AWS EC2: Complete Guide to Virtual Servers on Ubuntu

Launch, access, and manage your first cloud server: EC2 instances, storage, IPs, and security for novices.

Estimated Time: Approximately 75 - 120 minutes (includes setup and practical exercises)

Overview: What is Amazon EC2?

Amazon Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud. Essentially, it allows you to rent virtual servers (called "instances") from Amazon and run your applications on them, just like you would on a physical server in a data center.

EC2 gives you complete control over your computing resources, letting you choose the operating system, processor, memory, and storage you need. You pay only for the capacity you actually use, making it incredibly flexible and cost-effective.

Key EC2 Concepts:

Instance: Your virtual server, running an operating system (e.g., Ubuntu, Windows).
AMI (Amazon Machine Image): A pre-configured template that includes the operating system and other software packages, used to launch instances.
Instance Type: Defines the CPU, memory, storage, and networking capacity of your instance (e.g., `t2.micro`, `m5.large`).
Region & Availability Zone (AZ): AWS global infrastructure divided into geographic Regions, each with multiple isolated AZs for high availability.
Security Group: A virtual firewall that controls inbound and outbound traffic for your instance(s).
Key Pair: A set of cryptographic keys (public and private) used to securely log into your instance using SSH.
Elastic IP (EIP): A static, public IPv4 address that you can associate with your instance. It remains the same even if you stop and start your instance.
EBS (Elastic Block Store) Volume: Network-attached block storage that acts like a hard drive for your EC2 instance.

Estimated Time

75 - 120 minutes

(Includes setting up IAM, launching an instance, accessing via SSH/PuTTY, and configuring storage/IPs.)

Experience Level

Novice

No prior AWS or server administration experience is required, but basic computer literacy is assumed.

System Requirements & Prerequisites

AWS Account: An active Amazon Web Services (AWS) account. If you don't have one, sign up for the AWS Free Tier.
IAM User: An AWS Identity and Access Management (IAM) user with programmatic access and appropriate EC2 permissions (e.g., `AmazonEC2FullAccess` for this guide, but `EC2 Read/Write` for specific actions is better).
Local Machine: Your personal computer (Windows, macOS, or Linux) with an internet connection.
SSH Client:
- Linux/macOS: Built-in SSH client in your terminal.
- Windows: PuTTY and PuTTYgen installed (or the new OpenSSH client built into Windows 10/11 if you prefer).

Critical Warnings & Best Practices for EC2

Security:
- Key Pairs are Critical: Treat your private key (`.pem` or `.ppk` file) like a password. Do NOT lose it, share it, or expose it publicly. If compromised, anyone can access your instance.
- Security Groups: Always configure with the Principle of Least Privilege. Only open ports and allow access from specific IP addresses that absolutely need it. Never open SSH (port 22) to `0.0.0.0/0` (the entire internet) on production servers.
- IAM Roles for EC2: For production, avoid storing AWS credentials directly on instances. Instead, use IAM roles for EC2 instances to grant them permissions to other AWS services (like S3).
Cost Management:
- Stop vs. Terminate:
  - Stopping an instance means it's powered off. You stop paying for the compute capacity (CPU/RAM) but still pay for the attached EBS storage.
  - Terminating an instance means it's permanently deleted. You stop paying for both compute and EBS storage (unless you configured the EBS volume to persist).
- Elastic IPs: You are charged a small fee for Elastic IPs that are *not associated* with a running EC2 instance. Release unneeded EIPs.
- EBS Volumes: You pay for EBS volumes as long as they exist, even if unattached. Delete unneeded volumes.
- **Monitor the AWS Free Tier:** Always check your Free Tier usage to avoid unexpected charges. `t2.micro` or `t3.micro` are often free tier eligible.
Region & AZ Selection:
- Choose an AWS Region closest to your users or other AWS services for lower latency.
- Distribute instances across multiple Availability Zones within a region for high availability.

