Amazon Elastic Compute Cloud (Amazon EC2) is the foundational compute service in AWS, enabling users to launch virtual servers in the cloud. This chapter covers EC2's core concepts, instance types, pricing models, and key features, all of which are heavily tested on the CLF-C02 exam. This objective falls under Domain 3: Cloud Technology Services, which makes up approximately 30% of the exam. Mastery of EC2 is critical because it underpins most AWS architectures and appears in many scenario-based questions.
Jump to a section
Imagine you run a bakery that delivers fresh bread daily. Owning a fleet of delivery trucks means you pay for the trucks, insurance, maintenance, and parking whether you use them or not. If demand spikes during holidays, your owned trucks may be insufficient, forcing you to turn away orders. If demand drops, your trucks sit idle, wasting money. Now consider renting trucks from a company that has a massive pool of vehicles. You pick the truck model (e.g., a small van for local deliveries or a large refrigerated truck for long hauls), rent it by the hour or day, and return it when done. You pay only for what you use. If demand spikes, you rent more trucks instantly. If demand drops, you rent fewer. The rental company handles maintenance, fuel efficiency, and insurance. This is exactly how Amazon EC2 works: you rent virtual servers (instances) from AWS's massive pool, choosing the size, operating system, and other configurations. You pay per second or per hour, scale up or down on demand, and AWS manages the underlying hardware. Just as you wouldn't buy a truck for a single delivery, you don't buy physical servers for a short-term workload; you use EC2.
What is Amazon EC2 and What Problem Does It Solve?
Amazon Elastic Compute Cloud (EC2) provides resizable compute capacity in the cloud. Before cloud computing, organizations had to purchase, rack, and maintain physical servers. This process was slow (weeks to procure), capital-intensive (large upfront costs), and inflexible (fixed capacity). EC2 solves these problems by allowing you to launch virtual servers, called instances, in minutes, paying only for what you use. You can choose from a wide variety of instance types optimized for different workloads, and you can scale up or down based on demand.
How EC2 Works: The Mechanism
EC2 instances run on physical hosts managed by AWS. Each instance is a virtual machine (VM) with a specified amount of CPU, memory, storage, and networking capacity. Here’s the step-by-step mechanism:
Amazon Machine Image (AMI): An AMI is a template that contains the software configuration (operating system, application server, and applications). When you launch an instance, you select an AMI. AWS provides many pre-built AMIs (e.g., Amazon Linux, Ubuntu, Windows Server) and you can create custom AMIs.
Instance Type: You choose an instance type, which defines the hardware of the host computer. Instance types are grouped into families: General Purpose (e.g., t3, m5), Compute Optimized (e.g., c5), Memory Optimized (e.g., r5), Storage Optimized (e.g., i3), and Accelerated Computing (e.g., p3 for GPUs). Each type has varying vCPU and memory ratios.
Network Configuration: You specify a Virtual Private Cloud (VPC), subnet, and security group rules. Security groups act as virtual firewalls controlling inbound and outbound traffic.
Storage: You attach storage volumes. The root volume is typically an Amazon Elastic Block Store (EBS) volume. You can also attach additional EBS volumes or instance store volumes (ephemeral storage that persists only during the instance lifecycle).
Key Pair: For SSH access (Linux) or RDP access (Windows), you specify a key pair. AWS stores the public key, and you keep the private key.
Launch: AWS allocates the instance on a physical host, boot the AMI, and attaches the network and storage. The instance receives a private IP address and optionally a public IP or Elastic IP.
Lifecycle: You can stop, start, reboot, terminate, or hibernate an instance. Stopping and starting can change the public IP (unless using Elastic IP) and the underlying host. Terminating deletes the instance and attached EBS volumes (if delete on termination is enabled).
Key Instance Lifecycle States
pending: The instance is being launched. Billing hasn't started.
running: The instance is running. Billing starts as soon as the instance enters running state.
stopping / stopped: The instance is shut down. You are not charged for instance usage, but you are charged for any attached EBS volumes (storage).
terminated: The instance is permanently deleted. You cannot recover a terminated instance.
hibernated: The instance is hibernated (saves RAM contents to EBS). You are charged for EBS storage and any Elastic IP addresses, but not for instance usage.
Pricing Models
EC2 offers several pricing models to optimize costs:
On-Demand: Pay per second (minimum 60 seconds) for running instances. No upfront commitment. Ideal for unpredictable workloads or development/testing.
