- Pergi ke IAM console
- Click "Roles" di sidebar
- Click "Create role"
- Pilih trusted entity type: AWS service
- Pilih use case: EC2
- Click "Next"
- Dalam "Permissions policies", cari dan tick:
AmazonSSMManagedInstanceCore - Click "Next"
- Isikan Role name:
EC2-SSM-Role - Click "Create role"
- Pergi ke "Security Groups" dalam dashboard VPC
- Click "Create security group"
- Isikan maklumat berikut:
- Security group name:
web-sg - Description:
Allow HTTP traffic - VPC:
my-vpc
- Security group name:
- Inbound rules: Click "Add rule"
- Type: HTTP
- Port: 80
- Source: 0.0.0.0/0
- Outbound rules: Pastikan ada rule berikut (default):
- Type: All traffic
- Destination: 0.0.0.0/0
- Click "Create security group"
- Pergi ke EC2 console
- Click "Launch instance"
- Isikan maklumat berikut:
- Name:
public-server - AMI: Amazon Linux 2023 AMI
- Architecture: 64-bit (x86)
- Instance type: t3.micro
- Key pair: Proceed without a key pair
- Name:
- Dalam "Network settings":
- VPC:
my-vpc - Subnet:
public-subnet - Auto-assign public IP: Enable
- Security group: Pilih existing
web-sg
- VPC:
- Dalam "Advanced details":
- IAM instance profile:
EC2-SSM-Role
- IAM instance profile:
- Click "Launch instance"
- Click "Launch instance" sekali lagi
- Isikan maklumat berikut:
- Name:
private-server - AMI: Amazon Linux 2023 AMI
- Architecture: 64-bit (x86)
- Instance type: t3.micro
- Key pair: Proceed without a key pair
- Name:
- Dalam "Network settings":
- VPC:
my-vpc - Subnet:
private-subnet - Auto-assign public IP: Disable
- Security group: Pilih existing
web-sg
- VPC:
- Dalam "Advanced details":
- IAM instance profile:
EC2-SSM-Role
- IAM instance profile:
- Click "Launch instance"
- Pergi ke EC2 console
- Tunggu hingga kedua-dua instance menunjukkan:
- Instance state: Running
- Status check: 2/2 checks passed