AWS EC2: Instances, AMIs, Security Groups, and Pricing
EC2 is the foundational AWS compute service. Here's what certification exams test — instance types, security groups, and pricing.
EC2 instance basics
An EC2 instance is a virtual server in the cloud. You choose the operating system (via AMI), compute capacity, and network settings.
# Core concepts: # AMI (Amazon Machine Image) — OS + pre-installed software template # Instance type — CPU, memory, storage, networking specs # Key pair — SSH key for secure access # Security group — virtual firewall controlling traffic # Elastic IP — static public IP address # Instance lifecycle: # Pending → Running → Stopping → Stopped → Terminated # # Stopped vs Terminated: # Stopped: instance is off, EBS data persists, still billed for storage # Terminated: instance deleted, EBS deleted (unless configured otherwise)
Instance type families
Instance types are grouped into families optimised for different workloads.
# General Purpose — balanced compute/memory/network # t3, t4g — burstable (good for dev/test, variable load) # m5, m6i — steady workloads # Compute Optimised — high CPU, lower memory # c5, c6i — batch processing, HPC, gaming servers # Memory Optimised — high memory/CPU ratio # r5, r6i, x1 — in-memory databases, real-time processing # Storage Optimised — high sequential I/O # i3, d2 — data warehousing, distributed file systems # Accelerated Computing # p3, p4, g4dn — GPU instances: ML training, video rendering # Naming convention: m5.xlarge # m = family, 5 = generation, xlarge = size
Security groups
Security groups act as virtual firewalls. They control inbound and outbound traffic at the instance level.
# Security group rules: # Inbound rules: traffic ALLOWED INTO the instance # Outbound rules: traffic ALLOWED OUT of the instance (default: all allowed) # Rules specify: # - Type (SSH, HTTP, HTTPS, custom) # - Protocol (TCP, UDP, ICMP) # - Port range (22, 80, 443, or range like 8000-9000) # - Source (IP CIDR, security group ID) # Example: web server security group # Inbound: HTTP (80) from 0.0.0.0/0 (anywhere) # Inbound: HTTPS (443) from 0.0.0.0/0 # Inbound: SSH (22) from your-office-IP/32 only # Outbound: All traffic (default) # Key properties: # - Stateful: if inbound is allowed, response is automatically allowed # - Default: deny all inbound, allow all outbound
EC2 pricing models
Choosing the right pricing model can save up to 90% vs On-Demand.
# On-Demand # - Pay by the hour/second, no commitment # - Most expensive, maximum flexibility # - Use: unpredictable workloads, dev/test # Reserved Instances (RI) # - 1 or 3 year commitment # - Up to 72% cheaper than On-Demand # - Use: steady-state, predictable workloads # Spot Instances # - Use spare EC2 capacity # - Up to 90% cheaper than On-Demand # - Can be interrupted with 2-minute notice # - Use: batch jobs, data processing, fault-tolerant workloads # Savings Plans # - Flexible alternative to RIs # - Commit to $/hour spend, not specific instance type # - Applies to EC2, Lambda, and Fargate # Dedicated Host # - Physical server dedicated to you # - Use: compliance requirements, bring-your-own-license
Exam tip
The most common EC2 exam question: "Which pricing model for a steady-state, 24/7 web server?" — Reserved Instances (1 or 3 year). For unpredictable/batch: On-Demand or Spot. For compliance: Dedicated Hosts.
Think you're ready? Prove it.
Take the free AWS readiness test. Get a score, topic breakdown, and your exact weak areas.
Take the free AWS test →Free · No sign-up · Instant results