In this lab, you will create two security groups and then launch two instances (one Windows and one Linux). You will then log into the instances. Additionally, you will create an EC2 key pair that will be used to authenticate to the instances.
To complete this lab, you need:
In this lab, you will:
AWS uses security groups to control network access to virtual machine instances. Security groups act like firewall rules and allow access based on source IP address and destination port number.
Start Chrome and log into your AWS account using an IAM user that has permissions to administer VPC and EC2.
If you don't know how to do this, then complete the Getting Started with AWS lab before doing this one.
Switch to the EC2 dashboard by selecting Services | EC2.
Verify your region is set to N Virginia by selecting it from the region dropdown in the upper-left corner of the AWS management console.
Click the Security Groups link on the left side.
Click the Create Security Group button.
Provide the following values:
Verify the Inbound tab it selected and notice currently there are not any rules.
Click the Add Rule button.
In the Type column, select SSH from the drop-down menu, and in the Source column, select My IP.
Click the Add Rule button again and create another rule that will allow HTTP traffic from a source of Anywhere.
Click the Outbound tab and notice there is one rule provided by default that allows all traffic on all ports.
Click the Create button.
Click the Create Security Group button again and create another security group named RDP-HTTP and be sure to set the VPC to your VPC. Provide a Description of your choice.
Add the following inbound rules to the new security group and click Create:
An EC2 key pair is an RSA public/private encryption key pair that is used to authenticate to the Linux instances or decrypt a Windows password.
From the Services menu, choose EC2.
Click Key Pairs on the left, then click the Create Key Pair button.
Provide a name of
LabKeyPair and click the Create button.
Chrome will automatically save the file in your Downloads folder without prompting, but some browsers will prompt. If prompted, select to save the file.
Look in your Downloads folder and verify there is a file named
If you are using Windows, you will use the PuTTY SSH client to be able to connect to Linux. If you do not have PuTTY installed, see the AWS setup lab for instructions on installing the PuTTY SSH client and PuTTYgen key utility.
The EC2 key that was just generated by AWS was downloaded as a PEM encoded file that contains both the public and private keys. The PuTTY application requires the private key in a different format. You will now use PuTTYgen to convert the PEM encoded EC2 key pair just downloaded to a PPK file required by PuTTY.
Click the Load button.
Set the file type dropdown to All Files (*.*)
LabKeyPair.pem file in the Downloads folder and click Open, then click OK.
Click the Save private key button and click Yes.
Save the key as
LabKeyPair.ppk in the same folder.
LabKeyPair.ppk file can now be used by PuTTY to create a secure SSH connection.
Switch back to the web browser logged into AWS and verify you are still on the EC2 dashboard or select Services | EC2 to switch to the EC2 dashboard.
Click the Instances link on the left and then click the Launch Instance button.
On the Quick Start tab, scroll down and locate a Windows 2016 image with SQL Server Express, and click the Select button for that image.
On the Choose an Instance Type screen, select
t2.micro. Please be sure to read the Important information box above this step concerning the
t2.micro instance type before proceeding.
Click Next: Configure Instance Details.
On the Configure Instance Details screen, provide the following values:
On the Add Storage screen, notice the size and type of the root volume for the instance. Notice you can change the hard drive type to be either magnetic or SSD media type. Feel free to choose either type, but SSD drives cost about twice as much as HDD drives. Leave the size as the default and click the Next: Add tags button.
On the Add Tags screen, click the Add Tag button and create a new tag with a Key=
Name and a Value=
[your-name]Windows. It is important that the key is
Name, with a capital "N".
The screen should look similar to:
Click the Next: Configure Security Group button.
On the Configure Security Group screen, choose Select an existing security group and select the security group named
RDP-HTTP created earlier. Click the Review and Launch button.
If you see a Warning about not being able to connect to the instance on port 1433, this warning is because the AMI you selected has SQL server installed and we have not opened the SQL Server port number (1433) in the security group. This is OK as we do not want outside access to the database.
Click the Continue button.
In the Review Instance Launch screen, click the Launch button.
In the Select an existing key pair or create a new key pair dialog, select the Choose an existing key pair, select the key pair you created earlier, check the checkbox, and click the Launch Instance button.
In the Launch Status screen, click the View Instances button to view all current instances.
You should see a table displaying the instance you just started.
In this section, you will launch a Linux instance. The steps are very similar as launching a Windows instance.
From the EC2 dashboard, click the Launch Instance button.
Complete the launch instance process just like was done for the Windows instance, but using the values below:
When done launching, click the View Instances button.
Press the Refresh until the Linux instance has a state of Running.
Select the Linux instance in the instance table. On the bottom of the screen, locate the IPv4 Public IP address. Highlight and copy this address.
ec2-useras the username and press <Enter>
chmod 400 LabKeyPair.pem
ssh -i LabKeyPair.pem ec2-user@<public-ip-just-copied>
Feel free to explore the Linux instance. For example, you can list all processes running with:
Leave the Linux instance running, you will need it again later.
Switch back to the web browser logged into AWS and verify you are still viewing the EC2 instances table or select Services | EC2 and click the Instances link to display the instances table.
Select the Windows instance in the instance table. On the top of the screen, click the Actions button and select Get Windows Password.
In the Retrieve Default WIndows Administrator Password dialog, click the Choose File or Browse button, open the
.pem file you downloaded earlier (it should be in your Downloads folder) and click the Decrypt Password button.
Highlight and copy the password displayed. This is the Administrator password for the Windows instance you launched. Paste this password into a text document so you can quickly access it again.
Click the Close button to close the password dialog.
Near the top of the screen, click the Connect button, and then click the Download Remote Desktop File button. This will download an RDP shortcut file. Chrome should save the file automatically, but if prompted select to save the file.
Click the Close button.
.rdp file just downloaded. It should automatically open the Remote Desktop client and connect to the public IP address of the instance. Click Connect if warned about a certificate.
Log in with the username Administrator and the password decrypted earlier. Try pasting the password, but this may not work. If not, you will need to type the password by hand.
You should now be logged into the Windows instance. Feel free to explore the instance.
It is recommend to change the password. Feel free to do that, but do not forget the new password!
Record the password for your Administrator account. If you did not change the password, be sure to record the password assigned by AWS.
Terminate any instances you have. You are being charged for them as long as they exist.
This lab was provided by ROI Training and was adapted from our course, Deploying Infrastructure on Amazon Web Services.
Check out some related courses:
Please click the link below and give us some feedback on this lab. You will automatically be entered to win a new Google Home.
Feedback and Drawing Form