Amazon EC2 — Elastic Compute Cloud | NextGen Playground Academy

What is Amazon EC2?

EC2 (Elastic Compute Cloud) provides resizable virtual servers in the cloud. You can launch instances in minutes and scale capacity up or down as needed.

EC2 Key Concepts

Concept	Description
Instance	A virtual server
AMI	Amazon Machine Image (OS template)
Instance Type	CPU, memory, storage configuration
Key Pair	SSH authentication
Security Group	Virtual firewall rules
EBS	Elastic Block Store (disk volumes)

Instance Types

┌─────────────────────────────────────────────┐
│           EC2 Instance Families             │
├──────────┬──────────────────────────────────┤
│ General  │ t3, m5, m6i — balanced workloads │
│ Compute  │ c5, c6i — CPU-intensive          │
│ Memory   │ r5, r6i — memory-intensive       │
│ Storage  │ i3, d2 — high I/O                │
│ Accel.   │ p4, g5 — GPU/ML workloads        │
└──────────┴──────────────────────────────────┘

Common Instance Types

Type	vCPUs	Memory	Use Case
t3.micro	2	1 GB	Dev/test, free tier
t3.small	2	2 GB	Light workloads
t3.medium	2	4 GB	Small applications
m5.large	2	8 GB	General production
c5.xlarge	4	8 GB	Compute-heavy apps
r5.large	2	16 GB	Databases, caching

Pricing Models

Model	Discount	Commitment	Best For
On-Demand	None	None	Variable workloads
Reserved	Up to 72%	1-3 years	Steady-state
Spot	Up to 90%	None (can be interrupted)	Batch processing
Savings Plans	Up to 72%	1-3 years	Flexible usage

Launching an EC2 Instance

Via AWS CLI

# Create a key pair
aws ec2 create-key-pair \
  --key-name nextgen-key \
  --query 'KeyMaterial' \
  --output text > nextgen-key.pem
 
chmod 400 nextgen-key.pem
 
# Create a security group
aws ec2 create-security-group \
  --group-name nextgen-sg \
  --description "NextGen Playground security group"
 
# Allow SSH access
aws ec2 authorize-security-group-ingress \
  --group-name nextgen-sg \
  --protocol tcp \
  --port 22 \
  --cidr 0.0.0.0/0
 
# Allow HTTP
aws ec2 authorize-security-group-ingress \
  --group-name nextgen-sg \
  --protocol tcp \
  --port 80 \
  --cidr 0.0.0.0/0
 
# Launch instance
aws ec2 run-instances \
  --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.micro \
  --key-name nextgen-key \
  --security-groups nextgen-sg \
  --count 1 \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=nextgen-web}]'

Connecting via SSH

# Get public IP
aws ec2 describe-instances \
  --filters "Name=tag:Name,Values=nextgen-web" \
  --query 'Reservations[].Instances[].PublicIpAddress' \
  --output text
 
# Connect
ssh -i nextgen-key.pem ec2-user@<public-ip>

Security Groups

Security groups act as virtual firewalls controlling inbound and outbound traffic.

# Inbound rules (what can reach your instance)
┌──────────┬──────────┬─────────────┐
│ Protocol │ Port     │ Source      │
├──────────┼──────────┼─────────────┤
│ TCP      │ 22       │ Your IP     │
│ TCP      │ 80       │ 0.0.0.0/0   │
│ TCP      │ 443      │ 0.0.0.0/0   │
│ TCP      │ 3000     │ 10.0.0.0/16 │
└──────────┴──────────┴─────────────┘

Best Practices

Never open port 22 to 0.0.0.0/0 in production
Use specific CIDR ranges for SSH access
Separate security groups by function (web, app, db)
Use security group references instead of IP ranges for internal traffic

User Data (Bootstrap Scripts)

#!/bin/bash
# User data script — runs on first boot
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>NextGen Playground - $(hostname)</h1>" > /var/www/html/index.html

Instance Lifecycle

┌─────────┐    ┌─────────┐    ┌──────────┐
│ Pending │───▶│ Running │───▶│ Stopping │
└─────────┘    └────┬────┘    └────┬─────┘
                    │              │
                    │         ┌────▼─────┐
                    │         │ Stopped  │
                    │         └────┬─────┘
                    │              │
               ┌────▼──────────────▼────┐
               │     Terminated         │
               └────────────────────────┘

# Stop an instance (keeps EBS data)
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
 
# Start a stopped instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0
 
# Terminate (delete permanently)
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

Summary

You've learned:

EC2 instance types and pricing models
Launching instances with CLI and user data
Security groups for network access control
Instance lifecycle management
SSH connectivity and key pairs

Next Steps

Next, we'll explore EBS volumes and Elastic IPs for persistent storage and static networking.

Amazon EC2 — Elastic Compute Cloud

Learning Objectives