AWS Command Line Interface
User Guide

Deploying a Development Environment in Amazon EC2 Using the AWS Command Line Interface

This tutorial details how to set up a development environment in Amazon EC2 using the AWS CLI. It includes a short version of the installation and configuration instructions, and it can be run start to finish on Windows, Linux, macOS, or Unix.

Install the AWS CLI

You can install the AWS CLI with an installer (Windows) or by using pip, a package manager for Python.


  1. Download the MSI installer.

  2. Run the downloaded MSI installer.

  3. Follow the instructions that appear.

Linux, macOS, or Unix

These steps require that you have a working installation of Python 2 version 2.6.5+ or Python 3 version 3.3+. If you encounter any issues using the following steps, see the full installation instructions in the AWS Command Line Interface User Guide.

  1. Download and run the installation script from the pip website:

    $ curl "" -o "" $ python --user
  2. Install the AWS CLI Using pip:

    $ pip install awscli --user

Configure the AWS CLI

Run aws configure at the command line to set up your credentials and settings.

$ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-east-2 Default output format [None]: json

The AWS CLI will prompt you for the following information:

  • AWS Access Key ID and AWS Secret Access Key – These are your account credentials. If you don't have keys, see How Do I Get Security Credentials? in the Amazon Web Services General Reference.

  • Default region name – This is the name of the region you want to make calls against by default.

  • Default output format – This format can be either json, text, or table. If you don't specify an output format, json will be used.

Run a command to verify that your credentials are configured correctly and that you can connect to AWS.

$ aws ec2 describe-regions --output table ---------------------------------------------------------- | DescribeRegions | +--------------------------------------------------------+ || Regions || |+-----------------------------------+------------------+| || Endpoint | RegionName || |+-----------------------------------+------------------+| || | ap-south-1 || || | eu-west-3 || || | eu-west-2 || || | eu-west-1 || || | ap-northeast-3 || || | ap-northeast-2 || || | ap-northeast-1 || || | sa-east-1 || || | ca-central-1 || || | ap-southeast-1 || || | ap-southeast-2 || || | eu-central-1 || || | us-east-1 || || | us-east-2 || || | us-west-1 || || | us-west-2 || |+-----------------------------------+------------------+|

Create a Security Group and Key Pair for the EC2 Instance

Your next step is to set up prerequisites for launching an EC2 instance that can be accessed using SSH. For more information about Amazon EC2 features, go to the Amazon EC2 User Guide for Linux Instances

To create a security group, key pair, and role

  1. First, create a new security group and add a rule that allows incoming traffic over port 22 for SSH. If you are using the default VPC for the region, you can omit the --vpc-id parameter; otherwise, specify the ID of the VPC in which you'll launch your instance. For better security, replace the CIDR range with the range of the network from which you'll connect to your instance.

    $ aws ec2 create-security-group --group-name devenv-sg --vpc-id vpc-xxxxxxxx --description "security group for development environment" { "GroupId": "sg-b018ced5" } $ aws ec2 authorize-security-group-ingress --group-name devenv-sg --protocol tcp --port 22 --cidr

    Note the security group ID for later use when you launch the instance.

  2. Next, create a key pair, which allows you to connect to the instance. This command saves the contents of the key to a file named devenv-key.pem.

    $ aws ec2 create-key-pair --key-name devenv-key --query 'KeyMaterial' --output text > devenv-key.pem


    In a Windows Command prompt, use double quotes instead of single quotes.

  3. On Linux, you will also need to change the file mode so that only you have access to the key file.

    $ chmod 400 devenv-key.pem

Launch and Connect to the Instance

Finally, you are ready to launch an instance and connect to it.

To launch and connect to the instance

  1. Run the following command, using the ID of the security group that you created in the previous step. The --image-id parameter specifies the Amazon Machine Image (AMI) that Amazon EC2 uses to bootstrap the instance. You can find an image ID for your region and operating system using the Amazon EC2 console. If you are using the default subnet for a default VPC, you can omit the --subnet-id parameter; otherwise, specify the ID of the subnet in which you'll launch your instance.

    $ aws ec2 run-instances --image-id ami-xxxxxxxx --subnet-id subnet-xxxxxxxx --security-group-ids sg-b018ced5 --count 1 --instance-type t2.micro --key-name devenv-key --query 'Instances[0].InstanceId' "i-0787e4282810ef9cf"
  2. The instance will take a few moments to launch. After the instance is up and running, you'll need the public IP address of the instance to connect it. Use the following command to get the public IP address:

    $ aws ec2 describe-instances --instance-ids i-0787e4282810ef9cf --query 'Reservations[0].Instances[0].PublicIpAddress' ""
  3. To connect to the instance, use the public IP address and private key with your preferred terminal program. On Linux, macOS, or Unix, you can do this from the command line using the following command:

    $ ssh -i devenv-key.pem user@

    If you get an error like Permission denied (publickey) when attempting to connect to your instance, check that the following are correct:

    • Key – The key specified must be at the path indicated and must be the private key, not the public one. Permissions on the key must be restricted to the owner.

    • User – The user name must match the default user name associated with the AMI you used to launch the instance. For an Ubuntu AMI, this is ubuntu. For an Amazon Linux AMI, it is ec2-user.

    • Instance – The public IP address or DNS name of the instance. Verify that the address is public and that port 22 is open to your local machine on the instance's security group.

    You can also use the -v option to view additional information related to the error.

    SSH on Windows

    On Windows, you can use the PuTTY terminal application available here. Get putty.exe and puttygen.exe from the downloads page.

    Use puttygen.exe to convert your private key to a .ppk file required by PuTTY. Launch putty.exe, enter the public IP address of the instance in the Host Name field, and set the connection type to SSH.

    In the Category panel, navigate to Connection > SSH > Auth, and click Browse to select your .ppk file, and then click Open to connect.

  4. The terminal will prompt you to accept the server's public key. Type yes and click Enter to complete the connection.

You've now configured a security group, created a key pair, launched an EC2 instance, and connected to it without ever leaving the command line.