Amazon EC2 Reference
- How to create an Amazon IAM key pair for accessing EC2 resources
- How to create an Amazon VPC
- Amazon EC2 regions
- Amazon EC2 instance types
- Amazon EC2 attributes
How to create an Amazon IAM key pair for accessing EC2 resources
Introduction
Amazon Identity and Access Management (IAM) allows you to manage user identities and their permissions within the Amazon Web Services (AWS) ecosystem. One common use case is to create IAM key pairs to grant secure access to EC2 instances. In this guide, we'll walk you through the process of creating an IAM user, generating an access key pair, and configuring permissions to leverage EC2 resources.
Prerequisites
- An active AWS account.
- Basic familiarity with the AWS Management Console.
Steps
Access the AWS Management Console
Log in to your AWS account using your credentials at AWS Management Console.
Open the IAM dashboard
Once logged in, navigate to the "Services" menu and select "IAM" under the "Security, Identity, & Compliance" section.
Create an IAM User
- In the IAM dashboard, click on "Users" in the left sidebar.
- Click the "Add user" button.
- Enter a username for the IAM user.
- Choose the access type:
- Programmatic access: This enables API access through access keys.
- Click "Next: Permissions."
Configure permissions
- On this page, you'll attach permissions policies to the IAM user.
- You can either add the user to a group with predefined policies or attach policies directly.
- For EC2 access, consider attaching the "AmazonEC2FullAccess" policy.
- Click "Next: Tags" to add metadata tags (optional).
Review and create
- Review your settings to ensure they're accurate.
- Click "Create user."
Access key pair creation
- After creating the user, you'll see a confirmation screen. Here, you can download the user's access key pair. This consists of an Access Key ID and a Secret Access Key.
- Important: Download the key pair and store it securely. You won't be able to access the Secret Access Key again.
Store the access key securely
- It's crucial to store the Access Key ID and Secret Access Key in a secure manner.
- Do not hardcode these keys directly in your application's source code or make them publicly accessible.
Using the Access Key Pair with EC2
- To use the Access Key Pair to leverage EC2 resources, you'll typically need to configure the AWS SDK or CLI with these credentials.
- When launching an EC2 instance, you can provide the IAM user's credentials to the instance, enabling it to interact with other AWS services.
Rotating access keys (Recommended)
- As a security best practice, consider regularly rotating access keys for IAM users.
- To rotate keys, generate a new key pair and update your applications with the new credentials before deactivating the old keys.
Conclusion
Creating an IAM key pair for leveraging EC2 resources is a fundamental step in securing and managing access to your AWS infrastructure. By following these steps, you'll establish secure access to your EC2 instances while adhering to security best practices within the AWS ecosystem. Remember to keep your access keys secure and consider rotating them regularly for enhanced security.
How to create an Amazon VPC
Sign in to AWS Console
- Log in to your AWS account using your credentials at AWS Console.
Open Amazon VPC dashboard
- Navigate to the Amazon VPC service by clicking on "Services" in the top-left corner and then selecting "VPC" under the "Networking & Content Delivery" section.
Create a VPC
- In the VPC Dashboard, click on "Create VPC."
- Enter a name for your VPC in the "Name tag" field.
- Specify the IPv4 CIDR block for your VPC. For example,
10.0.0.0/16. - Configure an IPv6 CIDR block if needed.
- Choose or create a tenancy option.
- Click on the "Create" button.
Create subnets
- In the VPC Dashboard, select "Subnets" from the left-hand navigation pane.
- Click on the "Create subnet" button.
- Choose the VPC you created from the dropdown.
- Select an availability zone for your subnet.
- Enter a name for the subnet and choose an IPv4 CIDR block. For example,
10.0.1.0/24. - Optionally associate an IPv6 CIDR block.
- Click on the "Create" button.
Configure route tables
- In the VPC Dashboard, select "Route Tables" from the left-hand navigation pane.
- Click on the "Create route table" button.
- Give your route table a name and choose the VPC you created.
- Click on the "Create" button.
- In the "Subnet Associations" tab, click "Edit subnet associations."
- Select the subnet you created earlier and click "Save associations."
Create an internet gateway (optional, for internet access)
- In the VPC Dashboard, select "Internet Gateways" from the left-hand navigation pane.
- Click on the "Create internet gateway" button.
- Give your internet gateway a name and click "Create."
- Select the internet gateway you created and click "Attach to VPC."
- Choose your VPC and click "Attach."
Configure route for internet access
- In the VPC Dashboard, select "Route Tables" again.
- Click on the route table you created earlier.
- In the "Routes" tab, click "Edit routes."
- Add a new route with the destination
0.0.0.0/0and choose the internet gateway as the target.
Conclusion
Your Amazon VPC is now set up and ready to use. You can launch EC2 instances, RDS databases, and other AWS resources within the subnets of this VPC, controlling their network access and connectivity as per your requirements.
