Using AWS CLI for EC2

5 minute read

Using AWS CLI for EC2

This small tutorial will guide you through the process of executing basic ec2 operations using aws cli tool. The aws cli tool is extremely useful for automating EC2 operations. First of all install awscli using:

$ sudo pip install awscli

Afterwards you need to configure your cli tool with your access key and secret ID. You can find these in your IAM settings. Create an Acess Key for your user (if it doesn’t exist already) and use the information in the access key for the following command

$ aws configure
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

Fill in the four key pieces of information. This will configure your aws cli tool. Now we are ready to proceed to next steps. Before we proceed with creating EC2 instances we need to create a ssh key pairs and security groups that our instances will use. First generate a key pair and store the private key into a file:

$ aws ec2 create-key-pair --key-name MyKeyPair --query 'KeyMaterial' --output text > MyKeyPair.pem

For linux change the access options to this private key using

$ chmod 400 MyKeyPair.pem

Now that we have an ssh key to access our instances. We need to create a security group that our instances will use.

$ aws ec2 create-security-group --group-name my-sg --description "My security group"

This create a default security group. However, the default security group does not allow any external connection to the instances. In order to allow ssh access to the instance we need to add a rule to allow inbound traffic on TCP port 22 (for linux instances). Use the following command to add that rule

$ aws ec2 authorize-security-group-ingress --group-name my-sg --protocol tcp --port 22 --cidr

Note: If you want to allow ssh access from any machine given that they have the proper ssh key replace the cidr with . Otherwise replace cidr IP with your public IP. You can find your public IP using Also change the subnet mask if necessary.

Now we can create and launch our instances. Use the following command to create and run an EC2 instance based any particular AMI. Replace the “ami-xxxxxxxx” with the image id of your choice. You can find these AMI Ids. In order to find an AMI Ids for image of your choice go to EC2 dashboard, click on Instances and the click launch instances. It will show you different images with their AMI Ids. For example the AMI Id of Ubuntu Server 14.04 LTS (HVM), SSD Volume Type is ami-d732f0b7.

$ aws ec2 run-instances --image-id ami-d732f0b7 --count 1
 --instance-type t2.micro --key-name MyKeyPair --security-groups my-sg

Now your instance will be launch and you can access your instance using SSH (use the PublicDnsName returned in the json). A Json will be returned as a result of this command that will have the resource ID of your instance that you will need to perform other operations concerning this instances. For example you can create a tag for this instance using

$ aws ec2 create-tags --resources i-xxxxxxxx --tags Key=Name,Value=MyInstance

Replace the “i-xxxxxxxx” with the appropriate resource ID. Once you are done. You can terminate your instance using:

$ aws ec2 terminate-instances --instance-ids i-xxxxxxxx

If you need more details of each of the different steps mentioned above please visit the links in the references section.