Spinning Up Linux EC2s with IaC
🐧 Spinning Up Linux EC2s with IaC 🚀
Welcome back, cloud wranglers!
If you followed my last adventure (where we bootstrapped a Windows Server on AWS using OpenTofu), you already know the basics: infrastructure-as-code and that satisfying moment when your instance’s public IP pops up in the terminal. If you don’t know the basics, see here to get started.
But Windows isn’t the only flavor in the AWS free tier ice cream shop. Today, we’re going to double the fun (literally) by launching two Linux EC2 instances—with SSM access, SSH keys, and all the trimmings. If you’re a Windows admin dabbling in Linux or IaC, this is the perfect way to get started.
📄 The Terraform File: Deja Vu, but Make It Linux
👉 Download the main.tf file here
🆕 What’s New and Why?
1️⃣ Double the Linux, Double the Fun
The magic is in this line:
1
count = 2
Now you get two EC2 instances, each with its own public IP and Free Tier-friendly 8GB root volume. You can easily go 3 without hitting a free limit, but be careful leaving them all running for days on end or you risk being charged money💰!
2️⃣ Amazon Linux 2 (AL2)
We filter for Amazon’s official, up-to-date, x8664 AL2 AMIs.
Free, fast, and friendly to beginners and pros alike!
🤓 _You could change the filter for Ubuntu if you want to experiment!
3️⃣ SSM Setup
Just like with Windows, SSM lets you connect to your instances without opening SSH (but we open SSH for learning/demo purposes).
- IAM role and instance profile magic are included so you can use AWS Systems Manager Session Manager.
4️⃣ Key Pair Goodness
Your SSH key is generated on the fly and saved wherever you specify.
Connect via SSH:
1
ssh -i aws-ec2-linux-key.pem ec2-user@<public_ip>
🛡️ SSM: The Secret Passage
With SSM, you don’t need to open port 22 if you don’t want to!
Here’s how to connect using the AWS CLI:
1
aws ssm start-session --target <instance-id> --region us-east-1
💡 Note:
No public IP? No problem! SSM tunnels right through.
⚡ Quickstart
1. Initialize and apply
1
2
3
tofu init
tofu plan
tofu apply
2. Get your instance info (table output!)
1
terraform output linux_instance_table
1
2
3
4
5
6
7
8
9
10
11
12
linux_instance_table = [
{
"id" = "i-0abcd1234ef567890"
"public_ip" = "3.82.200.42"
"name" = "al2-demo-1"
},
{
"id" = "i-0bcde2345fa678901"
"public_ip" = "44.204.119.108"
"name" = "al2-demo-2"
}
]
3. SSH in
1
ssh -i aws-ec2-linux-key.pem ec2-user@3.82.200.42
🚨 Troubleshooting: SSH Key Permissions Error
If you see an error like this when connecting via SSH:
1
2
3
4
5
6
7
8
Bad permissions. Try removing permissions for user: NT AUTHORITY\Authenticated Users (S-1-5-11) on file linuxdemo/aws-ec2-linux-key.pem.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'aws-ec2-linux-key.pem' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "aws-ec2-linux-key.pem": bad permissions
Fix: Set your key location and run commands.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Set permissions on key to be secure for SSH usage.
# Set Key File Variable:
$Key = "aws-ec2-linux-key.pem"
# Remove Inheritance:
icacls $Key /c /Inheritance:d
# Set Ownership to Owner:
icacls $Key /c /Grant ${env:UserName}:F
takeown /F $Key
icacls $Key /c /Grant:r ${env:UserName}:F
# Remove All Users, except for Owner:
icacls $Key /c /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users
# Verify:
icacls $Key
# Remove Variable:
Remove-Variable -Name Key
4. Try SSM
1
aws ssm start-session --target i-0abcd1234ef567890 --region us-east-1
5. Destroy When Done
1
tofu destroy
🧹 Cleanup: Run this when you’re finished to avoid unnecessary AWS charges!
🎨 Tips, Notes & Styling
- 💡 Tip: The default user for Amazon Linux is
ec2-user. - 🔐 Security Reminder: For real projects, restrict your SSH security group to your IP!
- 🏷️ Pro Tip: Adjust the tag format in the Terraform for easier instance management.
🏁 Wrapping Up
With just a few lines of IaC, you’ve spun up Linux in the cloud, with remote management and SSH at your fingertips.
Next up: Stay tuned for form SSM fun using port forwarding 🌩️