Create EC2 Intance
Create EC2 Intance
- Go to Amazon EC2 console.
- On the left navigation bar, click Intances.
- Click Launch Intance.
- In the Name section, type
KMSWorkshop-Instance
.
- In the Amazon Machine Image (AMI) section,Select Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type.
- In the Instance type section,Select t2.micro.
- In the Key pair (login) section,Select Create new key pair.
- A prompt Create key pair appears, Key pair name: type
KMSWorkshop-keypair
,
- Select .ppk.
- Select Create key pair.
- Save key pair file. You will need the key pair file to be able to ssh to the EC2 Public instance you are about to create.
- Click Launch intance.
Assign Role KMSWorkshop-InstanceInitRole to Instance.
We do it to ensure that the AWS CLI on the instance has enough permissions to run AWS KMS operations
- Go to Amazon EC2 console.
- On the left navigation bar, click Intances.
- Select Intances we created.
- Click Action
- Click Security
- Click Modify IAM role
- In the Modify IAM role page.
- In the IAM role section, Select KMSWorkshop-InstanceInitRole.
- Click Update IAM role.
Connect to the Instance we created.
There are many ways to connect to EC2. In this lab, we use MobaXterm to connect EC2
- Download MobaXterm to connect to KMSWorkshop-Instance.
- Go to Amazon EC2 console.
- On the left navigation bar, click Intances.
- Check and get the Public IPv4 address on the Intances we create.
- Extract and open MobaXterm we downloaded.
- Select Session.
- In the Session settings interface
- Select SSH.
- In the Remote host section, Type the Public IPv4 address of the Intances we created.
- Click Specify username.
- In the Specify username section, Type
ec2-user
. ec2-user is default user mặc định of Amazon Linux AMI.
- Click Use private key.
- In the Use private key section, choose the path of KMSWorkshop-keypair.ppk we created and download at EC2 creation.
- Click Ok.
- Connection successful.
- Check the connection to the internet of EC2 Public, we execute the command:
ping amazon.com -c5
Assign AWSKeyManagementServicePowerUser and ImportKeyMaterial to Intances we created
- Go to AWS IAM Console.
- Click Policies.
- Click Create Policy.
- In the Create policy page
- Click Service.
- Type
kms
into the search bar.
- Click KMS
- In the Actions section
- Type
ImportKeyMaterial
into the search bar
- Select ImportKeyMaterial
- In the Resources section
- Click Resources
- Select Specific
- Select Any in this account
- Click Next:Tags
- In the Add tags page
- Click Next:Review
- In the Review policy page
- In the Name section, Type
KMS-Workshop-ImportMaterialPermissions
- Click Create Policy
- Go to AWS IAM Console.
- Click Roles.
- Click KMSWorkshop-InstanceInitRole.
- In the Permissions policies section
- Click Add permissions.
- Click Attach policies.
- In the Other permissions policies section
- Type
AWSKeyManagement
into the search bar, press Enter
- Select AWSKeyManagementServicePowerUser.
- Type
KMS-Workshop-ImportMaterialPermissions
into the search bar, press Enter
- Select KMS-Workshop-ImportMaterialPermissions.
- Click Attach policies.