1 00:00:06,550 --> 00:00:08,330 - Now let's take a look at a demo 2 00:00:08,330 --> 00:00:10,573 of launching a Linux instance. 3 00:00:13,480 --> 00:00:17,100 From the AWS Management Console 4 00:00:17,100 --> 00:00:20,900 we can go to EC2 5 00:00:22,920 --> 00:00:25,230 and again, we want to verify the region 6 00:00:25,230 --> 00:00:27,020 that we are operating in. 7 00:00:27,020 --> 00:00:28,700 Whatever region is selected here 8 00:00:28,700 --> 00:00:31,350 is where our instance will live. 9 00:00:31,350 --> 00:00:33,850 And so we're currently in Ohio 10 00:00:33,850 --> 00:00:36,173 where we created our VPC, 11 00:00:37,660 --> 00:00:39,080 and you can see we currently have 12 00:00:39,080 --> 00:00:41,470 no instances running. 13 00:00:41,470 --> 00:00:43,740 So, let's go ahead and click here 14 00:00:43,740 --> 00:00:45,373 to launch an instance. 15 00:00:47,590 --> 00:00:50,470 And for Linux we have a choice. 16 00:00:50,470 --> 00:00:52,460 We could choose Amazon Linux, 17 00:00:52,460 --> 00:00:54,670 we could choose Red Hat or SUSE. 18 00:00:54,670 --> 00:00:56,063 We have Ubuntu. 19 00:00:57,040 --> 00:00:59,230 And you can see that all of these 20 00:00:59,230 --> 00:01:01,530 do offer a free tier, 21 00:01:01,530 --> 00:01:03,510 that they're eligible for the free tier. 22 00:01:03,510 --> 00:01:05,230 And then of course we want to look 23 00:01:05,230 --> 00:01:09,000 to the type of virtualization, 24 00:01:09,000 --> 00:01:11,680 which we generally prefer HVM 25 00:01:11,680 --> 00:01:13,553 with SSD boot volumes. 26 00:01:14,830 --> 00:01:18,380 So, I'm going to go ahead and choose 27 00:01:18,380 --> 00:01:20,830 the latest version of Amazon Linux 2 28 00:01:22,240 --> 00:01:25,360 with SSD based root volume. 29 00:01:25,360 --> 00:01:27,470 This would be based on EBS, 30 00:01:27,470 --> 00:01:29,440 the Elastic Block Store. 31 00:01:29,440 --> 00:01:32,220 And you can see here that this one supports 32 00:01:32,220 --> 00:01:36,230 both x86 and the new Arm processors. 33 00:01:36,230 --> 00:01:38,903 So, for now we're going to stick with x86. 34 00:01:41,200 --> 00:01:43,740 Now, once we've chosen the machine image, 35 00:01:43,740 --> 00:01:46,540 now we choose the instance type, 36 00:01:46,540 --> 00:01:48,820 and you can see here that we get 37 00:01:48,820 --> 00:01:50,530 this long list of all kinds 38 00:01:50,530 --> 00:01:54,380 of different instances and we can choose 39 00:01:54,380 --> 00:01:57,830 by general purpose, by compute optimized, 40 00:01:57,830 --> 00:02:00,170 GPU, memory, storage and so on. 41 00:02:00,170 --> 00:02:02,220 We can also filter out 42 00:02:02,220 --> 00:02:05,140 by the current generations or all generations. 43 00:02:05,140 --> 00:02:06,300 So, if we wanted to go back 44 00:02:06,300 --> 00:02:09,610 and look at T1s or C3s, 45 00:02:09,610 --> 00:02:11,733 then we could look at all generations. 46 00:02:13,260 --> 00:02:18,070 You can also notice here that the T2 micro 47 00:02:18,070 --> 00:02:20,023 is eligible for the free tier. 48 00:02:20,980 --> 00:02:22,940 So again, what that means is 49 00:02:22,940 --> 00:02:26,650 there is no such thing as a free tier account. 50 00:02:26,650 --> 00:02:28,260 All accounts are identical. 