Differences between revisions 104 and 105
Revision 104 as of 2015-02-05 13:31:30
Size: 9008
Comment: Remove original 7.8 release AMIs
Revision 105 as of 2015-02-05 13:51:58
Size: 9014
Comment:
Deletions are marked like this. Additions are marked like this.
Line 5: Line 5:



You may wish to use the [[#CFTemplate|CloudFormation template]] and launch your instance with some smart [[#UserDataExamples|UserData scripts]]. For some releases you are free to choose the AWS Marketplace AMI, or the AMI that exists in the Debian AMI Account (account number 379101102735). All AMIs shared from the Debian AWS Account and their corresponding EBS snapshots are marked as public so can be inspected by any other AWS user.


{{{#!wiki note
'''SSH username'''

In line with the security of most Linux distributions on ''Amazon Web Services'', remote ''root'' SSH is disabled (as is password authentication). You will need to connect to instances from this AMI as the user '''admin''' using your SSH key, and then '''sudo -i''' to gain root access.
}}}

Please note that a Marketplace image volume cannot be attached to another running instance (For example, to repair a broken /etc/fstab, or /etc/network/interfaces). This is a limitation of all Marketplace images, as described here: [[http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-AttachVolume.html|Official AWS documentation]]
Line 20: Line 6:
== 7.8.aws.1 == == 7.8.aws.1 (28 January 2015) ==
Line 42: Line 28:

You may wish to use a [[#CFTemplate|CloudFormation template]] and add a [[#UserDataExamples|UserData script]]. For some releases are duplicated into ''Amazon Marketplace'' but the same images are shared directly as "Community Shared AMIs" (account number 379101102735, but with different AMI IDs to the Marketplace). All AMIs shared from the Debian AWS Account and their corresponding EBS snapshots are marked as public so can be inspected by any AWS user.


{{{#!wiki note
'''SSH username'''

Remote ''root'' SSH is disabled in all images, as is password authentication). You will need to connect to instances from these AMIs as the user '''admin''' using your SSH key, and then '''sudo -i''' to gain root access.
}}}

Please note that an ''Amazon Marketplace'' image volume cannot be attached to another running instance (For example, to repair a broken /etc/fstab, or /etc/network/interfaces). This is a limitation of all Marketplace images, as described here: [[http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-AttachVolume.html|Official AWS documentation]]

