Install Ubuntu 16.04 in AWS - CSCI 353, Spring 2024

The AWS (Amazon Web Services) has a Free Tier where you can get an account for one year for free with limited functionalities and usage caps. Luckily, it's enough to install a standard 32-bit Ubuntu 16.04 that we need to do our assignments.

Many thanks to the following Spring 2023 CS 402 students for giving me pointers to get this all figure out: Adam Pryor, Rulin Xing, and Kevin Kang.

Links to sections on this page:

Set Up In AWS
Free Tier Limitations And Usage Caps
Common Issues
Uninstall An Instance

Set Up In AWS

Here are the steps to create a standard 32-bit Ubuntu 16.04 system on AWS:

Step 1: Create an AWS account
Step 2: Go to your AWS management console
Step 3: Create IAM user account/organization
Step 4: Create IAM service roles
Step 5: Create virtual machine instance from imported AMI
Step 6: Setup and run VNC server on your virtual machine instance
Step 7: Connect your laptop to your virtual machine instance

Step 1: Create An AWS Account

Go to AWS Free Tier and click on the Create a Free Account button. Click on the Create a New AWS account button and it will take you to the Sign Up For AWS screen. In the Root User Email Address box, enter your USC email address, and in the AWS Account Name box, enter an account name (I would recommend that you use "USCNETID_usc" as your account name, where USCNETID is your USC NetID). Click on Verify Email Address and follow the instructions there to finish setting up your AWS account.

There are 5 steps to finish setting up your AWS account. In step 1, you will create your AWS password for logging in with the Root User Email address. In steps 3 and 4, you are required to provide a credit card number and a cellphone number (for the purpose of verification). AWS will not charge your credit card if you just use the system to do your assignments (unless you go over the Free Tier usage limit). This account is free for one year. You should set up a calendar reminder to delete this account before your one year anniversay. In step 5, please select Basic Support (Free). When you have finished creating your account, click on the Go To AWS Management Console button and proceed to the next step below.

Step 2: Go To Your AWS Console

Go to your AWS (Management) Console. If you got logged out, you will see the Sign In screen. Select Root User and in the Root User Email Address, enter your USC email address, then click on the Next button. Enter your AWS password and click on the Sign In button to log in and you should see the following screen:

Even though you are in southern California, the best choice for your region is probably the Oregon region (also known as the "us-west-2" region, and it's shown as the current region in the above image). The N. California region (also known as the "us-west-1" region) is heavily utilized and some resources may not be available at all time and it can be very frustrating to use. So, please select the "us-west-2" region. Please note that the instructions presented here will not work if you choose a different region. If you have to use a different region, please follow the installation procedure with your own virtual appliance.

In the above image, to the right of Oregon is your account information. Click on it to see your AWS Account ID. You need to send an e-mail to the instructor now and ask him to "share an AMI" with you so that you can use it in Step 5 below. In your e-mail, please let him know your AWS Account ID.

In the Recently Visited area, there are two important links. IAM stands for "Identity and Access Management" and it provides access permissions. EC2 is for creating and managing virtual machine instances.

Step 3: Create IAM User Account/Organization

Go to the IAM Identity Center. Make sure you are in the Oregon region. Click on the Enable button in the Enable IAM Identity Center area. (The purpose of the IAM Identity Center is to provide Single Sign-on.) You will be prompted to create an AWS organization (i.e., single sign-on for your entire organization). Click on the Create AWS Organization button. If you are taken back to the previous screen, just click on the Enable button in the Enable IAM Identity Center area again.

Please note that AWS Organizations supports IAM Identity Center in only one AWS Region at a time. If you are in the wrong region, you will see a link that would let you "delete the current IAM Identity Center configuration" in the region. Click on that link to delete the configuration. (Another way to get to the same place is to go to the IAM Identity Center and click on Settings on in left panel.) Click on the Management tab/link then click on the Delete button in the Delete IAM Identity Center Configuration area. In the next screen, check all the checkboxes and copy and paste the IAM Identity Center instance string into the text box and click on Confirm. After you have deleted your IAM Identity Center Configuration, you need to go back to the IAM Identity Center and Enable IAM Identity Center again.

Now you need to create some access permissions. First, go to the IAM Dashboard and click on Roles in the left panel. In the right panel, you should see the AWSServiceRoleForOrganizations and the AWSServiceRoleForSSO roles. If you don't, you have to go back to the beginning of this step and try again.

Step 4: Create IAM Service Roles

Go to the IAM Dashboard and click on Roles in the left panel. In the right panel, you should see the AWSServiceRoleForOrganizations and the AWSServiceRoleForSSO roles. If you don't, you have to go back to the beginning of Step 3 and try again.

