AWS Account Setup Guide for EC2 Testing

Understanding AWS Accounts

An AWS account is your gateway to Amazon Web Services. It serves as:

• Billing container: All charges for resources you use are billed to this account
• Security boundary: Resources and permissions are isolated within your account
• Resource namespace: Your account ID uniquely identifies your resources across AWS
• Identity root: The starting point for all user access and permissions

Each AWS account includes:

• A unique 12-digit account ID
• A root user (the email used during signup)
• Separate resource limits and quotas
• Independent billing and cost tracking
• Isolated security and access controls

Think of it as your own private data center in the cloud, where you have complete control over who can access what, and you only pay for what you use.

Part 1: Account Creation and User Setup

Creating Your AWS Account

1. Go to https://aws.amazon.com and click "Create an AWS Account"
2. Provide your email address, password, and AWS account name
3. Select "Personal" account type
4. Enter payment information (required even for Free Tier)
5. Verify your identity via phone
6. Choose the "Basic Support - Free" plan

AWS Documentation: https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-creating.html

Securing the Root User

The root user has unrestricted access to your account and should be secured immediately:

Enable MFA on Root User:

1. Sign in to AWS Console as root user
2. Click your account name (top right) → Security credentials
3. Under "Multi-factor authentication (MFA)", click "Assign MFA device"
4. Choose "Authenticator app" (recommended: Google Authenticator, Authy, or Microsoft Authenticator)
5. Scan the QR code with your authenticator app
6. Enter two consecutive MFA codes to confirm
7. Save the MFA device name

Best Practice: After this setup, avoid using the root user for daily tasks.

AWS Documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html

Creating an Admin IAM User

Create the IAM User:

1. In AWS Console, search for "IAM" and open the service
2. Click "Users" → "Create user"
3. Enter username (e.g., "admin-user")
4. Check "Provide user access to the AWS Management Console"
5. Select "I want to create an IAM user"
6. Choose "Custom password" and enter a strong password
7. Uncheck "Users must create a new password at next sign-in" (optional)
8. Click "Next"

Assign Administrator Permissions:

1. Select "Attach policies directly"
2. Search for and check "AdministratorAccess"
3. Click "Next" → "Create user"

Save Sign-in Details:

• Note the Console sign-in URL (format: https://YOUR-ACCOUNT-ID.signin.aws.amazon.com/console)
• Save the username and password securely

Enable MFA for Admin User:

1. Sign out of root account
2. Sign in using the admin user credentials and console URL
3. Click your username (top right) → Security credentials
4. Under "Multi-factor authentication (MFA)", click "Assign MFA device"
5. Follow the same MFA setup process as with root user

AWS Documentation:

• Creating IAM users: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
• IAM best practices: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

Part 2: Understanding AWS Regions and Network Setup

AWS Regions and Availability Zones

What is an AWS Region?

• A geographic area containing multiple data centers
• Each region is completely independent and isolated
• Data doesn't leave a region unless you explicitly transfer it
• Pricing, service availability, and features vary by region

Common AWS Regions:

• us-east-1 (N. Virginia) - Largest, most services, often cheapest
• us-west-2 (Oregon)
• eu-west-1 (Ireland)
• eu-central-1 (Frankfurt)
• ap-southeast-1 (Singapore)
• ap-northeast-1 (Tokyo)

Availability Zones (AZs):

• Each region contains 3+ isolated data centers called AZs
• Named with region code + letter (e.g., us-east-1a, us-east-1b)
• Connected via low-latency private fiber networks
• Designed for fault isolation and high availability

Changing Regions:

1. Look at the top-right corner of AWS Console (next to your username)
2. Click the region dropdown (shows current region like "N. Virginia")
3. Select your desired region from the list
4. The console reloads showing resources in the new region

Important: Resources are region-specific. An EC2 instance in us-east-1 won't appear when viewing us-west-2.

AWS Documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Understanding VPC (Virtual Private Cloud)

What is a VPC?

