AWS Command Line Interface
User Guide

Deploying a Development Environment in Amazon EC2 Using the AWS Command Line Interface

This tutorial details how to set up a development environment in Amazon EC2 using the AWS CLI. It includes a short version of the installation and configuration instructions, and it can be run start to finish on Windows, Linux, macOS, or Unix.

Install the AWS CLI

You can install the AWS CLI with an installer (Windows) or by using pip, a package manager for Python.


  1. Download the MSI installer.

  2. Run the downloaded MSI installer.

  3. Follow the instructions that appear.

Linux, macOS, or Unix

These steps require that you have a working installation of Python 2 version 2.6.5+ or Python 3 version 3.3+. If you encounter any issues using the following steps, see the full installation instructions in the AWS Command Line Interface User Guide.

  1. Download and run the installation script from the pip website:

    $ curl "" -o "" $ python --user
  2. Install the AWS CLI Using pip:

    $ pip install awscli --user

Configure the AWS CLI

Run aws configure at the command line to set up your credentials and settings.

$ aws configure AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-west-2 Default output format [None]: json

The AWS CLI will prompt you for the following information:

  • AWS Access Key ID and AWS Secret Access Key – These are your account credentials. If you don't have keys, see How Do I Get Security Credentials? in the Amazon Web Services General Reference.

  • Default region name – This is the name of the region you want to make calls against by default.


    Use us-west-2 for this tutorial (the AMI we will use is specific to this region). You can change the default region later by running aws configure again.

  • Default output format – This format can be either json, text, or table. If you don't specify an output format, json will be used.

Run a command to verify that your credentials are configured correctly and that you can connect to AWS.

$ aws ec2 describe-regions --output table ---------------------------------------------------------- | DescribeRegions | +--------------------------------------------------------+ || Regions || |+-----------------------------------+------------------+| || Endpoint | RegionName || |+-----------------------------------+------------------+| || | ap-south-1 || || | eu-west-3 || || | eu-west-2 || || | eu-west-1 || || | ap-northeast-2 || || | ap-northeast-1 || || | sa-east-1 || || | ca-central-1 || || | ap-southeast-1 || || | ap-southeast-2 || || | eu-central-1 || || | us-east-1 || || | us-east-2 || || | us-west-1 || || | us-west-2 || |+-----------------------------------+------------------+|

Create a Security Group, Key Pair, and Role for the EC2 Instance

Your next step is to set up prerequisites for launching an EC2 instance that can be accessed using SSH. For more information about Amazon EC2 features, go to the Amazon EC2 User Guide for Linux Instances

To create a security group, key pair, and role

  1. First, create a new security group and add a rule that allows incoming traffic over port 22 for SSH. Note the security group ID for later use.

    $ aws ec2 create-security-group --group-name devenv-sg --description "security group for development environment in EC2" { "GroupId": "sg-b018ced5" } $ aws ec2 authorize-security-group-ingress --group-name devenv-sg --protocol tcp --port 22 --cidr
  2. Replace the CIDR range in the above with the one that you will connect from for more security. You can use the aws ec2 describe-security-groups command to admire your handiwork.

  3. Next, create a key pair, which allows you to connect to the instance.

    $ aws ec2 create-key-pair --key-name devenv-key --query 'KeyMaterial' --output text > devenv-key.pem

    This command saves the contents of the key to a file called devenv-key.pem.


    In the Windows Command Processor, enclose queries with double quotes instead of single quotes.

  4. On Linux, you will also need to change the file mode so that only you have access to the key file.

    $ chmod 400 devenv-key.pem

Launch and Connect to the Instance

Finally, you are ready to launch an instance and connect to it.

To launch and connect to the instance

  1. Run the following command, replacing the security group ID output in the previous step.

    $ aws ec2 run-instances --image-id ami-6e1a0117 --security-group-ids sg-b018ced5 --count 1 --instance-type t2.micro --key-name devenv-key --query 'Instances[0].InstanceId' "i-0787e4282810ef9cf"

    The image ID ami-6e1a0117 specifies the Amazon Machine Image (AMI) that Amazon EC2 uses to bootstrap the instance. You can find image IDs for other regions and operating systems in the Amazon EC2 Management Console Launch Instance Wizard.


    T2 instance types require a VPC. If you don't have a default VPC, you can specify a subnet in a custom VPC with the --subnet-id option. If you don't have any VPCs, choose a different instance type such as t1.micro.

  2. The instance will take a few moments to launch. Once the instance is up and running, the following command will retrieve the public IP address that you will use to connect to the instance.

    $ aws ec2 describe-instances --instance-ids "i-0787e4282810ef9cf" --query 'Reservations[0].Instances[0].PublicIpAddress' ""
  3. To connect to the instance, use the public IP address and private key with your preferred terminal program. On Linux, macOS, or Unix, you can do this from the command line with the following command:

    $ ssh -i devenv-key.pem ubuntu@

    If you get an error like Permission denied (publickey) when attempting to connect to your instance, check that the following are correct:

    • Key – The key specified with the -i option must be at the path indicated and must be the private key, not the public one. Permissions on the key must be restricted to the owner.

    • User name – The user name must match the user associated with the key pair on the instance. For Ubuntu instances, this is ubuntu. For Amazon Linux, it is ec2-user.

    • Instance – The public IP address or DNS name of the instance. Verify that the address is public and that port 22 is open to your local machine on the instance's security group.

    You can also use the -v option to view additional information related to the error.

    SSH on Windows

    On Windows, you can use the PuTTY terminal application available here. Get putty.exe and puttygen.exe from the downloads page.

    Use puttygen.exe to convert your private key to a .ppk file required by PuTTY. Launch putty.exe, enter the public IP address of the instance in the Host Name field, and set the connection type to SSH.

    In the Category panel, navigate to Connection > SSH > Auth, and click Browse to select your .ppk file, and then click Open to connect.

  4. The terminal will prompt you to accept the server's public key. Type yes and click Enter to complete the connection.

You've now configured a security group, created a key pair, launched an EC2 instance, and connected to it without ever leaving the command line.