How to launch an AWS EC2 instance using AWS CLI ?

So you have been using AWS for a while and finally feel comfortable clicking your way through all the services. However, you may have noticed that there is more to AWS than the default eye-catching browser console.

Well you may think why to use the command line way when we are already provided with such a user-friendly management console from AWS. No doubt the AWS Management Console is a simple and great tool to manage your cloud services, but it doesn’t allow you to automate the things according to your use case. Say if you want to launch multiple EC2 instances ( Wait!!! I know we can, but there’s a short twist ahead) using different AMIs (in layman’s terms…. to launch multiple instances each with different OS installed) or if you want to launch multiple instances in different AZ’s. To do such things on the console you will have to navigate between multiple pages on the console and perform the same set of tasks again and again. Let me tell you that this can be done in just one command using the CLI way.

How It Works

AWS is a secure cloud services platform that offers computing power, content delivery, database storage, and other infrastructure services for developers. Proponents point to its speed, flexible pricing, exemplary customer service, and a huge variety of services as benefits. The AWS CLI puts the icing on the cake by tying control of all those services together into one simple command line interface. It cuts out the user-friendly (but time-consuming, according to some) step of interacting with the system through a Graphical User Interface (GUI).

The AWS CLI is a unified tool to manage your AWS services from a terminal session on your own client. It is more powerful and has finer grained control. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

Here’s how you can download AWS CLI:

You can install the tool by downloading it from the AWS CLI resource page at Amazon. The page has download options for Windows, Mac, and Linux installations. This will download one MSI installer file, click on it and follow the instructions that appear.

Launching an EC2 instance from the command line:

Before we can launch an instance directly from the command-line, we need to create an IAM user that has programmatic access to launch instances in EC2.

For this just navigate to the IAM dashboard on your AWS Management console. Once you find the IAM page, click on the Users option and head on to create a New user by clicking on the New user button. Give appropriate User name (say ‘DP_CLI’) and further select the AWS access type. You’ll be given with two options viz. Programmatic access and AWS management console access. Programmatic access is used for AWS CLI and other ways to use AWS such as SDK,writing a script for automation,etc while management console access is for accessing the user account via traditional WEB UI way. After this you will be required to give appropriate user powers by selecting one of the policies. I’ll be associating the PowerUserAccess policy which allows the user to use all the services except IAM and billing dashboard. Head on to create the user by clicking on the Create user button.

Once you finish creating the new user, you will get access to the credentials that you can use to act of behalf of that user from the command-line i.e. AWS will now provide you with a Access key ID and Secret access key. The secret access key should be kept extremely secret. Hackers routinely scan the internet for valid credentials of this type and use them to launch many servers and run up AWS bills of tens of thousands of dollars at the owner’s expense.

The AWS Command Line Interface:

Now that we’ve got the credentials for your command-line user, let’s review how to set up the AWS command-line interface. Once it’s installed you should be able to do

aws --version

and see some kind of version number. If you get an error, then the command-line interface is probably not installed, or you may need to set your PATH variable.

To set up the CLI for first-time use, you can use this command

aws configure

which will ask you for 4 pieces of information:

• 1) Your AWS Access Key ID: This is the Access Key ID from the ‘DP_CLI’ user that we just set up above.
• 2) Your AWS Secret Access Key: This is the Secret Access Key from the ‘DP_CLI’ user that we just set up above.
• 3) Default region name: This is the default geographic region you want to be interacting with when you launch servers or modify anything in your AWS account. AWS effectively has a mirror version of all of its services in each region, so you could launch a different server in every region if you wanted, but you would have to specify a different region for each one. You can check this list of AWS regions for more information.
• 4) Default output format: This is the output format of responses you get on the command-line. If you’re building a command-line application to do things automatically, you’ll want to be able to parse the responses easily, so you’ll have to specify whatever output format is easiest to parse for you. For this example we will choose JSON which is the default format.

If you have got the AWS CLI correctly set up, you should be able to run

aws ec2 describe-instances

and see output that looks something like this:

However you may see the following output if you don’t have any instances launched currently:

{
    "Reservations": []
}

Before launching an EC2 instance we will first see how to create a security group and a key-pair for our instance. Use the following command to create a new security group:

aws ec2 create-security-group --group-name my-security-group --description "My first security group using AWS CLI"

Which should output something similar to this:

{
    "GroupId": "sg-0eae5038"
}

Take note of the security group id sg-0eae5038. This id will be different for you.

By default, the security group of an instance is set up to block traffic from the outside world. For our example, we will open up all inbound traffic for SSH and HTTP. This will allow us to log into the server with SSH, and view a web page later in the browser.

aws ec2 authorize-security-group-ingress --group-id sg-0eae5038 --protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id sg-0eae5038 --protocol tcp --port 80 --cidr 0.0.0.0/0

We can verify the above by visiting the AWS Management Console:

We also need to set up a key pair just like we do using the console. Creating a key pair can be done with the following command:

aws ec2 create-key-pair --key-name example-cli-keypair

The output will look something like this:

You can take the above key that gives output and use that to log into any server using it later. You’ll have to replace the ‘\n’ characters with actual new lines so that the format matches the expected format of private key files. Also, if you include any of the quotes or accidentally delete characters from they key, it won’t work.

