This page covers key concepts related to network setup and security for AWS EC2 Linux instances.
4. Configure Security Groups
What are Security Groups? Security Groups act as a virtual firewall that controls inbound (incoming) and outbound (outgoing) traffic to your instance. You must associate one or more security groups with your instance when you launch it.
Key Rules:
- SSH (Port 22): This port must be allowed for remote access to your instance. It's best practice to restrict access to 'My IP' or a specific IP range for security.
- HTTP (Port 80) / HTTPS (Port 443): If running a web server, these ports must be open to 'Anywhere (0.0.0.0/0)' or a specific IP range to allow web traffic.
- Custom Ports: You can open additional ports as needed for databases (e.g., MariaDB 3306), specific applications, etc.
How to Configure:
In the 'Configure Security Group' step, you can create a new security group or select an existing one. Add rules by specifying the necessary ports and source IP ranges.
5. Configure Storage (EBS Volumes)
What is EBS (Elastic Block Store)? EBS provides persistent block storage volumes for use with EC2 instances. Data persists even when the instance is terminated. A root volume is created by default with the OS.
Key Considerations:
- Size: Set the required disk space in GB.
- Volume Type: Various types are available, including General Purpose SSD (gp2/gp3), Provisioned IOPS SSD (io1/io2), Throughput Optimized HDD (st1), Cold HDD (sc1), and Magnetic. gp2/gp3 are commonly used for general purposes.
- Encryption: You can enable volume encryption for data security.
How to Configure:
In the 'Add Storage' step, you can adjust the size of the root volume or create and attach additional EBS volumes as needed.
6. Allocate an Elastic IP (EIP)
What is an Elastic IP? An Elastic IP (EIP) is a static, public IPv4 address allocated to your AWS account. It prevents your instance's IP address from changing every time it's stopped and started, providing a fixed public endpoint.
Necessity:
- Ensures consistent IP addressing for DNS settings or external access, preventing changes when instances are stopped/started.
- Allows for quick remapping to another instance in case of failure, ensuring service continuity.
How to Allocate:
From the EC2 dashboard, navigate to 'Elastic IPs', allocate a new Elastic IP address, and then associate it with your running EC2 instance.
7. Connect Using an SSH Client
Once your EC2 instance is launched and in a running state, you can connect to it using an SSH (Secure Shell) client with the key pair you generated earlier.
How to Connect (Linux/macOS Terminal):
- Change permissions for your downloaded `.pem` key file:
chmod 400 your-key-pair.pem
- Connect using the SSH command. The username varies depending on the AMI (e.g., `ubuntu` for Ubuntu, `ec2-user` for Amazon Linux).
ssh -i "your-key-pair.pem" ubuntu@YOUR_INSTANCE_PUBLIC_IP
How to Connect (Windows - PuTTY):
- Use PuTTYgen to convert your `.pem` file to the `.ppk` format.
- In PuTTY, enter the Host Name (username@PublicIP) and load the converted `.ppk` private key file in the SSH > Auth section.
- Click 'Open' to connect.