Course Content
Introduction to Cloud Computing
Introduction to Cloud Computing
EC2 Instance Creation
To get started with EC2, we need to create a security group for our instance, or in simpler terms, we need to configure the security to be used on our server. To do this, we need to go to the EC2 service itself and select
Network & Security -> Security Groups
on the left panel:
Next, press the Create Security Group button, and you'll enter a menu where you start filling everything in step by step:
Security group name - this is the name of the group by which you'll be able to find it and which will be displayed when selected; Description - this is the description of the group. Here you can specify what roles this security group will provide for and what it is created for; VPC - this is a service that allows AWS users to launch AWS resources into a virtual network that they define. We're not particularly interested in this right now, so we'll leave the default VPC for our educational instance.
Next, let's move on to creating inbound rules:
Let's go through what we do step by step:
- We need 3 inbound rules: SSH, HTTP, HTTPS;
- To create the first one, select the SSH type, and in the Source field, we need to set the connection via Anywhere IPv6;
- The other necessary parameters will be filled in automatically;
- We need to do the same for HTTP and HTTPS.
After we have created the Inbound Rules, we can create the Security Group and get the following result:
Great! Now we can proceed to launch an instance that will use the security group we just created.
First, go to the main page and click on the Launch Instance button:
You will see a large menu with configurations. Let's go through it step by step.
We will be working with Amazon Linux, as it is one of the configurations available in the free tier, which we want to stick to, so we selected it, and EC2 notified us that such a configuration was available in the free tier:
Next, we need to select the instance type. Here, we are given a lot of different options, but the choice of free tier is limited as well. Therefore, we will go with t3.micro, which is a fairly weak server, but it should be enough to demonstrate EC2 capabilities:
Now, let's talk about the key pair for your instance.
Key pair in AWS EC2 is a set of keys for secure connection to your virtual servers, or EC2 instances. This pair consists of a public key and a private key.
The public key is uploaded to AWS and automatically embedded into EC2 instances upon their creation. This key is used to encrypt data that can only be decrypted with the corresponding private key.
The private key is downloaded to your local computer when the key pair is created and is not stored in AWS. You use it to connect to instances via SSH (Linux/Unix) or RDP (Windows). The private key serves as proof of your identity and provides secure access to instances, as only the owner of the private key can decrypt data encrypted with the public key.
Using key pairs is a recommended method for authentication and securing connections to EC2 instances, replacing traditional passwords that can be easily guessed or stolen. Essentially, it is a key component of the EC2 security system, ensuring confidentiality and integrity of access to cloud resources.
As you can see, we are creating such a key pair with the RPA type, but overall it doesn't matter much, as in any case, the private key will be stored locally, and the public key will be stored on EC2. This way, our instance will be maximally secure.
Now we need to configure the network for our instance. This is exactly why we created the security group. At the moment, we don't need to change anything except the security groups, as everything else should remain the default for now, but let's understand what each parameter means:
-
VPC (Virtual Private Cloud): Specifies the virtual private network within which your instance will operate. VPC provides isolated space in the cloud where you can launch and manage AWS resources. "vpc-086ae5f6544261c92" is the identifier of your VPC;
-
Subnet: A subnet is a segmented portion of the VPC that defines a range of IP addresses within your VPC. You can choose a specific subnet or leave "No preference" for automatic selection;
-
Auto-assign public IP: If enabled, your EC2 instance is automatically assigned a public IP address, allowing it to communicate with the internet. If disabled, the instance will have only a private IP address and cannot directly interact with the internet;
-
Firewall (security groups): Security groups act as a virtual firewall, controlling inbound and outbound traffic to your instance. You can create a new security group with specific rules or choose an existing one:
- Create security group: Choose this if you want to configure a new security group;
- Select existing security group: Choose this to use an already created security group. In the example, the "GuideSecurityGroup" is already selected.
Our network configuration will look like this:
At the moment, we don't need to delve into storage operations, as we'll handle that in the next section.
Now that we've completed the configuration, we can click the instance launch button, and you'll see the next screen before you. In the next chapter, we'll go over what each of the items you see means.
1. What is the purpose of a Security Group in AWS EC2?
2. How many inbound rules are necessary for the security configuration as described in the material?
3. What is the role of a Key Pair in AWS EC2?
Thanks for your feedback!