Line 43: Line 42:
As is standard with Debian, a simple '''apt-get update && apt-get dist-upgrade''' should bring all packages up to date. There is no need to reinstall, but any CloudFormation templates and AutoScale Launch Configurations should be tested with and then updated to use the current AMI. It is recommended not to use older point releases. As is standard with Debian, a simple '''apt-get update && apt-get dist-upgrade''' should bring all packages up to date. There is no need to reinstall, but any !CloudFormation templates and !AutoScale Launch Configurations should be tested with and then updated to use the current AMI. It is recommended not to use older point releases.
Line 53: Line 52:
    "Description": "Debian AMI list, generated 2014-10-27 14:31:41.085276 by James Bromberger, jeb@debian.org",     "Description": "Debian AMI list, generated 2015-02-05 13:35:31.317011 by James Bromberger, jeb@debian.org",
Line 57: Line 56:
                "Wheezy77basei386paravirtualebs": "ami-970b3a96",
                "Wheezy77basex8664hvmebs": "ami-97f1c096",
                "Wheezy77basex8664paravirtualebs": "ami-0f0f3e0e",
                "Wheezy77basex8664paravirtualinstancestore": "ami-21f6c720"
                "Wheezy78basei386paravirtualebs": "ami-58b7a659",
                "Wheezy78basex8664hvmebs": "ami-48b9a849",
                "Wheezy78basex8664paravirtualebs": "ami-00b6a701",
                "Wheezy78basex8664paravirtualinstancestore": "ami-52a3b253"
Line 63: Line 62:
                "Wheezy77basei386paravirtualebs": "ami-4e20011c",
                "Wheezy77basex8664hvmebs": "ami-d822038a",
                "Wheezy77basex8664paravirtualebs": "ami-70220322",
                "Wheezy77basex8664paravirtualinstancestore": "ami-24240576"
                "Wheezy78basei386paravirtualebs": "ami-c56d4597",
                "Wheezy78basex8664hvmebs": "ami-bd6d45ef",
                "Wheezy78basex8664paravirtualebs": "ami-8d6d45df",
                "Wheezy78basex8664paravirtualinstancestore": "ami-956149c7"
Line 69: Line 68:
                "Wheezy77basei386paravirtualebs": "ami-0185e83b",
                "Wheezy77basex8664hvmebs": "ami-ed87ead7",
                "Wheezy77basex8664paravirtualebs": "ami-bd87ea87",
                "Wheezy77basex8664paravirtualinstancestore": "ami-e386ebd9"
                "Wheezy78basei386paravirtualebs": "ami-6de68c57",
                "Wheezy78basex8664hvmebs": "ami-d3e68ce9",
                "Wheezy78basex8664paravirtualebs": "ami-efe68cd5",
                "Wheezy78basex8664paravirtualinstancestore": "ami-15e58f2f"
Line 75: Line 74:
                "Wheezy77basei386paravirtualebs": "ami-c664cbb1",
                "Wheezy77basex8664hvmebs": "ami-e261ce95",
                "Wheezy77basex8664paravirtualebs": "ami-9c62cdeb",
                "Wheezy77basex8664paravirtualinstancestore": "ami-187fd06f"
                "Wheezy78basei386paravirtualebs": "ami-5d46c02a",
                "Wheezy78basex8664hvmebs": "ami-a345c3d4",
                "Wheezy78basex8664paravirtualebs": "ami-cb47c1bc",
                "Wheezy78basex8664paravirtualinstancestore": "ami-8153d5f6"
Line 81: Line 80:
                "Wheezy77basei386paravirtualebs": "ami-3f7dc922",
                "Wheezy77basex8664hvmebs": "ami-fd7dc9e0",
                "Wheezy77basex8664paravirtualebs": "ami-a97dc9b4",
                "Wheezy77basex8664paravirtualinstancestore": "ami-417eca5c"
                "Wheezy78basei386paravirtualebs": "ami-dd0cbec0",
                "Wheezy78basex8664hvmebs": "ami-b90dbfa4",
                "Wheezy78basex8664paravirtualebs": "ami-750dbf68",
                "Wheezy78basex8664paravirtualinstancestore": "ami-4ffb4652"
Line 87: Line 86:
                "Wheezy77basei386paravirtualebs": "ami-0258e26a",
                "Wheezy77basex8664hvmebs": "ami-a458e2cc",
                "Wheezy77basex8664paravirtualebs": "ami-2058e248",
                "Wheezy77basex8664paravirtualinstancestore": "ami-bc4af0d4"
                "Wheezy78basei386paravirtualebs": "ami-e895e580",
                "Wheezy78basex8664hvmebs": "ami-f295e59a",
                "Wheezy78basex8664paravirtualebs": "ami-3695e55e",
                "Wheezy78basex8664paravirtualinstancestore": "ami-363a495e"
Line 93: Line 92:
                "Wheezy77basei386paravirtualebs": "ami-c53d2880",
                "Wheezy77basex8664hvmebs": "ami-6f3f2a2a",
                "Wheezy77basex8664paravirtualebs": "ami-893c29cc",
                "Wheezy77basex8664paravirtualinstancestore": "ami-4b3e2b0e"
                "Wheezy78basei386paravirtualebs": "ami-f9fbe4bc",
                "Wheezy78basex8664hvmebs": "ami-c7fae582",
                "Wheezy78basex8664paravirtualebs": "ami-7ffae53a",
                "Wheezy78basex8664paravirtualinstancestore": "ami-d7f5ea92"
Line 99: Line 98:
                "Wheezy77basei386paravirtualebs": "ami-677e3157",
                "Wheezy77basex8664hvmebs": "ami-af7b349f",
                "Wheezy77basex8664paravirtualebs": "ami-df7c33ef",
                "Wheezy77basex8664paravirtualinstancestore": "ami-ff7a35cf"
                "Wheezy78basei386paravirtualebs": "ami-9f623eaf",
                "Wheezy78basex8664hvmebs": "ami-3d9cc00d",
                "Wheezy78basex8664paravirtualebs": "ami-01633f31",
                "Wheezy78basex8664paravirtualinstancestore": "ami-2995c919"
Line 119: Line 118:
                "Wheezy77basei386paravirtualebs",
                "Wheezy77basex8664hvmebs",
                "Wheezy77basex8664paravirtualebs",
                "Wheezy77basex8664paravirtualinstancestore"
                "Wheezy78basex8664hvmebs",
                "Wheezy78basex8664paravirtualinstancestore",
                "Wheezy78basex8664paravirtualebs",
                "Wheezy78basei386paravirtualebs"
Line 177: Line 176:
As of the 7.3 release, the official Debian !AMIs now support cloud-init. This means you have much more flexibility (and power) in what you can put in your !UserData to get your instance to configure. For example, a simple shell script that starts with {{{#!/bin/sh}}} will be executed as previously - so you can chose to enable auto update with the following !UserData scripts: Debian !AMIs use cloud-init. This gives you a choice when crafting your !UserData to configure your instance. Simple shell scripts continue to be supported by starting with {{{#!/bin/sh}}}, such as:
Line 184: Line 183:
However [[http://cloudinit.readthedocs.org/en/latest/topics/examples.html|other formats]] for !UserData are also supported, such as:

