How to launch EC2 Instances inside Custom VPC and SSH into Public and Private Instances
In previous article Create custom VPC in AWS we have learned how to create a custom VPC in AWS by following steps:-
- Create a VPC.
- Create multiple subnets inside VPC.
- Create an Internet Gateway (IGW) and Attach it to VPC.
- Add IGW in Route Table.
After we have created a VPC, now its time to launch our instances within it . Let us first have a brief overview of instance .
Overview of Instance –
An instance is a virtual server in the cloud. With Amazon EC2, you can set up and configure the operating system and applications that run on your instance.
An instance is an Amazon EBS-backed instance (meaning that the root volume is an EBS volume). You can either specify the Availability Zone in which your instance runs, or let Amazon EC2 select an Availability Zone for you. When you launch your instance, you secure it by specifying a key pair and security group. When you connect to your instance, you must specify the private key of the key pair that you specified when launching your instance.
Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give you the flexibility to choose the appropriate mix of resources for your applications. Available instance types are –
- General Purpose.
- Compute Optimized.
- Memory Optimized.
- Accelerated Computing.
- Storage Optimized.
Steps to Launch an EC2 instance –
- Search for the EC2 service in AWS Management Console and click Instances in the left side of the console.
- Click on Launch Instance and choose the AMI ( An AMI or Amazon Machine Image is a template that contains the software configuration required to launch your instance ) that you want to use . For now, we will select an Amazon Linux 2 AMI .
- Choose an Instance Type . We are selecting t2.micro here having 1 vCPU and 1 GiB of memory and click on Next: Configure Instance Details.
On the Configure Instance Details page, select the custom VPC that you created from the Network list, and the public subnet from the Subnet list.
Now, in the field just below the subnet, you can see the field Auto-assign Public IP and its value is set to the Use subnet setting(Enable). Since in our subnet, we enabled this option so the default option here is Enable.
- Now, add some storage if you want . You can add additional EBS volumes and instance store volumes to your instance or edit the settings of your root volume. For now, I am keeping the default storage and click on Next: Add Tags.
- On the Add Tags page, you can tag your instance that will helps you to identify your instance in the Amazon EC2 console after you’ve launched it. A tag consists of a case-sensitive key-value pair.
- On Configure Security Group page , either select an existing security group or Create a new security group. Give the Security group name and description. You can add rules to allow specific traffic to reach your instance.
I am opening port 22 since we are going to SSH from our public instance into our private instance but for better security SSH should only be open for your particular IP.
- Choose Review and Launch. On the Review Instance Launch page, choose Launch.
In the Select an existing key pair or create a new key pair dialog box, you can choose an existing key pair, or create a new one. If you create a new key pair, ensure that you download the file and store it in a secure location. You’ll need the contents of the private key to connect to your instance after it’s launched.
Click on Launch Instances to launch. Your instance will now launch , you can check the status by clicking on View Instances button at bottom.
- Now, to create a private instance, select the same AMI and instance type. Just this time select the private subnet to launch the instance.
You can see that for the private subnet the Auto-assign Public IP is disabled by default.
Now, add some storage if required, give some name to your instance, select the same security group that you used for the public instance and launch the instance with the same key.
- Once both the instances are running you can see that only the public instance has an IPv4 Public IP.
SSH into Public and Private Instances
Now we will see how to SSH into your instances . You can use any of the SSH client like PuTTY , MobaXterm. Here we will be using MobaXterm.
As your private instance does not have a public IP address you won’t be able to SSH into it directly from your system.
So lets first SSH into the public instance.
- Open the MobaXterm and click on the Sessions at top right corner.
Choose session type SSH .
- Paste the IPv4 Public IP in Remote host and Specify the username.
To get the username , select the public instance and click on Connect button .
- Click on Advanced SSH settings and check the checkbox Use private key . Upload a private key that we have downloaded when we had launched the instance. Click on OK.
- SSH session is now started to the public instance as shown below.
Now, as we are inside the public subnet we should be able to SSH into our private subnet since by default instances within a VPC can communicate with each other.
To SSH, we need a private key that we have attached to the private subnet and private IP of instance.
You can find the private IP of an instance from the Description tab after selecting an instance.
- First , copy the private key of private subnet in public instance as highlighted below and change permissions of key using below command.
chmod 400 <keyname>
- Now finally use below command to connect to private instance . You can also find this by clicking on Connect for private instance .
ssh -i “MyVPCServer.pem” email@example.com
MyVPCServer.pem is private key attached to private subnet.