Amazon Computer Services
Creating an EC2 instance
Now, we have the necessary information about EC2, its pricing model, and AMIs, let’s understand how to Creating an EC2 Instance using the AWS console.
The following phases represents the process of creating an EC2 instance:
- Log in to the AWS console using valid credentials and go to the EC2 dashboard.
- Tab on the Launch Instance command button.
- Select the appropriate AMI based on the OS, root device type, and virtualization type. The screen, which displays several AMIs to choose from, is shown in the following figure.
By default, we can see several AMIs in QuickStart. If required, we can select My AMIs, which contains all the custom AMIs created in a user’s account. If we choose AWS Marketplace from the left menu, it displays some third-party AMIs available in AWS Marketplace. Marketplace AMIs may not be free.
We can also choose Community AMIs that contain several AMIs contributed by AWS community members. Alternatively, if we just want to create a free tier instance, we can select the checkbox against Free tier only:
- Once we choose an AMI, it displays on the screen as given in the following figure. Select the appropriate instance type from the screen:
- After selecting the instance type from the screen, click on Next: Configure Instance Details. The subsequent screen provides options to Configure Instance details, such as number of instances to launch, payment option (spot or on-demand), VPC and Subnet, Public IP, IAM role, Shutdown Behavior, Termination Protection, advanced monitoring, and user data.
The following figure displays the screen with options to configure instance details:
- Add additional EBS volumes as required. Amazon allows up to 30 GB of General Purpose volume in the free tier. Also, while creating the EC2 instance, at this stage, it is possible to change the Delete on Termination option to true or false for each EBS volume, including root volume.
Once an instance is generated, we can modify the Delete on Termination option for EBS only through CLI or API. After selecting the appropriate option, click on the Next: Add Tags button, as shown in the following figure:
- In the subsequent screen, as shown, we can add tags to your EC2 instance. Amazon assigns a distinct instance ID to every EC2 instance for uniquely identifying an instance. We can also add additional tags to the instance for grouping them based on environment, that is, development, testing, pre-production or production, and so on. These tags are key-value pairs and are case sensitive:
While creating the tags, by ticking against the Volumes column, AWS associates the same tags to each relevant EBS volume associated with the instance. We can see the volume column in the next screenshot. Click on Next: Configure Security Group for the next screen.
- The next screen shows provided options for Configuring Security Group. We can open the required port on a specific protocol and source IPs. Generally, inbound rules are defined based on what ports and protocols are used by the application hosted on the server. We can use a current security group, or we can generate a new one based on the requirement.
The next figure shows security group configuration options. After configuring the security group, we can click on Review and Launch:
- In the subsequent screen of the wizard, we can finally review the configuration options we have selected during the launch instance wizard. If required, we can click on the Previous button and modify the options as needed:
- After verifying all the options, we can click on the Launch button. Once we press on the Launch button, it asks us to either choose a current key pair or generate a new key pair. Select a current key pair or give a proper key name to create a new key pair. Remember to download the key. The key is available to download during this wizard only.
AWS does not provide an option to download the key later on. After giving the key pair detail, we can click on the Launch Instance button. It may take a few minutes, for instance, to launch. The time for an EC2 instance to come to running state depends on the AMI type and instance type.
We can see all the instances on the EC2 dashboard. We can see all the relevant EC2 properties by selecting a specific instance:
Changing EC2 instance type
Once an instance is released, it can be needed to change the instance type based on the need. For example, we can need to change the instance type to accommodate high CPU and memory requirements. Perform the following steps to improve the EC2 instance types. An instance can be amended only if the instance is in Stopped state. Shut down the instance either from the OS or from the EC2 console and follow these phases:
- Log in to the AWS dashboard using valid credentials and go to the EC2 dashboard.
- Go to Instances and select the desired EC2 instance to change the instance type.
- Shut down the EC2 instance. Once an EC2 instance is in the stopped state, right-click on the EC2 instance and change its type by going to Instance Settings | Change Instance Type as shown in the following figure:
- Once the instance type is changed, we can start the instance again. It may take some time, for instance, to come back to the running state.
