Debian Wheezy (7.x) on AWS EC2
You may wish to use the CloudFormation template and launch your instance with some smart UserData scripts. For some releases you are free to choose the AWS Marketplace AMI, or the AMI that exists in the Debian AMI Account (account number 379101102735). All AMIs shared from the Debian AWS Account and their corresponding EBS snapshots are marked as public so can be inspected by any other AWS user.
SSH username
In line with the security of most Linux distributions on Amazon Web Services, remote root SSH is disabled (as is password authentication). You will need to connect to instances from this AMI as the user admin using your SSH key, and then sudo -i to gain root access.
Please note that a Marketplace image volume cannot be attached to another running instance (For example, to repair a broken /etc/fstab, or /etc/network/interfaces). This is a limitation of all Marketplace images, as described here: Official AWS documentation
7.4a
This update to the EC2 AMIs fixes a few issues:
- Includes updated libssl for the Heartbleed CVE-2014-0160
- Fixes console output to hvc0
- Speeds up boot time by only checking EC2 meta data server
- For S3 backed (instance-store) AMIs, increase the root volume from 1 GB to 4 GB
Virtualisation |
Para-virtualisation (PVM) |
Hardware Virtualisation (HVM) |
||
Root filesystem |
EBS |
Instance store |
EBS |
|
Architecture |
i386 |
x86_64 |
x86_64 |
x86_64 |
US-East-1 |
ami-57c5d83e |
ami-b7c8d5de |
ami-89eef3e0 |
ami-cdc6dba4 |
US-West-1 |
ami-d4f6cf91 |
ami-62f6cf27 |
ami-e2ead3a7 |
ami-96f6cfd3 |
US-West-2 |
ami-089ef538 |
ami-709ff440 |
ami-4297fc72 |
ami-ea9ef5da |
EU-West-1 |
ami-c79e65b0 |
ami-039f6474 |
ami-ab946fdc |
ami-459c6732 |
AP-Southeast-1 |
ami-f61241a4 |
ami-3e12416c |
ami-c2174490 |
ami-a61241f4 |
AP-Southeast-2 |
ami-6ba33b51 |
ami-1da33b27 |
ami-d5a53def |
ami-a3a33b99 |
AP-Northeast-1 |
ami-a1f28ca0 |
ami-8bf58b8a |
ami-23e19f22 |
ami-59f38d58 |
SA-East-1 |
ami-d14be9cc |
ami-ad4be9b0 |
ami-cb48ead6 |
ami-fb4be9e6 |
US-Gov-West-1 |
ami-2d0e690e |
ami-030e6920 |
|
|
CN-North-1 |
- |
ami-e8b123d1 |
|
ami-eab123d3 |
The 7.4a release of Debian was built with bootstrap-vz (formerly called build-debian-cloud), and contains the CloudInit package installed from Debian backports.
7.4
Note: 7.4 is scheduled for removal on 18/April/2014. Please use 7.4a.
The full list of AMIs worldwide in the Debian AMI account are:
Virtualisation |
Para-virtualisation (PVM) |
Hardware Virtualisation (HVM) |
||
Root filesystem |
EBS |
Instance store |
EBS |
|
Architecture |
i386 |
x86_64 |
x86_64 |
x86_64 |
US-East-1 |
ami-1f675d76 |
ami-d3675dba |
ami-655a600c |
ami-9f675df6 |
US-West-1 |
ami-9ed0eddb |
ami-6ed3ee2b |
ami-46c7fa03 |
ami-76d3ee33 |
US-West-2 |
ami-72204242 |
ami-de2042ee |
ami-68026058 |
ami-22214312 |
EU-West-1 |
ami-1af0016d |
ami-9ef001e9 |
ami-80d322f7 |
ami-76f30201 |
AP-Southeast-1 |
ami-a2a3f5f0 |
ami-18a0f64a |
ami-34aafc66 |
ami-06a0f654 |
AP-Southeast-2 |
ami-6b3ea051 |
ami-b33ea089 |
ami-3d3aa407 |
ami-a93ea093 |
AP-Northeast-1 |
ami-e5a3c9e4 |
ami-67a6cc66 |
ami-f780eaf6 |
ami-d7a6ccd6 |
SA-East-1 |
ami-6517b778 |
ami-9717b78a |
ami-771bbb6a |
ami-8f17b792 |
US-Gov-West-1 |
|
|
|
|
CN-North-1 |
- |
ami-bcb32185 |
|
ami-beb32187 |
The 7.4 release of Debian was built with bootstrap-vz (formerly called build-debian-cloud), and contains the CloudInit package installed from Debian backports.
