AWS Basics for DevOps – How to Setup a Linux Machine

As a DevOps engineer, having the ability to quickly spin up new server instances is an essential skill. Amazon Web Services (AWS) is one of the most popular cloud platforms that enables this. Its Elastic Compute Cloud (EC2) service allows you to launch virtual server instances on-demand, with pay-as-you-go pricing.

For most DevOps workflows, Linux is the preferred operating system due to its stability, security, and rich ecosystem of open-source tools. In this guide, we‘ll walk through launching a new Linux virtual machine on AWS EC2, connecting to it via SSH, and performing some basic operations. By the end, you‘ll have a fully functional Linux server to use as a foundation for your DevOps projects.

Before You Begin

Before diving in, make sure you have the following prerequisites in place:

1. An AWS account (create one at aws.amazon.com if you don‘t have one yet)
2. Basic familiarity with Linux and the command line
3. An SSH client to connect to your instance
   • Linux & macOS have a built-in SSH client accessible via Terminal
   • For Windows, we recommend using the free PuTTY client

Creating an AWS Account

If you don‘t already have an AWS account, head over to aws.amazon.com and click "Create an AWS Account". You‘ll need to provide your contact info and credit card details. Don‘t worry – you won‘t be charged anything yet and we‘ll be using the free tier.

Follow the signup wizard, verify your identity with a phone call, and choose the Basic support plan. Once your account is created, sign in to the AWS Management Console.

Launching an EC2 Linux Instance

The first step is launching a new Linux virtual machine, known as an EC2 instance. Here‘s how:

1. From the AWS Management Console, navigate to the EC2 dashboard.
2. Click the "Launch instance" button.
3. On the AMI selection page, choose the Amazon Linux 2 AMI.
4. Choose the t2.micro instance type (eligible for free tier).
5. Click "Review and Launch" then "Launch" on the summary page.
6. When prompted, create a new key pair, give it a name, and download the private key file (with a .pem extension). Keep this file secure as you‘ll need it to connect to your instance.
7. Click "Launch Instances" and wait a few minutes for your instance to start up.

Once the instance state changes to "Running", make note of its public DNS name – you‘ll need this to connect to it via SSH.

Connecting to Your Linux Instance

With your Linux instance up and running, it‘s time to connect to it and start executing commands. The primary way to connect to a Linux instance is using SSH (Secure Shell).

Connecting from Linux or macOS

If you‘re using Linux or macOS, an SSH client is already built into your terminal. To connect, open terminal and use the ssh command like this:

ssh -i /path/to/your/keypair.pem ec2-user@your-instance-public-dns-name

Be sure to replace /path/to/your/keypair.pem with the actual path to the .pem file you downloaded earlier, and your-instance-public-dns-name with your instance‘s actual public DNS name.

Connecting from Windows using PuTTY

For Windows users, we recommend using the free PuTTY SSH client:

1. Download PuTTY and PuTTYgen from putty.org
2. Open PuTTYgen and click "Load". Select your .pem key file.
3. Click "Save Private Key" and save it in .ppk format.
4. Open PuTTY and paste your instance‘s public DNS name into the "Host Name" field.
5. In the left-hand menu, navigate to Connection > SSH > Auth and browse to your .ppk file for authentication.
6. Click "Open" to initiate the SSH connection.
7. When prompted to login as, enter "ec2-user".

Basic Linux Commands & Operations

Now that you‘re logged in to your Linux instance, let‘s try out some basic commands. Here are a few to get you started:

• pwd – print working directory, shows your current directory
• ls – lists the files in the current directory
• cd directory – change to the specified directory
• cat file – outputs the contents of the specified file
• sudo command – execute a command with superuser privileges

Let‘s create a new user and grant it sudo (superuser) privileges:

sudo adduser john 
sudo usermod -aG wheel john

This creates a new user named "john" and adds it to the wheel group which grants sudo privileges. You‘ll be prompted to set a password for the new user.

To switch to the new user, use the su (substitute user) command:

sudo su - john

Next, let‘s install a basic web server (Apache) to serve a website from our instance:

sudo yum update -y
sudo yum install -y httpd.x86_64
sudo systemctl start httpd.service
sudo systemctl enable httpd.service  

These commands update the package manager, install the Apache web server package, start the httpd service, and configure it to start automatically on boot.

You can verify the web server is running by visiting your instance‘s public DNS name in a web browser. You should see the default Apache test page.

Security Best Practices

When managing cloud servers, security is paramount. Here are a few basic best practices to secure your Linux instance:

1. Always log in using an unprivileged user and escalate using sudo when needed, instead of logging in as root.
2. Keep your software packages up to date by regularly running sudo yum update.
3. Configure a host-based firewall using iptables or firewalld to restrict incoming traffic to only necessary ports.
4. Disable SSH password authentication and use SSH keys instead.
5. Enable SELinux (Security-Enhanced Linux) to enforce access control policies.

As an example, let‘s harden SSH access by disabling password authentication. Open the SSH configuration file:

sudo vi /etc/ssh/sshd_config  

Locate the line that reads #PasswordAuthentication yes and change it to:

PasswordAuthentication no

Save the file and restart the SSH daemon for the changes to take effect:

sudo systemctl restart sshd

Now SSH logins are only possible using an SSH key, significantly improving your instance‘s security posture.

Cleaning Up

When you‘re done using your instance, it‘s important to clean up to avoid incurring unwanted charges. You have two options:

1. Stop the instance – This shuts down the instance but preserves its disk and configuration. You can restart it later and it will retain its public DNS name. You won‘t be billed for a stopped instance (only for the EBS storage attached).

2. Terminate the instance – This permanently deletes the instance and its associated EBS storage. Its public DNS name will also be released. Use this option if you no longer need the instance.

To stop your instance, select it in the EC2 dashboard, click "Instance State", and choose "Stop instance". To restart it later, select "Start instance" from the same menu.

To permanently delete your instance, follow the same steps but choose "Terminate instance" instead. Note that this action is irreversible.

Conclusion

Congratulations! You now have the skills to launch a Linux virtual machine on AWS, connect to it securely using SSH, and perform basic administration tasks. You‘ve also learned some security best practices to keep your instance safe.

From here, the possibilities are endless – you can use your Linux instance to host websites, run applications, manage infrastructure using tools like Ansible or Terraform, set up monitoring and logging, and much more.

To continue your DevOps learning journey, dive deeper into Linux by practicing the command line, shell scripting, and package management. Explore infrastructure-as-code tools to define and manage your AWS resources. And don‘t forget about containerization using Docker and orchestration with Kubernetes – these are key skills for the modern DevOps pro.

I hope this guide has been a helpful introduction to using Linux on AWS for your DevOps projects. Feel free to reach out if you have any questions. Happy automating!