Product SiteDocumentation Site

12.4. AWS API User Setup

In general, users need not be aware that they are using a translation service provided by CloudStack. They only need to send AWS API calls to CloudStack's endpoint, and it will translate the calls to the native CloudStack API. Users of the Amazon EC2 compatible interface will be able to keep their existing EC2 tools and scripts and use them with their CloudStack deployment, by specifying the endpoint of the management server and using the proper user credentials. In order to do this, each user must perform the following configuration steps:
  • Generate user credentials.
  • Register with the service.
  • For convenience, set up environment variables for the EC2 SOAP command-line tools.

12.4.1. AWS API User Registration

Each user must perform a one-time registration. The user follows these steps:
  1. Obtain the following by looking in the CloudStack UI, using the API, or asking the cloud administrator:
    • The CloudStack server's publicly available DNS name or IP address
    • The user account's Access key and Secret key
  2. Generate a private key and a self-signed X.509 certificate. The user substitutes their own desired storage location for /path/to/… below. 
    $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/private_key.pem -out /path/to/cert.pem
  3. Register the user X.509 certificate and Access/Secret keys with the AWS compatible service. If you have the source code of CloudStack go to the awsapi-setup/setup directory and use the Python script cloudstack-aws-api-register. If you do not have the source then download the script using the following command. 
    wget -O cloudstack-aws-api-register "https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=blob_plain;f=awsapi-setup/setup/cloudstack-aws-api-register;hb=4.1"
    Then execute it, using the access and secret keys that were obtained in step 1. An example is shown below. 
    $ cloudstack-aws-api-register --apikey=User’s CloudStack API key --secretkey=User’s CloudStack Secret key --cert=/path/to/cert.pem --url=http://CloudStack.server:7080/awsapi

Note

A user with an existing AWS certificate could choose to use the same certificate with CloudStack, but note that the certificate would be uploaded to the CloudStack management server database.

12.4.2. AWS API Command-Line Tools Setup

To use the EC2 command-line tools, the user must perform these steps:
  1. Be sure you have the right version of EC2 Tools. The supported version is available at http://s3.amazonaws.com/ec2-downloads/ec2-api-tools-1.3-62308.zip.
  2. Set up the EC2 environment variables. This can be done every time you use the service or you can set them up in the proper shell profile. Replace the endpoint (i.e EC2_URL) with the proper address of your CloudStack management server and port. In a bash shell do the following. 
                      $ export EC2_CERT=/path/to/cert.pem
                  $ export EC2_PRIVATE_KEY=/path/to/private_key.pem
                  $ export EC2_URL=http://localhost:7080/awsapi
                  $ export EC2_HOME=/path/to/EC2_tools_directory