Upgrading from previous 6.x.y releases
As is standard with Debian, a simple apt-get update && apt-get dist-upgrade should bring all packages up to date. There is no need to reinstall, but any ?CloudFormation templates and ?AutoScale Launch Configurations should be tested with and then updated to use the current AMI. It is recommended not to use older point releases.
CloudFormation Template
CloudFormation is a templating system for defining AWS resources - see http://aws.amazon.com/cloudformation/
{ "Parameters" : { "KeyName" : { "Description" : "SSH Key Name", "Type" : "String", "Default" : "My-Key" }, "MyInstanceSize": { "Description": "Instance size (m1.small, etc.)", "Type": "String", "Default" : "t1.micro", "AllowedValues": ["t1.micro", "m1.small", "m1.medium", "m1.large", "m1.xlarge", "m2.xlarge", "m2.2xlarge", "m2.4xlarge", "c1.xlarge", "cc1.4xlarge", "m3.xlarge", "m3.2xlarge"] }, "MyInstanceName": { "Description": "Instance name", "Type": "String" }, "InstanceBits": { "Description": "32 or 64 bits", "Type": "String", "Default": "64", "AllowedValues": [ "32", "64" ] }, "RootVolType": { "Description": "Root volume type (EBS or Instance)", "Type": "String", "Default": "EBS", "AllowedValues": [ "EBS", "Instance" ] } }, "Mappings" : { "Debian7.3-EBS-PVM" : { "us-east-1" : { "32" : "ami-33a68f5a", "64" : "ami-0da18864"}, "us-west-1" : { "32" : "ami-8ebd8dcb", "64" : "ami-96bd8dd3"}, "us-west-2" : { "32" : "ami-6a98fc5a", "64" : "ami-7298fc42"}, "us-gov-west-1" : { "32" : "ami-", "64" : "ami-"}, "eu-west-1" : { "32" : "ami-66836b11", "64" : "ami-8e826af9"}, "ap-southeast-1" : { "32" : "ami-28efbb7a", "64" : "ami-20efbb72"}, "ap-southeast-2" : { "32" : "ami-7774eb4d", "64" : "ami-7b74eb41"}, "ap-northeast-1" : { "32" : "ami-53a0c252", "64" : "ami-17a0c216"}, "sa-east-1" : { "32" : "ami-8f4fee92", "64" : "ami-954fee88"} }, "release" : { "stable" : { "wheezy" : "Debian7.3-EBS-PVM" } } }, "Resources" : { "MyInstance" : { "Type" : "AWS::EC2::Instance", "Properties" : { "SecurityGroups" : [ { "Ref" : "MySecurityGroup" } ], "KeyName" : { "Ref": "KeyName" }, "Tags" : [{"Key": "Name", "Value": {"Ref" : "MyInstanceName"} } ], "ImageId" : { "Fn::FindInMap" : [ "Debian7.3-EBS-PVM", { "Ref" : "AWS::Region" }, { "Ref" : "InstanceBits" } ]}, "InstanceType" : { "Ref" : "MyInstanceSize" }, "UserData" : { "Fn::Base64" : "" } } }, "MySecurityGroup" : { "Type" : "AWS::EC2::SecurityGroup", "Properties" : { "GroupDescription" : "Permit inbound SSH", "SecurityGroupIngress" : [ { "IpProtocol" : "tcp", "FromPort" : "22", "ToPort" : "22", "CidrIp" : "0.0.0.0/0" } ] } } } }
Suggested UserData scripts
As of the 7.3 release, the official Debian !AMIs now support cloud-init. This means you have much more flexability (and power) in what you cna put in your UserData to get your instance to configure. For example, a simple shell script that starts with #!/bin/sh will be executed as previously - so you can chose to enable auto update with the following UserData scripts:
The unattended-upgrades package is described on UnattendedUpgrades.
Some feature bugs may persist in Cloud-init in Debian 7.3 AMIs; no functionality has been lost, but it appears not all cloud-init directives can be used. Eg: packages, ssh-import-id, apt_update, apt-upgrade.
See also Cloud and Teams/Cloud.