AWS Core Services: EC2 Fundamentals

Amazon Elastic Compute Cloud (EC2) is one of the most important services in Amazon Web Services (AWS). It provides secure, resizable compute capacity in the cloud, giving you the ability to launch virtual servers on demand. EC2 is often the backbone of modern cloud architectures because it offers flexibility, global reach, and integration with almost every major AWS service.

This guide covers EC2 from the ground up: how it works, how it fits into a wider cloud environment, and how to use it effectively and securely.

What EC2 Is and Why It Matters

EC2 provides virtual machines called instances, which can run various operating systems and workloads. These instances behave like physical servers but can be launched, modified, and terminated within minutes. This removes the need to maintain on-premises hardware, allowing teams to focus on building applications rather than managing infrastructure.

Key benefits include:

• Elasticity: Scale capacity up or down to match demand.
• Global Availability: Deploy in Regions and Availability Zones worldwide.
• Security and Control: Configure networks, access control, and monitoring.
• Cost Efficiency: Pay only for what you use or commit for discounts.

Core Building Blocks

Understanding the essential components of EC2 is key to using it effectively.

1. Amazon Machine Images (AMIs)

An AMI is a preconfigured template used to launch instances. It includes the operating system, application server, and any required software.

Types of AMIs:

• AWS-provided (e.g., Linux, Windows, macOS)
• Marketplace AMIs (third-party solutions)
• Custom AMIs (built from your own instances)

AMIs are Region-specific but can be copied between Regions. Using custom AMIs helps standardise environments across deployments.

2. Instance Types

Instance types define the hardware resources allocated to your virtual machine. AWS provides several families optimised for different workloads:

• General Purpose (e.g., t4g, m7g): Balanced CPU, memory, and networking.
• Compute Optimised (e.g., c7g): High CPU performance for compute-heavy tasks.
• Memory Optimised (e.g., r7g, x2gd): High memory capacity for in-memory databases and analytics.
• Storage Optimised (e.g., i4i): High throughput for data-intensive workloads.
• Accelerated Computing (e.g., p5): GPUs or FPGAs for machine learning, HPC, and rendering.

Recent generations include Graviton processors, which offer improved performance and cost efficiency.

3. Key Pairs

EC2 uses key pairs to secure login access.

• A key pair consists of a public key stored in AWS and a private key kept by the user.
• The private key is required to access the instance via SSH (Linux) or RDP (Windows).
• If the private key is lost, you cannot directly connect to the instance.

4. Security Groups

Security groups act as stateful virtual firewalls controlling inbound and outbound traffic.

• All inbound traffic is denied by default.
• Outbound traffic is allowed by default.
• Return traffic is automatically allowed.
• Rules are based on protocol, port, and source or destination.

5. Storage Options

EC2 supports several storage options depending on performance and durability needs:

• Amazon Elastic Block Store (EBS): Persistent block storage that remains when an instance stops.
• Instance Store: Temporary block storage physically attached to the host. Data is lost when the instance stops.
• Amazon Elastic File System (EFS): Fully managed file storage that can be shared across multiple instances.
• Amazon Simple Storage Service (S3): Object storage for backups, static content, or AMIs.

Networking and Placement

1. Regions and Availability Zones

AWS data centres are grouped into Regions and Availability Zones (AZs).

• A Region is a geographical area.
• An AZ is an isolated data centre within a Region.
• Deploying instances across multiple AZs improves resilience and availability.

2. Placement Groups

Placement groups control how instances are distributed on physical hardware:

• Cluster: Low latency and high throughput. Best for tightly coupled workloads.
• Spread: Instances are placed on separate hardware for high availability.
• Partition: Instances grouped into partitions to reduce correlated failures.

3. Elastic IP Addresses

An Elastic IP is a static, public IPv4 address you can associate with an instance.

• Useful when a stable IP is required.
• Idle Elastic IPs incur charges.

4. Elastic Network Interfaces (ENIs)

An ENI is a virtual network interface that can be attached or detached from instances.

