Day 5: Compute Basics — Launching Your First EC2 Instance

Welcome to Day 5! We have secured our account (IAM) and built our network (VPC). Today, we finally launch the "engine" of AWS: Amazon EC2 (Elastic Compute Cloud).

In a professional DevOps environment, you rarely launch servers by clicking buttons in the console. However, understanding the anatomy of an EC2 instance is critical for debugging and automating infrastructure later.

1. The Anatomy of an EC2 Instance

When you launch an instance, you aren't just starting a virtual machine; you are assembling several components:

• AMI (Amazon Machine Image): Your "Golden Image"—the OS and pre-installed software template.

• Instance Type: The hardware profile (CPU, RAM, Storage). Pro-tip: Start with t3.micro for learning to stay in the Free Tier.

• Key Pair: The digital key used for SSH access. Never lose your private key file (.pem)!

• Storage (EBS): The "hard drive." Remember that if you stop an instance, the EBS volume data persists; if you terminate it, the default volume is deleted.

• User Data: The "magic" script that runs on the very first boot. This is where your automation begins.

2. The DevOps Approach to Launching Instances

Stop thinking about "servers as pets" (servers you name, nurse, and patch manually). Start thinking about "servers as cattle."

• Use User Data for Automation: Never log into a brand-new instance to install nginx or docker. Put that in your User Data script!

  • Example:

    #!/bin/bash
    yum update -y
    yum install -y httpd
    systemctl start httpd
    systemctl enable httpd
    echo "<h1>Hello from Day 5!</h1>" > /var/www/html/index.html
    

• IAM Instance Profiles: Instead of hardcoding credentials, attach an IAM Role to your EC2 instance. This allows the instance to talk to S3 or DynamoDB securely without needing static access keys.

• Tagging is Mandatory: In a professional environment, an untagged instance is an "orphan." Always use tags: Name, Environment (Dev/Prod), Owner, and Project.

3. Pro-Tips for Production EC2

• IMDSv2 (Instance Metadata Service): Always enforce IMDSv2 to prevent SSRF (Server-Side Request Forgery) attacks. It’s a simple checkbox that significantly hardens your instance.

• Termination Protection: For critical production instances, enable "Termination Protection" to prevent accidental deletion.

• Use Systems Manager (SSM): Stop opening port 22 (SSH) to the world. Use AWS Systems Manager Session Manager to connect to your instances through a secure browser shell. It’s safer, requires no public IPs, and logs every command run!

• Infrastructure as Code (IaC): This is the last time you should launch an instance manually. Start looking at how to do this in Terraform or CloudFormation.

🚀 Hands-on Challenge

1. Launch an Amazon Linux 2023 instance.

2. In the "Advanced Details" section, paste a script in User Data that installs a web server.

3. Attach a Security Group that allows HTTP (port 80) traffic.

4. The Goal: Access your public IP in a browser and see your "Hello from Day 5!" page.

Did it work on the first try? If not, check your Security Group and your User Data logs (/var/log/cloud-init.log). Debugging is 90% of a DevOps engineer's job!

What’s Next?

Tomorrow, on Day 6, we’re diving into Storage Essentials: S3 Buckets, Policies, and Versioning. We’ll learn how to store data that’s as durable as the cloud itself.

Found this useful? Share your EC2 launch screenshot on LinkedIn and tag me—let's build the community!

#AWS #DevOps #EC2 #CloudComputing #Automation #100DaysOfDevOps #TechCommunity #Hashnode #InfrastructureAsCode