{{{
cloud-config:
packages:
 - pwgen
package_upgrade: true
ssh_keys:
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleOne
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleTwo
}}}
Line 185: Line 196:

Some feature bugs may persist in Cloud-init in Debian 7.3 AMIs; no functionality has been lost, but it appears not all cloud-init directives can be used. Eg: packages, ssh-import-id, apt_update, apt-upgrade.

Debian Wheezy (7.x) on AWS EC2


7.8.aws.1 (28 January 2015)

This release addresses CVE 2015-0235 also known as the "ghost" issue with libc6; it contains the updated libc6 in the base image.

Region

hvm x86_64 ebs

paravirtual i386 ebs

paravirtual x86_64 ebs

paravirtual x86_64 instance-store

ap-northeast-1

ami-b25d44b3

ami-c05e47c1

ami-e05c45e1

ami-745c4575

ap-southeast-1

ami-aeb49ffc

ami-c08ba092

ami-008ba052

ami-6a8ba038

ap-southeast-2

ami-6b770351

ami-f17703cb

ami-b777038d

ami-4f770375

eu-central-1

ami-98043785

ami-c80437d5

ami-b60437ab

ami-8a043797

eu-west-1

ami-61e56916

ami-1be06c6c

ami-e7e66a90

ami-c9e569be

sa-east-1

ami-3d8b3720

ami-6b8b3776

ami-558b3748

ami-2f8b3732

us-east-1

ami-e0efab88

ami-e6eeaa8e

ami-baeda9d2

ami-74efab1c

us-west-1

ami-b4869ff1

ami-a8b9a0ed

ami-c0b9a085

ami-70b9a035

us-west-2

ami-431a4273

ami-051b4335

ami-f91a42c9

ami-a31a4293

us-gov-west-1

ami-d13455f2

ami-d53455f6

ami-d73455f4

-

cn-north-1

ami-48029071

-

ami-5c029065

-

A GPG signed email of this list is in the Debian-Cloud mailing list archive for your security.


You may wish to use a CloudFormation template and add a UserData script. For some releases are duplicated into Amazon Marketplace but the same images are shared directly as "Community Shared AMIs" (account number 379101102735, but with different AMI IDs to the Marketplace). All AMIs shared from the Debian AWS Account and their corresponding EBS snapshots are marked as public so can be inspected by any AWS user.

SSH username

Remote root SSH is disabled in all images, as is password authentication). You will need to connect to instances from these AMIs as the user admin using your SSH key, and then sudo -i to gain root access.

Please note that an Amazon Marketplace image volume cannot be attached to another running instance (For example, to repair a broken /etc/fstab, or /etc/network/interfaces). This is a limitation of all Marketplace images, as described here: Official AWS documentation

Upgrading from previous 6.x.y releases

As is standard with Debian, a simple apt-get update && apt-get dist-upgrade should bring all packages up to date. There is no need to reinstall, but any CloudFormation templates and AutoScale Launch Configurations should be tested with and then updated to use the current AMI. It is recommended not to use older point releases.

CloudFormation Template

CloudFormation is a templating system for defining AWS resources - see http://aws.amazon.com/cloudformation/

