To use Lighthouse with AWS, you will need to
- Sign up for AWS and create an account,
- Create an AWS EC2 instance,
- Create an Amazon Machine Image.
You will need to spin up a standard AWS EC2 instance with 30 gigs or more of disk space to ensure there is enough room for the necessary operations.
Amazon offers a walkthrough of the necessary steps here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html
To use the AWS environment, you will first need to sign up for AWS.
Sign Up for AWS
When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon EC2. You are charged only for the services that you use.
If you have an AWS account already, skip to the next step, Create an IAM User.
To create an AWS account:
- Visit https://portal.aws.amazon.com/billing/signup.
- Enter your name, address, phone number, and billing information.
- Enter a phone number to receive a verification code and enter this number on the portal.
Create an IAM User
To provide added security, Amazon recommends you use AWS Identity and Access Management (IAM) user account. Create an IAM user, and then add the user to an IAM group with administrative permissions or grant this user administrative permissions. You can then access AWS using a special URL and the credentials for the IAM user.
If you signed up for AWS but have not created an IAM user for yourself, you can create one using the IAM console. If you aren't familiar with using the console, see Working with the AWS Management Console for an overview.
To create an administrator user for yourself and add the user to an administrators group (console):
- Use your AWS account email address and password to sign in as the AWS account root user to the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, click Users and then click Add user.
- For User name, enter Administrator.
- Click the check box next to AWS Management Console access. Select Custom password, and then enter a new password.
- Choose Next: Permissions.
- Under Set permissions, click Add user to group.
- Click Create group.
- In the Create group dialog box, for Group name enter Administrators.
- Click Filter policies, and then select AWS managed -job function to filter the table contents.
- In the policy list, select the check box for Administrator Access. Then click Create group.
- In the list of groups, select the check box for your new group. If necessary, click Refresh to see the group in the list.
- Click Next: Tags. If desired, add metadata to the user by attaching tags as key-value pairs.
- Click Next: Review to see the list of group memberships to be added to the new user. When you are ready to proceed, click Create user.
- To sign in as this new IAM user, sign out of the AWS console, then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 1234-5678-9012, your AWS account ID is 123456789012):
- Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays "your_user_name @ your_aws_account_id".
Create a Key Pair
A Linux instance has no password. AWS requires you to use a key pair to securely log in to your instance. You specify the name of the key pair when you launch your instance, then provide the private key when you log in using SSH.
If you haven't created a key pair already, you can create one using the Amazon EC2 console.
To create a key pair:
- Sign in to AWS using the URL that you created in the previous section.
- From the AWS dashboard, click EC2 to open the Amazon EC2 console.
- From the navigation bar, select a region for the key pair.
NOTE: You can select any region that's available. However, key pairs are specific to a region; for example, if you plan to launch an instance in the US East (Ohio) Region, you must create a key pair for the instance in the US East (Ohio) Region.
- In the navigation pane, under NETWORK & SECURITY, click Key Pairs.
- Click Create Key Pair.
- Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create.
- The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.
NOTE: This is the only chance for you to save the private key file. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.
To use an SSH client to connect to your Linux instance, use the following command to set the permissions of your private key file so that only you can read it.
chmod 400 your_user_name-key-pair-region_name.pem
Connect to your instance using your key pair
To connect to your Linux instance with a Mac or Linux computer, specify the .pem file to your SSH client with the -i option and the path to your private key.
To connect to your Linux instance from a computer running Windows, you can use PuTTY, the Windows Subsystem for Linux, or AWS Systems Manager Session Manager. If you plan to use PuTTY, you'll need to convert the .pem file to a .ppk file.
Create a Virtual Private Cloud (VPC)
EC2 instance types require that you launch your instances in a VPC. If you have a default VPC, you can skip this section and move to the next task, Create a Security Group. To determine whether you have a default VPC, open the Amazon EC2 console and look for Default VPC under Account Attributes on the dashboard. If you do not have a default VPC listed on the dashboard, you can create a nondefault VPC using the steps below.
To create a nondefault VPC:
- Open the Amazon VPC console at https://console.aws.amazon.com/vpc/.
- From the navigation bar, select a region for the VPC. Select the same region in which you created your key pair.
- On the VPC dashboard, choose Launch VPC Wizard.
- On the Step 1: Select a VPC Configuration page, make sure VPC with a Single Public Subnet is selected, and click Select.
- On the Step 2: VPC with a Single Public Subnet page, enter a name for your VPC in the VPC name Leave the other default configuration settings and click Create VPC. On the confirmation page, click OK.
