Release: Amazon Virtual Private Cloud on 2010-02-11

Release Notes>Amazon VPC>Release: Amazon Virtual Private Cloud on 2010 02 11
Support for instances launched from Amazon EBS-backed AMIs, and for High-Memory instances.

Details

Submitted By: cheriaws
Release Date: February 11, 2010 12:00 AM GMT
Created On: February 11, 2010 4:34 PM GMT
Last Updated: February 15, 2010 5:39 PM GMT

New Features

FeatureDescription
Amazon EBS-backed AMIs Amazon VPC now supports instances launched from Amazon EBS-backed AMIs. This includes support for AMIs running Windows Server 2008 and Microsoft SQL Server® Standard 2008.

Note: If you've created your own Windows Server 2008 AMIs from AWS Windows Server 2008 base images prior to v1.02, you need to make a couple of changes to your existing configuration in order to activate your instances' licensing when launching in a VPC. In some cases, you might need to make changes for v1.02 as well, depending on your needs. For more information, see the item at the end of the "Known Issues" list that follows.

An instance launched in a VPC using an Amazon EBS-backed AMI maintains the same IP address when stopped and restarted. This is in contrast to similar instances launched outside a VPC, which get a new IP address. The IP addresses for any stopped instances in a subnet are considered unavailable (which is reflected in the availableIpAddressCount value returned by a DescribeSubnets call). It's therefore possible to have a subnet with no running instances (they're all stopped), and also no remaining IP addresses available.

To learn more about the differences between Amazon EBS-backed AMIs and Amazon S3-backed AMIs, go to AMIs in the Amazon Elastic Compute Cloud User Guide.

For information about creating Amazon EBS-backed AMIs, go to Creating an Amazon EBS-Backed AMI in the Amazon Elastic Compute Cloud User Guide.

For other general information about Amazon EBS-backed AMIs, go to the Booting from Amazon EBS Feature Guide.

High-Memory Instances Amazon VPC now supports High-Memory instances. For more information about High-Memory instances, go to the Amazon EC2 product page.
Updated VPN Connections Configurations We've made the following changes to the VPN connection configurations for Cisco IOS and Juniper JunOS devices to help you get started faster:
  • A cosmetic change to the identifiers used in the configuration to improve readability
  • A change to the Cisco IOS configuration to unconditionally advertise a default prefix to the VPN Gateway

The VPN connection configurations are returned by the ec2-create-vpn-connection or ec2-describe-vpn-connections API calls.

If you have a working VPN connection, you don't need to make any changes. If you call ec2-describe-vpn-connections, you'll get the updated configuration. It might differ from the working configuration you've installed on your Customer Gateway.

Known Issues

IssueDescription
Current Limits During the Amazon VPC public beta:
  • You can launch one VPC with one VPN connection (per AWS account)
  • You can assign one IP address range to your VPC
  • You can't change the IP address range of a created VPC or subnet
  • When you launch an instance in a subnet, AWS automatically assigns the instance an IP address from the IP address range the subnet covers; you can't currently choose the specific IP address to use with the instance.
No Support for Amazon VPC in the AWS Management Console You can't use the AWS Management Console to execute any of the Amazon VPC API operations or launch instances into a VPC. Any instances you launch (with the command line tools or API) appear in your list of running instances that the console displays. However, the console doesn't display the IP address, subnet ID, or VPC ID of those instances. Also the console incorrectly displays "Error" or a hyphen in the Security Group field for those instances.
No Direct Internet Access from a VPC Any VPC traffic to/from the Internet must currently route through the established VPN connection and through your existing IT infrastructure to the public Internet. You are currently unable to send/receive Internet traffic directly from your VPC.
Unsupported AWS Services Only Accessible Via VPN Connection Amazon VPC allows you to deploy Amazon EC2 instances within your VPC. Resources provided by services such as Amazon S3, Amazon SQS, Amazon SimpleDB and others can't currently be deployed within your VPC, and, as such, are only accessible to resources within your VPC via the VPN connection, through your network, and to the respective service's public endpoint. You may need to create firewall exceptions to allow cloud-based instances to access the Internet (and possibly NAT) from your existing IT infrastructure.
Broadcast and Multicast Unsupported in a VPC You are unable to employ either broadcast or multicast within your VPC.
Increased Latency in Bundling Linux/UNIX AMIs You may experience increased latency in bundling Linux/UNIX AMIs within Amazon VPC. Such bundles are transferred from the instance, through the VPN connection, through your network and to the public Amazon S3 endpoint. You may need to create firewall exceptions to allow cloud-based instances to access the Internet (and possibly NAT) from your existing IT infrastructure.
Service Currently Available in One Availability Zone Currently your VPC, subnets, VPN gateway, and any instances you launch in the VPC must all reside in a single Availability Zone in the us-east-1 region.
No Capacity Guarantee for Amazon EC2 Reserved Instances Reserved Instances (with their discounted rates) are available; however, there's currently no capacity guarantee for Reserved Instances in a VPC.
Traffic Sent to Overlapping IP Address Ranges Is Dropped If your VPC's IP address range overlaps with an IP address range in use within your existing IT infrastructure, Amazon VPC will drop any traffic to said range. To avoid this, create your VPC so it does not overlap with current or expected future subnets in your network.
Ordering of DHCP Option Values Not Guaranteed When you specify DHCP options, some options (e.g., DNS servers) accept multiple values. The ordering of these values is not guaranteed. After creating the options, you should use the DescribeDhcpOptions operation (or the ec2-describe-dhcp-options command) to confirm the order in which the options will be delivered to instances.
AWS Capabilities Currently Unavailable within Amazon VPC The following AWS services and Amazon EC2 features are currently not available for use with a VPC:
  • Security groups
  • Elastic IP addresses
  • Elastic Load Balancing
  • Spot Instances
  • Auto Scaling
  • Amazon Elastic MapReduce
  • Amazon DevPay AMIs
Configuration Changes for Windows Server 2008 AMIs If you've created your own Windows Server 2008 AMIs from Amazon's Windows Server 2008 base images prior to v1.02, you need to make a couple of changes to your existing configuration in order to activate your instances' licensing when launching in a VPC. In some cases, you might need to make changes for v1.02 as well, depending on your needs.