Step-by-Step Instructions

Step 1: Set Up AWS IAM User for EC2 Access (If not already done)

It's best practice to use an IAM user with specific permissions rather than your AWS root account.

Log in to the AWS Management Console: Go to console.aws.amazon.com.
Navigate to IAM: Search for "IAM" in the search bar and select it.
Create a New User:
- In the IAM dashboard, click `Users` in the left navigation pane.
- Click `Add users`.
- Enter a `User name` (e.g., `ec2-admin-user`).
- For `AWS credential type`, select `Access key - Programmatic access`. Click `Next`.
Attach Permissions:
- On the `Set permissions` page, select `Attach policies directly`.
- Search for `AmazonEC2FullAccess` and select the checkbox. (For production, narrow this down to specific actions and resources).
- Click `Next`.
Review and Create:
- Review the user details and permissions.
- Click `Create user`.
Save Credentials:
- On the `Retrieve credentials` page, you will see the `Access key ID` and `Secret access key`.
- Download the .csv file or copy these keys immediately and store them securely. This is your ONLY chance to view the Secret access key.

You now have an IAM user with programmatic access to EC2. (These programmatic keys are not used directly in this guide but are essential for CLI/SDK access to AWS).

Step 2: Launch an EC2 Instance (Your Virtual Server)

This is where you create your virtual server. We'll launch an Ubuntu instance, which is excellent for web applications.

Navigate to EC2: From the AWS Console, search for "EC2" and select it. In the EC2 Dashboard, click `Launch instance` (or `Instances` in the left pane, then `Launch instances`).
Step 1: Choose an Amazon Machine Image (AMI):
- Search for `Ubuntu Server`.
- Select `Ubuntu Server 22.04 LTS (HVM), SSD Volume Type` (or 20.04 LTS). Ensure it's marked `Free tier eligible`.
Step 2: Choose an Instance Type:
- Select `t2.micro` (or `t3.micro` if available in your region and free tier eligible). This is generally free tier eligible and sufficient for testing.
- Click `Next: Configure Instance Details`.
Step 3: Configure Instance Details:
- Network: Keep default VPC.
- Subnet: Select any available subnet (choosing different Availability Zones for high availability).
- Auto-assign Public IP: Ensure `Enable` is selected. This gives your instance a temporary public IP to connect to.
- Keep other settings as default for now. Click `Next: Add Storage`.
Step 4: Add Storage:
- The default root volume (8GB General Purpose SSD `gp2`) is usually fine for Ubuntu. This is where the operating system resides.
- You can increase the size if needed (e.g., 20GB), but ensure it's still within Free Tier limits if applicable.
- Click `Next: Add Tags`.
Step 5: Add Tags:
- Click `Add Tag`.
- Key: `Name`, Value: `MyWebServer` (or any descriptive name). Tags help you organize your resources.
- Click `Next: Configure Security Group`.
Step 6: Configure Security Group:
- Select `Create a new security group`.
- Security group name: `my-ssh-sg` (or similar).
- Description: `SSH access for my web server`.
- Add rule:
  - Type: `SSH`
  - Protocol: `TCP`
  - Port Range: `22`
  - Source: `My IP` (AWS will automatically detect your current public IP address). **This is the most secure option for SSH.** If your IP changes frequently, you'll need to update this rule. For broad testing, you *could* select `Anywhere` (`0.0.0.0/0`), but **this is NOT recommended for production.**
- Click `Review and Launch`.
Step 7: Review Instance Launch:
- Review all your settings. If everything looks good, click `Launch`.
Step 8: Create a New Key Pair:
- In the pop-up, select `Create a new key pair`.
- Key pair name: `my-ec2-key` (or similar).
- Click `Download Key Pair`. **Save this `.pem` file immediately and securely! This is your private key, and you cannot download it again.**
- Click `Launch Instances`.

Your EC2 instance is now launching! It might take a few minutes for it to become `Running` and pass health checks. Go to `EC2 Dashboard > Instances` to monitor its status. Note down its `Instance ID` and `Public IPv4 address`.

