Now you need to upload your ssh public key and then launch the EC2 instance on both the public subnet and the private subnet:
- Upload your ssh public key (assume you have a public key that is located at ~/.ssh/id_rsa.pub):
$ aws ec2 import-key-pair --key-name=chap6-key --public-key-material "`cat ~/.ssh/id_rsa.pub`"
- Launch the first EC2 instance with the following parameters:
- Use Amazon Linux image: ami-1853ac65 (Amazon Linux)
- T2.nano instance type: t2.nano
- Ssh key: chap6-key
- Public Subnet: subnet-6296863f
- Public Security Group: sg-dd8a3f94
$ aws ec2 run-instances --image-id ami-1853ac65 --instance-type t2.nano --key-name chap6-key --security-group-ids sg-dd8a3f94 --subnet-id subnet-6296863f
- Launch the second EC2 instance with the following parameters:
- Use Amazon Linux image: ami-1853ac65
- T2.nano instance type: t2.nano
- Ssh key: chap6-key
- Private subnet: subnet-ce947da9
- Private Secuity Group: sg-a18c39e8
$ aws ec2 run-instances --image-id ami-1853ac65 --instance-type t2.nano --key-name chap6-key --security-group-ids sg-a18c39e8 --subnet-id subnet-ce947da9
- Check the status of the EC2 instances:
$ aws ec2 describe-instances --filters "Name=vpc-id,Values=vpc-69cfbd12" --query "Reservations[*].Instances[*].{id:InstanceId,PublicIP:PublicIpAddress,PrivateIP:PrivateIpAddress,Subnet:SubnetId}" --output=table
-------------------------------------------------------------------------------
| DescribeInstances |
+---------------+-----------------+------------------+------------------------+
| PrivateIP | PublicIP | Subnet | id |
+---------------+-----------------+------------------+------------------------+
| 192.168.0.206| 34.228.228.140| subnet-6296863f| i-03a0e49d26a2dafa4 |
| 192.168.1.218| None | subnet-ce947da9| i-063080766d2f2f520 |
+---------------+-----------------+------------------+------------------------+
- SSH (use the -A option to forward your authentication info) to the public EC2 host from your computer:
$ ssh -A [email protected]
The authenticity of host '34.228.228.140 (34.228.228.140)' can't be established.
ECDSA key fingerprint is SHA256:lE7hoBhHntVDvRItnasqyHRynajn2iuHJ7U3nsWySRU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '34.228.228.140' (ECDSA) to the list of known hosts.
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2017.09-release-notes/
8 package(s) needed for security, out of 13 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-192-168-0-206 ~]$
- Install and launch nginx to the public EC2 host:
[ec2-user@ip-192-168-0-206 ~]$ sudo yum -y install nginx
[ec2-user@ip-192-168-0-206 ~]$ sudo service nginx start
Starting nginx: [ OK ]
- Make sure you can access the nginx server from your machine (see the following screenshot):
Accessing nginx web server on public host
- SSH from the public host to the private host (you must use a private IP address):
$ ssh 192.168.1.218
- Make sure the private host can perform yum update via NAT-GW:
[ec2-user@ip-192-168-1-218 ~]$ sudo yum -y update
Congratulations! You can set up your own infrastructure on AWS, as shown in the following diagram, which has the following:
- One VPC with CIDR 192.168.0.0/16
- IGW
- NAT-GW
- Two Subnets
- public subnet: 192.168.0.0/24 route to IGW
- private subnet: 192.168.1.0/24 route to NAT-GW
- Two EC2 instances (public and private)
- Two Security Groups (allow public http/ssh and private ssh)
Now, take a look at the diagram:
AWS components diagram
In this section, you have learned how to use AWS from scratch. We have covered its basic uses, but it is important to know while setup Kubernetes on AWS. Next, we will explore how to set up Kubernetes on AWS.