51 00:02:28,260 --> 00:02:30,600 It just means that for the first 12 months 52 00:02:30,600 --> 00:02:32,420 of that account, you know, 53 00:02:32,420 --> 00:02:34,030 after you sign up with your email address 54 00:02:34,030 --> 00:02:36,650 and you put in your billing information, 55 00:02:36,650 --> 00:02:39,400 12 months from that day 56 00:02:39,400 --> 00:02:43,240 you have access to a certain set of resources 57 00:02:43,240 --> 00:02:45,530 that are deemed to be a part of the free tier. 58 00:02:45,530 --> 00:02:48,680 In the case of EC2, the T2 micro 59 00:02:49,560 --> 00:02:51,670 is given to you for free. 60 00:02:51,670 --> 00:02:53,900 So you can run one of these instances, 61 00:02:53,900 --> 00:02:58,900 it'll say here, you get up to 750 hours 62 00:02:58,950 --> 00:03:02,800 of micro instances each month, right? 63 00:03:02,800 --> 00:03:05,080 So that means you could run one machine 64 00:03:05,080 --> 00:03:07,520 all month long, all day, every day, 65 00:03:07,520 --> 00:03:08,890 for the entire year 66 00:03:08,890 --> 00:03:10,980 and not pay anything for that machine. 67 00:03:10,980 --> 00:03:12,420 So then, of course from there we could 68 00:03:12,420 --> 00:03:14,080 just go ahead, review and launch, 69 00:03:14,080 --> 00:03:15,260 if we wanted to. 70 00:03:15,260 --> 00:03:16,540 Otherwise we could go on 71 00:03:16,540 --> 00:03:17,730 and configure more things. 72 00:03:17,730 --> 00:03:19,740 So let's take a look at what comes next. 73 00:03:19,740 --> 00:03:23,690 So here, I want to launch one instance. 74 00:03:23,690 --> 00:03:26,532 You could launch 10 or 100 or 1000, 75 00:03:26,532 --> 00:03:28,220 if that number is 76 00:03:28,220 --> 00:03:30,280 within your current account limits. 77 00:03:30,280 --> 00:03:33,080 There are initial soft limits around the number 78 00:03:33,080 --> 00:03:35,270 of machines that we can launch. 79 00:03:35,270 --> 00:03:36,890 In terms of the network we do have 80 00:03:36,890 --> 00:03:38,610 to choose VPC. 81 00:03:38,610 --> 00:03:40,560 And so in this case I'm going to choose 82 00:03:40,560 --> 00:03:43,290 the web apps VPC that we created earlier, 83 00:03:43,290 --> 00:03:44,830 and I'm going to launch this 84 00:03:44,830 --> 00:03:48,760 into the applications subnet. 85 00:03:48,760 --> 00:03:50,380 This is the private subnet 86 00:03:50,380 --> 00:03:53,180 that we created earlier and then, of course, 87 00:03:53,180 --> 00:03:55,260 I will access that 88 00:03:55,260 --> 00:03:57,000 over my VPN connection. 89 00:03:57,000 --> 00:03:58,940 I have a VPN connection established here 90 00:03:58,940 --> 00:04:02,140 from the office into the VPC. 91 00:04:02,140 --> 00:04:04,760 Now, you will see here that the subnet setting 92 00:04:04,760 --> 00:04:06,670 for auto-assign public IP, 93 00:04:06,670 --> 00:04:08,790 the subnet setting is to disable 94 00:04:08,790 --> 00:04:10,360 and that's because, if you remember 95 00:04:10,360 --> 00:04:12,703 what we did back in VPC demos, 96 00:04:13,640 --> 00:04:15,770 when we created the applications-a, 97 00:04:15,770 --> 00:04:17,340 it was meant to be private 98 00:04:17,340 --> 00:04:19,080 and not accessible to the internet. 