Amazon EC2 (Elastic Compute Cloud) is a web service that provides scalable computing capacity in Amazon Web Services cloud.

What is AWS EC2?

EC2 allows creating and managing virtual machine instances in the cloud, providing full control over the computing environment and the ability to scale according to needs.

Instance Types

General Purpose

• t3/t4g: Balanced for CPU and memory
• m5/m6i: Balanced for general applications
• mac1: macOS instances

Compute Optimized

• c5/c6i: High CPU performance
• c6g: ARM Graviton2 processors

Memory Optimized

• r5/r6i: High memory performance
• x1e/x2ie: Extreme memory

Storage Optimized

• i3/i4i: High storage performance
• d2/d3: Dense storage

Instance Configuration

User Data Script

1
2
3
4
5
6

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from EC2</h1>" > /var/www/html/index.html

Security Groups

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

{
  "SecurityGroupRules": [
    {
      "IpProtocol": "tcp",
      "FromPort": 80,
      "ToPort": 80,
      "CidrIpv4": "0.0.0.0/0"
    },
    {
      "IpProtocol": "tcp",
      "FromPort": 443,
      "ToPort": 443,
      "CidrIpv4": "0.0.0.0/0"
    },
    {
      "IpProtocol": "tcp",
      "FromPort": 22,
      "ToPort": 22,
      "CidrIpv4": "10.0.0.0/8"
    }
  ]
}

Storage

Amazon EBS

• Volumes: Persistent storage
• Snapshots: Volume backups
• Types: gp3, io1, io2, st1, sc1

Amazon EFS

• File system: Shared between instances
• Scalability: Automatic
• Durability: High

Networks

VPC (Virtual Private Cloud)

• Subnets: Network segmentation
• Route Tables: Routing tables
• Internet Gateway: Internet access
• NAT Gateway: Private outbound access

Load Balancing

• Application Load Balancer: Layer 7
• Network Load Balancer: Layer 4
• Classic Load Balancer: Layer 4/7

Security

IAM Roles

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

Security Groups

• Inbound rules: Incoming traffic
• Outbound rules: Outgoing traffic
• State: Stateful

Related Concepts

• AWS S3 - Complementary storage
• Docker - Containers on EC2
• Kubernetes - Orchestration on EC2
• Cloud Security - Cloud security
• Firewall - Perimeter security
• VPN - Secure connectivity
• Zero Trust - Security model
• Defense in Depth - Protection strategy

References

• AWS EC2 Documentation
• EC2 Instance Types
• AWS Well-Architected Framework