Day 2: EC2 Fundamentals - AWS Solutions Architect Preparation

Dhananjay kulkarniDhananjay kulkarni
6 min read

Table of contents

Introduction

These are my notes while preparing for the AWS Solutions Architect Associate-Level exam. I'll cover foundational concepts, hands-on activities, and best practices. Let's start with the first topic: AWS Budget Setup.

AWS Budget Setup (Hands-On)

  1. Navigate to Billing & Cost Management:

    • Click on Billing & Cost Management.

  2. Fixing IAM Permission Issues:

    • Some IAM users might face "permission denied" issues even with admin privileges.

    • To fix this:

      • Login as rootAccountsIAM user & role access to billing infoEditActivate IAM access.

  3. Exploring Billing & Cost Management:

    • View bills & check charges by service.

    • Explore Free Tier & check AWS bill forecast.

  4. Setting Up EC2 Budget:

    • Zero Cost Budget:

      • Billing & Cost ManagementBudgetCreate BudgetUse a templateZero Spend BudgetAdd emailCreate Budget.

    • Monthly Cost Budget ($10 Example):

      • Follow the same procedure, in templates select what you want like “Monthly cost budget“

      • When actual spending reaches 85%, an alert is sent to the email.

EC2 - Elastic Compute Cloud

Overview

  • Most popular AWS offering → Infrastructure as a Service (IaaS)

  • Key Capabilities:

    • Renting VMs (EC2)

    • Storing data on virtual drives (EBS)

    • Distributing load across machines (ELB)

    • Scaling (ASG)

  • EC2 is fundamental to understanding how the cloud works.

EC2 Sizing & Configuration Options:

  • OS: Linux, Windows, Mac

  • CPU: Compute power & cores

  • RAM: Memory allocation

  • Storage: EBS, EFS, or Instance Store

  • Network: Speed, public IP availability

  • Firewall Rules: Security Group settings

EC2 User Data

  • Bootstrapping instance through user data scripts

  • Runs commands when the machine starts

  • Executes only once

  • Automates boot tasks like installations

  • Runs with root user privileges

EC2 Instance Types

  • General-purpose: t2.micro, t2.xlarge

  • Compute-optimized: c5d.4xlarge

  • Memory-optimized: m5.8xlarge

Hands-On: Launching an EC2 Instance & Hosting a Website

Steps to Launch an EC2 Instance

  1. Launch Instance

    • Name: <some name>

    • Add tags (optional), used for identifying resources on AWS

    • AMI: Amazon Linux (Free Tier)

    • Instance Type: t2.micro

    • Key Pair: Create a new key pair

      • Name: <key pair name>

      • Type: RSA

      • Format: .pem (Mac, Windows 10+) or .ppk (Windows 7)

    • Security Group: Allow Ports 22 (SSH) & 80 (HTTP)

  2. User Data (Auto-Startup Script):

#!/bin/bash
yum update -y
yum install httpd -y
systemctl enable httpd
systemctl start httpd
echo "<h1>Hello world from $(hostname -f)</h1>" > /var/www/html/index.html

  1. Launch the Instance

    • Instance will start within a minute.

    • Once ready, note the public IP to access the website.

  2. Paste the public IP of the Instance in your browser, and observe the page being displayed.

Note: If the instance stops and starts again, the public IP will change, but the private IP remains the same.

EC2 Instance Types & Use Cases

1. General Purpose (e.g., m5.xlarge)

  • Balanced compute, memory & networking.

  • Use Case: Web servers, code repositories.

2. Compute Optimized (e.g., c5, c6)

  • For compute-intensive tasks.

  • Use Case: Batch processing, machine learning, media transcoding.

3. Memory Optimized (e.g., r5, r6)

  • For high-performance workloads that process large datasets.

  • Use Case: In-memory databases, BI applications.

4. Storage Optimized

  • For storage-intensive applications.

  • Use Case: Online transaction processing (OLTP), NoSQL databases, distributed file systems.

