EC2

What is Amazon EC2 (Elastic Compute Cloud)?

Amazon EC2 (Elastic Compute Cloud) is a web service offered by AWS that
provides resizable and scalable compute capacity in the cloud. Essentially, it's
a virtual server that you can configure to run your applications, similar to having
a physical machine but hosted in the cloud.

Key Features of EC2:

Scalability: Easily adjust computing power based on workload demands.

Customizable Instances: Choose the hardware, operating system, and

storage configurations.

Secure: Leverage security groups and network configurations to control

access.

Cost-Effective: Pay only for what you use with on-demand, reserved, or
spot instances.

Fault Tolerance: Achieve high availability with Elastic Load Balancers and
Auto Scaling Groups.

Why Use EC2?

Hosting web applications or services

Running high-performance computing (HPC) tasks

Developing and testing environments

Data processing, analytics, and machine learning workloads

How EC2 Works:

1. Choose an Amazon Machine Image (AMI): Pre-configured OS templates

2. Select Instance Type: Specify compute power (CPU, memory, storage)

3. Launch and Configure: Assign security groups, storage, and key pairs

4. Connect to Instance: Use SSH for Linux or RDP for Windows

EC2 1
 5. Manage and Monitor: Scale resources as needed using AWS tools

Would you like a detailed breakdown of EC2 pricing models or types of

instances next?

Amazon EC2 (Elastic Compute Cloud) Overview

Amazon EC2 (Elastic Compute Cloud) is a key component of AWS (Amazon
Web Services) that provides scalable compute capacity in the cloud. It allows
you to launch virtual servers, called instances, to run applications without
needing to invest in physical hardware.

Key Features
1. Scalability:
Quickly scale the number of instances up or down based on your workload
needs.

2. Variety of Instance Types:

Different instance types optimized for compute, memory, and storage.
Examples:

General Purpose (t2, t3, etc.)

Compute Optimized (c5, c6)

Memory Optimized (r5, r6)

GPU Instances (g4, p3)

3. Multiple Operating Systems:

Choose from various OS options like Amazon Linux, Ubuntu, Red Hat, and
Windows Server.

4. Flexible Pricing Models:

On-Demand: Pay for compute capacity by the second.

Reserved Instances: Commit to a term (1 or 3 years) for significant

savings.

Spot Instances: Use unused EC2 capacity at reduced prices.

Savings Plans: Flexible pricing option based on long-term usage

commitment.

EC2 2
 5. Security:

Secure by default using AWS Identity and Access Management (IAM),

Virtual Private Cloud (VPC), and Security Groups.

Getting Started with EC2

1. Launch an Instance:

Go to AWS Management Console > EC2.

Click on “Launch Instance.”

Choose an Amazon Machine Image (AMI) and instance type.

Configure security, storage, and key pairs.

2. Connect to an Instance:
Use SSH for Linux or Remote Desktop Protocol (RDP) for Windows
instances.

3. Terminate an Instance:

Stop or terminate the instance when you no longer need it to avoid charges.

What is an Amazon Machine Image (AMI)?

An Amazon Machine Image (AMI) is a pre-configured virtual machine
template used to launch EC2 instances in AWS. It includes essential
components such as the operating system, application software, and
configuration settings required to boot and run an instance.

Key Components of an AMI

1. Operating System: Linux distributions (Amazon Linux, Ubuntu, Red Hat) or
Windows Server.

2. Application Software: Optional pre-installed software such as web servers

or databases.

3. Configurations: Security settings, file systems, and custom scripts.

4. Volume Templates: Information on EBS volumes attached to instances

launched from the AMI.

Types of AMIs

EC2 3
 1. AWS-Provided AMIs:

Default AMIs offered by AWS, like Amazon Linux 2 and Windows Server.

2. Marketplace AMIs:

Pre-configured AMIs with commercial software from third-party

vendors.

3. Community AMIs:

Free, user-shared AMIs available for public use.

4. Custom AMIs:

User-defined AMIs created to capture custom configurations and

software installations.

Use Cases for AMIs

Quickly deploy environments with pre-installed software.

Clone environments by launching multiple instances from the same

AMI.

Disaster recovery by backing up an instance configuration as an AMI.

Scaling applications by launching identical copies of instances.

How to Create a Custom AMI

1. Launch and Configure an EC2 Instance:

Set up the instance with the desired OS, software, and configurations.

2. Prepare the Instance:

Stop unnecessary services and clean up temporary files.

3. Create an Image:

Go to the EC2 Dashboard.

Right-click the instance and select Create Image.

Provide a name and description, then click Create Image.

4. Use the AMI:

EC2 4
 Go to AMIs in the EC2 dashboard to view and launch instances from
your custom image.

What is Key Pair Login in AWS?

Key pair login is a method used in AWS to securely access Amazon EC2
instances. A key pair consists of two cryptographic keys:

1. Private Key (.pem file): Kept secret by the user and used to securely
connect to the instance.

2. Public Key: Stored on the instance and used to verify the authenticity of the
connecting client.

This method uses public-key cryptography (PKI), which eliminates the need
for traditional username-password authentication.

