Following along some useful youtube videos, I’ve created a cheat sheet below for reference when setting up AWS services using the CLI tools.
This post assumes a level of familiarity with basic AWS services through the management console – you should know what a security group is and what an instance is, etc.
Youtube videos:
1. cli basics: https://www.youtube.com/watch?v=_P0fgqt99RA
2. cloudformation basics: https://www.youtube.com/watch?v=EVK8ultk-u0
3. lambda basics: https://www.youtube.com/watch?v=ZybIYqjXt1g
The snippets below assume the aws command line tools have already been installed , via a guide such as this one for installing AWS tools with pip.
You should also install jq
via brew
, as responses by default are JSON objects. JQ allows easy filtering to fetch for example an array of IDs from a big JSON response: brew install jq
CLI Basics
On a fresh CLI install, we have no permissions. Run aws configure
to enter a set of API keys that will be used through the process.
To create a new EC2 instance, we need pre-requisite security groups to access the instance and a key pair to connect to the instance.
Create a security group
Creating the security group, with no rules:
aws ec2 create-security-group --group-name cli-example --description "this is the cli example"
The response will return a “GroupId”. You should capture this in a text doc for later.
{
"GroupId": "sg-0666aba64453e0791"
}
Opening up SSH on the security group
aws ec2 authorize-security-group-ingress --group-name cli-example --protocol tcp --port 22 --cidr 0.0.0.0/0
Allows ANY IP through the security group via TCP/Port 22. In production, this IP range should be seriously limited.
Creating a keypair to SSH in
aws ec2 create-key-pair --key-name test-key --query "KeyMaterial" --output text > test-key.pem
Creates a keypair and saves the private key to ‘test-key.pem’. The key has too many permissions by default, so it’s important to give it only ‘user read’ permissions (400)
sudo chmod 400 test-key.pem
It’s worth mentioning that commands have a corresponding describe command. In this case, we can describe the key pairs attached to the account. It’s useful to check what’s still running on cleanup, and to check what was actually created in the case of failures.
aws ec2 describe-key-pairs
Finding and creating an instance
We’re going to gloss over a whole giant part here of working out what image you want, and assume you’re happy to use the pre-configured Amazon Linux 2 AMI.
Using a describe-images
request and some clever jq
(installed at the start) we can return the AMI for the latest Amazon Linux 2 AMI. At the time of this post, it’s ami-0b898040803850657
It’s time to spin up an instance with the AMI ID, security group ID, and key pair we made above. Make sure to drop yours in below instead of mine:
aws ec2 run-instances --image-id ami-0b898040803850657 --security-group-ids sg-0666aba64453e0791 --instance-type t2.micro --key-name test-key
Extract the InstanceId and PublicIpAddress from the response, and connect to the public IP address using the private key.
ssh [email protected] -i test-key.pem
With any luck, you’ll be connected to your new instance!
When you’re done, make sure to kill the instance.
aws ec2 stop-instances --instance-ids "i-0a7cbe4f97c0515a0"
Describe the instances until you can see that the instance has stopped.
aws ec2 describe-instances | jq '.Reservations[].Instances[] | [.State, .InstanceId]'
[
{
"Code": 80,
"Name": "stopped"
},
"i-0a7cbe4f97c0515a0"
]
[
{
"Code": 16,
"Name": "running"
},
"i-0ae6334455914efdb"
]