Introduction to Security Groups

  • Fundamental of network security in AWS

  • They controls how traffic is allowed in or out of EC2 instance.

  • Only Allow Rules (No Deny Rules).

  • Security groups can reference each other by IP.

  • There are firewalls on EC2 instances.

  • Security Groups are regional & VPC-specific.

Security Groups Regulates:

Access to ports
Inbound traffic rules
Outbound traffic rules

Tip: Maintain a separate Security Group for SSH access.

Good to know

  • Can be attached to multiple instances

  • Locked down to a region/VPC combination

  • Live outside of EC2

  • Good to maintain one separate security group for ssh access.

  • If EC2 is not accessible (timeout), then it's an inbound traffic issue or security group issue.

  • Outboud traffic is authorized by default & Inbound traffic is blocked by default

Common Ports to Know

  • 22 → SSH (Secure Shell) & SFTP (Secure File Transfer Protocal)

  • 21 → FTP (File Transfer Protocol)

  • 80 → HTTP (Unsecure Web Traffic)

  • 443 → HTTPS (Secure Web Traffic)

  • 3389 → RDP (Windows Remote Desktop)

Hands-On: Testing Security Group Rules

  • EC2 > security groups > click any security group > details, inbound, outbound rules of the security group present.

  • Deleting port 80 from the security group, the html page that was loaded will say timeout.

  • Now add back the rule you deleted(Security group > Edit Inbound rule > add rule).

SSH into EC2 Instances

Ways to SSH:

  1. SSH (Linux & Mac)

  2. Putty (Windows)

  3. EC2 Instance Connect (No need for key pair)

Try it your self: EC2 Instance Connect

  1. Try connecting using EC2 Instance Connect.

  2. Remove Port 22 from Security Group.

  3. Observe: EC2 Instance Connect fails.

EC2 Instance Roles demo

  • In our aws instance we will have AWS CLI already installed.

  • let's say we want to perform some task like “aws iam list-users”, we will need to configure aws cli in this instance by adding secret access key & access key ID (We have seen this in Day-1 of our series).

  • Now this is a very bad idea as anyone using my account may get access to these credentials.

  • Never apply these keys in real instance & hence an alternative is IAM roles.

Hands-ON

  • Go to Management Console > IAM.

  • Create a role with the policy readIAMonly (I think I have already created in Day-1).

  • Return to the instance > actions > security > modify IAM role.

  • Select the role and save to attach it.

  • Now, run “aws iam list-users” and it works. Hurrah!

EC2 Purchasing Options

1. On-Demand

  • Pay per second/minute.

  • No upfront cost.

  • Best for: Short-term, unpredictable workloads.

2. Reserved Instances (1–3 years)

  • Up to 72% discount vs. On-Demand.

  • Best for steady-state workloads (e.g., databases).

  • Convertible Reserved Instances allow flexibility in type/region.

3. Savings Plans (1–3 years)

  • Commitment to a specific usage ($ amount).

  • Flexible across instance sizes & OS.

4. Spot Instances (90% Discount)

  • Best for fault-tolerant workloads (e.g., batch jobs, data analysis).

  • Instances may be interrupted if demand spikes.

5. Dedicated Hosts

  • Full physical server dedicated to you.

  • Best for: Compliance & custom licensing.

6. Dedicated Instances

  • Hardware dedicated to your AWS account.

  • No control over instance placement.

7. Capacity Reservations

  • Reserve capacity in an AZ without time commitment.

  • Best for short-term capacity needs.

AWS Public IP Costs

  • Free Tier: 750 hours/month for public IPv4.

  • After Free Tier: ~$3.6 per month per public IP.

  • Load Balancers & RDS Databases: No free tier, public IPv4 costs apply.

Stay tuned for Day 3, where we’ll dive into AWS Storage Services! 🚀

1
Subscribe to my newsletter

Read articles from Dhananjay kulkarni directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSCloud Computingsolutionarchitect

Written by

Dhananjay kulkarni
Dhananjay kulkarni

I write articles on Cloud, DevOps & Cybersecurity