AWS

How to Launch an EC2 Instance Using AWS CLI

Launching and terminating EC2 instances using the AWS command-line interface is the main part of applying automation for horizontal scaling of infrastructure on AWS. AWS infrastructure resources are continuously monitored, and a new EC2 instance is launched or terminated depending upon the resources provisioned and the load. AWS command-line interface enables one to monitor and provision infrastructure on AWS using some automation scripts. This blog will discuss how an EC2 instance can be launched using the command line interface on AWS.

Configure AWS CLI credentials

In order to use the AWS command-line interface, first generate and configure the AWS command-line interface credentials on your system. The following command can be used to configure AWS command-line interface credentials on your local system.

[email protected]:~$ aws configure

Create VPC

The first thing before launching an EC2 instance is to set up a VPC (virtual private cloud) in which the EC2 instance will be launched. First, list all the VPCs available in a specific region.

[email protected]:~$ aws ec2 describe-vpcs \

--region us-east-1

From the output, it is clear that there is only one default VPC in the us-east-1 region. Now use the create-vpc command of the ec2 service to create a VPC.

[email protected]:~$ aws ec2 create-vpc \

--cidr-block 192.168.0.0/16 \

--region us-east-1

The above command will create a VPC with a specified CIDR block and generate the following output.

Note the ID of the VPC as it will be used to create any other resources inside the VPC.

Create subnet

After creating the VPC, now create a subnet inside the previously created VPC. The subnet can be created using the create-subnet command provided by the AWS command-line interface.

[email protected]:~$ aws ec2 create-subnet \

--vpc-id <vpc-id> \

--cidr-block 192.168.0.0/24 \

--region us-east-1

Now modify the subnet to automatically assign public IP to the EC2 instances launched inside the subnet. Perform this step only on the subnets you want to make public.

[email protected]:~$ aws ec2 modify-subnet-attribute \

--subnet-id <subnet-id> \

--map-public-ip-on-launch \

--region us-east-1

Create and attach Internet Gateway to VPC

The Internet gateway enables internet connectivity to and from the VPC on AWS. Now use the create-internet-gateway command of the ec2 service to create an internet gateway.

[email protected]:~$ aws ec2 create-internet-gateway \

--region us-east-1

Now attach the internet gateway to the previously created VPC using the attach-internet-gateway command of the ec2 service.

[email protected]:~$ aws ec2 attach-internet-gateway \

--vpc-id <vpc-id> \

--internet-gateway-id <internet gateway id> \

--region us-east-1

Create and associate route table with subnet

The internet gateway is attached to the VPC, and now we can route the traffic from our subnet to the internet gateway using the route table. By doing so, we will make our subnet a public subnet. Create the route table by using the create-route-table command of the ec2 service.

[email protected]:~$ aws ec2 create-route-table \

--vpc-id <vpc-id> \

--region us-east-1

It will create a route table with the default route routing all the traffic inside the subnet. Now create a new route that will route all the traffic towards the internet gateway enabling internet connectivity.

[email protected]:~$ aws ec2 create-route \

--route-table-id <route table id> \

--destination-cidr 0.0.0.0/0 \

--gateway-id <internet gateway id> \

--region us-east-1

After creating the route table and the route, now use the associate-route-table command to associate the route table with the subnet.

[email protected]:~$ aws ec2 associate-route-table \

--subnet-id <subnet id> \

--route-table-id <route table id> \

--region us-east-1

Create Security Group

After creating the VPC, subnet, and route table, now it is time to create a security group for the EC2 instance. Security group is a virtual firewall provided by AWS and used to control the incoming and outgoing traffic from EC2 instances. AWS command-line interface provides create-security-group command from ec2 service to create the security group.

[email protected]:~$ aws ec2 create-security-group \

--group-name demo-sg \

--description “security group for demo instance” \

--vpc-id <vpc-id> \

--region us-east-1

The above command will create a security group in the specified VPC and return the security group ID in response.

After creating the security group, configure the security group to allow or block inbound and outbound traffic. For this security group, we will open port 22 for SSH connection and port 80 for HTTP traffic.

[email protected]:~$ aws ec2 authorize-security-group-ingress \

--group-id <security-group-id> \

--protocol tcp \

--port 80 \

--cidr 0.0.0.0/0 \

--region us-east-1

[email protected]:~$ aws ec2 authorize-security-group-ingress \

--group-id <security-group-id> \

--protocol tcp \

--port 22 \

--cidr 0.0.0.0/0 \

--region us-east-1

The above two commands will create two ingress rules for the security group to allow inbound traffic from ports 22 and 80.

Generate SSH key

Before launching an EC2 instance using the AWS command-line interface, create an SSH key. An SSH key is used for authentication, and it is more secure than the conventional username and password methods of authentication. AWS command-line interface provides create-key-pair command from the ec2 service to create an SSH key pair.

[email protected]:~$ aws ec2 create-key-pair \

--key-name demo-key-pair \

--output text \

--query “KeyMaterial” \

--region us-east-1 > ./demo-key-pair.pem

The create-key-pair command takes key-name and the output type as options, and the standard output of this command has been redirected to a file named demo-key-pair.pem. Use the cat command to check if the key is generated locally or not.

[email protected]:~$ cat demo-key-pair.pem

After generating the SSH key, now list the SSH key using the describe-key-pairs command of the ec2 service to confirm if it is created on AWS or not.

[email protected]:~$ aws ec2 describe-key-pairs \

--key-name demo-key-pair \

--region us-east-1

Launch EC2 instance using CLI

So far, we have created all the resources used to launch the EC2 instance; now, it is time to launch an EC2 instance using the command-line interface. AWS command-line interface provides the run-instances command to launch the EC2 instance.

[email protected]:~$ aws ec2 run-instances \

--image-id <ami-id> \

--count 1 \

--instance-type t2.nano \

--key-name demo-key-pair \

--security-group-ids <security group id> \

--subnet-id <subnet id> \

--region us-east-1

The above command will return a long output that includes the detailed information of the EC2 instance. Now copy the instance ID and use the following command to verify if the instance is created or not.

[email protected]:~$ aws ec2 describe-instances \

--instance-id <instance id> \

--region us-east-1

Conclusion

AWS command-line interface is a powerful tool to automate the provisioning and termination of the EC2 instances. AWS command-line interface provides different commands to create different resources on the AWS cloud. This blog used the command-line interface to create different resources like VPC, internet gateway, subnet, route table, SSH key, security group, route table routes, and EC2 instance. After reading this blog, you will be able to create an EC2 instance using the command-line interface.

About the author

Zain Abideen

A DevOps Engineer with expertise in provisioning and managing servers on AWS and Software delivery lifecycle (SDLC) automation. I'm from Gujranwala, Pakistan and currently working as a DevOps engineer.