Product SiteDocumentation Site

10.4. AWS API User Setup Steps

In general, users need not be aware that they are using a translation service provided by CloudStack. They need only send AWS API calls to CloudStack's endpoint, and it will translate the calls to the native API. Users of the Amazon EC2 compatible interface will be able to keep their existing EC2 tools and scripts and use them with their CloudStack deployment, by specifying the endpoint of the management server and using the proper user credentials. In order to do this, each user must perform the following configuration steps:
  • Generate user credentials and register with the service.
  • Set up the environment variables for the EC2 command-line tools.
  • For SOAP access, use the endpoint http://CloudStack-management-server:8080/awsapi. The CloudStack-management-server can be specified by a fully-qualified domain name or IP address.

10.4.1. AWS API User Registration

Each user must perform a one-time registration. The user follows these steps:
  1. Obtain the following by looking in the CloudStack UI, using the API, or asking the cloud administrator:
    • The CloudStack server's publicly available DNS name or IP address
    • The user account's API key and Secret key
  2. Generate a private key and a self-signed X.509 certificate. The user substitutes their own desired storage location for /path/to/… below.
    $ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /path/to/private_key.pem -out /path/to/cert.pem
  3. Register the mapping from the X.509 certificate to the API/Secret keys. Download the following script from and run it. Substitute the values that were obtained in step 1 in the URL below.
    $ cloudstack-aws-api-register --apikey=User’s CloudStack API key --secretkey=User’s CloudStack Secret key --cert=/path/to/cert.pem --url=http://CloudStack.server:8080/awsapi


A user with an existing AWS certificate could choose to use the same certificate with CloudStack, but the public key would be uploaded to the CloudStack management server database.

10.4.2. AWS API Command-Line Tools Setup

To use the EC2 command-line tools, the user must perform these steps:
  1. Be sure you have the right version of EC2 Tools. The supported version is available at
  2. Set up the environment variables that will direct the tools to the server. As a best practice, you may wish to place these commands in a script that may be sourced before using the AWS API translation feature.
    $ export EC2_CERT=/path/to/cert.pem
    $ export EC2_PRIVATE_KEY=/path/to/private_key.pem
    $ export EC2_URL=http://CloudStack.server:8080/awsapi
    $ export EC2_HOME=/path/to/EC2_tools_directory