Click on the Create Role button in the right panel. Select Custom Trust Policy in the Trusted Entity Type area. Delete all the code in the Create Trust Policy area and replace it with the following text:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "vmie.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "sts:Externalid": "vmimport"
                }
            }
        }
    ]
}

Scroll all the way to the bottom of the page and click on the Next button. On the next screen, just scroll all the way to the bottom of the page and click on the Next button. Enter "vmimport" as Role Name and enter "My vmimport" in Description and scroll all the way to the bottom and click on the Create Role button. This will allow you to import virtual machines.

Step 5: Create Virtual Machine Instance From Imported AMI

AMI stands for "Amazon Machine Image" and you need an AMI in order to launch a virtual machine instance. Here, you need the AMI the instructor has shared with you.

Go to your AWS Console and type "EC2" in the Search box on top and Click on EC2 in Services. Make sure you are in the Oregon region. Click on Instances in the left panel then click on the Launch Instances button in the right panel. In Name, enter "awsvnc32xu16047-vbox6140-f1". In the Application and OS Images area, if there is no My AMIs link/tab, click on the Browse More AMIs link. On the Choose an Amazon Machine Image (AMI) screen, click on the My AMIs link/tab and check the Shared With Me checkbox in the Refine Results area on the left and you should see that in the right panel, there is an AMI named "import-ami-02d45cf65e73246cd" with ID (in smaller font) "ami-02d01c964007fa169". Click on the Select button. (If this AMI is not available, either you are in the wrong region, or the instructor hasn't shared the AMI with you and you need to send an e-mail to the instructor and wait for confirmation before proceeding.)

In the Instance Type area, please use the default instance type (which should be "t2.micro"). This instance type has 1 CPU and 1 GB of RAM and that should be plenty to your assignments! Please don't select another choice because that can be a lot more costly.

In the Key Pair (Login) area, choose "Proceed Without A Key Pair (Not Recommended)". (If you want to ssh into this virtual machine instance as the superuser, then you need to create a key pair. Since we will be ssh into the "student" user account, you don't need to create a key pair.) Keep all the other default values, scroll all the way to the bottom of the page and click on the Launch Instance button. Please note that if you don't use the defulat values, you might end up using things that's not under the Free Tier and AWS may start charging your account right away.

Once the virtual machine instance has been created successfully, you can click on the Create Billing Alerts button just in case you over-use your VM. It's a good idea to do this. Check all the checkboxes and provide your email to receive the alerts and click on the Save Preferences button. You will get a warning message saying that if you disable credit sharing, it may increase your monthly bill. Since this is a free account for a year, it should be fine to just click on the Save button and proceed. Please remember, you should only use this account to do your programming assignments.

Go back to your EC2 console (i.e., go to AWS Console and type "EC2" in the Search box on top and Click on EC2 in Services). Make sure you are in the Oregon region and click on Instances in the left panel. In the Instance State column, it should say that your VM is in the Running state. (If your VM is not running, you can check the checkbox on the left of your VM and click on Instance State button on top and select State Instance.) Click on the virtual machine instance link in the Instance ID column. Look for the Public IPv4 DNS and what you see is the host name of your virtual machine instance. Please note that every time you restart your virtual machine instance, you may get a new Public IPv4 DNS host name. Let HOSTNAME be the Public IPv4 DNS host name of your virtual machine instance. Let's ssh into your VM for the first time and change your password there. Run Windows PowerShell if you are on Windows 10/11 or run Terminal if you are on Mac OS X. Then type:

    ssh student@HOSTNAME

Type "yes" to continue. Enter your default password ("student").

VERY IMPORTANT: change your password now by typing:

    passwd

It will prompt you for the current password, then it will ask you to enter your new password and then confirm the password. Don't log out yet, you will have to come back here to do more set up.

Step 6: Setup And Run VNC Server On Your Virtual Machine Instance

Go back to your EC2 console (i.e., go to AWS Console and type "EC2" in the Search box on top and Click on EC2 in Services). Make sure you are in the Oregon region. Click on Instances in the left panel then click on your instance in the right panel. In the middle of the right panel, click on the Security tab and scroll down to see Inbound Rules. In the Security Groups column, there should be a link labeled "launch-wizard-#" where "#" is a small number. Click on that link to launch the wizard in a new window/tab. Click on the link that corresponds to the security group name to view the security group. Click on the Inbound Rules tab, then click on the Edit Inbound Rules button. On the next screen, click on the Add Rule button. In the new row, enter 5901 as the Port Range. Click in the search box in the Source area and select "0.0.0.0/0". Click on the Add Rule button again. In the new row, also enter 5901 as the Port Range. Click in the search box in the Source area and select "::/0". Click on the Save Rules button at the bottom of the screen. Now you have opened the TCP port to your VNC server which you will install and configure. You can use other port numbers if you'd like. For this rest of this document, we will assume that the TCP port number you will use to connect to your VNC server is 5901.

