In this exercise, you will gain a basic overview of launching, resizing, managing, and monitoring an Amazon EC2 instance.
By the end of this exercise, you should be able to do the following:
Launch a web server with termination protection enabled.
Monitor your EC2 instance.
Modify the security group that your web server is using to allow HTTP access.
Resize your Amazon EC2 instance to scale.
Test termination protection.
Terminate your EC2 instance.
In this task, you will launch an Amazon EC2 instance with termination protection enabled. Termination protection prevents you from accidentally stopping an EC2 instance. You will also use a user data script* to create a simple web page.
An extra note, for the curious *What is a user data script? A user data script is a set of code that helps to customise your EC2 instance from the moment it gets launched. For example, you might provide a script to install software, download files, or make changes to the settings the moment it gets launched.
3. Choose Launch instance in the main EC2 page.
4. In the Name and tags section, enter "Web Server" in the Name box.
5. For Amazon Machine Image (AMI), select Amazon Linux 2023 AMI
6. In the Instance Type section, choose the Instance type drop-down menu and choose t2.micro.
An extra note, for the curious A t2.micro instance type has 1 virtual vCPUs and 1 GiB of memory, and it's part of AWS Free Tier. If you select the other instance type that is not part of the Free Tier, there will be a dollar cost in your AWS account.
7. In the Key pair (login) section, locate the Key pair name drop-down menu and choose Proceed without a key pair (Not recommended).
An extra note, for the curious Why? A key-pair helps encrypt login information, and is important if you will need to log in to your instance. In this exercise you will not log into your instance, so you do not require a key pair.
8. In the Network settings section, choose the Edit button on the right hand corner. Make the following selections:
a) VPC: Choose the default VPC for now (we don't need to create a custom VPC on this exercise)
b) Subnet: Choose the Subnet with the Availability Zone <xxx-1a>. For example, us-east-1a (if you can't find this, it might be because you have not changed your region to N. Virginia back in Task 0)
9. In the Firewall (security groups) section, choose Create security group.
a) Security group name: Web Server security group
b) Description: Security group for my web server.
An extra note, for the curious A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allows traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group.
c) Choose the Remove button to remove the existing SSH rule.
An extra note, for the curious You should have no security group rules. In this lab, you will not log into your instance using SSH. Removing SSH access will improve the security of the instance. Removing SSH access improves the security of an EC2 instance because it reduces the potential entry points for attackers. SSH is commonly used for secure remote administration, and if the SSH is misconfigured, outdated, or uses weak authentication methods, it can be controlled by cybercriminals (cybercriminals = people that attack computer systems, networks, or devices to steal, alter or or destroy data). By eliminating SSH access, you lessen the risk of unauthorised access, brute force attacks, and potential data breaches.
10. In the Configure storage section, leave all as default.
11. Expand the Advanced details section. Scroll down to the Termination protection drop-down menu and set to Enable.
When an Amazon EC2 instance is no longer required, it can be terminated, which means that the instance is stopped and its resources are released.
A terminated instance cannot be started again. If you want to prevent the instance from being accidentally terminated, you can enable termination protection for the instance (what we're doing by clicking Enable).
12. Scroll all the way to the bottom of the Advanced details section, until you see a field for User data.
When you launch an instance, you can pass user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. Your instance is running Amazon Linux, so you will provide a shell script that will run when the instance starts.
Copy the following text and paste it into the User data field:
The script will:
5. Wait for your instance to display the following:
6. Instance state: Running
7. Status check: 2/2 checks passed
Periodically refresh the page if you don’t see a change in the Instance state or Status check values.
Congratulations! You have successfully launched your first Amazon EC2 instance.
Monitoring is an important part of maintaining the reliability, availability, and performance of your Amazon Elastic Compute Cloud (Amazon EC2) instances and your AWS solutions. In this exercise, you will monitor the EC2 instance that you launched from the previous task.
Note: can't seem to find this extra panel? It might be hiding, click on the text "Instance: ..." at the bottom to see it.
With instance status monitoring, you can quickly determine whether Amazon EC2 has detected any problems that might prevent your instances from running applications. Amazon EC2 performs automated checks on every running EC2 instance to identify hardware and software issues. Notice that both the System status checks and Instance status checks checks have passed.
2. Click on the Monitoring tab.
This tab displays metrics for your instance. Currently, there are not many metrics to display because the instance was recently launched.
You can click on a graph to see an expanded view.
Amazon EC2 sends metrics to Amazon CloudWatch (we'll learn about them later this course) for your EC2 instances.
Basic (every five minutes) monitoring is enabled by default. You can enable detailed (one-minute) monitoring.
3. Click the Actions menu in the upper right corner of the console, choose Monitor and troubleshoot and select Get system log.
Note: If you do not see a system log, wait a couple of minutes and refresh the log screen until it appears.
