Create an EC2 instance

- [Instructor] Let's take a look at what it takes to create an EC2 instance from the AWS console. Here we are the home page for AWS. Take a look around, and you can see sections to show our recently viewed services. If this is your first time here, there won't be anything here. You'll see quick starts for several popular things that you might want to do, including launch a virtual machine EC2 instance, which we will do in a few minutes. There's also the entire list of AWS services down here, and a nice quick search bar where you can type things like EC2 and get a quick filter of just the things that you're interested.

If you scroll to the top, you can see your name up here in the top representing your account, and you can see, right here, that it says Oregon, representing the fact that I am in the US West region. You can see all the other region options here, and if I select any one of them the AWS console will automatically switch me to that region, and any resources that I create will be created in that region. You can also see in the URL that we have up here in the URL bar us-west-2, representing the Oregon region.

So now we want to create an EC2 instance. Let's click this quick start button right here to say Launch a Virtual Machine EC2 Instance. From here, you can take a simplified wizard and create an EC2 instance in just a few steps, but if you want to get into the details of all things that you can control when creating an EC2 instance, you want to click Advanced EC2 Launch Instance Wizard. Now at step one of creating an EC2 instance, we have to decide what type of instance we want to create, what operating system we want to use.

You can see that we have a lot of options. We can choose Amazon Linux, which is a variant of CentOS. We can choose RedHat, we can choose other variants of Linux, or Windows. Here is a little advertisement for Amazon RDS, which is not an EC2-based service, but if you're looking to create an EC2 instance and put a database on it, Amazon would like you to know that there's a service that does that for you. So you can see there are many variants of Windows. I'm going to scroll all the way to the top, and choose Amazon Linux. So I'm going to click the big blue Select button here.

Our next choice is to choose an instance type. This is the pre-built configuration for how this machine will be provisioned. You can see some of the different families of instance types here on the side, general purpose, computer optimized. If we scroll up and look through general purpose, you can see all the different T2 burstable instance types that we discussed in previous lessons. Already highlighted is the t2.micro instance type, which has this green icon that says it's free tier eligible.

AWS offers certain resources for free within the first 12 months of your usage, within certain usage limits. t2.micro is one of those instance types that's available in that free tier. So we'll keep that highlighted, and go down here to Next: Configure Instance Details. Here we see a lot of options. How many instances do we want to create? We'll leave that at the default of one. Skipping down, you see we have options of where we actually want to place the EC2 instance within the networking infrastructure of this account.

This is a brand new account, and there's a VPC, or Virtual Data Center, already created for us. So we'll leave that default there. Scrolling down, you can see that we have options for what happens when we shut down this instance. You can choose to stop or terminate it. We don't want our instances to terminate when we stop them, so our shutdown behavior will just be stop. If we expand Advanced Details, you can see that we have an option to include some user data. Remember from our discussion of auto-scaling groups and launch configurations, the user data is an opportunity for us to put in some shell script that will be executed on this instance when it is first created.

We might choose to install some needed packages here, or do some other configuration, but for this demo we'll leave it blank. Click Next: Add Storage. On this screen, we can choose the type of storage that we want to be allocated to this instance. By default, we've got an eight gigabyte general purpose SSD attached to this instance. That's a good default, so we'll leave it as-is and choose Next: Tag Instance. Step five is tagging your instance. Tags in AWS are metadata key-value pairs that can be attached to almost any resource that you create.

You can see if we click the Create Tag button here that we're going to get more rows, so we can say things like Purpose, and say this is going to be a Web Server. Or, let's see, Creator, and that would be me. These values can be whatever you want. There are third-party tools out there that can do things based on tag values. There are services in AWS that will actually do things based on how you tag things, but you may give any value to these that you want.

You can have up to 50 tags, and later you can search on tag values so that you can find things that you've created in the past. One exception to the anything goes rule here of tag values is the Name tag, capital N, Name. This tag is a little bit special in AWS in that Amazon will show it to you in a number of different places, particularly anytime that you're looking at a table of resources. Say, the EC2 instance table. If you've given your EC2 instance a name tag, that will show up in the list clearly, prominently for you to see.

So we'll call this MyDemoInstance, and then we'll click Next: Configure Security Group. In this step, we're going to create or configure the security groups that we want to attach to this EC2 instance. Because this is a new account, and no security groups exist yet, we need to go ahead and create one right here. So if I edit the security group name and description, we can put in the details of exactly what we want this security group to be. So why don't we create something that's going to be useful for our web server? The name should describe what this security group does, and be easy to understand at a glance.

So I'm going to call this one allow-http and ssh-traffic, using hyphens. And I can be a little more wordy in my description, say Allow web traffic on port 80 and SSH traffic on port 22. Down here, I can define those rules. We already have an SSH rule sitting here waiting for us. It's pre-defined by AWS, or I can go create a custom TCP rule and give any port that I want.