A VPC is your private, isolated network within AWS. It provides:

• Network isolation: Your resources are logically separated from other AWS customers
• IP address control: You define your own IP address range (CIDR block)
• Subnet segmentation: Divide your network into smaller segments across AZs
• Routing control: Define how traffic flows between subnets and to the internet
• Security layers: Multiple levels of security (NACLs, security groups, route tables)

VPC Components:

1. CIDR Block: The IP address range for your VPC (e.g., 10.0.0.0/16)
2. Subnets: Subdivisions of your VPC CIDR, placed in specific AZs
3. Route Tables: Rules determining where network traffic is directed
4. Internet Gateway (IGW): Enables communication between VPC and internet
5. NAT Gateway: Allows private subnet resources to access internet (outbound only)
6. Network ACLs: Stateless firewall rules at the subnet level
7. Security Groups: Stateful firewall rules at the instance level

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html

Default VPC Configuration

Default VPC Architecture Diagram:

                                    Internet
                                       |
                                       |
                        +------------------------------+
                        |   Internet Gateway (IGW)     |
                        +------------------------------+
                                       |
        +--------------------------------------------------------------+
        |                    Default VPC                               |
        |                  172.31.0.0/16                               |
        |                                                              |
        |  +-----------------+  +-----------------+  +---------------+ |
        |  | Public Subnet 1 |  | Public Subnet 2 |  |   Subnet 3    | |
        |  | 172.31.0.0/20   |  | 172.31.16.0/20  |  |172.31.32.0/20 | |
        |  |   (AZ-1a)       |  |   (AZ-1b)       |  |   (AZ-1c)     | |
        |  |                 |  |                 |  |               | |
        |  |  +----------+   |  |                 |  |               | |
        |  |  | EC2      |   |  |                 |  |               | |
        |  |  | Instance |   |  |                 |  |               | |
        |  |  | (Graviton)|  |  |                 |  |               | |
        |  |  +----------+   |  |                 |  |               | |
        |  |                 |  |                 |  |               | |
        |  +-----------------+  +-----------------+  +---------------+ |
        |                                                              |
        |  Route Table: 0.0.0.0/0 -> IGW (all subnets)                |
        |  Security Group: Controls instance-level traffic            |
        +--------------------------------------------------------------+

Key Components:
- Internet Gateway (IGW): Enables internet connectivity
- Public Subnets: One per Availability Zone, all with IGW route
- EC2 Instance: Can be launched in any subnet
- Route Table: Directs internet traffic (0.0.0.0/0) to IGW
- Security Group: Firewall rules at instance level

When you create an AWS account, a default VPC is automatically created in each region with:

• CIDR block: 172.31.0.0/16 (65,536 IP addresses)
• Subnets: One public subnet per AZ (typically 3-6 subnets depending on region)
• Internet Gateway: Pre-attached and configured
• Main route table: Includes route to IGW (0.0.0.0/0 → igw-xxxxx)
• Default security group: Allows all outbound traffic, blocks all inbound except from same security group
• Default Network ACL: Allows all inbound and outbound traffic

Example subnet distribution (us-east-1):

• Subnet 1: 172.31.0.0/20 (4,096 IPs) in us-east-1a
• Subnet 2: 172.31.16.0/20 (4,096 IPs) in us-east-1b
• Subnet 3: 172.31.32.0/20 (4,096 IPs) in us-east-1c
• Subnet 4: 172.31.48.0/20 (4,096 IPs) in us-east-1d
• Subnet 5: 172.31.64.0/20 (4,096 IPs) in us-east-1e
• Subnet 6: 172.31.80.0/20 (4,096 IPs) in us-east-1f

Public vs Private Subnets

Public Subnet:

• Route table contains route to Internet Gateway (0.0.0.0/0 → igw-xxxxx)
• Instances can be assigned public IP addresses
• Direct two-way internet communication possible
• Use cases: Web servers, bastion hosts, NAT gateways
• All default VPC subnets are public

Private Subnet:

• No direct route to Internet Gateway
• Instances only have private IP addresses
• Internet access requires NAT Gateway/Instance in public subnet
• Inbound internet traffic blocked (more secure)
• Use cases: Databases, application servers, internal services

Creating a Private Subnet (in default VPC):

1. Create a new route table without IGW route
2. Associate it with a subnet
3. Add route to NAT Gateway for outbound internet (optional)

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/configure-subnets.html

Security Groups: Detailed Explanation

Security groups are virtual firewalls that control traffic at the instance level (not subnet level).

