5 Minute Private Instance -- Having Problems

Hi There,

I spent most of the afternoon trying to get a 5 minute instance up and running per http://calendar.perfplanet.com/2014/webpagetest-private-instances-in-five-minutes/ . I had a rough start for sure.

I found the Agent Windows Instance was launched in a different Security Group than the Server. I got that fixed by specifying the following at launch time in user data:


I had the folks at AWS look over the configuration of both instances and it looks OK to them.

The server is launching a m3.medium instance as it should. I can start tests through the UI and I can see they are waiting in the queue via http://server/getLocations.php. I can ssh into the Server using the key pair I launched it with. All seems to be OK with the Server.

I tried to ping the Agent IP from the server and I do not get a reply. AWS checked the Security Group details and it seems to be setup correctly ā€“ both instances allow All Protocols/All Traffic in the same Security Group. It could be that windows is not configured to allow ping responses. The Agent does not have a Key Pair so I have no way to log into it and test communications back to the Server.

Iā€™m not sure what to do next ā€“ any help would be appreciated. By the way, is it possible to have the Server launch an Agent with a Key Pair? This would allow me to login to the Agent and look around.

Thanks in advance! Greg

Update 1: I updated the rules in the Security Group to allow All Protocols / All Ports for the IP Addresses of both the Server and the Agent. The application is now working. Please note this does not work in the general case as the Agent needs to Launch into a Security Group that allows communications between all Instances in the Security Group. It appears the Security Group IS setup this way but it is not working for some reason.

There are two items that we need to fix and one request:
(1) We need to be able to Launch an Instance into the Default VPC Security Group
(2) We need to configure the Default VPC Security Group so that all Instances in the Group may communicate freely
(3) It would be helpful to optionally pass the Server Key Pair to the Agents so it is possible to log in.

Update 2: Our account was configured for Both EC2 Classic and VPC. The account was updated this afternoon to VPC Only. Now when I Launch to Server and it Launches an Agent, they are both in the same Default VPC Security Group. This takes care of problem (1) above.

Problem (2) is still with us. The only way I can get the Agent to communicate with the Server is by adding a Security Group Rule containing the IP Address of the Agent for Inbound HTTP. This allows me to get the application running but does not allow for the general case where the Server and Agent can communicate without manual intervention. Any ideas on what might be happening here?

Making progress! Greg