AWS Hands-On Labs - Create and Secure an EC2 Instance

AWS Hands-On Labs - Create and Secure an EC2 Instance

AWS Learning Path for Cloud and DevOps Engineers

Francisco Souza's photo
Francisco Souza
·

4 min read

Table of contents

📝Introduction

The purpose of this Lab is to help you create an EC2 instance and allow for access only from your machine. You will then test this access to ensure that you have configured access correctly.

These are the objectives of this lab:

  • Configure a Security Group

  • Create an EC2 Instance

  • Test Access to the EC2 Instance

📝Log in to the AWS Management Console

Using your credentials, make sure you're using the right Region. In my case, I am using AWS as my cloud provider and chose us-east-1.

📌Note1: You must create the AWS Access Key and AWS Secret Access Key and configure the AWS CLI in the terminal to use it.

📌Note2: At the end of each hands-on Lab, always clean up all the resources previously created to avoid being charged by your Cloud Provider to provision the resources.

You can use link1 and link2 for it.

📝Configure a Security Group

  1. On the left side under Network & Security, click Security Groups.

  2. In the upper right corner, click Create Security Group.

  3. Under Basic Details, set the following values:

    • Security group name: <sg_name>

    • Description: <instance_name>.

    • VPC: Leave at default.

  4. Under Inbound rules, click Add rule and set the following values:

    • Type: Click on the dropdown menu and select SSH.

    • Source: Click on the dropdown menu and select My IP.

  5. Leave the other settings at default, scroll down, and click Create Security Group.

📝Create an EC2 Instance

  1. On the left side under Instances, click Instances.

  2. In the upper right corner, click Launch Instances.

  3. Under Name and Tags, enter <instance_name>.

  4. Under Application and OS Images (Amazon Machine Image), ensure Amazon Linux AMI is selected.

  5. Under Instance type, click on the dropdown menu and select t3.micro.

  6. Under Key pair (login), click Create new key pair.

  7. In the Create key pair pop-up menu, enter <keypair_name>.

  8. Leave the other settings at default and click Create key pair (you should see your key pair in your Downloads folder).

  9. Next to Network settings, click Edit.

  10. Auto-assign public IP, click on the dropdown menu and select Enable.

  11. Under Firewall (security groups), choose Select existing security group.

  12. Under Common Security Group, select the <sg_name> security group you just created.

  13. Under Summary, click Launch instance.

  14. Once the instance has launched, click View all instances.

  15. At the top of the page in the toolbar, click on the refresh icon. You should see My Instance initializing. It may take a few minutes to run.

📝Test Access to the EC2 Instance

  1. Click on the <your_instance> instance ID to navigate into the instance.

  2. In the upper right corner under Private IPv4 addresses, copy the listed private IP address.

  3. Paste the IP address in a separate text document. You'll need it later.

  4. Under Public IPv4 address, copy the listed public IP address (paste the IP address in a separate text document, as well).

  5. In the breadcrumb trail at the top left, click Instances.

  6. Click on the checkbox next to <your_instance>.

  7. In the upper right corner, click Connect.

  8. Under User name, enter <your_username>.

  9. Click Connect. It will fail.

    Try to Access Your Machine from One of the Other Instances

    Connect to My Instance (you'll need the private IP address copied earlier):

     ssh <user_name>@<PRIVATE_IP_ADDRESS>

    Note: This will take a few minutes, but the connection will time out. Access to the new instance should be locked down to only your machine. No other instances should be able to access that instance.

  10. Try to Access the New Instance from Your Machine

    1. Navigate to your Downloads folder:

       cd /Users/<USERNAME>/Downloads/

    2. Set permissions to read-only:

       chmod 400 <keypair_name>.pem

    3. Ensure permissions change was successful:

       ls -al | grep key <keypair_name>.pem

    4. Connect to (you'll need the public IP address copied earlier):

       ssh -i /Users/<USERNAME>/Downloads/<keypair_name>.pem <user_name>@<PUBLIC_IP_ADDRESS>

    5. You may get a prompt confirming access. If so, type yes.

    6. You should successfully connect to the instance.

📌Note - At the end of each hands-on Lab, always clean up all the resources previously created to avoid being charged if you used a Cloud Provider to provision them.

Congratulations — you have completed this hands-on lab covering the basics of creating an AWS EC2 instance and allowing for access only from your machine securely using SSH protocol.

Thank you for reading. I hope you understood and learned something helpful from my blog.

Please follow me on CloudDevOpsToLearn and LinkedIn, franciscojblsouza

DevopsDevops articlesDevOps JourneyCloudCloud ComputingAWS