This chapter covers EC2 Launch Templates, a fundamental component for automating and standardizing EC2 instance deployments. For the SAA-C03 exam, launch templates are critical because they are the recommended way to define instance configuration for Auto Scaling groups, Spot Fleet, and on-demand instances. Expect approximately 5-10% of exam questions to touch on launch templates, often in the context of Auto Scaling, high availability, and cost optimization. Mastering launch templates is essential for designing resilient and scalable architectures.
Jump to a section
Think of a launch template like a detailed blueprint for building a custom car. A blueprint specifies the exact engine type, transmission, wheel size, paint color, and interior materials. When you want to build a car, you hand the blueprint to the factory, and they produce an identical car every time. Without a blueprint, you'd have to specify every part from scratch each time, increasing the chance of errors or inconsistencies. Similarly, a launch template stores all the parameters needed to launch an EC2 instance: AMI ID, instance type, key pair, security groups, subnet, user data, and block device mappings. When you launch an instance using the template, AWS uses that blueprint to create a consistent instance. You can also create versions of the template (like blueprint revisions) to update parameters without breaking existing instances. Auto Scaling groups use launch templates to ensure every new instance matches the desired configuration, just as a car factory uses the same blueprint to produce multiple identical cars. This eliminates manual configuration errors and ensures repeatability at scale.
What is an EC2 Launch Template and Why It Exists
An EC2 Launch Template is a configuration template that defines the parameters required to launch an EC2 instance. Introduced in 2017, it supersedes the older launch configurations (which are now legacy and not recommended for new deployments). The primary purpose of a launch template is to provide a reusable, versioned, and shareable blueprint for instance launches. This ensures consistency across multiple instances, simplifies management, and enables advanced features like Auto Scaling, Spot Instances, and fleet management.
How It Works Internally
When you create a launch template, you specify a set of parameters that AWS stores as a resource in your account. Each template can have multiple versions (starting at version 1). When you launch an instance using a launch template, AWS reads the template parameters and applies them to the new instance. The launch template is not a running entity; it is a static configuration object. The actual instance launch process follows these steps:
Template Selection: You specify the launch template (and optionally a version) when calling RunInstances, CreateAutoScalingGroup, or RequestSpotFleet.
Parameter Resolution: AWS resolves the parameters from the template. If you override any parameter at launch time (e.g., a different instance type), the override takes precedence over the template value.
Instance Launch: AWS uses the resolved parameters to launch the instance, provisioning the specified AMI, instance type, network settings, storage, and user data.
Lifecycle: The instance runs independently of the launch template. Changing the template after launch does not affect running instances; only new launches use the updated template.
Key Components, Values, Defaults, and Timers
A launch template can include the following parameters (with defaults where applicable):
AMI ID (required): The ID of the Amazon Machine Image. No default; must be specified.
Instance Type (optional): e.g., t3.micro. If not specified, you must provide it at launch.
Key Pair: Name of the key pair for SSH access. If omitted, no key pair is assigned (instance is inaccessible via SSH unless using Systems Manager).
Security Groups: One or more security group IDs or names. Default: the default VPC security group.
Subnet: Subnet ID for the network interface. If not specified, you must specify it at launch (e.g., in Auto Scaling group).
User Data: Script or cloud-init directives to run at boot. Max size: 16 KB (base64-encoded).
IAM Instance Profile: ARN of the instance profile that grants permissions to the instance.
Block Device Mappings: Define EBS volumes, including size (in GiB), volume type (gp3, io1, etc.), encryption, and delete on termination (default: true for root volume).
Instance Metadata Options: Configure whether IMDSv1 or IMDSv2 is required. Default: both enabled (IMDSv1 and IMDSv2).
Network Interfaces: Specify elastic network interface (ENI) settings, including device index, associate public IP address (default: depends on subnet settings), and source/destination check.
Tag Specifications: Tags to apply to resources created during launch (instances, volumes, etc.).
Placement Group: Placement group name or ARN for instance placement.
Capacity Reservation: Specify a capacity reservation to target.
Elastic GPU: Attach an Elastic Graphics accelerator.
Elastic Inference: Attach an Elastic Inference accelerator.
License Specifications: Bring your own license (BYOL) configurations.
Hibernation Options: Enable hibernation (default: disabled).
Metadata Options: Set hop limit for IMDS (default: 1).
Enable NitroTPM: Enable Trusted Platform Module (default: disabled).
