HOW TO CREATE KEY-PAIR, SECURITY GROUP, EBS VOLUME AND HOW TO LAUNCH INSTANCE IN AWS CLOUD USING AWS CLI.
Hello Everyone,
In this blog I tried to cover “HOW TO CREATE KEY-PAIR, SECURITY GROUP, EBS VOLUME” and also “HOW TO LAUNCH THE EC2 INSTANCE USING OUR CREATED KEY-PAIR AND THE SECURITY GROUP AND HOW TO ATTACH THE EBS VOLUME TO THIS INSTANCE” using AWS CLI. But before going into deep dive of practical work, let’s first discuss about all the services that we gonna use in this practical.
1. What is Amazon Web Services (AWS) CLI?
AWS Command Line Interface(CLI) is nothing but an unified tool that is use to manage our AWS Services without going inside our Console manually. It pulls all the AWS services together in one central console, giving us a easy control of multiple AWS services with a single tool .With just one tool to download and configure, we can control multiple AWS services from the command line and automate them through scripts.
Can you imagine how much powerful tool it is. The more you use the AWS CLI, the more you’ll see how powerful it is.
2. Amazon AWS Key Pair:-
Amazon AWS uses keys to encrypt and decrypt login information. At the basic level, a sender uses a public key to encrypt data, which its receiver then decrypts using another private key. These two keys, public and private, are known as a key pair. You need a key pair to be able to connect to your instances.
Generally we can say that the key-pair of AWS is same as the Password of our Operating System has.
3. AWS Security Group:-
AWS Security Group is an instance level of security. It provides very basic security to the instances and therefore it is the last level of security. It is based on port and protocol level security. So the user needs to allow traffic using rules for it’s incoming and outgoing requests. Security Group (SG) in AWS works the same as firewall in OS.
4. AWS EBS Volume:-
EBS stands for Elastic Block storage. It is a highly available, durable, reliable persistent block level storage service provided for use with Amazon EC2 instances in the AWS Cloud. It provides consistent and low latency storage system.
AWS Provides three type of storage: BLOCK STORAGE (EBS), OBJECT STORAGE (S3) AND FILE SYSTEM STORAGE (EFS).
5. AWS EC2 Instance:-
EC2 instance is a virtual server or virtual OS in Amazon’s Elastic Compute Cloud ( EC2) for running applications on the Amazon Web Services ( AWS) infrastructure. EC2 is a service that allows us to run application programs in the computing environment.
EC2 is the main service, EBS etc are the sub-services of EC2 service.
6. AWS IAM:-
AWS IAM stands for Amazon Web Services (AWS) Identity and Access Management (IAM). AWS IAM provides identity management capabilities for AWS customers by enabling IT administrators to control which users have permission to access various AWS resources and the type of actions they can perform.
So, here we discussed all the services that we gonna use for doing our practical.
WHAT IS OUR TASK?
So the task that we have to cover in this blog using AWS CLI is:-
🔅 Create a key pair,
🔅 Create a security group,
🔅 Launch an instance using the above created key pair and security group,
🔅 Create an EBS volume of 1 GB,
🔅 The final step is to attach the above created EBS volume to the instance you created in the previous steps.
Let’s start to do this task.
STEPS:-
STEP-1:-
To complete the above task, firstly you should have the AWS CLI install in your OS. Depending on your operating system, it will require a different method.
To download the AWS CLI, go through above link in which you will find the software for all types of OS.
Download it and by doing double click on it, it will automatically install in your OS. To verify that AWS CLI has installed or not run this command in your CMD:
“aws --version”
STEP-2:-
Now, we have AWS CLI in our OS. But the challenge is that, AWS CLI can’t work with our main or root account of AWS Cloud. It only work with IAM user account, where we have to provide the access key and secret key of user to the CLI for log-in.
So for doing this let’s first create one IAM user manually:-
A. Search IAM service in your management console, and go inside it:
B. Now click on Add user button in IAM service page:
Give the user name, whatever you wanna give and then Select access type:
## Programmatic access:- This is what we need, by selecting it our user will have access key and secret key with them, that we use to log in using AWS CLI.
## Management Console Access:- Select it, if you wanna give user also a access to log in manually inside the AWS Cloud GUI, using the password you will create for them.
And then click on “Next: Permissions”.
C. Now here you have to give the user a permissions that what services they can use of your account using this user. I have given the PowerUserAccess permission to my user. This permission gives user a power that they will do whatever they want except IAM Service and Billing Dashboard.
Click on “Next: Tags”.
D. Give tags to your user if you wanna give or leave it and click on “Next”.
E. Now all steps have done, just click on “Create User” and you will see one user they will created for you.
Here you will find the Access Key and the Secret Key of your user. Don’t show your Secret Key to anyone.
