Connecting to Instance
Once the Instance is launched we have multiple options to connect to the instance. Mostly we can use PuTTY to connect Linux machines and Remote Desktop Feature for Windows Machine.
As we launched Linux machine, here we are going to see PuTTY option now.PuTTY is basically an SSH and telnet client that can be used to connect to remote Linux instances. But before you get working on Putty,we need a tool called Putty Gen to convert the PEM file to PPK (Putty Private Key).
We can download the Putty.exe and PuttyGen.exe from the below URL: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest. html
- Download and install the latest copy of Putty and PuttyGen on local computer.
- Launch PuttyGen and select the Load button and browse the downloaded Pem file(Which is created at the time of Instance launch).
3. Once pem file is loaded,Select“Save private key”option
a. PuttyGen will prompt you with a warning message that you are saving this key without a pass phrase and would you like to continue,Select YES.
4. Provide a name and save the new file(*.PPK)at a secure location.You can use this PPK file to connect to your instance using Putty
5. Please note down the public IP address/public DNS
6. Now open the Putty and enter the public IP in Host Name field and make sure to enter Port 22
7. In Putty,under Category pane,expand theSSH option and then select Auth,then browse and upload the recently saved PPK file in the Private key file for authentication Once uploaded,click on Open to establish a connection to instance.
8. Give yes for on the Putty Security Alert
9.In the Putty terminal window,provide the username for your Amazon Linux instance(ec2- user) and hit the Enter Now we have connected to our first instance and it is ready for use
10.Each Linux instance type launches with a default Linux system user account.For Amazon Linux,the user name is ec2-user.For RHEL,the username is ec2-user or root. For Ubuntu, the username is ubuntu or root. For Centos,the username is centos.For Fedora,the user name is ec2-user. For SUSE,the username is ec2-user or root.Otherwise,if ec2-user and root don’t work,check with your AMI provider
11.For RHEL-based AMIs (Red hat),the username is either root or the ec2-user,and for Ubuntu-based AMIs,the username is generally Ubuntu itself.
12.To connect to Windows Instance we have to use Remote Desktop Connection application.
13. Open Run and enter mstsc and press enter
14. Note the public DNS/IP of the windows instance and enter it computer field and click on Connect
15. Now,It will ask you to enter the username and password to login to the instance.
16.To get the Username and password to login to the instance we have get it from EC2 console
17.Select the instance which you want to get the UN&PWD.Go to Actions and select the“Get Windows Password”,then browse the PEM file and select“Decrypt Password”button.
18.Then you’ll get the UN and Password,you can enter this UN&Pwd and click on connect, You’ll asked for Certificate error prompt,simply click on Yes to connect to this machine.
19. Now we have successfully connected to Windows Instance.
Security groups allow you to control traffic based on port, protocol, and source/destination.
You can use Security Groups to restrict and filter out both the inbound and outbound traffic of an instance using a set of firewall rules.Each rule can allow traffic based on a particular protocol—TCP or UDP,based on a particular port—such as 22 for SSH,or even based on individual source and destination IP addresses.This provides lot of control and flexibility interms of designing a secure environment for instances to run from.
Security groups are associated with instances when they are launched.Every instance must have atleast one security group but can have more.
A security group is default deny;that is,it does not allow any traffic that is not explicitly allowed by a security group rule.
Security groups are applied at the instance level.
Changes to Security Groups take effect immediately.
A security group is a stateful firewall,If you open some port in inbound,it’ll automatically allowed for outbound also.
We cannot block specific IP address using security groups.
We can specify allow rules,but not deny rules.
We can modify the firewall rules of Security Groups anytime,even when your instance is running.
- You can select the Protocol Type in nType field,automatically it’ll show the protocol type and Port.
- Range,and then we have to select the source.
- Source field where you can basically specify any of these three options:
Using this option as the source,particular application port will be accessible for many and all networks out there(0.0.0.0/0).This is not are commended configuration by AWS.
AWS will auto fill the IP address of your local computer/Network here.If you select My IP option then the service works only in that particular network only.
This is the most preferable option,the Custom IP option allows you to specify your own custom source IP address or IP range as per our requirements.Ex:allow the particular application to access only via traffic coming from the network 126.96.36.199/24 CIDR
More Information :https://www.fgrade.com/amazon-web-services/