Running CFDDFC with the AWS Console
- Configure a Security Group
- Create an SSH Key Pair
- Launch an Instance
- Connect to an Instance
- Using OpenFOAM on an Instance
- Data Transfer to an Instance
- Connect with the Remote Desktop (“Classic” CFDDFC)  or
Connect with the Web Browser Remote Desktop (Web CFDDFC)
- Data Storage
- Creating a Cluster of Instances
Problem with these instructions? Please send a CFDDFC Support Query.
An AWS EC2 instance is accessed securely using SSH (Secure Shell) with public key authentication using a key pair. A key pair is two keys, stored as files, that are related to one another. One key is public, the other private. Anyone with the public key can encrypt data which can only be read by someone with the private key. As well as providing encryption, possession of the private key can also be used as proof of identity, i.e. authentication.
Each instance is associated with a key pair that controls access to it, selected during the launch process. The public key remains at AWS and is attached to the instance. The private key must be stored by the user to authenticate their access to the instance. The key pair uses the RSA (Rivest–Shamir–Adleman) encryption in the general PEM (Privacy-Enhanced Email) format, so files typically carry a
.pem extension, e.g.
awskey.pem. Key pairs are associated with a specific EC2 region.
Generating a Key Pair in AWS
- Login to the Amazon EC2 Console.
- Select the region you wish to launch an instance (see drop-down menu, top right of the panel).
- Select Key Pairs from the left menu.
- From the top right, click Create Key Pair.
- Under Name, enter
awskey(or something similarly relevant).
- Click Create Key Pair at the bottom of the screen.
- The file
awskey.pemis downloaded to your computer by your browser.
Key file permissions
The private key must be stored in a suitable location on the user’s computer. Since the private key file provides proof of identity, there are usually strict rules imposed on file permissions of the key.
Linux and macOS systems
Linux and macOS systems use UNIX-inspired file systems. SSH key files are generally stored in a “
.ssh” directory in the user’s home directory. The user can create the directory if it does not exist by the command (if it exists, it will return a message to confirm):
It is recommended that only the user has permission to access that directory, which can be set by the command:
chmod 700 ~/.ssh
The file permission must be set to read for the user only. For a key pair file named
awskey.pem file in a
.ssh directory, use the command:
chmod 400 ~/.ssh/awskey.pem
MS Windows systems
Windows 10 can follow the same instructions as above when using WSL (see above). On the Linux subsystem, follow the “
mkdir ~/.ssh” and “
chmod 700 ~/.ssh” commands to configure the
~/.ssh directory, then copy the key file into it by the command (example uses the file location example above):
cp /mnt/C:/Users/john/azkey.pem ~/.ssh/
ssh can be run from the
cmd Command Line. The key file is then stored on the Windows NTFS (New Technology File System) which has more complex access control lists (ACLs) and its Active Directory service. The permissions of the key file must be user-only which can be checked using the Windows file browser. They can be set using
cmd as follows: for user name “
john” with a key file
azkey.pem stored in the home directory
C:/Users/john on the
C: drive, enter the commands, in order:
icacls C:/Users/john/awskey.pem /inheritance:r /deny "*S-1-1-0:f" icacls C:/Users/john/awskey.pem /inheritance:r /grant:r john:f
Remember to replace the user name
john and the path and key file name
awskey.pem to suit your circumstances. When using
ssh on the Windows Subsystem for Linux, it is logical to copy the key file from the Windows filing system to a
~/.ssh directory on the Linux file system. From the terminal within the Linux subsystem, follow the “
mkdir ~/.ssh” and “
chmod 700 ~/.ssh” commands above to configure the
~/.ssh directory, then copy the key file into it bythe command (using the file location example above):
cp /mnt/C:/Users/john/awskey.pem ~/.ssh/
See Creating Your Key Pair Using Amazon EC2 and Connect to your Linux instance from Windows using WSL.