Creating AWS EC2 instance using AWS CLI

We will have a brief description on how to create an EC2 instance using the AWS CLI tool. I'm assuming that you've a basic knowledge on AWS and having an AWS subscription or free tier.

Let's start by downloading AWS CLI on your local machine (Your Laptop/Desktop)

Steps to install AWS CLI

  1. Download AWS CLI from HERE
  2. If you're using MAC or Windows, you can run the downloaded file and install it.
  3. If you're using Linux use sudo apt install awscli -y (For Ubuntu, Debian, etc.), for Fedora, RHEL, CentOS use sudo  yum  install  awscli  -y

Once you've installed the CLI, let's login to CLI using your account key and account secret


Login to AWS CLI

  1. Open Terminal/CMD/PowerShell (Anyone depending on your OS). Below commands are independent for all types of OS.
  2. Run aws configure You'd require AWS Access Key ID and Access Key Secret in order to log in on AWS CLI

Now we are ready to create an EC2 instance.


Creating a Security Group

A security group is basically a set of Inbound and outbound rules which allow traffic IN/OUT on your EC2 instance.

aws ec2 create-security-group --group-name TECHAWARE_SECURITY_GROUP --description "Security Group for EC2 instances to allow port 22"

Security groups can be named anything. Provide a description that describes your Security group best.


Creating a rule for the Security Group created above

aws ec2 authorize-security-group-ingress --group-name TECHAWARE_SECURITY_GROUP --protocol tcp --port 22 --cidr

Port 22 is for SSH. SSH protocol allows us to remotely control our EC2 instances.


Creating Private key (For Local Machine) and Public key (For AWS EC2 Instance)

aws ec2 create-key-pair --key-name TECHAWARE_KeyPair

This command will give you an output. Copy the keypair only. I've highlighted it for you in the below snapshot. Be cautious while copying. Extra spaces are also not allowed.

  • Now create a new text document and paste this content.
  • Once you've pasted, make sure you have saved this text document as the name “TECHAWARE_KeyPair.pem”. The name can be anything, but don't forget the .pem extension.
  • This file contains many \n , replace them with an Enter(return key).
  • This is your private key. If you lost this, you'll never get this back. And any EC2 instance using this KeyPair, you'll not be able to access that anymore even if you're a root user in AWS.


Creating the EC2 instance

aws ec2 run-instances   --image-id ami-06092fe5508a09139 --key-name TECHAWARE_KeyPair --security-groups TECHAWARE_SECURITY_GROUP --instance-type t2.micro --placement AvailabilityZone=ap-south-1a --block-device-mappings DeviceName=/dev/sdh,Ebs={VolumeSize=100} --count 2

This command is a single line command, don't part it into multiple lines.

Let's understand this command -

  • run-instances used to create the instance.
  • --image-id can be used any of below -
    • Use ami-06092fe5508a09139 for ubuntu 18.4
    • Use ami-090f267bf4ca2b4e3 for Windows Server 20H2
    • For more image types you can list all images using the command aws ec2 describe-images --owners self amazon
    • To know more about AWS image IDs, please check THIS ARTICLE
  • --key-name , here provide the key you've created at the very beginning of this article.
  • --security-groups, we have created a Security group named TECHAWARE_SECURITY_GROUP.
  • --instance-type, this basically defines the size of your EC2 instance. Note:- This is directly proportional to the cost of instances. T2.micro is one of the cheapest.
  • --placement stands for the location of your instance.
    • Use command aws ec2 describe-regions to list available regions you can select from.
  • --block-device-mappings for mapping the Block storage (OS hard-disk mainly).
  • --count provide a number of instances you want to have. Write 100 and you'll have 100. As simple as it is.


If you've created the Ubuntu instances, you can SSH them. Let's try -

  • Remember, we have saved a TECHAWARE_KeyPair.pem. We need this file now.
  • ssh [email protected] -i ‘/path/to/file/TECHAWARE-KeyPair.pem’. This command will allow you to SSH the machine. Make sure you replace PublicIP with the actual IP of that EC2 Instance. You can get the public  IP of instances by running this command - aws ec2 describe-instances --query "Reservations[*].Instances[*].NetworkInterfaces[0].Association.PublicIp"
  • You might face an error related to key security. Make sure the TECHAWAREKeyPair.pem file you're using is only accessible by you, not by anyone else. You can achieve this from the security tab in file properties. In Linux, you can do so by using chmod  400  TECHAWARE-KeyPair.pem
  • Now you should be able to connect to your AWS instances.

Make sure you've terminated all those instances after using them, otherwise it will cost you a lot. You can use   to do this.


You can comment down if you have any suggestions for future articles. We will try our best to keep you updated.

On this page
Kamal Kumar @techaware
Posted on November 25, 2020
1297  Views   •   421 Likes