Fedora on AWS
We will install Fedora 43 onto a AWS EC2 instance in the us-west-2 region.
To launch an instance in AWS, you will need the Amazon Machine Image (AMI) ID for the Fedora image for the region and machine architecture you want to use.
The list of regions for both x86_64 and aarch64 are available under the “Launch on public cloud platforms” section of https://fedoraproject.org/cloud/download#cloud_launch
For example, to launch an x86_64 Fedora 43 AMI in the us-west-2 region, the AMI ID is ami-09d4a84b1cda0ac74. Note that the AMI ID changes with each release.
Prerequisites
Step 1: Download the Installer
Download the AWS CLI from the AWS CLI Website site: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html Choose the type of CLI software based on your OS specifications
Step 2: Run the Installer
Install the AWS CLI on Fedora using the DNF package manager as follows.
$ sudo dnf install awscli -yTo install the AWS CLI on other Linux, run the following commands.
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/installStep 3: Verify the Installation
Verify the installation of AWS with the following command:
$ aws - versionStep 4: Configure the AWS CLI
Now, configure with your aws credentials such as Access Key and Secret Key by running the following command:
$ aws configureStep-by-Step Guide to Creating an EC2 Instance using AWS CLI
If you have an existing VPC, with Subnets, Internet Gateway, Route Table, Security Group, and key pairs, skip to the Running the EC2 instance step. If not, follow the next steps listed to create a default VPC. Creating the default VPC, creates the Subnets, Internet Gateway, Route Table, etc. for you.
Creating a default VPC
Create a VPC (Virtual Private Cloud) as shown below.
$ aws ec2 create-default-vpc
{
"Vpc": {
"OwnerId": "985539757503",
"InstanceTenancy": "default",
"Ipv6CidrBlockAssociationSet": [],
"CidrBlockAssociationSet": [
{
"AssociationId": "vpc-cidr-assoc-0111c20e708b227a2",
"CidrBlock": "172.31.0.0/16",
"CidrBlockState": {
"State": "associated"
}
}
],
"IsDefault": true,
"Tags": [],
"VpcId": "vpc-00617799cf31e2740",
"State": "pending",
"CidrBlock": "172.31.0.0/16",
"DhcpOptionsId": "dopt-02320dcaf6fd91eb3"
}
}Here the CIDR block is 172.31.0.0/16. The output will be given in a JSON format. Note the vpcId.
Subnets
Check if the subnets are created successfully:
aws ec2 describe-subnets - filters "Name=vpc-id,Values=<vpcId>" - query "Subnets[*].{ID:SubnetId,CIDR:CidrBlock}"Example:
$ aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-00617799cf31e2740" --query "Subnets[*].{ID:SubnetId,CIDR:CidrBlock}"
[
{
"ID": "subnet-0cfbac16072874109",
"CIDR": "172.31.0.0/20"
},
{
"ID": "subnet-0bf950784376cab19",
"CIDR": "172.31.16.0/20"
},
{
"ID": "subnet-0d10af3548785ccc7",
"CIDR": "172.31.48.0/20"
},
{
"ID": "subnet-08c1988b07451008b",
"CIDR": "172.31.32.0/20"
}
]Internet Gateway
Internet gateway are created as part of creating the default VPC. Check if the subnets are created successfully.
aws ec2 describe-internet-gatewaysExample:
$ aws ec2 describe-internet-gateways
{
"InternetGateways": [
{
"Attachments": [
{
"State": "available",
"VpcId": "vpc-00617799cf31e2740"
}
],
"InternetGatewayId": "igw-0edf1325238ca299f",
"OwnerId": "985539757503",
"Tags": []
}
]
}Route Table
A Route Table is also created and assigned to the default VPC.
