Join Brandon Rich for an in-depth discussion in this video Create an EC2 instance, part of Amazon Web Services: Deploying and Provisioning.
- [Instructor] Let's take a look at what it takes to create an EC2 Instance, from the AWS console. Here we are, at the home page for AWS. Take a look around, and you can see sections to show our recently viewed services. If this is your first time here, there won't be anything here. You'll see Quick Starts, for several popular things that you might want to do, including Launch a Virtual Machine EC2 Instance, which we will do, in a few minutes. There's also the entire list of AWS Services, down here, and, a nice quick search bar, where you can type things like EC2, and, get a quick filter of just the things that you're interested in.
If you scroll to the top, you can see your name, up here, in the top, representing your account. And, you can see, right here, that it says Oregon, representing the fact that I'm in the US West region. You can see all the other region options, here. And, if I select any one of them, the AWS console will automatically switch me to that region, and, any resources that I create, will be created in that region. You can also see, in the URL, that we have up here, in the URL bar, us-west-2, representing the Oregon region.
So, now, we want to create an EC2 Instance. Let's click this Quick Start button, right here, to say Launch a Virtual Machine EC2 Instance. From here, you can take a simplified wizard, and create an EC2 Instance, in just a few steps. But, if you want to get into the details of all the things that you can control, when creating an EC2 Instance, you'll want to click advanced EC2 Launch Instance wizard. Now, at Step 1, of creating an EC2 Instance, we have to decide what type of Instance we want to create, what operating system we want to use.
You can see that we have a lot of options. We can choose Amazon Linux, which is a variant of Synt OS. We can choose Red Hat, we can choose other variants of Linux, or Windows. Here's a little advertisement for Amazon RDS, which is not an EC2 based service, but, if you're looking to create an EC2 Instance, and, then, put a database on it, Amazon would like you to know that there's a service, that does that for you. So, you can see, there are many variants of Windows. I'm going to scroll all the way to the top, and choose Amazon Linux.
So, I'm going to click the big blue Select button, here. Our next choice, is to choose an Instance type. This is the pre-built configuration, for how this machine will be provisioned. You can see some of the different families of Instance types, here, on the side, General purpose, Compute optimized. If we scroll up, and look through General purpose, you can see all the different t2 burstable Instance types, that we discussed, in previous lessons. Already highlighted, is the t2 micro Instance type, which has this green icon, that says its Free tier eligible.
AWS offers certain resources for free, within the first 12 months of your usage, within certain usage limits. T2 micro is one of those Instance types, that's available, in that Free tier. So, we'll keep that highlighted, and go down here, to Next: Configure Instance Details. Here, we see a lot of options. How many Instances do we want to create? We'll leave that at the default of one. Skipping down, you see we have options of where we actually want to place the EC2 Instance, within the networking infrastructure of this account.
This is a brand new account, and, there is a VPC, or virtual data center, already created for us, so, we'll leave that default, there. Scrolling down, you can see that we have options for what happens, when we shut down this Instance. You can choose to Stop, or Terminate it. We don't want our Instances to terminate, when we stop them, so, our Shutdown behavior, will just be Stop. If we expand Advanced Details, you can see that we have an option to include some User data. Remember from our discussion of auto-scaling groups, and launch configurations, that user data is an opportunity for us to put in some shell script, that will be executed on this Instance, when it is first created.
We might choose to install some needed packages, here, or do some other configuration. But, for this demo, we'll leave it blank. Click Next: Add Storage. On this screen, we can choose the type of storage that we want to be allocated, to this Instance. By default, we've got an eight gigabyte General Purpose SSD, attached to this Instance. That's a good default, so, we'll leave it as is, and, choose Next: Tag Instance. Step 5, is tagging your Instance. Tags, in AWS, are metadata key value pairs, that can be attached to almost any resource, that you created.
You can see, if we click the Create Tag button, here, that we're going to get more rows. So, we could say things like Purpose, and say this is going to be a Web Server. Or, let's see, Creator, and, that would be me. These values can be whatever you want. There are third party tools out there, that can do things based on tag values. There are services, in AWS, that will actually do things based on how you've tagged things, but, you may give any value to these that you want.
You can have up to 50 tags, and, later, you can search on tag values, so that you can find things that you've created, in the past. One exception to the anything goes rule, here, of tag values, is the Name tag, capital N name. This tag is a little bit special, in AWS, in that Amazon will show it to you in a number of different places, particularly any time that you're looking at a table of resources, say the EC2 Instance Table. If you've given your EC2 Instance a Name tag, that will show up in the list, clearly, prominently, for you to see.
So, we'll call this MyDemoInstance. And, then, we'll click Next: Configure Security Group. In this step, we're going to create, or configure the security groups that we want to attach, to this EC2 Instance. Because this is a new account, and no security groups exist, yet, we need to go ahead and create one, right here. So, if I added the Security group name, and the Description, we can put in the details of exactly what we want this security group to be. So, why don't we create something that's going to be useful, for our web server. The name should describe what the security group does, and, be easy to understand, at a glance.
So, I'm going to call this one allow http and ssh traffic, using hyphens. And I can be a little more wordy, in my description, say, Allow web traffic on port 80, and ssh traffic on port 22. Down here, I can define those rules. We already have an SSH rule, sitting here, waiting for us, it's predefined by AWS, or, I could go create a Custom TCP Rule, and give any port that I want.
