EC2 & Compute

Duration: 60 min

Amazon Elastic Compute Cloud (EC2) provides resizable virtual machines in the cloud. It's the foundational compute service in AWS, offering flexibility to scale capacity up or down based on demand. This module covers instance types, AMIs, security groups, and practical deployment.

EC2 Instance Types

EC2 instances come in different families optimized for different workloads:

General Purpose (t3, m5) balance compute, memory, and networking. Suitable for web servers, small databases, and development environments.

Compute Optimized (c5, c6) have high CPU performance. Use for batch processing, media transcoding, and high-performance web applications.

Memory Optimized (r5, x1) have large amounts of RAM. Use for in-memory databases, caches, and real-time analytics.

Storage Optimized (i3, h1) have high sequential read/write access to large data sets. Use for NoSQL databases and data warehousing.

Accelerated Computing (p3, g4) include GPUs or FPGAs. Use for machine learning, graphics rendering, and scientific computing.

Amazon Machine Images (AMIs)

An AMI is a pre-configured template containing the OS, applications, and configurations. AWS provides public AMIs (Amazon Linux, Ubuntu, Windows), or you can create custom AMIs from running instances.

Security Groups and Key Pairs

Security Groups act as virtual firewalls controlling inbound and outbound traffic. They operate at the instance level and are stateful (if you allow inbound traffic, outbound response is automatically allowed).

Key Pairs are used for SSH access to Linux instances or RDP to Windows instances. The private key is downloaded once and must be kept secure.

Hands-On: Launch and Connect to EC2

Create a key pair:

aws ec2 create-key-pair --key-name my-key --query 'KeyMaterial' \
  --output text > my-key.pem
chmod 400 my-key.pem

Create a security group:

aws ec2 create-security-group --group-name web-sg \
  --description "Security group for web servers"

Allow SSH access:

aws ec2 authorize-security-group-ingress --group-name web-sg \
  --protocol tcp --port 22 --cidr 0.0.0.0/0

Allow HTTP and HTTPS:

aws ec2 authorize-security-group-ingress --group-name web-sg \
  --protocol tcp --port 80 --cidr 0.0.0.0/0

aws ec2 authorize-security-group-ingress --group-name web-sg \
  --protocol tcp --port 443 --cidr 0.0.0.0/0

Launch an EC2 instance:

aws ec2 run-instances --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.micro --key-name my-key \
  --security-groups web-sg --count 1

User Data Script

User data scripts run when an instance launches. Use them to install software and configure the instance:

aws ec2 run-instances --image-id ami-0c55b159cbfafe1f0 \
  --instance-type t3.micro --key-name my-key \
  --user-data file://init-script.sh

Example init-script.sh:

#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
echo "<h1>Hello from $(hostname -f)</h1>" > /var/www/html/index.html

Python Boto3 Example

import boto3

ec2 = boto3.client('ec2')

# Launch instance
response = ec2.run_instances(
    ImageId='ami-0c55b159cbfafe1f0',
    MinCount=1,
    MaxCount=1,
    InstanceType='t3.micro',
    KeyName='my-key',
    SecurityGroups=['web-sg']
)

instance_id = response['Instances'][0]['InstanceId']
print(f"Launched instance: {instance_id}")

# Describe instances
instances = ec2.describe_instances(InstanceIds=[instance_id])
for reservation in instances['Reservations']:
    for instance in reservation['Instances']:
        print(f"State: {instance['State']['Name']}")
        print(f"Public IP: {instance.get('PublicIpAddress', 'N/A')}")

Terraform Example

resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t3.micro"
  key_name      = aws_key_pair.deployer.key_name

  vpc_security_group_ids = [aws_security_group.web.id]

  user_data = <<-EOF
              #!/bin/bash
              yum update -y
              yum install -y httpd
              systemctl start httpd
              EOF

  tags = {
    Name = "web-server"
  }
}

resource "aws_security_group" "web" {
  name = "web-sg"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Quiz 1

❓ Which EC2 instance family is best for web servers?

Compute Optimized General Purpose Memory Optimized Storage Optimized

Quiz 2

❓ What is an AMI?

A pre-configured template with OS and applications A security group A network interface A storage volume

Quiz 3

❓ What is the purpose of a Security Group?

To encrypt data To manage user access To control inbound and outbound traffic To monitor instance performance

Quiz 4

❓ What is user data in EC2?

Information about the instance owner A script that runs when the instance launches The instance's IP address The instance's storage configuration

Quiz 5

❓ What is a key pair used for?

SSH access to Linux instances Encrypting data at rest Managing IAM permissions Configuring security groups