How can I create an ec2 instance which can be hibernated?

Question

I'm stuck in the storage stage. It says: To use hibernation, encrypt the root volume.. But I cannot click the encrypt checkbox, nor did I find any way to encrypt the root volume.

Answer 1

Update 2020-03

A lot has changed since my post below and Hibernation is now a piece of cake. Encryption can be done in the normal ec2 creation flow in AWS console, Amazon Linux 2 is also supported.

All you need to be aware of:

• not all instance types are supported, see here for an up to date list
• RAM > 150GB is not supported
• your disk space needs to be bigger than your RAM (as RAM will be written on disk when hibernating)

Original post:

In the end I was stuck at many stages, the official documentation is somehow lacking so I thought I'd document my findings:

In order to hibernate an instance it needs to be of type C3, C4, C5, M3, M4, M5, R3, R4 or R5. Plus it needs to be a Amazon Linux 1 AMI (this may be outdated, see here for an up to date list). I started with a Linux 2 AMI and didn't get any warning until it just didn't work in the end (only showing Suspend key pressed., Requested operation not supported, ignoring. in /var/log/messages), even their suggested steps to enable hibernation didn't work, as ec2-hibinit-agent is not an available packet on Amazon Linux 2.

Hibernation requires the boot volume to be encrypted. In order to achieve that, you need to encrypt the AWS Linux 1 AMI prior to starting the launch wizard:

1. create a KMS key using AWS console
2. find the ami id if AWS Linux 1 (not 2!) of your region e.g. using the ec2 launch wizard. In my case (eu-central-1) this was ami-0cfbf4f6db41068ac
3. create your own, encrypted ami (replace eu-central-1, the ami and the kms key with your own

 

aws ec2 copy-image --source-region eu-central-1 --source-image-id ami-0cfbf4f6db41068ac \
--region eu-central-1 --name "LinuxAMIEncrypted" --encrypted \
--kms-key-id arn:aws:kms:eu-central-1:123412341234:key/aaaaaaaa-1234-abce-abcd-1234abcdef01

Wait a few minutes until you see the new AMI showing up in EC2 -> AMIs

1. From AMIs (in EC2 AWS console) launch your new AMI
2. choose C3, C4, C5, M3, M4, M5, R3, R4 or R5
3. click Enable hibernation as an additional stop behavior

To test it:

• run tail -f /var/log/messages on the ec2 instance to check for errors
• run aws ec2 stop-instances --instance-ids "i-…" --hibernate to hibernate via terminal, or alternatively over aws console

Additionally I saw this error in /var/log/messages:

Agent hibernate - AccessDeniedException: User: arn:… is not authorized to perform: ssm:UpdateInstanceInformation on resource: ssm:UpdateInstanceInformation. I needed to attach AmazonEC2RoleforSSM and AmazonSSMAutomationRole to make these errors go away.

Answer 2

A visual guide as of 2022

Prerequisites

First, check the AWS Hibernation prerequisites about the requirement of Hibernation, pay attention to OS, RAM Cap (less than 150GB), and the supported instance families.

To enable hibernation, space is allocated on the root volume to store the instance memory (RAM). Make sure that the root volume is large enough to store the RAM contents and accommodate your expected usage, e.g. OS, applications. To use hibernation, the root volume must be an encrypted EBS volume

EC2 Instance Creation Steps

Within the Launch an instance wizard (the wizard when you create the new EC2 instance), expand the Storage (volumes) and EBS Volumes section

Pay attention to the following attributes:

• Size (GiB): Make sure it's greater than the memory size and your expected usage
• Encrypted: Yes
• KMS Key: You can pick the default one for simplicity

Then scroll to the Advanced Details section, select Enable for the Stop - Hibernate behavior option

Then proceed to create your instance

Usage

To hibernate the created instance, select it from the dashboard, choose Instance state -> Hibernate instance