Monday, July 18, 2011

How to find the right Ubuntu AMI on EC2

For anyone getting started on EC2, the first obstacle they're faced with is selecting an AMI (Amazon Machine Image). If your trying to find an Ubuntu image either via the Amazon Console or via the output of ec2-describe-images, you're likely to be overwhelmed. The success of Ubuntu as a platform and Ubuntu's commitment to refreshing AMIs means that there are literally thousands of of images on Amazon EC2 with "ubuntu"in their name. That, combined with and the lack of Ubuntu on the "Quick Start" menu makes this a non-trivial task.

The purpose of this post is to document how you can easily, quickly and safely find the Official Ubuntu AMIs on EC2 via the Amazon EC2 console or via your web browser.

Some General Ubuntu Information

You already may be aware of these items, but I want to point them out for those who are just getting started with Ubuntu or EC2.
  • Ubuntu releases every 6 months. Each release has a version number and a codename. The most important thing to note here is that every 2 years a LTS (Long Term Support) release is made. If you want stability and support for 5 years, select an LTS release. If you want the newest packages, select the most recent release. See the wikipedia entry for more information.
  • At the time of this writing, there are 5 "regions" in Amazon EC2. Each region represents a geographical location. Each region has its own AMI ids. Inside each region there are 2 architectures (x86_64, i386) and 2 "root store" types (EBS or instance). That means that for each build Ubuntu releases, we generate 20 ami ids.



Easiest: Find AMIs From Your Web Browser

You can choose your interface for selecting images. Go to either:
  • http://cloud.ubuntu.com/ami
  • At the bottom of this page, you can select the region, release, arch or root-store. You're only shown the most recent releases here. When you've made your selection, you can copy and paste the ami number, or just click on it to go right to the EC2 console launch page for that AMI. or
  • https://cloud-images.ubuntu.com/server/releases/
    • Select Your release by number or code-name
    • Select 'release/': We keep historical builds around for debugging, but the 'release/' directory will always be the latest.
    • Select your AMI from the table and click to launch in the console or copy and paste a command line.

Search through the Amazon EC2 Console

The EC2 Console is a graphical way to sort through AMIs and select one to launch. To Launch an Official Ubuntu Image here, follow the steps below.
  • Select the region you want in the top left, under 'Navigation'
  • Example: "Us East (Virginia)"
  • Click "AMIs"
  • Do not click "Launch Instance", see note below
  • for 'Viewing', select "All Images"
  • Limit the results to Ubuntu Stable Release images by typing ubuntu-images/
  • You should expand the 'AMI Name' field as wide as possible (maybe shrink the others).
  • Limit the results to a specific release by appending '.*'.
  • For example: ubuntu-images/.*10.04
  • Limit the results to a given arch by appending '.*i386' or '.*amd64'
  • Note: If you want to run a m1.small or c1.medium, you need 'i386'. If you want to run a t1.micro, you will need to select an 'ebs' image.
  • Sort your results by AMI Name and make selection
  • By sorting by AMI name, you can more easily see the newest AMI for a given set. Each AMI ends with a number in the format YYYYMMDD (year,month,day). You want the most recent one.
  • Verify the Owner is 099720109477!
    Any user can register an AMI under any name. Nothing prevents a malicious user from registering an AMI that would match the search above. So, in order to be safe, you need to verify that the owner of the ami is '099720109477'.
    If "Owner" is not a column for you, click "Show/Hide" at the top right and select "Owner" to be shown.
  • Click on the AMI name, then Click 'Launch'



Notes

  • HTTPS Access
  • Of the options above, right now https://cloud-images.ubuntu.com/server/releases/ is the only one that provides data over https. This may be important to you if you are concerned about potential "Man in the Middle" attacks when finding a AMI id. I've requested Ahmed [kim0 in irc] to support https access to https://cloud.ubuntu.com/ami .
  • Web Console 'Launch Instance' dialog
  • I saw no way in the 'Launch Instance' dialog to see the Owner ID. Because if this, I suggest not using that dialog to find "Community AMIs". There is simply no way you can reliably know who the owner of the image is from within the console. For advanced users, I will blog sometime soon on a way to find AMIs programmatically [Hint].

2 comments:

  1. Good read, thanks for sharing, Scott.

    For what it's worth, I use this script in $HOME/bin/ec2 about 10 times a day:
    * http://paste.ubuntu.com/646878/

    :-Dustin

    ReplyDelete
  2. ap-northeast2 (Seoul, Korea) is not supported.
    https://cloud-images.ubuntu.com/locator/ec2/
    :(

    ReplyDelete