Setting up a Linux Host with a Static Public IP in AWS — A walkthrough

Photo by John Schnobrich on Unsplash

This tutorial is meant for AWS beginners. I’m going to go through the steps of how to:

  1. Launch an instance in AWS (and what the minimal settings we must look at to Secure it and get it connected.)
  2. Attach a Public IP to it (Elastic IP)
  3. Connect via SSH to it.

I’ll rely in official Amazon documentation, building on top of it, adding some important information that aren’t that easy to find when you’re getting started with AWS.

0. Prerequisites

You must have a valid AWS account. Set up yours here: https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/

1. Launch an Instance in AWS

We’ll be using an Official Ubuntu AMI (Amazon Machine Image) and an AWS service called EC2 (Elastic Compute Cloud) , which is dedicated to Virtualized compute resources on demand. Costs vary according to how much resources you require from AWS.

After logging into your account, select “EC2” under the “Compute” section.

Image 1

Once in the EC2 Dashboard, locate the “Launch Instance” below “Resources” click “Launch Instance”, then “Launch Instance” again.

Image 2

In the Launch Instance Wizard, Enter the desired platform you wish to create an instance of in the search bar and Click in “Select” once you find the one you want (I choose x86 since its the most widely used architecture), I’m searching for an official Ubuntu Image below:

image 3

Next, choose the Instance type, these are AWS predefined resources, these optiosn vary from very resource optimized intances such as “t2.nano” with 1vCPU and 500Mbps RAM to very large options, such as “m4.16xlarge” with 64 vCPUs and 256 GB of RAM.

The free tier is called t2.micro and it is indicated by a green text below it. Choose whatever configuration you need and client on “Next: Configure Instance Details”

Image 4

As of this stage, we’ll need to start customizing it for a secure environment. Click on “Create new VPC” (Virtual Private Cloud).

Image 5

Click “Create VPC” at the top of the page.

Image 6

Then Enter the VPC name you desire, keep it clear and obvious for everyone (your AWS environment might be shared with other users).

And choose the IPv4 block. Click “Create”.

Image 7

Go back to “Configure Instance Details” tab (image 6), click on the refresh button next to “Create new VPC” and select the one you created.

Then click “Create new Subnet”.

Image 8

Enter the Name of the Subnet, keep it clear and obvious as well.

Select the VPC you just created, then enter the same IPv4 Block as you chose in the VPC (for ease of setup).

Click on “Create”

Image 9

Go back to “Configure Instance Details” tab (image 6), and select your new Subnet.

In the Auto-Assign Public IP, select “Disable”.

Image 10

Scroll down to the “Network Interfaces” section, here you add multiple interfaces in this host if you need. Most importantly, you can set an internal IP address to this host, in your subnet range.

Leave the “Network interface” field as is (set to New Network Interface) and enter the IP address you want in the “Primary IP” field.

Image 11

Scroll to the bottom of the page and click “Next: Add Storage”.

Image 12

We won’t modify Storage, so once again Scroll to the bottom of the page and now click “Next: Add Tags”

We won’t modify Tags, so once again Scroll to the bottom of the page now click “Next: Configure Security Group”

You’re now at Step 6 of creating a new host. Now you should choose the security Group you want applied to this host.

Security Groups are of paramount importance to securing your host against outside threats. Think of it like a firewall Access Control List (ACL), you’ll basically be blocking Ports and IP addresses from inbound or outbound access.

Let’s create a new security group just for this host. Leave the radius button in the default position of “Create a new security group”. Then edit the name of your security group as you wish use descriptive and obvious names for later ease of management.

Image 13

Also remember to modify the default rule created by AWS which leaves the host’s SSH port (22) open for anyone on the internet — with the staggering amount of bots scanning ips on the internet, it wouldnt take too long before they try and connect to your host (of course they would need your unique key pair to get in, but let’s do the right thing and reduce our risk).

Let’s change who can access this host from SSH, click on the source field and choose “My IP”. This works better if you’re sitting behind a Public static IP address, of course. AWS will then auto-populate the IP address field with your unique IP address, handy right?

Image 14
Image 15

Add any other rules you want, then click on “Review and Launch” at the bottom.

Verify all settings are the ones we covered, and click on “Launch”.

Image 16

Lastly, you’ll assign a key pair to this host, make sure to create one of your own if you still haven’t. Name it, then download it — place it in a safe place, ideally offline. Best practices would be to have a key pair for each host.

Then Launch the host.

Image 17

What we achieved so far is:

  • Creating and launching our host with:
  • VPC
  • Subnet.
  • Security Group
  • Key Pair

Click on “View Instances” at the bottom right corner and you’ll be taken to the EC2 dashboard where you’ll see your new host initializing:

Image 18

2. Attach a Public IP to it (Elastic IP)

Next we’ll Configure an Elastic IP.

Basically, we need a Network Interface, attach an Elastic IP to it and then attach this network interface to the Ubuntu Host.

Creating the Network interface is simple, on the left-hand side menu, scroll down to the section “Network and Security” and click on “Network Interfaces”.

Image 19

Select “Create Network Interface” at the top of the page.

Image 20

Enter a “Description” and a click on the “Subnet” field, choose the one that you created/attached to your Ubuntu host.

Image 21

Afterwards, you may leave IPv4 set to “auto-assign”, under “Security Groups” choose the one you created and click on “Create”.

Image 22

You’ll be taken to the Network Interfaces page, where you’ll see your newly created interface listed. Check the box next to it and click on “attach”.

Image 23

Choose your Ubuntu host from the Instance ID field, and click on “attach”.

Image 24

With the Network interface attached to the Host, lets allocate an Elastic IP to it. From the menu on the left, under the “Network and Security” section, click on “Elastic IPs”.

Image 25

Then on “Allocate Elastic IP Address”.

Tip: Elastic IPs are free when they’re attached to interfaces in hosts. If you allocate an Elastic IP but does not attach to a host, you’ll get charged.

Image 26

Click “Allocate” again — let’s use Amazon’s Pool of IPv4 addresses, if your AWS account had IP pools setup you could choose from your own Public IP addresses, handy if you’re a large App provider and have a DNS record pointing to a specific IP, for instance.

Image 27

Under Resource Type, choose “Instance”, select your instance from the “instance” field and enter a private IP address (inside the subnet you created earlier) to be the internal IP of this Elastic IP access, click on “Associate”.

Image 28

Finally, navigate to EC2 dashboard and verify that your new host now has the Elastic IP address, which is static.

Image 29

That’s it, you have a host in AWS with a static Public IP address!

Now all you need is to connect and start playing with it.

3. Connect via SSH to your host

There are multiple ways you can connect to your host via SSH.

Any modern OS will have an in-built SSH client that you can use from its Command Line Interface. Or you can also use Putty. For either method, you’ll have to import the Key pair when connecting to your host.

You’ll need:

  • SSH client of your choosing
  • Your Key pair file
  • The Static IP address of your host.

Amazon has a great guide on this, you can find it here, in case you need it.

This concludes this walkthrough and before I go, leaving some piece of knowledge from all this and from the movie Braveheart (which is a great movie but not historically accurate — at all) when it comes to AWS instances remember:

“Every instance is terminated, not all of them are executed.”

References:

  1. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html#ec2-launch-instance
  2. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html#TroubleshootingInstancesConnectionTimeout
  3. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Cloud Security engineer — Andre has been an IT professional for a decade with a range of experience from Support, to Sales, to Consulting.