Spinning up an EC2 instance.

Spinning up an EC2 instance on AWS appears to be a daunting task, and it is, but once you have gone through the steps a couple of times and understand how the console is set up, provisioning your own instance can be done in minutes. In this tutorial, I will show you how to create and access your EC2 instance using the AWS console and Secure Shell (SSH) to login through your terminal. The first thing you will need to do is log in to your AWS account. After log in, you should be redirected to the AWS console, if you are not, click on the orange cube at the top left corner of the page to access it. When you get to the console, click on the ‘EC2: Virtual Servers in the Cloud’ link under the ‘Compute’ subsection (orange icons) on the console page, this will take you to the EC2 dashboard.

The EC2 dashboard contains links to everything EC2 related and shares links to services from the AWS console. For this tutorial, you are only going to concern yourself with the ‘Resources’ and ‘Create Instance’ sections of the dashboard. Within the ‘Resources’ section of the page there is a list of nine links that display the number of each service your account is currently using. For the sake of brevity, I am going to cover just a few of these as they relate to starting your first EC2 instance.

Running Instances:

The running instances link displays the number of instances you currently have running. If you click through to the instances page, there is a table of the instances you have running (probably blank at this point), and at the top of the page and option to ‘Launch Instance’.

Key Pairs:

This link displays the number of key-pairs you have associated with your AWS account. These key-pairs act as certificates that allow you to access the instances you have started. When you start an instance, you will be prompted to either associate a key-pair with that instance, or create a new key-pair to save it to your machine. We will cover this in step seven of this tutorial.

Security Groups:

Security groups act as a firewall for your instance. Within security groups you will define which ports you would like to have access to your server. We will discuss security groups further in the step six of this tutorial.

Step 1: Choose an Amazon Machine Image (AMI)

An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance. You can select an AMI provided by AWS, our user community, or the AWS Marketplace; or you can select one of your own AMIs.

As Amazon states, an AMI is the software configuration your instance is going to run. Amazon offers dozens of software options for your instance, and the AWS marketplace and community has thousands more. Some of the AMIs provided are services offered by companies like Chef and cost money to provision but come pre-configured. For this tutorial, you are going to select the ‘Amazon Linux’ AMI at the top of the page.

Under the icon of the AMI you will see a box that reads ‘Free tier eligible’. These AMIs are able to be provisioned on t2.micro instances. The free tier of AWS allows a user to consume 750 hours per month of compute time on any eligible instance using any eligible AMI free of charge (750 hours is roughly one month of service running 24 hours per day). Keep in mind that compute time is calculated across all running instances. If, for example you have two instances running simultaneously, you will be using two compute hours for every hour both instances are running. Click on the blue ‘Select’ button for the Amazon Linux AMI.

Step 2: Choose an Instance Type

Before you select an instance type, scroll through the list of options available. AWS provides instance states that are included in family groups. These groups include ‘General Purpose’, ‘Compute Optimized’, ‘GPU instances’, ‘Memory Optimized’, and ‘Storage Optimized’. You can learn about these instance types in the AWS docs here. You are going to select the ‘t2.micro’ instance, in the general purpose family that is free tier eligible. This instance includes one virtual CPU, one gigabyte of ram and an EBS storage volume for your application. The EBS storage volumes are also included as part of the AWS free tier which includes 30GBs per month of volume storage.Each instance you start will need to be paired with an EBS volume, and the volume cannot be deleted while the instance is provisioned in either the ‘Started’ or ‘Stopped’ state. The EBS volume will also be deleted if the instance is terminated, but you will prompted with a warning for this deletion when you terminate the instance. Ensure that the t2.micro is selected and click ‘Next: Configure Instance Details’ button at the bottom of the screen.

Step 3: Configure Instance Details

The instance details page allows you to set the number of instances you wish to provision, purchasing options for spot instances, selectors for which virtual private cloud you would like to deploy the instance to, which availability zone subnet you would like to use, and Public IP settings. You can also select which IAM role would like to use for this instance, the instance’s shutdown behavior, if you want to use

CloudWatch monitoring software and if you want to deploy the instance to a dedicated host. From this window, you can also launch an auto-scaling group of this instance type. Auto-scaling groups allow you to set CPU and load limits on instance types and spin up new instance of the same type when your current instance(s) reach that limit. These auto-scaling groups are one of the most powerful services provided by AWS. When your application’s volume reaches your current server’s limits, AWS will automatically provision more computing power for your application and tear down those servers when the load is reduced. For more information on this service, check the documentation previously linked. Keep the form in its default state, be sure to leave the number of instances set to one, but set your IAM role to the role you created in the first tutorial and click ‘Next: Add Storage’ at the bottom of the screen.

Step 4: Add Storage

Adding storage allows you to provision additional storage volumes to your instance. Clicking the ‘Add New Volume’ button will add another EBS storage volume to your instance. You can then define the device label in the second column, name the volume in the ‘Snapshot’ column, adjust the size, select the volume type and manage whether or not you wish for the volume to be deleted when you terminate the instance. You can learn more about the types of storage options available for your instance in the AWS storage documentation. Each instance has to have a root volume associated with it to save your OS and application data to. For the purposes of this lesson I would recommend keeping the ‘Delete on termination’ option selected because you will want this volume deleted when you shut down the instance at the end of the lesson. For now, you are going to keep the options set to their defaults and move on to step five. Click the ‘Next: Add Tags’ button at the bottom of the screen when you are ready to continue.