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Debian AMI list, generated 2015-02-05 13:35:31.317011 by James Bromberger, jeb@debian.org",
    "Mappings": {
        "AMImap": {
            "ap-northeast-1": {
                "Wheezy78basei386paravirtualebs": "ami-58b7a659",
                "Wheezy78basex8664hvmebs": "ami-48b9a849",
                "Wheezy78basex8664paravirtualebs": "ami-00b6a701",
                "Wheezy78basex8664paravirtualinstancestore": "ami-52a3b253"
            },
            "ap-southeast-1": {
                "Wheezy78basei386paravirtualebs": "ami-c56d4597",
                "Wheezy78basex8664hvmebs": "ami-bd6d45ef",
                "Wheezy78basex8664paravirtualebs": "ami-8d6d45df",
                "Wheezy78basex8664paravirtualinstancestore": "ami-956149c7"
            },
            "ap-southeast-2": {
                "Wheezy78basei386paravirtualebs": "ami-6de68c57",
                "Wheezy78basex8664hvmebs": "ami-d3e68ce9",
                "Wheezy78basex8664paravirtualebs": "ami-efe68cd5",
                "Wheezy78basex8664paravirtualinstancestore": "ami-15e58f2f"
            },
            "eu-west-1": {
                "Wheezy78basei386paravirtualebs": "ami-5d46c02a",
                "Wheezy78basex8664hvmebs": "ami-a345c3d4",
                "Wheezy78basex8664paravirtualebs": "ami-cb47c1bc",
                "Wheezy78basex8664paravirtualinstancestore": "ami-8153d5f6"
            },
            "sa-east-1": {
                "Wheezy78basei386paravirtualebs": "ami-dd0cbec0",
                "Wheezy78basex8664hvmebs": "ami-b90dbfa4",
                "Wheezy78basex8664paravirtualebs": "ami-750dbf68",
                "Wheezy78basex8664paravirtualinstancestore": "ami-4ffb4652"
            },
            "us-east-1": {
                "Wheezy78basei386paravirtualebs": "ami-e895e580",
                "Wheezy78basex8664hvmebs": "ami-f295e59a",
                "Wheezy78basex8664paravirtualebs": "ami-3695e55e",
                "Wheezy78basex8664paravirtualinstancestore": "ami-363a495e"
            },
            "us-west-1": {
                "Wheezy78basei386paravirtualebs": "ami-f9fbe4bc",
                "Wheezy78basex8664hvmebs": "ami-c7fae582",
                "Wheezy78basex8664paravirtualebs": "ami-7ffae53a",
                "Wheezy78basex8664paravirtualinstancestore": "ami-d7f5ea92"
            },
            "us-west-2": {
                "Wheezy78basei386paravirtualebs": "ami-9f623eaf",
                "Wheezy78basex8664hvmebs": "ami-3d9cc00d",
                "Wheezy78basex8664paravirtualebs": "ami-01633f31",
                "Wheezy78basex8664paravirtualinstancestore": "ami-2995c919"
            }
        }
    },
    "Parameters": {
        "InstanceType": {
            "AllowedPattern": "[a-z]+[0-9].[a-z0-9]+",
            "Default": "m3.medium",
            "Description": "Type of EC2 Instance",
            "Type": "String"
        },
        "KeyName": {
            "Description": "SSH Key Name",
            "Type": "String"
        },
        "Release": {
            "AllowedValues": [
                "Wheezy78basex8664hvmebs",
                "Wheezy78basex8664paravirtualinstancestore",
                "Wheezy78basex8664paravirtualebs",
                "Wheezy78basei386paravirtualebs"
            ],
            "Default": "Wheezy75basex8664paravirtualebs",
            "Description": "Release, arch and root filesystem type",
            "Type": "String"
        }
    },
    "Resources": {
        "MyInstance": {
            "Properties": {
                "ImageId": {
                    "Fn::FindInMap": [
                        "AMImap",
                        {
                            "Ref": "AWS::Region"
                        },
                        {
                            "Ref": "Release"
                        }
                    ]
                },
                "InstanceType": {
                    "Ref": "InstanceType"
                },
                "KeyName": {
                    "Ref": "KeyName"
                },
                "SecurityGroups": [
                    {
                        "Ref": "MySecurityGroup"
                    }
                ]
            },
            "Type": "AWS::EC2::Instance"
        },
        "MySecurityGroup": {
            "Properties": {
                "GroupDescription": "Permit inbound SSH",
                "SecurityGroupIngress": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "FromPort": "22",
                        "IpProtocol": "tcp",
                        "ToPort": "22"
                    }
                ]
            },
            "Type": "AWS::EC2::SecurityGroup"
        }
    }
}

Suggested UserData scripts

Debian !AMIs use cloud-init. This gives you a choice when crafting your UserData to configure your instance. Simple shell scripts continue to be supported by starting with #!/bin/sh, such as:

   1 #!/bin/sh
   2 apt-get update && apt-get upgrade -y && apt-get install -y unattended-upgrades python-pip

However other formats for UserData are also supported, such as:

cloud-config:
packages:
 - pwgen
package_upgrade: true
ssh_keys:
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleOne
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleTwo

The unattended-upgrades package is described on UnattendedUpgrades.


See also Cloud and Teams/Cloud.