Key Characteristics:

1. Stateful: If you allow inbound traffic, the response is automatically allowed outbound (and vice versa)
2. Allow rules only: You can only specify what to allow, not what to deny (implicit deny for everything else)
3. Instance-level: Applied to elastic network interfaces (ENIs) attached to instances
4. Multiple groups: An instance can have up to 5 security groups
5. Evaluated together: All rules from all attached security groups are aggregated

Security Group Rules Structure:

Each rule specifies:

• Type: Protocol type (SSH, HTTP, HTTPS, Custom TCP, etc.)
• Protocol: TCP, UDP, ICMP, or ALL
• Port range: Single port (22) or range (1024-65535)
• Source/Destination: Where traffic can come from/go to
  • CIDR block (e.g., 203.0.113.0/24)
  • Another security group ID (sg-xxxxx)
  • Prefix list ID (for AWS services)
  • Your IP (automatically detected)

Default Security Group Behavior:

Inbound rules:

• Allows all traffic from instances with the same security group
• Blocks all other inbound traffic

Outbound rules:

• Allows all outbound traffic to any destination (0.0.0.0/0)

Example: Web Server Security Group

Inbound rules:

Type        Protocol  Port    Source          Description
SSH         TCP       22      203.0.113.5/32  My office IP
HTTP        TCP       80      0.0.0.0/0       Public web access
HTTPS       TCP       443     0.0.0.0/0       Public web access

Outbound rules:

Type        Protocol  Port    Destination     Description
All traffic ALL       ALL     0.0.0.0/0       Allow all outbound

Example: Database Security Group

Inbound rules:

Type        Protocol  Port    Source          Description
MySQL       TCP       3306    sg-webserver    From web servers only

Outbound rules:

Type        Protocol  Port    Destination     Description
All traffic ALL       ALL     0.0.0.0/0       Allow all outbound

Security Group Best Practices:

1. Principle of least privilege: Only open ports you need
2. Restrict source IPs: Use specific CIDR blocks, not 0.0.0.0/0 for SSH/RDP
3. Use descriptive names: "web-server-sg" not "sg-1"
4. Reference other security groups: Instead of IP ranges for internal traffic
5. Regular audits: Review and remove unused rules
6. Separate groups by tier: Different groups for web, app, and database layers

Common Ports for Testing:

• SSH (Linux): TCP 22
• RDP (Windows): TCP 3389
• HTTP: TCP 80
• HTTPS: TCP 443
• MySQL: TCP 3306
• PostgreSQL: TCP 5432

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-groups.html

Network ACLs vs Security Groups

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Viewing Your VPC Configuration

1. Open VPC service in AWS Console
2. Your VPCs: View VPC details, CIDR blocks, and DNS settings
3. Subnets: See all subnets, their CIDR blocks, AZs, and route table associations
4. Route Tables: Examine routing rules and subnet associations
5. Internet Gateways: Confirm IGW attachment to VPC
6. Security Groups: Review and modify firewall rules
7. Network ACLs: View subnet-level access control lists

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/working-with-vpcs.html

Security Considerations for Testing

When launching EC2 instances for testing:

Security Groups:

• Default security group blocks all inbound traffic
• Create a new security group with specific rules
• For SSH: Only allow your IP address (not 0.0.0.0/0)
• For RDP: Only allow your IP address (not 0.0.0.0/0)

Key Pairs:

• Always use SSH key pairs for Linux instances
• Download and securely store the private key (.pem file)
• Never share or commit private keys to version control
• Set proper permissions: chmod 400 your-key.pem

Public IP Addresses:

• Default VPC auto-assigns public IPs
• Consider using Elastic IPs for persistent addresses
• Remember: Public IPs are accessible from the internet

Monitoring:

• Enable VPC Flow Logs to monitor network traffic
• Use CloudWatch to track instance metrics
• Set up billing alerts to avoid unexpected charges

AWS Documentation: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-security-best-practices.html

Next Steps

After completing this setup, you're ready to:

• Launch EC2 instances in your default VPC
• Create custom security groups for different use cases
• Connect to instances via SSH (Linux) or RDP (Windows)
• Experiment with different regions and availability zones
• Learn about custom VPC creation for production workloads

Additional Resources:

• AWS Free Tier: https://aws.amazon.com/free/
• EC2 Getting Started: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html
• VPC Scenarios: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-examples-intro.html

Part 3: Launching EC2 Instances with Custom ARM AMI

Understanding Intel vs ARM (Graviton) Instance Types

AWS offers two main processor architectures for EC2 instances:

Intel/AMD (x86_64) Instances:

