Some notes on setting up an AWS EC2 instance. Their launch wizard is fairly helpful, but a few things along the way are worth writing down.
- Key pair selection
- Make sure you save the certificate!
- Storage
- Increase storage size as needed
- Encrypted ⇒ select Encrypted
- Advanced Details
- Termination Protection ⇒ Enable (prevent inadvertent shutoffs)
SSH access
If you connect directly to the machine via SSH, you will need to use the keypair file AWS gave you during the setup process. If OpenSSH doesn’t figure it out automatically, then use
$ ssh -i path/to/keyfile.pem admin@ip-addressNetwork access
By default, public IP addresses are not assigned to an EC2 instance unless you selected it in the launch wizard.
- In the EC2 Instances list, select the new instance
- Select Actions ⇒ Networking ⇒ Manage IP addresses
- Associate a new elastic IP address
- Attach it to the instance
Do updates!
As soon as you have network access, you should do system updates. EC2 images aren’t necessarily fully up-to-date out of the box!
Setup Steps
- Follow Debian Setup Steps, particularly the SSH hardening section
- Install PiVPN and configure a client certificate for your device
- Also see Site-to-site VPN if you want a whole network to access the server
- Restrict SSH access to only the VPN interface to block off all outside SSH connections