Create your own RED HAT Linux EC2 Instance and AMI with AWS CLI…
Last weeks devops situation..
The Outage running amock…Mayday ..Mayday..
I’m here and I got your back..I know just the thing!
The plan… and the strategy!
1. Create Security Group
2. Modify security group..
3. Create a key pair
4. Create a text or bash file for the user data
5. Grab and AMI ID of our choice..
6. Run Instance
7. Grab Instance ID for new custom AMI
Our AWS CLI…
Go into your EC2 console..
Click on the Cloud Shell icon in order to access the AWS CLI
(at the top right corner of the browser)..
Note the region you are in. I will be using the N. Virginia region.
1. Create Security Group
Start by opening your CLI. I am simple using the AWS browser based CLI for this exercise. You’re welcome to do so from your computer so long as you install the required packages for the CLI.
aws ec2 create-security-group --group-name prac-sg --description "practice sec grp "
1.5. Grab Security group ID
The result of creating that security group would output the group id as presented in the picture below.
2. Modify Security Group
Next we will be using two commands. These commands will allow our security group to enable inbound(ingress) traffic to our EC2 instance with the protocol of TCP at port 80 and port 22. For the purpose of this tutorial I shall simply allow anyone (0.0.0.0/0) to access through http and ssh. Notice that I copied and pasted the security GroupID into the command.
aws ec2 authorize-security-group-ingress --group-id sg-0627b62a095411c68 --protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id sg-0627b62a095411c68 --protocol tcp --port 22 --cidr 0.0.0.0/0
Output for port 80 command
Output for port 22 command
3. Create a key pair..
aws ec2 create-key-pair --key-name thisKey --query 'TKey' --output text > thisKeyisNew.pem
Let’s download our key to our computer..
Just incase you’d like to SSH into your EC2 instance you can always download the .PEM file.
Perform the PWD command and grab your current path
Go to the right corner of your CLI and select the option “Download File”
With your current path just add the name of your key file to it.
4. Create a text or bash file for the user data
Input userdata into the EC2 by creating a bash script file..
In the AWS CLI ; do VI(VIM) userdata.sh and input these bash lines into it..
CAUTION: Please do not try to put anything else except userdata or user-data or user_data. I tried to rename my file to my own liking and although the script was attached to the EC2; it never ran the script.
#!/bin/bash
yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd
- We will be updating all the packages
- installing the Apache Web Server
- Starting the Apache Web Server
- Enabling automatic startup
How to check if your user data script is attached to your EC2..
Go back to your EC2 Dashboard and click on your EC2 instance checkbox.
Click on Actions Menu and click Instance settings and then Edit user data.
In order to edit your settings your EC2 instance must first be stopped.
After the EC2 is stopped you can re-edit the script to your liking. You can also copy the user data for future record.
5. Before launching EC2 we need to grab and AMI ID of our choice..
You can simply go back into the EC2 console and click on “Launch Instances” and grab the AMI image ID that you’d like to use. I will be choosing a RED HAT Linux AMI.
6. Run the Instance..
I will insert the AMI image ID, Key name, Security Group ID and the file used for the EC2 user data.
aws ec2 run-instances --image-id ami-026ebd4cfe2c043b2 --count 1 --instance-type t2.micro --key-name thisKey --security-group-ids sg-0627b62a095411c68 --user-data file://userdata.sh
I have my..
- RedHat AMI ID
- How many Instances
- Instance type
- Key Name
- Security group
- Bash file for user data
Output..
if all goes well you should have an output such as the one below..
I go back to the EC2 Dashboard and see that my EC2 is indeed running. I grab the public IP address and plug it into my browser. Since all went well, I see my banner test screen. Note the Red Hat Enterprise Linux Title..
Let’s look at our web page..
7. Grab Instance ID for new custom AMI
Remember when we executed the command to create our Red Hat EC2 Instance? In the output was the instance ID..
We need that in order to create a custom AMI of our own!…
The command..
aws ec2 create-image --instance-id i-07b41e018e57c3b69 --name "AMI-COPY" --description "Duplicate AMI"
The output..
On the left side if you click on AMI you will find the creation of your custom AMI..
Afterthoughts..
Now that you know how the basics of CLI you can now
- Create security groups and manage the ports for inbound traffic
- Know how to initialize a new EC2 instance in the CLI and create your own custom AMI.
- Proper OPSEC and DEVOPS and CLEAN CODE GOES A LONG WAYS..
- Never ever leave any resources out in the open or running if you are on a free tier..
- Never believe that any Cloud service is invulnerable to attacks or outages..