Life in the clouds, Googie style (1962).

Using AWS

by: burt rosenberg
at: university of miami
date: august 2025

Overview

• github:csc421-261/examples/aws

The idea of cloud computing is to provide easily scalable computing, on demand, on a pay-as-you-go basis. Signing up for Amazon's AWS service, you then select the

• Amazon Elastic Compute Cloud (Amazon EC2)

• a compute instance (EC2),
• and a storage instance (EBS).

The your initial AWS account is the root account, giving you access over both resource, personal information, and billing. You can use

• AWS Identity and Access Management (IAM)

You should consider securing your root and IAM user accounts with Two Factor Authentication (2FA). The security dogma is 2FA means two of: what you know (password), what you have (dongle), and what you are (biometrics). Typically the first factor is the password and the second is some sort of device. In this contest, what 2FA means to me is,

• you better have at least two of the second factor.

Two good methods are a TOPT or HOPT device and a public key method such as Yubikey or Apple PassKey.

1. A Time based On Time Password (TOTP) or a Hash Based One time Password (HOTP). Examples of these include,
   • DUO,
   • Google Authenticator,
   • Microsoft Authenticator,
   • or a Secure ID device.
   These typically provide an on-demand 6 digit code, good for 30 seconds, as the second factor.
2. A public key method such as Yubikey: a FIDO compatible device or Apple's PassKey, that use digital signatures.

Detailed steps

1. Create and upload the key pair
2. Launch an EC2 instance
3. Connecting to the EC2 instance
4. Update and install software packages
5. Connecting to github
6. Stopping and terminating the EC2 instance

Step 1: Create and upload the key pair

EC2 instances do not use passwords. You login using ssh and public keys. You create a public key with,

    ssh-keygen -t ed25519 -f id_ed25519_aws_csc421

1. the secret: id_ed25519_aws_csc421. Keep this secure, with mode 0600, and available on your desktop or laptop.
2. the public key: id_ed25519_aws_csc421.pub. This is not security sensitive. cat the file and cut and paste it's contents into you AWS library of key pairs.

    ssh-ed25519 AasdkAE34............................................j423laj user@comment

Step 2: Launch an EC2 instance

1. Find and click the big orange Launch Instance button.
2. Give it a name, in the Name and tags box
3. Select the appropriate Amazon Machine Image (AMI) — Ubuntu Server 24.04 LTS free tier eligible.
4. Select the instance type — t3.micro free tier eligible
5. Select the Key pair from the drop-down.
6. Take the default Network settings, Create security group. Check box add http and https.
7. In Storage I noted the informational box:
   Free tier eligible customers can get up to 30 GB of EBS General Purpose (SSD) or Magnetic storage
   and set my storage accordingly.
8. And then found and clicked the Launch Instance button.
9. Go back to the EC2/Instances panel and monitor for state Running.

Step 3: Connecting to the EC2 instance

1. You will need to be in the same directory as your secret key.
2. You will need to have taken note of the instances Public IP. They look like: 3.89.185.91.

    ssh -i id_ed25519_aws_csc421 ubuntu@3.89.185.91

% make connect M=3.89.185.91
# update macro M or supply M= when used
ssh -i ./id_ed25519_aws_csc421 ubuntu@3.89.185.91
The authenticity of host '3.89.185.91 (3.89.185.91)' can't be established.
ED25519 key fingerprint is SHA256:C11BVYCH18uXq0Iy+XTM9bBhf3tmueI+Tq/QeNDY59g.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '3.89.185.91' (ED25519) to the list of known hosts.
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-1029-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

...

To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

ubuntu@ip-172-30-3-87:~$ 

☺ You're in.

Step 4: Update and install software packages

1. sudo apt-get update to update the catalog of packages.
2. sudo apt-get upgrade to upgrade all installed packages to the latest revision.
3. sudo apt-get install build-essential apache2 to install new software.

   ubuntu@ip-172-30-3-87:~$ sudo apt-get update
   Hit:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble InRelease
   Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
   Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
   Get:4 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
   Get:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble/universe amd64 Packages [15.0 MB]
   
   ...
   
   Get:50 http://security.ubuntu.com/ubuntu noble-security/multiverse Translation-en [4288 B]
   Get:51 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [212 B]
   Get:52 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 c-n-f Metadata [380 B]
   Fetched 36.3 MB in 6s (6271 kB/s)                            
   Reading package lists... Done
   
