This is step 3 of 7 of Hands-On Project 1 for Amazon Web Services. In this step, you create a virtual machine (EC2 instance) and learn to access it using SSH. As part of the process, you will create an SSH key pair on your Windows computer, and also become familiar with a good SSH client program for Windows called Bitvise.
For our exercises, we will use the “New Experience” (as of September 2022) to create EC2 instances. To get one example of using the New Experience, let’s start with this 10-minute tutorial:
Create an SSH Key Pair
You can create an SSH Key Pair within AWS as part of the EC2 instance setup process. However, we are going to do it a different way by creating an SSH key pair on our client computer. By doing it this way, you can add a passphrase to the private key. As of this writing, the EC2 virtual machine setup page does not allow you to add a passphrase, and this makes your key less secure. Create an SSH key pair for your virtual machine using these instructions:
Creating an SSH Key Pair Using ssh-keygen
Import an SSH Public Key into EC2
In the EC2 instance setup process, the current console interface does not allow you to add a passphrase to the key pair. In order to use the key pair you created with ssh-keygen (and passphrase), you need to import the public key into EC2. This must be completed before you actually create the EC2 instance.
- From the Management Console, please complete the following:
- Navigate: Console Home –> EC2 –> Key Pairs.
- Under Actions, select Import Key Pair.
- Enter a name for the key pair. To keep track of which keys are for which instances, it’s best to include the instance name in the key pair name. For example, if you call your instance “hop1-vm”, you could name your key pair “hop1-vm-key”.
- Click Browse, locate the public key file for your SSH key (with .pub extension), and select the file. The public key will be loaded into the textarea below. Note: You can also open the public key file with Notepad, copy it, and paste it into the textarea.
- Click Import Key Pair. The public key will be saved to your AWS account, and you will see the key pair in the list on the screen.
Create your Virtual Machine
Let’s create a virtual machine, and provide the public SSH key you just created as part of the set up:
- From the Management Console, please do the following:
- Navigate: Console Home –> EC2.
- At the upper right of the browser, select the Region where the instance will be created. us-east-2 is a good region for users in the upper midwest in the USA.
- Navigate: Launch Instance –> Launch Instance.
- Enter a virtual machine name. The naming rules on EC2 are less strict than on Azure, but I recommend that you choose a name that contains no blanks.
- For Application and OS Images, select Ubuntu, then Ubuntu Server 20.04 LTS. Be sure to select the one without SQL Server 2019 included.
- Scroll down to Size and select t2.micro. This is a free tier-eligible size that is sufficient for this exercise.
- For Key pair (login), select the key pair that you imported above.
- Under Network settings, take the defaults for Network, Subnet and Auto-assign public IP. If this is your first EC2 instance, AWS will create a new Virtual Private Cloud (VPC) and subnet. If you’ve already created an EC2 instance, this will default to using the network and subnet you already have. This will also create a new public IP address. We will change this IP address later so that it does not assign a different IP address each time you start the instance.
- For Firewall (security groups): If this is your first EC2 instance, use Create Security Group. If you have already created an instance, it is better to use the security group you already have. If you continue to use Create Security Group you will end up with multiple security groups, and you may need to write multiple sets of inbound and outbound port rules to manage access to all the instances you have. Another way of looking at it is that if you create a security group each time, you are creating a security group for each instance, and if you assign an existing security group to new instances, you are using a single security group to manage all of your instances.
- Leave Allow SSH Traffic from Anywhere checked. This is less secure than limiting access to specific IP addresses, but you can avoid the need to update the security group each time your DHCP-assigned IP address changes. When you leave your instance open from everywhere, AWS displays a worning message to you to apprise you of the situation.
- You can allow all remaining options to default.
- Click Launch Instance. AWS will begin the provisioning process and let you know when it is completed.
- After provisioning is complete, navigate to Console Home –> EC2 –> Instances and click on the Instance Id for your new instance. Click through the resource pages for your instance and confirm that you can find instance name and ID, Instance state, platform, instance type, public IPV4 address, VPC ID, Subnet ID and private IPV4 address.
Connect to Your Virtual Machine Using Bitvise SSH Client
Follow these instructions to get connected to your virtual machine with the Bitvise client:
Install and Prepare Bitvise SSH Client
Once connected, copy some files to the VM and get comfortable with using your SFTP client to move things back and forth.
Assign an Elastic IP Address to Your EC2 Instance
Within AWS, an Elastic IP Address is a stand-alone public IP address resource. To create one, we will allocate an IP address from a bank of IP addresses that AWS holds. There is a cost (a few dollars per month) associated with holding an Elastic IP address. Once you own the address, you can allocate it to one of your EC2 instances. When you do so, you can stop and restart your EC2 instance and it will use the elastic IP as the public IP address each time. This differs from the EC2 default, which is to dynamically allocate a different public IP address each time you start the instance.
Let’s create an Elastic IP Address and allocate it to your EC2 Instance:
- From Management Console, please perform the following:
- Navigate: Console Home –> EC2 –> Elastic IPs –> Allocate Elastic IP Address
- Allow everything to default, and click Allocate IP Address.
- After allocation, there will be an Associate Elastic IP Address button at the upper right. Click it.
- Use Resource Type = Instance, and select your new EC2 Instance.
- Under Private IP Address, select the private IP address for your instance.
- Click Associate. This will associate the Elastic IP with your EC2 Instance.
- To check the result, navigate to Console Home –> EC2 –> Instances. On the instances list, you will see that the public IPV4 address and the Elastic IP address are the same. This indicates that the association was successful.
- You can further verify this by stopping and restarting your EC2 instance. When you do so, the instance will have the same public IP address after the restart.