Test

Amazon EC2 — Practical Guide for Cloud & DevOps Engineers

A concise, practical overview of Amazon EC2 concepts, storage, networking, pricing models, security best practices and tips you can use on the job. This guide is written for cloud and DevOps engineers who want quick, actionable reference.

Amazon EC2 — Definition & Why Use It

Amazon EC2 (Elastic Compute Cloud) provides resizable, secure, and scalable virtual servers (instances) in the AWS Cloud.

Why use EC2?

• No need to buy physical servers
• Scale up/down quickly
• Pay only for what you use

EC2 Instance Basics

Instance: A virtual server in AWS.

AMI (Amazon Machine Image): Template containing OS + software (Amazon Linux, Ubuntu, Windows).

Instance types — common categories:

• General Purpose (e.g., t3.micro) — balanced workloads
• Compute Optimized (c5.large) — high CPU workloads
• Memory Optimized (r5.large) — databases, big data
• Storage Optimized (i3.large) — heavy I/O
• Accelerated Computing (p3, g4) — ML/AI, GPUs

EC2 Pricing Models

1. On-Demand — pay per hour/second, no commitment (best for short-term).
2. Reserved Instances — 1 or 3 year commitment, lower cost.
3. Spot Instances — up to ~90% discount, interruptible.
4. Savings Plans — commit to $/hr usage, flexible across instances.
5. Dedicated Hosts/Instances — physical single-tenant servers for compliance/licensing.

EC2 Key Components

• Key Pairs — SSH login to instances (keep private key safe).
• Security Groups — instance-level virtual firewall (inbound/outbound rules).
• Elastic IP — static public IP you can remap.
• User Data — scripts that run at boot for bootstrap/configuration.

EC2 Networking

VPC (Virtual Private Cloud) — every EC2 runs inside a VPC.

Subnet — IP address range inside VPC. Public vs Private:

• Public subnet — internet-accessible
• Private subnet — internal-only (databases, internal apps)

Other networking terms: ENI (Elastic Network Interface), EIP (Elastic IP), ELB (Elastic Load Balancer).

EC2 Storage Options

EBS (Elastic Block Store) — persistent block storage (boot volumes, databases). Types: SSD (gp3, io2), HDD (st1, sc1).

Instance Store — ephemeral/local storage attached to host (data lost on stop/terminate). Good for caches/scratch.

EFS — shared file system mountable by multiple EC2s.

S3 — object storage for backups, assets (access via API).

Feature comparison (quick):

Type	EBS (Block)	Instance Store (Ephemeral)	EFS (File)	S3 (Object)
Durability	Persistent	Ephemeral	Persistent	Extremely High
Shared Access	No	No	Yes	Yes (API)
Mountable	Yes	Yes	Yes	No

EC2 Scaling & Availability

• Auto Scaling Groups (ASG) — add/remove instances automatically based on demand.
• Elastic Load Balancing (ELB) — distribute traffic across instances.
• High availability — deploy across multiple Availability Zones.
• Elastic Beanstalk — managed service to deploy and scale EC2-based apps.

EC2 Monitoring & Security

• CloudWatch — monitor CPU, memory, disk, network metrics.
• CloudTrail — logs API activity (who launched/stopped EC2).
• Systems Manager (SSM) — remote management without SSH (useful for automation).
• IAM Roles for EC2 — grant instance permissions (least privilege).

Security best practices:

• Use least-privilege IAM roles.
• Restrict Security Group rules to required ports/IPs only.
• Rotate keys/passwords regularly.
• Enable IMDSv2 for metadata access protection.

EC2 Advanced Features

Placement Groups:

• Cluster — packed close together; low latency, high bandwidth (high performance).
• Spread — spread across hardware to maximize fault isolation.
• Partition — isolated partitions for very large clusters.

Other features: Elastic GPU / Elastic Inference, Hibernate (save RAM state), Nitro System (modern hypervisor), Bare Metal instances (direct hardware access).

Security Groups vs Network ACLs (NACLs)

Security Groups (SG)

• Virtual firewall at instance level
• Stateful — return traffic is automatically allowed
• Only allow rules (no explicit deny)

Network ACLs (NACLs)

• Subnet-level control
• Stateless — inbound & outbound rules evaluated separately
• Support both allow and deny rules

EBS vs Instance Store

EBS (Elastic Block Store):

• Persistent block storage; survives stop/start
• Snapshots back up to S3
• Suitable for databases and critical data

Instance Store:

• Temporary block storage attached to host
• Data lost on stop/terminate
• High I/O — good for caches and transient data

Elastic IP vs Public IP

Public IP: assigned automatically to instances in public subnets; it changes if instance stops/starts.

Elastic IP (EIP): static public IP allocated to your account; can be remapped between instances; useful for long-lived workloads and DNS mapping.

EC2 Tenancy Types (Interview Focus)

1. Default (Shared Tenancy) — cheapest
2. Dedicated Instance — single-tenant hardware
3. Dedicated Host — full physical host visibility (useful for licensing)
4. Host Reservations — reserved capacity on dedicated hosts

Use cases: security-sensitive workloads and BYOL (bring-your-own-license) scenarios → Dedicated options.

EC2 Metadata & IMDSv2

Metadata endpoint:

http://169.254.169.254/latest/meta-data/

Used for instance details, IAM role temporary credentials, network info. IMDSv2 is recommended/required for improved security (session-oriented requests).

EC2 Lifecycle (States)

States: pending → running → stopping → stopped → terminated

Stop vs Terminate vs Hibernate:

• Stop — instance shuts down, you can restart
• Terminate — instance deleted permanently
• Hibernate — saves RAM state for faster resume

Automation & Customization

• User Data — bootstrap scripts run at launch (install packages, configure services).
• EC2 Image Builder — automate AMI creation and hardening.
• Terraform / CloudFormation — manage EC2 via Infrastructure as Code.

EC2 Billing Traps — Watch Out

• EBS volumes continue billing even after an instance is stopped (detach/delete if not needed).
• Unused Elastic IPs may incur charges.
• Snapshots stored in S3 are billed separately.
• Inter-AZ data transfer is charged (watch cross-AZ traffic).

Default EC2 Limits (Per Region)

Common default quotas (may vary by account and region):

• Running On-Demand Instances: default ~20 instances per region (across families).
• Spot Instances: default ~20 spot instances per region.
• Dedicated hosts/instances have separate (lower) limits.

Connecting to EC2 — Common Tools

1. MobaXterm

Open → New session → Remote host (Public IP) → Select SSH → Use private key → connect as ubuntu or ec2-user.

2. PuTTY

Convert PEM → PPK (PuTTYgen), open PuTTY → Hostname = Public IP → Connection → SSH → Auth → browse PPK → Login as ubuntu / ec2-user.

3. Git Bash

Open terminal at key location, use SSH commands copied from AWS Console → connect directly.

4. VS Code (Remote - SSH)

Install Remote-SSH extension → add host in SSH config → open remote window → edit files remotely.

Author: Subramanian M. — Cloud & DevOps practical notes and interview-ready reference.