[AWS] Mail Relay

I got my AWS account up and running.

Getting set up

First, I got an AWS account on the site. It was pretty easy, and free to start. I don’t expect to have any issues in terms of compute time, so it should be really cheap.

I did use IAM to setup some other accounts so that I don’t need to use my AWS account every time I wanted to log in. There is a user guide here. Following that, I gave myself an admin account that I could then use to administer everything else. I’m planning on using it for some other items than just an MTA, so I wanted to separate them.

After getting my accounts setup, I needed to find a suitable AMI to run. What I eventually want is an Ubuntu image that I can load postfix onto. There is a Ubuntu community page to find a suitable image to run on the EC2 machines that you can search by release. There are a number of official releases that they provide for EC2 use. I’m using ami-1cf1db59, which is a 64-bit 12.04 LTS release

Now that I’ve picked out my AMI, I launched it into their farm. My account only supports VPC, so that’s where it’s going. I just used the web console for this. I selected a t1.micro machine. At the end, I got a key pair(.pem RSA private key) that I downloaded to my machine. I’ll need that in a little bit.

[Update]: You can also bring up a new AMI from the command line using a command like:

$EC2_HOME/bin/ec2-run-instances ami-acf9cde9 -g <SECURITY_GROUP> -k <KEY_PAIR>

[Update]: For t1.micro instances, you’ll have to pass it on the command line as the m1.small instance is the default:

$EC2_HOME/bin/ec2-run-instances ami-acf9cde9 --instance-type t1.micro -g <SECURITY_GROUP> -k <KEY_PAIR>

The key pair is the one that will be loaded that allows you to SSH into the instance. You will need to create one beforehand. You can do this with the ec2-add-keypair command. The security group describes the ports that are open. If you are using the default, you may need to open ports to communicate with it. You can use the command ec2-authorize, or ec2-modify-instance-attribute to change the security group after the fact. Note, if you use ec2-modify-instance-attribute to change the security group, you need to give it the ID, and not the name. You can get the ID from the ec2-describe-group command.

Getting the command line working

It took me a while to get the command line tools working. I installed the EC2 command line tools which I got from the Amazon website. It doesn’t have any real instructions. There are some on the web that you can find.

I had to add some information into my csh environment.

AWS stuff
# Tell it where java is
setenv JAVA_HOME /usr
# Optionally, set up paths for command line tools.
setenv AWS_HOME /usr/local/aws
setenv EC2_HOME $AWS_HOME/ec2

# Setup ec2 wide env
setenv EC2_URL https://ec2.us-west-1.amazonaws.com

# Load the access keys into the environment for EC2 command line tools.

Most of the stuff that I found on the web used EC2_PRIVATE_KEY and EC2_CERT, but according to the EC2 user guide, these are deprecated, and should no longer be used. The new options to use AWS_ACCESS_KEY and AWS_SECRET_KEY instead. Personally, I find this a little annoying as this means that my keys are in my environment instead of read from a file.

I did have to add the EC2_URL env variable so that I can connect with the us-west-1 server farm which I’m using. The default is the east coast one. I’m in California, so it’s the closest to me.

IP addresses

I got an elastic IP address from amazon. I can now assign this to my instance. This is a static IP address that is associated with my account. I can move this from instance to instance as I need. It’s kinda like a static IP address that I get from Amazon that I can use as I see it.

I got an EIP with the allocate address command
ec2-allocate-address -d vlc

I had to add the VPC option as the domain since that’s what I’m using.
I then associate this with the instance
ec2-associate-address -i <INSTANCE-ID> <IP_ADDRESS>

The address in the command above is what is returned from the allocate address command in the previous step. The instance ID can be determined either from the EC2 web console, or from the ec2-describe-instances command.

After this, I updated my DNS records for my domain to point at the EIP that I associated with my running instance.

Getting into the machine

I can now ssh into my machine.

The private key is what was generated when the instance was started. It should be a .pem file. In my case the user to log in was “ubuntu”, but it probably depends on the image that you’re using.

apt-get install postfix
configure as internet to smarthost