• Useful for network failover or moving IP configurations between instances.
• An instance can have multiple ENIs.

Pricing Models

EC2 offers several pricing models to match different workload patterns and budgets.

• On-Demand: Pay for compute by the second or hour with no commitment. Ideal for short-term or unpredictable workloads.
• Reserved Instances: Commit to a specific instance type for one or three years to get a significant discount. Suitable for steady workloads.
• Savings Plans: Commit to a compute usage amount and keep flexibility to switch instance types.
• Spot Instances: Use spare capacity at a reduced cost. These can be interrupted, so they suit fault-tolerant applications.
• Dedicated Hosts: Physical servers allocated to a single customer. Useful for compliance or licensing.

Spot instances receive a two-minute interruption notice before termination.

Scaling and High Availability

1. Auto Scaling

AWS Auto Scaling automatically adjusts capacity based on demand.

• Supports dynamic, scheduled, and predictive scaling.
• Helps maintain performance while controlling costs.

2. Load Balancing

Elastic Load Balancing distributes traffic across multiple instances.

• Application Load Balancer (ALB): Operates at Layer 7 for HTTP/HTTPS traffic.
• Network Load Balancer (NLB): Operates at Layer 4 for high performance and low latency.
• Gateway Load Balancer (GWLB): Integrates with third-party appliances.

3. Fault Tolerance

• Run instances in multiple AZs.
• Use Auto Scaling groups and load balancers.
• Ensure data is stored on persistent volumes like EBS or in managed services.

Monitoring and Management

1. Monitoring Tools

• Amazon CloudWatch provides metrics and alarms for CPU, network, disk usage, and custom metrics.
• AWS CloudTrail logs API activity for auditing.
• AWS Systems Manager (SSM) enables centralised patching, configuration, and automation.

2. Instance Metadata

The Instance Metadata Service provides information about the instance, including IP addresses, hostnames, and IAM role credentials.

• IMDSv2 is the recommended version, offering improved security.

3. EC2 Instance Connect

A secure way to connect via SSH without sharing private keys. It simplifies access control and improves security posture.

Security and Identity

• Use AWS Identity and Access Management (IAM) roles to grant temporary credentials to instances.
• Avoid embedding access keys in code or configuration files.
• Use security groups and network ACLs for layered protection.
• Enable encryption for EBS volumes and use TLS/SSL for data in transit.
• Keep operating systems and software patched and updated.

Common Use Cases

• Web Hosting: Run web servers or APIs.
• Application Servers: Host scalable backend applications.
• Batch Processing: Handle large data workloads.
• Machine Learning: Train models on GPU-optimised instances.
• Disaster Recovery: Maintain standby capacity for rapid failover.
• Development and Testing: Create temporary or isolated environments quickly.

Best Practices

• Choose the right instance type for your workload to balance performance and cost.
• Use Auto Scaling and load balancers for availability and elasticity.
• Store data on EBS, EFS, or S3 to protect it when instances stop or fail.
• Secure access using IAM roles, security groups, and IMDSv2.
• Regularly back up EBS volumes and use AMIs for rapid recovery.
• Monitor performance and cost with CloudWatch and billing tools.
• Use user data and automation tools to configure instances at launch.

Key Points to Remember

• EC2 is not automatically fault tolerant. You must design for resilience.
• Security groups are stateful. Network ACLs are stateless.
• Spot instances can be interrupted at any time, so plan accordingly.
• EBS volumes are persistent, but instance store volumes are temporary.
• IMDSv2 is the secure way to access instance metadata.
• Placement groups help optimise for performance or availability.

EC2 is a foundational AWS service that provides the flexibility and control to run a wide range of workloads. By understanding how EC2 instances are built, how they interact with networking, storage, and security, and how to scale them effectively, you can design secure, reliable, and cost-efficient solutions in the cloud.

Whether you are building simple applications or large distributed systems, mastering EC2 is a key step in becoming proficient with cloud architecture.