Template Catalog
L0ManualBeginner

Manual EC2 + Docker

Deploy by hand to understand the fundamentals.

Overview

The starting rung. You launch an EC2 instance in the AWS console, SSH into it, install Docker yourself, and run your app as a container — by hand. Nothing here is repeatable, and that's the point: you feel every moving part before you automate it away.

Architecture

Your laptop
EC2 instance
Docker container
Security group

Your laptop connects over SSH to a single EC2 instance. Docker runs one container that serves HTTP on port 80 directly to the internet.

  1. 1You launch an EC2 instance with a public IP in the default VPC.
  2. 2A security group allows inbound SSH (22) and HTTP (80).
  3. 3You SSH in, install Docker, and run the container.
  4. 4Visitors hit the public IP on port 80 and reach your container.

A laptop connects via SSH to one EC2 instance inside a default VPC; the instance runs a single Docker container exposing port 80 to the internet.

What you'll understand

  • Understand what an EC2 instance actually is — a Linux server you rent by the second.
  • Connect to a remote machine over SSH using a key pair.
  • Install Docker and run a containerized web app by hand.
  • See why doing this manually does not scale, which motivates every later level.

Prerequisites

  • An AWS account with a billing alert set
  • Basic Linux command-line comfort (cd, ls, sudo)
  • A terminal with an SSH client (built into macOS/Linux/WSL)
  • A Dockerized web app, or use the public nginx demo image(optional)

Generated files

The files this template produces. Copy any of them straight into your project.

2 files

The exact commands to run on the instance, in order.

commands.sh
bash
# Run these ON the EC2 instance after you SSH in.

# 1. Install Docker (Amazon Linux 2023)
sudo dnf update -y
sudo dnf install -y docker
sudo systemctl enable --now docker
sudo usermod -aG docker ec2-user   # log out/in for this to take effect

# 2. Run a container (nginx demo, or swap in your own image)
docker run -d --name web -p 80:80 --restart unless-stopped nginx:1.27-alpine

# 3. Verify
docker ps
curl -s localhost | head -n 5

Step-by-step guide

  1. 1

    Launch an EC2 instance

    In the EC2 console, launch an instance with Amazon Linux 2023 on a t3.micro (free-tier eligible). Create a new key pair and download the .pem file — this is how you'll log in.

    Store the .pem file somewhere safe and never commit it to git.

  2. 2

    Open the right ports

    In the instance's security group, allow inbound SSH (port 22) from your IP only, and HTTP (port 80) from anywhere so visitors can reach the app.

    chmod 400 devops-launchpad.pem

    SSH refuses to use a key file that others can read.

  3. 3

    SSH into the server

    Connect using your key and the instance's public IP. You're now on a fresh Linux box in the cloud.

    ssh -i devops-launchpad.pem ec2-user@<PUBLIC_IP>

    ec2-user is the default login for Amazon Linux.

  4. 4

    Install Docker and run the app

    Install the Docker engine, enable it as a service, then run your container mapped to port 80.

    sudo dnf install -y docker && sudo systemctl enable --now docker

    Installs Docker and starts it now + on every boot.

    docker run -d --name web -p 80:80 --restart unless-stopped nginx:1.27-alpine

    Runs the container detached and restarts it if it crashes.

  5. 5

    Visit your app

    Open http://<PUBLIC_IP> in a browser. You just deployed to the cloud — manually. Notice how many steps had to be exactly right.

AI insight

Ask the assistant to explain, review, or recommend — authored for this template.

AI insightAuthored

What this architecture is doing

There's exactly one moving piece you control: a single Linux server (EC2) with Docker on it. Your laptop reaches it two ways — SSH for administration and HTTP for the app. A security group is the firewall deciding who gets in.

  • EC2 = a Linux box you rent by the second.
  • Security group = a stateful firewall around that box.
  • Docker = the thing actually running your app, isolated from the host.

Security notes

  • SSH exposed to the internet

    High

    If SSH (22) is open to 0.0.0.0/0, your box is constantly probed by bots. Restrict it to your IP.

    Later levels lock SSH down and move toward keyless, pipeline-based deploys.

  • Plain HTTP, no TLS

    Medium

    Traffic is unencrypted. Fine for a demo, not for anything real.

    Level 1 adds Nginx + Certbot for free Let's Encrypt TLS.

  • Snowflake server

    Medium

    Every change is made by hand, so no one can reproduce this box or know its exact state.

    Level 2 makes the whole machine reproducible with Terraform.

Cost notes

Free tier~$7.50/mo~$0.01/hr if left running · free-tier eligible

  • EC2 t3.micro

    Free tier covers 750 hours/month for 12 months; otherwise ~$7.50/month if left on.

  • Public IPv4 address

    AWS now charges ~$0.005/hour (~$3.60/month) per public IPv4, even on free tier.

Cleanup guide

Tear it down when you're done — the fastest way to avoid a surprise bill.

  1. 1

    Terminate the EC2 instance in the console (Instance state → Terminate).

    Billing
  2. 2

    Delete the security group and key pair if you won't reuse them.

  3. 3

    Confirm in the Billing dashboard that nothing is still running.

    Billing

Troubleshooting

Where to go next

L1

EC2 + Docker Bootstrap Script