“ I have checked the documents of AWS to experience the new console of EC2 launch and also easily be able to encrypt the volume of instance with a custom key. Pricing of Amazon EC2 depends on usage of instance and KMS custom key costs $1 per key.”
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few virtual servers as you need, configure security and networking, and manage storage. Amazon EC2 enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing your need to forecast traffic.
An instance is a virtual server in the AWS Cloud. You launch an instance from an Amazon Machine Image (AMI). The AMI provides the operating system, application server, and applications for your instance.
When you sign up for AWS, you can get started with Amazon EC2 for free using the AWS Free Tier. You can use the free tier to launch and use a t2.micro instance for free for 12 months (in Regions where t2.micro is unavailable, you can use a t3.micro instance under the free tier). If you launch an instance that is not within the free tier, you incur the standard Amazon EC2 usage fees for the instance. For more information, see Amazon EC2 pricing.
The KMS keys that you create are customer managed keys. Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the KMS keys, and scheduling the KMS keys for deletion.
In this post, you will experience the new console of EC2 launch instance and its volume encryption with a custom key. Here I have launched an EC2 Instance with default settings and also encrypted the volume with a custom key.
Architecture Overview
The architecture diagram shows the overall deployment architecture with data flow, amazon ec2, amazon elastic block store volume and aws kms.
Solution overview
The blog post consists of the following phases:
- Create KMS Custom Key with Key Permissions
- Launch of EC2 Instance in New Console and Encryption of Volume Using KMS Custom Key
Phase 1: Create KMS Custom Key with Key Permissions
- Open the AWS Key Management Service console, click on create a key. Choose key type as symmetric and key usage as encrypt and decrypt and leave advanced option as default and click next. Name the key as ec2-encryption-key and leave all other options as default and create a key. We can check the key policy and key admin and user permissions.
Phase 2: Launch of EC2 Instance in New Console and Encryption of Volume Using KMS Custom Key
Click on launch instance and Name the instance and tag it as per requirement. Select the OS and instance type with the new key pair. We can change the network settings as per requirement. Currently all options are set to default. Once the instance is in running state, we can check all configurations set in the instance such as checking security, networking, storage and so on.
Launch of a new instance with all above the same configuration just encrypted a root volume using a created custom key.
Clean-up
Delete EC2 Instance, EC2 Volume, KMS Custom Key.
Pricing
I review the pricing and estimated cost of this example.
Cost of EC2 Instance = $0.07
Cost of Key Management Service = $1.0
Cost of Data Transfer = $0.0
Total Cost = $(0.07 + 1.0 + 0.0) = $1.07
Summary
In this post, I showed “how to experience the new console of EC2 launch instance and its volume encryption with a custom key”.
For more details on EC2 Launch Instance, Checkout Get started EC2 Launch Instance, open the EC2 Launch Instance Console. To learn more, read the EC2 Launch Instance Documentation. For more details on Key Management Service, Checkout Get started Key Management Service, open the Key Management Service Console. To learn more, read the Key Management Service Documentation.
Thanks for reading!
Connect with me: Linkedin
Top comments (0)