Create a Security Group
You must add rules to a security group that enable you to connect to your instance from your IP address using SSH.
You'll need the public IPv4 address of your local computer. If you are connecting through an Internet service provider (ISP) or from behind a firewall without a static IP address, you need to find out the range of IP addresses used by client computers.
To create a security group:
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- From the navigation bar, select a region for the security group. Select the same region in which you created your key pair.
- Click Security Groups in the navigation pane.
- Click Create Security Group.
- Enter a name for the new security group and a description.
- In the VPC list, select your VPC. If you have a default VPC it is marked with an asterisk (*).
- On the Inbound tab, create the following rules (choose Add Rule for each new rule), and then click Create:
- Choose Custom UDP from the Type list, set the Port range to 1194, and make sure that Source is set to Anywhere (0.0.0.0/0).
- Choose HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).
- Choose SSH from the Type In the Source box, choose My IP to automatically populate the field with the public IPv4 address of your local computer. Or choose Custom and specify the public IPv4 address of your computer or network in CIDR notation.
Launch an Instance
You can launch a Linux instance using the AWS Management Console:
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- From the console dashboard, click Launch Instance.
- The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations that serve as templates for your instance.
- On the Choose an Instance Type page, click the hardware configuration of your instance.
NOTE: You’ll need to choose at least a medium-sized image or larger.
- When prompted for a base image, choose AWS Linux 2
- Click Review and Launch to let the wizard complete the other configuration settings for you.
- On the Review Instance Launch page, under Security Groups, the wizard created and selected a security group for you. You can use this security group, or you can select the security group that you created when getting set up using the following steps:
- Choose Edit security groups.
- On the Configure Security Group page, ensure that Select an existing security group is selected.
- Select your security group from the list of existing security groups, and then click Review and Launch.
- On the Review Instance Launch page, choose Launch.
- When prompted for a key pair, select Choose an existing key pair, then select your key pair.
NOTE: Don't select Proceed without a key pair. If you launch your instance without a key pair, then you can't connect to it.
- Click the acknowledgement check box, and then choose Launch Instances.
- Click View Instances to close the confirmation page and return to the console.
- It can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks in the Status Checks
Install Lighthouse on AWS EC2
After creating the AWS EC2 instance:
- Locate the aws_bootstrap.sh script, provided in the current Lighthouse release folder.
- Connect via SCP and copy sh onto the AWS EC2 instance.
- While SSHed to your instance on AWS, run the following command
aws --output json configure
- Provide an access key with administrative privileges.
NOTE: At a minimum, the access key sufficient permissions to create, attach, delete, and snapshot EBS volumes as well as create an Amazon Machine Image (AMI).
- Download the Lighthouse image from the Opengear FTP site.
- Copy the raw_hdd image to the AWS EC2 instance and untar the file. Optionally, you can untar and then copy the file.
- From AWS, run the aws-bootstrap.sh script with the appropriate parameters to tell it where to find the untarred Lighthouse image on the instance.
NOTE: aws-bootstrap.sh creates an AMI from a Lighthouse image and has the following options:
-f FILENAME Use the specified local file to create the image
-r URI Download the image file from the specified URI
-d DEVICE Attach temporary disk images to the specified device (eg, xvde)
-n NAME The name to use for generated images (default: Lighthouse)
-h Display help message
- When complete, you'll have an AMI called Lighthouse you can use to create a Lighthouse instance with any hardware configuration you require.
- To set a password for the root user on Lighthouse:
- Open the Configure instance details page of the AMI launch process.
- Under the Advanced Details section, add a root password using the userdata field in the format password=Whatever123. If you do not, you will have to log in via SSH to set it.
- If you are logged into Lighthouse via SSH keys, you will need to set root password to login via GUI. Use the "ogpasswd" utility to do this. I suggest using alpha numeric character passwords with this utility and then set a stronger/complex password once you are logged in via the GUI.
ogpasswd -u root -p MySecretPassword
NOTE: Optionally, you can specify a custom startup script in the Advanced Details section with script_uri=http://my.domain/my_script.sh. This script will be run once on first boot. Different user options should be provided on separate lines.
- When done, the EC2 instance can be shut down and removed. Future instances can be created from the AMI.
NOTE: Currently AWS support is limited to:
- All standard Lighthouse operations
- Running on the AWS platform
- Providing aws-cli tools for interaction with AWS
- Loading the provided SSH key for the root user
- Running custom scripts on startup (see above)
- Providing a root password via userdata (see above)
At this time we do not support:
- Using AWS's database services
- Using AWS's redis services
- Using any of AWS's scalability functionality