For a few years I did not attempt any serious task on the Amazon cloud. It took me a bit of time to get back my automatisms and adapt myself to the changes. In particular, the cheapest instances, t2.nano, are only accessible via virtual private clouds (VPC), and it was a bit difficult for me to find how to create a simple one. Perhaps this is because all AWS accounts created after March 18, 2013, automatically have a default VPC, and everybody else who needed their own simple VPC have created it a long time ago already. In the end, this was not complicated at all. This is probably why I could not find a tutorial.

In brief, one needs first to create a VPC. If it is just for spawning an instance from time to time, the IP range does not matter much. Default VPCs are using, so let's do the same.

aws ec2 create-vpc --cidr-block $CIDR_BLOCK

In the command's output, there is the VPC's identifier, that I paste by hand in a variable called VPC. The same pattern will be repeated for each command creating something. One can also find the VPC's identifier with the command aws ec2 describe-vpcs.


Then, create a subnet. Again, no need for complications, in our simple case one can give the full IP range. I cut and paste the returned identifier in the variable SUBNET. In order that the instances receive a public IP address like in default VPCs and like in the usual behaviour of the VPC-less Cloud, one needs to set the attribute MapPublicIpOnLaunch.

aws ec2 create-subnet --vpc-id $VPC --cidr-block $CIDR_BLOCK
aws ec2 modify-subnet-attribute --subnet-id $SUBNET --map-public-ip-on-launch 

Then, create a gateway (paste the identifier in GATEWAY) and attach it to the VPC.

aws ec2 create-internet-gateway
aws ec2 attach-internet-gateway --internet-gateway-id $GATEWAY --vpc-id $VPC

A routing table was created automatically, and one can find its identifier via the command describe-route-tables. Then, create a default route to the gateway.

aws ec2 describe-route-tables
aws ec2 create-route --route-table-id $ROUTETABLE --destination-cidr-block --gateway-id $GATEWAY

Of course, if one does not open the traffic, no instance can be contacted from outside... Here I open port 22 for SSH.

aws ec2 describe-security-groups
aws ec2 authorize-security-group-ingress --group-id $SECURITY_GROUP --protocol tcp --port 22 --cidr

Other novelty, now Amazon distributes some Free tools for the command line, that are more comprehensive than euca2ools.

Next, I will try again the Debian Installer in the Cloud.