Step 1: Launch an instance Step 2: Connect to your instance Step 3: Clean up your instance Next steps

Get started with Amazon EC2

Use this tutorial to get started with Amazon Elastic Compute Cloud (Amazon EC2). You'll learn how to launchand connect to an EC2 instance. Aninstance is a virtual serverin the AWS Cloud. With Amazon EC2, you can set up and configure the operating system andapplications that run on your instance.

Overview

The following diagram shows the key components that you'll use in this tutorial:

An image – A template that contains the software to run on your instance, such as the operating system.
A key pair – A set of security credentials that you use to prove your identity when connecting to your instance. The public key is on your instance and the private key is on your computer.
A network – A virtual private cloud (VPC) is a virtual network dedicated to yourAWS account. To help you get started quickly, your account comes with a defaultVPC in each AWS Region, and each default VPC has a default subnet in eachAvailability Zone.
A security group – Acts as a virtual firewall to control inbound and outbound traffic.
An EBS volume – We require a root volume for the image. You can optionally add datavolumes.

An instance with a security group, key pair, and EBS root volume.

Cost for this tutorial

When you create your AWS account, you can get started with Amazon EC2 for free using the AWS Free Tier .

If you created your AWS account before July 15, 2025, it's less than 12months old, and you haven't already exceeded the Free Tier benefits for Amazon EC2, it won'tcost you anything to complete this tutorial, because we help you select options that arewithin the Free Tier benefits. Otherwise, you'll incur the standard Amazon EC2 usage fees fromthe time that you launch the instance (even if it remains idle) until you terminate it.

If you created your AWS account on or after July 15, 2025, it's less than 6 months old,and you haven't used up all your credits, it won't cost you anything to complete thistutorial, because we help you select options that are within the Free Tier benefits.

For information on how to determine whether you are eligible for theFree Tier, seeTrack your Free Tier usage for Amazon EC2.

Tasks

Step 1: Launch an instance

You can launch an EC2 instance using the AWS Management Console as described in the followingprocedure. This tutorial is intended to help you quickly launch your first instance,so it doesn't cover all possible options.

To launch an instance

Open the Amazon EC2 console athttps://console.aws.amazon.com/ec2/.
In the navigation bar at the top of the screen, we display the current AWS Region — for example,Ohio. You can use the selected Region, oroptionally select a Region that is closer to you.
From the EC2 console dashboard, in theLaunch instance pane, chooseLaunch instance.
UnderName and tags, forName, entera descriptive name for your instance.
UnderApplication and OS Images (Amazon Machine Image), do the following:
1. ChooseQuick Start, and then choose theoperating system (OS) for your instance. For your first Linux instance, we recommend that you choose Amazon Linux.
2. FromAmazon Machine Image (AMI), select an AMIthat is markedFree Tier eligible.
UnderInstance type, forInstance type, selectan instance type that is markedFree Tiereligible.
UnderKey pair (login), forKey pair name,choose an existing key pair or chooseCreate new key pair to create your first key pair.
Warning
If you chooseProceed without a key pair (Not recommended),you won't be able to connect to your instance using the methods described inthis tutorial.
UnderNetwork settings, notice that we selected your default VPC,selected the option to use the default subnet in an Availability Zone that wechoose for you, and configured a security group with a rule that allowsconnections to your instance from anywhere (0.0.0.0.0/0).
Warning
If you specify0.0.0.0/0, you are enabling traffic from any IP addresses inthe world. For the SSH and RDP protocols, you might consider this acceptablefor a short time in a test environment, but it's unsafe for productionenvironments. In production, be sure to authorize access only from theappropriate individual IP address or range of addresses.
For your first instance, we recommend that you use the default settings.Otherwise, you can update your network settings as follows:
UnderConfigure storage, notice that we configured a root volumebut no data volumes. This is sufficient for test purposes.
Review a summary of your instance configuration in theSummary panel,and when you're ready, chooseLaunch instance.
If the launch is successful, choose the ID of the instance from theSuccess notification to open theInstances page and monitor the status of the launch.
Select the checkbox for the instance. The initial instance state ispending. After the instance starts, its state changes torunning. Choose theStatus and alarms tab. After your instance passes its status checks, it is ready to receive connection requests.