99 00:04:19,080 --> 00:04:22,080 And so, because there is no route 100 00:04:22,080 --> 00:04:25,670 between the application subnet and the internet, 101 00:04:25,670 --> 00:04:27,900 then we don't really need public IPs. 102 00:04:27,900 --> 00:04:30,820 We'll just go ahead and use the private IP. 103 00:04:30,820 --> 00:04:31,653 We'll scroll down here. 104 00:04:31,653 --> 00:04:33,570 We could attach an IAM role 105 00:04:33,570 --> 00:04:36,530 if we wanted to provide some way 106 00:04:36,530 --> 00:04:40,590 of gaining access to temporary credentials. 107 00:04:40,590 --> 00:04:42,920 But for now, since this is just a simple demo 108 00:04:42,920 --> 00:04:44,580 of launching a Linux instance, 109 00:04:44,580 --> 00:04:46,030 we'll go ahead and skip that. 110 00:04:47,400 --> 00:04:50,690 We could say protect against accidental termination, 111 00:04:50,690 --> 00:04:52,860 and so it says here that if you turn this on, 112 00:04:52,860 --> 00:04:55,640 this is sort of like a safety switch. 113 00:04:55,640 --> 00:04:57,490 Before you can terminate this instance 114 00:04:57,490 --> 00:05:00,840 you have to turn the protection off. 115 00:05:00,840 --> 00:05:02,000 So, it just helps 116 00:05:03,330 --> 00:05:06,410 prevent accidental termination. 117 00:05:06,410 --> 00:05:09,640 If we were to turn on detailed CloudWatch, 118 00:05:09,640 --> 00:05:10,970 then that would bring 119 00:05:10,970 --> 00:05:14,070 our default monitoring intervals 120 00:05:14,070 --> 00:05:16,570 from five minutes to one minute, 121 00:05:16,570 --> 00:05:19,990 and we would pay an additional charge for that. 122 00:05:19,990 --> 00:05:22,143 Right, so let's scroll down here. 123 00:05:23,090 --> 00:05:24,810 We don't really need to worry about 124 00:05:24,810 --> 00:05:26,210 any of the other stuff you'll see here 125 00:05:26,210 --> 00:05:27,810 under network interfaces. 126 00:05:27,810 --> 00:05:31,940 eth0 is the default network interface. 127 00:05:31,940 --> 00:05:34,070 And we could add others if we wanted to, 128 00:05:34,070 --> 00:05:35,310 if we wanted to have 129 00:05:35,310 --> 00:05:37,940 multiple network interfaces. 130 00:05:37,940 --> 00:05:40,170 Let's go ahead and go to Add Storage, 131 00:05:40,170 --> 00:05:42,650 and you'll see here that this instance 132 00:05:42,650 --> 00:05:45,380 does come with an 8-gig 133 00:05:45,380 --> 00:05:47,370 general purpose SSD volume. 134 00:05:47,370 --> 00:05:51,260 And so, it will operate at about, 135 00:05:51,260 --> 00:05:53,680 I don't know, 100 IOPS or so, maybe less. 136 00:05:53,680 --> 00:05:56,060 We could add an additional volume 137 00:05:56,060 --> 00:05:58,280 if we wanted to store data somewhere else 138 00:05:58,280 --> 00:05:59,580 other than the root volume. 139 00:05:59,580 --> 00:06:01,000 We could also change the size. 140 00:06:01,000 --> 00:06:03,180 If we wanted just a larger root volume, 141 00:06:03,180 --> 00:06:05,670 we could specify 20 or whatever. 142 00:06:05,670 --> 00:06:08,090 I'm just gonna leave that at eight. 143 00:06:08,090 --> 00:06:10,570 And it says here free tier eligible customers 144 00:06:10,570 --> 00:06:14,030 can get up to 30 gigs of general purpose storage. 145 00:06:14,030 --> 00:06:18,280 So, even this volume is free 146 00:06:18,280 --> 00:06:20,033 within that free tier period. 