EC2
EC2 — Virtual Machines in the Cloud
EC2 (Elastic Compute Cloud) is the first compute service AWS released, and it popularized the cloud "virtual machine" abstraction. As managed services have grown, the share of direct usage has diversified, but EC2 remains the foundation for freedom and cost control.
1. About EC2
| When | Event |
|---|---|
| 2006-08 | EC2 beta launches. |
| 2008 | EBS (Elastic Block Store). |
| 2009 | Reserved Instance · Spot Instance. |
| 2017 | Nitro system — reduces virtualization overhead. |
| 2018+ | Graviton (Arm) — g1·g2 (2020) · g3+ (2021+). |
| 2019 | Savings Plans. |
EC2 is a compute unit composed of a virtual machine plus auxiliary resources (EBS · ENI · Security Group).
2. AMI
The image used to create an instance. It bundles OS + pre-installed software + bootloader. There are AWS official AMIs (Amazon Linux · Ubuntu · Debian · Windows Server) and user-built AMIs.
Instances built from the same AMI start in the same initial state. In production, building golden AMIs through a build pipeline (e.g., Packer) is common.
3. Instance type families
The first letter of the type name indicates the workload category.
| Family | Character |
|---|---|
| t (t3 · t4g) | Burstable. Baseline + credit-based bursts. Low cost. |
| m (m5 · m6g · m7i) | General-purpose. Balanced CPU, memory, network. |
| c (c6g · c7g) | Compute-optimized. High vCPU-to-memory ratio. |
| r (r6g · r7i) | Memory-optimized. |
| x · z | Ultra-high memory. |
| g · p | GPU. ML and graphics. |
| i · d | Storage-optimized. NVMe · HDD. |
A higher generation number means newer hardware. The g suffix (e.g., c7g) means Arm (Graviton). Reports often show better price/performance with Graviton at the same vCPU and memory.
4. Key pairs
The default authentication for EC2 SSH access. On instance start, the public key is injected into the OS's ~/.ssh/authorized_keys (ec2-user on Amazon Linux).
chmod 400 my-key.pem
ssh -i my-key.pem ec2-user@<public-ip>
In production, SSM Session Manager is often recommended over key pairs — it opens a shell with IAM authentication without exposing port 22.
5. User data
A script executed once on the OS at instance startup. Used for bootstrap (package install, service start).
#!/bin/bash
dnf install -y docker
systemctl enable --now docker
The same result can be made more deterministic with a golden AMI or cloud-init configuration.
6. IAM instance profile
The way EC2 obtains credentials when calling other AWS services (S3 · KMS · SSM). Instead of embedding access keys on the instance, attach a role.
7. EBS and instance store
| Type | Notes |
|---|---|
| EBS | Network-attached block storage. Data persists after instance termination. Supports snapshots. |
| Instance store | Local disk on the host. Disappears on stop/terminate. Available only on certain types. |
EBS volume types (gp3 · io2 · st1 · sc1) differ in IOPS, throughput, and cost. gp3 is the default for general workloads.
8. Pricing model
| Option | Commitment | Discount |
|---|---|---|
| On-Demand | None | 0% |
| Reserved Instance | 1 or 3 years + fixed type | Steep |
| Savings Plans | 1 or 3 years + usage | Similar to RI, more flexible |
| Spot | None (interruptible) | Very steep |
Spot uses spare capacity, which AWS may reclaim. Reclaim notice gives about 2 minutes for graceful shutdown. Suitable for batch jobs and restartable workloads.
9. Lightsail
While EC2 has many options and complex pricing, Lightsail (2016) offers fixed-price small VPS rentals. It is often mentioned for small side projects, blogs, and simple web apps. Limits — less freedom and integration than EC2 (though VPC peering with EC2 is possible).
10. Common flow for launching an instance
- Choose AMI (Amazon Linux 2023 · Ubuntu LTS).
- Instance type (start small, e.g.,
t3.small). - VPC and subnet.
- Key pair or enable SSM.
- Security Group (narrow SSH, only 80/443 public).
- EBS volume type and size.
- IAM instance profile.
- (Optional) user data script.
Auto Scaling Group — Launches multiple instances with the same shape and manages health checks, replacement, and scaling. Combine with ALB for availability and scalability.
11. Common pitfalls
t-series CPU credit exhaustion — When average usage exceeds baseline, credits run out and performance drops sharply. For CPU-heavy workloads, use m/c series.
Auto-deleting root volume — The option to delete the root EBS on termination is on by default. Turn it off in the console if the intent differs.
Public IP changes — A stop/start cycle changes the public IP. For a fixed IP, attach an EIP (unattached EIPs bill by the hour).
Ad-hoc changes on production hosts — SSHing in to install packages and forgetting creates non-reproducible instances. Lock the flow with user data, AMI builds, or IaC.
Closing thoughts
EC2's high freedom comes with operational responsibility. For small workloads, Lightsail or App Runner is a simpler answer. Real production typically uses Auto Scaling + ALB + IAM roles + SSM, and ensures determinism with golden AMIs or IaC.
Next
- deploying-options
- iam
EC2 docs · Instance types · EBS docs · Spot guide · Auto Scaling · SSM Session Manager · Lightsail for reference.