AWS Elastic Compute Cloud (EC2) Basics
We will learn about IP Addresses and also connect to public EC2 instances externally using SSH. Let's have a look at public and private IP behavior first.
Join the DZone community and get the full member experience.Join For Free
In my earlier post on AWS Basics, we learned that the core of AWS is EC2. You can think of this as a service that provides servers where your applications will be running.
We then started setting up our VPC, Subnets, Routing Table and we also set up an Internet Gateway and we have the following architecture in place (you can check my earlier post on AWS Internet Gateway and VPC Routing for details):
Now in this post, we will launch EC2 instances. We will start simple and initially launch an Ubuntu instance in our public subnet and another in a private subnet.
We will learn about IP Addresses and also connect to public EC2 instances externally using SSH. But before we actually launch our EC2 instance, let's have a look at public and private IP behavior first.
Public/Private IP Behavior
- When instances are launched, their IP address is determined by corresponding subnet CIDR.
- Private IPs:
- Private IPs can not be addressed directly from outside (e.g. internet).
- External (public) IPs:
- External IPs can be addressed directly from outside internet.
- External (public) IP addresses are not assigned by default. You must specify you want a public IP on instance creation. You must either have an auto-assigned IP address enabled or explicitly check that in order to have an external IP address assigned to your instance.
- External (public) IPs are assigned from AWS pool of IPs.
- If you start, stop, restart an instance, this external IP can and usually does change.
- If you want to keep the same IP address for instance during restarts, you can use Elastic IP.
Elastic IPs are basically public IP addresses that are created, destroyed and assigned independently and can be associated with instances.
As I mentioned before that we will connect to the EC2 instance externally, we can create an Elastic-IP in advance and then use it later during the instance creation process. You can create Elastic-IP from the VPC dashboard as shown below:
Launching an EC2 Instance
AWS console make this process very simple. Jump to the AWS EC2 console and provision a Linux server (Ubuntu) by clicking the Launch Instance button to start the wizard. I will use Ubuntu Server 20.04 LTS (t2.micro type) as shown below:
On Configure Instance Details screen, Select the VPC, I selected the public subnet and also notice Auto-assign Public IP is enabled:
Other default values are fine for now. Click through other pages of the wizard, give the instance a Name Tag.
On Configure Security Group Page, There is already one SSH rule populated (we will cover security groups in details in later post). For now, accept this default rule:
This rule is saying accept incoming SSH traffic from anywhere. Typically you should lock it down to may a single IP address or the likes. For this post, I will let this traffic come in from any source.
Click Review and Launch. It will also ask you to create or use a keypair. Keypair will be needed when we will SSH to this instance. In a few minutes, the EC2 instance will be launched and show up in the EC2 Dashboard:
We can see that it has a public IP address. We also allow SSH traffic via port 22 in the security group. Let’s try to connect to it. I will be using Git Bash on Windows, you can use PuTTY or a similar tool if you like.
and in a moment, we will be connected to the EC2 instance as shown below (notice that prompt is now showing the private IP address of EC2 instance as well):
That was easy. One question, you may ask; if we are able to use the public IP then why we created the Elastic IP earlier in this post?
The reason is that this public IP can be changed during start, stop, restart, etc. Elastic IP won’t. So, next, lets associate the Elastic IP to this instance.
Associate Elastic IP
Go to VPC > Elastic IP dashboard and select the previously created Elastic IP:
Next, you can select the target EC2 instance and complete the association as shown below:
Now, if we go back to instance detail, we will see that Elastic IP is populated:
Now, we can use this IP to ssh to our instance as shown before. This is an ubuntu server and you can maybe try to do some experiments with it. Maybe you can try to run an Nginx web server with Node.js (you can check my previous post Use NGINX to Serve .NET Core, Nodejs, or Static contents). However, I will not be doing anything with it just yet.
Let’s have a look on our architecture diagram:
You can see that now this diagram includes the EC2 instance and Security Group Information as well.
Launch an EC2 instance in Private Subnet
Next, I will create another ubuntu based EC2 instance in the private subnet following the same steps mentioned earlier. However, for this instance, I will not assign any public IP address (Remember, we do not have a route to/from the internet in a private subnet, so we can not connect to the EC2 instance from the internet directly). Typically a bastian-server (aka jump box) is used to connect to an instance in a private subnet (more on that in later posts).
I am thinking of using this EC2 instance in the future to host the PostgreSQL database server. But for now, I will not concern myself with this thought much.
I created a new security group and allow SSH traffic from the public subnet (10.0.1.0/24).
Next, Review and Launch the instance and it will be running in few minutes:
We can see, that this instance has a private IP address and no public IP assigned to it.
Now, if we try to SSH to this instance using a private IP address, we wouldn’t able to do that because it is in a private subnet and there is no direct route from the internet to this instance.
But that doesn’t mean that we can not connect to that EC2 instance. What we need to do is to set up a Bastian Host (aka Jump Server) to make the connection. We will see an example of how to set up a bastian host in the next post in this series.
Here is how our architecture diagram looks after the changes:
The core of the web of AWS is EC2. You can think of this as a service that provides servers where your applications will be running. In AWS they are called EC2 instances instead of servers.
You Launch EC2 instances in a subnet of a VPC. This subnet can be private subnet or public subnet. In this post, we launch two ubuntu EC2 instances; one in the public subnet and one in the private subnet.
We created one security group for our public EC2 instance, which allows SSH traffic from any source. The second security group which we associate with the EC2 instance in the private subnet allows SSH traffic from the public subnet only (we will see that it will help us setting up bastian server in the next post). Currently, we can SSH to public EC2 instance using SSH.
Now, you have a Linux machine (EC2) in public subnet. You can use it for various purposes. In the next post, we will continue our journey from this point onward. Let me know if you have some comments or questions. Till Next time, Happy Coding!
Published at DZone with permission of Jawad Hasan Shani. See the original article here.
Opinions expressed by DZone contributors are their own.