147 00:06:21,100 --> 00:06:23,120 Going on to Tags. 148 00:06:23,120 --> 00:06:26,360 It is a good idea to form 149 00:06:26,360 --> 00:06:28,920 some kind of consistent tagging strategy 150 00:06:30,030 --> 00:06:34,030 so that you can keep your AWS environments 151 00:06:34,030 --> 00:06:36,120 organized and use those tags 152 00:06:36,120 --> 00:06:37,710 to attribute cost. 153 00:06:37,710 --> 00:06:39,110 It doesn't really matter 154 00:06:40,000 --> 00:06:41,410 what key values we use 155 00:06:41,410 --> 00:06:43,570 as long as we are consistent and we continue 156 00:06:43,570 --> 00:06:46,560 to use those same keys and values, right? 157 00:06:46,560 --> 00:06:48,110 So I could say, you know, 158 00:06:48,110 --> 00:06:50,120 what application this is for, 159 00:06:50,120 --> 00:06:52,870 and this is might be for some kind 160 00:06:52,870 --> 00:06:53,830 of a web API. 161 00:06:53,830 --> 00:06:55,200 You name the application. 162 00:06:55,200 --> 00:06:58,780 And we might add, you know, 163 00:06:58,780 --> 00:07:02,430 a cost center, right? 164 00:07:02,430 --> 00:07:03,840 The ID of a cost center. 165 00:07:03,840 --> 00:07:05,140 And we might add owners 166 00:07:05,140 --> 00:07:08,020 and other kinds of tags. 167 00:07:08,020 --> 00:07:10,790 Going on to the Security Group, 168 00:07:10,790 --> 00:07:13,440 generally we create security groups. 169 00:07:13,440 --> 00:07:16,060 We saw earlier in the VPC demos 170 00:07:16,060 --> 00:07:18,290 that we created a security group, 171 00:07:18,290 --> 00:07:21,683 and here we have the option of selecting one. 172 00:07:22,660 --> 00:07:24,500 So far we only created 173 00:07:24,500 --> 00:07:25,830 the load balancer and the web app. 174 00:07:25,830 --> 00:07:27,230 So we could choose that one. 175 00:07:28,200 --> 00:07:30,640 And you'll see here that it's only, 176 00:07:30,640 --> 00:07:32,280 currently that security group 177 00:07:32,280 --> 00:07:33,790 is only allowing communication 178 00:07:33,790 --> 00:07:35,240 between the load balancer 179 00:07:35,240 --> 00:07:38,980 and the web app instance. 180 00:07:38,980 --> 00:07:40,430 Of course we could create a new one 181 00:07:40,430 --> 00:07:42,240 if we wanted to, but for now let's go ahead 182 00:07:42,240 --> 00:07:44,310 and use one that we created earlier. 183 00:07:44,310 --> 00:07:49,310 We will need to modify the security group rules 184 00:07:49,750 --> 00:07:54,503 to allow SSH from our local address. 185 00:07:56,020 --> 00:07:58,260 So let's go ahead and review and launch that 186 00:07:58,260 --> 00:07:59,690 and again, it's giving us a warning. 187 00:07:59,690 --> 00:08:01,690 It says, you will not be able to connect 188 00:08:01,690 --> 00:08:05,160 to this because it requires port 22 to be open, 189 00:08:05,160 --> 00:08:07,450 and your security group doesn't have 190 00:08:07,450 --> 00:08:08,790 port 22 open, and that's okay, 191 00:08:08,790 --> 00:08:11,970 we're going to fix that here in just a moment. 192 00:08:11,970 --> 00:08:13,520 So let's go ahead and continue. 193 00:08:14,460 --> 00:08:15,293 Review this. 194 00:08:15,293 --> 00:08:20,210 We're using Amazon Linux 2 on T2 micro. 195 00:08:20,210 --> 00:08:22,343 We have the web app security group. 