Step 2: Connect to your instance

The procedure that you use depends on the operating system of the instance. If you can't connect to your instance, see Troubleshoot issues connecting to your Amazon EC2 Linux instance for assistance.

You can connect to your Linux instance using any SSH client. If you are runningWindows on your computer, open a terminal and run thessh command to verify that you have an SSH client installed. If the command is not found,install OpenSSH for Windows .

To connect to your instance using SSH

Open the Amazon EC2 console athttps://console.aws.amazon.com/ec2/.
In the navigation pane, chooseInstances.
Select the instance and then chooseConnect.
On theConnect to instance page, choose theSSH client tab.
(Optional) If you created a key pair when you launched the instance and downloadedthe private key (.pem file) to a computer running Linux or macOS, run the examplechmod command to set the permissions for your private key.
Copy the example SSH command. The following is an example, wherekey-pair-name.pem is the name of yourprivate key file,ec2-user is the usernameassociated with the image, and the string after the @ symbol is thepublic DNS name of the instance.
```
ssh -ikey-pair-name.pemec2-user@ec2-198-51-100-1.us-east-2.compute.amazonaws.com
```
In a terminal window on your computer, run thessh command that you saved in the previous step. If the private key file is not in the current directory, you must specify the fully-qualified path to the key file in this command.
The following is an example response:
```
The authenticity of host 'ec2-198-51-100-1.us-east-2.compute.amazonaws.com (198-51-100-1)' can't be established.ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY.Are you sure you want to continue connecting (yes/no)?
```
(Optional) Verify that the fingerprint in the security alert matches theinstance fingerprint contained in the console output when you first start aninstance. To get the console output, chooseActions,Monitor and troubleshoot,Get system log.If the fingerprints don't match, someone might be attempting a man-in-the-middle attack. If they match, continue to the next step.

Enteryes.

The following is an example response:

Warning: Permanently added 'ec2-198-51-100-1.us-east-2.compute.amazonaws.com' (ECDSA) to the list of known hosts.

To connect to a Windows instance using RDP, you must retrieve the initial administrator password andthen enter this password when you connect to your instance. It takes a few minutes after instance launch before this password is available.Your account must have permission to call the GetPasswordData action. For more information, seeExample policies to control access the Amazon EC2 API.

The default username for the Administrator account depends on the language of the operating system (OS) contained in the AMI. To determine the correct username, identify the language of the OS, and then choose the corresponding username. For example, for an English OS, the username isAdministrator, for a French OS it'sAdministrateur, and for a Portuguese OS it'sAdministrador. If a language version of the OS does not have a username in the same language, choose the usernameAdministrator (Other). For more information, seeLocalized Names for Administrator Account in Windows in the Microsoft website.

To retrieve the initial administrator password

Open the Amazon EC2 console athttps://console.aws.amazon.com/ec2/.
In the navigation pane, chooseInstances.
Select the instance and then chooseConnect.
On theConnect to instance page, choose theRDP client tab.
ForUsername, choose the default username for the Administratoraccount. The username you choose must match the language of the operating system(OS) contained in the AMI that you used to launch your instance. If there is nousername in the same language as your OS, chooseAdministrator(Other).
ChooseGet password.
On theGet Windows password page, do the following:
1. ChooseUpload private key file and navigate tothe private key (.pem) file that you specified when you launchedthe instance. Select the file and chooseOpen tocopy the entire contents of the file to this window.
2. ChooseDecrypt password. TheGetWindows password page closes, and the defaultadministrator password for the instance appears underPassword, replacing theGetpassword link shown previously.
3. Copy the password and save it in a safe place. This password is required to connect to the instance.

