Setting Up EC2 Instance Using AWS CLI
What is AWS ?
AWS stands for Amazon Web Services it is a on-demand cloud computing and API services provided by amazon inc. These cloud computing web services provide a variety of basic abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet. AWS’s virtual computers emulate most of the attributes of a real computer, including hardware central processing units (CPUs) and graphics processing units (GPUs) for processing; local/RAM memory; hard-disk/SSD storage; a choice of operating systems; networking; and pre-loaded application software such as web servers, databases, and customer relationship management (CRM).
So that’s basically what AWS is not let’s dig deep into our main topic which is AWS CLI & AWS EC2
The AWS Command Line Interface (AWS CLI) is an open source tool that enables you to interact with AWS services using commands in your command-line shell. With minimal configuration, the AWS CLI enables you to start running commands that implement functionality equivalent to that provided by the browser-based AWS Management Console from the command prompt in your terminal program
An Amazon EC2 instance is a virtual server in Amazon’s Elastic Compute Cloud (EC2) for running applications on the Amazon Web Services (AWS) infrastructure. AWS is a comprehensive, evolving cloud computing platform; EC2 is a service that enables business subscribers to run application programs in the computing environment. It can serve as a practically unlimited set of virtual machines (VMs).
SSo that’s the basic introduction to aws and one of its finest service. Now let’s see some in-depth concepts in ec2 in order to perform the task to start with let’s see the difference between a root account and iam acco
- Root user is ideally the first AWS user that gets created by default when you create your AWS account.
- You can login as a root user using the email address and password that you used to create your AWS account.
- All the AWS account have a root user(mind it one and only one)
- A root user has full access to all the resources in an AWS account
- You can not use an IAM policy to restrict access of a root user.
- The only way to restrict permission to root user is by having Service Control Policy attached to your account
- You should not use your root user for your everyday task(even administrative ones). Ideally you should create your first Administrator IAM user and lock your root account right away
- IAM user can be created by a root user or an IAM user who has permission to create one.
- You can login as a IAM user using your username/password and your AWS Account Id/Alias
- An IAM doesn’t have full access until unless explicitly assigned. So, user can only perform task for which permission has been assigned to it. For example if an IAM user has S3 full access, it can do everything with S3 but can not create an EC2 instance.
- You can use an IAM policy to restrict access of an IAM user.
- An IAM user can represent a person or an application that uses its credentials to make request to various AWS services
- By default, an IAM user has no permission
- You can assign permission to each IAM user individually or as a group depending on the need. Hence, you can limit the permission to only what’s needed for the job for that user(principal of least privilege)
As a prerequisite we’ve to setup an iam account with poweruseraccess
Step 1: Open aws web console go to services > Security, Identity, & Compliance > IAM
Step 2: Now click add users
Step 3: Now fill in the following details given in the screenshot below(username & password of your own) then click next
Step 4: Once we land into permission page search for PowerUserAccess permission and select it now click next and setup a tags or simply click next again to finish the process
Step 5: Once you finish the setup you’ll see a page like this where we get access ID and secret key
This concludes the prerequisite for our task now lets move into aws cli to perform following tasks
To install aws cli click here
- Create a key pair
• Create a security group
• Launch an instance using the above created key pair and security group.
• Create an EBS volume of 1 GB.
• Attach the above created EBS volume to the instance created in the previous steps.
Configuring aws cli and logging into console
once we enter the aws configure command fill up the access key ID, Secret Key & Region name .
Creating AWS Key Pair
create-key-pair --key-name key_name
The above command creates a keypair with name key_name as per command in my case i gave it as awsclikey. we can verify it by checking the aws web console
Security group creation
aws ec2 create-security-group --description Any_Description --group-name SecGroupName
This step creates a security group with
AWS EC2 instance creation
aws ec2 run-instances --image-id ami_id --key-name key_pair_name --count 1 --subnet-id subnet_ID --security-group-ids securitygroup_ID --instance-type t2.micro
Using the above command we can create and start an ec2 instance it will take a minute or two to setup and run
EBS volume creation
aws ec2 create-volume --availability-zone ap-south-1a --size 1
Here we’re creating an EBS volume in ap-south-1a region with size of 1GB
Connecting EC2 instance with EBS volume
aws ec2 attach-volume --instance-id i_ID --volume-id EBS_Vol_ID --device '//dev\sdf'
By using this command we can attach the previously created EBS volume to the instance we created using aws cli by using the instance ID of the same
we can verify if ebs is connected or not by going into aws web console if it’s like as in screenshot below we can confirm that it is connected
This finishes up our task as we’ve successfully managed to perform all the tasks mentioned earlier using aws cli
AWS account root user credentials and IAM user credentials
There are two different types of users in AWS. You are either the account owner (root user) or you are an AWS Identity…
Thanks for reading