EC2: Create Your First Virtual Server and Run a Web Server

In this article we'll create a virtual server on AWS, log into it over SSH, install a web server, and open the web page in a browser. The service we use is EC2.

EC2 (Elastic Compute Cloud) is a service for renting virtual servers. Each server is called an instance. You pick the spec (CPU, RAM), pick the OS, and AWS provisions you a machine running on their infrastructure, billed by running time.

Goals

1. Create an EC2 instance running Amazon Linux.
2. SSH into the instance from your machine.
3. Install nginx and open the default page in a browser.
4. Clean up so you're not billed after you're done.

Estimated cost

This article creates one t2.micro (or t3.micro depending on region) EC2 instance and an attached EBS volume.

• Credit-model account (created after 2025-07-15): the instance cost is deducted from the 100 USD of granted credit, no real money. A t2.micro/t3.micro costs about 0.01–0.02 USD per hour, so one study session only burns a few cents of credit. Plus, trying out EC2 is one of the activities that helps you earn more credit.
• Old-model account (created before 2025-07-15): t2.micro/t3.micro is free for 750 hours per month in the first 12 months, enough to run one instance continuously; EBS is free up to 30 GB.

Either way, this is the kind of resource that often gets forgotten and quietly drains credit or money. After finishing the article, remember to run the cleanup at the end.

Step 1: Create a key pair for SSH

To log into the instance over SSH, we need a key pair: AWS keeps the public key, you keep the private key. When you SSH, your machine uses the private key to prove its identity, no password needed.

1. Open the EC2 service (type "EC2" in the search bar). Check the region in the top right is the region you chose in Article 1 (e.g. ap-southeast-1).
2. In the left menu, under Network & Security > Key Pairs, choose Create key pair.
3. Give it a name, for example devops-key. Set the key type to RSA and the format to .pem (for macOS/Linux and modern Windows).
4. Click create. The browser downloads a devops-key.pem file. This file can only be downloaded once; lose it and you have to create a new key.

On macOS/Linux, set permissions on the key file so SSH accepts it:

chmod 400 ~/Downloads/devops-key.pem

SSH refuses to use a key file if its permissions are too open (others on the machine can read it too). The command above restricts it to read by you only.

Step 2: Create the instance

1. In EC2, click Launch instance.
2. Name: give it a name, for example web-server.
3. Application and OS Images: choose Amazon Linux 2023 (the Linux build maintained by AWS, included in the Free Tier).
4. Instance type: choose t2.micro or t3.micro — the smallest and cheapest, plenty for the lesson. If your account uses the old model, watch for the "Free tier eligible" label on this exact type.
5. Key pair: choose the devops-key you created in Step 1.
6. Network settings: click Edit and configure the Security Group. This part matters:
   • Create a rule allowing SSH (port 22), but set Source to My IP — only the machine with your current IP can SSH in. Don't leave it as 0.0.0.0/0 (anywhere) for SSH, because then the whole world can try to log in.
   • Add a rule allowing HTTP (port 80) with Source set to Anywhere (0.0.0.0/0) — because we want anyone to be able to view the web page.
7. Configure storage: leave the default (8 GB is enough and within the Free Tier).
8. Click Launch instance.

Go back to the instance list and wait until the Instance state column turns Running and the Status check is complete. Click the instance for details and note the Public IPv4 address — that's the address you'll SSH to and open in the browser.

We just touched the Security Group without explaining it in depth. For now, think of it as the instance's firewall, deciding which ports are open and who can get in. Article 3 goes deep on VPC and Security Group.

Step 3: SSH into the instance

On Amazon Linux, the default login user is ec2-user. Replace <PUBLIC_IP> with the IP address you just noted:

ssh -i ~/Downloads/devops-key.pem ec2-user@<PUBLIC_IP>

On the first connection, SSH asks you to confirm the host's authenticity; type yes. If you get in, the terminal prompt changes to something like [ec2-user@ip-... ~]$. You're now inside the server on AWS.

If the command hangs and then times out, it's usually because the Security Group hasn't opened port 22 for your IP, or your IP has changed (home networks often change IP). Go back to the instance's Security Group and fix the SSH rule to match your current IP.

Step 4: Install nginx and run a web server

nginx is a popular web server. We install it to serve a web page. The following commands run inside the instance (after you've SSHed in):

# Update the package list
sudo dnf update -y

# Install nginx
sudo dnf install nginx -y

# Start nginx
sudo systemctl start nginx

# Have nginx start again on every boot
sudo systemctl enable nginx

sudo means run the command with admin privileges. systemctl is the service manager on Linux: start runs it now, enable makes the service come back on after each reboot.

Now open a browser and visit http://<PUBLIC_IP> (note http, not https). You'll see the nginx default welcome page. This page is being served from the server you just created.

Try changing the page content to make it clear it's really running from your machine:

echo "<h1>Server dau tien cua toi tren AWS</h1>" | sudo tee /usr/share/nginx/html/index.html

Reload the page in the browser and the content has changed. tee writes the content to the file; we need sudo because this file is admin-owned.

Type exit to leave the SSH session and return to your machine's terminal.

🧹 Cleanup

This part is mandatory. This article creates two billable things: the EC2 instance and the EBS volume attached to it. When you terminate the instance, the EBS volume is deleted along with it by default, so terminating is enough.

Via the UI:

1. Go to EC2 > Instances and select the web-server instance.
2. Menu Instance state > Terminate (delete) instance, confirm.
3. After a moment, the state turns Terminated. An instance in this state no longer bills and disappears from the list on its own after a few hours.

Or via the CLI (get the instance id from the Instance ID column):

aws ec2 terminate-instances --instance-ids <INSTANCE_ID>

A few things remain but are not billed, and you can keep them for later articles:

• Key pair devops-key: keep it so later articles don't have to create a new one. (To delete it, go to Key Pairs, but note that deleting it on AWS does not delete the .pem file on your machine.)
• Security Group you created: fine to keep, no charge.

Check there are no running instances left:

aws ec2 describe-instances \
  --query "Reservations[].Instances[].{ID:InstanceId,State:State.Name}" \
  --output table

If the result is empty or everything is terminated, you've cleaned up the billable part.

Wrap-up

You just created a server on AWS, logged into it, installed a web server, and served a web page to the Internet — then cleaned it all up. This is the basic lifecycle of a resource in the cloud: create, use, delete.

Along the way, we touched the Security Group when opening ports 22 and 80. Article 3 explains the networking in depth: VPC, subnet, and why getting the Security Group configuration right matters for security.