*Author: [Vincent Lau](https://www.linkedin.com/in/vincent-lau-30435bb6/) Note: This material is intended for educational purposes only. All rights reserved. Any unauthorized sharing or copying of this material, in any form, to any individual or party, for any use without prior permission, is strictly prohibited.* # AWS Series - Launch an EC2 Instance This is the first chapter to introduce AWS for application development. Let's start with AWS EC2.  ## What is AWS EC2 ? **AWS EC2 (Elastic Compute Cloud)** is a web service provided by Amazon Web Services (AWS) that allows users to rent virtual servers, known as instances, on the cloud. EC2 provides scalable computing resources, enabling users to quickly provision and configure instances based on their specific needs. ## Key features and capabilities of AWS EC2 **Instance Types**: EC2 offers a wide range of instance types optimized for various workloads, such as general-purpose computing, memory-intensive applications, high-performance computing, GPU-based processing, and storage-optimized tasks. Each instance type has different combinations of CPU, memory, storage, and networking capacity. **Scalability**: EC2 enables users to easily scale up or down their computing resources based on demand. Users can launch multiple instances, create auto-scaling groups, and implement load balancing to handle fluctuating workloads effectively. **Flexible Pricing Options**: EC2 offers various pricing options, including On-Demand Instances, Reserved Instances, and Spot Instances. On-Demand Instances provide pay-as-you-go pricing with no upfront commitments, while Reserved Instances offer discounted rates for longer-term commitments. Spot Instances allow users to bid on unused EC2 capacity, offering potential cost savings. **Amazon Machine Images (AMIs)**: AMIs are pre-configured templates that contain the necessary operating system, software, and configurations required for launching an instance. Users can choose from a wide selection of public AMIs provided by AWS or create their own customized AMIs. **Networking and Security**: EC2 provides extensive networking capabilities, including Virtual Private Cloud (VPC) integration, which allows users to create isolated network environments. Users can define security groups, network access control lists (ACLs), and configure network routing to control traffic and ensure security. **Data Storage**: EC2 offers various storage options, including Amazon Elastic Block Store (EBS) for persistent block-level storage, Amazon S3 for object storage, and instance store for temporary storage directly attached to instances. Users can choose the appropriate storage type based on their performance, durability, and cost requirements. **Integration with AWS Services**: EC2 seamlessly integrates with other AWS services, enabling users to leverage a comprehensive ecosystem of services for additional functionality, such as database management (Amazon RDS), content delivery (Amazon CloudFront), message queuing (Amazon SQS), and more. ## Steps to configure & launch EC2 instances **Step 1**: Login your AWS account (aws.com) **Step 2**: Select EC2 (Elastic Compute Cloud) **Step 3**: Use Virginia as Region (one of the region in US, you can choose Asia Region)  ## What is Instances ? An **instance** refers to a virtual server that you can provision and run in the cloud. It provides you with computing resources, such as CPU, memory, storage, and networking capabilities, to host your applications. When you launch an EC2 instance, you select a specific instance type that determines the hardware configuration of the virtual server. Each instance type is optimized for different use cases, offering varying combinations of CPU, memory, storage, and networking capacity. You can find all instances here, including those **stopped** instances & **running** instances, you can restart them anytime with the server state no change. **Resource Dashboard**  Instances can be customized based on your requirements. You can choose the operating system, configure security groups to control inbound and outbound traffic, attach storage volumes, and define other settings. ## What is Security Group ? A security group is a virtual firewall that controls inbound and outbound traffic for your EC2 instances. It acts as a fundamental component of the network security infrastructure for your instances. A security group operates at the instance level and defines a set of rules that determine the traffic allowed to reach the instances associated with that security group. These rules are based on protocols, ports, and IP addresses. ### Inbound & Outbound Rules **Inbound Rules**: Inbound rules control the **incoming traffic** to your instances. You can specify rules to allow or deny traffic based on protocols (such as TCP, UDP, or ICMP), port numbers, and the source IP address or CIDR range. For example, you can allow incoming **SSH (port 22)** traffic only from specific IP addresses. **Outbound Rules**: Outbound rules control the **outgoing traffic** from your instances. Similar to inbound rules, you can define rules to allow or deny traffic based on protocols, port numbers, and destination IP addresses or CIDR ranges. **By default, all outbound traffic is allowed**, but you can restrict it as needed. **Step 4**: Create a new security group   **Add Inbound rules** for the security group. - HTTPS (port 