I should have learned about AWS a while ago, but I completely forgot it because of my poor memory.
I wanted to have my own Linux server on the internet, so I tried to use AWS, but I can hardly remember anything. I will write an article after reviewing from scratch to setting up a server.
Although AWS has a one-year free tier from user registration, a credit card number is required for user registration. This is done.
When you log in from the top site, the screen changes and you are taken to the "AWS Management Console". This is the entrance to another world. The initial equipment that you can get for free is quite luxurious, and if you have a small server, you can use it for free. Look for the menu in the management console and check "Billing", "VPC" and "EC2". These three are the main places of activity.
Billing
Where to know the billing status.
First of all, if you don't know this, you can't use it with confidence. The amount of "how much did it cost this month" is displayed here. If you are using it in the free tier, it should be displayed as $ 0.
"Creating a VPC" is like "securing a server room and improving the environment" in the real world.
Click VPC to enter the VPC Dashboard.
Clicking on the VPC link will take you to the screen for creating a VPC. There is a "default VPC" from the beginning, but you shouldn't turn it off. It will be more troublesome.
Create a new VPC. Press "Create VPC" to start creating. The IPv4 CIDR block is 10.0.0.0/16. You will be able to use the address 10.0.xx.xx. Since IPv6 is not used, select None for IPv6 CIDR block. I want to use the free tier, so I choose the default for "Tenancy". The name will be referred to later, so it's a good idea to give it a descriptive name.
In real terms, this means "taking a server room."
Click the "Subnet" link to move to the screen for creating a subnet. Press "Create Subnet" to start creating. Select the VPC you created earlier. Select the Availability Zone from the Tokyo region, such as ap-northeast-1a. Choosing an overseas one will only slow you down. The "IPv4 CIDR block" is 10.0.1.0/24. Now you can use the address 10.0.1.xx in the subnet.
This completes "Wiring the Ethernet in the server room".
Click the link "Route table" to move to the route table setting screen. When you created the VPC, the route table was also created as a set. There is also a route table for the default VPC from the beginning, but don't delete it either. If you click on the tab labeled "Root", the destination should be 10.0.0.0/16 and the target should be local. No change required. You can name it in the tab called "Tags", so it's best to do it.
This completes the "router installation".
Click the link "Internet Gateway" to move to the creation screen. It corresponds to connecting the router and the external net. You can create it by pressing "Create Internet Gateway". As usual, it's better to give it a name. Select "Attach to VPC" from "Action" to connect to the VPC you are currently creating.
You can edit the route table by pressing the "Route" tab. Press Edit Route to add the route for the VPC you're currently creating. Associate 0.0.0.0/0 with ʻinternet gateway`. Now the inside of the VPC will be routed internally, and the rest will be sent to the Internet.
You can now connect to the Internet. Construction of the server room is complete.
EC2
"Starting EC2" is actually equivalent to "buying a computer, installing it in the server room, and starting it."
Go to the "EC2 Dashboard". Click "Instance" and press "Create Instance" to display the screen for selecting an instance (corresponding to a virtual computer). ʻSelect Amazon Linux 2 AMI (HVM), SSD Volume Type`. Next, select the free tier t2-micro.
Select the VPC you just created for "Network" and the subnet you just created for "Subnet". "Auto-assign public IP" is disabled by default, but it is enabled. Select the next "Add Storage" to proceed, but no additional storage is required.
When you create and start it, the key pair creation dialog will appear, so create it and download it. This file is the RSA key and you will need it to log in to this computer.
When you display the screen that displays the list of instances, you can see the computer that has just started. The IPv4 public IP address is also displayed. The computer with this IP address is already on the Internet. You can connect with SSH etc.
The created EC2 instance can only be SSH as it is. This is because the security group is closing protocols / ports other than SSH. If you want to ping the server to check for it or use it as an http server, change the security group settings.
When I view the server instance from the EC2 dashboard instance, I see a "security group" in the detailed description. You can find out the ID of the security group by pressing the link of the applied security group. Change (add) the security group for this ID from the Security Groups screen in your VPC dashboard.
| Purpose | type | protocol | Port range | Source |
|---|---|---|---|---|
| Allow SSH (default) | SSH | TCP | 22 | 0.0.0.0/0 |
| Ping | All ICMP- IPv4 | all | Not applicable | 0.0.0.0/0 |
| Used as an http server (for development) | Custom TCP rules | TCP | 8000 | 0.0.0.0/0 |
| Use as an http server (deploy) | HTTP | TCP | 80 | 0.0.0.0/0 |
Is there really a server on the Internet with just this? Check with TeraTerm.
Start TeraTerm, enter the IPv4 public IP address mentioned earlier in the connection destination, and connect with SSH2. The user name is ec2-uesr and you don't have to enter anything in the password field. Instead, select "Use RSA key" and select the file you downloaded earlier as your private key.
If you press "Connect", you can see that it is certainly connected.
TeraTerm
Last login: Fri Mar 20 15:18:50 2020
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
7 package(s) needed for security, out of 11 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-0-1-156 ~]$
end
Recommended Posts