Getting Started with AWS
Hosting a .NET Web App
Did this page help you?  Yes | No |  Tell us about it...
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.

Setting Up to Host a Web App on AWS

Before you start this tutorial, complete the following tasks if you haven't already.

Sign Up for AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS and you can start using them immediately. You are charged only for the services that you use.

If you created your AWS account less than 12 months ago, you can get started with AWS for free. For more information, see AWS Free Tier.

If you have an AWS account already, skip to the next step. If you don't have an AWS account, use the following procedure to create one.

To create an AWS account

  1. Open, and then click Sign Up.

  2. Follow the on-screen instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.

Create an IAM User

Services in AWS require that you provide credentials when you access them, so that the service can determine whether you have permission to access its resources. The console requires your password. You can create access keys for your AWS account to access the command line interface or API. However, we don't recommend that you access AWS using the credentials for your AWS account; we recommend that you use AWS Identity and Access Management (IAM) instead in order to better protect your AWS resources from unauthorized access.

Create an IAM user, and then add the user to an IAM group with administrative permissions or and grant this user administrative permissions. You can then access AWS using a special URL and the credentials for the IAM user.

If you signed up for AWS but have not created an IAM user for yourself, you can create one using the IAM console.

To create the Administrators group

  1. Sign in to the AWS Management Console and open the IAM console at

  2. In the navigation pane, click Groups, then click Create New Group.

  3. In the Group Name box, type Administrators and then click Next Step.

  4. In the list of policies, select the check box next to the AdministratorAccess policy. You can use the Filter menu and the Search box to filter the list of policies.

  5. Click Next Step, then click Create Group.

Your new group is listed under Group Name.

To create an IAM user for yourself, add the user to the Administrators group, and create a password for the user

  1. In the navigation pane, click Users and then click Create New Users.

  2. In box 1, enter a user name. Clear the check box next to Generate an access key for each user, then click Create.

  3. In the list of users, click the name (not the check box) of the user you just created. You can use the Search box to search for the user name.

  4. In the Groups section, click Add User to Groups.

  5. Select the check box next to the Administrators group, then click Add to Groups.

  6. Scroll down to the Security Credentials section. Under Sign-In Credentials, click Manage Password.

  7. Select Assign a custom password, then enter a password in the Password and Confirm Password boxes. When you are finished, click Apply.

To sign in as this new IAM user, sign out of the AWS console, then use the following URL, where your_aws_account_id is your AWS account number without the hyphens (for example, if your AWS account number is 1234-5678-9012, your AWS account ID is 123456789012):

Enter the IAM user name and password that you just created. When you're signed in, the navigation bar displays "your_user_name @ your_aws_account_id".

If you don't want the URL for your sign-in page to contain your AWS account ID, you can create an account alias. From the IAM dashboard, click Customize and enter an alias, such as your company name. To sign in after you create an account alias, use the following URL:

To verify the sign-in link for IAM users for your account, open the IAM console and check under IAM users sign-in link on the dashboard.

Create a Key Pair

AWS uses public-key cryptography to secure the login information for your instance. You specify the name of the key pair when you launch your instance, then provide the private key to obtain the administrator password for your Windows instance so you can log in using RDP.

If you haven't created a key pair already, you can create one using the Amazon EC2 console.

To create a key pair

  1. Open the Amazon EC2 console.

  2. From the navigation bar, in the region selector, click US West (Oregon).

  3. In the navigation pane, click Key Pairs.

  4. Click Create Key Pair.

  5. Enter a name for the new key pair in the Key pair name field of the Create Key Pair dialog box, and then click Create. Choose a name that is easy for you to remember.

  6. The private key file is automatically downloaded by your browser. The base file name is the name you specified as the name of your key pair, and the file name extension is .pem. Save the private key file in a safe place.


    This is the only chance for you to save the private key file. You'll need to provide the name of your key pair when you launch an instance and the corresponding private key each time you connect to the instance.

