Intro

For this prep lab, you will test access to your AWS Academy Console, create and test authentication keys, and spin up a test instance in EC2.

Step 1: Create a key pair

AWS uses public-key cryptography to secure the login information for your instance. A Linux instance has no password; you use a key pair to log in to your instance securely. You specify the name of the key pair when you launch your instance, then provide the private key when you log in using SSH.

You can create new key pairs using the Amazon EC2 console. Key pairs are associated with regions - make sure that your region (upper right) is set to US-EAST-1)

---

To create your key pair

1. Navigate to the Amazon EC2 Console from the AWS Console (select EC2 from the Services pane)

2. In the navigation pane, choose Key Pairs > Create key pair.

3. For Name, enter a descriptive name for the key pair. Amazon EC2 associates the public key with the name that you specify as the key name. A key name can include up to 255 ASCII characters. It can’t include leading or trailing spaces.

4. For File format, choose the format in which to save the private key. To save the private key in a format that can be used with OpenSSH, choose pem. To save the private key in a format that can be used with PuTTY, choose ppk.

5. Choose Create key pair.

The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is determined by the file format you chose.

Save the private key file in a safe place.

Important: This is the only chance for you to save the private key file. Please - this is important! Save your key to somewhere you can access it. Having a copy on Google Drive is good for the labs (although not in a production setting) If you will use an SSH client on a macOS or Linux computer to connect to your Linux instance, use the following command to set the permissions of your private key file so that only you can read it.

6. chmod 400 my-key-pair.pem If you do not set these permissions, then you cannot connect to your instance using this key pair. For more information, see Error: Unprotected private key file.

---

Step 2. Create a security group

Security groups act as a firewall for associated instances (think host-based firewall), controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your instance using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere.

Note that if you plan to launch instances in multiple Regions, you'll need to create a security group in each Region. For more information about Regions, see Regions and Zones. We will use one Region so make sure that your security group is in the same region as your key pair.

To create a security group with least privilege

Continue working in the Amazon EC2 console

1. From the upper right navigation bar, make sure that the US-East 1 (N. Virgina) Region is selected. Security groups are specific to a Region, so you should select the same Region in which you created your key pair.

2. In the navigation pane, choose Security Groups > Choose Create security group.

3. In the Basic details section, do the following:

   1. Enter a name for the new security group and a description. Use a name that is easy for you to remember, such as your user name, followed by SG, plus the Region name. For example, me_SG_uswest2.

   2. In the VPC list, select your default VPC for the Region.

4. In the Inbound rules section, create the following rules (choose Add rule for each new rule):

   1. Choose HTTP from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).

   2. Choose HTTPS from the Type list, and make sure that Source is set to Anywhere (0.0.0.0/0).

   3. Choose SSH from the Type list. In the Source box choose Anywhere or you can restrict it to your local IP or network.

Choose Create security group.

Submission: Screenshot showing security group created

Step 3: Launch an instance

You can launch a Linux instance using the AWS Management Console as described in the following procedure.

This tutorial is intended to help you launch your first instance quickly, so it doesn't cover all possible options.

For this Lab - Continue to use the AWS Console from AWS Educate Learner Lab

To launch an instance

1. Open the Learner Lab Amazon EC2 console from your AWS Educate Learner Lab Canvas Course - and going to Services - EC2

2. From the console dashboard, choose Launch Instance.

3. The Choose an Amazon Machine Image (AMI) page displays a list of basic configurations, called Amazon Machine Images (AMIs), that serve as templates for your instance. Select an HVM version of Amazon Linux 2. Notice that these AMIs are marked "Free tier eligible."

4. On the Choose an Instance Type page, you can select the hardware configuration of your instance. Select the t2.micro instance type, which is selected by default. The t2.micro instance type is eligible for the free tier. In Regions where t2.micro is unavailable, you can use a t3.micro instance under the free tier. For more information, see AWS Free TierLinks to an external site..

5. Choose Review and Launch to let the wizard complete the other configuration settings for you. (Note: There was no wizard when I went through set up, so review your own work before launching the instance)

6. On the Review Instance Launch page, under Security Groups, you'll see that the wizard created and selected a security group for you. You can use this security group, or alternatively you can select the security group that you created when getting set up using the following steps:

7. Choose Edit security groups.

8. On the Configure Security Group page, ensure that Select an existing security group is selected.

9. Select your security group from the list of existing security groups, and then choose Review and Launch.

10. On the Review Instance Launch page, choose Launch.

11. When prompted for a key pair, select Choose an existing key pair, then select the key pair that you created when getting set up.

Warning Don't select Proceed without a key pair. If you launch your instance without a key pair, then you can't connect to it. When you are ready, select the acknowledgement check box, and then choose Launch Instances.

9. A confirmation page lets you know that your instance is launching. Choose View Instances to close the confirmation page and return to the console.

10. On the Instances screen, you can view the status of the launch. It takes a short time for an instance to launch. When you launch an instance, its initial state is pending. After the instance starts, its state changes to running and it receives a public DNS name. (If the Public DNS (IPv4) column is hidden, choose Show/Hide Columns (the gear-shaped icon) in the top right corner of the page and then select Public DNS (IPv4).)

11. It can take a few minutes for the instance to be ready so that you can connect to it. Check that your instance has passed its status checks; you can view this information in the Status Checks column.

Submit Screenshot: Showing instance running in EC2 Console

---

Step 4: Connect to your instance

There are several ways to connect to your Linux instance. For more information, see Connect to your Linux instanceLinks to an external site..

Important You can't connect to your instance unless you launched it with a key pair for which you have the .pem file (or .ppk for Putty) and you launched it with a security group that allows SSH access from your computer. If you can't connect to your instance, see Troubleshooting connecting to your instanceLinks to an external site. for assistance.

Note:

if using PUTTY, you may need to convert your .pem file to a .ppk file - you can do this with puttygen.exe Also, OpenSSH can (and may already) be installed in Windows 10 - so you can try the ssh command with the .pem file from a powershell terminal Submit: Screenshot showing successful connection

---

Step 5: Clean up your instance

After you've finished with the instance that you created for this tutorial, you should clean up by terminating the instance.

Important Terminating an instance effectively deletes it; you can't reconnect to an instance after you've terminated it.

If you launched an instance that is not within the AWS Free TierLinks to an external site., you'll stop incurring charges for that instance as soon as the instance status changes to shutting down or terminated. If you'd like to keep your instance for later, but not incur charges, you can stop the instance now and then start it again later. For more information, see Stopping InstancesLinks to an external site..

To terminate your instance

In the navigation pane, choose Instances. In the list of instances, select the instance.

Choose Actions, Instance State, Terminate.

Choose Yes, Terminate when prompted for confirmation.

Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it remains visible on the console for a short while, and then the entry is deleted.

Submit: Screenshot showing instance terminated in EC2 console