AWS Guides: How to increase your EC2 Linux root volume size

awsThis guide applies to increasing the root volume size of an EBS EC2 Linux instance on AWS. By default most Linux instances come with an 8gb root volume unless you changed it at first launch. If you are one of the people that forgot to do this or you just simply need to extend the volume take a look at this guide. Be sure to also check out my other guide on how to increase the size of a Windows EBS Volume.

I started out with an Amazon Linux instance and an 8gb volume. First you want to navigate to your AWS Console and then click EC2 and then Volumes on the left panel. Find the volume that your instance is attached to and right click and create snapshot.

createsnapshot

A new window will pop up and you can fill in a name and description and then select ‘Yes, Create’.

snapshotdescription

Once your snapshot is started creating, navigate over to the snapshot section of the EC2 Console on the left side panel. You will then look for the snapshot you just created with the same name you gave it. This may take a while to for the snapshot process to complete.

snapshot

snapshotcompleted

Once the snapshot is complete, right click on the snapshot and select ‘Create Volume’. Now pay attention here because this is where you specify the new volume size which is larger than previously, for this example I chose 100gb. Please also note that you need to make the volume in the same Availability Zone as your instance, mine happens to be in us-west-2a. You must also choose either a standard volume or Provisioned IOPS. Once done, press ‘Yes, Create’.

createvolume2

Once the volume is created, navigate over to your EC2 Instances section and go ahead and stop your instance. Once stopped, go ahead and detach the original root volume from the Volumes section of the EC2 Console. To do this you simply find the volume attached to your instance and right click, and select detach.

detach-volume

Once the volume is detached, go ahead and attach the volume you created to the instance by selecting the 100gb volume, right click, and attach the volume to your instance specifying the mount point as /dev/sda1.

attach-volume

You may now start your instance again. Once your instance is back and running go ahead and SSH into the instance (Note: Your IP address may have changed or you may need to re-associate your elastic IP address). You may also need to switch to root if logged in as ec2-user, use ‘sudo -s’ to accomplish this. Now the attached volume will still appear as 8gb until you extend the volume with ‘resize2fs /dev/xvda1’ as seen in the code below. Your mount points may vary, you can check these with either ‘mount’ or ‘fdisk -l’.

[root@ip-10-254-59-62 ec2-user]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/xvda1            7.9G  957M  6.9G  12% /
tmpfs                 829M     0  829M   0% /dev/shm
[root@ip-10-254-59-62 ec2-user]# resize2fs /dev/xvda1
resize2fs 1.42.3 (14-May-2012)
Filesystem at /dev/xvda1 is mounted on /; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 7
The filesystem on /dev/xvda1 is now 26214400 blocks long.

[root@ip-10-254-59-62 ec2-user]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/xvda1             99G  969M   98G   1% /
tmpfs                 829M     0  829M   0% /dev/shm
[root@ip-10-254-59-62 ec2-user]#

If you have made it this far, congrats on your expanded volume. Let me know if you have any questions.

AWS Guides: How to use Amazon SES with Postfix

awsIf you have ever wondered how to use the Amazon SES SMTP endpoint with Postfix this is the guide for you. This is going to be very close to what is in the documentation on the AWS Website. I will cover some pain points that I have seen and ran into while trying to implement this.

Below we will cover integration to SES with both STARTTLS and Secure Tunnel (STUNNEL).

To configure integration using STARTTLS

1. On your mail server, open the main.cf file. Depending on your OS, this file resides in the /etc/postfix folder.
2. Add the following lines to the main.cf file, modifying them to reflect your particular situation, and then save the file.

relayhost = email-smtp.us-east-1.amazonaws.com:25
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_use_tls = yes
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes

3. Edit the /etc/postfix/sasl_passwd file. If the file does not exist, create it. Add the following lines to the file, replacing USERNAME and PASSWORD with your SMTP user name and password. Now this is where it gets confusing, you will want to create a SMTP User from the SES Console at: https://console.aws.amazon.com/ses/home?#smtp-settings. You will create a user here and be presented with the following Window not from the IAM Console as the credentials are different:

     smtpcreds

 

Please NOTE: These credentials are an example and are now invalid, please do not use them. 

email-smtp.us-east-1.amazonaws.com:25 USERNAME:PASSWORD ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 USERNAME:PASSWORD      

So it would be something like:

email-smtp.us-east-1.amazonaws.com:25 AKIAICGIRMNGVGXWNKA:Aq+M1pekvR3yibnqFfYe1MAJGZ1NJ4yduxP0svMwRO5 ses-smtp-prod-335357831.us-east-1.elb.amazonaws.com:25 AKIAICGIRMNGVGXWNKA:Aq+M1pekvR3yibnqFfYe1MAJGZ1NJ4yduxP0svMwRO5                    Save the sasl_passwd file.

At a command prompt, issue the following command to create an encrypted file containing your SMTP credentials.sudo postmap hash:/etc/postfix/sasl_passwd

Remove the /etc/postfix/sasl_passwd file.

Tell Postfix where to find the CA certificate (needed to verify the SES server certificate).If running on the Amazon Linux AMI:sudo postconf -e ‘smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt’If running on Ubuntu Linux:sudo postconf -e ‘smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt’

To configure integration using a secure tunnel

To begin, you will need to set up a secure tunnel as described in Secure Tunnel. In the following procedure, we use port 2525 as your stunnel port. If you are using a different port, modify the settings that you actually use accordingly.

1. On your mail server, open the main.cf file. On many systems, this file resides in the /etc/postfix folder.

2. Add the following lines to the main.cf file, modifying them to reflect your particular situation, and then save the file.

relayhost = 127.0.0.1:2525
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

3. Edit the /etc/postfix/sasl_passwd file. If the file does not exist, create it. Add the following line to the file, replacing USERNAME and PASSWORD with your SMTP user name and password.

127.0.0.1:2525 USERNAME:PASSWORD

And another example of what it should look like:

127.0.0.1:2525 AKIAICGIRMNGVGXWNKA:Aq+M1pekvR3yibnqFfYe1MAJGZ1NJ4yduxP0svMwRO5

4. Save the sasl_passwd file.
5. At a command prompt, issue the following command to create an encrypted file containing your SMTP credentials.

sudo postmap hash:/etc/postfix/sasl_passwd

6. Remove the /etc/postfix/sasl_passwd file.
7. When you have finished updating the configuration, restart Postfix. At the command line, type the following command and press ENTER.

sudo /etc/init.d/postfix restart

Testing the implementation
You can test functionality with “mail -s test email@domain.com < mail.txt” with mail.txt containing:

Date: Thu Jan 11 08:41:54 2013
To: email@domain.com
Subject: The subject of the message
From: sender@email.com

Body of message goes here

Now you also need to make sure that you correctly flag the from address and setup your mail server correctly with a verified domain otherwise you will get the error Email Address not verified. Also if you do not get the credentials right above you will end up with the following error: “Apr 16 05:26:33 domU-12-31-39-16-38-A6 postfix/smtp[1101]: CE19B421CD: SASL authentication failed; server email-smtp.us-east-1.amazonaws.com[50.19.243.

215] said: 535 Authentication Credentials Invalid”

 

If you’ve gotten this far without errors then I believe you are set! Let me know if you have any trouble with this guide and I will try and make any section clearer