Provisioning a Linux EC2 Instance in AWS
Launching an EC2 instance is a basic task that all architects should master. However, there are many configuration decisions that can make or break a successful launch. In this scenario, you need to launch an Apache Web Server on a Linux EC2 instance. Your task will be to use the User Data to provide a script to automatically install Apache. You will verify that Apache installed correctly using a web browser. You will also log into the OS using SSH. The user_data script for this activity is: #!/bin/bash sudo yum update -y sudo yum install -y httpd sudo service httpd start sudo chkconfig httpd on Note: For Windows PuTTY information, see https://www.youtube.com/watch?v=bi7ow5NGC-U
Provisioning a Linux EC2 Instance in AWS
Launching an EC2 instance is a basic task all architects should master. However, there are many configuration decisions that can make or break a successful launch.
In this scenario, we're going to launch an Apache web server on a Linux EC2 instance.
In the process of configuring our instance details, we'll provide a script that automatically installs Apache. Then, using a web browser, we'll verify that Apache was installed correctly. Finally, we'll log in to the operating system via SSH.
Create an Instance and Connect to It
To begin, log in to our lab environment as
cloud_user with the password provided on the lab page. Make sure you are using
us-east-1 (N. Virginia) as your region throughout the lab.
In the navigation bar at the top of the page, click Services. Under the Compute header, select EC2.
Click the Launch Instance button. The first thing we need to do is select the Amazon Machine Instance (AMI), which will provide the information we need to launch our instance. AWS provides AMIs configured with many different operating systems, including SUSE, Red Hat, and Ubuntu. For this lab, choose an Amazon Linux AMI and click the Select button.
Next, select General purpose t2.micro from the list of instance types, and click Next: Configure Instance Details. (Note: Remember that t2 types are the least expensive because they use shared CPUs, whereas the other instances use dedicated CPUs.)
On the Configure Instance Details page, under Network, select the prebuilt Learning Activity VPC. This will automatically set our Subnet to the public subnet associated with this VPC. Under Auto-assign Public IP, select Enable to automatically assign a public IP address to our instance.
The only thing left to do here is add the user data. In the text box under the Advanced Details section, enter the following script:
#!/bin/bash sudo yum update -y sudo yum install -y httpd sudo service httpd start sudo chkconfig httpd on
Let’s break this down. This is a bash script, so it starts with
#!/bin/bash. Next, it will run a
yum update and install Apache. Finally, it will start the Apache service and set it to turn on automatically when the instance reboots.
Once you've entered the script, click Next: Add Storage.
We can leave the default settings here. The Size (GiB) should be 8 GB and the Volume Type should be set to General Purpose SSD (gp2). Click Next: Add Tags.
Next, click Add Tag. Under Key, type "Name", and under Value, enter "My Instance". Click Next: Configure Security Group.
We need our security group to allow our instance to be reachable from the internet in two ways:
- From a web browser (using HTTP)
- From the terminal (using SSH)
On the Configure Security Group page, we can leave the default setting for Assign a security group (it should say Create a new security group). Under Security group name, type "Web Security Group". For the Description, type "SG for Web Server".
Notice the SSH rule is set to
0.0.0.0/0. This means it’s allowing traffic from all IP addresses (i.e., the entire internet). There's a Warning message at the bottom that says this isn't safe because we're potentially allowing anyone on the internet to access our instance. A better practice would be to change
0.0.0.0/0 to the CIDR block representing the IP address ranges our server admins are coming from. So instead of being open to the whole internet, it would only be open to your corporate addresses. For the purposes of this lab, though, we'll leave it as the default setting.
We need to add an HTTP rule so that internet traffic can reach our instance. Click Add Rule, and choose HTTP under Type. This automatically sets the Port Range to 80 and the Source to
0.0.0.0/0, ::/0, meaning it will allow traffic from anywhere. Click Review and Launch.
On the Review Instance Launch page, we may get another message warning us about our instance's security. In a real-world scenario, we would definitely want to have tighter security for our instances. However, for this lab, we'll go ahead and click Launch.
The final step is to create a key pair so we can access the instance via SSH using a key pair. In the Select an existing key pair or create a new key pair pop-up menu, click Choose an existing key pair, and select Create a new key pair from the dropdown. Under Key pair name, enter "MyKeyPair" and click Download Key Pair. Make sure you know where it's saved (most likely to your Downloads folder) because we'll need it soon. Click Launch Instances.
On the Launch Status page, click View Instances.
Here, we'll see the status is pending. Under the Description tab below, we'll see we've been assigned a public IP address and a public DNS name. We're going to use these to see the Apache web page in our browser.
Once the instance state changes from pending to running, that means our user data script is executing. Unfortunately, the console cannot tell us when our user data script has finished executing. The Status Checks tells us about the reachability of the instance, but it doesn't indicate whether our Apache web server is properly configured.
Click the Status Checks tab at the bottom. We can see that there is a status check for the system and for the instance.
Now click the Description tab, copy the IP address (next to IPv4 Public IP), and paste it into a new web browser window to see if our user data script has finished executing. We should end up on an Amazon Linux AMI Test Page that tells us our user data script has finished installing and enabling the Apache service.
The next thing we'll do is access the operating system of the instance via SSH. To do that, we'll use the Mac Terminal app. If you are using Windows, you will need an SSH client such as PuTTY. (Learn how to connect to an EC2 instance from a Windows PC here.)
When we open Terminal, the first thing we need to do is fix the permissions on the private key we downloaded. Let's switch to the folder where our key pair is located (again, most likely your Downloads folder).
From an open terminal, run:
$ cd Downloads
Now, to change the permissions, enter:
$ chmod 400 MyKeyPair.pem
Now we're ready to access the operating system using SSH. Run the following command:
$ ssh -i MyKeyPair.pem ec2-user@IP_ADDRESS
Make sure to replace
IP_ADDRESS with the public IP address for your EC2 instance.
You may see a prompt that says, "Are you sure you want to continue connecting (yes/no)?" Type
Now we're connected to the instance.
To verify it's working, enter:
$ ping amazon.com
If everything is configured and working correctly, you should receive a response.
In this lab, we launched an EC2 instance, put it in a public subnet, had Amazon automatically assign it a public IP address, configured a security group that allowed us to connect to our instance via HTTP and SSH, and verified we could access the instance from our desktop.
Congratulations, you've completed this hands-on lab!