Step 3: Accessing Your EC2 Instance (Linux/macOS Terminal - SSH)

If you're using a Linux or macOS machine, you'll use the built-in `ssh` client in your terminal.

Locate Your Private Key: Ensure the `my-ec2-key.pem` file you downloaded is in a secure, known location (e.g., your home directory `~/` or `~/.ssh/`).
Set Correct Permissions: SSH requires your private key file to have restricted permissions (`read-only` for the owner).

chmod 400 /path/to/my-ec2-key.pem

Replace `/path/to/` with the actual path to your `.pem` file.

Connect via SSH:
- Open your terminal.
- Find your instance's `Public IPv4 address` in the EC2 Console.
- The default username for Ubuntu AMIs is `ubuntu`.
ssh -i /path/to/my-ec2-key.pem ubuntu@YOUR_EC2_PUBLIC_IP

When you connect for the first time, you might see a warning about the host's authenticity. Type `yes` and press `Enter` to continue. If you get a "Permission denied (publickey)" error, double-check `chmod 400` and that you're using the correct `.pem` file and `ubuntu` username.

Basic Terminal Commands to Test Your Connection:

`pwd`: Print working directory.
`ls -l`: List directory contents.
`uname -a`: Display system information.
`df -h`: Show disk space usage.
`free -h`: Show memory usage.

Congratulations! You're now connected to your EC2 instance via SSH.

Step 4: Accessing Your EC2 Instance (Windows - PuTTY)

On Windows, PuTTY is a popular SSH client. It requires your `.pem` key to be converted to its own format, `.ppk`.

Download PuTTY and PuTTYgen:
- If you don't have them, download the `putty.exe` and `puttygen.exe` executables from the official PuTTY website: www.putty.org.
- Save them to a convenient location (e.g., a folder on your Desktop).
Convert `.pem` to `.ppk` using PuTTYgen:
- Open `puttygen.exe`.
- Click `Load`. Navigate to where you saved `my-ec2-key.pem`. You might need to select `All Files (*.*)` in the file dialog to see it.
- A pop-up will appear saying the key was successfully imported. Click `OK`.
- Click `Save private key`.
- PuTTYgen will warn you about saving without a passphrase. For this beginner guide, you can click `Yes` to proceed without one. **For production environments, always set a strong passphrase!**
- Save the `.ppk` file (e.g., `my-ec2-key.ppk`) in a secure location.
Connect with PuTTY:
- Open `putty.exe`.
- Session Category:
  - `Host Name (or IP address)`: `ubuntu@YOUR_EC2_PUBLIC_IP` (replace `YOUR_EC2_PUBLIC_IP` with your instance's public IP).
  - `Port`: `22` (default for SSH).
- SSH Authentication:
  - In the left pane, navigate to `Connection > SSH > Auth`.
  - Click `Browse` and select your `my-ec2-key.ppk` file.
- Save Session (Optional, but Recommended):
  - Go back to the `Session` category.
  - Enter a name in `Saved Sessions` (e.g., `My EC2 Server`).
  - Click `Save`. Now you can just load this session next time.
- Open Connection: Click `Open`.
- If a security alert appears about the host key, click `Accept` (after verifying the fingerprint if you're cautious).

You should now see the Ubuntu terminal prompt. You're connected!

Step 5: Attaching Additional EBS Storage (Volume)

Your EC2 instance comes with a root volume, but often you'll need more dedicated storage for data, databases, or applications. EBS volumes are highly available, persistent block storage devices.