Reserved Instances (RI): Reserve capacity for a 1- or 3-year term and receive a significant discount (up to 72% compared to On-Demand). You can pay All Upfront, Partial Upfront, or No Upfront. Standard RIs provide a capacity reservation, while Convertible RIs allow changing instance attributes.
Savings Plans: Similar to RIs but more flexible. You commit to a consistent amount of compute usage (measured in $/hour) for 1 or 3 years, and AWS applies the discount to any EC2, Lambda, or Fargate usage. Compute Savings Plans are the most flexible, allowing changes in instance family, region, and OS.
Spot Instances: Purchase unused EC2 capacity at up to 90% discount. Instances can be interrupted with a 2-minute warning when AWS needs the capacity back. Ideal for fault-tolerant, stateless workloads like batch processing, data analysis, or CI/CD.
Dedicated Hosts: Physical servers dedicated for your use. You control instance placement and can use your own server-bound software licenses. Billed per host.
Dedicated Instances: Instances running on hardware dedicated to a single customer, but you do not control the physical host. Billed per instance.
EC2 Instance Types (Common Families)
General Purpose (A1, T3, T3a, T4g, M5, M5a, M6g): Balanced compute, memory, and networking. Ideal for web servers, small databases, and development environments. T3 instances offer burstable CPU performance using CPU credits.
Compute Optimized (C5, C5a, C6g): High-performance processors. Ideal for batch processing, media transcoding, high-performance web servers, and scientific modeling.
Memory Optimized (R5, R5a, R6g, X1, X1e, z1d, high memory): Large memory per vCPU. Ideal for in-memory caches, real-time big data analytics, and large databases.
Storage Optimized (I3, I3en, D2, H1): High sequential read/write access to large datasets on local storage. Ideal for data warehousing, Hadoop, and distributed file systems.
Accelerated Computing (P3, P4, G4ad, G5, Inf1, F1): Hardware accelerators (GPUs, FPGAs). Ideal for machine learning, graphics rendering, and financial simulations.
Comparison to On-Premises
With on-premises servers, you have upfront capital expenditure (CapEx), long procurement cycles, and fixed capacity. With EC2, you have operational expenditure (OpEx), instant provisioning, and elasticity. EC2 also provides global reach via AWS Regions and Availability Zones, built-in security (e.g., VPC, security groups), and integration with other AWS services (e.g., Auto Scaling, Elastic Load Balancing, CloudWatch).
When to Use EC2 vs Alternatives
Use EC2 when you need full control over the operating system, software stack, and networking. Alternatives include: - AWS Lambda: Serverless compute for short-running functions (max 15 minutes). No server management. Best for event-driven workloads. - AWS Elastic Beanstalk: PaaS that automatically handles capacity provisioning, load balancing, and scaling for your application. You upload code and Elastic Beanstalk deploys it on EC2 instances behind the scenes. - AWS Fargate: Serverless compute engine for containers. You define containers without managing the underlying EC2 instances. - AWS Lightsail: Simplified, pre-configured VPS for users who want a simpler management experience. Includes a fixed monthly price with bundled resources.
The exam tests your ability to choose the right compute service based on requirements like control, scaling, cost, and management overhead.
Launch an EC2 Instance
1. Open the EC2 console and click 'Launch Instance'. 2. Choose an AMI (e.g., Amazon Linux 2 AMI (HVM), SSD Volume Type). 3. Choose an instance type (e.g., t2.micro, which is eligible for the Free Tier). 4. Configure instance details: number of instances, network (VPC), subnet, auto-assign public IP, IAM role, shutdown behavior, and termination protection. 5. Add storage: default is an 8 GiB General Purpose SSD (gp2) root volume. You can add more volumes. 6. Add tags: key-value pairs to organize resources. 7. Configure security group: create a new one or select an existing one. For SSH access, add rule for port 22 from your IP. 8. Review and launch. You must select or create a key pair. 9. After launching, the instance enters 'pending' state, then 'running'. You can connect via SSH (Linux) or RDP (Windows) using the private key.
Stop and Start an Instance
1. In the EC2 console, select the instance and choose 'Instance State' > 'Stop'. 2. The instance performs a graceful shutdown (like 'shutdown -h now'). 3. Instance state changes to 'stopping' then 'stopped'. While stopped, you are not charged for instance usage, but you are charged for any attached EBS volumes. 4. To start, select the instance and choose 'Instance State' > 'Start'. The instance boots from the root EBS volume. Note: Starting an instance may move it to a different underlying host, and the public IP address may change (unless you have an Elastic IP). 5. The instance enters 'pending' then 'running'. Billing resumes. Stopping and starting is useful to change instance type, move to a different Availability Zone (by launching a new instance from an AMI), or troubleshoot OS-level issues.
