Start Your First EC2 Instance with These Simple Steps

In earlier blog, we learned about what a server is and what EC2 is in AWS. Today, we’ll do a quick hands-on tutorial on setting up an EC2 instance. Before diving in, make sure you have an AWS account, as it's essential to access and explore AWS services.

I’ve provided a brief guide on how to create an AWS account and sign in. Be sure to check out the link below and follow the steps.

https://cloudcompute.hashnode.dev/why-is-aws-a-top-choice-for-cloud-services

Ready to roll? 🚀Let’s kick off our EC2 setup and explore AWS in action.

How to Launch Your First EC2 Instance on AWS?

Log in to AWS Console: Go to https://aws.amazon.com and sign in.

Launch an EC2 Instance: Navigate to EC2 - Search for "EC2" and open it.

Before launching an instance, make sure to select a region. You can choose any available region—here, I'm launching mine in N. Virginia. Keep in mind that performance may vary depending on the region you select.

We can launch instances in two ways shown as below. Click on “Launch Instance”.

Under "Name & Tags," enter your desired instance name. In this example, I'm using "Server1." Then, click on "Add additional tags" to include more metadata.

Click on "Add new tag." You can assign up to 50 tags to an instance. Tags help organize and manage your resources efficiently. For example, if you have multiple servers, tags allow you to identify which application is running on each server. This makes it easier to filter, search, and perform bulk operations based on your tagging strategy. Here I added the Key and Values shown an below also you can able to remove the unwanted tags.

Choose an Amazon Machine Image (AMI): An AMI provides the operating system, application server, and any required applications for your instance. In this example, I'm selecting Amazon Linux 2023 (kernel 6.12), which is Free Tier eligible.

💡 Important Tip: Make sure to choose a Free Tier eligible AMI if you're looking to avoid charges. AMIs that aren’t Free Tier eligible may result in billing once the instance is launched.

Select an Instance Type — t2.micro (Free Tier): The instance type determines the hardware configuration of your EC2 virtual machine—including vCPUs (virtual CPUs), memory (RAM), storage type and size, and network performance. For this guide, we're choosing the t2.micro instance, which is Free Tier eligible and ideal for beginner experiments.

💡 Tip: Always select Free Tier eligible instance types to avoid unexpected charges, especially during initial learning and testing.

Create or select a key pair (for SSH access):
A key pair in Amazon EC2 is a set of security credentials used to securely access your virtual machine (EC2 instance). We can create our instance in two ways. With key pair and Without key pair.
With key pair consists of two keys.
1. Public Key: Stored on the EC2 instance.
2. Private Key: Downloaded and kept by you. Used to authenticate access via SSH (Linux) or decrypt the admin password (Windows). (Typically as a .pem file/.ppk file)
Without key pair - This is not secure and not recommended because of security purposes.

⚠️Important Tips:
1. AWS does not store your private key. If you lose it, you can't access the instance unless you set up a new one or use recovery methods.
2. You can create a key pair during instance launch or separately via the EC2 dashboard.

Now click on “create new key pair”

Provide a key pair name (without spaces—use hyphens or underscores), select RSA as the key pair type, choose the .pem format, and click 'Create key pair'.

Private key downloaded in your system.

Create a key pair once, in future EC2 launches, you can simply select your existing key pair from the dropdown menu. ✅ This saves time and ensures consistent access across multiple instances. And this works in the same region, if you change to different region there you need to create a new key pair.

💡 Tip: Make sure to store your private key (.pem or .ppk file) securely. Without it, you won’t be able to connect to instances linked to that key.

Network Settings: This includes VPC configurations, availability zones and public IPs.
EC2 instances operate within a Virtual Private Cloud (VPC), which is your isolated network in AWS.
1. VPC is your private network space in AWS. When you launch an EC2 instance, it runs inside a VPC. You define subnets, IP ranges, routing, and gateways. Creates our own network.

2. Subnets: Divide your VPC into public and private zones across Availability Zones.
Public subnet: Accessible from the internet.
Private subnet: No direct internet access (used for backend services).

3. Security Groups: For each and every server there will be a Security firewalls. Think of these as virtual firewalls for your EC2 instances. In every server there will be a security group. In Security group we have Inbound and Outbound rule. You can allow or block inbound and outbound traffic based on: IP address, Port number, Protocol (e.g., TCP, HTTP, SSH)
Example: To connect via SSH, allow port 22 from your IP.

Inbound Rule: An inbound rule allows incoming traffic to reach a server. For example, when you enter www.yt.com in Chrome, your browser sends a request to a server hosting that website. This incoming request is governed by inbound rules. In technical terms, inbound rules define the conditions that determine who can access an application or server and who cannot. These rules are typically based on IP addresses, ports, and protocols.

Outbound Rule: An outbound rule controls the traffic leaving a server. When a request is processed by the server, the response must be sent back to the client — and this outgoing traffic is governed by outbound rules. In most cases, outbound traffic is less restricted, allowing servers to freely send data back to users or access the internet as needed. However, outbound rules can still be customized to restrict which destinations a server can communicate with, if required.

