Amazon EC2

Virtual servers you control. Pick specs, launch in minutes.

computeFree Tierintermediate

750+

Instance Types

All families and sizes

Per Second

Billing

Minimum 60 seconds

$0.0042/hr

Lowest Price

t4g.nano On-Demand

99.99%

SLA Uptime

Multi-AZ commitment

What is EC2?

Virtual servers in the cloud. You pick the CPU, RAM, OS, and software. Full root access. Think: Renting a computer by the hour. Scale from 1 to 1,000 servers instantly.

Think of it like renting a computer

Pick your specs (CPU, RAM), choose your OS (Linux/Windows), and you're running in minutes. Pay only for what you use.

Key Features

General Purpose (M, T)

Balanced CPU + RAM. Good default choice.

Compute Optimized (C)

High CPU power. For batch jobs, encoding, gaming servers.

Memory Optimized (R, X)

Lots of RAM. For databases and caching.

Storage Optimized (I, D)

Fast local disks. For data warehouses.

GPU Instances (P, G)

Graphics cards. For ML training and rendering.

Graviton (ARM)

40% cheaper. Works for most workloads.

When to Use

Need full server control
Running Windows or specific OS
Custom database setup
GPU/ML training workloads
Legacy apps that can't containerize
Long-running background jobs

When Not to Use

Short tasks under 15 min → Lambda
Containerized apps → ECS/EKS/Fargate
Static websites → S3 + CloudFront
Managed databases → RDS
Simple web apps → Elastic Beanstalk
NoSQL needs → DynamoDB

Prerequisites

An AWS account (free tier available)
Basic understanding of Linux/Windows
AWS CLI installed (optional but recommended)

AWS Console Steps

Open EC2 Dashboard

Navigate to EC2 in the AWS Console and click 'Launch Instance'

Choose an AMI

Select Amazon Linux 2023 (free tier eligible) for this tutorial

Select Instance Type

Choose t2.micro (free tier) or t3.micro for production

Configure Security Group

Allow SSH (port 22) from your IP address only

Create Key Pair

Download the .pem file - you'll need this to SSH into your instance

Launch & Connect

Click Launch, then connect via SSH using your key pair

AWS CLI Quickstart

Launch EC2 instance with AWS CLI

Create a new EC2 instance using the AWS CLI

cli

# Launch a new EC2 instance
aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.micro \
  --key-name my-key-pair \
  --security-group-ids sg-xxxxxxxx \
  --subnet-id subnet-xxxxxxxx \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=MyWebServer}]'

# Check instance status
aws ec2 describe-instances \
  --filters "Name=tag:Name,Values=MyWebServer" \
  --query 'Reservations[].Instances[].{ID:InstanceId,State:State.Name,IP:PublicIpAddress}'

This creates a t3.micro instance with the specified AMI, attaches it to your VPC, and tags it for easy identification.

First Project Ideas

Host a simple web server with Nginx or Apache
Set up a development environment with your favorite stack
Create a bastion host for secure VPC access
Deploy a WordPress blog
Run a game server for Minecraft or Valheim

Pro Tips8

Start with t3 instances

performance

Use t3.micro for dev, t3.small/medium for prod. They're cheap and handle burst traffic well.

Start small, scale up when needed

Don't over-provision from day one

Spot saves 90%

cost

Spot Instances cost 90% less than On-Demand. Use them for batch jobs, CI/CD, and dev environments.

Use Spot for stateless, interruptible workloads

Don't use Spot for databases

Reserved for 24/7 workloads

cost

Running instances 24/7 for a year? Reserved Instances save 30-72%. Analyze usage first.

Commit only after analyzing usage patterns

Don't buy RIs for changing workloads

Security Groups are stateful

security

Security Groups auto-allow return traffic. Only define inbound rules for most cases.

Use Security Groups as primary firewall

Don't open ports to 0.0.0.0/0

Enable IMDSv2

security

IMDSv2 blocks SSRF attacks on metadata. Require it in production - no exceptions.

Configure instances to require IMDSv2

Don't leave IMDSv1 enabled

Use gp3 volumes

cost

gp3 is 20% cheaper than gp2 with better performance. No reason to use gp2 anymore.

Default to gp3 for all new volumes

Don't use gp2 for new deployments

Use IAM Roles, not keys

security

Never store credentials on instances. IAM Roles auto-rotate and are way more secure.

Attach IAM roles to instances

Never hardcode AWS credentials

Always use Auto Scaling

reliability

Put even single instances in an ASG with min=max=1. Auto-recovery if instance fails.

Use ASG for self-healing

Don't run standalone instances in prod

Key Facts8

Instance families: M (general), C (compute), R (memory), P/G (GPU), I/D (storage)

Higher numbers = newer generation.

default

EBS max size: 64 TiB per volume, 28 volumes per Nitro instance

Use gp3 for best price/performance.

limit

Security groups: Max 5 per interface, 60 rules each

Can increase via support request.

limit

Placement groups: Cluster (low latency), Spread (7/AZ max), Partition (distributed)

Cluster for HPC, Spread for HA.

behavior

Spot warning: 2-minute notice before termination

Check metadata or use CloudWatch Events.

behavior

Instance store: Data LOST on stop/terminate

Only for caches and temp data.

behavior

Billing: Per-second (60-second minimum)

Applies to On-Demand, Spot, and Reserved.

behavior

Elastic IPs: Cost money when NOT attached

$0.005/hour (~$3.60/month) when unused.

limit

AWS Certification Practice4

mediumsaa-c03soa-c02

Which purchasing options?

mediumsaa-c03sap-c02

Which EC2 feature?

hardscs-c02saa-c03

How to mitigate?

mediumsaa-c03sap-c02

Which purchasing option?

Often Used With

EBS ELB VPC ROUTE53 CLOUDWATCH IAM S3 RDS

Documentation

AWS Documentation Pricing Details AWS Console