Enable UDP on VPC Endpoint: For certain network interfaces (default: disabled).
Versioning: Each launch template has a version number (integer, starting at 1). You can create new versions with updated parameters. The default version is the one you mark as default. When launching, you can specify:
- $Default (the default version)
- $Latest (the highest-numbered version)
- A specific version number (e.g., 2)
Limits:
Maximum launch templates per region: 1,000 (soft limit, can be increased).
Maximum versions per launch template: 1,000.
Maximum size of a launch template: 64 KB (including all parameters).
Configuration and Verification Commands
Using the AWS CLI, you can create a launch template with the following command:
aws ec2 create-launch-template \
--launch-template-name MyTemplate \
--version-description "Production version" \
--launch-template-data '{
"ImageId": "ami-0abcdef1234567890",
"InstanceType": "t3.micro",
"KeyName": "my-key-pair",
"SecurityGroups": ["sg-0123456789abcdef0"],
"UserData": "IyEvYmluL2Jhc2gKZWNobyAiSGVsbG8i"
}'To view existing templates:
aws ec2 describe-launch-templatesTo view versions of a template:
aws ec2 describe-launch-template-versions \
--launch-template-name MyTemplateTo launch an instance using a template:
aws ec2 run-instances \
--launch-template LaunchTemplateName=MyTemplate,Version=$Default \
--subnet-id subnet-0123456789abcdef0Interaction with Related Technologies
Auto Scaling Groups: ASGs require a launch template (or legacy launch configuration) to define what to launch. The ASG uses the template to create new instances during scale-out or replacement. You can update the template version in the ASG to roll out new configurations gradually.
Spot Fleet: Spot Fleet requests use launch templates to define the instance specifications for Spot Instances.
On-Demand Capacity Reservations: Launch templates can specify a capacity reservation to ensure capacity is available.
AWS CloudFormation: You can define launch templates as resources in CloudFormation templates using the AWS::EC2::LaunchTemplate resource type.
AWS Systems Manager: User data in launch templates can install the SSM Agent and run scripts for patching or configuration.
Important: Launch templates do not store launch history or instance IDs. They are purely configuration objects. To see which instances were launched from a template, you must tag instances with the template name or version during launch.
Create the Launch Template
Start by defining the launch template in the AWS Management Console, CLI, or SDK. You must provide at least an AMI ID. Optionally, you can specify instance type, key pair, security groups, subnet, user data, IAM role, block device mappings, and tags. Each parameter you include becomes part of the template version. If you omit a parameter, you can provide it at launch time. The template is stored as a resource in your account, and you can create up to 1,000 templates per region, each with up to 1,000 versions.
Create a New Version (Optional)
To update the template without affecting existing instances, create a new version. For example, if you need to change the AMI to a newer version, create version 2 with the new AMI ID. The old version (1) remains unchanged and can still be used to launch instances with the old configuration. You can set any version as the default. When you launch an instance without specifying a version, AWS uses the default version. Use the `$Latest` alias to always use the highest-numbered version.
Launch an Instance Using the Template
When you launch an instance, you specify the launch template and optionally a version. AWS reads the template parameters and applies them. If you override any parameter (e.g., a larger instance type), the override takes precedence. The instance is launched in the specified subnet (if provided in the template or at launch). The user data script executes during first boot. The instance is independent of the template after launch; changing the template does not affect running instances.
Associate with Auto Scaling Group
To use the launch template with an Auto Scaling group, specify the template name and version when creating or updating the ASG. The ASG uses the template to launch new instances during scale-out events or when replacing unhealthy instances. If you update the template version in the ASG, new instances will use the new configuration, while existing instances remain unchanged. This allows for rolling updates by terminating old instances and letting the ASG launch new ones with the updated template.
Monitor and Audit Launches
Use AWS CloudTrail to log API calls related to launch templates, such as `CreateLaunchTemplate`, `RunInstances` (which references the template), and `CreateAutoScalingGroup`. You can also tag instances with the launch template name and version during launch (by specifying tag specifications in the template). This allows you to identify which instances were launched from which template version. Use AWS Config rules to enforce that instances are launched only from approved launch templates.
