This post will walk through the preliminary steps when starting out with Amazon EC2 (Amazon Elastic Cloud Compute).
- Create your AWS account
- Create an IAM user
- Create a key pair
- Create a Virtual Private Cloud (VPC)
- Create a security group
1. Create your AWS account
Amazon make available a tier of services which is free for 12 months from the point of signing up, visit https://aws.amazon.com/free/ and click the “Sign up for an AWS account” link. It is necessary to submit payment details and also to validate the AWS account via telephone.
Services may be billable after the 12 months or if you exceed usage limits (more details can be found on the website).
2. Create an IAM user
It is recommended to not use your AWS account for accessing AWS resources e.g. via command line or PuTTY but instead create an IAM user for this purpose. The IAM user can be added to IAM group(s) with specified permission.
2a. Create the group.
Browse to https://console.aws.amazon.com/iam/ and login using your AWS account credentials.
From the left-hand menu select Groups and then from the main pane select Create New Group (Figure 1).
Enter a name for the group, ‘Administrators’, and click Next Step (bottom right corner) (Figure 2).
Next, attach the AdministratorAccess policy to the group by checking the tick box and clicking Next Step (Figure 3).
Review the information and then click Create Group (Figure 4).
The new group will be displayed.
2b. Create the user.
From the left-hand menu select Users and then from the main pane select Create New Users (Figure 5).
Enter a name for your IAM user account, clear the “Generate an access key for each user” tick box and click Create (Figure 6).
2c. Assign password and add to group.
Choose the account just created (click on the actual username) (Figure 7).
Choose the Groups tab and then click Add Users to Groups (Figure 8).
From the list, select the Administrators group created previously and then click Add to Groups.
Next, click the Security Credentials tab. Under the Sign-In Credentials section, click manage Password (Figure 9).
Click the “Assign a custom password” radio button and then enter and confirm a password then click Apply (Figure 10).
Confirmation that the password is set will now be shown by a “Yes” in the Password field under Sign-In Credentials.
This new account can be used to sign in via the dedicated console for your account. The URL includes your AWS account number, e.g. https://3XXX1022XXX5.signin.aws.amazon.com/console – this URL is available from the IAM dashboard (Figure 11).
It is also possible to create an alias for the account ID if you do not wish to have your account number visible, to do this, click the Customize link to the right of the URL.
It is advised to use this new account when using AWS rather than the main account login.
3. Create a key pair
This is used when logging in to a Linux instance securely via SSH. A separate key pair will be required for each region used.
Browse to the URL for the dedicated console from the previous step using the newly created account, e.g. https://3XXX1022XXX5.signin.aws.amazon.com/console.
Under AWS Services, expand Compute and click EC2 (Figure 12).
Next, choose the region (Figure 13) where you want to launch your EC2 instance. This region does not need to reflect your own geographic location. You can create instances in multiple regions but each region requires it’s own key pair.
From the left-hand menu, under Network & Security, select Key Pairs (Figure 14).
You will be told that there are no Key Pairs for the selected region, click the Create Key Pair button (Figure 15).
In the text box enter a name for the new key pair such as <username>-key-pair<region> e.g. jknight-key-pair-uswest2. jknight is the user created previously and uswest2 represents the second US West entry in the regions list, Oregon, selected earlier. Once happy with the name, click the Create button (Figure 16).
The private key will be automatically downloaded by the web browser, the file will have the name of the key pair with the .pem extension, copy this somewhere safe. You will need this file when you connect to your EC2 instance, if you intend to use PuTTY then you will need to convert this pem file into a ppk file, this will be covered shortly.
3a. Linux/Mac preparation
If you will be connecting to your instance from a Linux or Mac with SSH then you will need to make the pem file read-only for your user e.g. chmod 400 jknight-key-pair-uswest2.pem
3b. Windows preparation
To connect to the instance from a Windows computer using PuTTY you will first need to create a ppk file from the pem file just downloaded.
Download PuTTY (full product) if it is not already on the computer.
Run Puttygen, I’m using a Windows 8.1 machine so from the Start screen I just type puttygen and then click on the puttygen.exe result.
When this application loads, ensure that SSH-2 RSA key type is selected (Figure 17).
Click Load and change the file type from Putty Private Key Files (*.ppk) to All Files (*.*) and then browse to and select the pem file. Click Open. Click OK to confirm the successful import of the key.
Click Save private key, then Yes to confirm that you want to save the key without a passphrase. Give the ppk file the same name as the pem file and click Save.
4. Create a Virtual Private Cloud (VPC)
A non-default VPC can be created into which you can launch your EC2 instance. It is not necessary to create a VPC if a default one is available, you can see if one is available from the EC2 dashboard under Account Attributes on the right-hand side (Figure 18.)
I’ll come back and cover this step later, let me know in the comments section if this would help.
5. Create a security group
Security groups restrict access to and from your EC2 instance just like a firewall. You will need to add rules to allow SSH connections (inbound) and also web traffic (inbound/outbound). Each region requires it’s own security groups.
As the SSH connection will be made from your computer, you will need the public IP address. Amazon provide a service for this, http://checkip.amazonaws.com/. Make a note of your IP address as you will need this shortly.
From the EC2 dashboard, under Network & Security, select Security Groups (Figure 19). N.B. ensure that you still have the same region selected as when you created your key pair.
Click Create Security Group (Figure 20).
Enter a Security group name such as <username>_SG_<region> e.g. jknight_SG_uswest2 and a description. Select the VPC, the default VPC (if present) is indicated by an asterisk.
We will now create the inbound rules to allow access to the instance.
Click Add Rule. From the Type dropdown list, select HTTP and check that Source is set to Anywhere.
Click Add Rule. Select HTTPS and check that Source is set to Anywhere.
Click Add Rule. Select SSH and check that Custom is selected. Add the IP address for your computer previously determined, if adding a single IP address it is necessary to specify it in CIDR format by adding /32 to the end. e.g. 188.8.131.52/32
Click Create (Figure 21).
Now all the set-up is complete, you are ready to launch your EC2 instance and connect to it – well done for sticking with it this far!