Because SSH is already defined, the protocol TCP is preselected, and the port 22 is also preselected. The source can come from anywhere. So I could give a specific IP, a custom range, or I have it detect the IP of where I currently am right now. The all zeroes designated here actually means that any traffic from anywhere in the world can come into an instance with this security group on port 22. It's not terribly secure, and you would not want to leave it that way for a truly important production instance, but for the purposes of this demo, it's fine.

Now we also want to add a rule to allow port 80 HTTP traffic, so we'll click Add Rule. You see that we default to Custom TCP Rule, and I can give any port that I want here. So I could just say port 80, and apply the same logic of leaving port 80 open to the world. However, HTTP is another one of these rules that is predefined by AWS, so to achieve the same effect, I could just choose HTTP. Now that these two rules are defined, and Create new security group is selected here, I can go ahead and say Review and Launch down here on the bottom with the blue button.

You can see in the next step that Amazon is actually warning us about the insecure nature of our security group, because it's open to the world. We did that with clear eyes, though, so we can ignore that warning and move on. On this review page, we see all the details of the choices that we made. The instance type, the AMI for Amazon Linux, the t2.micro, the security group and more. Now it's time to go ahead and click the big blue Launch button. Now we're not quite done, because, if you recall, we need a way to get into this EC2 instance.

There won't be password authentication set up, and Amazon will not provide us with any username and password. Instead, we need to do SSH key pair authentication. This drop-down says choose an existing key pair, but as you can see from the next dropdown, there are no existing key pairs found. So we have to choose another option. Click the first drop down, and you can say Create a new key pair. If you were to click Proceed without a key pair, you'd be up a creek because you would have no way to log into this instance. So we'll create a new key pair. We can name this key pair anything we want, so I'm going to call it demo-key.

And I'll click Download Key Pair. This is the only opportunity that I will have to download this key. And you can see here it comes with the .pem extension. That's the private key that will later allow me to SSH into this instance. Now that we've done that, we can say Launch Instances. And there we go. You can see from the green box that AWS is launching this instance. So let's head back to the EC2 console and see what's happening. If I click Services up here in the top menu bar, I can see all the different services that AWS provides.

And because I've been there recently, I can click EC2 here under history. You can see that I have one running instance, and I can click that link to go see them. This is the main list of EC2 instances with which you will become quite familiar as you work with AWS. You can see that because I gave this instance a tag with capital Name as the key value, that my name, MyDemoInstance, appears here in the list. The instance state over here is running with a nice green light next to it, although I cannot log in next because of the status check which says initializing, indicating that the instance is still in the process of booting.

While the instance is booting, we can take a look at a few of the other things that are visible on this screen. If I pull this little section up here, I can see all the details of this instance as long as it's selected. We can see the security group that was attached to this instance here, allow-http-ssh-traffic just like we named it. If we click View Rules, you can see a representation of all the rules that have been enabled on this instance. So port 80 is open to the world, as is port 22.

If we had multiple security groups attached to this instance you would see a matrix of all of the groups, and the rules that they allow. We can see the ID of the VPC and subnet where this instance is created. We can see the instance type, t2.micro, and we can see its state is running. We can also see the public IP and public DNS name that have been assigned to this instance. By default, these instances have public IPs, but you can specify when you create an EC2 instance that it should not be created.

You can see the key pair name that we created, that will allow us into this instance. That is demo-key right there. Now that the EC2 instance has booted, the status checks column will have a green checkmark, and it will say two of two checks have passed. That means we can now log into the instance. So in order to do that, we're going to need to SSH in using the pem file that we downloaded in the previous step. Let's head to the terminal. I'm going to navigate to the Downloads directory, where the pem file is sitting there waiting. Now, if I say ls -l, I can see the permission bits that are set on this file.

As I mentioned previously, in order to use this key, we need to set it to permission bits 0400. We use the chmod command for that. chmod 0400, and then the name of the file, will set the permission bits. So if I ls again, now you can see it has far fewer permissions than it started. In fact, it can only be read by the owner, which is me. Now, I can SSH to my instance with that. In order to SSH to the instance, I need to know the public IP of the instance, which I can find down here in the details of the EC2 console.

I'll copy that. The SSH command starts with ssh, and then it wants a username. As I mentioned previously, the automatically provisioned main account for this instance is ec2-user. So we'll log in as ec2-user at, then the public IP, and if we were to just hit enter here, we would not be able to log in. We need to tell the SSH command to use the key that is sitting in this folder. That is the -i command. And if we pass in the demo-key, it will use that key explicitly to log in.

Now we get the typical prompt that we get anytime that we SSH to a new server, of our machine asking us if we want to trust this server, so we will say yes. And once the login occurs, we will see this. The ASCII art that indicates we are now logged into our EC2 instance. We can see that we're on an Amazon Linux AMI based instance, and we're all logged in on our prompt ready to do whatever we need to do to provision or deploy an application to this server. Right now I will just exit, and we're done.

We know that we have our instance up, and that we can log into it.