Wednesday, September 27, 2017

Launch and Access Amazon AWS EC2 Instances

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Millions of users are currently leveraging AWS cloud products and solutions to build sophisticated applications with increased flexibility, scalability and reliability.

In this post, I recorded all steps regarding how to launch a free tier AWS instance and how to use a client to access the instance.
1. Launch a EC2 Instance
1.1 Access Amazon AWS site :



1.2 Log in AWS Management Console:
Click Compute - EC2 to access EC2 dashboard.


By default, you will have a default VPC created when you created your account. You will have three pre-created subnets inside default VPC to isolate resources and one route table, also one default Internet gateways that can be used to provide access to inside resources from outside default VPC, and one allow any any Network ACL with two rules inside. Default security group will be created for you with some default inbound and outbound rules.

There will be no Elastic IPs, no Endpoints, no NAT Gateways, etc..

Note: You may want to create your own VPC, but the process will be different than this post. You will need to do following steps to get your VPC functional properly with outside:

  • Create a new VPC - for example : 51sec-VPC
  • Create at least a new Subnet for your EC2 instances : for example 10.10.0.0/24 for your public network
  • Create a new Internet Gateways and assigned to this new VPC 
  • Create a default route : 0.0.0.0/0 and gateway will be previous step created Internet Gateway.
  • Create your new EC2 instance in new created VPC. During creating EC2 instance step, you can create your own Security Group (Firewall) and new Key pair. If you already has existing one, you can choose existing security group and key pair. 
  • Optional but strongly suggested : Allocate a new Elastic IP. But remember, first Elastic IP is free when it assigned to a running Instance. Else it will be charged for 0.005 for each hour when it is not assigned to a running Instance.
  • Now your Instance should be good to communicate with Internet
  • One Year Free Tier: Linux Instance 750 hours / month, Windows Instance 750 hours / month. 
The following table lists Free Tier Usage Limit. 
ServiceMonth-to-date actual usageMonth-end forecasted usageFree Tier usage limitStatus
EC2 - Linux17.00 Hrs2.27%18.89 Hrs2.52%750 Hrs
EBS - Volumes0.45 GB-Mo1.51%0.50 GB-Mo1.67%30 GB-Mo
S3 - Puts3.00 Requests0.15%3.33 Requests0.17%2,000 Requests
EC2 - Windows1.00 Hrs0.13%1.11 Hrs0.15%750 Hrs
S3 - Gets4.00 Requests0.02%4.44 Requests0.02%20,000 Requests
KMS - Requests4.00 Requests0.02%4.44 Requests0.02%20,000 Requests

1.3 Launch Amazon Linux 2017.03.1 (HVM), SSD Volume Type Instance:

1.4 Configure Instance:

note: make sure you enabled auto-assign public ip. Others can be default. If you did not create your own vpc, you can use default vpc. In this way, you do not have to create subnets, routes ,routing table, and Internet gateway.

1.5 Create a new key pair and download it

1.6 Check new created instance from EC2 Dashboard


From the instance description tab, we can see there is a new public ip 52.60.229.194 assigned to it.

Youtube Video:1. Launch AWS Instance - Ubuntu




2. Access Linux Instance

2.1 Linux Machine


2.1 Putty on Windows



2.2 SecureCRT on Windows

After you entered correct ssh ip address, choose right public key pair file and entered right user name ec2-user, you will get the following screen:


       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2017.03-release-notes/
2 package(s) needed for security, out of 2 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-172-31-30-151 ~]$ sudo su
[root@ip-172-31-30-151 ec2-user]# 


YouTube Video: 2. SSH Access AWS Instance - SecureCRT


2.4 SCP to Instance



3. Access Windows Instance

3.1 RDP

Make sure security group allows RDP access from Internet.
Download remote desktop file:
Generate your administrator password with your public key pair file: 

Double Click downloaded RDP file and enter your decrypted administrator password, you should be able to connect to your windows instance.





4. Troubleshooting Access Issues
a. Without Proper Security Group Rules (Stateful Firewall Rules)
Default Security Group Rule will allow you access your EC2 instance. Following  screenshot shows ssh (tcp 22) and icmp allowed from all networks.


b. VPC network ACLs - inbound and outbound rules
Network ACLs are stateless firewall. You have to make sure inbound and outbound rules allowing your ssh traffic. By default it allows any to any on any services ports.

c. VPN Routing Tables and Internet Gateway
Please make sure routing table has a default route 0.0.0.0/0 pointing to your Internet Gateway.






No comments:

Post a Comment

NetSec Youtube Videos