Connecting Amazon Instance with Putty


[Note] Note
This section is for Windows users using PuTTY. If you are using another operating system or SSH client, you can skip this section.

PuTTY is a free SSH client for Windows. Other tools that form part of the PuTTY suite are PuTTYgen, a key generation program, and pscp, a secure copy command line tool. This guide outlines the additional steps required to use PuTTY with Amazon EC2.

[Note] Note
The different PuTTY tools are separate applications and might require multiple downloads.

Private Key Format

PuTTY does not natively support the private key format generated by Amazon EC2. Fortunately, PuTTY has a tool called PuTTYgen, which can convert keys to its internal format.

[Note] Note
You should have generated a private key as described in How to Get an SSH Key Pair and saved the key to a file named something like id_rsa-gsg-keypair.

To configure PuTTY

  1. Launch PuTTYgen and load id_rsa-gsg-keypair. PuTTYgen should pop up the following message.
    [Note] Note
    The private key file must end with a newline character or PuTTYgen cannot load it correctly.
  2. PuTTYgen displays a lot of information regarding the key that has been loaded, such as the public key, the key passphrase, the type and the number of bits in the generated key. The keys generated by Amazon EC2 are 1024 bit SSH-2 RSA keys. They are also passphraseless. A passphrase on a private key is an extra layer of protection, so even if your private key is discovered it will not be usable without the passphrase. The downside is that it makes automation harder as human intervention is needed to log on to an instance, or copy files to an instance.
  3. Save the key in PuTTY’s format. You can either select Save from the File menu or click Save private key. Save the key as id_rsa-gsg-keypair.ppk. When PuTTYgen prompts you to save the key without a passphrase, click Yes.The file can be used with PuTTY to connect to your Amazon EC2 host as described in the next section.

SSH with PuTTY

This section assumes that you have converted an Amazon EC2 generated private key file to a PuTTY private key file and have successfully launched an instance.

To use SSH with PuTTY

  1. Start PuTTY. A graphical configuration utility opens.Click Connection, point to SSH, and select Authentication. The PuTTY Configuration dialog box appears.Click Browse, and select the PuTTY private key file you generated earlier. If you are following this guide, the file is named id_rsa-gsg-keypair.ppk.
  2. Under Session, enter root@hostname or root@ip_address. Click Open to connect to your Amazon EC2 instance.

SCP with PuTTY

The use of pscp is nearly identical to scp.

To use pscp

  1. Convert your private key to PuTTY’s format. The command to copy the private key and X.509 certificate should look like the following example.
    $ scp -i id_rsa-gsg-keypair pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem
  2. To run the same command with pscp, using the private key in PuTTY’s format as generated in the preceding section, the command should look like the following example.
    C:> pscp -i id_rsa-gsg-keypair.ppk pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem

Availability Zone and Region

Quite sometime i was trying to understand the concept of Availability Zone and Regions.

Finally got this answer from Amazon .

When you launch an instance, you can optionally specify an Availability Zone. If you do not specify an Availability Zone, Amazon EC2 selects one for you in the Region that you are using. When launching your initial instances, we recommend accepting the default Availability Zone, which allows Amazon EC2 to select the best Availability Zone for you based on system health and available capacity. Even if you have other instances running, you might consider not specifying an Availability Zone if your new instances do not need to be close to, or separated from, your existing instances.

[Note] Note
Availability Zones are not the same across accounts. The Availability Zone us-east-1a for account A is not necessarily the same as us-east-1a for account B. Zone assignments are mapped independently for each account.

You are charged a small bandwidth charge for data that crosses Availability Zones “

Can I use the same SSH key pair across Regions?

No. You must create a separate SSH key pair for each Region.

[Note] Note
This is the key pair used for SSH connections to the instance. Your AWS Account ID credentials are global and you use them for all Regions.

Changing security setting on runtime in EC2

Yes it is allowed to change setting in a group which is attached to a running instance of EC2.

Imagine in comissioning you allowed only 80 and 22 port to an instance , later you decided to open 443 also . You dont have to reboot/reinstall EC2 instance neither need to restart any service on Instance .

What you do is to use Amazon Mgt panel , go to that security group and add one more rule.. simple..

This will effect on runtime and instantanously on the running instance.

see here :


Utility Computing with Amazon

Utility hmm the term we have already heared many times but out-side computer domain. for example: utility bills 🙂 for Electricity, Gas, Water and Air (Thanks God Air is still free for our lungs ).

So now what is Utility computing ? in plain words

Like in rest of Utilities you pay what you used and you scale up and down according to need – That’s Simple

The Amazon said on their EC2 page as

What makes Amazon EC2 different is that you use only the capacity that you need. This eliminates your need to make large and expensive hardware purchases, reduces the need to forecast traffic, and enables you to immediately deal with changes in requirements or spikes in popularity related to your application or service.


Elastic IP

The buzz word “Elastic” is the key player in cloud computing . The technique which amazon has adopted is termed as “Elastic IP” .

Imagine a scenario that you are running an EC2 instance with non-elastic IP (dont confuse that your EC2 instnace has dynamic ip and every time if you restart OS in EC2 it gets new IP, that is absolutely wrong !!) as EC2 do get the Fix IP

The only difference between the FIX-IP and Elasitc-IP is that Fix IP terminate when you terminate the Ec2 instance and if you start new fresh instance you get new IP .

So in above scenario if your webserver dies and you suddenly needed to start new EC2 instance , and if you dont have elastic IP , you have to update your DNS for the new Ec2’s IP which may take some time .. around 1-72 hrs DNS propogation.

If you already had ElasticIP you donot need to update your DNS and just attach that elastic Ip to your newly started EC2 .

More precisely as :

Elastic IP addresses are static IP addresses designed for dynamic cloud computing. Elastic IP addresses are associated with your account, not specific instances. Any elastic IP addresses that you associate with your account remain associated with your account until you explicitly release them. Unlike traditional static IP addresses, however, elastic IP addresses allow you to mask instance or availability zone failures by rapidly remapping your public IP addresses to any instance in your account.

Note: To ensure customers are efficiently using elastic IP addresses, we impose a small hourly charge when these IP addresses are not mapped to an instance. When these IP addresses are mapped to an instance, they are free of charge.


If you know very basic about Amazon Cloud what is next ?

A Nice agreegation of resources , specially if you have read getting started guide .


Amazon Current Status

Amazon Web Services publishes our most up-to-the-minute information on service availability in the table below. Check back here any time to get current status information, or subscribe to an RSS feed to be notified of interruptions to each individual service. If you are experiencing a real-time, operational issue with one of our services that is not described below, please inform us by clicking on the “Report an Issue” link to submit a service issue report.

Click here