$ aws ec2 describe-route-tables
{
"RouteTables": [
{
"Associations": [
{
"Main": true,
"RouteTableAssociationId": "rtbassoc-0ed54d31a73dc80c2",
"RouteTableId": "rtb-0571c0444bafe3dbc",
"AssociationState": {
"State": "associated"
}
}
],
"PropagatingVgws": [],
"RouteTableId": "rtb-0571c0444bafe3dbc",
"Routes": [
{
"DestinationCidrBlock": "172.31.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
},
{
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": "igw-0edf1325238ca299f",
"Origin": "CreateRoute",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-00617799cf31e2740",
"OwnerId": "985539757503"
}
]
}Create a Key Pair and Security Group
An AWS key pair is a set of secure credentials consisting of a public key and a private key, used primarily to securely connect to Amazon EC2 instances
Now, create the key-pair using the below command:
$ aws ec2 create-key-pair --key-name my-keypair --query "KeyMaterial" --output text > my-keypair.pemHere we have named the key pair file as my-keypair.pem and it is downloaded into the current directory where the command was run from.
For creating the Security Group use the below commands:
aws ec2 create-security-group --group-name <security-group-name> --description "<description>" --vpc-id <vpcId>Example:
$ aws ec2 create-security-group --group-name FedoraSG --description "Fedora Security Group" --vpc-id vpc-00617799cf31e2740
{
"GroupId": "sg-07a6089d022898d5e",
"SecurityGroupArn": "arn:aws:ec2:us-west-2:985539757503:security-group/sg-07a6089d022898d5e"
}Note the GroupId and use it in the next step.
aws ec2 authorize-security-group-ingress - group-id <GroupId> - protocol tcp - port 22 - cidr 0.0.0.0/0Example:
$ aws ec2 authorize-security-group-ingress --group-id sg-07a6089d022898d5e --protocol tcp --port 22 --cidr 0.0.0.0/0
{
"Return": true,
"SecurityGroupRules": [
{
"SecurityGroupRuleId": "sgr-0ad9c03c1d572224c",
"GroupId": "sg-07a6089d022898d5e",
"GroupOwnerId": "985539757503",
"IsEgress": false,
"IpProtocol": "tcp",
"FromPort": 22,
"ToPort": 22,
"CidrIpv4": "0.0.0.0/0",
"SecurityGroupRuleArn": "arn:aws:ec2:us-west-2:985539757503:security-group-rule/sgr-0ad9c03c1d572224c"
}
]
}The protocol/port we use here is TCP/22, which is the standard port for the Secure Shell (SSH) protocol.
Running the EC2 Instance Next, run the EC2 Instance using the command as given below.
aws ec2 run-instances - image-id <ami-id> - instance-type t2.micro
- key-name <Keypair-name> - security-group-ids <SecurityGroupId>
- subnet-id <SubnetId>
- associate-public-ip-address
- tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=MyEC2Instance}]'Example:
$ aws ec2 run-instances - image-id ami-09d4a84b1cda0ac74 - instance-type t2.micro - key-name my-keypair - subnet-id subnet-08c1988b07451008b - security-group-ids sg-07a6089d022898d5e - associate-public-ip-address - tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=MyEC2Instance}]'
At this step, you will need an AMI (Amazon Machine Image) image ID. Use the Fedora AMI Id for the us-west-2 region we noted above ie. ami-09d4a84b1cda0ac74Connecting to the Fedora EC2 Instance
-
Open an SSH client.
-
Locate your private key file. The key used to launch this instance is my-keypair.pem
-
Run this command, if necessary, to ensure your key is not publicly viewable.
$ chmod 400 "my-keypair.pem"-
Connect to your instance using its Public DNS:
Example:
$ ssh -i "my-keypair.pem" fedora@ec2–54–218–117–248.us-west-2.compute.amazonaws.com
The authenticity of host 'ec2–54–218–117–248.us-west-2.compute.amazonaws.com (54.218.117.248)' can't be established.
ED25519 key fingerprint is SHA256:/Gw7ysOzRvVsvbz3xdOyFP1F7mm3sFIYE1hPhJCCZ8M.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'ec2–54–218–117–248.us-west-2.compute.amazonaws.com' (ED25519) to the list of known hosts.
[fedora@ip-172–31–39–204 ~]$
[fedora@ip-172–31–39–204 ~]$ cat /etc/redhat-release
Fedora release 43 (Forty Three)Want to help? Learn how to contribute to Fedora Docs ›