Cody G. Henshaw

Hacking the WWW

Creating and Connecting to an EC2 Instance on Amazon AWS

Prerequisites:

Creating a new AWS EC2 Instance

At this point, I will assume that you have created an account with Amazon Web Services (AWS) and have also installed some kind of SSH client. There are numerous available, but I chose to use Cygwin, since it was already installed on my machine.

After you’ve completed these prerequisites, let’s get started. First, you’ll want to sign into your AWS account, and head to your AWS management console.

AWS Screenshot 1

We will be creating a new EC2 instance. Select EC2 from the Compute & Networking category. Other types of AWS services will be explored in future blog posts.

AWS Screenshot 2

From here, click the Launch Instance button, which will take you to the EC2 wizard.

AWS Screenshot 3

In this example, we will be setting up Ubuntu 12.04.2 on our AWS instance.

  1. Select the Quick Launch Wizard radio button so we can get up and running as quickly as possible.
  2. Name your Instance. This is optional, but will be helpful if you have many instances. You can leave this blank for now (or fill it in if you desire).
  3. Now we will choose the type of operating system for our instance. We will be using Ubuntu Server 12.04.2 LTS – 64bit in this example. Select Ubuntu Server 12.04.2 LTS from the list of operating systems.
  4. Now that we have selected an OS, we can generate our key pair. This key pair will later be used to authenticate your local machine when connecting to your instance. To create the .pem file, we will need to fill in a name for the key. I have named mine aws in the screenshot.
  5. Now we can download the .pem file by clicking the Download button (after you’ve chosen a name). The key’s name will be name-from-step4.pem. Keep in mind where this file is being saved to on your local machine. We will need this location later.

AWS Screenshot 4

Now that you’ve downloaded your .pem file, you should be able to continue. If not, try re-downloading the key and then proceed.

You will now be taken to a screen which displays the details of our instance. From here, we can click the Launch button to proceed. AWS Screenshot 5

You should now see a dialog box which shows Your instance is now launching. Keep note of the instance number that is displayed in the top left corner. Mine displays i-f41b22c1. Close this dialog box to continue.

AWS Screenshot 6

You will now be taken to your list of instances. As you can see, I already have two other instances running at the moment. The following numbered list corresponds to the numbers in the screenshot below.

  1. The Instances tab on your sidebar will give you easy access to this page. Remember where it is located.
  2. This is the refresh button.
  3. This is the state column. The possible states are pending, running, shutting-down, terminated, stopping, and stopped. Use the refresh button outlined in the previous step to refresh the page until your instance’s state reads running.
  4. This is your public DNS. Copy this address and store it in an easily accessible place. Mine reads ec2-54-218-70-43.us-west-2.compute.amazonaws.com. Yours will be different.

AWS Screenshot 7

That’s It! You’ve successfully created a new EC2 instance and are running in the cloud! Not much we can do from here though, so let’s get started with SSHing to this instance

SSHing to your new AWS EC2 Instance

Now that we have successfully spun up a new EC2 instance, we can go ahead and connect to it… Fire up your SSH client (I’ll be using Cygwin with SSH installed) and let’s get started.

Typing ssh into the terminal window will bring up usage tips for the ssh command. The command we will be using to connect will look something like this:

1

$ ssh -iv privatekeyfile.pem user@publicdns.amazonaws.com
  • The ssh command tells the terminal to create a new SSH session.
  • The -i is an argument passed to ssh which tells the shell to use the file after the arguments as the identification file, and the v tells the shell to output in verbose mode. Verbose mode is useful for debugging and will help us to troubleshoot if we have issues connecting.
  • The privatekeyfile.pem is the file that we downloaded before launching our AWS instance. We will need this to connect to the instance.
  • user@publicdns.amazonaws.com is the public DNS of the server we want to connect to (our AWS instance, in this case).

Now that you know what this command is doing, let’s run it with our own private key and public dns…

Because I am using Cygwin, I will have to move my public key from wherever I downloaded it before to the correct Cygwin directory.

1

$ cp C:/Users/chenshaw/Downloads/aws.pem /cygwin/home/chenshaw/ .

The command cp will copy the file from C:/Users/chenshaw/Downloads/aws.pem to /cygwin/home/chenshaw. Now that we have our private key in the correct place, we should be able to run the ssh command.

1

$ ssh -2 -vi aws.pem ubuntu@ec2-54-218-70-43.us-west-2.compute.amazonaws.com

After running this command, you’ll see some debug information and then finally a question like this:

1
2
3
4

The authenticity of host 'ec2-54-218-70-43.us-west-2.compute.amazonaws.com (54.218.70.43)' can't be established.
ECDSA key fingerprint is a1:3b:50:fb:fc:2c:ed:9d:b1:13:41:74:10:91:7b:52.
// now type yes to continue.
Are you sure you want to continue connecting (yes/no)? yes

Was your connection successful? Mine wasn’t… Here’s what I saw:

1
2
3
4
5
6
7
8
9

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for 'aws.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: aws.pem
debug1: No more authentication methods to try.
Permission denied (publickey).

Pretty simple error message, right? Because our private key file’s permissions are too open, we are not allowed to connect. Let’s fix that.

1
2

$ chmod -v 0400 aws.pem
mode of `aws.pem' changed from 0644 (rw-r--r--) to 0400 (r--------)

The chmod command changes access to files. Discussing chmod is beyond the scope of this article, so for now, let’s just use 0400… Now that we’ve secured our .pem file, let’s try connecting again.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

$ ssh -2 -vi aws.pem ubuntu@ec2-54-218-70-43.us-west-2.compute.amazonaws.com

debug1: Entering interactive session.
Welcome to Ubuntu 12.04.2 LTS (GNU/Linux 3.2.0-40-virtual x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Thu Jun 27 13:05:09 UTC 2013

  System load:  0.0               Processes:           58
  Usage of /:   12.1% of 7.87GB   Users logged in:     0
  Memory usage: 32%               IP address for eth0: 172.31.34.225
  Swap usage:   0%

  Graph this data and manage this system at https://landscape.canonical.com/

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

  Use Juju to deploy your cloud instances and workloads:
    https://juju.ubuntu.com/#cloud-precise

50 packages can be updated.
21 updates are security updates.


The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@ip-172-31-34-225:~$

Looks like we’ve connected successfully! Congratulations, and welcome to the cloud. Ask your questions in the comments or feel free to connect with me @CodyHenshaw on twitter. Thanks for stopping by!