Initial commit of Amazon EC2 User Guide for Linux

awsdocs · Feb 2, 2018 · d1a4d62 · d1a4d62
1 parent da907d1
commit d1a4d62
Show file tree

Hide file tree

Showing 236 changed files with 34,870 additions and 0 deletions.
diff --git a/doc_source/AMIEncryption.md b/doc_source/AMIEncryption.md
@@ -0,0 +1,81 @@
+# AMIs with Encrypted Snapshots<a name="AMIEncryption"></a>
+
+AMIs that are backed by Amazon EBS snapshots can take advantage of Amazon EBS encryption\. Snapshots of both data and root volumes can be encrypted and attached to an AMI\.
+
+EC2 instances with encrypted volumes are launched from AMIs in the same way as other instances\. 
+
+The `CopyImage` action can be used to create an AMI with encrypted snapshots from an AMI with unencrypted snapshots\. By default, `CopyImage` preserves the encryption status of source snapshots when creating destination copies\. However, you can configure the parameters of the copy process to also encrypt the destination snapshots\. 
+
+Snapshots can be encrypted with either your default AWS Key Management Service customer master key \(CMK\), or with a custom key that you specify\. You must in all cases have permission to use the selected key\. If you have an AMI with encrypted snapshots, you can choose to re\-encrypt them with a different encryption key as part of the `CopyImage` action\. `CopyImage` accepts only one key at a time and encrypts all of an image's snapshots \(whether root or data\) to that key\. However, it is possible to manually build an AMI with snapshots encrypted to multiple keys\.
+
+Support for creating AMIs with encrypted snapshots is accessible through the Amazon EC2 console, Amazon EC2 API, or the AWS CLI\. 
+
+The encryption parameters of `CopyImage` are available in all regions where AWS KMS is available\.
+
+## AMI Scenarios Involving Encrypted EBS Snapshots<a name="AMIEncryption_scenarios"></a>
+
+You can copy an AMI and simultaneously encrypt its associated EBS snapshots using the AWS Management Console or the command line\.
+
+### Copying an AMI with an Encrypted Data Snapshot<a name="w3ab1c15c37c15b4"></a>
+
+In this scenario, an EBS\-backed AMI has an unencrypted root snapshot and an encrypted data snapshot, shown in step 1\. The `CopyImage` action is invoked in step 2 without encryption parameters\. As a result, the encryption status of each snapshot is preserved, so that the destination AMI, in step 3, is also backed by an unencrypted root snapshot and an encrypted data snapshot\. Though the snapshots contain the same data, they are distinct from each other and you will incur storage costs for the snapshots in both AMIs, as well as charges for any instances you launch from either AMI\.
+
+![\[Copy an AMI with encrypted data snapshot\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ami-to-ami-mixed.png)
+
+You can perform a simple copy such as this using either the Amazon EC2 console or the command line\. For more information, see [Copying an AMI](CopyingAMIs.md)\.
+
+### Copying an AMI Backed by An Encrypted Root Snapshot<a name="w3ab1c15c37c15b6"></a>
+
+In this scenario, an Amazon EBS\-backed AMI has an encrypted root snapshot, shown in step 1\. The `CopyImage` action is invoked in step 2 without encryption parameters\. As a result, the encryption status of the snapshot is preserved, so that the destination AMI, in step 3, is also backed by an encrypted root snapshot\. Though the root snapshots contain identical system data, they are distinct from each other and you will incur storage costs for the snapshots in both AMIs, as well as charges for any instances you launch from either AMI\.
+
+![\[Copy an AMI backed by encrypted root snapshot\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ami-to-ami-encrypted.png)
+
+You can perform a simple copy such as this using either the Amazon EC2 console or the command line\. For more information, see [Copying an AMI](CopyingAMIs.md)\.
+
+### Creating an AMI with Encrypted Root Snapshot from an Unencrypted AMI<a name="w3ab1c15c37c15b8"></a>
+
+In this scenario, an Amazon EBS\-backed AMI has an unencrypted root snapshot, shown in step 1, and an AMI is created with an encrypted root snapshot, shown in step 3\. The `CopyImage` action in step 2 is invoked with two encryption parameters, including the choice of a CMK\. As a result, the encryption status of the root snapshot changes, so that the target AMI is backed by a root snapshot containing the same data as the source snapshot, but encrypted using the specified key\. You will incur storage costs for the snapshots in both AMIs, as well as charges for any instances you launch from either AMI\.
