Basics and correct way of using AWS CLI

6 min readOct 15, 2020

You’ll get to know about how you can use AWS CLI v2 for creating your own key pair, security group, launching an instance, creating ebs volume, attaching it to the instance created, and how to start using the mounted volume.

Why do we need to have AWS CLI?

In this agile and automated world, we have customized and dynamic requirements. We cannot have all the customized things done using the Web UI of the AWS and we can't even automate Web UI, so we need a way to communicate with the API’s according to the customized need and create a script using the commands for automation. So, let’s start using AWS CLI.

Note: Here, automation meant for custom needs. Yes, there are ways to automate Web UI but, it works only for one use case perfectly. We cannot change it according to our needs as quickly as possible. We need to again configure it for the use case.

Step 1: Creating Key-Pair

We need to have a key pair and security group to launch an instance in AWS. It is not compulsory but if you want to use the instance by logging into the instance we need to have a key. Similarly, if we want to remote login to it, we need the SSH service running, for this, we have to allow the clients to connect on it, this will be done using the security group. Here we will write the security rule for allowing everyone to connect.

aws ec2 create-key-pair — key-name arthkey — query “KeyMaterial” > arthkey.pem

This command will help you to create a key pair o AWS and save the KeyMaterial into a file you want, here, I have named it as arthkey and the format must be .pem, because AWS only allows this format keys to remote login. After doing so, we have to open the file and reformat the file a bit, because, there will be much \n escapes sequence and the whole key will be inside a “ “ Hence we have to first remove all \n and manually give next line(enter) to format it correctly and remove the “ ” form the key file. After doing so, it would look something like this.

Note: People usually forget to store the key and even if they store, they get an error in the format of the key. This error is because of the “ “ and \n

Step 2: Creating a Security Group allowing only the SSH service

Creating the security group is one of the main security factors which we will be using while provisioning the instance. Hence, we need to careful and aware of all the features and it’s working. In our case, we just want SSH to be enabled to clients. Later in this article, I will also show you, that if we want only our PC to be allowed we can also do it.

aws ec2 create-security-group — description “arth-security-group” — group-name “arth”

This command will only create an empty security group with respect to the ingress rules. Egress rules are by default set to all while creating it using CLI but the ingress is left blank. So, we need to write the rule for allowing the SSH connection.

aws ec2 authorize-security-group-ingress — group-name arth — protocol tcp — port 22 — cidr

Note: there’s space after each field.

This will create an ingress rule for our security group named arth. cidr field tells which range of IPs are allowed, means to all.

Note: If you want that, only your PC can access the instance and nobody else, then give your PC public IP instead of, you can find your PC’s public IP using this website,

Step 3: Launching the instance with the key pair and security group we made.

aws ec2 run-instances — image-id ami-052c08d70def0ac62 — count 1 — instance-type t2.micro — key-name arthkey — security-group-ids sg-0b9acf21664b259c5

Note: there’s space after each field.

In this command we have used, image-id which we have to go to Web UI and take it because it’s not available in the AWS CLI help. count says how many instances we need. instance-type means how much computational power we need, it’s available in the AWS CLI help. security-group-ids filed requires the ID, we can copy it from the output of creating the security group. Each command we run, we will get output in JSON format and we can get the ID from it.

Step 4: Creating EBS volume

In industry, needs vary every minute. So, let's say we need to increase the storage capacity of the instance by 1 GiB.

First, we have to make an EBS volume of size 1 GiB.

aws ec2 create-volume — volume-type gp2 — size 1 — availability-zone ap-south-1b

Here, we have to give the same availability-zone where the instance is launched otherwise it won’t be able to connect. we can get this information from the output of step 3.

Step 5: Attaching the EBS volume to the instance.

aws ec2 attach-volume — volume-id vol-02298c8cde18b5337 — instance-id i-0fe5c0bac2df5d727 — device /dev/sdf

Here, we can get the volume-id from the output of step 4 and instance-id from step 3. This will attach the volume we created into the instance.

Note: Now, the real work starts! We have attached the volume but we cannot still use the drive, because we still have to partition — >format — >mount the drive. Many people fail to do this and due to which, they are not able to use the drive.

Step 6: Log in to the instance using the generated key and perform partition →format → mount

While creating the key pair, we have saved the key as arthkey.pem in our local system and formated it correctly for not getting any format error. This solution is not given precisely on the internet or any other blogs.

ssh -i arthkey.pem ec2-user@

Using this command of ssh, we can log in to the instance, here the IP will be your instance IP, which you can get from the result of step 3.

Note: Run this command from the folder where you have your arthkey.pem

After logging into the instance we have to perform three steps to use the attached volume.

  1. Create a folder where we want to mount the volume( you can create or pre-created directory also works).
    sudo su -root
    This will make you root user
    mkdir volAtt
    This will make a directory/folder
  2. We can either partition it first or directly format it. Directly formatting will automatically partition it. So, we will directly format it.
    mkfs.ext4 /dev/xvdf
    Here, we have formated /dev/xvdf because, in AWS, when we attach a volume on /dev/dfs internally it will name it as /dev/xvdf
  3. Finally, we will mount it.
    mount /dev/xvdf volAtt
    Now, we will be able to use the extra 1 GiB volume which we attached, until then we can't use this drive. We will finally check if everything went successfully by running the df-h command. This command will list all the in-use mounts.

We can see it’s finally in use.

Finally, we have achieved the right knowledge and way of:

  1. Creating a key pair and saving it for future use with correct format.
  2. Creating a security group that only allows SSH service and even how can we only allow our PC to connect to the instance.
  3. Launching the instance using the key and security group.
  4. Creating the EBS volume and attaching it to the instance.
  5. Until and unless we don't partition, format, and mount it, we cannot use the attached volume. Hence, we have done that also by physically logging into the instance using the key we created.

Thank you for reading this article! If you have any queries, feel free to connect on LinkedIn at




C|EH | Cybersecurity researcher | MLOps | Hybrid Multi Cloud | Devops assembly line | Openshift | AWS EKS | Docker