4. Scroll through the output. There's a log that shows the https package was installed from the user data you added when you created the instance. This is the line that starts with httpd-filesystem. Great! That's why system logs are super helpful - it gives us awareness of what's happening with our instance.
5. Scroll down to the bottom of the browser window and select Cancel.
6. Select the checkbox next to your Web Server, then select the Actions menu, choose Monitor and troubleshoot and select Get instance screenshot
This shows you what your Amazon EC2 instance console would look like if a screen were attached to it. This is helpful if you ever want to see what your web server looks like but can't reach it via SSH or RDP. Getting a quick screenshot shows you the instance and allows for quicker troubleshooting.
8. Scroll down to the bottom of the browser window and select Cancel.
Congratulations! You have explored several ways to monitor your instance.
In this task, you will update your security group to gain access to your web server.
3. Open a new tab in your web browser, paste the IP address you just copied, then press Enter. Or, simply click the open address button next to your Public IPv4 address
Now let's pause and think: Are you able to access your web server? Why not?
You are not currently able to access your web server because the security group you set up in Step 9 (of Task 1) is not permitting inbound traffic on port 80, which is used for HTTP web requests. This is a demonstration of using a security group as a firewall to restrict the network traffic that is allowed in and out of an instance. To correct this, you will now update the security group to permit web traffic on port 80.
4. Keep the browser tab open, but return to the EC2 Management Console tab.
5. In the left navigation pane, scroll down to the Network & Security section and select Security Groups.
6. Select the Security group ID with the Security group name Web Server security group.
The security group currently has no rules.
In adding a rule in the inbound rule, you will choose the HTTP type of protocol because your the website/webapp you're hosting on your EC2 instance needs to be accessible to users on the internet. You can choose other types of protocol depending on the use cases.
Using “Anywhere”, or more specifically, using 0.0.0.0/0 is not a recommended best practice for production workloads. Using 0.0.0.0/0 (for IPv4) in security groups or network access control lists (NACLs) means allowing access from any IP address in the world.
This is not considered best practice because it exposes resources to potential security threats from the entire internet. It's always recommended to restrict access to only the necessary IP addresses or ranges to enhance security. We're using it for this exercise because we'll be deleting our security group and web server later.
7. Return to the web server tab that you previously opened and refresh the page. You should see the message: Hello From Your Web Server!
Note: If the expected output is different, see below the process for resolving the error.
If you click the open address link in your Public IPv4 address, the output will be different. Refer to the image below.
The reason for this is that when you click the open address link, that link is secured which means the URL has HTTPS. You only added a rule of HTTP (see step 9a on this task). To solve this you have to remove "s" in "https" (see images below).
An alternative way is to copy only the Public IPv4 address of the EC2 instance to skip the steps above about removing the "s" in "HTTPS".
Congratulations! You have successfully modified your security group to permit HTTP traffic into your Amazon EC2 Instance.
Note: This is very critical to know. In this task, you will resize your instance type and EBS volume. Before you start resizing, you must stop your instance first. This is just like your local computer/laptop when you want to upgrade the disk of your laptop/computer.
In the AWS cloud, as your needs change, you might find that your instance is over-utilized (too small for what you need) or under-utilized (too large for what you need). If so, you can change the instance type. For example, if a t3.micro instance is too small for its workload, you can change it to a t3.small instance (a bigger instance than t3.micro). You can also change the size of a disk.
When you stop an instance, it is shut down. There is no charge for a stopped EC2 instance, but the storage charge for attached Amazon EBS volumes remains.
STOP YOUR INSTANCE
Your instance will perform a normal shutdown and then will stop running. This may take a couple of minutes.
CHANGE THE INSTANCE TYPE
RESIZE THE EBS VOLUME
The disk volume currently has a size of 8 GiB. You will now increase the size of this disk.
START THE RESIZED INSTANCE
You will now start the instance again, which will now have more memory and more disk space.
Note: An EBS volume being modified goes through a sequence of states: Modifying, Optimizing, and finally Complete.
Congratulations! You have successfully resized your Amazon EC2 Instance. In this task, you changed your instance type from t3.micro to t3.small. You also modified your root disk volume from 8 GiB to 10 GiB.
In this task, you will learn how to use termination protection. You can delete your instance when you no longer need it. This is referred to as terminating your instance. You cannot connect to or restart an instance after it has been terminated.
At this point, you see the following error message on top of the page:
Failed to terminate an instance: The instance ‘i-xxxxxxxx’ may not be terminated. Modify its ‘disableApiTermination’ instance attribute and try again.
The above error is expected, and this is a safeguard to prevent the accidental termination of an instance. If you really want to terminate the instance, you will need to disable the termination protection.
You can now terminate the instance.
In the page you're on, the Instance state of the Web Server instance should change to Terminated. You may have to refresh the page a few times!
Congratulations! You have successfully tested termination protection and terminated your instance.
You have successfully done the following: