Setting up with Amazon EC2
Complete the tasks in this section to get set up for launching an Amazon EC2 instance
for the first time:
When you are finished, you will be ready for the Amazon EC2 Getting started tutorial.
Sign up for AWS
When you sign up for Amazon Web Services (AWS), your AWS account is automatically
signed up
for all services in AWS, including Amazon EC2. You are charged only for the services
that you use.
With Amazon EC2, you pay only for what you use. If you are a new AWS customer, you
can get
started with Amazon EC2 for free. For more information, see AWS Free Tier.
If you have an AWS account already, skip to the next task. If you don't
have an AWS account, use the following procedure to create one.
To create an AWS account
-
Open https://portal.aws.amazon.com/billing/signup.
-
Follow the online instructions.
Part of the sign-up procedure involves receiving a phone call and entering
a verification code on the phone keypad.
Create a key pair
AWS uses public-key cryptography to secure the login information for your instance.
You specify the name of the key pair when you launch your instance, then provide
the private key
to obtain the administrator password for your Windows instance so you can log in using
RDP.
If you haven't created a key pair already, you can create one using the Amazon EC2
console.
Note that if you plan to launch instances in multiple Regions, you'll need to create
a key pair
in each Region. For more information about Regions, see
Regions and Availability Zones.
You can create a key pair using one of the following methods.
- New console
-
To create your key pair
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
In the navigation pane, choose Key Pairs.
-
Choose Create key pair.
-
For Name, enter a descriptive name for the key pair. Amazon EC2
associates the public key with the name that you specify as the key name.
A key name
can include up to 255 ASCII characters. It can’t include leading or trailing
spaces.
-
For File format, choose the format in which to save the private
key. To save the private key in a format that can be used with
OpenSSH, choose pem. To save the private key in
a format that can be used with PuTTY, choose
ppk.
-
Choose Create key pair.
- Old console
-
To create your key pair
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
In the navigation pane, under NETWORK & SECURITY, choose
Key Pairs.
The navigation pane is on the left side of the Amazon EC2 console. If you do not see
the
pane, it might be minimized; choose the arrow to expand the pane.
-
Choose Create Key Pair.
-
For Key pair name, enter a name for the new key pair, and then
choose Create. The name can include up to 255 ASCII characters.
It can’t include leading or trailing spaces.
-
The private key file is automatically downloaded by your browser. The base file name
is the name you specified as the name of your key pair, and the file name
extension is
.pem. Save the private key file in a safe place.
This is the only chance for you to save the private key file. You'll need to
provide the name of your key pair when you launch an instance and the corresponding
private key each time you connect to the instance.
- AWS CLI
-
To create your key pair
Use the create-key-pair AWS CLI command.
- PowerShell
-
To create your key pair
Use the New-EC2KeyPair AWS Tools for Windows PowerShell command.
For more information, see Amazon EC2 key pairs and Windows instances.
Create a security group
Security groups act as a firewall for associated instances, controlling both inbound
and outbound traffic at the instance level.
You must add rules to a security group that enable you to connect to your instance
from your IP address using RDP.
You can also add rules that allow inbound and outbound HTTP and HTTPS access
from anywhere.
Note that if you plan to launch instances in multiple Regions, you'll need to create
a
security group in each Region. For more information about Regions, see
Regions and Availability Zones.
Prerequisites
You'll need the public IPv4 address of your local computer. The security group editor
in
the Amazon EC2 console can automatically detect the public IPv4 address for you.
Alternatively, you can use the search phrase "what is my IP address" in an Internet
browser, or use the following service: Check IP.
If you are connecting through an Internet service provider (ISP) or from behind
a firewall without
a static IP address, you need to find out the range of IP addresses used by client
computers.
You can create a custom security group using one of the following methods.
- New console
-
To create a security group with least privilege
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
From the navigation bar, select a Region for the security group. Security groups are
specific to a Region, so you should select the same Region in which you created your
key pair.
-
In the navigation pane, choose Security Groups.
-
Choose Create security group.
-
In the Basic details section, do the following:
-
Enter a name for the new security group and a description. Use a name that is easy
for you
to remember, such as your user name, followed by _SG_, plus the Region name.
For example, me_SG_uswest2.
-
In the VPC list, select your default VPC for the Region.
-
In the Inbound rules section, create the following rules (choose Add
rule for each new rule):
-
Choose HTTP from the Type list, and make sure that
Source is set to Anywhere
(0.0.0.0/0).
-
Choose HTTPS from the Type list, and make sure that
Source is set to Anywhere
(0.0.0.0/0).
-
Choose RDP from the
Type list. In the Source
box, choose My IP to automatically populate the
field with the public IPv4 address of your local computer.
Alternatively, choose Custom and specify the public
IPv4 address of your computer or network in CIDR notation. To specify an
individual IP address in CIDR notation, add the routing suffix
/32, for example, 203.0.113.25/32.
If your company allocates addresses from a range, specify the entire
range, such as 203.0.113.0/24.
For security reasons, we don't recommend that you allow RDP access
from all IPv4 addresses (0.0.0.0/0) to your instance,
except for testing purposes and only for a short time.
-
Choose Create security group.
- Old console
-
To create a security group with least privilege
-
Open the Amazon EC2 console at
https://console.aws.amazon.com/ec2/.
-
In the navigation pane, choose Security Groups.
-
Choose Create Security Group.
-
Enter a name for the new security group and a description. Use a name that is easy
for you
to remember, such as your user name, followed by _SG_, plus the Region name.
For example, me_SG_uswest2.
-
In the VPC list, select your default VPC for the Region.
-
On the Inbound tab, create the following rules (choose Add
rule for each new rule):
-
Choose HTTP from the Type list, and make sure that
Source is set to Anywhere
(0.0.0.0/0).
-
Choose HTTPS from the Type list, and make sure that
Source is set to Anywhere
(0.0.0.0/0).
-
Choose RDP from the
Type list. In the Source
box, choose My IP to automatically populate the
field with the public IPv4 address of your local computer.
Alternatively, choose Custom and specify the public
IPv4 address of your computer or network in CIDR notation. To specify an
individual IP address in CIDR notation, add the routing suffix
/32, for example, 203.0.113.25/32.
If your company allocates addresses from a range, specify the entire
range, such as 203.0.113.0/24.
For security reasons, we don't recommend that you allow RDP access
from all IPv4 addresses (0.0.0.0/0) to your instance,
except for testing purposes and only for a short time.
-
Choose Create.
- Command line
-
To create a security group with least privilege
Use one of the following commands:
For more information, see Amazon EC2 security groups for Windows instances.
