Let's create an EC2 instance that is running Windows. The purpose of this exercise is to get you familiar with the basics of Amazon EC2 using some familiar software. Before you attempt this part of the lesson, you need to make sure you've done the following things, which should have been covered during the course orientation. You need to have:
- Obtained an Amazon account and enabled it for use with Amazon EC2
- Applied the Amazon education credits to your account
If you have any doubt about one of these items, contact the course instructor.
Here are the steps for getting Windows running on Amazon EC2. Since Amazon can potentially update their site at any given time, some minor adjustments may be required for these steps. Contact the instructor if you have questions, or, if you find an issue that you are able to work around, please mention it in a comment in the Technical Discussion forum.
- Open a web browser to Amazon's AWS Management console page.
This application is called the AWS Management Console, and it helps you create and manage things on EC2, such as instances. This app has some quirks, and I've found that I have to run it in the Google Chrome browser to completely avoid them. Sometimes it will work in Firefox.
- Click Sign in to the AWS Console.
- Sign in with your Amazon account name and password.
You should be taken to a screen with a bunch of Amazon Web Services listed, such as Elastic Beanstalk, S3, etc. These represent all the types of web services that Amazon offers. For now, you're interested only in EC2, which is Amazon's set of web services for renting hardware infrastructure.
- Click the EC2 link. On the right, you'll see a summary of all the items you have running in Amazon EC2. There should be nothing listed. On the left, you'll see a menu of different categories of things you can create in EC2, such as Instances, Volumes, Elastic IPs, etc. You'll learn about a few of these as we go along.
In the upper-right corner, notice that a dropdown list allows you to pick the region you want to work in. It likely reads N. Virginia. Amazon runs EC2 from various data centers placed around the world. You can choose which data center, or region, will house the resources you create. Typically, the closer you can place your region to your end users, the faster your services and apps will appear. But some organizations may also pick a region based on legal requirements relating to countries that can or cannot house their data. Be aware that costs are slightly higher in some regions. You can see a list of costs at Amazon's Elastic Compute Cloud Pricing page.
Before you launch an actual instance, you'll create an Amazon virtual private cloud (VPC) which is sort of your own special space carved out of Amazon's cloud. Instances in a VPC can see each other and your own network fairly easily, but they're not immediately accessible from elsewhere without some extra work on your part. That's a good thing for security.
- Click the Services dropdown in the upper left and click VPC (it's under Networking & Content Delivery).
Creating a VPC is potentially a very technical and complex activity, but it's something most people have to do at first. For that reason, Amazon has made a wizard for setting up a real basic VPC. This will suffice for our purposes.
- Click Start VPC Wizard.
- Click Select to select the default option VPC with a single public subnet.
- Enter the VPC name as Geog865VPC but do not change any other settings. Then click Create VPC.
- Click the Services dropdown in the upper left and click EC2 to go back to the EC2 resources page.
- From the left menu, click Instances. Ensure that you are using the N. Virginia region, then click the Launch Instance button.
A multi-step wizard appears that will help you create an instance. The first thing you're going to do is choose the Amazon Machine Image (AMI) that will determine the software and settings on your instance.
- In the list of AMIs, scroll down to the one that says Microsoft Windows Server 2016 Base and click Select.
You are taken to the Choose an Instance Type panel. On this panel you'll choose the size, or computing power, of your instance. Micro instances -- low-resource options suitable for many trial situations -- is the type selected by default on this panel. However, we'll want to select a slightly more powerful instance type for what we'll be doing in this lesson. Note that the instance size you choose drastically affects the price that you pay, so follow these instructions carefully.
- Click the General Purpose tab and select t2.micro. This instance is sufficiently powerful for what we need to do, and at the time of this writing it's part of the AWS free tier. Then click Next: Configure Instance Details.
You're now viewing a panel where you can choose even more instance settings. Notice that the VPC you just created shows up as the destination network for this instance.
Some of the other settings are beyond the scope of this course. However, you will enable Termination Protection. Terminating your instance deletes it forever. Termination Protection is nothing fancy; it just prevents you from terminating an instance until you explicitly disable termination protection on the instance. It's a way of making you go through an extra step to make sure you don't accidentally do something you didn't intend to do, which is helpful for beginners.
- Check the Protect against accidental termination checkbox to enable termination protection.