   
   ubuntu@ip-172-30-3-87:~$  sudo apt-get upgrade
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   Calculating upgrade... Done
   The following packages have been kept back:
     linux-aws linux-headers-aws linux-image-aws
   The following packages will be upgraded:
     apport apport-core-dump-handler base-files bsdextrautils bsdutils cloud-init dirmngr eject fdisk fwupd git git-man gnupg gnupg-l10n gnupg-utils gpg gpg-agent
     gpg-wks-client gpgconf gpgsm gpgv gzip iproute2 iputils-ping iputils-tracepath jq keyboxd libarchive13t64 libblkid1 libblockdev-crypto3 libblockdev-fs3
     libblockdev-loop3 libblockdev-mdraid3 libblockdev-nvme3 libblockdev-part3 libblockdev-swap3 libblockdev-utils3 libblockdev3 libc-bin libc6 libfdisk1 libfwupd2
     libgnutls30t64 libjq1 libmount1 libnetplan1 libnss-systemd libopeniscsiusr libpam-modules libpam-modules-bin libpam-runtime libpam-systemd libpam0g
     libperl5.38t64 libpython3.12-minimal libpython3.12-stdlib libpython3.12t64 libsmartcols1 libsqlite3-0 libssh-4 libsystemd-shared libsystemd0 libudev1
     libudisks2-0 libuuid1 libxml2 linux-tools-common locales motd-news-config mount netplan-generator netplan.io open-iscsi openssh-client openssh-server
     openssh-sftp-server perl perl-base perl-modules-5.38 powermgmt-base python-apt-common python3-apport python3-apt python3-distupgrade python3-netplan
     python3-problem-report python3-requests python3-software-properties python3-urllib3 python3.12 python3.12-minimal snapd software-properties-common sosreport sudo
     systemd systemd-dev systemd-resolved systemd-sysv ubuntu-pro-client ubuntu-pro-client-l10n ubuntu-release-upgrader-core udev udisks2 util-linux uuid-runtime
   106 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
   Need to get 93.1 MB of archives.
   After this operation, 7657 kB of additional disk space will be used.
   Do you want to continue? [Y/n] y
   Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 motd-news-config all 13ubuntu10.3 [4016 B]
   Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 libc6 amd64 2.39-0ubuntu8.5 [3265 kB]
   Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 base-files amd64 13ubuntu10.3 [73.2 kB]
   Get:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 bsdutils amd64 1:2.39.3-9ubuntu6.3 [95.9 kB]
   
   ...
   
   Scanning processes...                                                                                                                                                
   Scanning candidates...                                                                                                                                               
   Scanning linux images...                                                                                                                                             
   
   Running kernel seems to be up-to-date.
   
   Restarting services...
    systemctl restart acpid.service chrony.service cron.service irqbalance.service multipathd.service polkit.service
   
   Service restarts being deferred:
    systemctl restart ModemManager.service
    /etc/needrestart/restart.d/dbus.service
    systemctl restart getty@tty1.service
    systemctl restart networkd-dispatcher.service
    systemctl restart serial-getty@ttyS0.service
    systemctl restart systemd-logind.service
    systemctl restart unattended-upgrades.service
   
   No containers need to be restarted.
   
   User sessions running outdated binaries:
    ubuntu @ session #2: sshd[882,993]
    ubuntu @ user manager service: systemd[887]
   
   No VM guests are running outdated hypervisor (qemu) binaries on this host.
   ubuntu@ip-172-30-3-87:~$ 
   
