In this tutorial I’m going to show you how to get up and running quickly with an VPC-secured EC2 instance running Ubuntu 16.04 that you can SSH in to. This sounds like it would be easy, but I struggled to get this going when I was first starting out playing with cloud services, so I’m going to try to help you through too!
Sign in to your Amazon Console, and we’ll get started!
What’s a VPC?
In AWS speak, VPC stands for Virtual Private Cloud. This system allows you to isolate groups of servers within AWS, creating a virtual network. One of the most useful features here is that you can control the access for this group down to the most minute detail – perhaps you only want this group to talk privately with no external access? Or maybe you want them all to be accessible publicly, but only SSH from your IP?
Of course, these functions can be performed using OS-level firewalling, but it’s nice to be able to apply this globally to a group.
Create the VPC
To get started, go to the VPC section of the AWS console:
You’ll be presented with a list of various resources assigned to your account. This is a useful place for you to get a top-level insight of the state of your VPCs.
Next, click Start VPC Wizard – you’ll be presented with the following screen:
For this tutorial, we only need a VPC with a Single Subnet. Choose that option by clicking Select.
You’ll then see Step 2, which will want more information about your desired network:
It’s fine to leave the defaults for this tutorial, but I very much advise filling in a value for VPC Name. Think of something that will set it apart from other VPCs in your account. Once you’ve done this, click Create VPC.
Create a Security Group
Now you’ve got your VPC going, you should create a Security Group that’s bound to it. A security group provides the incoming/outgoing firewall that we discussed earlier, allowing you to really lock down your virtual network.
Click Security Groups on the left hand side menu. It’s under the Security heading. Next click Create Security Group. Fill in the details as below, and ensure you select your new VPC in the VPC selection box.
Again I advise being as descriptive as possible with the names of Security Groups, it really helps later on down the line. AWS has a nasty habit of attempting to name them as cryptically as it can if it auto generates them. Make sure you catch it before it’s too late!
Click Yes, Create and wait for the Security Group to be created. If all goes well you should see it in the list, and it should be selected. Now, click Inbound Rules at the bottom. This opens the list of your valid inbound firewall rules.
We want to allow SSH access access from anywhere (0.0.0.0 in AWS Security Group speak!) so let’s do that now:
(Edit > Select SSH > Type 0.0.0.0/0 in the Source input > Save)
We’re all done with the VPC/Security Groups now, head back to the Console Dashboard.
Create the EC2 instance
From the Dashboard, navigate to the EC2 screen:
And click on Launch Instance. You’ll be presented with the screen below detailing the various images available for the installation.
Choose Ubuntu 16.04 LTS by clicking Select. You’ll then get to choose the size of your instance. For this tutorial I’m using the smallest available (nano), but you should study the table to see there’s a spec suitable for your workload:
Click Next: Configure Instance Details to continue configuration:
Ensure Network is set to your new VPC, and Auto-Assign Public IP is set to enabled. This will automatically create an Public IP address, which we will use to connect to the instance using SSH.
Click Next and assign the storage you want:
For this tutorial I just stuck to using the default 8GB.
Click Next and give your new instance a name. As before, be descriptive!
It’s better to think about these things now than wonder later when you’ve got 200 servers to manage!
Click Next, now we’re going to assign the security group we created earlier:
Click Select an existing security group and choose the public_ssh_incoming one we made earlier! Easy as that.
Click Review and Launch. The system is going to warn you that your security group is open to the world. This is ok for now, but I would encourage you to go back and change the incoming IP in your security group to be your home/work IP address so that only you can SSH in.
Click Launch. You’ll now be prompted to choose or create a keypair. If you create one, remember to download it and save it to a safe place:
Click Launch. You will see a green box saying “Your instances are launching”. Click the link it gives you to go and view your instance. When the instance’s state has finally changed to “Running”, right click it and click “Connect”. You’ll see a screen that looks like this:
Copy the connection example. You’ll need this to connect to SSH.
Connect to your new server
Phew – that was quite a journey! You’ll be pleased to know that now you’ll be ready to connect to your new instance.
First, on your local machine, change directories to wherever your key file is saved, and
chmod your key. This ensures that its not publicly readable. Let’s assume you’ve saved it in your Downloads folder.
$ cd ~/Downloads $ chmod 400 CloudTutorials.pem
Change the text in red to the name and location of the .pem file. Now you can connect via SSH!
$ ssh -i "CloudTutorials.pem" firstname.lastname@example.org
Hopefully, you’ll now be logged in to your new EC2 instance within your secure VPC! Enjoy!