Create an AMI from a Running Instance
1. Select a running instance in the EC2 console. 2. Choose 'Actions' > 'Image and templates' > 'Create image'. 3. Provide an image name and description. 4. By default, AWS reboots the instance to ensure file system integrity. You can choose 'No reboot' for faster creation, but this may result in an inconsistent image. 5. After creation, the AMI appears in the AMIs section (under Images). The instance remains running. 6. You can now launch new instances from this custom AMI. This is useful for creating golden images with pre-installed software, patches, and configurations. AMIs are stored in Amazon S3 (though you don't directly manage them) and are charged for the underlying EBS snapshots. You can share AMIs with other AWS accounts or make them public.
Use Auto Scaling to Scale EC2 Instances
1. Create a launch template or launch configuration that defines the AMI, instance type, security group, and other settings. 2. Create an Auto Scaling group (ASG) specifying the launch template, VPC and subnets, and desired capacity (minimum, maximum, and desired number of instances). 3. Attach a scaling policy: simple scaling (based on CloudWatch alarms), step scaling, or target tracking (e.g., maintain average CPU at 50%). 4. ASG automatically launches or terminates instances to maintain the desired count. It can also distribute instances across multiple Availability Zones for high availability. 5. ASG integrates with Elastic Load Balancing (ELB) to automatically register new instances. 6. You can also use scheduled scaling for predictable traffic patterns. ASG is free; you only pay for the EC2 instances and other resources launched.
Purchase a Reserved Instance
1. In the EC2 console, go to 'Reserved Instances' and click 'Purchase Reserved Instances'. 2. Select the instance type (e.g., m5.large), platform (Linux/Windows), tenancy (default or dedicated), and offering class (standard or convertible). 3. Choose term: 1 year or 3 years. Longer terms yield higher discounts. 4. Choose payment option: All Upfront (highest discount), Partial Upfront, or No Upfront. 5. Specify the number of instances and optionally a scope (regional or zonal). Regional RIs provide a discount to any instance in that region meeting the attributes; zonal RIs reserve capacity in a specific Availability Zone. 6. Review and purchase. AWS applies the discount to matching running instances. You can sell unused RIs on the Reserved Instance Marketplace. Note: RIs are not physical; they are billing discounts. You still launch On-Demand instances, but the RI discount covers the usage.
Scenario 1: E-Commerce Website with Variable Traffic
An online retailer experiences heavy traffic during Black Friday and low traffic during off-peak seasons. They use EC2 with Auto Scaling and Elastic Load Balancing (ELB) to handle the load. During normal days, they run a small number of t3.large instances behind an Application Load Balancer. As traffic increases, CloudWatch alarms trigger Auto Scaling to add more instances (e.g., c5.large compute-optimized for product search). During Black Friday, they might also use Spot Instances for stateless tasks like image processing. Cost considerations: they use a mix of Reserved Instances for the baseline capacity (3-year partial upfront) and On-Demand/Spot for peak. Misconfiguration: if the security group is too permissive (e.g., open to 0.0.0.0/0 for SSH), attackers could brute-force access. Additionally, if the Auto Scaling group's minimum and maximum are set incorrectly, the site could either be under-provisioned (crashes) or over-provisioned (waste).
Scenario 2: Big Data Batch Processing
A data analytics company processes terabytes of log files every night. They use a cluster of EC2 Spot Instances (r5.large memory-optimized) to run Apache Spark jobs. They launch a fleet using a Spot Fleet request that diversifies across instance types and Availability Zones to reduce interruption risk. The jobs are fault-tolerant: if an instance is reclaimed, the job restarts on another instance. Cost savings: up to 90% compared to On-Demand. Misconfiguration: if the job is not designed to handle interruptions (e.g., checkpointing intermediate results), partial progress is lost, leading to longer runtimes. Also, if the Spot price exceeds the bid price, instances are terminated, potentially causing job failure.