Amazon EC2 Regions
| Region Name | Region Code |
|---|---|
| US East (N. Virginia) | us-east-1 |
| US East (Ohio) | us-east-2 |
| US West (N. California) | us-west-1 |
| US West (Oregon) | us-west-2 |
| Africa (Cape Town) | af-south-1 |
| Asia Pacific (Hong Kong) | ap-east-1 |
| Asia Pacific (Mumbai) | ap-south-1 |
| Asia Pacific (Osaka-Local) | ap-northeast-3 |
| Asia Pacific (Seoul) | ap-northeast-2 |
| Asia Pacific (Singapore) | ap-southeast-1 |
| Asia Pacific (Sydney) | ap-southeast-2 |
| Asia Pacific (Tokyo) | ap-northeast-1 |
| Canada (Central) | ca-central-1 |
| China (Beijing) | cn-north-1 |
| China (Ningxia) | cn-northwest-1 |
| Europe (Frankfurt) | eu-central-1 |
| Europe (Ireland) | eu-west-1 |
| Europe (London) | eu-west-2 |
| Europe (Milan) | eu-south-1 |
| Europe (Paris) | eu-west-3 |
| Europe (Stockholm) | eu-north-1 |
| Middle East (Bahrain) | me-south-1 |
| South America (Sao Paulo) | sa-east-1 |
| AWS GovCloud (US-East) | us-gov-east-1 |
| AWS GovCloud (US-West) | us-gov-west-1 |
Amazon EC2 instance types
For a complete list please see AWS EC2 Instance Types
| Instance Type | vCPUs | Memory (GiB) | Storage | Network Performance |
|---|---|---|---|---|
| t2.micro | 1 | 1 | EBS | Low to Moderate |
| t3.small | 2 | 2 | EBS | Low to Moderate |
| m5.large | 2 | 8 | EBS | High |
| m5.xlarge | 4 | 16 | EBS | High |
| m5.2xlarge | 8 | 32 | EBS | High |
| c5.large | 2 | 4 | EBS | High |
| c5.xlarge | 4 | 8 | EBS | High |
| c5.2xlarge | 8 | 16 | EBS | High |
| r5.large | 2 | 16 | EBS | High |
| r5.xlarge | 4 | 32 | EBS | High |
| r5.2xlarge | 8 | 64 | EBS | High |
| g4dn.xlarge | 4 | 16 | NVMe SSD | High |
| g4dn.2xlarge | 8 | 32 | NVMe SSD | High |
| p3.2xlarge | 8 | 61 | NVMe SSD | Very High |
| p3.8xlarge | 32 | 244 | NVMe SSD | Very High |
| x1e.xlarge | 4 | 122 | EBS | Very High |
| x1e.2xlarge | 8 | 244 | EBS | Very High |
| z1d.large | 2 | 16 | NVMe SSD | Very High |
| z1d.xlarge | 4 | 32 | NVMe SSD | Very High |
| z1d.2xlarge | 8 | 64 | NVMe SSD | Very High |
Amazon EC2 attributes
| Attribute | Description | Mandatory |
|---|---|---|
| TYPE | Needs to be set to "EC2" | YES |
| AMI | Unique ID of a machine image, returned by a call to ec2-describe-images. | YES |
| AKI | The ID of the kernel with which to launch the instance. | NO |
| CLIENTTOKEN | Unique, case-sensitive identifier you provide to ensure idem-potency of the request. | NO |
| INSTANCETYPE | Specifies the instance type. | YES |
| KEYPAIR | The name of the key pair, later will be used to execute commands like ssh -i id_keypair or scp -i id_keypair | NO |
| LICENSEPOOL | --license-pool |
NO |
| BLOCKDEVICEMAPPING | The block device mapping for the instance. More than one can be specified in a space-separated list. Check the –block-device-mapping option of the EC2 CLI Reference for the syntax | NO |
| PLACEMENTGROUP | Name of the placement group. | NO |
| PRIVATEIP | If you're using Amazon Virtual Private Cloud, you can optionally use this parameter to assign the instance a specific available IP address from the subnet. | NO |
| RAMDISK | The ID of the RAM disk to select. | NO |
| SUBNETID | If you're using Amazon Virtual Private Cloud, this specifies the ID of the subnet you want to launch the instance into. This parameter is also passed to the command ec2-associate-address -i i-0041230 -a elasticip. | NO |
| TENANCY | The tenancy of the instance you want to launch. | NO |
| USERDATA | Specifies Base64-encoded MIME user data to be made available to the instance(s) in this reservation. | NO |
| SECURITYGROUPS | Name of the security group. You can specify more than one security group (comma separated). | NO |
| SECURITYGROUPIDS | IDs of the security group. You can specify more than one security group (comma separated). | NO |
| ELASTICIP | EC2 Elastic IP address to assign to the instance. This parameter is passed to the command ec2-associate-address -i i-0041230 elasticip. | NO |
| TAGS | Key and optional value of the tag, separated by an equals sign ( = ).You can specify more than one tag (comma separated). | NO |
| AVAILABILITYZONE | The Availability Zone in which to run the instance. | NO |
| HOST | Defines which orchestrator host will use this template | NO |
| EBS_OPTIMIZED | Obtain a better I/O throughput for VMs with EBS provisioned volumes | NO |