How Key Pair Login Works

1. When you launch an EC2 instance, you can assign an existing key pair or
create a new one.

2. AWS places the public key in the instance's operating system during
launch.

3. You download the private key file ( .pem ) when creating the key pair.

4. To access the instance, the SSH client uses the private key for secure
authentication.

Why Key Pair Login?

Secure Authentication: No passwords are sent over the network.

Uniqueness: Each key pair is unique to the instance or user.

Access Control: Only users with the correct private key can access the
instance.

How to Use Key Pair for Login

1. Creating a Key Pair

Go to the EC2 dashboard in the AWS Console.

Select Key Pairs > Create Key Pair.

EC2 5
 Name the key pair and select the format ( .pem for SSH).

Download the private key.

2. Launch an Instance Using a Key Pair

While configuring the EC2 instance, assign the created key pair.

Explaining Each Term in AWS Key Pair Creation

When creating a key pair in AWS for secure EC2 instance access, you
encounter several terms and fields. Here's a detailed breakdown:

1. Key Pair Name

Definition:

A user-defined identifier for your key pair.

Purpose:

Helps organize and manage multiple key pairs.

Must be unique per AWS region.

Example:

If you're setting up multiple environments, use meaningful names like:

prod-server-key

dev-key-pair

Best Practice:

Use descriptive names to indicate the environment or purpose of the key.

2. Key Pair Type

Options:

RSA: The default and widely used encryption standard (2048 bits).

ED25519: A newer, more secure cryptographic algorithm with shorter key

lengths.

Purpose:
Defines the cryptographic method used to generate the key pair.

Recommendation:

EC2 6
 Use RSA for compatibility unless you specifically require ED25519.

3. Private Key Format

Options:

PEM: Privacy Enhanced Mail format ( .pem extension). Compatible with

OpenSSH.

PPK: PuTTY Private Key format for use with PuTTY on Windows.

Purpose:
Determines how the private key file is encoded and which tools can use it.

Recommendation:

Use PEM for most systems (Linux, Mac, and modern Windows).

Use PPK if you plan to use PuTTY.

4. Download Private Key

Definition:
The .pem or .ppk file containing the private key part of the key pair.

Purpose:
You must download and securely store this file because AWS does not keep it.

Important:

Without the private key, you cannot connect to your instance using the key
pair.

Secure the key by setting appropriate file permissions ( chmod 400 your-

key.pem ).

5. Key Pair Permissions

When you create a key pair, the private key file should be:

Stored securely.

Accessible only to the user needing access to the instance.

Best Practices

EC2 7
 Secure Storage: Never share the private key; back it up securely.

Least Privilege: Only use the key pair when necessary.

Use IAM Roles: Prefer IAM roles for instance authentication where possible.

Would you like a hands-on guide to creating a key pair and connecting to an
EC2 instance?

Network Settings in EC2 After Key Pair Selection

Network settings play a crucial role in defining how your Amazon EC2 instance
interacts with other AWS resources and the internet. Below is a breakdown of
each topic in the Network Settings section when launching an instance.

1. VPC (Virtual Private Cloud)

Definition:

A logically isolated virtual network in the AWS cloud.

Purpose:

Controls your instance’s networking environment.

Segments instances across different subnets, route tables, and network

ACLs.

Options:

Default VPC (available by default).

Custom VPC (created by you for advanced configurations).

Recommendation:
Use the default VPC for simple applications or create a custom VPC for better
security and isolation.

2. Subnet
Definition:
A segment within a VPC that allows you to place instances in isolated network
zones.
Purpose:

Determines the availability zone (AZ) for the instance.

EC2 8
 Controls access to private or public networks.

Options:

Public Subnet: Accessible from the internet.

Private Subnet: No direct internet access.

Recommendation:
Use public subnets for web servers or public-facing applications and private
subnets for backend services or sensitive data.

3. Auto-Assign Public IP
Definition:
Assigns a public IP address to the instance.

Purpose:
Enables the instance to communicate directly over the internet.

Options:

Enabled: Automatically assigns a public IP.

Disabled: No public IP (often for private instances).

Recommendation:
Enable for instances that need internet access.

4. Security Group
Definition:
A virtual firewall for your instance that controls inbound and outbound traffic.
Purpose:

Defines rules for allowing or blocking specific types of traffic.

Configuration:

Inbound Rules: Define allowed incoming traffic (e.g., SSH, HTTP).

Outbound Rules: Define allowed outgoing traffic (default allows all).

Example Rules:

SSH (22) for secure connections

EC2 9
 HTTP (80) for web traffic

HTTPS (443) for secure web traffic

Recommendation:
Limit access to trusted IPs for security and always review rules carefully.

5. Firewall Configuration (Advanced Security)

Definition:

Additional configurations for managing traffic to and from your instance.

Purpose:
Further enhance security by restricting ports and protocols.