443) - HTTP (port 80) - SSH (port 22) - Custom Port (port 8080-8090) - Access to Spring Boot App  **Port 22**: Typically associated with the Secure Shell (SSH) protocol. SSH is a cryptographic network protocol used for secure remote login, command execution, and secure file transfer between systems. Port 22 is used to establish secure encrypted connections to servers, allowing users to remotely access and manage the server using SSH client applications. It is widely used for secure system administration and remote access to Linux and Unix-based systems. **Port 443**: Default port for secure web communication using the HTTPS (HTTP over SSL/TLS) protocol. It is commonly used for secure browsing and transmitting sensitive information over the internet. When a website uses HTTPS, data is encrypted and secured during transmission, providing protection against eavesdropping and tampering. Port 443 is associated with secure web services, including online banking, e-commerce, and other applications that require secure data exchange. **Port 80**: Default port for unencrypted HTTP (Hypertext Transfer Protocol) traffic. It is widely used for regular web browsing and accessing websites. When you enter a URL without specifying a port, your browser automatically assumes port 80 for HTTP communication. Port 80 is commonly used by web servers to serve web pages and transmit information over the internet. However, it is important to note that Port 80 does not provide encryption, so sensitive data transmitted over HTTP is not secure and can be intercepted. ## What is Key Pair ?  A key pair is a **secure login credential** used for authenticating and securely connecting to your EC2 instances. It consists of a **public key** and a **private key**. Here's an overview of AWS EC2 key pairs: Generating a Key Pair: When you create a key pair in AWS EC2, the service generates a public-private key pair for you. The public key is stored on the EC2 instance, while the private key is provided to you for download. **Private Key**: The private key is a file in PEM (Privacy-Enhanced Mail) format with a .pem extension. It must be securely stored and kept confidential, as it grants access to the instances associated with the key pair. **Public Key**: The public key is associated with the EC2 instance and is used for authentication. It is not confidential and can be shared with others without compromising the security of the instances. Key Pair Usage: To connect to an EC2 instance using a key pair, you typically use SSH (Secure Shell) protocol. When connecting to the instance, you specify the private key file (.pem) in your SSH client. The client then uses the private key to authenticate and establish a secure connection with the EC2 instance. Key Pair Management: You can manage your key pairs within the AWS Management Console or using the AWS Command Line Interface (CLI). This includes creating new key pairs, importing your own public key, or deleting existing key pairs. If you lose the private key, you won't be able to access instances associated with that key pair. In such cases, you may need to create a new key pair and associate it with new instances. AWS EC2 key pairs provide a secure method for accessing and managing your instances. By using key pairs, you enhance the security of your EC2 instances by replacing traditional password-based authentication with cryptographic keys. This helps protect your instances from unauthorized access and ensures secure communication between your local machine and the EC2 instances. ### Key Pair Type - ED25519 & RSA #### Performance: ED25519: Known for its excellent performance. It offers **faster** key generation, signature generation, and signature verification compared to RSA for similar levels of security. The computational efficiency of ECC makes it suitable for resource-constrained environments and systems. RSA: RSA operations, especially key generation and decryption, are computationally more intensive compared to ECC. RSA encryption and decryption can be **slower** than ECC for large key sizes. #### Security: ED25519: Considered secure and has withstood extensive analysis and scrutiny. It offers strong resistance **against various cryptographic attacks, including collision attacks and key recovery attacks**. The shorter key length of ED25519 compared to RSA contributes to its efficient security. RSA: RSA is also considered secure when used with sufficiently long key lengths. The security of RSA relies on the difficulty of factoring large numbers. However, advances in **computing power and advancements in factoring algorithms** may impact the security of shorter RSA key lengths **Step 5** Create Key Pair   - Download the private key  **Step 6** Create & Launch an instance   - Select **Ubuntu** Linux Server image. Instance Type **t2.micro** (Free tier for the first year)  - Select the key pair just created before  - Select the security group just created before   After a few seconds, you will find the instance launched & running.  **Click the Instnace ID** to look at instance detail, with 2 important info: - Public IP address - Public Domain Name with DNS    ## EC2 instances Monitoring - Lots of server state can be monitored, such as **CPU, Disk, Fail status**, etc. All the metics data can be searched by **different time frame**. It's useful for system monitoring **after server upgrade or application deployment**.