EC2 No-Frills Recipe

Posted: 25 May, 2020 Category: devops Tagged: awsec2

What follows is a no-frills, bare bones, recipe for a free-while-it-lasts tier compute instance on AWS. They are my notes from a lesson I'm following.

As with most things I post on here, it's slim on helpfulness (read: details) and fat on aiding my poor memory-making circuits. Your mileage will vary. But if you like gists of things, read on:


Term Description
Security Group fancy term for a virtual firewall. In other words mapping (allowed) services and their related protocols to ports.
Machine Image I'm sure it's more nuanced than that but for our purposes this the OS flavor you want.


  1. Before you do anything, ensure you're in the intended region (eg. I'm using US East (N. Virginia) ). You can usually set zones/regions while creating stuff... but eyes can glaze over, y' know? Best to start on the good foot.
  2. Find EC2 service in AWS and click to launch a new instance:
    • Machine Image : just pick the first one (Amazon Linux 2 AMI)
    • Instance Types : select a T2 micro
    • do check "protect against accidental termination". click next
    • Add Storage : seriously - just click next
    • Tags : whatever nobody cares spawn whatever labels you want. Next.
    • Security Groups : K start paying attention:
      • wire up the ports you want to open, remembering that cidr values of, ::0/0 basically mean accessible to all and sundry. Which is the sort of thing you'd want for a web server. For other things... not so much. Click launch ! :)
    • Keypair Prompt : This whole endeavour will require assymetric encryption, so:
      • if you already have a key pair, you'd like to use, select that and skip the steps below. Otherwise
      • select create a new keypair in the dropdown box, then:
      • Give it a name
      • Cannot emphasises this enough: DOWNLOAD THE PRIVATE KEY RIGHT AWAY and store it in a safe place. (AWS will keep a copy of the public key)
  3. Wait for AWS to spin up your shiny new server! You will see it's been assigned an a public ip address, amongst other things.
  4. SSH to your instance*:
    • Your username will always be ec2-user so connecting boils down to variants of ssh ec2-user@<ip-address> -i <keyname>.pem presuming you're not on a public network or similar that blocks port 22.
    • Another (easiest?) way is to install the Secure Shell App chrome extension*, import a key pair (2 key files), and then come back and click the connect button for your instance.
  5. Update all packages (as root user)
    > sudo su
    > yum update -y
  6. The box is up to date - now do / install whatever you like! like a wee testable, reachable web server:
    yum install httpd -y
    cd /var/www/html
    touch index.html
    vi index.html
    service httpd start
    chkconfig on