Doug Jaworski

This tutorial is intended to get you started with the Amazon EC2 API Tools on a Mac. I am running this on a PowerBook Pro with Snow Leopard.  The EC2 API Tools are a client interface to EC2 web service and extend the AWS Management Console.

Create Directories

Create a directory to store your AWS Keys and Certificates. For this tutorial we will be creating 2 directories.

The first directory is for your AWS Security Credentials and is typically placed in your home directory.

mkdir ~/.ec2

We also need a directory to place the EC2 API Tools. This can be placed in any directory location of your liking. As this is on a Mac, we will be placing in our /Applications directory.

mkdir /Applications/ec2

Create an AWS Account

You will first need to create an Amazon AWS account and an AWS EC2 account. This will require a credit card however you will only be charged for what you use.

To create an account, you need to go to http://aws.amazon.com and sign up for the service.

After you have created your EC2 account, you will need to create a X.509 certificate. To locate, select the your Account tab and scroll down to Access Credentials section and select Create a new Access Key. Once this is completed, you will need to save the private key file and the X.509 certificate.

Download both the “private Key” file and the “X.509 Certificate” file. Typically this can be in a directory of your liking but for the sake of this tutorial we will place it in your home ~./ec2. The private key file will be names something like pk-xxxxxxxxxxxxxxxxxxxxxx.pem and the X.509 Certificate file will be named something like cert-xxxxxxxxxxxxxxxxxxxxxx.pem.

Download and Install EC2 API Tools

Download the Amazon EC2 API Tools and make sure you have the most current version. Since this tutorial was targeted for the Mac users, the default location for the the file is in your Downloads directory. Simply copy the contents of this file to you /Applications/ec2 directory.

cp Downloads/ec2-api-tools-1.3-53907 /Applications/ec2

A prerequisite for EC2 API Tools is Java, as we are on a Mac, it is already installed and should have JAVA_HOME set. To verify you have JAVA_HOME set, you can simply open up a terminal window and type the following:

echo $JAVA_HOME

It should return something like this:

/System/Library/Frameworks/JavaVM.framework/Home/

If not, verify that you have java installed and set the JAVA_HOME Variable as defined in the next section.

Define your Enviornment

There are many ways to customize your environment variables with OS X.  I personally like you use .bash_profile however you might elect to use another method, this way just works out nice for me so customize to your liking.

Open or create .bash_profile in your home directory with your favorite text editor and update with the following. Your items will have unique names when generated.

export JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Home/

export EC2_HOME=/Applications/ec2

export EC2_PRIVATE_KEY=~/.ec2/pk-xxx.pem

export EC2_CERT=~/.ec2/cert-xxx.pem

export EC2_ACCNO=0000-0000-0000

export ACCESS_KEY=BGIRITQM7O6ZZF3R2ODC

export SECRET_KEY=lDgGzXoTKukVmZw7q7Donx/O6Jc/kFQ4P889zQu

export PATH=$PATH:$EC2_HOME/bin

After saving this file, you will need to source your .bash_profile so it will export your new variables. From a command prompt run the following command.

source ~/.bash_profile

Create an EC2 Keypair

In order to launch an Amazon AMI, you need a named keypair that is yours and yours alone. You can call your keypair anything you like. I called mine my-keypair for the sake of this tutorial. You will then want to move this keypair to ~/.ec2 and secure the file so only you have access to this file. You must keep this key private and secure as it is the keys to the kingdom.

ec2-add-keypair my-keypair > ~/.ec2/my-keypair.pem

chmod 600 ~/.ec2/my-keypair.pem

Testing in Out

To confirm you have it setup correctly, you can simply query publicly available AMI’s with the following command

ec2-describe-images -a

Simple as that. In my next tutorial, I will document how to launch and customize an Ubuntu 10.04 AMI with an EBS Volume for persistant storage.

If you are running a MacBook Pro, you know they run hot. I solved this issue on the cheap by recycling an iWork Retail Eddition box to allow for more airflow under the the MacBook. All you need is to allow a bit of air to flow on the bottom surface and this box happens to be just the right hight to accomplish with ease.

I recently performed a clean install of OS X Snow Leopard on my PowerMac Pro and ran into issues when trying to connect to my companies SSL VPN. While there are numerous posts found on the web, none seem to pertain to a clean install of Snow Leopard. After debugging the issue furtherI found that Network Connect was still having permission issues when trying to connect via the Network Connect client.

Here is what I did to resolve the problem:

Install NetworkConnect.dmg with the version that your Juniper SSL VPN device supports. In my case, it was 6.1

Open up Terminal and type the following commands followed by enter after each line. As you will be using sudo, you may be prompted for your password as well:

sudo chmod 755 /usr/local/juniper/nc/6.1.0/
sudo mkdir '/Applications/Network Connect.app/Contents/Frameworks'

I original found the above steps at various sites including the Juniper support forums but I was still running into permission issues. After digging further into the log files I found this and determined that there must be some sort of elevated root permission that needs to update some network settings that can only be done as a super user.

ncproxyd[19016] ncproxyd.info ncproxyd exiting status 1 (ncproxyd.cpp:92)
ncproxyd[19054] ncproxyd.error Failed to gain root privileges: Operation not permitted

To fix this you must modify the permissions of ncproxyd

chmod 4711 /usr/local/juniper/nc/6.3.0/ncproxyd