Step 5: Add Tags

Tags are a metadata characteristic of your EC2 instance. Tags will allow you to more easily identify and organize the instance you have running on your AWS account. Tags are simply key value pairs that allow the user to organize and find their instances. For example, if your team of engineers are working on separate projects and you are responsible for the AWS account, you might label your instances with the name of the owner for each product, which stack they are using, and the name of the application that belongs on each instance.

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment… …We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add.

Supply your instance with a tag and click the ‘Next: Configure Security Group’ button at the bottom of the screen to continue.

Step 6: Configure Security Group

The security configuration step appears, on its face to be very simple, yet this step will require you to stop and think about which services you are using on your application and understand which ports those services will use. Security group options allow you to set and control the flow of traffic into your instance. In much the same way you need to configure the ports open on your PC, or in the HTTP service for your server, you need to open those same ports, and sometimes more on your instance to allow traffic into your instance.

Check the ‘Assign a security group’ bubble that creates a new security group and provide it a security group name. We can also provide it with a description that explains what the group will be used for and which ports it is going to assign to our instance. The rules table has four columns that include type, protocol, port range, and source.

The type column includes a drop drown of port types that are standardized across the industry. The AWS console defaults to allow SSH access on port 22 and you can leave it as is. Under the source column, select the drop down and choose the ‘My IP’ option. This should update the IP text field with your machines current IP and will allow SSH access into the instance from only that address. One thing to be aware of when setting your source IP is that it will restrict access to the instance from other locations. If you work from both home and work, you will need to add both IP’s to the access list before you are able to SSH into the instance at your remote location. A word of warning, not opening port 80 for HTTP access and port 443 for HTTPS access will prevent normal web traffic from accessing your instance. It is certainly worth investigating the port requirements the services your application is going to use and open them as necessary on your instance. By default, if you open up a port to receive traffic, the instance will allow outbound traffic on that same port. Confirm that the port type is set to SSH, on port 22, and the source is set to your ‘My IP’, then click the ‘Review and Launch’ button at the bottom of the screen.

Step 7: Review Instance Launch

The review and launch page is a review of the configuration settings we provided the instance in the previous steps. It is worth reviewing the instance details to ensure you have selected the correct AMI, instance type and security group. There may also be warnings on this page if you did not lock down IP access for the SSH port on your security group. If there is no yellow warning box on your screen, click the ‘Launch’ button continue.

Creating your first key pair:

In order to SSH into our instance, we are going to need to download a new SSH key pair that is associated with the instance:

A key pair consists of a public key that AWS stores, and a private key file that you store. Together, they allow you to connect to your instance securely. For Windows AMIs, the private key file is required to obtain the password used to log into your instance. For Linux AMIs, the private key file allows you to securely SSH into your instance.

If it is not already selected, open the first drop down menu and select “Create a new key pair” from the list. Supply the key pair with a name and click ‘Download Key Pair’.


The key-pair file you associate with this instance and download onto your machine needs to be stored in a secure location. Once the key-pair is assigned to your instance, you will not be able to change it.

When the .pem file is finished downloading, click the button in the window to start the instance. You should be re-routed to the ‘Launch Status’ page with a green flash message that states ‘Your instances are now launching’. Click the ‘View Instances’ button at the bottom of the page to return to the EC2 Dashboard. The table on the page should now show your instance. Check the ‘Instance State’ column to see if the instance is green ‘running’ or yellow ‘initializing’ (the instances can take some time to start, if you attempt to SSH into the instance while it is it initializing, it will refuse the connection; when the ‘Instance State’ is green continue to the next step).

Step 8: SSH into your instance

To access your EC2 instance you will need to SSH into it through your terminal. The first thing you need to do is change the permissions of your key-pair.pem to read-only otherwise we will get an ‘Unprotected Key File’ error. To do this, you will need to run a change-mode command in your terminal for that file. In your terminal type ‘chmod 400 #{FILE_PATH}’. Next, we will use the SSH command, combined with the key-pair location, the username of the instance (‘ec2-user’) and the instance’s public DNS to connect to your instance. To connect to the server, type ‘ssh -i ~/#{YOUR_KEY_LOCATION} ec2-user@#{YOUR_PUBLIC_EC2_DNS}’ into your terminal and press ‘Enter’.

When you receive the prompt regarding the ‘ECDSA key fingerprint’ asking if you want to continue, type ‘yes’ and press enter. You may receive another warning about the instance DNS being added to the list of known hosts, if you do and that warning closes your connection, reconnect to the instance using the same command and it will open the CLI for the instance. The CLI image on the left is what you will see if you successfully log in. The first line will tell you where the last login to the instance came from, the ASCII art is a display of the AMI type you are using. The URL beneath the AMI is a link to the latest release notes about the AMI you have installed. The next line tells you if you need a security update for your instance and the line after that explains how to update it. The last line is your input line for the instance. To the left of the @ symbol is the user you are logged as. Type ‘sudo yum update’ to see what happens (this will update the software on your instance).

The last step is to terminate the instance. We don’t want to keep an empty instance running and use our free tier hours so return to the EC2 dashboard and select the instance you have running. Click on the ‘Actions’ button dropdown at the top of the page, from that menu highlight the ‘Instance State’ menu and click on ‘Terminate’. You will be prompted to confirm the termination of the instance and the deletion of the EBS volume associated with it. Click on ‘Yes, Terminate’ to shut the instance down.

Don’t forget to check out my other AWS articles linked below:

Connecting an AWS VPC to your VPN — From the Cloud to the Colo.

Medium, Lambda, and Me (or how I export Medium stories to my website)

Setting up your Identity and Access Management for AWS

Originally published at www.nzenitram.com on February 12, 2017.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store