   
   ubuntu@ip-172-30-3-87:~$  sudo apt-get install build-essential apache2
   Reading package lists... Done
   Building dependency tree... Done
   Reading state information... Done
   The following additional packages will be installed:
     apache2-bin apache2-data apache2-utils binutils binutils-common binutils-x86-64-linux-gnu bzip2 cpp cpp-13 cpp-13-x86-64-linux-gnu cpp-x86-64-linux-gnu dpkg-dev
     fakeroot fontconfig-config fonts-dejavu-core fonts-dejavu-mono g++ g++-13 g++-13-x86-64-linux-gnu g++-x86-64-linux-gnu gcc gcc-13 gcc-13-base
     gcc-13-x86-64-linux-gnu gcc-x86-64-linux-gnu libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libaom3 libapr1t64 libaprutil1-dbd-sqlite3
     libaprutil1-ldap libaprutil1t64 libasan8 libatomic1 libbinutils libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libctf-nobfd0 libctf0 libde265-0
     libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfontconfig1 libgcc-13-dev libgd3 libgomp1 libgprofng0 libheif-plugin-aomdec libheif-plugin-aomenc
     libheif-plugin-libde265 libheif1 libhwasan0 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblerc4 liblsan0 liblua5.4-0 libmpc3 libquadmath0 libsframe1
     libsharpyuv0 libstdc++-13-dev libtiff6 libtsan2 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list make manpages-dev rpcsvc-proto ssl-cert
   Suggested packages:
     apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser binutils-doc gprofng-gui bzip2-doc cpp-doc gcc-13-locales cpp-13-doc debian-keyring
     g++-multilib g++-13-multilib gcc-13-doc gcc-multilib autoconf automake libtool flex bison gdb gcc-doc gcc-13-multilib gdb-x86-64-linux-gnu glibc-doc bzr
     libgd-tools libheif-plugin-x265 libheif-plugin-ffmpegdec libheif-plugin-jpegdec libheif-plugin-jpegenc libheif-plugin-j2kdec libheif-plugin-j2kenc
     libheif-plugin-rav1e libheif-plugin-svtenc libstdc++-13-doc make-doc
   The following NEW packages will be installed:
     apache2 apache2-bin apache2-data apache2-utils binutils binutils-common binutils-x86-64-linux-gnu build-essential bzip2 cpp cpp-13 cpp-13-x86-64-linux-gnu
     cpp-x86-64-linux-gnu dpkg-dev fakeroot fontconfig-config fonts-dejavu-core fonts-dejavu-mono g++ g++-13 g++-13-x86-64-linux-gnu g++-x86-64-linux-gnu gcc gcc-13
     gcc-13-base gcc-13-x86-64-linux-gnu gcc-x86-64-linux-gnu libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libaom3 libapr1t64
     libaprutil1-dbd-sqlite3 libaprutil1-ldap libaprutil1t64 libasan8 libatomic1 libbinutils libc-dev-bin libc-devtools libc6-dev libcc1-0 libcrypt-dev libctf-nobfd0
     libctf0 libde265-0 libdeflate0 libdpkg-perl libfakeroot libfile-fcntllock-perl libfontconfig1 libgcc-13-dev libgd3 libgomp1 libgprofng0 libheif-plugin-aomdec
     libheif-plugin-aomenc libheif-plugin-libde265 libheif1 libhwasan0 libisl23 libitm1 libjbig0 libjpeg-turbo8 libjpeg8 liblerc4 liblsan0 liblua5.4-0 libmpc3
     libquadmath0 libsframe1 libsharpyuv0 libstdc++-13-dev libtiff6 libtsan2 libubsan1 libwebp7 libxpm4 linux-libc-dev lto-disabled-list make manpages-dev
     rpcsvc-proto ssl-cert
   0 upgraded, 84 newly installed, 0 to remove and 3 not upgraded.
   Need to get 80.2 MB of archives.
   After this operation, 276 MB of additional disk space will be used.
   Do you want to continue? [Y/n] y
   Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble-updates/main amd64 libapr1t64 amd64 1.7.2-3.1ubuntu0.1 [108 kB]
   Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble/main amd64 libaprutil1t64 amd64 1.6.3-1.1ubuntu7 [91.9 kB]
   Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu noble/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.3-1.1ubuntu7 [11.2 kB]
   
   ...
   
   Scanning candidates...                                                                                                                                               
   Scanning linux images...                                                                                                                                             
   
   Running kernel seems to be up-to-date.
   
   Restarting services...
   
   Service restarts being deferred:
    /etc/needrestart/restart.d/dbus.service
    systemctl restart getty@tty1.service
    systemctl restart networkd-dispatcher.service
    systemctl restart serial-getty@ttyS0.service
    systemctl restart systemd-logind.service
    systemctl restart unattended-upgrades.service
   
   No containers need to be restarted.
   
   User sessions running outdated binaries:
    ubuntu @ session #2: sshd[882,993]
    ubuntu @ user manager service: systemd[887]
   
   No VM guests are running outdated hypervisor (qemu) binaries on this host.
   ubuntu@ip-172-30-3-87:~$ 
   

   Now use your browser to browse to http://_public_ip_address_ to see your instance's webpage. The provided Makefile, for OSX, launches this as make firefox M=3.89.185.91 (ymmv).

   Step 5: Connecting to github

   A test program and supporting files is found at csc421-261/examples git repository.

   To connect to github, authentication needs to be setup for ssh connections. I will reuse the key pair id_ed25519_aws_csc421 generated for AWS.

   1. In githup, go to settings, then SSH and GPG keys.
   2. Click the New SSH Key button and cut and paste the public key as an authentication key, with the title id_ed25519_aws_csc421.
   3. The config gets moved to ~/.ssh/ (or merged if there is an existing file)
   4. The secret key is placed in the ~/.ssh/ directory and must have mode 0600.
   5. Test with ssh -T github-csc421. It should respond with:

      Hi _username_! You've successfully authenticated, but GitHub does not provide shell access.

   You can now create a repo on github, or navigate to an existing repo. The green code button legs to an SSH tab that gives a URL that is almost what you need. Replace git@github.com with github-csc421, naming the entry in the .ssh/config file that has the details of the connection. Use that in git clone.

   Step 6: Practice stopping and terminating the EC2 instance

   1. Practice stopping by checkboxing the instance — find the blue Instance state drop down select Stop instance.
   2. Once the state is stopped, in the Instance state drop down select Start instance to resume.
   3. Practice terminating by checkboxing the instance — find the blue Instance state drop down select Terminate (delete) instance. Once terminated the instance and storage is deleted.
   
   This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

   author: burton rosenberg
   created: 18 apr 2020
   update: 25 aug 2025