What Is Amazon EC2?

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in
the Amazon Web Services (AWS) cloud. Using Amazon EC2 eliminates your need to
invest in hardware up front, so you can develop and deploy applications faster. Amazon
EC2 enables you to scale up or down to handle changes in requirements or spikes in
popularity, reducing your need to forecast traffic.

Amazon EC2 provides the following features:

 Virtual computing environments, known as instances
 Preconfigured templates for your instances, known as Amazon Machine
Images (AMIs), that package the bits you need for your server (including the
operating system and additional software)
 Various configurations of CPU, memory, storage, and networking capacity for
your instances, known as instance types
 Secure login information for your instances using key pairs (AWS stores the
public key, and you store the private key in a secure place)
 Storage volumes for temporary data that's deleted when you stop or terminate
your instance, known as instance store volumes
 Persistent storage volumes for your data using Amazon Elastic Block Store
(Amazon EBS), known as Amazon EBS volumes
 Multiple physical locations for your resources, such as instances and Amazon
EBS volumes, known as regions and Availability Zones
 A firewall that enables you to specify the protocols, ports, and source IP
ranges that can reach your instances using security groups
 Static IPv4 addresses for dynamic cloud computing, known as Elastic IP
addresses
 Metadata, known as tags, that you can create and assign to your Amazon
EC2 resources
 Virtual networks you can create that are logically isolated from the rest of the
AWS cloud, and that you can optionally connect to your own network, known
as virtual private clouds (VPCs)

1|Page
Region and Availability Zone Concepts

Regions

Each Amazon EC2 region is designed to be completely isolated from the other
Amazon EC2 regions. This achieves the greatest possible fault tolerance and
stability.

When you view your resources, you'll only see the resources tied to the region
you've specified. This is because regions are isolated from each other, and we don't
replicate resources across regions automatically.

Availability Zones

When you launch an instance, you can select an Availability Zone or let us choose
one for you. If you distribute your instances across multiple Availability Zones and
one instance fails, you can design your application so that an instance in another
Availability Zone can handle requests.

AMIs

Amazon Web Services (AWS) publishes many Amazon Machine Images (AMIs) that
contain common software configurations for public use.

All AMIs are categorized as either backed by Amazon EBS, which means that the root
device for an instance launched from the AMI is an Amazon EBS volume, or backed
by instance store, which means that the root device for an instance launched from the
AMI is an instance store volume created from a template stored in Amazon S3.
2|Page
Amazon EC2 Root Device Volume
When you launch an instance, the root device volume contains the image used to
boot the instance. Instances that use Amazon EBS for the root device automatically
have an Amazon EBS volume attached. When you launch an Amazon EBS-backed
instance, we create an Amazon EBS volume for each Amazon EBS snapshot
referenced by the AMI you use. You can optionally use other Amazon EBS volumes
or instance store volumes, depending on the instance type. An Amazon EBS-backed
instance can be stopped and later restarted without affecting data stored in the
attached volumes.

 Amazon EC2 provides flexible, cost effective and easy-to-use EC2 storage
options with a unique combination of performance and durability
 Amazon Elastic Block Store (EBS)
 Amazon EC2 Instance Store
 Amazon Simple Storage Service (S3)
 While EBS and Instance store are Block level, Amazon S3 is an Object level
storage

Amazon EC2 Security Groups

You can use security groups to control who can access your instances. These are
analogous to an inbound network firewall that enables you to specify the protocols,
ports, and source IP ranges that are allowed to reach your instances. You can create
multiple security groups and assign different rules to each group. You can then
assign each instance to one or more security groups, and we use the rules to
determine which traffic is allowed to reach the instance. You can configure a security
group so that only specific IP addresses or specific security groups have access to
the instance.

Security Group Rules

The rules of a security group control the inbound traffic that's allowed to reach the
instances that are associated with the security group and the outbound traffic that's
allowed to leave them.

The following are the characteristics of security group rules:

 By default, security groups allow all outbound traffic.

