Launch, Connect, and Manage EC2 Instances

Beginner12 min

Provision EC2 instances from the CLI, configure security groups, connect via SSH, and manage instance lifecycle operations.

Prerequisites

-AWS CLI v2 installed and configured
-SSH key pair created in your AWS region

Steps

Find the latest Amazon Linux AMI

Query the SSM Parameter Store to find the latest Amazon Linux 2023 AMI ID for your region instead of hardcoding AMI IDs.

$ aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 --query 'Parameters[0].Value' --output text

Using SSM parameters for AMI lookup ensures you always get the latest patched image for your region.

Create a security group

Create a security group that allows SSH access from your current IP address only.

$ aws ec2 create-security-group --group-name my-dev-sg --description "Dev instance SSH access" --vpc-id vpc-0example && aws ec2 authorize-security-group-ingress --group-name my-dev-sg --protocol tcp --port 22 --cidr $(curl -s https://checkip.amazonaws.com)/32

Never use 0.0.0.0/0 for SSH access in production. Always restrict to known IP ranges.

Launch the EC2 instance

Run an EC2 instance with the selected AMI, instance type, key pair, and security group.

$ aws ec2 run-instances --image-id ami-0example --instance-type t3.micro --key-name my-keypair --security-group-ids sg-0example --count 1 --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=dev-server}]'

t3.micro is free tier eligible. Always add Name tags to make instances easy to identify.

Wait for the instance to be running

Use the AWS CLI waiter to block until the instance reaches the running state before attempting to connect.

$ aws ec2 wait instance-running --instance-ids i-0example && aws ec2 describe-instances --instance-ids i-0example --query 'Reservations[0].Instances[0].PublicIpAddress' --output text

Connect via SSH

SSH into the running instance using your key pair and the public IP address.

$ ssh -i ~/.ssh/my-keypair.pem ec2-user@<public-ip>

If connection is refused, wait a minute for the instance to finish booting. Check that your security group allows your IP.

Stop or terminate the instance

Stop the instance to save costs while preserving data, or terminate it to delete it permanently.

$ aws ec2 stop-instances --instance-ids i-0example # Or permanently delete: # aws ec2 terminate-instances --instance-ids i-0example

Terminated instances are permanently deleted and cannot be recovered. Use stop-instances to pause billing while keeping the instance.

Full Script

full-script.sh

#!/bin/bash
# EC2 Instance Launch and Management
# Usage: ./launch-ec2.sh <key-pair-name> <vpc-id> [instance-type]

set -euo pipefail

KEY_NAME="${1:?Usage: $0 <key-pair-name> <vpc-id> [instance-type]}"
VPC_ID="${2:?Provide your VPC ID}"
INSTANCE_TYPE="${3:-t3.micro}"

echo "=== Finding latest Amazon Linux 2023 AMI ==="
AMI_ID=$(aws ssm get-parameters \
  --names /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 \
  --query 'Parameters[0].Value' --output text)
echo "AMI: $AMI_ID"

echo "=== Creating security group ==="
SG_ID=$(aws ec2 create-security-group \
  --group-name "dev-sg-$(date +%s)" \
  --description "Dev instance SSH access" \
  --vpc-id "$VPC_ID" \
  --output text --query 'GroupId')
echo "Security Group: $SG_ID"

MY_IP=$(curl -s https://checkip.amazonaws.com)
aws ec2 authorize-security-group-ingress \
  --group-id "$SG_ID" \
  --protocol tcp --port 22 --cidr "$MY_IP/32"
echo "Authorized SSH from $MY_IP"

echo "=== Launching instance ==="
INSTANCE_ID=$(aws ec2 run-instances \
  --image-id "$AMI_ID" \
  --instance-type "$INSTANCE_TYPE" \
  --key-name "$KEY_NAME" \
  --security-group-ids "$SG_ID" \
  --count 1 \
  --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=dev-server}]" \
  --output text --query 'Instances[0].InstanceId')
echo "Instance: $INSTANCE_ID"

echo "=== Waiting for instance to be running ==="
aws ec2 wait instance-running --instance-ids "$INSTANCE_ID"

PUBLIC_IP=$(aws ec2 describe-instances \
  --instance-ids "$INSTANCE_ID" \
  --query 'Reservations[0].Instances[0].PublicIpAddress' --output text)

echo ""
echo "Instance is running!"
echo "Connect with: ssh -i ~/.ssh/$KEY_NAME.pem ec2-user@$PUBLIC_IP"
echo "Stop with:    aws ec2 stop-instances --instance-ids $INSTANCE_ID"
echo "Terminate:    aws ec2 terminate-instances --instance-ids $INSTANCE_ID"

FAQ

Discussion

Loading comments...

#!/bin/bash # EC2 Instance Launch and Management # Usage: ./launch-ec2.sh <key-pair-name> <vpc-id> [instance-type] set -euo pipefail KEY_NAME="${1:?Usage: $0 <key-pair-name> <vpc-id> [instance-type]}" VPC_ID="${2:?Provide your VPC ID}" INSTANCE_TYPE="${3:-t3.micro}" echo "=== Finding latest Amazon Linux 2023 AMI ===" AMI_ID=$(aws ssm get-parameters \ --names /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 \ --query 'Parameters[0].Value' --output text) echo "AMI: $AMI_ID" echo "=== Creating security group ===" SG_ID=$(aws ec2 create-security-group \ --group-name "dev-sg-$(date +%s)" \ --description "Dev instance SSH access" \ --vpc-id "$VPC_ID" \ --output text --query 'GroupId') echo "Security Group: $SG_ID" MY_IP=$(curl -s https://checkip.amazonaws.com) aws ec2 authorize-security-group-ingress \ --group-id "$SG_ID" \ --protocol tcp --port 22 --cidr "$MY_IP/32" echo "Authorized SSH from $MY_IP" echo "=== Launching instance ===" INSTANCE_ID=$(aws ec2 run-instances \ --image-id "$AMI_ID" \ --instance-type "$INSTANCE_TYPE" \ --key-name "$KEY_NAME" \ --security-group-ids "$SG_ID" \ --count 1 \ --tag-specifications "ResourceType=instance,Tags=[{Key=Name,Value=dev-server}]" \ --output text --query 'Instances[0].InstanceId') echo "Instance: $INSTANCE_ID" echo "=== Waiting for instance to be running ===" aws ec2 wait instance-running --instance-ids "$INSTANCE_ID" PUBLIC_IP=$(aws ec2 describe-instances \ --instance-ids "$INSTANCE_ID" \ --query 'Reservations[0].Instances[0].PublicIpAddress' --output text) echo "" echo "Instance is running!" echo "Connect with: ssh -i ~/.ssh/$KEY_NAME.pem ec2-user@$PUBLIC_IP" echo "Stop with: aws ec2 stop-instances --instance-ids $INSTANCE_ID" echo "Terminate: aws ec2 terminate-instances --instance-ids $INSTANCE_ID"