While I've done a descent amount of AWS/EC2 work, I setup my first micro instance today from my home computer, and wanted to make note of a couple things I ran into.
Firstly, my AWS console was completely empty except for a single S3 bucket. Other than that, it was a fresh start. I went about creating my first micro instance (ami-548c783d; Ubuntu Maverick 10.10 AMD 64-bit server), and was prompted to generate my first key. I named it and downloaded the generated pem file. Straight-forward enough so far.
I was then prompted to set up a security group for the new instance. While there
is a default, I opted to create a 'production' ready one, which I aptly named
'Production'. I had started by creating only two TCP rules; port
80 and port
443 for all IP ranges. This would allow straight-forward web requests to both
a secured and unsecured web server from any IP/host. Initially I'd forgotten to
open up port
22 for SSH requests, so I had to do that as well.
To login, I then ran the following simple command:
ssh -i ~/path/to/pem/file.pem ubuntu@public-dns
In this case, public-dns can be found by clicking on the EC2 tab in your AWS console, choosing your newly-launched instance, and viewing the Public DNS entry record in the second-pane in the lower-half of the page.
After trying to run that command, however, I received the following:
Permissions 0644 for '/path/to/pem/file.pem' are too open. It is recommended that your private key files are NOT accessible by others. This private key will be ignored. bad permissions: ignore key: /path/to/pem/file.pem Permission denied (publickey).
I found the thread "Can not access through ssh to running instance" on the Amazon AWS Forum, and ran the following from my OSX terminal:
chmod 400 /path/to/pem/file.pem
After that, logging in with the above command worked properly. There ya have it.
Side note: while my SSH is currently wide-open to all IPs accessing it via port 22, I would close this off to only certain IPs that I work under (eg. work, home, etc.). This would add an additional level of security, should your pem file ever find it's way into the wrong-person's hands.