I'm working for a client here who has set up an EC2 instance for me to configure. I've installed the software asked for, now all I need to do is open up some ports. I'm currently SSH'd into the machine, it's running Ubuntu 10.04.
I've installed the ec2-ami-tools
and the ec2-api-tools
packages, and have tried running the following, as has been recommended elsewhere:
ec2-authorize -p 1024 default
Unfortunately, this just fails and leaves me with this nasty error message:
Required option '-K, --private-key KEY' missing (-h for usage).'
Evidently I need a key to do this, so I copied my PEM key which I received with the instance to the server and ran it again with the key:
ec2-authorize -p 1024 -K mykey.pem default
Now it's asking for a certificate:
Reqired option `-C, --cert CERT' missing (-h for usage).`
Ugh. I don't really have a certificate, so what exactly is it asking me for? I don't have access to the EC2 web interface, so how can I open a port from the Ubuntu server itself?
To use the
ec2-api-tools
you need to have a X.509 certificate: http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#EC2CredentialsTo get your cerificate, you need to go to Account > Security Credentials > Access Credentials > X.509 Certificates. More details can be found at: http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#X509Credentials
You may be able to craft a request to the REST API using just your Access Keys and
AuthorizeSecurityGroupIngress
: http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/ApiReference-query-AuthorizeSecurityGroupIngress.htmlEasy way :
go amazon ec2 console from your amazon account(web) and edit security group default
More complex way:
you have ask generate new certificate from person with access to web.
sorry, i can't change security settings without have access(certificate), that have security reason ;) u need both key and cerificate.
read this article
http://cloud-computing.learningtree.com/2010/09/24/understanding-amazon-ec2-security-groups-and-firewalls/
AWS issues X.509 certificates to authenticate these requests... You'll have to have the client go into AWS and generate one for you - there is no way to do what you are asking without proper authentication.