How to Create an Instance
This document provides details on how to set up an ec2-sandbox for use as a remote development environment.
Prerequisites
Before creating the ec2-sandbox, first decide on the region to launch in and create resources for the following items.
1. VPC Creation
Please create or verify following these steps:
- Skip this step if you already have a complete set of VPC resources in use
- Create a VPC and Public/Private subnets for launching the ec2-sandbox
- If you launch the ec2-sandbox instance within a private network in a VPC, you need to place a NAT Gateway in a public subnet to enable communication with the internet
For specific configuration details, please refer to Overview and Configuration.
2. Instance Role Creation
Create an instance role to enable the ec2-sandbox to use AWS CLI and various AWS services.
| Item | Content | Notes |
|---|---|---|
| Role Name | ec2-sandbox-instance-role-{alias} | Specify an alias such as username for {alias} |
| Trusted Entity Type | AWS Service - EC2 | - |
| Policy | ※ Assign the AdministratorAccess policy or a least privilege policy as needed | - |
3. Key Pair Creation
Create a key pair for SSH connection to the ec2-sandbox from the EC2 console. After creation, download the private key and save it in the .ssh directory under the home directory regardless of OS. Set the required permissions for SSH access on the saved .pem file by running the following command:chmod 400 your-key.pem
| Item | Content | Notes |
|---|---|---|
| Name | ec2-sandbox-keypair-{alias}-{aws_region} | Specify an alias such as username for {alias} |
4. Security Group Creation
Create a new security group to restrict access to the instance, and create Inbound/Outbound whitelists as needed as shown below.
| Type | Content | Port Number | IP Address | Notes |
|---|---|---|---|---|
| Inbound | Internal developer access | 22 | 10.0.0.0/16 | Allow SSH access (port 22) only from corporate/private/development source IP addresses |
| Outbound | Unrestricted | All Traffic | 0.0.0.0/0 | Unrestricted outbound access (※Please restrict port numbers as much as possible) |
For Inbound rules, when using Public subnets, it's common to specify corporate IP address ranges or fixed IPs of developers.
For Private subnets, it's generally convenient to use the same IP address as the VPC CIDR block, such as 10.0.0.0/16.
Create EC2 Instance
Create an EC2 instance following the steps below.
1. Check Shared AMI
※TBU: Purchage guide from AWS Marketplace
Please check following these steps:
- Open the Amazon EC2 console and select [Images] → [AMIs] from the left sidebar
- Select [Private Images] from the dropdown menu on the left side of the search field
- Confirm that AMI name
slsops-ec2-sandbox-x86_64-0.0.1is displayed - Check the box and click the [Launch instance from AMI] button
※ Base AMI for ec2-sandbox
Amazon Linux 2023 is used.
2. Specify Instance Type
Below is a list of recommended instance types and sizes for development machine purposes.
| Type | Size | Architecture | Monthly Cost Estimate | Notes |
|---|---|---|---|---|
t3 | large | x86_64 | $ 60 | ✔️ Recommended, standard specifications |
t3 | xlarge | x86_64 | $ 80 | For frontend development and heavy use of VSCode extensions |
t4g | large | aarch64 (arm) | $ 50 | Low cost, optimal for WebAPI development |
t4g | xlarge | aarch64 (arm) | $ 70 | For frontend development and heavy use of VSCode extensions |
※ "Monthly Cost Estimate"
- Based on weekday-only operation, assuming 60% uptime per month
※ "Architecture" Selection
aarch64 (arm)- Low cost and high performance using Graviton processors
- Optimal for frontend and WebAPI development providing general-purpose functions without AI/image processing
x86_64- When depending on image processing libraries like
opencv,sharp,libreoffice - AI-related projects
- When depending on image processing libraries like
3. Select Key Pair
Select the key pair created in the "Prerequisites" section.
4. Network Settings
Please configure following these steps:
- Press the [Edit] button and specify the VPC, subnet, and security group created and verified in the "Prerequisites" section
- When placing in a Public subnet, set [Auto-assign public IP] to [Enable]
5. Configure Storage
20GB - 30GB is usually sufficient, but 50GB is recommended for multiple projects or Docker usage.
※ Storage capacity can be increased or decreased after instance launch if needed.
6. Specify Instance Role (Advanced Details)
Open the [Advanced Details] section and select the instance role created in the "Prerequisites" section from the [IAM instance profile] item.
7. Launch Instance
Press the [Launch Instance] button on the right side of the screen to complete.