Basic AWS Setup

Before you can deploy anything on AWS, you must do a few things.

Get an AWS Account

If you don’t already have an AWS account, you can sign up for one for free at aws.amazon.com.

Install the AWS Command-Line Interface

To install the AWS Command-Line Interface (CLI), just do:

pip install awscli

Create an AWS Access Key

The next thing you’ll need is an AWS access key. If you don’t have one, you can create one using the instructions in the AWS documentation. You should get an access key ID (e.g. AKIAIOSFODNN7EXAMPLE) and a secret access key (e.g. wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

You should also pick a default AWS region name (e.g. eu-central-1). That’s where your cluster will run. The AWS documentation has a list of them.

Once you’ve got your AWS access key, and you’ve picked a default AWS region name, go to a terminal session and enter:

aws configure

and answer the four questions. For example:

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: [Press Enter]

This writes two files: ~/.aws/credentials and ~/.aws/config. AWS tools and packages look for those files.

Generate an RSA Key Pair for SSH

Eventually, you’ll have one or more instances (virtual machines) running on AWS and you’ll want to SSH to them. To do that, you need a public/private key pair. The public key will be sent to AWS, and you can tell AWS to put it in any instances you provision there. You’ll keep the private key on your local workstation.

First you need to make up a key name. Some ideas:

  • bcdb-troy-1
  • bigchaindb-7
  • bcdb-jupiter

If you already have key pairs on AWS (Amazon EC2), you have to pick a name that’s not already being used. Below, replace every instance of <key-name> with your actual key name. To generate a public/private RSA key pair with that name:

ssh-keygen -t rsa -C "<key-name>" -f ~/.ssh/<key-name>

It will ask you for a passphrase. You can use whatever passphrase you like, but don’t lose it. Two keys (files) will be created in ~/.ssh/:

  1. ~/.ssh/<key-name>.pub is the public key
  2. ~/.ssh/<key-name> is the private key

To send the public key to AWS, use the AWS Command-Line Interface:

aws ec2 import-key-pair \
--key-name "<key-name>" \
--public-key-material file://~/.ssh/<key-name>.pub

If you’re curious why there’s a file:// in front of the path to the public key, see issue aws/aws-cli#41 on GitHub.

If you want to verify that your key pair was imported by AWS, go to the Amazon EC2 console at https://console.aws.amazon.com/ec2/, select the region you gave above when you did aws configure (e.g. eu-central-1), click on Key Pairs in the left sidebar, and check that <key-name> is listed.