This file should be kept secret. Hackers constantly scan the internet looking for valid SSH keys and if they find yours they can log into your server and do anything with it. If you lose the key file, you will never be able to log back into the instance again because you’re only allowed to see it when creating the key pair.

Now that we’ve got the security group and key pair set up, we can launch our instance. You will have to choose an AMI id that applies to your region as explained below:

aws ec2 run-instances --image-id ami-0947d2ba12ee1ff75 --instance-type t2.micro --count 1 --key-name example-cli-keypair                                                   --security-group-id sg-0eae5038

To explain each parameter:

• — image-id: This identifies the type of operating system image and other instance related information. The ami-id in the above snippet is associated with the Amazon Linux 2 AMI.
• — instance-type: This identifies how large the instance will be and how many resources it will have. I will be using t2.micro which is free tier eligible.
• — count: This identifies how many instances of this type you want to launch. You can make this number very large, and it would cost you lots of money.
• — key-name: This identifies the key pair we created earlier.
• — security-group-id: This identifies the security group we created earlier.

Your output will look something like this:

After a while (it may take time), you should be able to run:

aws ec2 describe-instances

which will show you an entry for this instance which you have launched using CLI:

Making things easier with “help” :

You guys might be thinking about how to memorize such long commands. But you don’t have to memorize anything because we have a friend named help ,which will guide us about how to construct such commands very easily. You just have to know the things logically, the syntax and the description of the commands to be used will be provided by using the help feature.

Let’s see how to use help. We’ll first create an EBS volume and then attach it to the instance we have created above. We don’t know anything about the syntax of the command to create an EBS volume, so let’s take some help from aws. Type the following in your command prompt:

aws help

This will open a manual in your command prompt. Use enter key to go down one line, space bar to go down one page and q to exit. Navigate below to see all the available services in AWS.

We are looking for EBS service and here it is

Let’s again use the help feature to know more about how to create an EBS volume.

aws ebs help

But we don’t have any option here to create an EBS volume

Try to recall about how you create an EBS volume in AWS Management Console. EBS service is accessible inside the EC2 service dashboard.

So in AWS WEB UI, we have to first navigate to do the EC2 dashboard and here you will find the EBS service. Similarly is the case with AWS CLI. We will now try taking some help from aws ec2

aws ec2 help

Here you’ll find the next part of the command i.e. create-volume

Let’s again use help to know how to specify some more things while creating the EBS volume.

aws ec2 create-volume help

Here you’ll find all the options (starting with 2 hyphens) about how to specify things while creating an EBS volume. The options written in [ ] are optional i.e. AWS will take some default value if we don’t specify these options, while the other options are mandatory.

You can also find more information about each option if you navigate further in this manual. As we know that EBS is a zonal service therefore we have to create this volume in the same Availability zone as that of our instance.

In the above figure, we can see that our instance is created in the availability zone of us-east-1e , therefore our EBS volume must also be created in the same Availability Zone. Here is the final command to create an EBS volume of size 1 GiB

aws ec2 create-volume --availability-zone us-east-1e --size 1           --volume-type gp2

On successful creation of this EBS volume you’ll get the following output, also remember to note down the VolumeID which will be further used while attaching this volume to an instance.

Having done with the volume creation, let’s attach this volume to our instance. We have to specify the instance ID to which we have to attach this volume and also the volume ID of the volume that we have just created.

aws ec2 attach-volume --instance-id i-0309359c15ab748be --volume-id vol-0ff524a007a12e4e2 --device /dev/xvdh

If you’ve done everything right you’ll get the following result:

You can also verify by running the aws ec2 describe-instances in which you will find that the instance with instance i-0309359c15ab748be holds two volumes of which one is the default volume attached during launching the instance and the second one is the one which we have created and attached to this instance.

Benefits of AWS CLI

One of the main benefits is the ability to save substantial time. The savings comes in the form of easier installs, support of all services from one tool, moving beyond GUIs, and automating processes and commands with shell scripting.

• Easier to install. Installing previous toolkits like the old AWS EC2 API toolkit took several steps and forced the user to set up multiple environment variables. There were plenty of places to make a wrong move and bork the install. One huge benefit of AWS CLI is that installation is smooth, quick, simple, and standardized.
• Supports all Amazon Web Services. Previously, you needed a dedicated CLI tool for just the EC2 service. It worked well, but it didn’t let users control other Amazon Web Services, like for instance the AWS RDS (Relational Database Service). The AWS CLI, by contrast, lets you control all the services from one simple tool.
• Saves time. GUIs are great when you’re just learning the ropes of a system. Once you get up and running, the user-friendly graphical interface tools start to stand in your way. Most users find it faster and easier to use the AWS CLI once they reach a certain level of proficiency.
• Scripting. The ability to automate control of all Amazon’s web services with scripts is possibly the biggest benefit. Partial task automation can free developers from needing to log into the AWS Management Console. Shell scripts make it easy to fully automate cloud infrastructure.

THANKS FOR READING !