Complete guide to launching your first free AWS EC2 instance

Written by Christophe Limpalair on 08/29/2015

Getting started with Amazon Web Services is an overwhelming experience. I remember starting my first instance and looking at every word to make sure I was signing up for the right thing. Since I had signed up for the free 1-year trial account, I wanted to make sure I stuck to free services. Turns out this is a brilliant move on Amazon's part, because without them funneling me to create a free t2.micro instance, I probably would have scratched my head for a few days before even daring to use the service. Perhaps leaving in the process to a competitor with a simpler sign-on process.

There's a reason AWS is more confusing than some of the competitors out there. It's because they offer a lot of flexibility, and it's incredibly difficult to offer that much flexibility without confusion creeping in at the same time.

That doesn't matter, because I'm going to guide you. This post lays out the steps in an easy to digest format. Instead of digging through documentation, every step in this guide will take you closer to launching a secure EC2 machine.

Note: These steps are free as I'm writing this (June 2015). Double check this because I cannot guarantee AWS won't ever change the free tier.

First Steps
After signing up for a free tier account, we need to set up a few security groups and users. This will allow us to access services without using our root AWS account. It only takes a few minutes and will set you up for future use.

AWS Main Dashboard

Go to your IAM console. IAM stands for "Identity and Access Management". This is where you manage everything to do with groups, users, roles, policies, etc.. The first important point is to stay away from using your root access key. This key gives full access to everything in your account. What do you do then? Create groups with general permissions like administrators, developers, accounting, etc..), then create individual users and assign them to one of these groups. Doing it this way will prevent you and your coworkers from accessing things they don't need, and that way they (and you) can't break anything critical. Let's do that now.

Click on Groups and then Create New Group. We're going to first create a group for ourselves. Name it Administrators and on the next page select the first option: AdministratorAccess. The next page will review your selections. Create the group.

Now go to Users and Create New Users, and you can leave the Generate an access key for each user option selected. This will be our authentication method to access AWS service APIs. Make sure you store these in a secure place because they won't be retrievable. It is also recommended that you frequently rotate keys.

With our new user created, go ahead and select that new User and click on User Actions -> Add User to Groups. As you can see, users can belong to multiple different groups. Since we want to have access to our AWS console, we should also create a password for our user. Again, click on User Actions -> Manage Password, and auto generate a password. On the next page, they will show you this newly generated password and you can download it. You will also find a custom URL for this user to log into the console in the file.

This will do for now, but I recommend you learn more about IAM best practices. There are a few other steps you should go through in the future like deleting your root access keys, enabling multifactor authentication, and creating password policies.

Let's move on and prepare our account for our first EC2 instance with roles. Roles provide credentials to our applications similar to the way groups give permissions to users. For example, let's say we have an application on an EC2 instance and it needs to access your S3 bucket to retrieve images. Giving the EC2 instance that role would allow it to do that.

First, create a new Role. Give it a name and on the next page select the Amazon EC2 Role Type. Then, attach the AmazonEC2FullAccess Policy. This may not be what you're looking for with your production server so read more on that, but this will do for us. Read more about roles for EC2.

Now let's create a key pair so we can SSH in our machine that we're about to spin up. From your main console screen, click on EC2. It should be the first option you see under "Compute".

AWS EC2 Dashboard

Click on Key Pairs and Create Key Pair. AWS recommends naming it "myusername-key-pair-uswest2". Your browser should automatically download a PEM file. Store this somewhere safe where you can also access it later. We will use this to SSH in our machine.

Launch your EC2 instance
Finally, the moment you've been waiting for!

Click on Instances (still in the EC2 Dashboard), and Launch Instance. The first thing I want you to notice is the left-hand side.


Quick Start is the default open tab and it shows you that AWS already has AMIs (Amazon Machine Images) that include pre-installed services and languages like CLI tools, Ruby, Python, etc..

The second tab lets you use your own AMIs. You won't have any the first time you do this, but this option will let you launch instances from backups in the future.

The other two tabs let you choose other AMIs built by the community.

We want to use the free stuff, so tick that "Free tier only" box. Go ahead and choose the image you want to use based on the description in the Quick Start tab. The one thing I can tell you is that you'll want to pick one that says (HVM) under most circumstances. HVM is faster than PV, according to AWS engineers.

I'm going to select the first option: Amazon Linux AMI (HVM) SSD Volume Type. The next screen will ask which EC2 instance type you want to use. The t2.micro should be selected by default, and is the free one. Click Next: Configure Instance Details. This page will list different options to configure your instance. Hover over each option and read the descriptions for a better understanding. The only option we will change is the IAM role. Select the one we just created.

Next: Add Storage will let you choose the size and type of your volume. At the time of writing you can get up to 30 GB of EBS General Purpose SSD or Magnetic as part of the free tier. I'm going to stick to the default settings here.

Next: Tag Instance can be useful later down the road when you need to manage your different machines. For example, you could label all your Webservers as "Name" for the key and "Webserver" for value. Tagging can also help with categorizing billing and that sort of thing. I'm not going to tag this one because I'm just using it for this post.

Next: Configure Security Group helps you protect your machines. Know for a fact that only certain IPs will SSH into the machine? Only allow those IPs to do so. Setting up a webserver that only needs to accept SSH, HTTP and HTTPS ports requests? You can block everything else. If you have certain security rules that you know you are going to use over and over again, go ahead and create a security group. The page we're on conveniently let's you do that. I recommend renaming it to something that gives more info than the default name.

Time to Review and Launch! Make sure everything is correct and Launch! A popup window will display letting you select which key pair you'd like to use for this machine. As you can see, we can and should have different keys for different machines. Select the one we created earlier. The instance creation and configuration should take a minute or two. While that's processing, let's see how we can connect to it.

SSH on a Mac
First, let's change the permissions on our file.

$ chmod 400 my-key-pair.pem

By now our machine should be booted, so let's SSH.

$ ssh -i my-key-pair.pem user_name@public_dns_name

If you created an Amazon Linux image like I did, your user_name is ec2-user. For Ubuntu the username is ubuntu.

Your public_dns_name is displayed in your console and looks something like:

AWS EC2 Dashboard with running machine for Mac SSH

Press "Enter" and type yes at the prompt for key fingerprint. You're in!

AWS EC2 SSH and Python

SSH on Windows
Windows recently announced they will be adding a native SSH client, but for now we have to use something else. We can use PuTTy. Alternatively, you could use Git BASH for Windows. This is what I usually use. (Refer to SSH on Mac instructions if you use Git BASH.)

PuTTy client for Windows to SSH in our AWS EC2 machine

In the Host Name(or IP address) box, we can paste our Public DNS which is visible in our AWS console. By now our machine should be booted so check it out. It should look something like:

AWS EC2 Dashboard with running machine for Windows SSH

Leave it at Port 22 unless you changed it in your security group settings. Make sure SSH is the Connection type. Also, you can save these settings if you know you're going to reuse them.

Now we need to attach our .pem key. PuTTy can only read a PPK file format, which we need to generate from the PEM AWS gave us. If you downloaded PuTTy from the link above, you should have a puttygen.exe. Go ahead and open that, then Load your pem. Make sure you change to "All File (*.*)". PuTTy gen will auto detect everything. All you have to do is Save private key, unless you'd like to add a passphrase. While recommended, it's totally up to you.

Back in the main PuTTy we were in earlier, on the left side menu, open up "Connection" if it's not already, then click the SSH option and click on Auth. Click "Browse...". Look for that file we just generated.

Click Open at the bottom of the PuTTy screen (or save the settings if you want), and it will give you a security alert about the key fingerprint. Hit yes.

You should see a "login as:" prompt. If you used an Amazon Linux AMI, this is ec2-user. Ubuntu image would be ubuntu.

You're in!

Windows SSH using PuTTY in our AWS EC2 Machine

What now?
You now know how to spin up a machine with different images and then SSH into that machine to do whatever you want with it. I don't know about you, but this was super exciting to me when I did it for the first time a while back. Actually, it's still exciting to me. To see how far technology has come and to know that cloud computing is just in its infancy stage is incredibly exciting. There is so much we can do from here.

Learn how to use the command line to manage EC2 resources like instances, security groups, volumes, and more. Here are examples.

You can also set up a static website or a dynamic website. Setting up a dynamic website will differ depending on the language and framework you will be using. More on this soon.

If you're interesting in learning more about setting up websites on EC2, the different EC2 instances, using S3, and more, subscribe via email and I will let you know when those guides are out.

Of course, be sure to check what's free and what's not. As I'm writing this, you can have 750 hours per month of t2.micro runtime and a host of other services that we haven't covered in here for free.

Credit to for stats and information pulled from documentation to ensure accuracy.