Launching instances using the AWS Web-UI is easy enough, but how about the good old method of using the command line ?
Read along to learn how to do the following AWS actions using the CLI:
- Create a key pair
- Create a security group
- Launch an instance (using the key pair and security group created)
- Create an EBS volume of 1 GB
- Attach the above created volume to the instance
- An IAM role with privileges to work with EC2
- The AWS Command Line Interface. (Click here to install for Windows)
(The Windows command prompt is being used in this article, but you can get the AWS CLI for Mac and Linux here.)
Lets get started
Once AWS CLI has been installed (check the version installed by the command aws --version), we can start with the initial configuration by using the aws configure command (the
--profile option is not necessary).
C:\>aws configure --profile ga_r
AWS Access Key ID [****************RLUC]: EXAMPLEKEYAZ5CD32RLUC
AWS Secret Access Key [****************KdBs]: EXAMPLEKEY780SjuKdBs
Default region name [ap-south-1]: ap-south-1
Default output format [None]:
- The Access Key ID and Secret Access Key are received while creating a user, but if forgotten, a new Access Key can be created using IAM > Access Management > Users.
- The Default region name is entered based on your preference. List of region names can be found in Regions and Endpoints. In my case, ap-south-1 is the region name for Asia Pacific (Mumbai).
- The Default output format can be left unchanged by pressing Enter (by default it’s JSON).
Creating a key pair
To create a key pair, use the create-key-pair command with the
--query option, and the
--output text option to pipe your private key directly into a file.
C:\>aws ec2 create-key-pair --key-name CLIKeyPair --query 'KeyMaterial' --output text > CLIKeyPair.pem
The created key pair will also be shown the Web-UI under EC2 > Network & Security > Key Pairs
You can match the fingerprint of the key pair generated in the CLI with the one in AWS by using the command:
C:\>aws ec2 describe-key-pairs --key-name CLIKeyPair
To delete a key pair use,
C:\>aws ec2 delete-key-pair — key-name CLIKeyPair
We’ll keep the key pair for now as we need it to launch our instance later on.
Creating a Security Group
The create-security-group command under EC2 is used to create a security group in the AWS Virtual Private Cloud which is logically isolated to only one AWS account.
I used the VPC of the default Security Group that already existed to make this new EC2-VPC security group. Optionally, a user can also create an EC2-Classic security group without having to specify the vpc-ID.
C:\>aws ec2 create-security-group --group-name cli-sg --description "CLI security group" --vpc-id vpc-example7c
To view the initial information for a security group, run the describe-security-groups command.
C:\>aws ec2 describe-security-groups — group-ids sg-09f1example63b7ad
To keep it simple, we’ll allow all traffic as an inbound rule for this security group (this is not preferred due to security risks, so I’ll recommend you to add inbound rules based on requirements).
C:\>aws ec2 authorize-security-group-ingress --group-id sg-09f1example63b7ad --protocol all --port all --cidr 0.0.0.0/0
Optionally, if you want to allow SSH from your local system, set
--port 22, and
--cidr as your public IP.
To delete a security group use delete-security-group command,
C:\>aws ec2 delete-security-group — group-id sg-09f1example63b7ad
We’ll keep the security group for now as we need it to launch our instance later on.
Launch an Instance
We will be launching a free-tier t2.micro instance using the security group and key pair created in the previous steps.
To launch an instance, we need
- image-id (id of AMI)
- count (number of instances)
- instance-type (t2.micro in this case)
- key-name (of the key pair we created in the first step)
- security-group-id (of the security group we created using vpc in step 2)
- subnet-id (only if using vpc)
The subnet-id can either be picked from existing ones or a new one can be created by navigating through VPC > Subnets > Create subnet.
For this example, we will create one Amazon Linux 2 AMI of instance type t2.micro, with key-name, security-group-id, and subnet-id as per your setup.
C:\>aws ec2 run-instances --image-id ami-0e306788ff2473ccb --count 1 --instance-type t2.micro --key-name CLIKeyPair --security-group-ids sg-09f1examplea63b7ad --subnet-id subnet-d57example5
If you created an EC2-Classic security group, the command would change to,
C:\>aws ec2 run-instances --image-id ami-0e306788ff2473ccb --count 1 --instance-type t2.micro --key-name CLIKeyPair --security-groups my-sg
Add tags to your instances using the create-tags command.
C:\>aws ec2 create-tags --resources i-0a6acd66b0b7ec8f4 --tags Key=Name,Value=CLIinstance
You can also list an instance with its details in the CLI using describe-instances command. Here, I used the tag as a filter.
C:\Users\w10>aws ec2 describe-instances --filters "Name=tag:Name,Values=CLIinstance"
This command can be used after any of the following steps to check if the changes have been reflected in the instance.
Creating an EBS Volume
We can directly attach an EBS volume by using the
--block-device-mappings option in the run-instances command. But for this example, we will create a separate EBS volume using the create-volume command and then attach the volume to the running instance.
To create an EBS volume for our instance we need,
- volume-type (gp2 for General Purpose SSD)
- size (in GiBs)
- availability-zone (should be the same as the instance)
The command and output would thus look like,
C:\>aws ec2 create-volume --volume-type gp2 --size 1 --availability-zone ap-south-1a
Attaching EBS Volume to instance
We use the attach-volume command to attach an EBS volume to a running or stopped instance and expose it to the instance with the specified device name.
To attach a volume to an instance we need,
- volume-id (of the EBS volume created in the previous step)
- instance-id (of the target instance)
- device (name of the volume to be attached — specified by user, eg. /dev/sdf)
C:\>aws ec2 attach-volume --volume-id vol-036a30f67a42debe2 --instance-id i-0a6acd66b0b7ec8f4 --device /dev/sdf
For the attached volume to be usable, further steps like creating partitions, formatting and mounting the drive need to be done by connecting to the instance using SSH. To follow these steps refer Making an EBS volume available for use.
With this we successfully launched an instance with a key pair and security group, created an EBS volume and attached it to the running instance, all using the Command Line Interface. Hope this walkthrough has been helpful :)