Because SSH is already defined, the protocol TCP is pre-selected, and the port 22 is also pre-selected. The source can come from anywhere. So, I could give a specific IP, a custom range, or, I could have it detect the IP of where I currently am, right now. The all zeroes designator, here, actually means that any traffic, from anywhere in the world, can come into an Instance with this security group, on port 22. It's not terribly secure, and you would not want to leave it that way for a truly important production and since, but, for the purposes of this demo, it's fine.
Now, we also want to add the rule to allow port 80 http traffic, so we'll click Add Rule. You see that we default to Custom TCP Rule. Then, I can give any port that I want, here. So, I could just say port 80, and, apply the same logic, of leaving port 80 open to the world. However, HTTP is another one of these rules that is predefined by AWS, so, to achieve the same effect, I could just choose HTTP. Now that these two rules are defined, and Create a new security group is selected, here, I can go ahead and say Review and Launch, down here, on the bottom, with the blue button.
You can see, in the next step, that Amazon is actually warning us about the insecure nature of our security group, because it's open to the world. We did that with clear eyes, though, so, we can ignore that warning, and move on. On this Review page, we see all of the details of the choices that we made. The Instance type, the AMI, for Amazon Linux, the t2 micro, the security group, and more. Now, it's time to go ahead, and click the big blue Launch button. Now, we're not quite done, because, if you recall, we need a way to get into this EC2 Instance.
There won't be password authentication set up, and Amazon will not provide us with any username and password. Instead, we need to do SSH key pair authentication. This drop down says Choose an existing key pair, but, as you can see, from the next drop down, there are no existing key pairs found. So, we have to choose another option. Click the first drop down, and, you can say Create a new key pair. If you were to click Proceed without a key pair, you'd be up a creek, because you would have no way to log in to this Instance. So, we'll create a new key pair. We can name this key pair anything we want.
So, I'm going to call it demo-key. And I'll click Download Key Pair. This is the only opportunity that I will have, to download this key. And you can see, here it comes, with a .pem extension. That's the private key, that will later allow me to SSH, into this Instance. Now that we've done that, we can say Launch Instances. And, there we go. You can see, from the green box, that AWS is launching this Instance. So, let's head back to the EC2 console and see what's happening.
If I click Services, up here on the top Menu bar, I can see all of the different services, that AWS provides. And, because I've been there recently, I can click EC2, here, under History. You can see that I have one Running Instance. And, I can click that link, to go see them. This is the main list of EC2 Instances, with which you will become quite familiar, as you work with AWS. You can see that because I gave this Instance a tag with a capital Name, as the key value, that my name, MyDemoInstance, appears here, in the list.
The Instance State, over here, is running, with a nice green light next to it, although I cannot log in next, because of the Status Check, which says Initializing, indicating that the Instance is still in the process of booting. While the Instance is booting, we can take a look at a few other things that are visible, on this screen. If I pull this little section up, here, I can see all the details of this Instance, as long as it is selected. We can see the security group, that was attached to this instance, here, allow HTTP SSH traffic, just like we named it.
If we click view rules, you can see a representation of all the rules that have been enabled, on this Instance. So, port 80 is open to the world, as is port 22. If we had multiple security groups attached to this Instance, you would see a matrix of all the groups, and the rules that they allow. We can see the ID of the VPC and subnet, where this Instance is created. We can see the Instance type, t2 micro. And, we can see its state is running. We can also see the Public IP, and Public DNS name, that have been assigned, to this Instance.
By default, these Instances have Public IPs, but, you can specify, when you create an EC2 Instance, that it should not be created. You can see the key pair name that we created, that will allow us into this Instance, that is demo-key, right there. Now that the EC2 Instance has booted, the Status Checks column will have a green check mark, and it will say two of two checks have passed. That means we can now log in to the Instance. So, in order to do that, we're going to need to SSH in, using the .pem file that we downloaded, in the previous step.
Let's head to the terminal. I'm going to navigate to the Downloads directory, where the .pem file is sitting there waiting. Now, if I say ls -l, I can see the permission bits that are set on this file. As I mentioned previously, in order to use this key, we need to set it to permission bits 0400. We use the chmod command, for that. Chmod 0400, and, then, the name of the file, will set the permission bits. So, if I ls again, now you can see it has far fewer permissions than it started.
In fact, it can only be read by the owner, which is me. Now, I can SSH to my Instance, with that. In order to SSH to the Instance, I need to know the Public IP of the Instance, which I can find, down here, in the details of the EC2 console. I'll copy that. The SSH command starts with ssh, and, then, it wants a username. As I mentioned previously, the automatically provisioned main account, for this Instance, is ec2-user. So, we'll log in, as ec2-user@, then the public IP.
And, if we were to just hit Enter, here, we would not be able to log in. We need to tell the ssh command to use the key that's sitting in this folder. That is the -i command, and, if we pass it the demo key, it will use that key explicitly, to log in. Now, we get the typical prompt, that we get any time that we SSH to a new server, of our machine asking us if we want to trust this server, so, we will say yes. And, once the log in occurs, you will see this, the ASCII art that indicates we are now logged in to our EC2 Instance.
And, we can see that we're on an Amazon Linux AMI based Instance, and, we're all logged in to our prompt, ready to do whatever we need to do, to provision, or to deploy an application, to this server. For now, I will just exit, and we're done. We know that we have our Instance up, and, that we can log in to it.
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- Understanding AWS EC2
- Creating an EC2 instance
- Provisioning with CloudFormation
- Architecting apps for horizontal scaling
- Creating an Elastic Beanstalk environment and app
- Using OpsWorks
- Deploying apps with CodeDeploy