Note: this guide has not yet been tested - it was generated by Gemini for a particular project and it was posted here only for reference - That said, if it works for you please let me know!

Guide: Setting up a Java Application on AWS EC2

Objective: Create a Linux server running a Java App with a static IP and secure S3 access.

Step 1: Create the Permission (IAM Role)

This gives your server an "ID Badge" to access S3 files without saving passwords on the server.

1. Log in to the AWS Console and search for IAM.
2. Click Roles (left menu) → Create role.
3. Select AWS Service and choose EC2.
4. Click Next. Search for and check the box for: AmazonS3FullAccess.
5. Name the role: EC2-S3-Access-Role.
6. Click Create role.

Step 2: Create the Firewall (Security Group)

This allows traffic from the internet to reach your application.

1. Go to the EC2 Dashboard.
2. On the left menu, under Network & Security, click Security Groups.
3. Click Create security group.
4. Name: Java-App-Firewall.
5. Inbound Rules (Add these two rules):
   • Type: SSH | Port: 22 | Source: My IP (Restricts login to you only).
   • Type: Custom TCP | Port: 8080 | Source: Anywhere-IPv4 (0.0.0.0/0).
6. Click Create security group.

Step 3: Launch the Server (EC2)

This is the actual Virtual Machine.

1. Go to Instances → Launch Instance.
2. Name: My-Java-Server.
3. OS Image: Select Amazon Linux 2023 (or Amazon Linux 2).
4. Instance Type: Select t2.micro or t3.micro (Free tier eligible).
5. Key Pair: Create a new key (e.g., my-server-key.pem) and download it. Keep this safe!
6. Network Settings:
   • Select "Select existing security group".
   • Choose Java-App-Firewall (created in Step 2).
7. Advanced Details (Crucial Step):
   • Find IAM instance profile.
   • Select EC2-S3-Access-Role (created in Step 1).
8. Click Launch Instance.

Step 4: Make the IP Permanent (Elastic IP)

Ensures your IP address never changes, even if you restart the server.

1. In the EC2 menu, click Elastic IPs → Allocate Elastic IP address → Allocate.
2. Select the new IP address from the list.
3. Click Actions → Associate Elastic IP address.
4. Instance: Select My-Java-Server.
5. Click Associate.

   Note: Use this IP address for all connections moving forward.

Step 5: Install Java & Connect

1. Open your computer's terminal (Mac/Linux) or PowerShell (Windows).
2. Connect via SSH:
   (Replace 1.2.3.4 with your Elastic IP)

ssh -i my-server-key.pem ec2-user@1.2.3.4

1. Install Java:

sudo yum update -y
sudo yum install java-17-amazon-corretto -y

1. Upload your App: Use a tool like FileZilla or SCP to upload your my-app.jar to the /home/ec2-user/ folder.

Step 6: Automate the App (Systemd)

Ensures the app runs in the background and restarts if it crashes.

1. Create the service file:

sudo nano /etc/systemd/system/myapp.service

1. Paste the following configuration into the editor:

[Unit]
Description=My Java App
After=network.target

[Service]
User=ec2-user
# CHANGE the filename below to match your actual jar file
ExecStart=/usr/bin/java -jar /home/ec2-user/my-app.jar
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

1. Save: Press Ctrl+O, Enter, then Ctrl+X.
2. Start the App:

sudo systemctl daemon-reload
sudo systemctl enable myapp
sudo systemctl start myapp

Step 7: Package for Multiple Deployments (AMI)

Once the server is verified (above), save it as a "Golden Image" to launch exact copies instantly.

1. Prepare the Server:
   • Delete temporary files or logs you don't want copied.
   • (Optional) Stop the instance to ensure data consistency.
2. Create the Image:
   • Go to the EC2 Dashboard → Instances.
   • Right-click your My-Java-Server.
   • Select Images and templates → Create image.
   • Name: Java-App-Golden-Image-v1.
   • Click Create image.
3. Wait for Completion:
   • Go to Images → AMIs (left menu).
   • Wait until the Status changes from pending to available.
4. Launch Copies:
   • When launching a new instance, under Application and OS Images, click My AMIs.
   • Select your image. The new server will start with Java and your App already installed!

Step 8: Troubleshooting

Common issues and how to fix them.

1. I cannot connect via SSH

• Error: "Connection timed out"
• Cause: Usually a firewall (Security Group) issue.
• Fix: Go to EC2 Dashboard → Security Groups. Ensure your group has an Inbound Rule for port 22 from your IP address.

• Error: "Permission denied (publickey)"
• Cause: You are using the wrong key or username.
• Fix: Ensure you are using ec2-user (for Amazon Linux) and the command includes -i my-key.pem.

2. The App isn't loading in the browser

• Check the Firewall: Does your Security Group allow inbound traffic on Port 8080 from 0.0.0.0/0?
• Check the App: Run curl localhost:8080 inside the server.
  • If this works, the app is running, and the issue is the AWS firewall.
  • If this fails, the app is not running. Check logs below.

3. The App keeps crashing (Looping)

• View Logs: Run journalctl -u myapp -f to see why it crashed.
• Common Java Error: "Address already in use" → This means the app is already running. Kill it using sudo pkill java and restart.
• Common Memory Error: "OutOfMemoryError" → Your server (t2.micro) only has 1GB RAM. Try adding a swap file or upgrading the instance type.

4. "Access Denied" when running S3 commands

• Cause: The IAM Role is missing or incorrect.
• Fix:

1. Go to EC2 Dashboard → Right-click instance → Security → Modify IAM Role.
2. Ensure EC2-S3-Access-Role is selected.
3. If it is selected, go to IAM and ensure the role has the AmazonS3FullAccess policy attached.

Verification

• Check App Status: sudo systemctl status myapp
• View App Logs: journalctl -u myapp -f
• Test S3 Access: aws s3 ls (Should list buckets without asking for a password).

Other Documentation

AWS - Running Java Applications on Amazon EC2-a1 Instances with Amazon Corretto