Beginner
EC2 Web Server
Deploy a web application on EC2 with proper networking and security
Project Overview
Launch an EC2 instance, configure networking and security groups, and deploy a web application. This foundational project teaches you core AWS compute concepts.
Prerequisites
- AWS account (Free Tier)
- Basic Linux command line knowledge
- SSH client (Terminal on Mac/Linux, PuTTY on Windows)
- Web application to deploy (or use sample app)
Architecture
Internet
HTTP/HTTPS
Security Group
Ports 22, 80, 443
EC2 Instance
Web Server
Elastic IP
Static IP
VPC provides network isolation and security
Step-by-Step Instructions
1
Launch an EC2 Instance
- Go to EC2 in the AWS Console
- Click "Launch instance"
- Choose Amazon Linux 2023 or Ubuntu 22.04 LTS
- Select t2.micro (Free Tier eligible)
- Create a new key pair and download the .pem file
- Keep it safe - you can't download it again!
2
Configure Security Group
- Create a new security group during launch
- Allow SSH (port 22) from your IP only
- Allow HTTP (port 80) from anywhere (0.0.0.0/0)
- Allow HTTPS (port 443) from anywhere (optional)
- Name it descriptively (e.g., "web-server-sg")
3
Connect via SSH
- Set permissions: chmod 400 your-key.pem
- Connect: ssh -i your-key.pem ec2-user@[public-ip]
- For Ubuntu, use "ubuntu" instead of "ec2-user"
- Accept the fingerprint on first connection
4
Install Web Server
- Update packages: sudo yum update -y (or apt update)
- Install nginx: sudo yum install nginx -y
- Start nginx: sudo systemctl start nginx
- Enable on boot: sudo systemctl enable nginx
- Verify: visit http://[public-ip] in browser
5
Deploy Your Application
- Upload files via SCP or clone from Git
- Place files in /usr/share/nginx/html/
- Configure nginx if needed for your app
- Restart nginx after changes
6
Allocate Elastic IP
- Go to EC2 > Elastic IPs
- Allocate a new Elastic IP
- Associate it with your instance
- Your server now has a permanent IP
- Note: Elastic IPs are free when associated
Tips
- Use an IAM role instead of storing credentials - Attach a role to your instance for AWS API access
- Enable CloudWatch monitoring - Basic monitoring is free; detailed monitoring is recommended for production
- Set up automatic security updates - Use yum-cron or unattended-upgrades
- Stop instances when not in use - You're billed for running instances
Code Examples
EC2 User Data Script
user-data.sh
BASH
#!/bin/bash
# Update system packages
yum update -y
# Install nginx
amazon-linux-extras install nginx1 -y
# Start and enable nginx
systemctl start nginx
systemctl enable nginx
# Create a simple index page
cat > /usr/share/nginx/html/index.html << 'EOF'
<!DOCTYPE html>
<html>
<head><title>Welcome</title></head>
<body><h1>Hello from EC2!</h1></body>
</html>
EOFSecurity Group Configuration (AWS CLI)
Terminal Commands
BASH
# Create security group
aws ec2 create-security-group \
--group-name web-server-sg \
--description "Web server security group"
# Allow SSH (restrict to your IP in production)
aws ec2 authorize-security-group-ingress \
--group-name web-server-sg \
--protocol tcp --port 22 \
--cidr 0.0.0.0/0
# Allow HTTP
aws ec2 authorize-security-group-ingress \
--group-name web-server-sg \
--protocol tcp --port 80 \
--cidr 0.0.0.0/0
# Allow HTTPS
aws ec2 authorize-security-group-ingress \
--group-name web-server-sg \
--protocol tcp --port 443 \
--cidr 0.0.0.0/0Nginx Configuration
/etc/nginx/conf.d/myapp.conf
NGINX
server {
listen 80;
server_name example.com www.example.com;
root /var/www/myapp;
index index.html;
location / {
try_files $uri $uri/ =404;
}
# Enable gzip compression
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
}What You'll Learn
- EC2 instance launching and configuration
- VPC and subnet fundamentals
- Security group rules and best practices
- SSH key management and secure access
- Basic Linux server administration