196 00:08:23,400 --> 00:08:24,730 And then of course we could take a look 197 00:08:24,730 --> 00:08:26,130 at storage and other things. 198 00:08:26,130 --> 00:08:28,500 We have an 8-gig root volume, 199 00:08:28,500 --> 00:08:31,943 and we have all of the necessary tags. 200 00:08:33,580 --> 00:08:35,233 Let's go ahead and launch that. 201 00:08:36,250 --> 00:08:38,990 And we'll also need to choose a key pair. 202 00:08:38,990 --> 00:08:41,786 We could choose an existing one. 203 00:08:41,786 --> 00:08:43,713 We could create a new key pair. 204 00:08:44,560 --> 00:08:45,990 Or we could proceed without one. 205 00:08:45,990 --> 00:08:48,690 If you go without one, then it says, 206 00:08:48,690 --> 00:08:49,970 it wants you to acknowledge 207 00:08:49,970 --> 00:08:51,300 that you will not be able to connect 208 00:08:51,300 --> 00:08:53,850 to this instance unless you already know 209 00:08:53,850 --> 00:08:56,210 the password built into the image. 210 00:08:56,210 --> 00:08:57,950 But this image does not have one. 211 00:08:57,950 --> 00:08:59,560 This particular image requires 212 00:08:59,560 --> 00:09:01,520 key pair authentication. 213 00:09:01,520 --> 00:09:03,930 So, I'm going to choose an existing key pair 214 00:09:03,930 --> 00:09:07,820 that I have for US East 2. 215 00:09:07,820 --> 00:09:09,020 Well, you know what, let's go ahead 216 00:09:09,020 --> 00:09:11,370 and create a new key pair. 217 00:09:11,370 --> 00:09:14,380 And we'll call this one fundamentals, 218 00:09:14,380 --> 00:09:16,920 and I just want to show you what happens here. 219 00:09:16,920 --> 00:09:18,537 It says here "You have to download 220 00:09:18,537 --> 00:09:21,787 "the private key before you can continue. 221 00:09:21,787 --> 00:09:24,617 "Store it in a secure and accessible location. 222 00:09:24,617 --> 00:09:26,587 "You will not be able to download that 223 00:09:26,587 --> 00:09:28,370 "again after it's created." 224 00:09:28,370 --> 00:09:30,493 Right, so when you create key pairs, 225 00:09:31,850 --> 00:09:35,720 you only have this one opportunity 226 00:09:35,720 --> 00:09:38,220 to download that key pair. 227 00:09:38,220 --> 00:09:40,590 So I'm gonna go ahead and download that 228 00:09:40,590 --> 00:09:42,770 and you can see here it's asking me 229 00:09:43,700 --> 00:09:44,730 to save this. 230 00:09:44,730 --> 00:09:46,430 I'm gonna go ahead and save this 231 00:09:49,820 --> 00:09:54,580 under my Downloads folder, 232 00:09:54,580 --> 00:09:57,230 and then I'll go ahead and say 233 00:09:57,230 --> 00:09:58,523 Launch Instances. 234 00:09:59,630 --> 00:10:01,010 And then of course you can see 235 00:10:01,010 --> 00:10:02,350 now it's telling us 236 00:10:02,350 --> 00:10:04,150 that this particular instance is launching. 237 00:10:04,150 --> 00:10:05,670 If we go there, you can see 238 00:10:05,670 --> 00:10:07,690 that it's currently pending. 239 00:10:07,690 --> 00:10:11,660 While that instance is being created 240 00:10:11,660 --> 00:10:15,020 and booting, let's go to the security group. 241 00:10:15,020 --> 00:10:16,710 You can see down here 242 00:10:18,050 --> 00:10:22,420 we have applied the web app security group. 243 00:10:22,420 --> 00:10:24,250 And if we click on that, it will take us 244 00:10:24,250 --> 00:10:28,130 to a panel in which we can modify 245 00:10:28,130 --> 00:10:30,100 the security group rules. 