• Traditional architecture used by most applications
• Instance families: T3, M5, C5, R5, etc.
• Wider software compatibility
• Generally higher cost per performance unit

AWS Graviton (ARM/aarch64) Instances:

• AWS-designed ARM-based processors (Graviton2, Graviton3, Graviton4)
• Instance families: T4g, M6g, M7g, C6g, C7g, R6g, R7g, etc. (note the "g" suffix)
• Up to 40% better price-performance compared to x86
• Lower power consumption and cost
• Requires ARM-compatible software/AMIs
• Excellent for: Web servers, containerized workloads, microservices, databases

Important: The custom Arch Linux AMI from http://arch-ami-list.drzee.net/ is built for ARM architecture, so you must use Graviton instance types (T4g, M6g, M7g, C6g, C7g, etc.).

AWS Documentation: https://aws.amazon.com/ec2/graviton/

Finding the Custom Arch Linux ARM AMI

The Arch Linux ARM AMI is available at: http://arch-ami-list.drzee.net/

Key Information:

• AMI is only available in eu-central-1 (Frankfurt) region by default
• AMI size: approximately 1.2 GB
• Architecture: ARM64/aarch64 (requires Graviton instances)
• You can copy the AMI to other regions if needed (see below)

Copying AMI to Other Regions (Optional)

If you need to use the AMI in a different region:

1. Switch to eu-central-1 region in AWS Console
2. Go to EC2 → AMIs (under Images in left sidebar)
3. Find the Arch Linux ARM AMI (use the AMI ID from arch-ami-list.drzee.net)
4. Select the AMI, click "Actions" → "Copy AMI"
5. Choose destination region
6. Optionally change the AMI name/description
7. Click "Copy AMI"
8. Wait for copy to complete (can take 10-30 minutes)

Cost Impact: Copying an AMI incurs storage costs in the destination region:

• AMI size: ~1.2 GB
• EBS snapshot storage cost: $0.05 per GB-month (varies by region)
• Monthly cost: ~$0.06/month ($1.2 GB × $0.05)
• This cost persists as long as the AMI exists in that region

AWS Documentation:

• Copying AMIs: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
• EBS Snapshot Pricing: https://aws.amazon.com/ebs/pricing/

Creating an SSH Key Pair

Before launching an instance, you need an SSH key pair to connect to it.

1. Switch to eu-central-1 region (or your target region)
2. Go to EC2 service in AWS Console
3. Click "Key Pairs" in left sidebar (under "Network & Security")
4. Click "Create key pair"
5. Enter a name (e.g., "my-arch-linux-key")
6. Key pair type: RSA (recommended for compatibility)
7. Private key file format: .pem (for Linux/Mac) or .ppk (for PuTTY on Windows)
8. Click "Create key pair"
9. The private key file downloads automatically - save it securely!

Securing Your Private Key (Linux/Mac):

# Move key to secure location
mv ~/Downloads/my-arch-linux-key.pem ~/.ssh/

# Set correct permissions (required by SSH)
chmod 400 ~/.ssh/my-arch-linux-key.pem

Important Security Notes:

• You can only download the private key once during creation
• Never share your private key or commit it to version control
• If you lose the key, you cannot recover it (you'll need to create a new one)
• Store backups of your private keys in a secure location

AWS Documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

Launching an EC2 Instance

Step 1: Start the Launch Wizard

1. Ensure you're in eu-central-1 region (or region where you copied the AMI)
2. Go to EC2 Dashboard
3. Click "Launch instance" button

Step 2: Name and AMI Selection

1. Enter instance name (e.g., "arch-linux-test")
2. In "Application and OS Images (Amazon Machine Image)" section:
   • Click "Browse more AMIs"
   • Go to "Community AMIs" tab
   • Paste the AMI ID from http://arch-ami-list.drzee.net/
   • Select the Arch Linux ARM AMI

Step 3: Choose Instance Type

Select a Graviton (ARM) instance type. Common options for testing:

*Prices as of 2024 - check current pricing at https://aws.amazon.com/ec2/pricing/on-demand/

Instance Type Families:

• T4g: Burstable performance, cost-effective for variable workloads
• M6g/M7g: General purpose, balanced compute/memory/network
• C6g/C7g: Compute-optimized, high CPU performance
• R6g/R7g: Memory-optimized, high memory-to-CPU ratio

Recommendation for testing: Start with t4g.micro or t4g.small for cost-effective testing.