+
+![\[Create an AMI from unencrypted AMI\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ami-to-ami-convert.png)
+
+You can perform a copy and encrypt operation such as this using either the Amazon EC2 console or the command line\. For more information, see [Copying an AMI](CopyingAMIs.md)\.
+
+### Creating an AMI with an Encrypted Root Snapshot from a Running Instance<a name="w3ab1c15c37c15c10"></a>
+
+In this scenario, an AMI is created from a running EC2 instance\. The running instance in step 1 has an encrypted root volume, and the created AMI in step 3 has a root snapshot encrypted to the same key as the source volume\. The `CreateImage` action has exactly the same behavior whether or not encryption is present\.
+
+![\[Create an AMI from instance with encrypted root snapshot\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/running-instance-encrypted.png)
+
+You can create an AMI from a running Amazon EC2 instance \(with or without encrypted volumes\) using either the Amazon EC2 console or the command line\. For more information, see [Creating an Amazon EBS\-Backed Linux AMI](creating-an-ami-ebs.md)\. 
+
+### Creating an AMI with Unique CMKs for Each Encrypted Snapshot<a name="w3ab1c15c37c15c12"></a>
+
+This scenario starts with an AMI backed by a root\-volume snapshot \(encrypted to key \#1\), and finishes with an AMI that has two additional data\-volume snapshots attached \(encrypted to key \#2 and key \#3\)\. The `CopyImage` action cannot apply more than one encryption key in a single operation\. However, you can create an AMI from an instance that has multiple attached volumes encrypted to different keys\. The resulting AMI has snapshots encrypted to those keys and any instance launched from this new AMI also has volumes encrypted to those keys\.
+
+The steps of this example procedure correspond to the following diagram\.
+
+1. Start with the source AMI backed by vol\. \#1 \(root\) snapshot, which is encrypted with key \#1\.
+
+1. Launch an EC2 instance from the source AMI\.
+
+1. Create EBS volumes vol\. \#2 \(data\) and vol\. \#3 \(data\), encrypted to key \#2 and key \#3 respectively\.
+
+1. Attach the encrypted data volumes to the EC2 instance\.
+
+1. The EC2 instance now has an encrypted root volume as well as two encrypted data volumes, all using different keys\.
+
+1. Use the `CreateImage` action on the EC2 instance\.
+
+1. The resulting target AMI contains encrypted snapshots of the three EBS volumes, all using different keys\.
+
+![\[Create AMIs with unique CMKs\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/multi-key.png)
+
+You can carry out this procedure using either the Amazon EC2 console or the command line\. For more information, see the following topics:
+
++ [Launch Your Instance](LaunchingAndUsingInstances.md)
+
++ [Creating an Amazon EBS\-Backed Linux AMI](creating-an-ami-ebs.md)\.
+
++ [Amazon EBS Volumes](EBSVolumes.md)
+
++ [AWS Key Management](http://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) in the *AWS Key Management Service Developer Guide*
diff --git a/doc_source/AMIs.md b/doc_source/AMIs.md
@@ -0,0 +1,57 @@
+# Amazon Machine Images \(AMI\)<a name="AMIs"></a>
+
+An Amazon Machine Image \(AMI\) provides the information required to launch an instance, which is a virtual server in the cloud\. You must specify a source AMI when you launch an instance\. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration\. You can use different AMIs to launch instances when you need instances with different configurations\.
+
+An AMI includes the following:
+
++ A template for the root volume for the instance \(for example, an operating system, an application server, and applications\)
+
++ Launch permissions that control which AWS accounts can use the AMI to launch instances
+
++ A block device mapping that specifies the volumes to attach to the instance when it's launched
+
+## Using an AMI<a name="ami-using"></a>
+
+The following diagram summarizes the AMI lifecycle\. After you create and register an AMI, you can use it to launch new instances\. \(You can also launch instances from an AMI if the AMI owner grants you launch permissions\.\) You can copy an AMI within the same region or to different regions\. When you no longer require an AMI, you can deregister it\.
+
+![\[The AMI lifecycle (create, register, launch, copy, deregister).\]](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/images/ami_lifecycle.png)
+
+You can search for an AMI that meets the criteria for your instance\. You can search for AMIs provided by AWS or AMIs provided by the community\. For more information, see [AMI Types](ComponentsAMIs.md) and [Finding a Linux AMI](finding-an-ami.md)\.
