Excelsior Logo Home

Cat in the Cloud: Apache Tomcat in Amazon EC2

Part I - The Basics

Last update: 02-May-2012

By Dmitry LESKOV

This article is part of a step-by-step guide for Java Web application developers wanting to get their feet wet in the Amazon cloud. If you are not totally new to Amazon EC2, you may wish to either skip the first section or go straight to:

Part II - Taking Control Over Your Java Stack
Part III - Advanced Topics (such as running on port 80)

Creating an Amazon EC2 Instance

  1. If you have not done so yet, create an Amazon Web Services (AWS) account. As of August 2011, you may test drive AWS at no cost for up to one year, provided you do not go beyond certain usage limits.

    Go to http://aws.amazon.com/, click "Create an AWS Account" and follow the prompts.


    There are two caveats to the sign-up process. First, you need to enter a valid phone number and have it verified before you can use the service. A robot will call you and ask you to enter your PIN code using your phone key pad. You also need to provide your credit card data even if you sign up for the free tier, so that Amazon could start charging you if you indeed go beyond the free tier limits.

  2. Sign in to the AWS Management Console, switch to the the Amazon EC2 tab, and click the Launch Instance button.



  3. What actually launches is the Request Instances Wizard. Choose an Amazon Machine Image (AMI) and click the Select button next to it.


    On the free tier, your choice is limited to Amazon Linux AMIs and selected Community AMIs. Also, you may only launch micro instances that have less than 1GB of RAM, so it does not make much sense to select a 64-bit AMI. Below it is assumed that you have selected the Basic 32-bit Amazon Linux AMI.

  4. You may click Continue on the first two screens of the Instance Details step — the defaults are okay and may be changed later anyway. On the third screen, assign a name to your instance for ease of future management. Type the name into the Value field and click Continue.


  5. On the Key Pair step, create a new key pair: enter a name and click Create & Download your Key Pair.


    Save the key pair file (key-pair-name.pem).

  6. On the Configure Firewall screen, create a new Security Group. There will be a rule for SSH access. As a minimum, you should add All ICMP (for ping to work), and a custom TCP rule for port 8080. Add a rule for HTTP if you want to access Tomcat on port 80 or run it behind an HTTP proxy.

    You may wish to restrict SSH access by IP address for extra security. Delete the preconfigured SSH rule, and add a new one, specifying your Internet connection netmask for Source.


    When you are done with firewall rules, click Continue.

  7. Review the instance settings and click Launch.


  8. Click View your instances on the Instances page.


  9. In the Show/Hide Columns dialog, check only the Status and Public DNS boxes. Uncheck the rest for now. You can always enable other columns later.


  10. Your instance is now up and running, and it has been assigned a public IP address and DNS name that you and others may use to connect to it from anywhere on the Internet. (It also has a private IP address and DNS name for communication with other instances.)

    It seems that an instance with a public IP address of A.B.C.D will have a Public DNS name beginning with ec2-A-B-C-D, but this is not documented.

    Copy the Public DNS address to the clipboard…


    …and login to your instance via SSH as user “ec2-user”.

    On Linux, use the -i option to specify your key to ssh:

    ssh -i key-pair-file ec2-user@public-DNS

    To upload files, use scp:

    scp -i key-pair-file file ec2-user@public-DNS:

    Advanced setup: create a file ~/.ssh/config with the following content:

    host alias
        hostname public-DNS
        user ec2-user
        identityfile key-pair-file

    Where alias will serve as a symbolic alias of public-DNS for use with ssh tools, and key-pair-file is the pathname of the key pair file. You may use ~ or %d to denote the user's directory. The above commands will then shorten to:

    ssh alias        # Interactive shell
    scp file alias:  # File upload (mind the colon!)

    On Windows, there are a number of SSH clients. Here is how to configure PuTTY:

    1. Extract the private key (*.ppk) from the key pair (*.pem) using PuTTYgen (load an existing private key file, OK, enter passphrase twice, Save private key.)
    2. Launch PuTTY or open a new session.
    3. In the Connection / Data category, enter "ec2-user" in the Auto-login username field.
    4. In the Connection / SSH / Auth category, enter the full pathname of the private key file (.ppk) into the field Private key for authentication.
    5. Return to the Session category and enter the Elastic IP associated with your instance into the Host Name (or IP address) field.
    6. Enter a name for your session, e.g. "AWS-Tomcat", under Saved Sessions and click Save.

      Tip: You may wish to create a shortcut for PuTTY that loads your saved session:

      path-to-putty\putty.exe -load "session-name"
    7. Click Open and enter your private key passphrase when prompted.