The following procedure uses the Remote Desktop Connection client for Windows (MSTSC). If you're using a different RDP client, download the RDP file and then see the documentation for the RDP client for the steps to establish the RDP connection.

To connect to a Windows instance using an RDP client

On theConnect to instance page, chooseDownload remote desktop file. When the file download is finished, chooseCancel to return to theInstances page. The RDP file is downloaded to yourDownloads folder.
Runmstsc.exe to open the RDP client.
ExpandShow options, chooseOpen, and select the .rdp file from yourDownloads folder.
By default,Computer is the public IPv4 DNS name of the instance andUser name is the administrator account. To connect to the instance using IPv6 instead, replace the public IPv4 DNS name of the instance with its IPv6 address. Review the default settings and change them as needed.
ChooseConnect. If you receive a warning that the publisher of the remote connection is unknown, chooseConnect to continue.
Enter the password that you saved previously, and then chooseOK.
Due to the nature of self-signed certificates, you might get a warning that the security certificate could not be authenticated. Do one of the following:
- If you trust the certificate, chooseYes to connect to your instance.
- [Windows] Before you proceed, compare the thumbprint of the certificate with the value in the system log to confirm the identity of the remote computer. ChooseView certificate and then chooseThumbprint from theDetails tab. Compare this value to the value ofRDPCERTIFICATE-THUMBPRINT inActions,Monitor and troubleshoot,Get system log.
- [Mac OS X] Before you proceed, compare the fingerprint of the certificate with the value in the system log to confirm the identity of the remote computer. ChooseShow Certificate, expandDetails, and chooseSHA1 Fingerprints. Compare this value to the value ofRDPCERTIFICATE-THUMBPRINT inActions,Monitor and troubleshoot,Get system log.
If the RDP connection is successful, the RDP client displays the Windows login screen and then the Windows desktop. If you receive an error message instead, seeRemote Desktop can't connect to the remote computer. When you are finished with the RDP connection, you can close the RDP client.

Step 3: Clean up your instance

After you've finished with the instance that you created for this tutorial, you shouldclean up by terminating the instance. If you want to do more with this instance beforeyou clean up, seeNext steps.

Important

Terminating an instance effectively deletes it; you can't reconnect to an instanceafter you've terminated it.

You'll stop incurring charges for that instance or usage that counts against yourFree Tier limits as soon as the instance status changes toshutting down orterminated. To keep your instance for later, but not incur chargesor usage that counts against your Free Tier limits, you can stop the instance now and then start it again later. For more information, see Stop and start Amazon EC2 instances.

To terminate your instance

In the navigation pane, chooseInstances. In the list ofinstances, select the instance.
ChooseInstance state,Terminate (delete)instance.
ChooseTerminate (delete) when prompted for confirmation.
Amazon EC2 shuts down and terminates your instance. After your instance isterminated, it remains visible on the console for a short while, and then theentry is automatically deleted. You cannot remove the terminated instance fromthe console display yourself.

Next steps

After you start your instance, you might want to explore the following next steps:

Explore the Amazon EC2 core concepts with the introductory tutorials. For more information, seeTutorials for launching EC2 instances.
Learn how to track your Amazon EC2 Free Tier usage using the console. For more information, seeTrack your Free Tier usage for Amazon EC2.
Configure a CloudWatch alarm to notify you if your usage exceeds the Free Tier (for accountscreated before July 15, 2025). For more information, seeTracking yourAWS Free Tier usage in theAWS Billing User Guide.
Add an EBS volume. For more information, seeCreate an Amazon EBS volume in theAmazon EBS User Guide.
Learn how to remotely manage your EC2 instance using the Run command. For more information, seeAWS Systems Manager Run Command in theAWS Systems Manager User Guide.
Learn about instance purchasing options. For more information, seeAmazon EC2 billing and purchasing options.
Get advice about instance types. For more information, seeGet recommendations from EC2 instance type finder.