Launch an Ubuntu EC2 instance using the AWS CLI

Assuming you have an existing AWS account and some means for terminal based command-line access, you can launch an EC2 instance using CLI (command-line interface). You’ll need to:

  • setup the required AWS credentials

  • install AWS CLI

  • find an appropriate Ubuntu AMI (Amazon Machine Image) and

  • instantiate an instance with that AMI

Setup credentials

You need key pairs and access keys to use AWS and EC2 services. A brief introduction to these credentials can be found in EC2 credentials.

Create a key pair

SSH key pairs are needed to log in to an EC2 instance from your local machine. To create an SSH key pair (using the AWS console, CLI or CloudFormation), follow the AWS instructions for creating key pairs.

Create access keys

Access keys have to be created and set up to access the various AWS services and resources. Create an access key using the Access keys tab on the Security credentials page (account details menu > Security credentials) of a logged in user.

  1. Select Create access key

  2. Choose Command Line Interface (CLI) as the Use case, provide the required confirmation by ticking the check-box and select Next

  3. Optionally set a description tag and select Create access key

  4. Save the created Access key ID and Secret access key

Install AWS CLI

If you are running Ubuntu on your local machine, run:

sudo snap install aws-cli --classic

For other operating systems, follow the appropriate instructions from the AWS documentation for installing AWS CLI.

Before you can start using the AWS CLI, you need to configure it by running:

aws configure

You’ll have to enter values for each of:

AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:

Use the access key details saved earlier, specify a region and choose your preferred CLI output format from one of json, text or table.

Find an Ubuntu AMI

To launch an EC2 instance that uses Ubuntu, you’ll need to choose an appropriate Ubuntu image and get the official AMI ID for it. The image can be chosen based on your requirements, e.g. the machine’s architecture, features needed from the OS, etc. Once chosen, get the corresponding AMI ID by following the instructions at Find Ubuntu images on AWS.


Official Ubuntu AMIs are published by the user ‘Canonical’ whose Amazon ID is ‘099720109477’. Images containing the string ‘ubuntu’ but not owned by this ID are not official AMIs.

Create a security group (optional)

Security groups allow you to specify firewalling rules for your instances. To understand security groups better, refer to Amazon’s documentation for EC2 security groups and to create your own security group, follow the instructions for creating a security group. If you don’t specify any security groups when you instantiate an instance, it will be added to the default security group.

Instantiate the image

Using the AMI ID and key pair obtained above, launch an instance by running:

aws ec2 run-instances --image-id <image id> --key-name <your key pair> --instance-type <instance type>

See Amazon EC2 instance types for descriptions of the available instance types, and Amazon EC2 pricing for the current pricing of instances, data transfer and storage. An example command would look like:

aws ec2 run-instances --image-id ami-0014ce3e52359afbd --key-name TestKeyPair --instance-type t3.medium

Check status

To see the status of your instance, run:

aws ec2 describe-instances --instance-ids <your instance id>

where <your instance id> is obtained either from the output of the previous ec2 run-instances command or from the Instances tab of your EC2 console.

Log in to the instance

If you created a security group for your instance, modify it to allow network access for the SSH port:

aws ec2 authorize-security-group-ingress --group-id <your security group id> --port 22

You can skip the above command if you launched the instance using the default security group.

Log in to the instance using:

ssh -i <private SSH key file> ubuntu@<external-host-name>

where <private SSH key file> is the filename of the private SSH key that corresponds to the key pair specified in the ec2 run-instances command above. The <external-host-name> can be found using the ec2 describe-instances command, in the PublicDnsName field. An example SSH command looks like:

ssh -i TestKeyPair.pem

Once you have logged in, you can set up and use the instance like any other Ubuntu machine.

Terminate the instance

You will be billed as long the instance is running, so you’ll probably want to shut it down when you’re done:

aws ec2 terminate-instances --instance -ids <instance id>