Step 3: Launch an instance into your subnet
Sebastian Torres
Posted on April 17, 2022
To test that your subnet is public and that instance in the subnet are accesible over the internet, launch an instance into your public subnet and connect to it. First, you must create a security group to associate with your instance, and a key pair with which you'll connect to your instance. For more information about security groups, see Control traffic to resources using security groups. For more information about key pairs, see Amazon EC2 key Pairs on the Amazon EC2 User Guide for Linux Instances.
To launch and connect to an instance in your public subnet.
- Create a key pair and use the
--query
option and the--output
text option to pipe your private key directly into a file with the.pem
extension.
$ aws ec2 create-key-pair --key-name MyKeyPair --query "KeyMaterial" --output text > MyKeyPair.pem
In this example, you launch an Amazon Linux instance. If you use an SSH client on a Linux or Mac OS X operating system to connect to your instance, use the following command to set the permissions of your private key file so that only you can read it.
$ chmod 400 MyKeyPair.pem
- Create a security group in your VPC using the
create-security-group
command.
$ aws ec2 create-security-group --group-name SSHAndHTTPccess --description "Security group for SSH and HTTP access" --vpc-id vpc-2f09a348
{
"GroupId": "sg-e1fb8c9a"
}
Add a rule that allow SSH access from anywhere using the authorize-security-group
command.
$ aws ec2 authorize-security-group-ingress --group-id sg-e1fb8c9a --protocol tcp --port 22 --cidr 0.0.0.0/0
Add another rule that allows inbound HTTP traffic from anywhere.
$ aws ec2 authorize-securty-group-ingress --group-id sg-e1fb8c9a --protocol tcp --port 80 --cidr 0.0.0.0/0
ℹ Note
If you use0.0.0.0/0
, you enable all IPv4 addresses to access your instance using SSH. This is acceptable for this short exercise, but in production, authorize only a specific IP address or range of addresses.
- Launch an instance into your public subnet, using the security group and key pair you've created. In the output, take note of the instance ID for your instance. You must perform the same steps to launch at least one more instance.
When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.
You can also pass this data into the launch wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls). Create a shell file with the following script that creates and configures our simple web server.
#!/bin/bash
# User data for new EC2 instances
# install httpd (Linux 2 version)
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello World!</h1> <h1>This is $(hostname -f)</h1>" > /var/www/html/index.html
The following command show how to specify the script using the shell file. Be sure to use the file://
prefix to specify the file.
$ aws ec2 run-instances --image-id ami-03ededff12e34e59e --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-e1fb8c9a --subnet-id subnet-b46032ec --user-data file://my_script.sh
ℹ Note
In this example, the AMI is an Amazon Linux 2 AMI in the US East (N. Virginia) Region. If you're in a different Region, you'll need the AMI ID for a suitable AMI in your Region. For more information, see Finding a Linux AMI in the Amazon EC2 User Guide for Linux Instances.
- Your instance must be in the
running
state in order to connect to it. Allow enough time for the instance to launch and run the directives in your user data, and then check to see that your directives have completed the tasks you intended. Use the following command to describe the state and IP address of your instance.
$ aws ec2 describe-instances --instance-id i-0146854b7443af453 --query "Reservations[*].Instances[*].{State:State.Name,Address:PublicIpAddress}"
The following is example output
[
[
{
"State": "running",
"Address": "52.87.168.235"
}
]
]
For our example, in a web browser, enter the public IP address.
http://52.87.168.235
You should see the "Hello World" message and the IP address of your instance.
- When your instance is in the running state, you can connect to it using an SSH client on a Linux or Mac OS X computer by using the following command:
$ ssh -i "MyKeyPair.pem" ec2-user@52.87.168.235
If you're connecting from a Windows computer, use the following instructions: Connecting to your Linux instance from Windows using PuTTY.
Posted on April 17, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.