Continue from the end of Step 5 above, type the following into the commandline interface of your virtual machine instance to see what VNC-related "aliases" have been set up for you:

    alias | grep vnc

and you should see the you have the following aliasses:

    alias killvnc='vncserver -kill :1'
    alias startvnc1='vncserver -geometry 1920x1080 :1'
    alias startvnc2='vncserver -geometry 1440x900 :1'
    alias startvnc3='vncserver -geometry 1366x768 :1'
    alias startvnc4='vncserver -geometry 1280x800 :1'
    alias startvnc5='vncserver -geometry 1024x768 :1'

The "killvnc" alias is to kill your VNC server. The five "startvnc" aliases can be used to launch your VNC server with different display/desktop sizes. Eventually, you need to figure out which one is best for you. For now, let's try the medium size desktop (1366x768) and do:

    startvnc3

Since you haven't set up a password for remote access, it will prompt you to set up a password. You should use the same password as the ssh password you use to ssh into your virtual machine instance. If you see a messsage saying that your password is too long, just ignore it. Now your VNC server should be running.

To kill the VNC server, you can just type:

    killvnc

I have noticed that sometime, the VNC server would all of a sudden stop to respond. All you need to do is to ssh to your server instance and kill the VNC server and restart it:

    killvnc; sleep 3; startvnc3

Step 7: Connect Your Laptop To Your Virtual Machine Instance

You should be able to use any VNC Viewer to connect to your virtual machine instance. I have heard good things about the VNC Viewer. Please just download and install the viewer since it's free. Please don't install the server+client package because that's not free. Also, there is no need to sign up for an account since you just want to use the viewer for free.

After you've got it installed, launch the app and select New Connection from the File Menu. Enter the Public IPv4 DNS host name of your virtual machine instance (see Step 6 above) followed by ":5901" as the VNC Server and enter "AWS" as Name. Click on the OK button. This will create an icon in the viewer. Double-click on the icon and it will connect to your VNC server. When you are prompted for a password, please enter the password you have just set up, check the Remember Password checkbox, and click on the OK button and you will see your virtual machine desktop. Please note that you can run Sublime Text and Firefox! But VS Code will crash.

On the Mac, it has something called Screen Sharing, which is basically a VNC viewer (although I was told that it doesn't map the <Option> key to <Alt>). Let HOSTNAME be the Public IPv4 DNS host name of your virtual machine instance (see Step 6 above). To use Screen Sharing, first click on the Go menu and select Connect To Server. Then enter:

    vnc://HOSTNAME:5901

Click on the Connect button and enter the password you have set up. Then search your laptop for the Screen Sharing app then launch it. In the popup window, enter:

    HOSTNAME:5901

then click on the Connect button to see your virtual machine desktop.

On Windows 10/11, there is a free VNC client/viewer called Remote Ripple which I like. Click on the Download button and follow the instructions to get it installed. (Please do not download the TightVNC server since we already have a VNC server running inside the virtual machine.) Launch the Remote Ripple app. Click on New Session. In the popup window, enter the Public IPv4 DNS host name of your virtual machine instance (see Step 6 above) as Host Address, AWS as Display Name, and click on Advanced Settings and enter 5901 as Port. Click on the Connect button. When you are prompted for a password, please enter the password you have just set up.

Another free VNC client/viewer on Windows that I like is called UltraVNC. I don't recommend downloading UltraVNC from the UltraVNC website directly because it's difficult to download what you need without downloading a lot of other garbage! Instread, please visit this 3rd party website (at techspot.com). On the right, click on on the big Download Now button and click on the "Windows" button (and not the "Windows 32-bit" button) under Download Options to download a 64-bit installer. Wait 5 seconds and don't click on anything and the installer download should start. Uncheck the UltraVNC server and repeater and only install the viewer. When you run UltraVNC Viewer, under "server:port", enter:

    HOSTNAME:5901

where HOSTNAME is the Public IPv4 DNS host name of your virtual machine instance and click on the Connection button to see your virtual machine desktop.

To transfer files between your laptop and the VM, I would recommend that you use FileZilla since it's pretty easy to use. This way, you can edit your files with your favorite editor on your laptop and use FileZilla to quickly copy your files to the VM.

Another way to transfer file is to use the scp commandline program. From Windows Powershell or Mac Terminal, you can type the following to scp FILE1 in the current working directory of the PowerShell/Terminal to the home directory of your virtual machine instance:

    scp FILE1 student@HOSTNAME:FILE1

To scp FILE2 from the home directory of your virtual machine instance to the current working directory of your PowerShell/Terminal, do:

    scp student@HOSTNAME:FILE2 FILE2

Free Tier Limitations And Usage Caps

AWS Free Tier is free for 12 months but with limitations. If you go to the AWS Free Tier website and click on "12 months free", you can see the limitations. But these limitations are difficult to keep track. If you go beyond the usage caps, AWS will start charging your credit card! So, you need to know how much resources you have been using.