Enterprise Scenario 1: Standardized Web Server Fleet
A large e-commerce company runs a fleet of 100 web servers behind an Application Load Balancer. They use an Auto Scaling group with a launch template that specifies the latest Amazon Linux 2 AMI, t3.medium instance type, a security group allowing HTTP/HTTPS, an IAM role for S3 access, and user data that installs the web server and pulls the application code from S3. The launch template ensures every new instance is identical, reducing configuration drift. When a new AMI is released, they create a new template version and update the ASG to use $Latest. They gradually terminate old instances (using a lifecycle hook) to perform a rolling update. Without launch templates, they would need to manually specify all parameters each time they replace an instance, risking misconfiguration.
Enterprise Scenario 2: Spot Instance Workloads with Diverse Instance Types
A data analytics company runs large-scale batch processing jobs on Spot Instances. They use a Spot Fleet request with a launch template that defines multiple instance types (e.g., c5.xlarge, c5.2xlarge, m5.large) and a common AMI and user data. The launch template allows them to specify the same configuration across different instance types. They also set instance metadata options to require IMDSv2 for security. The Spot Fleet automatically selects the cheapest available instance type from the list. If they need to update the AMI, they create a new version of the launch template and update the Spot Fleet request. This approach simplifies management and reduces costs by leveraging Spot Instances.
Common Misconfigurations
Missing required parameters: Forgetting to specify an AMI ID in the template or at launch causes an error. Always ensure the template has at least the AMI.
Not versioning properly: Updating a launch template in-place (by overwriting the default version) can break existing ASGs if they rely on a specific version. Always create a new version for changes.
User data size limit: User data is limited to 16 KB (base64-encoded). Large scripts should be stored in S3 and downloaded via user data.
Subnet not specified in ASG: If the launch template does not include a subnet, the ASG must specify subnets in its configuration. Otherwise, the launch fails.
IAM role not attached: For instances that need to access AWS services, the IAM instance profile must be specified in the template. Forgetting this leads to permission errors.
Performance Considerations
Launch templates themselves have no performance impact; they are configuration objects. However, using templates with many parameters (e.g., many block device mappings) can increase the API call size but not launch time. The number of versions does not affect performance. For large fleets, ensure your CloudTrail logging does not get overwhelmed by launch events.
What SAA-C03 Tests on Launch Templates
The SAA-C03 exam focuses on the following objectives related to launch templates: - Objective 2.1: Design highly available and/or fault-tolerant architectures (using Auto Scaling with launch templates). - Objective 1.2: Define and enforce AWS account security (IAM roles in launch templates). - Objective 2.3: Design high-performing and elastic compute solutions (Spot Fleet, instance types). - Objective 3.1: Determine cost-optimized storage (EBS volume types in block device mappings).
Common Wrong Answers and Why
"Launch configurations are the recommended way to define Auto Scaling instances." – This is false. Launch configurations are legacy and do not support versioning, tagging of volumes, or many modern features. The exam expects you to choose launch templates over launch configurations.
"You can update a launch template and running instances will automatically reflect the changes." – False. Launch templates only affect new launches. To update running instances, you must terminate and relaunch, or use a rolling update via ASG.
"Launch templates can only be used with Auto Scaling groups." – False. They can be used with any RunInstances call, Spot Fleet, and EC2 Fleet.
"The default version of a launch template is always the most recently created version." – False. The default version is explicitly set by the user. Initially, version 1 is the default. You can change the default to any version.
Specific Numbers and Terms to Memorize
Maximum launch templates per region: 1,000 (soft limit).
Maximum versions per template: 1,000.
User data maximum size: 16 KB (base64-encoded).
Version aliases: $Default and $Latest.
Launch templates support versioning; launch configurations do not.
Launch templates support T2/T3 unlimited credits, Elastic Inference, and placement groups; launch configurations do not.
Edge Cases and Exceptions
Cross-account sharing: Launch templates can be shared across accounts using AWS RAM (Resource Access Manager). This allows a central IT team to define templates and share them with other accounts.
Default version deletion: You cannot delete the default version of a launch template. You must first set another version as default.
Empty parameters: If you leave a parameter empty in the template, you must provide it at launch. For example, if you omit the subnet, you must specify it when running instances.
Template deletion: Deleting a launch template deletes all its versions. Any ASGs or Spot Fleets that reference the template will fail on next launch attempt.
How to Eliminate Wrong Answers
If a question mentions "launch configuration" as a solution, check if versioning or advanced features are needed. If so, launch configuration is the wrong answer.
If a question asks about updating instances without downtime, look for options involving new template versions and rolling updates via ASG, not direct template modification.
If a question involves multiple instance types for Spot, the answer likely involves a launch template with multiple instance types in the Spot Fleet request.
