Lab 001: Assigning Public IP to EC2 Instance
Requirements
- Create an EC2 instance named devops-vm using any available Ubuntu AMI with instance type t2.micro.
- Create or use an RSA key pair and associate it with the instance for SSH access.
- Allocate an Elastic IP named devops-pip and associate it with this instance.
- Ensure the instance is accessible via SSH using the configured key pair.
Note
The solution can be implemented using both the AWS Cloud Console and the AWS CLI. This document outlines the CLI-based approach to accomplish these tasks. It is recommended to first explore the console workflow for practical understanding before using the CLI approach, unless specifically instructed otherwise.
Prerequisites
- AWS CLI is installed and authenticated.
- A default VPC and subnet are available in the active region.
- SSH key pair is available locally or can be created during the steps.
Steps
INSTANCE_NAME="devops-vm"
KEY_PAIR_NAME="devops-kp"
SECURITY_GROUP_NAME="devops-ssh-sg"
# Discover default VPC and subnet
VPC_ID=$(aws ec2 describe-vpcs --query "Vpcs[?IsDefault==true].VpcId | [0]" --output text)
SUBNET_ID=$(aws ec2 describe-subnets --filters Name=vpc-id,Values="$VPC_ID" --query "Subnets[0].SubnetId" --output text)
# Find latest Ubuntu 24.04 AMI
AMI_ID=$(aws ec2 describe-images \
--owners 099720109477 \
--filters "Name=name,Values=ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*" "Name=state,Values=available" \
--query "Images | sort_by(@, &CreationDate)[-1].ImageId" \
--output text)
# Create key pair if not present
if ! aws ec2 describe-key-pairs --key-names "$KEY_PAIR_NAME" >/dev/null 2>&1; then
aws ec2 create-key-pair --key-name "$KEY_PAIR_NAME" --key-type rsa --query "KeyMaterial" --output text > "${KEY_PAIR_NAME}.pem"
chmod 400 "${KEY_PAIR_NAME}.pem"
fi
# Create security group if not present
if ! aws ec2 describe-security-groups --filters Name=group-name,Values="$SECURITY_GROUP_NAME" Name=vpc-id,Values="$VPC_ID" --query "SecurityGroups[0].GroupId" --output text >/dev/null 2>&1; then
aws ec2 create-security-group \
--group-name "$SECURITY_GROUP_NAME" \
--description "Security group for SSH access" \
--vpc-id "$VPC_ID"
fi
SG_ID=$(aws ec2 describe-security-groups \
--filters Name=group-name,Values="$SECURITY_GROUP_NAME" Name=vpc-id,Values="$VPC_ID" \
--query "SecurityGroups[0].GroupId" --output text)
# Ensure SSH rule exists
aws ec2 authorize-security-group-ingress --group-id "$SG_ID" --protocol tcp --port 22 --cidr 0.0.0.0/0 2>/dev/null || true
# Launch the EC2 instance
INSTANCE_ID=$(aws ec2 run-instances \
--image-id "$AMI_ID" \
--instance-type t2.micro \
--key-name "$KEY_PAIR_NAME" \
--security-group-ids "$SG_ID" \
--subnet-id "$SUBNET_ID" \
--tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=$INSTANCE_NAME}]" \
--query "Instances[0].InstanceId" --output text)
aws ec2 wait instance-running --instance-ids "$INSTANCE_ID"
# Allocate and tag Elastic IP
ALLOCATION_ID=$(aws ec2 allocate-address --domain vpc --query "AllocationId" --output text)
aws ec2 create-tags --resources "$ALLOCATION_ID" --tags Key=Name,Value=devops-pip
# Associate Elastic IP with instance
aws ec2 associate-address --instance-id "$INSTANCE_ID" --allocation-id "$ALLOCATION_ID"
PUBLIC_IP=$(aws ec2 describe-addresses --allocation-ids "$ALLOCATION_ID" --query "Addresses[0].PublicIp" --output text)
echo "Instance ID: $INSTANCE_ID"
echo "Elastic IP: $PUBLIC_IP"
echo "SSH: ssh -i ${KEY_PAIR_NAME}.pem ubuntu@$PUBLIC_IP"
Verification
- Confirm
devops-vmis in running state. - Confirm Elastic IP tagged
devops-pipis associated with the instance. - Confirm SSH port 22 is permitted in the attached security group.
aws ec2 describe-instances \
--instance-ids "$INSTANCE_ID" \
--query "Reservations[0].Instances[0].{Name:Tags[?Key=='Name']|[0].Value,State:State.Name,PublicIp:PublicIpAddress}" \
--output table
aws ec2 describe-addresses \
--allocation-ids "$ALLOCATION_ID" \
--query "Addresses[0].{Name:Tags[?Key=='Name']|[0].Value,PublicIp:PublicIp,InstanceId:InstanceId}" \
--output table