Recently, I got an access to Amazon Web Services account, including Amazon EC2. Elastic Cloud-2 allows users to rent virtual computers on which to run their own computer applications. EC2 allows scalable deployment of applications by providing a Web service through which a user can boot an Amazon Machine Image to create a virtual machine, which Amazon calls an “instance”, containing any software desired. A user can create, launch, and terminate server instances as needed, paying by the hour for active servers, hence the term “elastic”. EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy.
This is how the dashboard of AWS looks like:
From the Amazon EC2 console dashboard, click Launch Instance.
The Create a New Instance page includes these ways to launch an instance
- Classic Wizard
- Quick Launch
- AWS Marketplace
On the Create a New Instance page, click Quick Launch Wizard. In Name Your Instance, enter a name for the instance that has meaning for you. (If you run multiple instances, naming them helps you identify them in the console.
In Choose a Key Pair, you can choose from any existing key pairs that you’ve created, or you can create a new key pair.
A key pair enables you to connect to a Linux instance through SSH. Therefore, don’t select the None option. If you launch your instance without a key pair, then you can’t connect to it.
For this example, we’ll create a key pair:
- Click Create New.
- Type a name for your key pair and then click Download.
- Save your private key in a safe place on your computer. Note the location because you’ll need the key to connect to your instance.
When you click the edit details button in the pop-up window, You can make changes in the settings of the instance which you are going to create:
1. Instance details
2. Security Tags
You can create a new security group or could use the existing one itself. The security group contains a rule that authorizes SSH traffic from any IP address source to port 22. If you launch a Linux instance running Apache and MySQL, the Quick Launch Wizard creates a security group that authorizes traffic to port 80 for HTTP (for web traffic) and port 3306 (for MySQL).
Now you can save the details and click on Launch button to launch the instance which you have created.
Now lets connect to the instance which we have created now. Right click on the instance and click on Connect option.
You will get a window like this
If you have Java plugin installed in your web browser then you can click on Launch SSH client button to open an SSH tunnel. You will get a console like this:
You can even use OpenSSH to connect to the Linux instance
Create and configure a Security Group in Amazon EC2
An Amazon EC2 security group acts as a firewall that controls the traffic allowed into a group of instances. When you launch an Amazon EC2 instance, you can assign it to one or more security groups. For each security group, you add rules that govern the allowed inbound traffic to instances in the group. All other inbound traffic is discarded. You can modify rules for a security group at any time. The new rules are automatically enforced for all existing and future instances in the group.
To configure your security group
- On the Security Groups page, click the security group webappsecuritygroup that you created in the previous procedure.
- Click the Inbound tab.
- In the Create a new rule drop-down box, click HTTP.
- In the Source box, type amazon-elb/amazon-elb-sg. This is the name of the security group that AWS assigns to the Elastic Load Balancer. When you select this source, this means that only traffic that comes through the Elastic Load Balancer can connect to your Amazon EC2 instance.
- Click Add Rule.
- Click RDP to connect to your Amazon EC2 instances.
- Important: In this example, the security group source settings are configured to allow access from everywhere 0.0.0.0/0. This is not good practice, and it is only for the purposes of this exercise we are setting it up this way. Best practice should be to set rules that restrict access to only those computers or networks that require access to this service. The number after the “/” indicates a range of addresses.
- Click Add Rule.
- Click Apply Rule Changes.
If you want to allow all users accessing a port you can give the source as 0.0.0.0/0 to a specific port. Where as if you want to block all users from accessing a port you can give the source as 0.0.0.0/32 to that specific rule in the security group. It doesn’t require a restart in-order to take effect.