EC2 & AWS Compute Services¶
From AWS Apprenticeship notes — the full compute service landscape.
Ultra-Short Summary¶
EC2 is AWS's virtual machine service — you pick the OS, instance type, and configuration. But EC2 is just one compute option. AWS has a full spectrum from bare metal to fully serverless, and choosing the right one depends on how much control vs simplicity you need.
The Compute Spectrum¶
Most control, most management Least control, most managed
↓ ↓
Bare Metal → EC2 → ECS (containers) → Lambda (serverless)
↓
Fargate
(serverless containers)
All AWS Compute Services¶
| Service | What It Is | When to Use |
|---|---|---|
| EC2 | Virtual machines — full OS control | Long-running workloads, custom OS config, legacy lift-and-shift |
| EC2 Auto Scaling Groups | Automatically adjust EC2 count | Variable traffic — scale up/down based on demand |
| ECS | Container orchestration (Docker on AWS) | Containerised microservices without needing Kubernetes |
| EKS | Managed Kubernetes control plane | Need K8s specifically — team expertise or portability |
| Fargate | Serverless compute for containers | Container benefits without managing EC2/clusters |
| Lambda | Serverless functions, pay per request | Event-driven, short-lived tasks, automation |
| Batch | Managed batch job processing | Compute-heavy, scheduled, queue-based workloads |
| Lightsail | Simplified low-cost VPS | Simple apps, personal projects, WordPress |
| Elastic Beanstalk | PaaS — upload code, AWS handles infra | Fast app deployment without DevOps expertise |
| App Runner | Fully managed web app/API hosting | Push repo → auto-deploys, zero config |
| ECR | Private Docker image registry | Store and version container images for ECS/EKS/Fargate |
| Outposts | AWS hardware physically on-prem | Ultra-low latency or strict data residency requirements |
EC2 Instance Types — The Pattern¶
Instance type names follow a pattern: <family><generation>.<size>
m5.xlarge
│ │ └── size: nano, micro, small, medium, large, xlarge, 2xlarge...
│ └──── generation (5 = 5th gen)
└────── family (m = general purpose)
Instance Families¶
| Family | Optimised For | Example Use Case |
|---|---|---|
m |
General purpose (balanced) | Web servers, app servers |
c |
Compute (high CPU) | Gaming, video encoding, ML inference |
r |
Memory (high RAM) | In-memory DB, real-time processing |
t |
Burstable (cheap, shared CPU) | Dev/test, low-traffic apps |
i |
Storage (NVMe instance store) | High I/O databases |
g / p |
GPU | ML training, graphics rendering |
d |
Dense storage | Data warehousing |
hpc |
High Performance Computing | Scientific simulation |
Graviton instances add g suffix to family: m7g, c7g — AWS-built ARM processors, 20-40% better price/performance.
EC2 Pricing Models¶
| Model | How It Works | Best For | Discount vs On-Demand |
|---|---|---|---|
| On-Demand | Pay by hour/second, no commitment | Unpredictable workloads, dev/test | — |
| Reserved | 1 or 3 year commitment | Steady-state, predictable workloads | Up to 72% |
| Savings Plans | Flexible commitment ($/hour for 1-3yr) | Mix of instance types/regions | Up to 66% |
| Spot | Bid on unused capacity, can be interrupted | Fault-tolerant batch, ML training | Up to 90% |
| Dedicated Host | Physical server dedicated to you | Compliance, bring-your-own-license | — |
SAA Pattern
"Steady state + save money" → Reserved or Savings Plans. "Can tolerate interruption" → Spot. "Unpredictable traffic" → On-Demand + Auto Scaling.
EC2 Key Decisions at Launch¶
AMI (Amazon Machine Image)¶
The blueprint for your instance — OS, pre-installed software, initial state.
- AWS-provided: Amazon Linux 2023, Ubuntu, Windows Server
- AWS Marketplace: pre-built software stacks
- Custom AMI: your own image (useful for fast Auto Scaling — no bootstrap delay)
Storage¶
| Type | Persists? | Speed | Use Case |
|---|---|---|---|
| EBS (root volume) | Yes | Fast | OS, application data |
| EBS (additional) | Yes | Fast | Database, logs |
| Instance Store | No (ephemeral) | Very fast | Scratch, cache, temp |
Networking¶
- VPC + Subnet — which network to place the instance in
- Security Group — stateful firewall (what traffic is allowed in/out)
- Public IP — optional, assigned at launch (changes on stop/start)
- Elastic IP — static public IP, persists across stop/start
- Key Pair — SSH access (
.pemfile)
User Data — Bootstrap Scripts¶
Run commands automatically when an EC2 instance first starts:
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from $(hostname)</h1>" > /var/www/html/index.html
Paste this into "User Data" at launch. Useful for: - Installing software - Pulling application code - Configuring services
EC2 Instance Metadata¶
From inside any EC2 instance, you can query metadata about itself:
# IMDSv2 (current standard)
TOKEN=$(curl -X PUT "http://169.254.169.254/latest/api/token" \
-H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
curl -H "X-aws-ec2-metadata-token: $TOKEN" \
http://169.254.169.254/latest/meta-data/instance-id
curl -H "X-aws-ec2-metadata-token: $TOKEN" \
http://169.254.169.254/latest/meta-data/public-ipv4
curl -H "X-aws-ec2-metadata-token: $TOKEN" \
http://169.254.169.254/latest/meta-data/iam/security-credentials/
169.254.169.254 is a link-local address — only reachable from within the EC2 instance.
Security Note
The last endpoint above returns temporary IAM credentials for the attached role. This is the endpoint exploited in SSRF attacks. Always enforce IMDSv2 and least-privilege IAM.
Mental Model¶
Need a server?
↓
Do you need the full OS / custom software?
Yes → EC2
No ↓
Do you need containers?
Yes → ECS Fargate (no servers) or ECS EC2 (you manage servers)
No ↓
Is it event-driven and short-lived?
Yes → Lambda
No ↓
Is it a web app / API you want to deploy fast?
Yes → App Runner or Elastic Beanstalk
SAA Patterns¶
| Scenario | Answer |
|---|---|
| Unpredictable traffic, scale automatically | EC2 + Auto Scaling Group + ALB |
| Long-running batch job, can tolerate interruption | EC2 Spot |
| Steady web server, minimise cost | Reserved Instance or Savings Plan |
| Containerised microservice, no server management | ECS Fargate |
| Simple CRUD API, event-triggered | Lambda |
| Legacy app needs full OS and specific libraries | EC2 |
| Fast deployment of web app from GitHub | App Runner |
30-Second Takeaway¶
- EC2 = full VM, you manage the OS. Fargate = serverless containers. Lambda = serverless functions.
- Instance type pattern: family + generation + size (e.g.
m5.xlarge) tinstances are cheap and burstable.cis compute.ris memory.mis balanced.- Spot = cheapest, can be interrupted. Reserved = commit for discount. On-Demand = flexible.
- Instance metadata at
169.254.169.254— enforce IMDSv2.
Self-Quiz¶
- What does the instance type
c5.2xlargetell you about the instance? - When would you choose Fargate over EC2 for running containers?
- What's the difference between Reserved Instances and Savings Plans?
- Your app has traffic spikes. What EC2 feature handles automatic scaling?
- What is an AMI and when would you create a custom one?
- What's at
169.254.169.254and why is it a security concern? - An EC2 instance needs to access S3 without hardcoded keys. How?
- What instance family would you choose for an in-memory database?