# EC2

## **What is EC2?** 

* It’s just a computer in the cloud that you can rent from Amazon.
* Like a laptop you can open anytime without owning the hardware.
* Elastic = you can make it big or small, and turn it on or off when you want.

### **Key Parts**

1. Instance – The actual “cloud computer” you run.
2. AMI (Amazon Machine Image) – The “template” of your computer (like choosing Windows, Linux, or preloaded software).
3. Instance Type – The size and power (tiny like a phone or huge like a supercomputer).
4. EBS (Elastic Block Store) – Your hard drive for EC2.
5. Security Groups – The firewall that decides who can talk to your EC2.
6. Key Pair – Your secret key to log in (like the house key).
7. Elastic IP – Your public phone number for the EC2.

### **How EC2 Works (Step-by-Step)**

1. You launch an EC2 from the AWS console or CLI.
2. Choose:
   * AMI (OS)
   * Instance type (power)
   * Storage size (EBS)
   * Network (VPC, subnet, ENI)
3. Attach a Security Group to allow/deny access.
4. Download your Key Pair (to connect via SSH or RDP).
5. Start the instance → it’s live and running.

## **EC2 Networking** 

* Public Subnet → EC2 has public IP (directly reachable from internet).
* Private Subnet → EC2 only reachable inside VPC (needs NAT to go to internet).
* ENI (Elastic Network Interface) → Like EC2’s network card.
* Elastic IP → Permanent public IP you can attach to EC2.

## **EC2 Storage Options**

* EBS – Persistent storage (keeps data after stop/start).
* Instance Store – Temporary storage (data gone when instance stops).
* EFS – Shared file system (multiple EC2s can use it).

## **Scaling & Availability** 

* Auto Scaling → Automatically add/remove EC2s based on traffic.
* Load Balancers (ALB/NLB) → Spread traffic between EC2s.
* Multi-AZ → Run EC2s in different Availability Zones for high availability.

## **EC2 Pricing Models**

1. On-Demand – Pay by the hour/second (flexible).
2. Reserved Instances – Commit 1–3 years, cheaper.
3. Spot Instances – Cheap but can be interrupted anytime.
4. Savings Plans – Flexible commitment for discounts.

## **EC2 Security** 

* Use IAM roles instead of hardcoding keys.
* Keep EC2 in private subnets if not needed on the internet.
* Enable SSM Session Manager for secure login without SSH keys.
* Patch regularly and monitor with Amazon Inspector + GuardDuty.
* Encrypt data with EBS encryption and TLS for communication.

<mark style="color:red;">**Key Points:**</mark>

* Always choose the right instance family:
  * T-series → General use
  * M-series → Balanced
  * C-series → Compute-heavy
  * R-series → Memory-heavy
  * G/P-series → Graphics/ML
* Tag instances for tracking costs.
* Use CloudWatch to monitor CPU, memory, and network.
* Take EBS snapshots for backup.

## **Instance Metadata** <a href="#lecture_heading" id="lecture_heading"></a>

*Instance metadata* is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups.

<figure><img src="https://1856860631-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FsNc001Xcz63mWjGXymkd%2Fuploads%2FeWqns8h4Igu2vrf7HxuL%2Fimage.png?alt=media&#x26;token=edff960c-9766-47e9-a4c8-b5dac60474a0" alt=""><figcaption></figcaption></figure>

```
curl http://169.254.169.254/latest/meta-data/public-ipv4
curl http://169.254.169.254/latest/meta-data/public-hostname

wget http://s3.amazonaws.com/ec2metadata/ec2-metadata
chmod u+x ec2-metadata

ec2-metadata --help
ec2-metadata -a
ec2-metadata -z
ec2-metadata -s
```