6. Elastic IP (Optional)
Definition:
A static public IP that can be associated with an instance.
Purpose:

Keeps the public IP fixed, even if the instance is stopped and restarted.
Recommendation:

Use for production services needing consistent IP addresses.

7. Advanced Network Settings (Optional)

Components:

Placement Groups: Optimize performance by controlling how instances are

placed.

ENI (Elastic Network Interfaces): Attach multiple network interfaces to the

instance.

IPv6: Enable IPv6 addressing for internet routing.

Would you like a practical guide for launching an instance with a custom VPC or
detailed security group configurations?

Security Groups in EC2

EC2 10
 A Security Group in Amazon EC2 acts as a virtual firewall for your instance. It
controls inbound and outbound traffic based on rules you define, allowing or
blocking specific types of network traffic.

Key Features of Security Groups

Instance-Level Security: Security groups are attached to instances, not
subnets.

Stateful Firewall:

Inbound rules automatically allow corresponding outbound responses

and vice versa.

No need to define return rules for initiated traffic.

Default Denial:

All inbound traffic is denied by default.

Outbound traffic is allowed by default.

Types of Security Group Rules

1. Inbound Rules:
Control the traffic allowed into your EC2 instance.
Example: Allow SSH connections from a specific IP address.

Inbound Rule Example:

Type: SSH
Protocol: TCP
Port: 22
Source: 203.0.113.0/32 (specific IP)

2. Outbound Rules:

Control the traffic allowed out of your instance.

Example: Allow the instance to access external web services
(HTTP/HTTPS).

Outbound Rule Example:

Type: HTTP

EC2 11
 Protocol: TCP
Port: 80
Destination: 0.0.0.0/0 (all IPs)

Common Security Group Configurations

Type Protocol Port Range Source/Destination

SSH TCP 22 Specific IP ( x.x.x.x/32 )

HTTP TCP 80 0.0.0.0/0 (All)

HTTPS TCP 443 0.0.0.0/0 (All)

RDP TCP 3389 Specific IP ( x.x.x.x/32 )

Custom TCP TCP User-defined User-defined

How to Create and Configure Security Groups

1. Navigate to EC2 Dashboard:

Go to the AWS Management Console and open EC2.

2. Create Security Group:

Click on Security Groups > Create Security Group.

Name the security group and provide a description.

3. Define Inbound Rules:

Click Add Rule, select a Type (e.g., SSH, HTTP).

Specify the Source (e.g., your IP x.x.x.x/32 ).

4. Define Outbound Rules:

Modify the default rules if needed. Typically, keep the default Allow All.

5. Associate with EC2 Instance:

Attach the security group to the instance during launch or after creation.

Best Practices
Restrict SSH/RDP Access: Limit to trusted IPs ( x.x.x.x/32 ).

Use Least Privilege: Only allow the necessary ports and protocols.

EC2 12
 Regular Reviews: Periodically review security groups for unnecessary
open ports.

Separate Security Groups: Create specialized security groups for different

instance roles (e.g., web servers, databases).

Monitor Traffic: Use AWS CloudWatch for security monitoring.

Would you like a hands-on walkthrough for setting up a secure web application
security group?

Amazon EC2 Instance Types

Here’s a detailed explanation of the key instance types without a table:

1. General Purpose Instances

These instances offer a balance of compute, memory, and networking
resources, making them suitable for a variety of workloads.

Examples include T-Series ( t2.micro , t3.medium ) for burstable performance and

M-Series ( m5.large , m6i.xlarge ) for applications like backend servers or small
databases.
Use Case: Ideal for web servers, app development, and testing environments.

2. Compute-Optimized Instances
Designed for compute-intensive workloads that require high CPU performance.
C-Series instances ( c5.large , c6g.xlarge ) provide a high CPU-to-memory ratio.

Use Case: Suitable for tasks like game servers, high-performance computing
(HPC), and data analysis.

3. Memory-Optimized Instances
These instances are best for applications requiring large amounts of memory
for faster data processing.
Examples include R-Series ( r5.large , r6i.2xlarge ) for in-memory databases and
analytics workloads.

Use Case: Ideal for running large databases, big data analytics, and in-memory
caching solutions.

EC2 13
 4. Storage-Optimized Instances
Designed for applications that require high, sequential read and write access to
large datasets.
Examples include I-Series ( i3.large , i4i.xlarge ) for high-performance storage
and D-Series ( d2.xlarge ) for big data solutions.
Use Case: Ideal for NoSQL databases, distributed file systems, and analytics.

5. Accelerated Computing Instances

These instances use hardware accelerators like GPUs and FPGAs for parallel
processing.
Examples include P-Series ( p3.large , p4d.24xlarge ) for machine learning training,
and G-Series ( g5.xlarge ) for video rendering.
Use Case: Suitable for AI/ML training, image processing, and large-scale
scientific simulations.

Would you like guidance on selecting an instance for a specific workload or

practical hands-on practice?

EC2 14