Create an EBS Volume (AWS Console):
- In the EC2 Dashboard, navigate to `Elastic Block Store > Volumes` in the left pane.
- Click `Create Volume`.
- Volume Type: `gp3` (General Purpose SSD) is a good default.
- Size: Enter `10 GiB` (or your desired size). Ensure it's within Free Tier limits if applicable.
- Availability Zone: **Crucially, select the SAME Availability Zone as your EC2 instance.** (You can find your instance's AZ on its `Description` tab in the EC2 Console).
- Tags: Add a `Name` tag (e.g., `MyDataVolume`).
- Click `Create Volume`.
Attach the Volume to Your Instance (AWS Console):
- Once the volume is `available` (may take a moment), select it in the Volumes list.
- Click `Actions > Attach Volume`.
- Instance: Start typing your instance name (`MyWebServer`) or ID and select it.
- Device name: Note the suggested device name (e.g., `/dev/sdf`). This might be slightly different on Ubuntu (e.g., `/dev/nvme1n1` for newer instances or `/dev/xvdf` for older). We'll verify in the next step.
- Click `Attach Volume`.
Format and Mount the Volume (Linux Terminal):
- Connect to your EC2 instance via SSH/PuTTY.
- List Block Devices: Identify the newly attached volume.
  lsblk
  
  Look for a device with the size you just created (e.g., `xvdf` or `nvme1n1`). The root volume is usually `xvda` or `nvme0n1`. If it's `nvme1n1`, the device path will be `/dev/nvme1n1`. If it's `xvdf`, it's `/dev/xvdf`. We'll use `/dev/xvdf` as an example.
- Format the Volume (Create a Filesystem):
  sudo mkfs -t ext4 /dev/xvdf
  
  Be extremely careful! Ensure you specify the correct device (`/dev/xvdf` or `/dev/nvme1n1`). Formatting the wrong device will wipe its data!
- Create a Mount Point: This is the directory where your volume will be accessible.
  sudo mkdir /data
- Mount the Volume:
  sudo mount /dev/xvdf /data
- Verify Mount:
  df -h
  
  You should see `/data` listed with your new volume's size.
- Make Mount Persistent (Automount on Reboot):
  - Get the Volume's UUID: This is more reliable than using `/dev/xvdf`.
    sudo blkid /dev/xvdf
    
    Copy the `UUID=` string (e.g., `UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"`).
  - Edit `/etc/fstab`: This file tells your system what filesystems to mount at boot.
    sudo nano /etc/fstab
  - Add the following line to the end of `/etc/fstab` (replace with your actual UUID):
```
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /data ext4 defaults,nofail 0 2
```
    `nofail` ensures your instance will still boot even if the volume isn't available (useful for non-critical data).
  - Save (`Ctrl+O`, `Enter`) and exit `nano` (`Ctrl+X`).
  - Test `fstab` Entry:
    sudo mount -a
    
    If no errors, your configuration is correct.

Your EC2 instance now has an additional, permanently mounted EBS volume for your data!

Step 6: Allocating and Associating an Elastic IP (Static Public IP)

By default, when you stop and start an EC2 instance, its public IP address changes. An Elastic IP (EIP) is a static public IP that you can associate with your instance, ensuring its IP address remains the same, even if the instance is stopped or restarted.

COST WARNING: You are charged a small fee for Elastic IPs that are *not associated* with a running EC2 instance. Only allocate an EIP if you need it, and release it if it's no longer attached to a running instance.

Allocate a New Elastic IP (AWS Console):
- In the EC2 Dashboard, navigate to `Network & Security > Elastic IPs` in the left pane.
- Click `Allocate Elastic IP address`.
- Keep default settings (Amazon's pool of IPv4 addresses).
- Click `Allocate`.
Associate the Elastic IP with Your Instance (AWS Console):
- Once allocated, select the new Elastic IP in the list.
- Click `Actions > Associate Elastic IP address`.
- Resource type: `Instance`.
- Instance: Start typing your instance name (`MyWebServer`) or ID and select it.
- Click `Associate`.
Verify the Change:
- Go back to `EC2 Dashboard > Instances`.
- Select your instance. The `Public IPv4 address` on its `Description` tab should now be your newly associated Elastic IP.

Your EC2 instance now has a persistent public IP address. Update any SSH connection profiles (e.g., PuTTY session) to use this new IP.