+
+When you are connected to an instance, you can use it just like you use any other server\. For information about launching, connecting, and using your instance, see [Amazon EC2 Instances](Instances.md)\.
+
+## Creating Your Own AMI<a name="creating-an-ami"></a>
+
+You can launch an instance from an existing AMI, customize the instance, and then save this updated configuration as a custom AMI\. Instances launched from this new custom AMI include the customizations that you made when you created the AMI\.
+
+The root storage device of the instance determines the process you follow to create an AMI\. The root volume of an instance is either an Amazon EBS volume or an instance store volume\. For information, see [Amazon EC2 Root Device Volume](RootDeviceStorage.md)\.
+
+To create an Amazon EBS\-backed AMI, see [Creating an Amazon EBS\-Backed Linux AMI](creating-an-ami-ebs.md)\. To create an instance store\-backed AMI, see [Creating an Instance Store\-Backed Linux AMI](creating-an-ami-instance-store.md)\.
+
+To help categorize and manage your AMIs, you can assign custom *tags* to them\. For more information, see [Tagging Your Amazon EC2 Resources](Using_Tags.md)\.
+
+## Buying, Sharing, and Selling AMIs<a name="buy-share-sell"></a>
+
+After you create an AMI, you can keep it private so that only you can use it, or you can share it with a specified list of AWS accounts\. You can also make your custom AMI public so that the community can use it\. Building a safe, secure, usable AMI for public consumption is a fairly straightforward process, if you follow a few simple guidelines\. For information about how to create and use shared AMIs, see [Shared AMIs](sharing-amis.md)\.
+
+You can purchase AMIs from a third party, including AMIs that come with service contracts from organizations such as Red Hat\. You can also create an AMI and sell it to other Amazon EC2 users\. For more information about buying or selling AMIs, see [Paid AMIs](paid-amis.md)\.
+
+## Deregistering Your AMI<a name="deregistering"></a>
+
+You can deregister an AMI when you have finished with it\. After you deregister an AMI, you can't be used to launch new instances\. Existing instances launched from the AMI are not affected\. For more information, see [Deregistering Your Linux AMI](deregister-ami.md)\.
+
+## Amazon Linux AMIs<a name="amazon-linux"></a>
+
+The Amazon Linux AMI is a supported and maintained Linux image provided by AWS\. The following are some of the features of Amazon Linux:
+
++ A stable, secure, and high\-performance execution environment for applications running on Amazon EC2\.
+
++ Provided at no additional charge to Amazon EC2 users\.
+
++ Repository access to multiple versions of MySQL, PostgreSQL, Python, Ruby, Tomcat, and many more common packages\.
+
++ Updated on a regular basis to include the latest components, and these updates are also made available in the yum repositories for installation on running instances\.
+
++ Includes packages that enable easy integration with AWS services, such as the AWS CLI, Amazon EC2 API and AMI tools, the Boto library for Python, and the Elastic Load Balancing tools\.
+
+For more information, see [Amazon Linux](amazon-linux-ami-basics.md)\.
diff --git a/doc_source/AccessingInstances.md b/doc_source/AccessingInstances.md
@@ -0,0 +1,14 @@
+# Connect to Your Linux Instance<a name="AccessingInstances"></a>
+
+Learn how to connect to the Linux instances that you launched and transfer files between your local computer and your instance\.
+
+To connect to a Windows instance, see [Connecting to Your Windows Instance](http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/connecting_to_windows_instance.html) in the *Amazon EC2 User Guide for Windows Instances*\.
+
+
+| Your Computer | Topic | 
+| --- | --- | 
+|  Linux  |  [Connecting to Your Linux Instance Using SSH](AccessingInstancesLinux.md)  | 
+|  Windows  |  [Connecting to Your Linux Instance from Windows Using PuTTY](putty.md)  | 
+|  All  |  [Connecting to Your Linux Instance Using MindTerm](mindterm.md)  | 
+
+After you connect to your instance, you can try one of our tutorials, such as [Tutorial: Install a LAMP Web Server with the Amazon Linux AMI](install-LAMP.md) or [Tutorial: Hosting a WordPress Blog with Amazon Linux](hosting-wordpress.md)\.