Launch templates are the recommended way to define EC2 instance configuration for Auto Scaling, Spot Fleet, and on-demand launches.
Each launch template can have up to 1,000 versions; versioning allows safe updates without affecting running instances.
User data in a launch template is limited to 16 KB (base64-encoded).
Launch templates can be shared across accounts using AWS Resource Access Manager (RAM).
The default version of a launch template is set by the user; $Latest refers to the highest-numbered version.
Launch templates support T2/T3 unlimited, Elastic Inference, and placement groups; launch configurations do not.
If a launch template includes a subnet, you cannot override it in an Auto Scaling group.
Deleting a launch template deletes all versions and breaks any Auto Scaling groups or Spot Fleets that reference it.
These come up on the exam all the time. Here's how to tell them apart.
Launch Template
Supports versioning (up to 1,000 versions per template)
Can be used with RunInstances, ASGs, Spot Fleet, EC2 Fleet
Supports advanced features: T2/T3 unlimited, Elastic Inference, placement groups, tagging of volumes
Can be shared across accounts via AWS RAM
Recommended for all new deployments
Launch Configuration
No versioning; each configuration is a separate resource
Only usable with Auto Scaling groups
Limited features: no T2/T3 unlimited, no Elastic Inference, no placement groups
Cannot be shared across accounts
Legacy; not recommended for new deployments
Mistake
Launch templates are only for Auto Scaling groups.
Correct
Launch templates can be used with any EC2 instance launch, including single instances via RunInstances, Spot Fleet, EC2 Fleet, and even AWS services like AWS Batch. They are a general-purpose configuration tool.
Mistake
Updating a launch template automatically updates running instances.
Correct
Launch templates are static blueprints. Changes to a template only affect instances launched after the change. Existing instances remain unchanged. To update running instances, you must terminate and relaunch or use a rolling update strategy.
Mistake
The $Latest version of a launch template is the same as the default version.
Correct
$Latest refers to the highest-numbered version (most recently created). The default version is explicitly set by the user and can be any version. They are often different.
Mistake
You can specify a subnet in a launch template and use it with an Auto Scaling group that also specifies subnets.
Correct
If a launch template includes a subnet, you cannot override it in the ASG. The ASG will use the subnet from the template. To use multiple subnets, omit the subnet from the template and specify them in the ASG.
Mistake
Launch templates support all the same features as launch configurations.
Correct
Launch templates support many features that launch configurations do not, such as versioning, T2/T3 unlimited, Elastic Inference, placement groups, and tagging of volumes. Launch configurations are legacy and have fewer features.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Launch templates are the modern replacement for launch configurations. They support versioning, advanced features like T2/T3 unlimited and Elastic Inference, and can be used with RunInstances, Spot Fleet, and EC2 Fleet. Launch configurations are legacy, have no versioning, and can only be used with Auto Scaling groups. For the SAA-C03 exam, always choose launch templates over launch configurations.
Yes. Launch templates are static blueprints. Updating a template (by creating a new version) does not affect any instances already launched from previous versions. Only new launches will use the updated template. To update running instances, you must terminate and relaunch them using the new template version.
Launch templates themselves do not support multiple instance types. To use multiple instance types, you specify the instance types in the Spot Fleet request or EC2 Fleet request, and reference a launch template that contains the common configuration (e.g., AMI, security groups). The launch template can have a single instance type as a fallback, but the fleet request overrides it.
The Auto Scaling group will fail when it tries to launch new instances because the template no longer exists. Existing instances continue to run, but the ASG cannot scale out or replace unhealthy instances. To avoid this, always ensure templates are not deleted if they are in use. You can update the ASG to use a different template before deletion.
Yes, as long as you specify a subnet that belongs to that VPC. You can either include the subnet in the launch template or provide it at launch time (e.g., in the ASG configuration). The launch template itself is not VPC-specific; it is a set of parameters that can be applied to any subnet.
Use AWS Config with a managed rule like `ec2-instance-launch-template-enabled` to check that instances are launched from approved launch templates. You can also use service control policies (SCPs) to restrict the RunInstances API to only allow instances that reference specific templates.
The user data must be base64-encoded and the raw data before encoding cannot exceed 16 KB. If you have a larger script, store it in S3 and use user data to download and execute it.
You've just covered EC2 Launch Templates — now see how well it sticks with free SAA-C03 practice questions. Full explanations included, no account needed.
Done with this chapter?