Step 7: Configuring Security Groups (Opening Ports for Web Server)

If you plan to run a web server (like Apache or Nginx, which you might install after this guide), you'll need to open ports 80 (HTTP) and 443 (HTTPS) in your Security Group.

Edit Your Security Group (AWS Console):
- In the EC2 Dashboard, navigate to `Network & Security > Security Groups` in the left pane.
- Select the security group you created earlier (`my-ssh-sg`).
- Click the `Inbound Rules` tab, then `Edit inbound rules`.
Add HTTP Rule:
- Click `Add rule`.
- Type: `HTTP`
- Source: `Anywhere-IPv4` (`0.0.0.0/0`). This allows web access from anywhere.
Add HTTPS Rule:
- Click `Add rule`.
- Type: `HTTPS`
- Source: `Anywhere-IPv4` (`0.0.0.0/0`).
Click `Save rules`.

Opening ports to `Anywhere` (`0.0.0.0/0`) is common for public web servers but still requires vigilance regarding your application's security.

Your Security Group is now configured to allow web traffic. Once you install a web server on your instance, you can test it by visiting `http://YOUR_EC2_PUBLIC_IP` in a browser.

Step 8: Terminating Your EC2 Instance (Important for Cost)

When you're finished with your instance, it's crucial to terminate it to avoid incurring charges. Remember the difference between `Stop` and `Terminate`.

Terminate the Instance (AWS Console):
- In the EC2 Dashboard, go to `Instances`.
- Select your instance (`MyWebServer`).
- Click `Instance state > Terminate instance`.
- Confirm the termination.
Release Elastic IP (if applicable):
- If you allocated an Elastic IP (Step 6) and no longer need it, go to `Elastic IPs`.
- Select the Elastic IP.
- Click `Actions > Release Elastic IP address`.
Delete EBS Volumes (if applicable):
- By default, the root EBS volume is deleted with the instance. However, additional volumes you created (like `/data` in Step 5) are often configured to `Persist` on termination.
- To delete them, go to `Volumes`.
- Select any volumes you no longer need.
- Click `Actions > Delete Volume`.

Your AWS resources are now cleaned up, and you've avoided unnecessary charges.

Final Verification Checklist

Confirm your understanding and successful completion of the guide:

IAM User Created: You used an IAM user (not root) to perform actions.
Instance Launched: An Ubuntu EC2 instance is running and passed status checks.
Key Pair Secure: Your `.pem` (and `.ppk` if Windows) file is saved securely.
SSH Access: You can successfully connect to your instance via SSH (Linux/macOS) or PuTTY (Windows).
EBS Volume Mounted: An additional EBS volume is attached, formatted, and mounted persistently (if you followed Step 5).
Elastic IP Associated: Your instance has a static Public IP (if you followed Step 6).
Security Group Configured: SSH access is allowed from your IP, and HTTP/HTTPS ports are open (if you followed Step 7).
Resources Terminated: You successfully terminated all resources to avoid charges.

Conclusion & Next Steps

Congratulations! You've successfully launched, accessed, and configured your first virtual server on AWS EC2. This comprehensive guide has equipped you with the foundational knowledge to harness the power of cloud computing.

From here, your cloud journey can lead in many exciting directions:

Deploy Web Applications: Install a LAMP or LEMP stack (as in our LAMP guide) and host your website or application.
Monitoring & Logging: Implement AWS CloudWatch for monitoring your instance's performance and application logs.
Auto Scaling: Learn how to automatically scale your EC2 instances up or down based on demand, improving availability and cost-efficiency.
Load Balancing: Distribute incoming traffic across multiple instances using an Elastic Load Balancer (ELB) for fault tolerance and performance.
Managed Databases (RDS): For production databases, consider using Amazon RDS (Relational Database Service) instead of running MySQL directly on EC2.
Other AWS Services: Explore how EC2 integrates with other AWS services like S3 (for storage), Lambda (serverless functions), and VPC (virtual private clouds).

Need Expert AWS Cloud Solutions or Management? Contact Us!