# Your first steps within the Amazon Cloud

## Quick overview

Before you can start playing with Amazon EC2, you have to create an account on Amazon Web Services, of which EC2, the Elastic Compute Cloud, is part. This is fairly straightforward, and done in two steps:

1. you "sign-up" directly on [Amazon Web Services](http://aws.amazon.com/) home-page. This is where you enter your credentials, and confirm your AWS account registration.
1. you sign-up to EC2 through [EC2 AWS home-page](http://aws.amazon.com/ec2/). You will be asked some more information, like a credit card (for billing), and a phone-number, for account validation.

## What do you need to know?

EC2 uses different types of credentials. In addition to your login and password, you need an access key, a X.509 certificate (with its private key), and a pair of RSA keys, for remote SSH access.

These can be created through the [Security Credentials](https://aws-portal.amazon.com/gp/aws/developer/account/index.html?ie=UTF8&action=access-key) page (also accessible from the [Account](http://aws.amazon.com/account/) page):

1. create the access key. Keep a secured copy of the ID and its associated secret value. These will be used by various scripts later on to perform certain EC2 actions.
1. note down your account number (different from your access key ID!). This identifier can usually be obtained in the right top part of the page; it is a serie of numbers, separated with dashes: XXXX-XXXX-XXXX.
1. create, or upload, a X.509 certificate, in PEM format. Keep the private key in a safe place.
1. lastly, generate Amazon EC2 key pairs that will be used for SSH access. This step will be performed through the [Amazon Management Console](https://console.aws.amazon.com/ec2/home). Note down the SSH Key Pair Name you chose.

### Keep your credentials!

The different credentials created above will be used in various places of EC2, and by a myriad of commands. You are advised to keep them easily accessible, while still reasonably secure regarding their access. Most EC2 tools expect them to be find through a set of environment variables.

For convenience, you could store them under a *.ec2* directory inside your *$HOME*:

[[!template id=programlisting text="""
$ ls .ec2/                                                                
cert-SOMERANDOMKEY.pem # the X.509 certificate
id_rsa.ec2             # private RSA SSH key
id_rsa.ec2.pub         # public RSA SSH key
pk-SOMERANDOMKEY.pem   # the private key associated to the certificate
"""]]

then set the environment accordingly:

[[!template id=programlisting text="""
export EC2_PRIVATE_KEY=$HOME/.ec2/pk-SOMERANDOMKEY.pem
export EC2_CERT=$HOME/.ec2/cert-SOMERANDOMKEY.pem
export EC2_SSH_KEY=$HOME/.ec2/id_rsa.ec2
export EC2_SSH_KEYNAME=&lt;your_ssh_key_pair_name&gt;
export EC2_ACCOUNT_NUM=XXXX-XXXX-XXXX
export EC2_ACCESS_KEY=MYACCESSKEYID
export EC2_SECRET_KEY=MYSECRETACCESSKEY
"""]]

Please note that the rest of the tutorial will assume that these variables are set.

## Installing EC2 API tools

NetBSD provides EC2 API tools, to ease EC2 account management a little bit. The package is found inside [pkgsrc](http://www.pkgsrc.org), under [[!template id=pkg category=misc name=ec2-api-tools]].

[[!template id=programlisting text="""
cd /usr/pkgsrc/misc/ec2-api-tools
make ACCEPTABLE_LICENSES+=amazon-software-license install
"""]]

Package depends on Java, so build will take some time to finish. While it builds, just continue reading.

## EC2 vocabulary -- last notes

Before starting to play with EC2, you need to be familiar with the EC2 vocabulary used throughout this tutorial.

Briefly said, EC2 uses [Xen](http://www.xen.org) as virtualization solution. So all operating systems that support Xen para-virtualization can theoretically run inside EC2 as a domU, and NetBSD is one of them.

All operating systems are run as *instances*, which are, as their name implies, the instantiation of a specific AMI, or *Amazon Machine Image*. An AMI is an image built from specific *snapshots* of *volumes*. The volumes are part of [Elastic Block Storage](http://aws.amazon.com/ebs/) (or EBS for short), which is another service offered by AWS, distinct from EC2.

These instances are tied to a *region* (a geographical location; typically US East, US West, Europe West, etc.). Each region has *availability zones*, which can be compared to a sub-region, each one being physically distinct from another. Regions are identified by a name, like *us-east-1*, *eu-west-1*. Same goes for availability zones, usually with the region's name as prefix: *us-east-1a*, *us-east-1b*, and so forth. Note that resources are **not** shared between zones, so if you transfer data from one zone to another, you will be charged for it.

AKI, or *Amazon Kernel Image*, are a specific type of image. It represents the Xen guest para-virtualized kernel, as used by an AMI. Certain AKIs are allowed to boot customized operating systems, e.g. those that are still not officially supported by Amazon. Thanks to [PyGrub](https://wiki.xenproject.org/wiki/PyGrub), it can boot a kernel that resides inside an AMI's snapshot.