Scenario 3: Development and Test Environments
A software development team needs multiple isolated environments for testing. They use EC2 instances with different AMIs (Windows for .NET apps, Amazon Linux for Python apps). Developers launch instances on-demand during work hours and stop them overnight to save costs. They use tags to track costs per project. They also use EC2 Instance Connect for SSH access without managing keys. Cost considerations: they use T3 burstable instances for low CPU workloads; if they consistently burst above baseline, they may incur additional charges. Misconfiguration: if they forget to stop instances, they incur unnecessary charges. They set up AWS Budgets and CloudWatch alarms to alert on cost anomalies.
What CLF-C02 Tests on EC2
The exam tests your understanding of EC2's core concepts, pricing models, instance types, and the shared responsibility model. You must know:
The difference between On-Demand, Reserved Instances, Savings Plans, Spot Instances, and Dedicated Hosts.
Which pricing model is best for which scenario (e.g., Spot for fault-tolerant batch jobs, Reserved for steady-state workloads).
The basic instance families (General Purpose, Compute Optimized, Memory Optimized, Storage Optimized, Accelerated Computing) and typical use cases.
How EC2 fits with other services like Auto Scaling, ELB, and EBS.
The lifecycle states: pending, running, stopping, stopped, terminated, hibernated.
The fact that you are billed per second (minimum 60 seconds) for On-Demand instances.
That stopping an instance does not incur compute charges, but EBS storage charges continue.
That terminating an instance deletes the root EBS volume by default (delete on termination).
Common Wrong Answers and Why Candidates Choose Them
Choosing Spot Instances for a production database: Candidates think Spot is always cheaper, but Spot Instances can be interrupted. Databases need persistent, reliable storage; Spot is unsuitable unless the database is designed for interruptions.
Thinking Reserved Instances are physical servers: RIs are billing discounts, not actual instances. You still launch On-Demand instances; the RI discount is applied.
Believing that stopping an instance stops billing entirely: Billing for EBS volumes and Elastic IPs continues. Only compute charges stop.
Confusing Dedicated Hosts with Dedicated Instances: Dedicated Hosts give you visibility and control over physical host (sockets, cores) for license purposes; Dedicated Instances run on dedicated hardware but you don't control the host.
Assuming all instance types are available in all Regions: Instance availability varies by Region. The exam may ask which instance type is available in a given Region; check the AWS documentation.
Specific Terms That Appear on the Exam
AMI (Amazon Machine Image)
EBS (Elastic Block Store)
Instance Store (ephemeral storage)
Security Group (stateful firewall)
Key Pair (public/private key for SSH/RDP)
Elastic IP (static public IP)
Placement Group (cluster, partition, spread)
Hibernation (saves instance RAM to EBS)
Termination Protection (prevents accidental termination)
Tricky Distinctions
Security Groups vs. Network ACLs: Security groups are stateful (allow return traffic automatically), NACLs are stateless (must allow both inbound and outbound). EC2 questions often test this.
EBS vs. Instance Store: EBS persists after instance termination (if not deleted), Instance Store data is lost on stop/termination.
On-Demand vs. Spot vs. Reserved: The exam expects you to pick the most cost-effective option given workload characteristics (e.g., steady-state, fault-tolerant, time-sensitive).
Decision Rule for Multiple Choice
When asked to choose an EC2 pricing model, follow this elimination strategy: 1. Does the workload require continuous, predictable usage? -> Reserved Instance or Savings Plan. 2. Is the workload fault-tolerant and can handle interruptions? -> Spot Instance. 3. Is the workload unpredictable or short-term? -> On-Demand. 4. Are there licensing requirements tied to physical cores? -> Dedicated Host. 5. Does the customer need isolation from other customers? -> Dedicated Instance.
EC2 provides resizable virtual servers in the cloud; you pay per second (min 60 sec) for On-Demand instances.
Instance types are grouped into families: General Purpose (T3, M5), Compute Optimized (C5), Memory Optimized (R5), Storage Optimized (I3), and Accelerated Computing (P3, G4).
Pricing models include On-Demand, Reserved Instances (1 or 3 years), Savings Plans, Spot Instances (up to 90% discount but can be interrupted), and Dedicated Hosts.
An AMI is a template for launching an instance; you can use AWS-provided or custom AMIs.
Security groups are stateful firewalls controlling traffic to/from EC2 instances.
Stopping an instance stops compute billing but EBS storage charges continue; terminating deletes the instance and root volume by default.
Auto Scaling automatically adjusts the number of EC2 instances based on demand; integrates with ELB.
Spot Instances are ideal for stateless, fault-tolerant workloads like batch processing; not for production databases.
