Saturday, January 1, 2022

Creating an AWS EC2 Instance (Virtual Machine)

You can find the AWS Shared Responsibility Model on this link.



AWS responsibility “Security of the Cloud” - AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.


Customer responsibility “Security in the Cloud” - Customer responsibility will be determined by the AWS Cloud services that a customer selects. This determines the amount of configuration work the customer must perform as part of their security responsibilities. 


 

In the AWS Management Console, select the region where the EC2 instance will be deployed.

 

You choose the AWS Region based on the proximity of the users who will frequently access the resource and data compliance. In this case I chose Asia Pacific (Singapore): ap-southeast-1.

You can either create a new EC2 instance under Services > Compute > EC2 or type EC2 in the search bar.


Click Launch instance (orange button) > Launch instance.


There are seven steps in order to create an EC2 instance. The first step is to Choose an Amazon Machine Image (AMI).

 

There are various Linux, MacOS and Windows AMI to choose from. In this case I chose Amazon Linux  2 AMI which is Free tier eligible.

 

The second step is to choose an Instance Type which is the combination of CPU, memory, storage, etc.

 

In this case I chose t2.micro which is 1 vCPU, 1 GB memory and it's Free tier eligible.

 

You can either select Review and Launch to finish or click Next to continue with the EC2 Instance customization.

 

The third step is to configure the Instance Details. I just left it in default settings.

The fourth step is to Add Storage. I just left the default size of 8 GB and Volume Type: General Purpose SSD (gp2). Click Next.

In fifth step, you can optionally add a Tag. Tags are helpful in auditing and billing purposes.

 

In this case I added a Tag Key: Name and Value: test-ec2-apac. Click Next.

 


The sixth step is to configure a Security Group which is the virtual firewall rule set.

 

In this case I chose: Create a new security group > type Security group name: ec2-security-group.

 

Click Add Rule > select Type: SSH > select Protocol: TCP > Port Range: 22 > type Source: ::/0 (all IPv6 address) > click Review and Launch.


The seventh and last step is to Review the summary of the EC2 settings. Click Launch once finished.

A message prompt will ask to either Choose an existing key pair, Create a new key pair or Proceed without a key pair.

 

A key pair is used when accessing the EC2 instance outside the AWS cloud/public Internet.

 

 In this case I chose Create a new key pair > select Key pair type: RSA > type Key pair name: ec2-key-pair > click Download Key Pair.

Save the key pair file (.pem file) > then click Launch Instances.

Click on the EC2 instance ID (hyperlink) to view the status.

The hyperlink will redirect you to the EC2 Instance page. Notice the Instance state: Running.

 

The EC2 instance deployment will take a few seconds or minutes depending on the EC2 Instance type/settings.

 

Select the new EC2 instance to view its details.

 


Click Connect to connect to the EC2 instance within the AWS Management Console.

 

Click Connect (orange button).

 



It will launch a new web browser and open a command terminal.

Use the commands below in the Linux command prompt to run an HTTP web server and display a simple text.

sudo su

yum install -y httpd.x86_64

systemctl start httpd.service

systemctl enable httpd.service

echo "Hello World" > /var/www/html/index.html

 

To test the web server script, copy the Public IPv4 DNS to clipboard (click the page icon).

ec2-3-0-145-251.ap-southeast-1.compute.amazonaws.com

You could either use the DNS or public IP in the web browser.


To SSH the Linux EC2 Instance from outside/public Internet, you'll need to add/load the key pair created earlier.

 

Open PuTTY Key Generator > click Load.

 

 
Select All Files (at the bottom) > select the key pair: ec2-key-pair.pem > click Open.

Click OK to continue > click Save private key.

Click Yes to save the key without a passphrase to protect it.

 

Save the new private key file (.ppk).

 

Select the specific EC2 Instance > click Connect > go to SSH client tab.

 

Copy the DNS string to clipboard and paste in PuTTY SSH client.

 

 


 Go to Connection > Data > type Auto-login username: ec2-user


Go to SSH > Auth > browse the .ppk key pair file > Open

It will automatically login to the Linux EC2 command prompt.

You can either Stop, Reboot or Terminate the EC2 Instance. Just select the specific EC2 Instance > click Instance state > choose the Stop.

 

In this case I chose to Stop the instance so it will not incur cost and can be used in the future. Choose Terminate to completely delete the EC2 Instance and its data.

 

Click Stop.

Notice the Instance State changed to Stopped.