Create Nitro Capable Host

This page describes some simple steps to create an AWS Nitro capable EC2 instance using the AWS CLI tools.

While there are many ways to create AWS EC2 instances (AWS EC2 Console, Terraform, etc.), the steps described in this section are simple and do not rely on any other tools than the AWS CLI command-line tools. You can skip this section if you have a preferred deployment tool.

Download the AWS CLI tools

The currently released AWS CLI tools do not support Nitro yet (Nitro is still in “preview”) so don’t use the apt, yum or snap versions of the AWS CLI. Older versions do not support nitro. You must use the AWS CLI installer from the link below:

$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
$ unzip awscliv2.zip
$ sudo ./aws/install

Authenticate to AWS

Run the following command to authenticate to the AWS infrastructure:

$ aws configure

The command above prompts for the “Access key ID” and the “Secret access key” (which you should have be provided when you signed up with AWS).

Create SSH key-pair for connecting to EC2 hosts

You should also have a SSH key-pair to connect to AWS EC2 hosts that you create. You can skip this section if you already have one.

$ aws ec2 create-key-pair \
    --region <region> \
    --key-name <keyName> \
    --query 'KeyMaterial' \
    --output text > <keyName>.pem
$ chmod 600 <keyName>.pem

Make sure you have a key-pair in the region where you will be creating the EC2 instance.

Create a Nitro capable host

In the following command, replace the string <keyname> with your actual key name:

$ aws ec2 run-instances --image-id=ami-0b0f4c27376f8aa79 --instance-type m5.xlarge \
  --enclave-options Enabled=true \
  --key-name <keyname> \
  --region us-east-2

The JSON output will contain the InstanceId, which uniquely identifies the newly created EC2 instance.

Using the InstanceId, you can query AWS to retrieve attributes of this EC2 instance (replace the string <your-instance> with the correct value):

$ aws ec2 describe-instances --region us-east-2 --instance-ids <your-instance> \
 | jq '.Reservations[].Instances[] | { id: .InstanceId, fqdn: .PublicDnsName, ip: .PublicIpAddress }'

The output should show the IP address (and public DNS name), which allows you to SSH into it using the SSH key created in the previous section (replace <keyname> and <public-ip> with the correct values):

$ ssh -i <keyname>.pem ec2-user@<public-ip>

If everything worked, you should see the following output when connecting this instance:

Last login: Wed Dec 23 20:11:30 2020 from 135-180-108-162.fiber.dynamic.sonic.net

           __|  __|_  )
           _|  (     /   Amazon Linux 2 AMI
          ___|\___|___|

    https://aws.amazon.com/amazon-linux-2/
    6 package(s) needed for security, out of 24 available
    Run "sudo yum update" to apply all updates.

Congratulations, you are connected to a Nitro capable host!

Next Steps

The rest of the instructions now assume that you are logged in this newly created EC2 instance.