Manually Locate VPC Activation Endpoints

If you want to launch a Windows Server 2008 AMI in a VPC, you must manually set the Windows Activation endpoint in your instance if either of the following conditions are true:
  • You have created your own Windows Server 2008 AMI but opted not to Sysprep that image using the Amazon Ec2Config utility (this is true for all Windows Server 2008 AMI versions)
  • You have created your own AMI from Amazon version prior to 1.02 (even if Sysprep was used)

The activation IP address for VPC instances are:

  • 169.254.169.250
  • 169.254.169.251 (backup)

To set the endpoint manually, execute the following commands from the command line:

Slmgr.vbs /skms 169.254.169.250
Slmgr.vbs /ato

Update Ec2Config Service Settings

If you're using an AMI that was created from an Amazon public Windows Server 2008 image prior to v1.02, then you should also make a change to one of the Activation Settings files in the Ec2Config service to reflect the new discovery hierarchy, which includes the preceding endpoints for VPC activation.

To make this change, overwrite the file C:\Program Files\Amazon\Ec2ConfigService\Settings\ActivationSettings.xml with the following XML. Once you do that, anytime your image is Sysprep'd with the Ec2Config service utility, your freshly launched instance will be able to locate its KMS servers in any environment.

<?xml version="1.0" encoding="utf-8"?>
<ActivationSettingsTable>
    <!-- 
	KMS Servers are searched for/activated against based on 
	settings in this file.  Each "methodSettings" section is
	attempted until a KMS server is found and instance is 
	successfully activated.
    -->
    <!-- Try autodiscovery first... -->
    <!-- NOTE: Autodiscover clears any KMS that is already set! -->
    <MethodSettings>
	<SetAutodiscover>true</SetAutodiscover>
	<TargetKMSServer/>    
	<DiscoverFromZone/>
	<ReadFromUserData>false</ReadFromUserData>
	<LegacySearchZones>false</LegacySearchZones>
	<DoActivate>true</DoActivate>
    </MethodSettings>
    <!-- Try the first virtual IP for VPC instances -->
    <MethodSettings>
	<SetAutodiscover>false</SetAutodiscover>
	<TargetKMSServer>169.254.169.250</TargetKMSServer>
	<DiscoverFromZone/>
	<ReadFromUserData>false</ReadFromUserData>
	<LegacySearchZones>false</LegacySearchZones>
	<DoActivate>true</DoActivate>
    </MethodSettings>
    <!-- Try the backup IP for VPC instances... -->
    <MethodSettings>
	<SetAutodiscover>false</SetAutodiscover>
	<TargetKMSServer>169.254.169.251</TargetKMSServer>
	<DiscoverFromZone/>
	<ReadFromUserData>false</ReadFromUserData>
	<LegacySearchZones>false</LegacySearchZones>
	<DoActivate>true</DoActivate>
    </MethodSettings>
    <!-- 
	Now search the DNS suffix list.
	This should already have been set by the SetDNSSuffix plugin,
	controlled by the setting in the primary config file.
    -->
    <MethodSettings>
	<SetAutodiscover>false</SetAutodiscover>
	<TargetKMSServer/>
	<DiscoverFromZone/>
	<ReadFromUserData>false</ReadFromUserData>
	<LegacySearchZones>true</LegacySearchZones>
	<DoActivate>true</DoActivate>
    </MethodSettings>
    <GlobalSettings>
	<LogResultToConsole>true</LogResultToConsole>
    </GlobalSettings>
</ActivationSettingsTable>
©2014, Amazon Web Services, Inc. or its affiliates. All rights reserved.