Connecting to the EC2 instance
For remotely connecting to an EC2 instance in a public subnet, we need to know its public IP or Elastic IP address. To work with EC2 instances residing in a private subnet, we need to create a bastion host in a public subnet and attach an Elastic IP to access it.
For connecting to an instance in a private subnet, first, we need to connect to a bastion host and then from bastion host, connect to the EC2 instances in a private subnet. By default, Linux based EC2 instances can be linked on port 22 using tools including PuTTY.
Microsoft Windows EC2 instances can be linked on port 3389 utilizing the Windows remote desktop utility. To connect to the Linux system, we need to pass username, port, and private key. The public key is embedded inside EC2 instance.
Connecting to a Linux EC2 instance from a Microsoft Windows system. The necessity for linking to a Linux EC2 instance from a Microsoft Windows system are:
- Download PuTTY and PuTTYGen on the Microsoft Windows machine. You can get links for downloading PuTTY and PuTTYGen from http://www.putty.org/.
- Get the public DNS or public/Elastic IP of the desired Linux instance to connect.
- When IPv6 is assigned to an EC2 instance, connecting to it requires the source machine also to have an IPv6 address.
- Keep the relevant private key file handy, which is downloaded while creating an instance.
- Ensure that SSH port 22 is open in inbound rules of the security group assigned to the instance.
- We need to convert the downloaded key file from .pem to a private key as .ppk.
Converting a PEM file to a private key (PPK)
The following phases defines how to convert a .pem file to a .ppk file:
- Open PuTTYGen, and click on the Load button. Select All Files from the dropdown and choose the appropriate .pem file that you need to convert to a .ppk file.
At the time of loading a file, default filtration is only done on .ppk files. Change it to show All Files (*.*) to get a list of desired .pem files to load as follows:
- In the same PuTTYGen screen, make sure parameters are configured to store a public key as an RSA format and bit size 2048.
- Press on the Save private key button.
- When saving the key, a warning dialog box may appear; we can select Yes on the warning.
- Finally, save the public key with the .ppk extension.
Connecting to an EC2 instance using PuTTY session
Once you have a .ppk file, we are ready for connecting to an AWS EC2 Linux instance. The following steps describe the process to initiate an SSH connection with an EC2 instance using PuTTY:
- Run an application PuTTY on Microsoft Windows from where we need to connect to the EC2 instance.
- In the Category pane, on the left-hand side, select Session and provide the following details:
- The default port is 22 for Linux OS.
- Connection type should be SSH.
- Username, default SSH username based on the OS type as shown in the previous table and public DNS or public/ElasticIP. For example:
< username>@< PublicIP>
Example: to connect to RHEL/CentOS 7 EC2 instance:
- On the left-hand side, in the Category pane, select Connection| SSH| Auth and click browse to provide a private key:
- Once we click Open, a security dialog box may appear confirming that we trust the host we are about to connect with. Choose Yes, and SSH connection takes place.
Troubleshooting SSH connection issues
While establishing an SSH connection with an EC2 instance, if all the required details are correctly provided and despite that, it fails to establish an SSH connection, check out the following points:
- It can ensure that we are giving the correct IP address of the instance.
- It can verify the username we have given along with the IP address.
- It can make sure an EC2 instance is up and running.
- It can ensure that the security group has SSH port 22 open and is accessible.
- It can check the OS level firewall and ensure it is not blocking the connection.
- If we are behind a network proxy, ensure that our network proxy is not blocking it.
- It provides that we are using the right .ppk file.
- After verifying all the preceding steps, if we are still not able to log in, we can try stopping and restarting the instance.
- We can also diagnose the issue by preventing the instance, detaching its root drive, and attaching and mounting it to another healthy EC2 instance as a secondary drive. Once the drive is connected to another EC2 instance, we can diagnose configuration issues.