  7. Prepare the private key file. This process depends on the operating system of the computer that you're using.

    • If your computer runs Mac OS X or Linux, use the following command to set the permissions of your private key file so that only you can read it.

      $ chmod 400 my-key-pair.pem
    • If your computer runs Windows, use the following steps to convert your .pem file to a .ppk file for use with PuTTY.

      1. Download and install PuTTY from Be sure to install the entire suite.

      2. Start PuTTYgen (for example, from the Start menu, click All Programs > PuTTY > PuTTYgen).

      3. Under Type of key to generate, select SSH-2 RSA.

      4. Click Load. By default, PuTTYgen displays only files with the extension .ppk. To locate your .pem file, select the option to display files of all types.

      5. Select your private key file and then click Open. Click OK to dismiss the confirmation dialog box.

      6. Click Save private key. PuTTYgen displays a warning about saving the key without a passphrase. Click Yes.

      7. Specify the same name that you used for the key pair (for example, my-key-pair) and then click Save. PuTTY automatically adds the .ppk file extension.

Configure a Virtual Private Cloud (VPC)

Amazon VPC enables you to launch AWS resources into a virtual network that you've defined, called a virtual private cloud (VPC). This tutorial requires the use of a VPC. Therefore, we'll check whether you already have a default VPC, and create a VPC otherwise.

To test whether you have a default VPC

  1. Open the Amazon VPC console.

  2. In the navigation bar, verify that US West (Oregon) is the selected region.

  3. In the navigation pane, click Your VPCs.

  4. One of the following is true:

    • The list is empty, so you do not have a default VPC.

    • The list has a default VPC (a VPC with a CIDR block of

    • The list has one or more non-default VPCs (a VPC with a CIDR block that is not

If you have a default VPC, you can use it for this tutorial, and you can skip the next procedure. Otherwise, use the following procedure to create a VPC with two public subnets for use with this tutorial.

To create a VPC

  1. On the VPC dashboard, click Start VPC Wizard.

  2. On the Step 1: Select a VPC Configuration page, ensure that VPC with a Single Public Subnet is selected, and click Select.

  3. On the Step 2: VPC with a Single Public Subnet page, do the following:

    1. In VPC name, enter a friendly name for your VPC.

    2. In Availability Zone, select the first Availability Zone from the list.

    3. In Subnet name, update the name from Public subnet to Public subnet 1.

    4. Leave the other default configuration settings, and click Create VPC.

    5. On the confirmation page, click OK.

  4. In the navigation pane, click Route Tables. Find the route table where the Main column is Yes. This is the main route table. Click the Name column for the main route table, enter Main, and press Enter. Click the Name column for the other route table, enter Custom, and press Enter.

  5. Add a second public subnet as follows, so that you'll have two subnets for your application servers. (Note that a default VPC already has a public subnet for each Availability Zone.)

    1. In the navigation pane, click Subnets.

    2. Click Create Subnet

    3. In Name tag, enter the name Public subnet 2.

    4. In VPC, select your VPC.

    5. In Availability Zone, select the second Availability Zone from the list.

    6. In CIDR block, enter

    7. Click Yes, Create.

    8. Select the subnet named Public subnet 2, and then select the Route Table tab. Click Edit, select the route table named Custom from Change to, and then click Save. Note that this step is necessary to make this subnet a public subnet with a route to the Internet.

Next, we need to add private subnets for your database servers to your default VPC or the VPC that you just created.

To add two private subnets to your VPC

  1. In the navigation pane, click Subnets.

  2. Click Create Subnet

  3. In Name tag, enter the name Private subnet 1.

  4. In VPC, select your VPC.

  5. In Availability Zone, select the first Availability Zone from the list.

  6. In CIDR block, enter

  7. Click Yes, Create.

  8. Click Create Subnet

  9. In Name tag, enter the name Private subnet 2.

  10. In VPC, select your VPC.

  11. In Availability Zone, select the second Availability Zone from the list.

  12. In CIDR block, enter

  13. Click Yes, Create.

For more information about Amazon VPC, see the Amazon VPC User Guide.