246 00:10:30,100 --> 00:10:33,920 So, I'm going to sayedit this. 247 00:10:33,920 --> 00:10:37,060 I will add a rule, and I'm going to allow 248 00:10:38,240 --> 00:10:41,850 SSH TCP on port 22, 249 00:10:41,850 --> 00:10:44,840 and the way that my current VPN works 250 00:10:44,840 --> 00:10:47,300 is through network address translation. 251 00:10:47,300 --> 00:10:49,020 And so, even though my local machine 252 00:10:49,020 --> 00:10:52,530 would be a part of the 10.255 network, 253 00:10:52,530 --> 00:10:56,930 but my address is being routed 254 00:10:56,930 --> 00:11:00,050 through my VPC using network address translation. 255 00:11:00,050 --> 00:11:03,590 And so, the IP address would appear 256 00:11:03,590 --> 00:11:06,010 to come from the VPC itself. 257 00:11:06,010 --> 00:11:10,220 So, I'm going to put in 10.0.0.0/16 258 00:11:10,220 --> 00:11:12,690 and I'm going to say SSH 259 00:11:12,690 --> 00:11:15,853 over the AWS client VPN. 260 00:11:16,920 --> 00:11:19,550 And we'll go ahead and save that. 261 00:11:19,550 --> 00:11:22,820 And so now that we've gotten port 22 open, 262 00:11:22,820 --> 00:11:26,310 let's go back and see if this instance has launched. 263 00:11:26,310 --> 00:11:27,143 And there it is. 264 00:11:27,143 --> 00:11:30,310 You can see I have one for another use case 265 00:11:30,310 --> 00:11:32,260 that is currently in a stopped state, 266 00:11:32,260 --> 00:11:34,950 and then this one here is in a running state. 267 00:11:34,950 --> 00:11:37,200 And so, in terms of states 268 00:11:37,200 --> 00:11:41,440 we could stop the machine, 269 00:11:41,440 --> 00:11:44,350 which means that it still exists 270 00:11:44,350 --> 00:11:46,570 just like this other one here in the list, 271 00:11:46,570 --> 00:11:48,600 but it's not running. 272 00:11:48,600 --> 00:11:51,640 We're not paying an hourly charge for it. 273 00:11:51,640 --> 00:11:53,760 We're still paying for the EBS volume, 274 00:11:53,760 --> 00:11:55,790 the root volume, but we're not paying 275 00:11:55,790 --> 00:11:57,863 the hourly CPU time fee. 276 00:11:59,100 --> 00:12:02,450 Stop Hibernate means, this is something 277 00:12:02,450 --> 00:12:04,260 we would have had to enable at launch, 278 00:12:04,260 --> 00:12:07,320 which we did not do, but Stop Hibernate 279 00:12:07,320 --> 00:12:09,340 is basically the same as Stop. 280 00:12:09,340 --> 00:12:10,830 It puts it into a state 281 00:12:10,830 --> 00:12:12,390 where it's not running, 282 00:12:12,390 --> 00:12:14,320 we're not paying the hourly fee, 283 00:12:14,320 --> 00:12:17,800 but the contents of memory are preserved 284 00:12:17,800 --> 00:12:20,700 so that when you restart 285 00:12:20,700 --> 00:12:23,380 that instance from a hibernate state, 286 00:12:23,380 --> 00:12:26,240 then all of the consents of RAM 287 00:12:26,240 --> 00:12:27,970 are put back. 288 00:12:27,970 --> 00:12:30,320 So that's very useful for having applications 289 00:12:30,320 --> 00:12:32,610 pick up immediately where they left off, 290 00:12:32,610 --> 00:12:34,900 without having to wait for processes 291 00:12:34,900 --> 00:12:38,100 to start and then data to be 292 00:12:39,530 --> 00:12:41,440 pulled from disk. 293 00:12:41,440 --> 00:12:43,300 So now that this one is running 294 00:12:43,300 --> 00:12:46,820 we can also see that the status checks, 295 00:12:46,820 --> 00:12:48,990 the hypervisor status checks, 296 00:12:48,990 --> 00:12:52,180 have all returned, everything is okay. 297 00:12:52,180 --> 00:12:54,250 So if we look at the status checks, 298 00:12:54,250 --> 00:12:55,830 we have this system 299 00:12:55,830 --> 00:12:57,050 and then we have the instance. 