- How can I get more than one IP address?
- Why do I have two IP addresses and two host names?
- Is it possible to move an instance from one security group to another?
- Can I manage my DNS within Amazon EC2?
- Does Amazon EC2 support reverse DNS lookups for email sent from my instance?
- How do I increase my EC2 instance, EBS volume, or Elastic IP limit?
- How do I report Amazon EC2 abuse?
- Why can't I ping my instance?
- What about load balancing and auto scaling?
Reporting an Issue
- What do you need from me when I report an issue?
Client.AuthFailure: AWS was not able to validate the provided access credentials
I have an active AWS account, but I get this error when I try to use EC2: 'Client.AuthFailure: AWS was not able to validate the provided access credentials'.
It is possible you signed up for AWS, but have not yet opted-in to Amazon EC2. To check this, go to http://aws.amazon.com, hover over 'Your Web Services
Account', and select 'Account Activity'. If you do not see 'Amazon Elastic Compute Cloud' listed on your Account Activity page, then you haven't signed up for Amazon EC2, yet. Just go to http://aws.amazon.com/ec2, click on 'Sign up for this Web Service', and follow the instructions from there.
If you are certain that you already signed up for EC2, please make sure that you have a valid credit card on file with us (double check expiration date and address).
If you continue to receive this error after double-checking your account details, feel free to email firstname.lastname@example.org and we will take a closer look.
What happens to my data when my instance terminates?
Once the instance is terminated (on your command, or due to a hardware or system software failure), your data is gone.
Most people use Amazon Elastic Block Store (EBS) or Amazon S3 for storage of data produced and consumed by their Amazon EC2 applications.
Feature Guide: Elastic Block Store: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1667&categoryID=100
You should also take a look at Amazon SimpleDB to see if it fits the needs of your application.
Note: your data will be preserved if you explicitly reboot an instance.
What Amazon EC2 images are available?
You can check out the Public AMIs in the AWS Resource Center: http://developer.amazonwebservices.com/publicamis
You can also use the EC2 command line tools to display images that are available to you. Use -o (--owner) to list AMIs owned by a given user, or -x (--executable-by) to list AMIs that are executable by a
//display all the images that are owned by you and Amazon
Prompt> ec2-describe-images -o self -o amazon
//view all the images that are executable by everyone
Prompt> ec2-describe-images -x all
Can I run Microsoft Windows in EC2?
Amazon Elastic Compute Cloud (Amazon EC2) now offers you the ability to run Microsoft Windows Server or Microsoft SQL Server.
You'll find more information here: http://aws.amazon.com/windows
When I try to bundle my AMI, it fails. Why?
Make sure you have specified a storage destination that has enough space for your image files. By default, the ec2-bundle-vol command will store your image part files in the /tmp directory, which typically
is not large enough.
Try using the -d parameter to store your image in the /mnt directory (the ephemeral store).
Also make sure you are not specifying too small of an image size with the -s parameter.
The maximum size of an image is 10240MB.
Check out this page for more details about bundling a Windows AMI.
Why is my AMI upload failing?
- You may not be signed up for Amazon S3. Log into your web services account and confirm that you have
signed up for Amazon S3.
- You may not have access to store data in the bucket you have specified. Confirm that you have WRITE access to the bucket.
- One of the image part files specified in the manifest.xml file may be missing. If this is the case, you will need to re-bundle the image before trying to upload again.
- Your connection to Amazon S3 may have been broken during the upload. Try setting the --retry parameter or try starting the upload again with the --part parameter.
Note: The --retry parameter should be used with caution, as the API tools will continue to try and PUT your image parts until they succeed. This could result in a few
thousand tries, if for example, you are trying to PUT your image in to a bucket that you do not have WRITE access.
I'm unable to register my image.
This typically happens when a user tries to register an image with different credentials than those that were used to bundle it.
You should also confirm that you used your Account Id, and not your Access Key when you bundled the image. You can check which id you used when bundling your image by looking at the "user" node in
your manifest.xml file.
Please refer to the Amazon EC2 Getting Started Guide for more information on locating your Account Id.
I'm unable to ssh into my instance.
Make sure you have authorized access to port 22 for the security group your instances are running in. Use the ec2-authorize command included in the command line tools to open up port 22.
You can check what security group your instance is running in by executing the ec2-describe-instances command.
Make sure that your local network firewall allows outbound connections on port 22.
My AMI won't start, what should I do?
Take a look at the console output using the Amazon EC2 command line tools. e.g.: 'ec2-get-console-output'
Can I have a static IP address?
Amazon EC2 instances are automatically assigned an IP address at launch time. You should expect this IP address to change each time you launch a new instance.
