Create your first Amazon EC2 Instance (Linux)
By the end of this post, we will launch and configure our first Amazon EC2 instance using the AWS Management Console. Here is the agenda:
- Configure and launch an instance in EC2
- Understand the Instance States and other critical instance information
- Generate and use a Secure Shell (SSH) public/private key pair
- Connect to a running Linux instance using an SSH client
- Extract metadata about your running instance
- Terminate an instance
Steps to launch an instance
Launch Instance. A seven-step wizard is started.
Choose an Amazon Machine Image(AMI): Amazon Linux 2 AMI: As you can see, Amazon provides many AMIs, including the most popular versions of Linux and Windows, often in 32-bit and 64-bit variants. Look at the supporting text to find out what other software packages and development languages are already installed on the image (such as Perl, Python, Java, etc.). You can think of AMIs as the blueprint or DNA of the instance you plan to launch.
- On the Choose an Instance Type page, you should not change any options. Simply make sure the default
Click Next: Configure Instance Details when ready to continue. Take a moment to inspect the details.
You can configure many different options on this page of the wizard, but it’s best to keep your first launch simple. Skim the different fields, but leave the default values. If you are particularly interested in any particular field, hover over the i information icon next to it for a basic description. The information icon is a useful feature for easing your learning curve while using the AWS Console. In many cases, the help text also includes a link to related documentation. To summarize a few key points:
- You will launch a single instance.
- The Cloud Academy Lab environment has created a default VPC (Virtual Private Cloud) for you to launch your instance into.
- The EC2 service will launch the instance into one of several subnets in the US West (Oregon) region
Click Next: Add Storage. The default values work fine here too. There is no need to add additional volumes, encrypt volumes, or change any other settings. Simply note this is where you can change storage settings if needed.
- Click through Add tags.
Click Next: Configure Security Group when ready.
The Warning from AWS is letting you know the default configuration for the security group that is about to be created will grant SSH access from any source IP address (0.0.0.0/0). Production environments should be more restrictive. For the purposes of this Lab, this configuration is fine.
Tip: A handy feature for testing purposes is to select My IP from the Source drop-down. That will restrict SSH access to only your current IP address. In network environments with Dynamic Host Configuration Protocol (DHCP), multiple routers or firewalls, and other features that make IP addresses subject to change, this setting is not a permanent security feature. However, it is sometimes a helpful feature while you perform various tests using your EC2 instance.
Review and Launch. Spend a few minutes to review the summary of your EC2 instance. Be sure to look over the Instance Type, Instance Details and Storage sections. You do not need to change any of these settings at this point, but it’s helpful to learn the type of information and configuration options available. Click Launch when ready.
- In the Select an existing key pair or create a new key pair dialog box, select Create a new key pair. Enter keypair for the Key pair name and then click Download Key Pair:
The download will create a file named keypair.pem on your local system. It contains a private key that you can use to connect to the EC2 instance via SSH.
Summary: So far, you have launched an EC2 instance. You learned key areas of configuration for your EC2 instance using the Launch Instance wizard. Although many configuration options were left at their default values, you should have a pretty good understanding of the type of configuration options available to you within the wizard. Now that you have a running instance, you can treat it as any other Linux host. That is, you can connect to it, install and configure software, develop applications, and other tasks.
Connecting to EC2 instance
In order to manage a remote Linux server, you must employ an SSH client. Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network. Common applications include remote command-line login and remote command execution.
Linux distributions and macOS ship with a functional SSH client that accepts standard PEM keys.
Locate your EC2 instance and click Connect. This will give you the command to run on your terminal.
(base) shravan-Downloads# chmod 400 keypair.pem (base) shravan-Downloads# ssh -i "keypair.pem" firstname.lastname@example.org The authenticity of host 'ec2-52-33-48-116.us-west-2.compute.amazonaws.com (220.127.116.11)' can't be established. ECDSA key fingerprint is SHA256:OolONz5g3UuUo4eU3ZtQS2Xp8+U8SYuPg3+f6BAaAqY. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-52-33-48-116.us-west-2.compute.amazonaws.com,18.104.22.168' (ECDSA) to the list of known hosts. __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-172-31-17-182 ~]
Getting the EC2 Instance Metadata
Now you are ready to send the first commands to your EC2 Linux instance. In this section you will check the EC2 instance metadata, which is only available from within the instance itself. Instance metadata is data about your instance that you can use to configure or manage the running instance. In order to obtain the instance metadata you will use the curl utility. cURL (Client URL) is a free, open source project, and already loaded on your instance. cURL is a great way to transfer data using one of its supported protocols (such as HTTP).
Note: The IP address used below (169.254.169.254) is a special use address to return metadata information tied to EC2 instances. The IP address 169.254.169.254 is a link-local address and is valid only from the instance.
Because your instance metadata is available from your running instance, you do not need to use the Amazon EC2 console or the AWS CLI. This can be helpful when you’re writing scripts to run from your instance. For example, you can access the local IP address of your instance from instance metadata to manage a connection to an external application.
Instance metadata is divided into categories. For a description of each instance metadata category, see Instance metadata categories.
To view all categories of instance metadata from within a running instance, use the following URI.
- List all instance metadata by issuing the following command:
[ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ events/ hibernation/ hostname identity-credentials/ instance-action instance-id instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-hostname public-ipv4 public-keys/ reservation-id security-groups services/ [ec2-user@ip-172-31-17-182 ~]#
To extract specific metadata append key words to the end of the http path URL provided in the curl request. For example, you can easily check the list of security groups attached to the instance, its ID, the hostname, or the AMI ID. The
"-w" command line option tells curl to write the output to standard output (STDOUT).
- Enter the following commands to extract specific metadata associated with your running instance:
ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/security-groups launch-wizard-1 [ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/ami-id ami-0d6621c01e8c2de2c [ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/hostname ip-172-31-17-182.us-west-2.compute.internal [ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/instance-id i-01282f1de0da0009e [ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/instance-type t2.micro [ec2-user@ip-172-31-17-182 ~]#
- Enter the following command to get the public SSH key of the attached key pair using the public-keys metadata:
[ec2-user@ip-172-31-17-182 ~]# curl -w "\n" http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCGILHjGIY0nAmAVhEFen5bYT+Cg6TuKATSpXQ9RyO9d8T+mfkbqRbfvoJnZg6bM275RgiuUiYoMAIJjR5o+TvXT6JVoIi33ri3M32NwUu3+OhkMeJCxwY9CALAWhZqHkOBulCWch1C0v/Wcir+borjUlLM9Bhld74WUnVL1vPtqGPRZsa62zgNRd+wkalPwGGvhB+PAljN5QMwbUqyoX8r9hS690DFuSk/DPfl1uIq9L80QQBL2NvHtasyLNRRM29ArE6PiDrzq3RwqL9tTy4dd1NnQSCuap7Zj1ja/L7wmigrMtj5lLNP4QmTHJBA/UGRCO+bAvwdXM7qTBv+6j7P keypair [ec2-user@ip-172-31-17-182 ~]#
Summary: In this post you learned how you can obtain instance metadata. This metadata can be extremely useful if you want to automate the setup of new instances.