Rocky Linux from CIQ on AWS¶
This guide covers deploying Rocky Linux from CIQ (RLC) on Amazon Web Services.
AWS Marketplace¶
RLC is available through the AWS Marketplace, providing easy deployment and billing integration.
Finding RLC in AWS Marketplace¶
- Navigate to AWS Marketplace
- Search for "Rocky Linux from CIQ"
- Select the appropriate RLC offering
- Review pricing and terms
- Click "Continue to Subscribe"
Launching from Marketplace¶
# Launch RLC instance from AWS CLI
aws ec2 run-instances \
--image-id ami-rlc-marketplace-id \
--instance-type t3.medium \
--key-name my-key-pair \
--security-group-ids sg-12345678 \
--subnet-id subnet-12345678 \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=RLC-Server}]'
Instance Types¶
Recommended Instance Types¶
Development/Testing: - t3.micro - 1 vCPU, 1GB RAM - t3.small - 1 vCPU, 2GB RAM - t3.medium - 2 vCPU, 4GB RAM
Production: - m5.large - 2 vCPU, 8GB RAM - m5.xlarge - 4 vCPU, 16GB RAM - m5.2xlarge - 8 vCPU, 32GB RAM
High Performance: - c5.xlarge - 4 vCPU, 8GB RAM (compute optimized) - r5.xlarge - 4 vCPU, 32GB RAM (memory optimized)
Storage Configuration¶
EBS Volume Types¶
# Create high-performance EBS volume
aws ec2 create-volume \
--size 100 \
--volume-type gp3 \
--iops 3000 \
--throughput 125 \
--availability-zone us-west-2a \
--encrypted \
--tag-specifications 'ResourceType=volume,Tags=[{Key=Name,Value=RLC-Data}]'
Recommended Storage Layout¶
- Root Volume: 20GB gp3 (encrypted)
- Data Volume: 100GB+ gp3 (encrypted)
- Backup Volume: S3 storage for backups
Networking¶
Security Groups¶
# Create security group for RLC
aws ec2 create-security-group \
--group-name rlc-sg \
--description "RLC Security Group"
# Allow SSH access
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0
# Allow HTTP/HTTPS
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp \
--port 443 \
--cidr 0.0.0.0/0
VPC Configuration¶
- Public Subnet: For internet-facing instances
- Private Subnet: For internal services
- NAT Gateway: For private subnet internet access
- Internet Gateway: For public subnet access
Auto Scaling¶
Launch Template¶
{
"LaunchTemplateName": "rlc-template",
"LaunchTemplateData": {
"ImageId": "ami-rlc-latest",
"InstanceType": "t3.medium",
"KeyName": "my-key-pair",
"SecurityGroupIds": ["sg-12345678"],
"IamInstanceProfile": {
"Name": "RLC-InstanceProfile"
},
"UserData": "IyEvYmluL2Jhc2gKeXVtIHVwZGF0ZSAteQ=="
}
}
Auto Scaling Group¶
# Create Auto Scaling Group
aws autoscaling create-auto-scaling-group \
--auto-scaling-group-name rlc-asg \
--launch-template LaunchTemplateName=rlc-template,Version=1 \
--min-size 1 \
--max-size 5 \
--desired-capacity 2 \
--vpc-zone-identifier "subnet-12345678,subnet-87654321"
Load Balancing¶
Application Load Balancer¶
# Create Application Load Balancer
aws elbv2 create-load-balancer \
--name rlc-alb \
--subnets subnet-12345678 subnet-87654321 \
--security-groups sg-12345678 \
--scheme internet-facing \
--type application \
--ip-address-type ipv4
Monitoring¶
CloudWatch Integration¶
# Install CloudWatch agent
sudo dnf install amazon-cloudwatch-agent
# Configure CloudWatch agent
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Custom Metrics¶
# Send custom metric
aws cloudwatch put-metric-data \
--namespace "RLC/Application" \
--metric-name "CustomMetric" \
--value 123 \
--unit Count
Backup and Recovery¶
EBS Snapshots¶
# Create snapshot
aws ec2 create-snapshot \
--volume-id vol-12345678 \
--description "RLC data backup $(date +%Y%m%d)"
# Automated backup with lifecycle
aws dlm create-lifecycle-policy \
--execution-role-arn arn:aws:iam::123456789012:role/AWSDataLifecycleManagerDefaultRole \
--description "RLC daily backups" \
--state ENABLED \
--policy-details file://backup-policy.json
S3 Backup¶
# Sync data to S3
aws s3 sync /data s3://my-rlc-backup/data/
# Configure lifecycle policy for cost optimization
aws s3api put-bucket-lifecycle-configuration \
--bucket my-rlc-backup \
--lifecycle-configuration file://lifecycle.json
Cost Optimization¶
Reserved Instances¶
- Purchase Reserved Instances for predictable workloads
- Use Savings Plans for flexible compute usage
- Consider Spot Instances for non-critical workloads
Storage Optimization¶
- Use gp3 volumes instead of gp2 for better cost/performance
- Implement S3 lifecycle policies for data archiving
- Regular cleanup of unused EBS snapshots
Troubleshooting¶
Common Issues¶
Instance Launch Failures:
# Check instance status
aws ec2 describe-instances --instance-ids i-12345678
# Review system log
aws ec2 get-console-output --instance-id i-12345678
Connectivity Issues:
# Check security group rules
aws ec2 describe-security-groups --group-ids sg-12345678
# Verify route table
aws ec2 describe-route-tables --filters "Name=association.subnet-id,Values=subnet-12345678"
Performance Issues:
# Check CloudWatch metrics
aws cloudwatch get-metric-statistics \
--namespace AWS/EC2 \
--metric-name CPUUtilization \
--dimensions Name=InstanceId,Value=i-12345678 \
--start-time 2024-01-01T00:00:00Z \
--end-time 2024-01-01T23:59:59Z \
--period 3600 \
--statistics Average
Best Practices¶
Security¶
- Use IAM roles instead of access keys
- Enable VPC Flow Logs for network monitoring
- Implement least privilege access
- Enable CloudTrail for audit logging
Performance¶
- Use Placement Groups for HPC workloads
- Enable Enhanced Networking for better performance
- Use appropriate instance types for workload
Cost Management¶
- Tag all resources for cost allocation
- Use AWS Cost Explorer for usage analysis
- Implement automated start/stop for dev environments
- Regular review of unused resources
For additional AWS-specific configurations and troubleshooting, see the main RLC documentation