A security group is made up of inbound and outbound rules and is attached to a server to control its traffic. ( Inbound + Outbound Rules → Security Group → Assigned to EC2/server )

Now, Click on EDIT

→ Follow the steps as shown below:
VPC: Default selected
Subnet: You can select “No preference” or select any “Availability Zone”(us-east-1a)
Auto-assign public IP: Enable (If you disable this, your server won't receive a public IP. Without a public IP, you won’t be able to connect to the instance remotely.)
Select Create security group & provide Security group name(without spaces—use hyphens or underscores).
Inbound Security Group Rules: Type: ssh(secure socket host (or) secure shell). SSH (Secure Shell) is used to connect to Linux machines. Since our servers run Amazon Linux, we need the SSH port to connect.
(RDP (Remote Desktop Protocol) is used to connect to Windows machines.)

The default SSH port is 22. On cloud platforms like AWS, you typically configure this in your security group rules to allow inbound traffic (often restricted to specific IP ranges for safety).

Note: You can reuse security groups across multiple VPCs in the same region using VPC associations, which helps maintain consistent security policies. Next time when you launch an instance you can click on select existing security group, and select an existing S.G (which you created earlier) from the drop down.
And this works in the same region, if you change to different region there you need to create a new security group.

FYI:
Port 80 is the default network port for web servers using HTTP.
Port 443 is the standard port for HTTPS, the secure version of HTTP

Configure Storage: When you launch an EC2 instance, you can configure storage volumes for your instance. Every EC2 instance gets a root volume(default storage) by default. It’s typically an EBS (Elastic Block Store) volume. You can choose the size, type (e.g., gp3, io1, etc.), and whether it should be deleted on instance termination.

We must allocate a minimum of 8 GB for an EBS volume, and we can configure up to 16 TB per volume. As a Free Tier customer, you can use up to 30 GB of EBS storage per month for free.

Click on launch instance

Instance will launch within few seconds.

Instance id will be generated. Now click on view all instances.

Click on “refresh”, and you will see the instance state as “running”

When you select the instance, we can see all the details, status, monitoring, security, networking, storage, tags all these are displayed.

How to connect Instance?
Select the instance, the instance state should be running, now click on “connect”

Click on “Connect” again here.

This is how we connect to an instance.

Note: In real time, there are various ways to connect to an instance. We use putty tool (SSH) (or) Gitbash (or) Command prompt (or) terminals (Mac users) (or) VS code.

How to filter Instances? In search bar, you can filter with Name = (Your server name), select that instance.

How to stop Instance?
Select the server, click on Instance state and select stop instance.(You can stop instance when it is in running state only)

Click on “STOP” and it will go into stopping state.

Click on refresh and check the state. Instance stopped successfully.

To start Instance:
Select the instance, and under instance state click on “start instance”. Now the instance state will be in pending.

Click on refresh and check the state. Instance state will be running in few seconds.

Note: Once you launch instances, make sure to terminate them when you're done. Avoid keeping them in a stopped or running state, as even a stopped instance retains its allocated EBS volume—typically 8GB—which continues to incur charges. The free tier includes 750 hours per month, which can be quickly consumed if instances are left running or stopped unnecessarily.

Create instances only when needed for learning purposes. Also, keep in mind that backup services are not free—they are billed separately. Additionally, backups are retained only for a limited period, depending on the service configuration.

How to Terminate an instance?
Select the instance and click on Instance state - select Terminate(delete) instance.
We can terminate an instance when the instance state is in running or in stopped.

Click on Terminate(delete)

Successfully terminated. You can’t start (or) connect to instance once it is terminated. You need to create a new instance.

Note: When you delete an instance, the associated EBS volume is also deleted automatically—provided it was configured to do so during creation.
However, key pairs and security groups are not deleted when the instance is terminated. Don't worry—these resources are free and do not incur any charges. You can reuse existing key pairs and security groups when launching future instances.

🔚 Conclusion:
Creating an AWS account and launching an EC2 instance is a key step in understanding how cloud servers work on AWS. With your account set up, you can now explore a wide range of AWS services. Launching an EC2 instance gives you a virtual server in the cloud, allowing you to host applications, run scripts, or test environments. You've now seen how to choose an AMI, select an instance type, configure storage, set up security, and connect to your virtual server.

As a Free Tier user, you can experiment safely with limited resources at no cost — a perfect opportunity to start building your cloud skills. When you create a new AWS account, you're automatically enrolled in the AWS Free Tier, which includes: 750 hours per month of Amazon EC2 usage for t2.micro or t3.micro instances. Applies to both Linux/RHEL/SLES and Windows instances. Valid for 12 months from account creation.

With your EC2 instance running, you're ready to start deploying applications, testing environments, or exploring other AWS services — all from the cloud. In the next part, we will explore how to modify an EC2 instance, including changing the volume and monitoring its performance.

If you have questions or thoughts, feel free to leave a comment or share this with fellow tech enthusiasts!

☁️✨Go ahead—launch, learn, and explore!