If you reboot an instance, the IP address is maintained.
If you require a more static IP address, you can assign an Elastic IP to your instance. More information about Elastic IP addresses can be found here: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1346&categoryID=112
How can I get more than one IP address?
An Amazon EC2 instance is limited to only one public IP address for external use from outside the Amazon EC2 network. Each instance is also assigned a single IP address for internal use within the
You'll find more information about instance addressing in our tech docs.
Why do I have two IP addresses and two host names?
Each instance is provided an external DNS name and an internal DNS name.
The external DNS name (which looks like ec2-72-44-45-204.compute-1.amazonaws.com) resolves to the public IP address of the instance outside the Amazon EC2 network and the private IP address from
within Amazon EC2 network.
The internal DNS name (which looks like domU-12-31-35-00-35-F3.compute-1.internal) resolves to the private IP address of the instance from within the Amazon EC2 network; it will not resolve outside of
the Amazon EC2 network.
Communication between your instances in the cloud should use their internal DNS names. From within the cloud, the external DNS name will resolve to the private IP address.
Is it possible to move an instance from one security group to another?
No, it is not. The security group for an instance is set at launch time and can not be changed.
You have two options:
- modify the settings for the current security group - which will affect all instances running in the specific group
- launch a new instance in the second security group and terminate the old instance in the first security group
Can I manage my DNS within Amazon EC2?
All instances come with an internal and external DNS name. Amazon EC2 does not provide access to modify these DNS settings. If you would like to map an existing domain name to an Amazon EC2
instance you will need to use one of the many DNS management services that are available on the Internet today.
Within Amazon EC2, DNS requests for the external DNS name of an instance will resolve to the internal IP address of the corresponding instance.
When using your own domain name, we recommended mapping to the instance's external DNS name using a CNAME, not by using an A record pointing at the instance's IP address.
Does Amazon EC2 support reverse DNS lookups for email sent from my instance?
If you modified the DNS for your domain (mydomain.com) to include a CNAME to the external DNS name of an instance, and send an email to someone from your instance [email@example.com] a reverse
DNS lookup will result in the external EC2 DNS name, not mydomain.com.
How do I increase my EC2 instance, EBS volume, or Elastic IP limit?
All new users start with a 20 instance limit.
If you'd like us to raise your instance limit, please let us know by filling out our instance limit increase form. Please include a few details regarding the project you are working on, how many instances are
you planning to launch with, how much traffic are you expecting, and how much data are you planning to store on Amazon S3.
If you'd like us to raise your Elastic Block Store volume limit, please let us know by filling out our volume limit increase form.
If you'd like us to raise your Elastic IP limit, please let us know by filling out our Elastic IP increase form.
Why can't I ping my instance?
Ping uses ICMP ECHO, which by default is blocked by your firewall. You'll need to grant ICMP access to your instances by updating the firewall restrictions that are tied to your security group.
ec2-authorize default -P icmp -t -1:-1 -s 0.0.0.0/0
Check out the latest developer guide for details.
Section: Instance Addressing and Network Security -> Network Security -> Examples
What about load balancing and auto scaling?
AWS now supports a number of new features that help to enhance the efficiency of applications running in the AWS cloud.
What do you need from me when I report an issue?
Aim to provide enough information so that follow-up or clarification questions aren't necessary. Include details about the request you are making and the response you are receiving. Posting the actual
request and error response is always helpful. In particular, when troubleshooting be sure to include the following details:
- Please provide both the instance id in addition to the approximate timestamp and time zone when issue occurred.
- Instance-ID(s) Involved
- Is connection being made from within or outside of EC2?
- Source IP address from which connection was attempted?
- Was DNS name or the IP address used to connect?
- Which destination port/service failed?
- Timestamp and timezone of failure(s)?
- Traceroute from source->destination and destination->source (preferably using the protocol and port which is
failing, rather than the default ICMP/UDP, e.g. traceroute -T on some distros).
- Please provide the location in Amazon S3 of your manifest file (ends in .manifest or .manifest.xml).
- Please provide the AMI ID and the results of ec2-get-console-output.
Amazon EC2 web service requests
- Please provide the results of netstat -nr from within your instance.
AMI tool commands
- Please provide the results of a traceroute to ec2.amazonaws.com, the output of ec2-version, and the output generated by command in question (e.g. ec2-describe-instances) reattempted with the
Access to instance
- Please provide the version of tools installed.
- RPM installation - run rpm -q ec2-ami-tools.
- Please provide the results of ec2-describe-groups for any security group the instance is running in and the results of ec2-describe-instance for the instance in question.Please provide the results of
ec2-describe-groups for any security group the instance is running in and the results of ec2-describe-instance for the instance in question.