Connecting to Instance

instance - sign right icon 150x150 - Instance Security Groups Once the Instance is launched we have multiple options to connect to the instance. Mostly we can use PuTTY to connect Linux machines and Remote Desktop Feature for Windows Machine.

instance - sign right icon 150x150 - Instance Security Groups As we launched Linux machine, here we are going to see PuTTY option now.PuTTY is basically an SSH and telnet client that can be used to connect to remote Linux instances. But before you get working on Putty,we need a tool called Putty Gen to convert the PEM file to PPK (Putty Private Key).

instance - sign right icon 150x150 - Instance Security Groups We can download the Putty.exe and PuttyGen.exe from the below URL: html

  1. Download and install the latest copy of Putty and PuttyGen on local computer.
  2. Launch PuttyGen and select the Load button and browse the downloaded Pem file(Which is created at the time of Instance launch).
Security Groups instance - 26 - Instance Security Groups

For AWS Support  9160565554

Send Enquiries : 

3. Once pem file is loaded,Select“Save private key”option

             a. PuttyGen will prompt you with a warning message that you are saving this key without a pass phrase and would you like to continue,Select YES.

4. Provide a name and save the new file(*.PPK)at a secure location.You can use this PPK file to connect to your instance using Putty

5. Please note down the public IP address/public DNS

6. Now open the Putty and enter the public IP in Host Name field and make sure to enter Port 22

Security Groups instance - 27 - Instance Security Groups

7. In Putty,under Category pane,expand theSSH option and then select Auth,then browse and upload the recently saved PPK file in the Private key file for authentication Once uploaded,click on Open to establish a connection to instance.

8. Give yes for on the Putty Security Alert

Security Groups instance - 28 - Instance Security Groups

 9.In the Putty terminal window,provide the username for your Amazon Linux instance(ec2- user) and hit the Enter Now we have connected to our first instance and it is ready for use

10.Each Linux instance type launches with a default Linux system user account.For Amazon Linux,the user name is ec2-user.For RHEL,the username is ec2-user or root. For Ubuntu, the username is ubuntu or root. For Centos,the username is centos.For Fedora,the user name is ec2-user. For SUSE,the username is ec2-user or root.Otherwise,if ec2-user and root don’t work,check with your AMI provider

Security Groups instance - 29 - Instance Security Groups

11.For RHEL-based AMIs (Red hat),the username is either root or the ec2-user,and for Ubuntu-based AMIs,the username is generally Ubuntu itself.

12.To connect to Windows Instance we have to use Remote Desktop Connection application.

13. Open Run and enter mstsc and press enter

Security Groups instance - 30 - Instance Security Groups

14. Note the public DNS/IP of the windows instance and enter it computer field and click on Connect

Security Groups instance - 31 - Instance Security Groups

15. Now,It will ask you to enter the username and password to login to the instance.

Security Groups instance - 32 - Instance Security Groups

16.To get the Username and password to login to the instance we have get it from EC2 console

Security Groups instance - 33 - Instance Security Groups

17.Select the instance which you want to get the UN&PWD.Go to Actions and select the“Get Windows Password”,then browse the PEM file and select“Decrypt Password”button.

Security Groups instance - 34 - Instance Security Groups
Security Groups instance - 35 - Instance Security Groups

18.Then you’ll get the UN and Password,you can enter this UN&Pwd and click on connect, You’ll asked for Certificate error prompt,simply click on Yes to connect to this machine.

Security Groups instance - 36 - Instance Security Groups

19. Now we have successfully connected to Windows Instance.

Security Groups instance - 37 - Instance Security Groups

Security Groups

Security groups allow you to control traffic based on port, protocol, and source/destination.

You can use Security Groups to restrict and filter out both the inbound and outbound traffic of an instance using a set of firewall rules.Each rule can allow traffic based on a particular protocol—TCP or UDP,based on a particular port—such as 22 for SSH,or even based on individual source and destination IP addresses.This provides lot of control and flexibility interms of designing a secure environment for instances to run from.

instance - sign right icon 150x150 - Instance Security Groups Security groups are associated with instances when they are launched.Every instance must have atleast one security group but can have more.

instance - sign right icon 150x150 - Instance Security Groups A security group is default deny;that is,it does not allow any traffic that is not explicitly allowed by a security group rule.

instance - sign right icon 150x150 - Instance Security Groups Security groups are applied at the instance level.

instance - sign right icon 150x150 - Instance Security Groups Changes to Security Groups take effect immediately.

instance - sign right icon 150x150 - Instance Security Groups A security group is a stateful firewall,If you open some port in inbound,it’ll automatically allowed for outbound also.

instance - sign right icon 150x150 - Instance Security Groups We cannot block specific IP address using security groups.

instance - sign right icon 150x150 - Instance Security Groups We can specify allow rules,but not deny rules.

instance - sign right icon 150x150 - Instance Security Groups We can modify the firewall rules of Security Groups anytime,even when your instance is running.

Volumes and Snapshots instance - 38 - Instance Security Groups
  • You can select the Protocol Type in nType field,automatically it’ll show the protocol type and Port.
  • Range,and then we have to select the source.
  • Source field where you can basically specify any of these three options:

instance - if check 14803 - Instance Security Groups Using this option as the source,particular application port will be accessible for many and all networks out there( is not are commended configuration by AWS.

My IP:

instance - if check 14803 - Instance Security Groups AWS will auto fill the IP address of your local computer/Network here.If you select My IP option then the service works only in that particular network only.

Custom IP:

instance - if check 14803 - Instance Security Groups This is the most preferable option,the Custom IP option allows you to specify your own custom source IP address or IP range as per our requirements.Ex:allow the particular application to access only via traffic coming from the network CIDR