X

Managing AWS EC2 instances: A guide for Azure administrators

Amazon Web Services and Microsoft Azure are the leaders on Gartner’s Magic Quadrant for IaaS (Infrastructure as a Service), and in this article, we will go over the creation of a new instance on the AWS EC2 (Elastic Compute Cloud) platform and we will compare some differences with Microsoft Azure as we go through the process.

Like Azure, a complete and controlled environment to support all VMs is not that simple and requires some design and planning. That is the reason we are not going to cover all the requirements to build a complete infrastructure to support your VMs/instances. However, we will focus on the process to create them.

Our goal for this article is to shed some light on the steps required to create your first instance (VMs in AWS are called instances), especially for those coming from Microsoft Azure world.

AWS EC2 basics

Logged on the AWS, the first step is to enter the AWS EC2 Dashboard. To do that, click on Services and then select EC2 located underneath Compute section.

In the EC2 Dashboard page, the administrator has access to all instances, and can manage several infrastructure components such as events, reports, instances, storage, network, connections, load balancers, manage the instances (configuration compliance, automation, patch), and so forth.

There is a subtle difference when compared to Microsoft Azure. In Azure, we have all features in the same location. When checking your VMs, you can create an Azure App Logic or Active Directory that will be available on the left side of the portal. Using AWS, we enter the service, such EC2, and a Dashboard of that solution will provide all the features that we can manage within that solution. If we need to play with something not related, we just need to click on Services and select another service, and a Dashboard to manage it will be available.

One last thing that I would like to point out is that we can select the region that we are going to work with by selecting it from the top menu located on right corner.

Provisioning a new instance

When comparing cloud providers, we have on one side Microsoft Azure, which requires four main steps to provision a VM, as follows:

  • Basics: server name, administrator password, resource group, and location.
  • Size: the resources including CPU, memory, and disk that the new VM will have available.
  • Settings: availability set, network, extensions, auto-shutdown, monitoring, and diagnostics settings.
  • Purchase: just a summary of all options selected after clicking on Create and the VM provisioning starts.

On the other side, we have AWS EC2, which is a little bit different to provision new instances. They have seven steps, although some can be skipped at any time. First, to provision a new instance, log on to the AWS portal and using the EC2 Dashboard we can click on Create instance.

Step 1: Choose an Amazon Machine Image (AMI) page. We can select from several built-in templates, and on the left side we can select images from vendors in the AWS Marketplace and we can also create our own AMIs templates. Here, we will be provisioning a new Windows Server 2016. After finding it on the list click on Select.

Step 2: Choose an Instance Type page. AWS does a great job showing in a simple table the instance type, vCPUs, memory, storage, network performance, and so forth. Select the configuration that matches your requirements and click on Next: Configure instance details.

Note: AWS has four families for their VMs, as follows: General Purpose, Compute Optimized, Memory Optimized, and Storage Optimized.

In Step 3: Configure Instance Details page. We can define how many instances we will be creating as part of this current wizard, configure network settings (including subnet and public IP), and we have automation using Domain join directory and IAM role, and User data, where we can define some commands to be executed during the launch of the new instance. After selecting all options click on Next: Add Storage.

Step 4: Add Storage page. We can define the volume for the Operating System and we can add additional storage from EBS (Amazon Elastic Block Storage), which provides block-level storage for the instances running on AWS EC2. They are by default high available and reliable storage volumes. To add more storage to the current instance, just click on Add new volume. After configuring the storage click on Next: Add Tags.

There are some benefits when using EBS. The key ones are the ability to encrypt the data, backup, and ability to connect the volume to a different instance of AWS EC2.

Step 5: Add Tags page. We can define TAGs for the current instance that is being created. The tags in AWS world are a little bit different from Microsoft Azure, where we can create filters and dynamic queries. To narrow down the results, we can use tags for billing and create Resource Groups. (In Azure, a Resource Group has tags, which may seem confusing when comparing the teo cloud services.) A tag consists of two pieces of information: the Key (127 characters) and Value (255 characters maximum) and we can have no more than 50 tags per resource. After adding your tags click on Next: Configure Security Groups.

Step 6: Configure Security Group page. Like NSG (Network Security Groups) in Microsoft Azure, we can create a new one that is filled out by default based on the AIM image (RDP-enabled for Windows and SSH for Linux instances) or we can use any existing one. Leave the default settings, and click on Review and Launch.

Step 7: Review instance Launch page. A summary of all options selected so far. The difference, when compared with Azure, is that AWS provides some best practices before you confirm the creation of the new instance. (For example, it is informing us that the security group is exposing that VM to the world.) Another great benefit is that the administrator has the option to change any of the sections at this moment without wasting time going back and forward on the wizard. After validating all settings, click on Launch.

A Select an existing key pair or create a new key pair window will pop up. You may have noticed that we haven’t entered the password for the instance during its creation as we do in Azure, and it is at this point that we will know the password that we will use to log on the instance.

AWS EC2 uses the public key that they store, and we can download the private key. When using a Windows instance, we will use that private key that is being generated in the screen below to retrieve the password. For this article, we will be creating a new pair and we will call it srv01 to match the server name, and then click on Download Key Pair. After this, a .pem file will be available on the local computer. Click on Launch Instances to start the provision of the new instance. A Launch Status page will be displayed where we can see the View Launch log and check how to connect on the new instance and some documentation. Click on View Instances to check the progress of the current provisioning process.

When we click on the desired instance, we can see on the Description tab all information of the VM such as network settings, security groups, availability zone, and so forth.

There is a cool feature called Status Checks, where the administrator has two different views, as follows:

  • System Status Checks. This area is related to the AWS infrastructure, mainly on the host of our instance. If there is an issue at this level, the best workaround is to stop and restart the instance because that will force the instance to launch on a different host within the AWS infrastructure.
  • Instance Status Checks. This check is on the instance itself. It could be lack of resources on the instance and that will require some work to be done from the administrator, such as a change of settings and reboot of the instance.

Connecting to the new Windows Server instance

The first step to connect is to retrieve the administrator password. In order to do that, click on the instance that we have just created and click on Actions and then Get Windows Password.

In the new page, click on choose file and select the file the private key (srv01.pem file) that we downloaded during the provisioning of the VM, and then click on Decrypt Password.

The decrypted password will be displayed, and, of course, it is highly recommended to change the password. Copy the password for now and click on Close.

Now that we know the username and password for the desired instance, we can click on it and then hit Connect button. In the new page, click on Download Remote Desktop File, save and execute the file to connect to the new instance.

The final piece is the initial connection with the instance that we have just created. On item 1, we are using msconfig to list all non-Microsoft services, and we can see that the Windows image comes with three additional services.

Another difference is that the pagefile is on the C:\ drive, as shown in item 2. As part of the new instance, two icons will be on the desktop (item 3), which contains a page of the AWS documentation to manage Windows Server, and on item 4 we have some basic information about the image on the background.


That’s it! You’ve created your first instance on AWS EC2.