The other option on this panel you should know about is the subnet in which your instance will run. A subnet is a piece of your VPC. By default, you just have one, but you can create others and spread them out among different Amazon availability zones (AZs). AZs are Amazon's way of isolating machines within a region to minimize the chance of your site going down. For example, the US West region contains three AZs. The AZs are physically separated from each other. If your site contains multiple servers, you can place them in different AZs to minimize the chance of the full loss of your site if a data center is damaged. We're not doing work of critical importance here, so we'll just continue with the default subnet.
- Click Next: Add Storage to move to the next panel. The default storage settings will suffice, so click Next: Tag instance to move to the next panel.
Now you're at a place where you can type a name for your instance. It used to be that your instances in the console were just assigned an ID. This was hard to keep track of once you had more than just a few instances, so Amazon allows you to type other metadata about the instance. This is stored as name/value pairs.
- Click Add Tag. Add a tag with a key of Name and a value of Geog 865 Windows instance. Then click Next: Configure Security Group.
Now you will set some rules about what type of incoming Internet traffic can access your server. Amazon provides a firewall around every new instance that blocks all incoming traffic. You have to selectively "poke holes" in this firewall to allow appropriate types of communication with your server. In EC2 lingo, the set of rules that you create is called a Security Group.
On the Security Group panel, you have the option of creating a new group or using one that you've created previously. You'll stick with the default new group option.
- Assign a group name such as Geog 865 Security Rules and a description, if desired.
Your new security group will start out with a rule allowing Remote Desktop (RDP) access, so you can log in to your instance and administer it. Windows Remote Desktop requires port 3389 to be open. Note the Source IP address, which defaults to 0.0.0.0/0. This is called classless inter-domain routing (CIDR) notation and it allows you to specify an IP address or a range of addresses that are allowed to connect through the port. You do not typically open RDP access to all addresses ( 0.0.0.0/0 ). Instead, you specify your IP address or your organization's range of IP addresses using CIDR notation.
Select My IP from the Source dropdown list. This will "lock down" your instance so that Remote Desktop access is limited to just your current IP address. (You may leave the Source set to 0.0.0.0/0 or to a range of addresses if your IP address will be changing frequently, but be aware of the increased risk of someone else accessing your instance.)
- Click the Add Rule button and select HTTP from the Protocol dropdown list, with a source of Anywhere. You have just allowed HTTP access on Port 80 to everyone, thereby letting Internet users access your web services. Port 80 is the most common port used on the Internet for incoming web traffic into a server.
Once you're done applying these two rules for HTTP and RDP, click Review and Launch.
EC2 has all the information it has to launch your instance at this point.
- The wizard window now shows a summary of the instance that will be created. Examine it, then click Launch.
The last step in this process has to do with logging into your instance for the first time. You need to get special file called a key pair that allows you to retrieve the instance's administrator password. This is a one-time action; you can use this key pair for the rest of the instances you launch in the course.
Select Create a new key pair, type a name for your key pair (e.g., geog865), then click Download Key Pair. A small, text-based file with the extension of .pem will be downloaded to your machine. Keep this key pair file in a safe place that you remember for later in the course.
After downloading your key pair, click the Launch Instances button. You should see a page that logs the initial steps of your instance's launch along with some instructions on how to connect to it.
- Click the View Instances button at the bottom of the page. This will take you back to the EC2 console, where you should see your instance listed. Within a minute or two, you'll see its status change from pending to running, but this does not mean the instance is ready yet. It takes around 10 minutes for Windows and the software running on your instance to configure itself. It's best not to disturb the instance while this is occurring.
Because you created your instance in Amazon VPC, it's not publicly visible by default. Furthermore, the name of the instance will change every time you stop and start the instance. In order to reach your instance in a consistent fashion from a remote desktop connection, you'll need to set up an Amazon Elastic IP. This is an unchanging address that Amazon allocates to you for your use. You can then associate it with any instance you choose. Every time you stop and start the instance, you'll associate it with this IP address.
- At least 10 minutes after performing the previous step, open the AWS Management Console and click Elastic IPs.
- Click Allocate New Address, choose VPC as the scope, and click Allocate.
- Click Close. You should see an address appear in your list of Elastic IPs, such as 18.104.22.168.
- Check the box next to your new Elastic IP and click Actions > Associate address.
- Choose your Geog 865 Windows instance from the dropdown list and click Associate.
Once you launch an instance, the instance starts automatically and your Amazon bill begins accruing. It's very important to understand that you begin amassing charges right away; Amazon does not wait until you log in to your instance to begin charging you. In order to control costs, you need to stop your instance whenever you aren't using it. Before you take a break, please immediately continue reading the next section of the lesson to understand how to properly stop and start your instance.