Skip to content

Running Oracle database inside Amazon Cloud (Step 4)

April 28, 2011


So how to access my Oracle instance now?

In Step 3, we ended up with an Oracle instance running in the Amazon cloud, optionally with a static IP address (EIP = Elastic IP Address). Now how to connect to this database in the cloud?

First: Remember about these security groups? Each instance has to be assigned to one, may it be the default security group or another one you created specifically for your Oracle instances (which I would recommend). For trying an SSH or RDP access from your client, you have to open up the SSH or RDP port in the security group settings first. If you don’t know your effective IP address (Internet-facing), you can either use something like IP Chicken or use as IP address which effectively opens up the port for anyone.

Second: Remember about the keypair? Each instance has to be assigned to one, and if these are your first steps in the AWS world, you probably still remember yourself downloading the private key file which is part of the keypair you assigned to this instance. We will need the private key file in a moment.

SSH Connect to your Linux instance

If your instance contains a Linux, this is how to setup your PuTTY connection:

  1. There are different formats of key files. The private key file you downloaded from AWS should be in the .pem format, i.e. it has the file extension .pem. For PuTTY you have to convert it into .pkk format. This is quite easy and described here, using the PuTTYgen tool which is part of the standard PuTTY toolbox.
  2. Startup PuTTY now.
  3. As “Host Name”, use the name that the AWS Management Console displays as “Public DNS” AFTER you assigned the Elastic IP address to the instance. This name will contain the static (elastic) IP address as well as the AWS region name and will look something like this:
  4. Go to “Connection / SSH / Auth” and in the field “Private key file for authentication” enter your converted private key file (the one with .pkk extension).
  5. Optionally, but I would recommend this: Go to “Connection / SSH / X11” and tick the “Enable X11 forwarding” checkbox. If you startup an X server on your local PC (Xming or whatsoever) before connecting with PuTTY, this will allow you to run graphical tools like Oracle’s DBCA etc.
  6. Optionally you can enter the user name as “Auto-login username” under “Connection / Data”. For the first connect, you have to use the root user.

Now save your PuTTY session and try to connect.

Administrator Login to your Windows instance

For a Windows instance you have to open up RDP port in the assigned security group. Then, in the AWS Management Console, select your instance and choose “Get Windows Admin password” in the menu. A dialog pops up that downloads the password which is still encrypted with your public key. In order to decrypt it, just copy and paste your private key file’s content into the dialog. The decryption is done exclusively on the client via Javascript, so neither your private key file nor the decrypted password goes over the wire.

With the decrypted password, try a connect with Windows Remote Desktop.

File Transfer

When it comes to moving files to or from your EC2 instance, there is a couple of ways how to do that:

  • For Linux instances, as soon as your SSH access is working, you can of course use any scp client, like WinSCP or the pscp tool which is part of the PuTTY toolbox.
  • For Windows intances, the RDP connection lets you mount your local drives into the target instance’s Windows Explorer. It’s just a couple of clicks which you can find here. When the RDP session is established, use the target instance’s Windows Explorer to do standard file copies from your mapped (local) drive to the AWS instance’s drives.
  • If you just want to download something into your EC2 instance, e.g. an Oracle patchset, you can also start the download right from your instance, i.e. use Windows Internet Explorer or Linux Firefox or wget command. That’s often a lot faster than involving your local PC.

If you need some files regularly or for serveral instances – e.g. Oracle patchsets or other software installers – I would also recommend using Amazon S3 (Simple Storage Service) as a staging area for those files because:

  • Storage and I/O costs for S3 are relatively low, even for permanently storing large volumes.
  • The initial upload into S3 which may take some time can be done during night or over the weekend. It’s even possible to send over a disk to Amazon and have its content copied over to S3 (AWS Import/Export). One-time or repeated transfer from S3 into EC2 instances is a lot faster then. And – if the EC2 instance and the S3 bucket are in the same region – it’s free.

Amazon S3 is essentially a storage cloud, similar to e.g. Dropbox, but more integrated with EC2 because both are from AWS.

In the AWS Management Console there is a separate tab for S3 which you can see here:

S3 Storage Cloud with some buckets and directories
S3 Storage Cloud with some buckets and directories


First thing to do is to create a so-called “bucket”. This is a container which requires a worldwide unique name, e.g. “yourcompany-mybucket”. Inside this bucket you can create directories and subdirectories, upload files and grant access to them.

When you look at a file’s “Properties” section, there is also a download link for the file. Given that you granted appropriate access privileges before, you can use this to download the file from within an EC2 instance, or from any other any place you like, e.g. like this:

$ wget<Bucketname>/myfile

SQL*Plus connect to your Oracle instance

After starting up an Oracle listener inside your instance and opening up the listener port in the security group settings, you should be able to access via the (elastic) IP address and configured listener port. As usual, start with a tnsping from within the instance, then a tnsping from your PC, then a SQL*Plus connect.

If this succeeds, other Oracle tools like Toad or Spotlight for Oracle should also be able to connect and work just fine.

IMPORTANT: As your instance’s IP address (and host name) will change after every instance stop/start, you MUST use the Public DNS Name for any TNS entry. Remember: The Public DNS Name can be copied from the AWS Management Console, after(!) the Elastic IP address has been assigned.

As this Public DNS name does NOT resolve into the Elastic IP address, but into the instance’s internal IP address (which is not static), you CAN and MUST use the Public DNS Name also inside the listener.ora file on your Oracle server. Otherwise after an instance stop/start, the listener will still listen on the former IP address and you either won’t be able to connect or you would have to adjust your TNS entries again to reflect the new IP address.

In the next post, I will talk a bit about how you can script several things to make them more automatic, schedule them and so on…


From → Oracle

One Comment

Trackbacks & Pingbacks

  1. Running Oracle database inside Amazon Cloud « dbpost

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: