Setting up AWS EC2 by CLI

How to setup ec2 instance with a completely new environment by the help of AWS CLI commands.


  1. Active AWS Account
  2. AWS CLI software
  3. Basic knowledge of AWS EC2 (VPC’S, Subnet, SecurityGroup, KeyPairs, EBS)

Let’s begins the procedure

Step1. Creating a VPC

VPC- Amazon Virtual Private Cloud is a commercial cloud computing service that provides users a virtual private cloud, by “provision[ing] a logically isolated section of Amazon Web Services Cloud”. Enterprise customers are able to access the Amazon Elastic Compute Cloud over an IPsec based virtual private network.

aws ec2 create-vpc help      // this command shows the brief description about vpc

here CIDR- block we have to set with this command which helps in allocating the IP’sto the instances.

Also, the output of this command is in JSON format so we have to add some queries to get the desired output. We only this VPC id and we will save this in a file for further use. So the final command is

$aws ec2 create-vpc 
--cidr-block ""
--query Vpc.VpcId
--output text > vpc.txt

Now the id of VPC is stored in a file and we can use it anywhere, but you can save it anywhere instead of vpc.txt just write <loaction>\vpc.txt. Similarly, we set up the rest of the services.

Step2: Creating Subnet

Subnet- A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to a subnet are addressed with an identical most-significant bit-group in their IP addresses. You can relate VPC as a home and Subnet as a room.

Similarly here we check the synopsis of creating subnet, here iam not showing for all, but you can check on your own by the command

$aws ec2 create-subnet help

the required synopsis are

[--availability-zone <value>]                                                                                                                                   [--availability-zone-id <value>]                                                                                                                                --cidr-block <value>

For this also we will add some queries for the desired output, and i will put VPC id from the previously created folder,so now the command becomes

aws ec2 create-subnet 
-- availability-zone “ap-south-1a”
-- cidr-block “”
--vpc-id “$(cat .\vpc.txt)”
--query Subnet.SubnetId
--output text > subnetid.txt

now the subnet id is stored in subnetid.txt folder for further use.

Step3: Creating Security Group

Security Group- A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups.

Lets first check the synopsis of the security group by the command

$aws ec2 create-security-group help

Below are the synopsis of the security groups

--description <value>
--group-name <value>
[--vpc-id <value>]

Again we will use the pre-created vpc id here and some queries to json to extract the sec-id and save it for further use. S, now the command become

$aws ec2 create-security-group 
--group-name sec-1
--description allow-only-ssh
--vpc-id $(cat .\vpc.txt)
--query [GroupId]
--output text > sec.txt

Now the security-group is created and at last we have to create a key also for the communication with os

Step4: Creating Key-Pair

Key-Pair- it is a set of security credentials that you use to prove your identity when connecting to an instance.

Actually creating a key-pair is very easy but the output is in a json format and we have to extract the private key with the proper format otherwise we will not be able to use this key. We can save this key either in ppk format of pem format

lets first check the synopsis of this key-pair

$aws ec2 create-key-pair help

the imp synopsis we have to give is — key-name

and the output key-pair is looked like

This KeyMaterial holds the private key but it is not in a proper format, so let's add a proper query to extract this private key and stored in a file.

$aws ec2 create-key-pair 
--key-name key5
--query [KeyMaterial]
--output text > key5.pem

by applying this command you will see the diff in the outcome of the command and it looks like

Here is our final key with proper format

Now we are ready to launch the instance

Step5: Launching an EC2 instance

Before launching the instance we need

[--image-id <value>]
[--instance-type <value>]
[--key-name <value>]
[--security-group-ids <value>]
[--subnet-id <value>]
[--count <value>]

So the final to launch an ec2 instance with public IP

$aws ec2 run-instances 
--image-id ami-0e306788ff2473ccb
--instance-type t2.micro
--key-name key5
--security-group-ids $(cat .\sec.txt)
--subnet-id $(cat .\subnetid.txt)
--count 1

The default output is to json we can add some query to extract the desired output.

Step6: Let's add an additional volume to the instance

Firstly we have to create a volume by the following command

aws ec2 create-volume --availability-zone ap-south-1a --size 10

it requires availablity zone and the size and some more synopsis but for simplicity we ignore others.

you can filter out this volume id by adding query to the above command.

Now the next step is to attach the volume id for this we need instance and volume id

aws ec2 attach-volume --instance-id i-00372ed008be61d21 --volume-id vol-07c4c857f19c14b14 --device /dev/sdf

here we have to give the device name also, for the details about device name use the below link

Now the instance is launched successfully with an additional volume.

Thank You

Devops Enthusiast