Go to your AWS Console and click on your account name in the right-top corner and select Account. In the left panel, click on Bills to see if you have any charges (it should be $0.00). In the left panel, click on Free Tier to see your current Free Tier usage. It's probably a good idea to check this once a day to make sure that you are not over-using your account. Here are things you should do to minimize usage.

Stop your EC2 instance when you are not using it. From the AWS Console, click on Services in the left-top corner and select EC2. Click on Instances in the left panel. In the right panel, check the checkbox of your instance and click on the Instance State drop down menu and select Stop Instance. And remember, every time you restart your instance, most likely, you will get a new Public IPv4 DNS. Although if you type "reboot" from a terminal to restart your instance, there is a good chance that you will end up with the same Public IPv4 DNS host name. (By the way, I don't know if this is really necessary because the main charges in AWS is for transfering data in and out of your VM instance. Just running your VM instance shouldn't incur much cost.)
Delete your snapshots (since they can increase storage cost). From EC2, scroll down to the Elastic Block Store section and click on Snapshots. If you see a snapshot, check the checkbox for the snapshot click on the Actions drop down menu and select Delete Snapshot.
Do not transfer data between regions because that would cost you money.
Backup your files often (at least once a day when you are making changes to your code)! Create a backup ZIP or .tar.gz file and download it to your laptop using FileZilla. In the worstcase, when you are getting close to a particular usage cap, just delete your VM and everything in your account, delete the AWS account, create a new gmail account, and create a new AWS Free Tier account using your new gmail account then upload your files to the new VM!

Common Issues

If you get some kind of a "timed out" or "too many security failures" error message when you are trying to connect with a VNC viewer, there are usually 3 possibilities:

You forgot to set up the firewall (or you didn't set it up just right) on your AWS system. Please see the first paragraph in Step 6 above.
Your VNC server died or became unresponsive (this actually happens a lot in the AWS system). In this case, you just need to ssh to your AWS system and kill the VNC server and restart it by doing:
```
    killvnc
    startvnc3
```
Your instance is not running or became unresponse (this can happen once in a while in the AWS system). In this case, you need to go to your EC2 console (i.e., go to AWS Console and type "EC2" in the Search box on top and Click on EC2 in Services) and stop and start the instance (and you may end up with a new Public IPv4 DNS host name).

If you believe that your instance is corrupted somehow, you need to uninstall your instance and repeat Step 5 and Step 6 above. This does happen once in a while and that's why you need to back up your work files at least once a day and save the back up data on your laptop or in the cloud somewhere.

Another problem I have heard a couple of times is that when you click on the Terminal Emulator or GNOME Terminal from the buttons on the left, you get an error. In that case, you can click on the Main Menu button, then click on the System button on the right, then scroll all the way to the bottom and click on Xfce Terminal. This terminal is similar to the GNOME Terminal (although not the same).

VS Code cannot be started within the AWS instance. I think it's because it needs too much memory to run. Some students have tried to access the AWS instance through ssh from within VS Code on their laptop. According to this Microsoft developer page, at least 2 GB RAM and a 2-core CPU is recommended. Maybe that's the issue. (I do not recommend setting up an instance with more RAM, more CPU, or more storage because that most likely will rack up credit card charges.)

Uninstall An Instance

If you have made a mistake when you install a virtual machine (i.e., an EC2 instance), you should delete the EC2 instance or AWS may charge you for using too much storage. Here are the steps you need to take to delete an EC2 instance.

From the AWS Console, click on Services in the left-top corner and select EC2. Click on Instances in the left panel. In the right panel, check the checkbox of your instance and click on the Instance State drop down menu and select Terminate Instance. You will get a popup window with the following message:
On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated. Storage on any local drives will be lost.
EBS is Elastic Block Store (and you can see that there is a link in the left panel).
The above is a good default action. No need to click on the Delete EBS Volumns link in the middle of the popup window. You should just click on the Terminate button to go with the default action. It can take a few minutes for your EC2 instance's status to change to Terminated. It can take quite a long time (over an hour) for your terminated EC2 instance to disappear from the Instances screen.
After your terminated EC2 instance has disappeared from the Instances screen, you should check to see if the associated EBS volume has been deleted as promised. Click on Volumes (under Elastic Block Store) in the left panel. In the right panel, check the checkbox of the volumn associated with your terminated EC2 instance and click on the Actions drop down menu and select Delete Volume. Then click on the Delete button on the next screen.