300 00:12:57,050 --> 00:12:58,570 And so the system says 301 00:12:58,570 --> 00:13:01,640 from the AWS systems point of view 302 00:13:01,640 --> 00:13:04,910 everything is fine, and this one here says 303 00:13:04,910 --> 00:13:07,480 as far as the hypervisor in the instance goes 304 00:13:07,480 --> 00:13:08,680 everything else if fine. 305 00:13:09,530 --> 00:13:12,310 Okay, so now that this one is running, 306 00:13:12,310 --> 00:13:13,730 let's take a look at the description, 307 00:13:13,730 --> 00:13:18,290 and you'll see that we did receive 308 00:13:18,290 --> 00:13:20,310 a private IP address. 309 00:13:20,310 --> 00:13:21,900 We did not receive a public 310 00:13:21,900 --> 00:13:24,370 because we opted out of that. 311 00:13:24,370 --> 00:13:28,910 We could assign a public IP from elastic IPs 312 00:13:28,910 --> 00:13:30,370 but we don't really need to. 313 00:13:30,370 --> 00:13:34,830 If this is meant to be a private application server, 314 00:13:34,830 --> 00:13:36,870 inaccessible directly from the internet, 315 00:13:36,870 --> 00:13:39,900 if it's meant to be behind a load balancer, 316 00:13:39,900 --> 00:13:42,200 then it doesn't need a public IP, 317 00:13:42,200 --> 00:13:43,300 it doesn't need to communicate 318 00:13:43,300 --> 00:13:44,520 with the internet directly. 319 00:13:44,520 --> 00:13:47,590 And so, with our VPN that I have here 320 00:13:47,590 --> 00:13:49,450 at the office I can still connect 321 00:13:49,450 --> 00:13:51,620 to that private IP. 322 00:13:51,620 --> 00:13:54,250 So let's go ahead and copy that 323 00:13:54,250 --> 00:13:57,413 and then I will switch over to the terminal. 324 00:13:58,290 --> 00:14:00,770 So before we actually SSH, 325 00:14:00,770 --> 00:14:02,630 first I want to point out 326 00:14:02,630 --> 00:14:05,850 about this particular key. 327 00:14:05,850 --> 00:14:08,170 You'll notice here that the fundamentals.pem key 328 00:14:08,170 --> 00:14:09,193 that we downloaded, 329 00:14:10,702 --> 00:14:14,670 for Linux instances this key will be used 330 00:14:14,670 --> 00:14:16,180 to provide authentication 331 00:14:16,180 --> 00:14:17,850 against the operating system. 332 00:14:17,850 --> 00:14:21,640 So we will use it during our SSH shell 333 00:14:21,640 --> 00:14:22,673 into the machine. 334 00:14:23,850 --> 00:14:28,090 For Windows, this key will be used, 335 00:14:28,090 --> 00:14:30,840 the public part that Amazon has 336 00:14:30,840 --> 00:14:32,700 will be used to encrypt 337 00:14:32,700 --> 00:14:35,300 the Windows administrator password, 338 00:14:35,300 --> 00:14:37,570 and this private part that we have 339 00:14:37,570 --> 00:14:39,400 will be used to decrypt 340 00:14:39,400 --> 00:14:41,980 the Windows administrator password. 