    PuTTY comes with a program called PSCP that copies files over ssh. For example, to upload a file to your instance, issue the following command:

    path-to-putty\pscp.exe -i private-key file ec2-user@public-DNS:

    or, if you have a saved PuTTY session:

    path-to-putty\pscp.exe file session-name:
    Using username "ec2-user".
    Authenticating with public key "AWS-Tomcat"
    Passphrase for key "AWS-Tomcat":
           __|  __|_  )
           _|  (     /   Amazon Linux AMI
    See /usr/share/doc/system-release/ for latest release notes.
    No packages needed for security; 16 packages available
  11. Update the instance with the latest patches and upgrades, especially if there are security updates available:

    sudo yum update

Installing Java

The Amazon Linux AMI has a JRE preinstalled and the JAVA_HOME environment variable already set:

echo ${JAVA_HOME}
${JAVA_HOME}/bin/java -version
java version "1.6.0_22"
OpenJDK Runtime Environment (IcedTea6 1.10.6) (amazon-
OpenJDK Client VM (build 20.0-b11, mixed mode)

You may notice that this is an OpenJDK build. Do not let the Java version string fool you, though — as of Feb 24, 2012 it had the latest security patches. That said, Oracle had released the official Java SE 6u31 binaries addressing those security issues ten days earlier.

Update 02-May-2012: OpenJDK 7 has not found its way into Amazon Linux repositories yet, but no doubt it will be there soon as Java SE 6 is approaching End Of Life. Use the following command to display the available OpenJDK packages:

yum --enablerepo="*" list available | grep openjdk

If you want to develop in the cloud or need to run Tomcat in debug mode, install the full JDK:

sudo yum install java-1.6.0-openjdk-devel

Refer to the follow-up article for instructions on installing Oracle Java.

Installing Tomcat From The Official Repo

Update 02-May-2012: As of version 2012.03, the main Amazon Linux repository contains both versions 6 and 7 of Apache Tomcat. Simply replace “tomcat6” with “tomcat7” below if you want to use Tomcat 7.

  1. Linux distributions typically include some version of Apache Tomcat, and Amazon Linux is no exception. Check the version using the yum info command:
    yum info tomcat6
       .  .  .
      Version    : 6.0.35
       .  .  .
  2. If your Web application is known to work on this version of Tomcat, you may go ahead and install it:

    sudo yum install tomcat6
  3. If you need to customize your Tomcat environment, e.g. set JAVA_OPTS, edit the main Tomcat configuration file (absent in the official Apache Tomcat downloads):

    sudoedit /etc/tomcat6/tomcat6.conf

    There is also a per-service configuration file template at /etc/sysconfig/tomcat. Refer to the comment at the top of the file for instructions on setting up multiple Tomcat services on one Amazon Linux system.

  4. Start Tomcat:

    sudo service tomcat6 start
    Starting tomcat6:                                          [  OK  ]
  5. If you now try to connect to your instance on port 8080, you should get error 400 (Bad Request). That's okay; it happens because the standard Tomcat samples, documentation, and management web apps are not included in the tomcat6 package or its dependencies. You may either install them now:

    sudo yum install tomcat6-webapps tomcat6-docs-webapp tomcat6-admin-webapps

    or deploy your own application(s) to /usr/share/tomcat6/webapps (which is a symlink to /var/lib/tomcat6/webapps.)

    It should now be working:


    If you still cannot connect:

    • check that Tomcat has indeed started and is listening on port 8080:

      sudo fuser -v -n tcp 8080

      Expected output:

                           USER        PID ACCESS COMMAND
      8080/tcp:            tomcat      pid F.... java
    • check that your instance's security group permits inbound connections to port 8080 from your IP address.
  6. To have Tomcat start automatically on instance boot, issue the following commands:

    sudo chkconfig --level 345 tomcat6 on
    chkconfig --list

    Expected output:

       .  .  .
    tomcat6        	0:off	1:off	2:off	3:on	4:on	5:on	6:off
       .  .  .


As you can see, installing Tomcat from the official Amazon Linux repo is a breeze, with all the housekeeping taken care of: binaries, config files, and user data are distributed nicely among /usr, /etc, and /var, a dedicated non-privileged account is created, file and directory permissions are set accordingly, log rotation is enabled, and a proper service script is installed.

There are just two problems:

  • You get specific versions of Java, Tomcat, and supplementary libraries, whereas your Web application may require or may have been tested on different versions.
  • The tomcat6 package has lots of dependencies some of which you may not need, and others may be specific versions that are incompatible with your Web app. Run

    yum deplist tomcat6

    to see the dependencies. (Note that this command only shows the immediate dependencies of the given package.)

In the follow-up articles, we'll discuss how to install your preferred versions of Java and Tomcat, advanced configuration topics, and the protection of your Web applications.

Was the above article useful? If yes, we have more content for you!

Here are the links to Part II and Part III of the series.

Check out other articles written by Excelsior staff members:

Home | Company | Products | Services | Resources | Contact

Store | Downloads | Support | Forum | Blog | Sitemap

© 1999-2013 Excelsior LLC. All Rights Reserved.