# Build AWS EC2 Instance ## Before we begin Please make sure you created your SSH key pairs prior to starting these steps. {% content-ref url="/pages/SZ8YBbmpjJILqGWxrmx5" %} [SSH Remote Access](/run-a-node/references/ssh-remote-access.md) {% endcontent-ref %} ## VPS Build Procedure Creating your account on AWS is a simple process similar to all other SaaS model services. At the current time, we will leave this process up to you. {% stepper %} {% step %} ### Sign Up for an AWS account [AWS Sign Up Page](https://aws.amazon.com/)

{% endstep %} {% step %} ## Create SSH Keys If you have not yet created your SSH keys, please follow the instructions at the link below to generate your public and private key pair: ### [SSH Remote Access](/run-a-node/references/ssh-remote-access.md) Once you have successfully generated your SSH keys, return here and continue to the next step. {% endstep %} {% step %} ### Navigate to EC2 Console * Enter in `ec2` in the search bar at the top left * Rest your mouse over `EC2 Virtual Services in the Cloud` * Click on `Dashboard` in the top features section.

{% endstep %} {% step %} ### Access Key Pair Console Choose `Key Pairs` from the `Network & Security` section

Choose `Actions` and `Import key pair`

* Decide on a key pair name that you will use to identify your key pair later. * You should have already created your [SSH KEYS](/run-a-node/references/ssh-remote-access/create-ssh-keys.md), if not, please do so and return to this step. * Click the `Browse` to navigate to your public key on your local system, select that key and choose `Open`

* Import key pair

You will be returned to the `Key pairs` console and should see your key pair in the list (table) of the console with details about the key. {% endstep %} {% step %} ### Access Security Groups Console From the same `Network & Security` section choose `Security Groups` .

* Create a new security group.

Give your security group a name and description

Leave the `VPC` at the default. {% endstep %} {% step %} ### Create your rules From the `Inbound rules` select `Add rule`

* Select *Type* `SSH` * **Please refer to** [**Wide Open SSH Access**](/run-a-node/references/ssh-remote-access/securing-ssh-access.md) **document for details on the security implications of allowing any system that is connected to the internet to have access to your `SSH` port. This document contains instructions on how to determine your local IP address for entry in this section.** * Destination choose `Custom` * We will assume you decided to use a static IP address, in this example our static IP address i**s 13.13.13.13/32 (** Do NOT use this address, it is an example only. **)** Type in `13.13.13.13/32` into the box and the blue CIDR block item will auto-populate, select it.

* Choose the `Add rule` again. This rule is designed for both a Hypergraph hybrid layer validator DAG layer1 and a Dor data layer 1 nodes. * Select *Type* `Custom TCP` * Port Range `9010-9011` * Destination `Anywhere-IPv4`

* **Hypergraph Hybrid Nodes ONLY** This rule is designed for validator Hypergraph layer0 nodes. * Choose the `Add rule` again * Select Type `Custom TCP` * Port Range `9000-9001` * Destination `Anywhere-IPv4` * Click the `Create security group` button

You will be returned to the security group console and you should see your security group in the list table. {% endstep %} {% step %} ### Enter EC2 instances console Click on the `Instances` from the `Instances` section on the left side panel.

{% endstep %} {% step %} ### Enter Launch Instances Wizard Click on `Launch instances` on the top right of the screen.

{% endstep %} {% step %} ### Name your VPS In the `Name and tags` section enter the name you would like to call your VPS.

{% endstep %} {% step %} ### Choose your Application and OS Image Choose `Ubuntu` The [`AMI`](#user-content-fn-1)[^1] will auto populate. Ubuntu Server `24.04` Leave the default options

{% endstep %} {% step %} ### Choose your Instance Type Click the drop down and type in the search: **Hypergraph Validator**: `m7i.2xlarge` or `t2.2xlarge` **Dor Data Layer 1 Validator**: `t2.medium`

{% endstep %} {% step %} ### Choose your key pair (SSH) Click on the drop down inside the `Key pair` section and choose the key pair you uploaded in step 4.

{% endstep %} {% step %} ### From the Network Settings section Select the `Select existing security gruop` and select your security group (firewall policy) from the list.

{% endstep %} {% step %} ### From the Configure Storage section Set the size to `320` GiB `gp3`

{% endstep %} {% step %} ### Launch instance Click Launch instance from the left side **Summary** section.

{% endstep %} {% step %} ### Success Confirmation Select the link to the instance ID from the green success box.

{% endstep %} {% step %} ### Enter the details of your new VPS Select the link to the instance ID from the list table

{% endstep %} {% step %} ### Record the IP address of your VPS

{% endstep %} {% endstepper %} ## Complete ### You have successfully launched a VPS instance in AWS, Congratulations You are now ready to continue to connect to your node for the first time, install nodectl and turn your EC2 instance (VPS) into a Constellation Network Validator Node! [^1]: Amazon Machine Image --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.constellationnetwork.io/run-a-node/validator-node-guides/build-your-node/cloud-provider-specific/build-aws-ec2-instance.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.