Reserved Instances are billing discounts, not physical servers; they apply to matching running instances.
EC2 falls under the Shared Responsibility Model: AWS manages the physical infrastructure; you manage the guest OS, security groups, and applications.
These come up on the exam all the time. Here's how to tell them apart.
On-Demand Instances
Pay per second with no upfront commitment
Ideal for short-term, unpredictable workloads
No discount; full price
No capacity reservation (unless using On-Demand Capacity Reservation)
Can be launched or terminated at any time
Reserved Instances
Pay upfront (or partial) for 1 or 3 years for a discount
Ideal for steady-state, predictable workloads
Up to 72% discount compared to On-Demand
Capacity reservation (for Standard RIs in a specific AZ)
Cannot change instance attributes (except Convertible RIs)
Mistake
EC2 instances are free as part of the Free Tier forever.
Correct
The Free Tier includes 750 hours per month of t2.micro or t3.micro instances for 12 months. After 12 months or if you exceed 750 hours, you pay standard rates.
Mistake
Stopping an EC2 instance stops all billing.
Correct
While compute charges stop, you are still billed for any attached EBS volumes (storage) and any Elastic IP addresses not associated with a running instance.
Mistake
Reserved Instances are physical servers reserved for you.
Correct
Reserved Instances are a billing discount applied to On-Demand instances that match the reservation attributes. You do not get a dedicated physical server unless you purchase a Dedicated Host.
Mistake
You can only use one instance type per account.
Correct
You can launch many instances of different types simultaneously, subject to service limits (e.g., default limit of 5-20 vCPUs per region, adjustable).
Mistake
Spot Instances are always cheaper than On-Demand.
Correct
Spot Instances can be up to 90% cheaper, but they can be terminated by AWS with a 2-minute notice. They are not suitable for all workloads, and the price can fluctuate.
Stopping an instance shuts it down gracefully; you can start it again later. The root EBS volume persists. You are not charged for compute while stopped, but you are charged for EBS storage. Terminating an instance permanently deletes it; you cannot recover it. By default, the root EBS volume is also deleted (you can change this by disabling 'Delete on Termination'). Terminated instances are not billed for compute or storage (except for any volumes you explicitly set to not delete).
Yes, you can change the instance type (e.g., from t2.micro to t3.small) by stopping the instance, then selecting 'Change Instance Type' from the Actions menu. The instance must be in the 'stopped' state. Not all instance types are compatible; the new type must be supported by the AMI and the instance's virtualization type (HVM or PV). After changing, start the instance. Note that changing the instance type may move the instance to a different underlying host.
A security group acts as a virtual firewall for an EC2 instance. It is stateful: if you allow inbound traffic, the outbound return traffic is automatically allowed, regardless of outbound rules. A network ACL (NACL) acts as a firewall for a subnet. It is stateless: you must explicitly allow both inbound and outbound traffic. Security groups support allow rules only; NACLs support allow and deny rules. Security groups are evaluated as a whole; NACLs are evaluated in order by rule number.
An Elastic IP is a static, public IPv4 address that you can associate with an EC2 instance. By default, when you stop and start an instance, its public IP changes. If you need a consistent public IP for DNS or whitelisting, you use an Elastic IP. You are charged for an Elastic IP if it is not associated with a running instance (to encourage efficient use). You can remap an Elastic IP to another instance quickly, which is useful for failover.
As of October 2017, EC2 billing is per second (with a 60-second minimum) for On-Demand, Reserved, and Spot Instances that run Linux. For instances running Windows or other operating systems, billing is per hour (minimum 1 hour). The per-second billing applies to instances launched in any region. This change made short-lived instances more cost-effective.
EBS (Elastic Block Store) provides persistent block-level storage volumes that can be attached to an EC2 instance. Data persists even if the instance is stopped or terminated (unless you choose to delete on termination). Instance store provides temporary block-level storage that is physically attached to the host computer. Data on instance store persists only during the lifetime of the instance; if the instance stops, terminates, or fails, data is lost. Instance store is ideal for temporary data like caches, buffers, or scratch data.
Yes, you can install and manage a database (e.g., MySQL, PostgreSQL, Oracle) directly on an EC2 instance. This gives you full control over the database configuration, but you are responsible for backups, patching, replication, and high availability. AWS RDS is a managed database service that automates these tasks. The exam may ask you to choose between EC2 and RDS based on control vs. management overhead.
You've just covered Amazon EC2 — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?