Amazon EC2 Linux Instances

Recently, I got an access to Amazon Web Services account, including Amazon EC2. Elastic Cloud-2 allows users to rent virtual computers on which to run their own computer applications. EC2 allows scalable deployment of applications by providing a Web service through which a user can boot an Amazon Machine Image to create a virtual machine, which Amazon calls an “instance”, containing any software desired. A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term “elastic”. EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy.
This is how the dashboard of AWS looks like:
server1

From the Amazon EC2 console dashboard, click Launch Instance.
The Create a New Instance page includes these ways to launch an instance

  1. Classic Wizard
  2. Quick Launch
  3. AWS Marketplace

I have only used Quick Launch and if you have used other options to launch an instance, please blog about it.
server2

On the Create a New Instance page, click Quick Launch Wizard. In Name Your Instance, enter a name for the instance that has meaning for you. (If you run multiple instances, naming them helps you identify them in the console.

In Choose a Key Pair, you can choose from any existing key pairs that you’ve created, or you can create a new key pair.

A key pair enables you to connect to a Linux instance through SSH. Therefore, don’t select the None option. If you launch your instance without a key pair, then you can’t connect to it.

For this example, we’ll create a key pair:

  1. Click Create New.
  2. Type a name for your key pair and then click Download.
  3. Save your private key in a safe place on your computer. Note the location because you’ll need the key to connect to your instance.

server7
Click continue to view and customize the settings for your instance.

When you click the edit details button in the pop-up window, You can make changes in the settings of the instance which you are going to create:
1. Instance details
server4
2. Security Tags
server5
You can create a new security group or could use the existing one itself. The security group contains a rule that authorizes SSH traffic from any IP address source to port 22. If you launch a Linux instance running Apache and MySQL, the Quick Launch Wizard creates a security group that authorizes traffic to port 80 for HTTP (for web traffic) and port 3306 (for MySQL).
Now you can save the details and click on Launch button to launch the instance which you have created.

Now lets connect to the instance which we have created now. Right click on the instance and click on Connect option.

server8

You will get a window like this

server11

If you have Java plugin installed in your web browser then you can click on Launch SSH client button to open an SSH tunnel. You will get a console like this:

server9

You can even use OpenSSH to connect to the Linux instance

server10

Create and configure a Security Group in Amazon EC2

An Amazon EC2 security group acts as a firewall that controls the traffic allowed into a group of instances. When you launch an Amazon EC2 instance, you can assign it to one or more security groups. For each security group, you add rules that govern the allowed inbound traffic to instances in the group. All other inbound traffic is discarded. You can modify rules for a security group at any time. The new rules are automatically enforced for all existing and future instances in the group.

To configure your security group

  1. On the Security Groups page, click the security group webappsecuritygroup that you created in the previous procedure.
  2. Click the Inbound tab.
  3. In the Create a new rule drop-down box, click HTTP.
  4. In the Source box, type amazon-elb/amazon-elb-sg. This is the name of the security group that AWS assigns to the Elastic Load Balancer. When you select this source, this means that only traffic that comes through the Elastic Load Balancer can connect to your Amazon EC2 instance.
  5. Click Add Rule.
  6. Click RDP to connect to your Amazon EC2 instances.
  7. Important: In this example, the security group source settings are configured to allow access from everywhere 0.0.0.0/0. This is not good practice, and it is only for the purposes of this exercise we are setting it up this way. Best practice should be to set rules that restrict access to only those computers or networks that require access to this service. The number after the “/” indicates a range of addresses.
  8. Click Add Rule.
  9. Click Apply Rule Changes.snapshot18

If you want to allow all users accessing a port you can give the source as 0.0.0.0/0 to a specific port. Where as if you want to block all users from accessing a port you can give the source as 0.0.0.0/32 to that specific rule in the security group. It doesn’t require a restart in-order to take effect.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s