Create EC2 Intance

Create EC2 Intance

  1. Go to Amazon EC2 console.
  • On the left navigation bar, click Intances.
  • Click Launch Intance. Create EC2 Intance
  1. In the Name section, type KMSWorkshop-Instance. Create EC2 Intance
  2. In the Amazon Machine Image (AMI) section,Select Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type. Create EC2 Intance
  3. In the Instance type section,Select t2.micro. Create EC2 Intance
  4. In the Key pair (login) section,Select Create new key pair. Create EC2 Intance
  5. A prompt Create key pair appears, Key pair name: type KMSWorkshop-keypair,
  • Select .ppk.
  • Select Create key pair.
  • Save key pair file. You will need the key pair file to be able to ssh to the EC2 Public instance you are about to create. Create EC2 Intance
  1. Click Launch intance. Create EC2 Intance

Assign Role KMSWorkshop-InstanceInitRole to Instance.

We do it to ensure that the AWS CLI on the instance has enough permissions to run AWS KMS operations

  1. Go to Amazon EC2 console.
  • On the left navigation bar, click Intances.
  • Select Intances we created.
  • Click Action
  • Click Security
  • Click Modify IAM role Create EC2 Intance
  1. In the Modify IAM role page.
  • In the IAM role section, Select KMSWorkshop-InstanceInitRole.
  • Click Update IAM role. Create EC2 Intance

Connect to the Instance we created.

There are many ways to connect to EC2. In this lab, we use MobaXterm to connect EC2

  1. Download MobaXterm to connect to KMSWorkshop-Instance.
  2. Go to Amazon EC2 console.
  • On the left navigation bar, click Intances.
  • Check and get the Public IPv4 address on the Intances we create. Create EC2 Intance
  1. Extract and open MobaXterm we downloaded.
  • Select Session. Create EC2 Intance
  1. In the Session settings interface
  • Select SSH.
  • In the Remote host section, Type the Public IPv4 address of the Intances we created.
  • Click Specify username.
  • In the Specify username section, Type ec2-user. ec2-user is default user mặc định of Amazon Linux AMI.
  • Click Use private key.
  • In the Use private key section, choose the path of KMSWorkshop-keypair.ppk we created and download at EC2 creation.
  • Click Ok. Create EC2 Intance
  1. Connection successful. Create EC2 Intance
  2. Check the connection to the internet of EC2 Public, we execute the command:
ping amazon.com -c5

Create EC2 Intance

Assign AWSKeyManagementServicePowerUser and ImportKeyMaterial to Intances we created

  1. Go to AWS IAM Console.
  • Click Policies.
  • Click Create Policy. Create EC2 Intance
  1. In the Create policy page
  • Click Service.
  • Type kms into the search bar.
  • Click KMS Create EC2 Intance
  1. In the Actions section
  • Type ImportKeyMaterial into the search bar
  • Select ImportKeyMaterial Create EC2 Intance
  1. In the Resources section
  • Click Resources
  • Select Specific
  • Select Any in this account
  • Click Next:Tags Create EC2 Intance
  1. In the Add tags page
  • Click Next:Review Create EC2 Intance
  1. In the Review policy page
  • In the Name section, Type KMS-Workshop-ImportMaterialPermissions
  • Click Create Policy Create EC2 Intance
  1. Go to AWS IAM Console.
  • Click Roles.
  • Click KMSWorkshop-InstanceInitRole. Create EC2 Intance
  1. In the Permissions policies section
  • Click Add permissions.
  • Click Attach policies. Create EC2 Intance
  1. In the Other permissions policies section
  • Type AWSKeyManagement into the search bar, press Enter
  • Select AWSKeyManagementServicePowerUser. Create EC2 Intance
  • Type KMS-Workshop-ImportMaterialPermissions into the search bar, press Enter
  • Select KMS-Workshop-ImportMaterialPermissions.
  • Click Attach policies. Create EC2 Intance