 You can't change the outbound rules for an EC2-Classic security group.

3|Page
  Security group rules are always permissive; you can't create rules that deny
access.
 Security groups are stateful — if you send a request from your instance, the
response traffic for that request is allowed to flow in regardless of inbound
security group rules. For VPC security groups, this also means that responses
to allowed inbound traffic are allowed to flow out, regardless of outbound rules
You can add and remove rules at any time. Your changes are automatically
applied to the instances associated with the security group after a short
period.

Default Security Groups

Your AWS account automatically has a default security group per VPC and per
region for EC2-Classic. If you don't specify a security group when you launch an
instance, the instance is automatically associated with the default security group.

A default security group is named default, and it has an ID assigned by AWS. The
following are the default rules for each default security group:

 Allows all inbound traffic from other instances associated with the default
security group (the security group specifies itself as a source security group in
its inbound rules)
 Allows all outbound traffic from the instance.

4|Page
EC2 Instance Lifecycle

 Pending
 When the instance is first launched is enters into the pending state
 Running
 After the instance is launched, it enters into the running state
 Charges are incurred for every hour or partial hour the instance is running
even if it is idle
 Start & Stop (EBS-backed instances only)
 Only and EBS-backed instance can be stopped and started. Instance store-
bakced instance cannot be stopped and started
 An instance can stopped & started in case the instance fails a status check
or is not running as expected
 Stop
o After the instance is stopped, it enters in stopping state and then to
stopped state.
o Charges are only incurred for the EBS storage and not for the instance
hourly charge or data transfer.
o While the instance is stopped, you can treat its root volume like any other
volume, and modify it for e.g. repair file system problems or update
software or change the instance type, user data, EBS otpmization
attributes etc
o Volume can be detached from the stopped instance, and attached to a
running instance, modified, detached from the running instance, and then
reattached to the stopped instance. It should be reattached using the

5|Page
 storage device name that’s specified as the root device in the block
device mapping for the instance.
 Start
o When the instance is started, it enters into pending state and then into
running
o An instance when stopped and started is launched on a new host
o Any data on an instance store volume (not root volume) would be lost
while data on the EBS volume persists
 EC2 instance retains its private IP address as well as the Elastic IP address.
However, the public IP address, if assigned instead of the Elastic IP address,
would be released
 Charges for full hour are incurred for every transition from stopped to
running, even if the transition is within the same hour for e.g. if you stop and
start your instances 2 times in an hour, you would be charged for 3 full hours,
one for the start and then for the 2 transitions as if you had 3 instances
running during that hour
 Instance reboot
 Both EBS-backed and Instance store-backed instances can be rebooted
 An instance retains it public DNS, public and private IP address during the
reboot
 Data on the EBS and Instance store volume is also retained
 Amazon recommends to use Amazon EC2 to reboot the instance instead of
running the operating system reboot command from your instance as it
performs a hard reboot if the instance does not cleanly shutdown within four
minutes also creates an API record in CloudTrail, if enabled.
 Instance retirement
 An instance is scheduled to be retired when AWS detects irreparable failure
of the underlying hardware hosting the instance.
 When an instance reaches its scheduled retirement date, it is stopped or
terminated by AWS.
 If the instance root device is an Amazon EBS volume, the instance is
stopped, and can be started again at any time.
 If the instance root device is an instance store volume, the instance is
terminated, and cannot be used again.
 Instance Termination
 An instance can be terminated, and it enters into the shutting-down and then
the terminated state
 After an instance is terminated, it can’t be connected and no charges are
incurred
 Instance Shutdown behaviour
o EBS-backed
instance supports InstanceInitiatedShutdownBehavior attribute which
determines whether the instance would be stopped or terminated when a
shutdown command is initiated from the instance itself for e.g. shutdown,
halt or poweroff command in linux.
o Default behaviour for the the instance to be stopped.
o A shutdown command for an Instance store-backed instance will always
terminate the instance

6|Page