Free Tier Savings: If you have a new AWS account (less than 12 months old), use t4g.small to take advantage of the AWS Free Tier, which provides 750 hours per month at no cost. This means you can run one t4g.small instance 24/7 for an entire month completely free (compute costs only - storage still applies at ~$0.64/month for 8 GB).

Step 4: Configure Key Pair

• Select the key pair you created earlier
• If you haven't created one yet, click "Create new key pair"

Step 5: Network Settings

• VPC: Select default VPC (or your custom VPC)
• Subnet: Choose any subnet (or "No preference")
• Auto-assign public IP: Enable (required for SSH access)
• Firewall (security groups): Select "Create security group" or use existing

Security Group Rules (if creating new):

• Allow SSH traffic from: My IP (recommended) or custom IP range
• Do NOT use 0.0.0.0/0 for SSH unless absolutely necessary

Step 6: Configure Storage

• Default: 8 GB gp3 (General Purpose SSD)
• Recommended for testing: 8-20 GB is sufficient
• Volume type: gp3 (best price-performance) or gp2
• Delete on termination: Enabled (default - storage deleted when instance terminates)

Storage Costs:

• gp3: $0.08 per GB-month (eu-central-1)
• 8 GB volume: ~$0.64/month
• Important: Storage costs apply even when instance is stopped

Step 7: Review and Launch

1. Review your configuration in the summary panel
2. Click "Launch instance"
3. Wait 1-2 minutes for instance to start
4. Click "View all instances" to see your instance

AWS Documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/LaunchingAndUsingInstances.html

Understanding EC2 Costs

EC2 instances have two main cost components:

1. Compute (Instance) Costs:
   • Charged per second (minimum 60 seconds)
   • Only charged when instance is in "running" state
   • No compute charges when instance is "stopped"
   • Terminated instances stop all charges
2. Storage (EBS Volume) Costs:
   • Charged per GB-month
   • Charged continuously, even when instance is stopped
   • Only stops when instance is terminated (if "Delete on termination" enabled)

Cost Calculation Examples:

Example 1: t4g.micro for development (8 hours/day, 20 days/month)

Instance: t4g.micro at $0.0084/hour
Storage: 8 GB gp3 at $0.08/GB-month

Compute cost: $0.0084 × 8 hours × 20 days = $1.34/month
Storage cost: 8 GB × $0.08 = $0.64/month
Total: $1.98/month

Example 2: t4g.small running 24/7

Instance: t4g.small at $0.0168/hour
Storage: 20 GB gp3 at $0.08/GB-month

Compute cost: $0.0168 × 730 hours = $12.26/month
Storage cost: 20 GB × $0.08 = $1.60/month
Total: $13.86/month

Example 3: t4g.medium for testing (4 hours/day, 5 days/week)

Instance: t4g.medium at $0.0336/hour
Storage: 10 GB gp3 at $0.08/GB-month

Monthly hours: 4 hours × 5 days × 4.33 weeks = ~87 hours
Compute cost: $0.0336 × 87 hours = $2.92/month
Storage cost: 10 GB × $0.08 = $0.80/month
Total: $3.72/month

Example 4: Stopped instance (no compute, only storage)

Instance: Any type (stopped - no compute charges)
Storage: 8 GB gp3 at $0.08/GB-month

Compute cost: $0.00/month (stopped)
Storage cost: 8 GB × $0.08 = $0.64/month
Total: $0.64/month

Cost Optimization Tips:

• Stop instances when not in use (saves compute costs)
• Terminate instances you no longer need (saves all costs)
• Use smaller instance types for testing
• Set up billing alerts to monitor spending
• Consider Reserved Instances for long-term workloads (up to 72% savings)

AWS Pricing Resources:

• EC2 On-Demand Pricing: https://aws.amazon.com/ec2/pricing/on-demand/
• EBS Pricing: https://aws.amazon.com/ebs/pricing/
• AWS Pricing Calculator: https://calculator.aws
• AWS Free Tier: https://aws.amazon.com/free/ (750 hours/month for 12 months: t2.micro/t3.micro for x86 OR t4g.small for ARM/Graviton)

Managing Instance State: Stop, Start, and Terminate

Instance States:

• Running: Instance is active, incurs compute + storage costs
• Stopped: Instance is shut down, incurs only storage costs
• Terminated: Instance is permanently deleted, no costs (if storage deleted)

Stopping an Instance

Use when you want to pause an instance temporarily without losing data:

1. Go to EC2 → Instances
2. Select your instance
3. Click "Instance state" → "Stop instance"
4. Confirm the action
5. Wait for state to change to "Stopped" (~30-60 seconds)

What happens when you stop:

• Instance shuts down gracefully
• Compute charges stop immediately
• Storage (EBS volumes) remains attached and continues to incur costs
• Public IP address is released (unless using Elastic IP)
• Private IP address is retained
• All data on EBS volumes is preserved

Starting a Stopped Instance

1. Go to EC2 → Instances
2. Select your stopped instance
3. Click "Instance state" → "Start instance"
4. Wait for state to change to "Running" (~30-60 seconds)

What happens when you start:

• Instance boots up
• Compute charges resume
• New public IP address assigned (unless using Elastic IP)
• Private IP address remains the same
• All data on EBS volumes is intact

Terminating an Instance

Use when you're completely done with an instance and want to delete it permanently:

1. Go to EC2 → Instances
2. Select your instance
3. Click "Instance state" → "Terminate instance"
4. Confirm the action (read the warning carefully!)

What happens when you terminate:

• Instance is permanently deleted (cannot be recovered)
• All compute charges stop
• EBS volumes with "Delete on termination" enabled are deleted (storage charges stop)
• EBS volumes with "Delete on termination" disabled remain and continue to incur costs
• Public and private IP addresses are released
• This action cannot be undone!

Termination Protection:

To prevent accidental termination, you can enable termination protection:

1. Select instance → Actions → Instance settings → Change termination protection
2. Enable termination protection
3. You must disable it before you can terminate the instance

AWS Documentation:

• Instance lifecycle: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html
• Stop and start: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html
• Terminate instances: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html

Connecting to Your Instance via SSH

Once your instance is running, you can connect via SSH:

Step 1: Get Instance Connection Information

1. Go to EC2 → Instances
2. Select your running instance
3. Note the "Public IPv4 address" (e.g., 3.123.45.67)

Step 2: Connect via SSH (Linux/Mac)

# Basic SSH connection
ssh -i ~/.ssh/my-arch-linux-key.pem root@3.123.45.67

# If you get "Permission denied (publickey)" error, the default user might be different
# Try these common usernames:
ssh -i ~/.ssh/my-arch-linux-key.pem arch@3.123.45.67
ssh -i ~/.ssh/my-arch-linux-key.pem ec2-user@3.123.45.67

Step 3: First Connection Warning

On first connection, you'll see a message about host authenticity:

The authenticity of host '3.123.45.67' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?

Type yes and press Enter.

Common SSH Issues:

1. "Permission denied (publickey)"

• Wrong username - try different usernames (root, arch, ec2-user)
• Wrong key file - verify you're using the correct .pem file
• Wrong key permissions - run chmod 400 your-key.pem

2. "Connection timed out"

• Security group doesn't allow SSH from your IP
• Instance doesn't have a public IP address
• Instance is not in running state

3. "WARNING: UNPROTECTED PRIVATE KEY FILE!"

• Key file has wrong permissions
• Fix: chmod 400 ~/.ssh/my-arch-linux-key.pem

AWS Documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html

Best Practices for Testing

1. Always stop instances when not in use to save on compute costs
2. Set up billing alerts in AWS Billing Dashboard to monitor spending
3. Use tags to organize instances (e.g., "Environment: Testing", "Owner: YourName")
4. Regular cleanup: Terminate instances you no longer need
5. Security: Regularly review security group rules and remove unnecessary access
6. Backups: Create AMI snapshots of configured instances before major changes
7. Monitor usage: Check EC2 Dashboard regularly for running instances
8. Use CloudWatch: Set up alarms for unusual activity or high CPU usage

Quick Reference: Common Tasks

Additional Resources

• Arch Linux ARM AMI List: http://arch-ami-list.drzee.net/
• AWS Graviton Information: https://aws.amazon.com/ec2/graviton/
• EC2 Instance Types: https://aws.amazon.com/ec2/instance-types/
• EC2 User Guide: https://docs.aws.amazon.com/ec2/index.html
• AWS Cost Management: https://aws.amazon.com/aws-cost-management/