AWS EC2 instance with custom security group rules

Hello all,

Today we are going to create an AWS EC2 instance with customized rules in security group that allow only specific hosts to connect to it and ping it.

So first login to your AWS account and select a region where you want to create an EC2 instance. I am going to use Mumbai region(ap-south-1).

Next click on Launch instances button and below page will appear:


Select any AMI [Amazon Machine Image] of your preferences, I am selecting Amazon Linux 2 AMI.

Then select the instance type from below webpage, I will choose t2.micro and click on Next button

In instance details page either you can choose default values and click on Next or you can configure some options. I am selecting Subnet option as Default in ap-south-1a and clicking on Next button.

 

In Add Storage page give size as per your requirement. I'll go with the default option [8 GiB].

In the next page we can add tags to this instance so we can refer to this instance using this tags. We can add multiple tags to the instance. I am adding the default tag [Name] to this instance. Click on click to add a Name tag. Give some tag name as below and click Next

In the Security group page, we will create a new security group [in layman terms we call it Firewall].
Create a new security group and give its name and description.

Now we will add two new rules to this security group, one for SSH protocol and other for ping[ICMP protocol] to this machine.

Before adding new rules we need to know that each machine/OS has two IPs:

  • Private IP
  • Public IP

We are going to SSH to this instance from our local machine via Internet and internet only works on public ip of any machine but machine/OS knows only about private IP. OS has no idea of the public IP.

ipconfig or ifconfig commands give only private ip as shown below


So if we use this private ip [192.168.1.101] to configure in AWS security group, then we will not be able to SSH to our EC2 instance.

To find the public IP of our local machine, open google.com and search for what is my ip. The google search result shows our local machine public IP. 


We will use this ip to configure in AWS security group as shown in below snapshot.

Notice I have appended /32 at the end of my local machine public ip since we have given ip address in CIDR format.
Finally we can review our configurations and launch our new EC2 instance by clicking on Launch button

The next step is to select an existing key pair or create a new key pair. I am having an existing key pair so I'll use that key pair.

If you don't have an existing key pair, you can create a new one and download it as shown below

If everything goes right, then we will see Success Launch Status. Click on the instance id [highlighted in below image] to see the newly created EC2 instance.

So we have successfully created an EC2 instance with custom rules for security group.


Now we will try to connect instance from our local machine/OS. We will use putty software to connect the public ip of above EC2 instance.

Open putty, give public ip address of the above EC2 instance

Next give the location of Key pair that we have used to create this EC2 instance in putty


Click Open and a new prompt will appear to save EC2 instance server's ssh key to your local machine. Click on Yes


Now Putty will ask for the user to connect to this EC2 instance. By default EC2 instance give us ec2-user to use. Login with the same account


So we have successfully able to ssh to EC2 instance from our local machine.

To be able to ping this EC2 instance from our local machine, we have to add a new rule to instance's security group. Click on the instance security group as show in below snapshot.


Click on Edit Inbound rules and then click on Add rule to add a new rule for ping

ping command works on ICMP protocol, so we will add a new Type as All ICMP-IPv4 with same local public ip address. Finally click on Save rules


If we try to ping the instance's public ip we will be able to do so




Please check this blog on how to provision an AWS EC2 instance using ansible.

Thanks for reading, hope you have learnt something new today.

Happy LearninG

Comments

Post a Comment

Popular posts from this blog

Create custom VPC with private and public subnets

Image
  Create a custom VPC with public and private subnets and run EC2 instances on it. In this blog we will use AWS CLI version2 to create a custom VPC  along with private and public subnets and finally we will run new EC2 instances on this VPC. To begin with, let's create a VPC with name as paulVPC2 and CIDR-Block range as 192.168.0.0/16 using below aws cli command aws ec2 create-vpc ^ --cidr-block 192.168.0.0/16 ^ --tag-specifications="ResourceType=vpc,Tags=[{Key=Name,Value=paulVPC2}]" The symbol '^' is used in windows for line continuation similar to '\' in linux. To get the vpc-id of the above VPC use below aws cli command aws ec2 describe-vpcs ^ --output json In this VPC we will create a subnet with name=paulSubnet1 in Mumbai 1a AZ aws ec2 create-subnet ^ --cidr-block 192.168.1.0/24 ^ --vpc-id vpc-0855a7ab2ac29fb28 ^ --availability-zone ap-south-1a ^ --tag-specifications="ResourceType=subnet,Tags=[{Key=Name,Value=paulSubnet1}]" Insid
Read more

How to create an AWS EC2 instance

Image
In this blog we are going to create an AWS EC2 instance. As per AWS,  Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2 offers the broadest and deepest compute platform with choice of processor, storage, networking, operating system, and purchase model. So first login to your AWS account and then go to EC2 Services . Click on Launch instances and select your Amazon machine Image . AMI is the type of OS that you want to boot in your ec2 instance. Amazon offers rich flavours of OS from Linux servers to Windows servers. Now Choose an Instance type . Instance type is the specification of compute capacity like amount of RAM & CPU. t2.micro is the only instance type that comes under free tier. For all others amazon will charge. Next Configure instance details like number of instances that we want to boot, aws region ( Subnet ) where
Read more