Our STEP-2 has completed, we successfully created one IAM user.
STEP-3:-
Now we have our Access key and Secret key with us. Using this command now we can log in inside our AWS using CLI:
“aws configure”
Here you have to give your Access key, Secret key, the Region where you wanna launch or wanna use Services of AWS and the output format (By Default it is in JSON format).
STEP-4:-
We successfully log-in inside our AWS using IAM user. Now as per our task, we have to create one key-pair using CLI. We know that key-pair service comes under the EC2 service. So inside EC2 we have found one command “create-key-pair”, we can use this command to create an key-pair. The command is:
“aws ec2 create-key-pair --key-name NAME_OF_THE_KEYPAIR”
--key-name (string): A unique name for the key pair. Constraints: Up to 255 ASCII characters.
Now we can see manually inside our AWS Cloud, that one key-pair has created with the same key name that we have given.
STEP-5:-
Now we have to create one Security group using CLI. We know that Security group lies under the EC2 service. So in EC2 we have found one command “create-security-group” using “aws ec2 help” command. By using this command we can create Security group, command:
“aws ec2 create-security-group --group-name NAME_OF_THE_SG --description DESCRIPTION”
--group-name (string)
The name of the security group. Constraints: Up to 255 characters in length. Cannot start with sg- .Constraints for EC2-Classic: ASCII characters. Constraints for EC2-VPC: a-z, A-Z, 0–9, spaces, and ._-:/()#,@[]+=;{}!$*
--description (string)
A description for the security group. This is informational only. Constraints: Up to 255 characters in length. Constraints for EC2-Classic: ASCII characters. Constraints for EC2-VPC: a-z, A-Z, 0–9, spaces, and ._-:/()#,@[]+=;{}!$*.
Now we can see manually in our AWS Cloud, that one SG has created with the same name that we have given.
STEP-6:-
We have to launch one EC2 instance using above created key-pair and the security group. So in EC2 we have one command “run-instances”, by using this command we can lauch one EC2 instance, command:
“aws ec2 run-instances --image-id ID_OF_THE_IMAGE --instance-type GIVE_THE_TYPE --count NO._OF_INSTANCE --subnet-id SUBNET_ID --security-group-ids SG_ID --key-name KEY-PAIR_NAME”
--image-id (string):
The ID of the AMI. An AMI ID is required to launch an instance and must be specified here or in a launch template.
-- instance-type (string): The instance type(t2.micro etc).
-- key-name (string): The name of the key pair. I have given the above created key-pair name.
-- security-group-ids (list): The IDs of the security groups. I have given the above created Security group ID.
-- subnet-id (string): [EC2-VPC] The ID of the subnet to launch the instance into.
-- count (string): Number of instances to launch. If a single number is provided, it is assumed to be the minimum to launch (defaults to 1). If a range is provided in the form min:max then the first number is interpreted as the minimum number of instances to launch and the second is interpreted as the maximum number of instances to launch.
Now after running this command we can see one instance will launch in the EC2 dashboard of our AWS console.
STEP-7:-
Now we have to create one EBS volume. We already know that EBS Service comes under the EC2 service. So inside the EC2 we have found one command “create-volume”, using this command we can create one EBS volume, command:
“aws ec2 create-volume --availability-zone REGION_ID --size SIZE_OF_VOLUME”
-- availability-zone (string): The Availability Zone in which to create the volume.
-- size (integer): The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. Constraints: 1–16,384 for gp2 , 4–16,384 for io1 and io2 , 500–16,384 for st1 , 500–16,384 for sc1 , and 1–1,024 for standard . If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.
Now after running this above command you can see one EBS Volume has created in your Console.
STEP-8:-
The last step of our task is we have to attach this volume to our Instance that we already created above. For doing this we have one command in EC2 “attach-volume”, command:
“aws ec2 attach-volume --volume-id ID_OF_VOLUME --instance-id ID_OF_INSTANCE --device DEVICE”
-- device (string): The device name (for example, /dev/sdh or xvdh ).
-- instance-id (string): The ID of the instance.
-- volume-id (string): The ID of the EBS volume. The volume and instance must be within the same Availability Zone.
Now manually we can see this Volume status has become “in-use”.
Here we can’t use this volume because to use any Block Storage we have to first create a partition of the volume. How to do partition, so will write one separate blog for it.
HURRAY! FINALLY WE HAVE COMPLETED OUR TASK!
Thank you so much for reading this article. Will write many more articles on different-different technologies, so stay connected with me. Follow me or if you have any doubt in this article so please ping me on my Linkedin.