341 00:14:41,980 --> 00:14:44,790 And so, you'll notice here that for Linux 342 00:14:45,900 --> 00:14:49,050 that the permissions are way too lenient. 343 00:14:49,050 --> 00:14:51,670 Right, we're giving essentially everyone 344 00:14:51,670 --> 00:14:52,730 read, write and execute. 345 00:14:52,730 --> 00:14:54,020 We don't want that. 346 00:14:54,020 --> 00:14:56,260 And so before SSH will allow us 347 00:14:56,260 --> 00:14:58,710 to use that key, 348 00:14:58,710 --> 00:15:02,160 we need to do a chmod on that 349 00:15:02,160 --> 00:15:04,233 and go chmod 400, 350 00:15:05,140 --> 00:15:06,810 which will then remove those. 351 00:15:06,810 --> 00:15:08,070 We're doing a list again. 352 00:15:08,070 --> 00:15:10,650 You'll see now that only the richard user 353 00:15:10,650 --> 00:15:12,780 is allowed to read that key. 354 00:15:12,780 --> 00:15:15,690 That is the level of permissions 355 00:15:15,690 --> 00:15:19,780 that SSH prefers for SSH keys. 356 00:15:19,780 --> 00:15:20,960 Otherwise, we would get an error. 357 00:15:20,960 --> 00:15:23,320 If we tried to SSH with these kinds 358 00:15:23,320 --> 00:15:25,920 of permissions up here we would get an error 359 00:15:25,920 --> 00:15:27,450 in using that key. 360 00:15:27,450 --> 00:15:31,590 And so now that we have made the permissions 361 00:15:31,590 --> 00:15:34,350 much more restrictive, now we can SSH. 362 00:15:34,350 --> 00:15:37,480 We should be able to say ssh -i 363 00:15:38,457 --> 00:15:40,773 ./fundamentals, 364 00:15:43,000 --> 00:15:46,010 fundamentals, and then for Amazon Linux 365 00:15:46,010 --> 00:15:50,240 the user would be ec2-user@, 366 00:15:50,240 --> 00:15:53,115 and then we'll paste the IP address, 367 00:15:53,115 --> 00:15:58,115 and we'll go ahead and try to connect. 368 00:15:58,120 --> 00:15:58,953 And there we go. 369 00:15:58,953 --> 00:16:00,820 It says, again, now we're connecting 370 00:16:00,820 --> 00:16:02,520 to a private IP address, 371 00:16:02,520 --> 00:16:04,580 in my case over the VPN. 372 00:16:04,580 --> 00:16:07,200 In your case, if you don't have a VPN, 373 00:16:07,200 --> 00:16:08,570 then you may need to use 374 00:16:08,570 --> 00:16:11,390 either public IP addresses to gain access 375 00:16:11,390 --> 00:16:13,820 to publicly available instances, 376 00:16:13,820 --> 00:16:16,770 or use a bastion host. 377 00:16:16,770 --> 00:16:18,820 And so, now it says, "Are you sure?" 378 00:16:18,820 --> 00:16:21,640 Yes, and there we go. 379 00:16:21,640 --> 00:16:23,620 Now we have a shell 380 00:16:23,620 --> 00:16:27,520 into Amazon Linux 2 AMI, 381 00:16:27,520 --> 00:16:29,420 and you can see here we are indeed 382 00:16:29,420 --> 00:16:32,550 at ec2-user@ that particular address. 383 00:16:32,550 --> 00:16:35,540 And so, we can see 384 00:16:35,540 --> 00:16:37,010 that we are now logged 385 00:16:37,010 --> 00:16:39,770 into that particular machine. 386 00:16:39,770 --> 00:16:43,780 And we will continue to explore this 387 00:16:43,780 --> 00:16:45,330 in an upcoming demo. 388 00:16:45,330 --> 00:16:46,725 Right, so just like that. 389 00:16:46,725 --> 00:16:49,060 In just a few minutes we have launched 390 00:16:49,060 --> 00:16:51,550 a Linux-based EC2 instance 391 00:16:51,550 --> 00:16:54,430 and gained remote access to it 392 00:16:54,430 --> 00:16:56,083 by way of SSH.