Oracle Linux 9 User Guide
Overview
This guide covers the deployment and configuration of Oracle Enterprise Linux 9 on AWS using cloudimg AMIs from the AWS Marketplace. Oracle Linux 9 is the latest major release of Oracle's enterprise Linux distribution, offering modern kernel features, enhanced security, and improved performance for cloud workloads.
Available versions: Oracle Linux 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6, and 9.7. Each version is available as a separate AMI on the AWS Marketplace.
What's included in this AMI:
- Oracle Enterprise Linux 9 with latest security patches
- AWS CLI 2.7.7 for AWS service management
- AWS CloudWatch Agent 1.247352.0b251908 for monitoring and log collection
- AWS Systems Manager Agent 3.1.1476.0 for remote management
- Cloud Init 22.1 for instance initialization
- OS package update script for keeping the system current
- 24/7 cloudimg support with guaranteed 24 hour response SLA
Prerequisites
Before launching this AMI, ensure you have:
- An active AWS account
- An active subscription to your chosen Oracle Linux 9 version on AWS Marketplace
- An EC2 key pair for SSH access
- Familiarity with EC2 instance management and SSH
Recommended Instance Type: t3.small (2 vCPU, 2 GB RAM) or larger. The minimum requirements are 1 vCPU, 1 GB RAM, and 20 GB disk space.
Step 1: Launch the AMI
- Navigate to the AWS Marketplace and search for "Oracle Linux 9 cloudimg"
- Select the specific minor version you need (9.0 through 9.7)
- Click Continue to Subscribe, accept the terms, then Continue to Configuration
- Select your preferred Region and Software Version
- Click Continue to Launch
- Choose Launch through EC2 for full control over instance configuration
- Select your instance type (
t3.smallrecommended) - Configure storage: 20 GB gp3 minimum
- Configure your Security Group with the following inbound rules:
| Port | Protocol | Source | Purpose |
|---|---|---|---|
| 22 | TCP | Your IP | SSH access |
- Select your EC2 key pair and launch the instance
Step 2: Connect via SSH
Once your instance is running and has passed both status checks (2/2), connect using SSH:
ssh -i your-key.pem ec2-user@<public-ip-address>
To switch to the root user:
sudo su -
Step 3: Verify the System
Check the OS version:
cat /etc/oracle-release
Check kernel version:
uname -r
Using AWS CLI
The AWS CLI is preinstalled:
aws --version
Configure credentials with aws configure or attach an IAM role to the instance.
Configuring CloudWatch Agent
Run the configuration wizard as root:
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
Start the agent:
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/opt/aws/amazon-cloudwatch-agent/bin/config.json
Check status:
/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -m ec2 -a status
Using Systems Manager
Check SSM Agent status:
systemctl status amazon-ssm-agent
Ensure the instance has an IAM role with AmazonSSMManagedInstanceCore policy.
Configuring Cloud Init
Edit the Cloud Init configuration:
vi /etc/cloud/cloud.cfg
Server Components
| Component | Version | Install Path |
|---|---|---|
| AWS CLI | 2.7.7 | /usr/local/aws-cli |
| AWS CloudWatch Agent | 1.247352.0b251908 | /opt/aws/amazon-cloudwatch-agent |
| AWS Systems Manager Agent | 3.1.1476.0 | /usr/bin/amazon-ssm-agent |
| Cloud Init | 22.1 | /etc/cloud |
Filesystem Layout
| Mount Point | Size | Description |
|---|---|---|
| / | 38 GB | Root filesystem (NVMe) |
| /boot | 2 GB | Operating system kernel files |
Note: Oracle Linux 9 uses NVMe storage devices on supported instance types.
Scripts and Log Files
| Script/Log | Path | Description |
|---|---|---|
| initial_boot_update.sh | /stage/scripts | Updates the OS with the latest packages on first boot |
| initial_boot_update.log | /stage/scripts | Output log for the boot update script |
On Startup
An OS package update script runs on first boot. Disable it with:
rm -f /stage/scripts/initial_boot_update.sh
crontab -e
# Delete the @reboot line, save and exit
Common Administration Tasks
Update all packages:
dnf update -y
Install a package:
dnf install -y package-name
Search for packages:
dnf search keyword
Manage services:
systemctl start service-name
systemctl stop service-name
systemctl enable service-name
systemctl status service-name
View system logs:
journalctl -f
Check listening ports:
ss -tlnp
Troubleshooting
Cannot connect via SSH
- Verify the instance has passed 2/2 status checks
- Check your security group allows port 22 from your IP
- Ensure you are using the correct key pair and username (
ec2-user)
dnf update fails
- Verify internet access (public subnet or NAT gateway)
- Check DNS resolution:
nslookup yum.oracle.com - Check disk space:
df -h
CloudWatch Agent not working
- Verify agent status with the
amazon-cloudwatch-agent-ctlcommand - Check IAM role has
CloudWatchAgentServerPolicy - Review logs:
tail -f /opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log
Security Recommendations
- Restrict SSH access: Only allow port 22 from trusted IP addresses
- Use IAM roles for AWS API access instead of access keys
- Keep the system updated: Run
dnf updateregularly - Enable SELinux: Verify with
getenforce - Configure firewalld for host level security
- Monitor with CloudWatch for CPU, memory, and disk alerts
- Use SSM Session Manager for secure, auditable remote access
- Harden SSH configuration: Disable password authentication, use key based auth only
Support
If you encounter any issues with this product, contact cloudimg support:
- Email: support@cloudimg.co.uk
- Website: www.cloudimg.co.uk
- Support hours: 24/7 with guaranteed 24 hour response SLA