DEV Community

maso
maso

Posted on

DAY2 -EC2 + Remote access

#aws #tutorial #beginners #cloud

Overview

Today, I'll launch a basic EC2 instance in the VPC we created in Day1 and connect to it.

Hands-on

1. Create IAM Role for EC2

To access EC2 by using SSM Manager, you need to attach 'AmazonSSMManagedInstanceCore' permission to the instance.

2. Create security group

Create security group for EC2 by using the following settings.
-Inbound: none
-Outbound: allow all traffic (default)

3. Access EC2 by SSM

1. Build EC2 instance

AMI: Amazon Linux 2023
Instance type: t3.micro
VPC: VPC made in Day1
Subnet: Public subnet made in Day1 (either AZ)
Security Group: security group made in the previous step
IAM role: role made in the previous step

2. Access by SSM

Systems Manager → Session Manager → Start session → run the following commands

whoami #check user name
uname -a #get system information
curl -I https://aws.amazon.com #check the connection to AWS domain
Enter fullscreen mode Exit fullscreen mode

If you see a valid response, you've successfully launched the instance and connected to it via Session Manager.
The traffic path is: your browser → SSM (public endpoint) → the SSM agent on the instance

4. Tidying up (to prevent unpredictable cost)

Terminate the EC2.

For test

Key exam points related to today's services.

There are four ways to access EC2.

  • SSM: connect to the instance without opening inbound SSH/RDP ports. should install SSMAgent in the instance (Most AWS-provided AMIs (e.g., Amazon Linux) include the SSM agent) and attach IAM role with SSM permission to the instance. ← today's hands-on!
  • SSH or RDP: use client softs like Teraterm and use keypair for Linux. use RDP and Administrator's password for Windows. should manage password or key pair by yourself. ← I'll try in tomorrow's hands-on!
  • EC2 Instance Connect: Connect to the instance via SSH using a public key with a short validity period (You shouldn't manage SSH key by yourself). should install EC2 instance connect in the instance.
  • EC2 Serial Console: connect to the virtual serial port of the instance. can connect to the instance doesn't have Internet connection, so useful for troubleshooting.

see you soon in the Day3 hands-on!

Top comments (0)