Preliminary Setup

Perform these preliminary setup tasks to simplify the process of launching the NVIDIA Deep Learning AMI.

Setting Up Your AWS Key Pair

If you do not already have Key Pairs defined, then you will need to setup your AWS Key Pair and have it on the machine on which you will use the AWS CLI, or from which you will SSH to the instance. In the examples, the key pair is named "my-key-pair".

Once you have your key pair downloaded, make sure they are only readable by you, and (Linux or OSX) move them to your ~/.ssh/ directory.

chmod 400 my-key-pair*
mv my-key-pair* ~/.ssh/

On Windows, the location will depend on the SSH client you use, so modify the NVAWS_KEYPATH variable in the instance launch snippets.

Setting Up Security Groups for the EC2 Instance

In order to reach your running instances you will need a Security Group allowing (at minimum) SSH access.
  1. Log into the AWS Console (, then under the Compute section, click EC2.
  2. Enter the Security Groups screen, located on the left under "Network & Security", "Security Groups".

  3. Click Create Security Group.
  4. Give the Security Group a name (for example, "my-sg"), description, and then click Add Rule
  5. On the "Inbound" tab, add a rule for SSH, then click Create:
    • Type: SSH
    • Protocol: TCP
    • Port Range: 22
    • Source: My IP

    You may need to widen the resulting IP filter if you're not on a fixed IP address, or want to access the instance from multiple locations such as work and home.

    The following shows the filled-out Create Security Group form using the example naming.

  6. (Optional) Add additional rules.

    You may need to add additional rules for HTTP, HTTPS, or other Custom TCP ports depending on the deep learning frameworks you use.

    1. Return to the Security Group screen, select the group, then select Edit inbound rules from the Actions menu.

    2. Click Add Rule, then create rules as needed and click Save.


      • For DIGITS4

        • Type: Custom TCP Rule
        • Protocol: TCP
        • Port Range: 3448
        • Source: My IP
      • For HTTPS secure web frameworks

        • Type: HTTPS
        • Protocol: TCP
        • Port Range: 443
        • Source: My IP

      Once created, the Group ID is listed in the Security Group table.

Setting Up Security Groups for EFS

If you will be using EFS storage, you need to create a second Security Group that specifies NFS access and then use that Security group when creating the EFS.
  1. Click Create Security Group from the Security Groups page.
  2. Give the Security Group a name (for example, "my-efs-sg"), description, and then click Add Rule.
  3. On the "Inbound" tab, add a rule for NFS access, then click Create:
    • Type: NFS
    • Protocol: TCP
    • Port Range: 2049
    • Source: Anywhere