Steps: $1.$ Launch an EC$2$ Instance i$.$ Log in to your AWS Management Console. ii$.$ Navigate to EC$2$ under the Compute secton$.$ iii. Click on Launch Instance and select a suitable AMI $($Amazon Linux $2).$ iv$.$ Choose an instance type $($e$.$g$.,$ t$2.$micro for free tier eligibility$).$ v$.$ Configure instance details $($leave defaults for now$).2.$ Create and Assign a Security Group: i$.$ On the Configure Security Group step: ii$.$ Create a new security group. iii. Allow SSH $($port $22)$ for your IP only. iv$.$ Allow HTTP $($port $80)$ from anywhere for web access $($you can restrict it to specific IPs later$).$ Click on Review and Launch. Refer : https:$//$docs$.$aws.amazon.com$/$AWSEC$2/$latest$/$UserGuide$/$ec$2-$security$-$ groups.html $3.$ Create an IAM Role: i$.$ Go to IAM in the AWS Console. ii$.$ Click on Roles $>$ Create Role. iii. Select AWS Service $>$ EC$2.$ iv$.$ Attach the AmazonS$3$ReadOnlyAccess policy to the role $($this grants read$-$ only access to S$3$ buckets$).$ v$.$ Give the role a name, e$.$g$.,$ EC$2-$S$3-$ReadOnly. vi$.$ Attach this IAM role to your EC$2$ instance. $24.$ Test Access and Security Configuration: i$.$ SSH into your EC$2$ instance using the key pair you created. ii$.$ Test S$3$ access by running : aws s$3$ ls iii. The above command should list your S$3$ buckets $($if any$).$ If not, review the role and permissions. $5.$ Enhance Security $($Optional$)$: i$.$ Use AWS Inspector to run a security assessment on your EC$2$ instance. ii$.$ Set up CloudWatch Alarms to monitor security group changes. $6.$ References: $$ AWS Security Best Practices