Back to all cheatsheets

AWS EC2

Updated May 22, 2026
6 min read
Developer Reference
VirtualizationCloud

AWS EC2

Updated: May 22, 2026Categories: Virtualization, Cloud

Printed from:

AWS EC2 Cheatsheet: Cloud Computing and Virtual Machines

Overview

Amazon Elastic Compute Cloud (EC2) provides scalable, on-demand compute capacity in the cloud, enabling flexible and cost-effective infrastructure deployment.

Core Concepts

  • Infrastructure as a Service (IaaS)
  • Virtual Machine Instances
  • Elastic Scaling
  • Pay-as-you-go Pricing
  • Nitro System (underlying hypervisor for modern instance families)

Key Components

  1. EC2 Instances

    • Compute units with various configurations
    • Multiple instance families and types

  2. Amazon Machine Images (AMIs)

    • Preconfigured templates
    • Operating system and application packages
    • Support for AMI block public access

  3. Security Groups

    • Stateful virtual firewalls
    • Control inbound/outbound traffic

  4. Launch Templates

    • Reusable instance configuration (preferred over deprecated launch configurations)

Instance Types

  1. General Purpose

    • Balanced compute, memory, networking
    • Web servers, small databases
    • Examples: M7i, M7g (Graviton3), M7a (AMD), T3, T4g

  2. Compute Optimized

    • High-performance processors
    • Batch processing, scientific modeling, gaming servers
    • Examples: C7i, C7g, C7a

  3. Memory Optimized

    • Large memory capacity
    • High-performance databases, in-memory caches
    • Examples: R7i, R7g, X2idn, U7i (high memory)

  4. Storage Optimized

    • High I/O performance
    • Data warehousing, distributed file systems
    • Examples: I4i, Im4gn, D3, H1

  5. Accelerated Computing

    • GPU/FPGA/ML-accelerator workloads
    • Examples: P5 (H100), G6, Trn1/Trn2 (Trainium), Inf2 (Inferentia)

Note: Older generation families (T2, M4, C4, R4) are still available but newer Nitro-based generations are recommended for better price/performance.

Provisioning Workflow

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# EC2 Instance Creation (Console)
1. Select Amazon Machine Image (AMI)
2. Choose instance type
3. Configure instance details (VPC, IAM role, IMDSv2)
4. Add storage (gp3 recommended by default)
5. Configure security group
6. Review and launch

# AWS CLI Provisioning (use a current AMI ID from SSM Parameter Store)
AMI_ID=$(aws ssm get-parameter \
    --name /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64 \
    --query 'Parameter.Value' --output text)

aws ec2 run-instances \
    --image-id "$AMI_ID" \
    --count 1 \
    --instance-type t3.micro \
    --key-name MyKeyPair \
    --metadata-options "HttpTokens=required,HttpEndpoint=enabled" \
    --block-device-mappings '[{"DeviceName":"/dev/xvda","Ebs":{"VolumeType":"gp3","Encrypted":true}}]'

Key Management Commands

Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# Instance Management
aws ec2 describe-instances
aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Instance Connect / SSM (preferred over opening SSH to the world)
aws ec2-instance-connect ssh --instance-id i-1234567890abcdef0
aws ssm start-session --target i-1234567890abcdef0

# Security Group Configuration
aws ec2 create-security-group --group-name web-sg --description "Web SG" --vpc-id vpc-xxxx
aws ec2 authorize-security-group-ingress \
    --group-id sg-xxxx --protocol tcp --port 443 --cidr 0.0.0.0/0

Networking Configurations

  • Virtual Private Cloud (VPC) — default and custom
  • Elastic IP addresses (charged when unassociated)
  • Elastic Network Interfaces (ENIs)
  • Subnets (public, private, isolated)
  • Internet and NAT gateways
  • VPC endpoints (Gateway and Interface/PrivateLink)
  • IPv6 dual-stack and IPv6-only subnets
  • Enhanced networking via ENA / ENA Express
  • Elastic Fabric Adapter (EFA) for HPC/ML

Storage Options

  1. Elastic Block Store (EBS)

    • Persistent block-level storage
    • Volume types: gp3 (default general purpose), gp2, io2 / io2 Block Express, st1, sc1
    • Snapshots, fast snapshot restore, snapshot archive, recycle bin
    • Encryption by default (account-level setting recommended)
    • Multi-Attach (io2) for clustered workloads

  2. Instance Store

    • Temporary (ephemeral) block-level storage
    • Very high I/O performance (NVMe)
    • Data lost on stop/terminate

  3. Amazon EFS / FSx

    • Shared file systems for use with EC2

Security Best Practices

  1. Use IAM roles (instance profiles) — never embed credentials
  2. Enforce IMDSv2 (HttpTokens=required) on all instances
  3. Enable EBS encryption by default and use KMS CMKs
  4. Patch with AWS Systems Manager Patch Manager
  5. Use security groups and NACLs; least-privilege ingress
  6. Prefer SSM Session Manager / EC2 Instance Connect over public SSH
  7. Enable AMI and EBS snapshot block public access
  8. Centralize audit with CloudTrail, AWS Config, Security Hub, GuardDuty
  9. Use AWS Verified Access / Verified Permissions for zero-trust access

Cost Optimization Strategies

  • Savings Plans (Compute and EC2 Instance) — preferred over Reserved Instances for flexibility
  • Reserved Instances (Standard / Convertible)
  • Spot Instances (with capacity-optimized allocation strategy and Spot Fleet / EC2 Fleet)
  • Auto Scaling with mixed instance policies
  • Right-sizing via Compute Optimizer
  • Migrate to Graviton (ARM64) instances for up to ~40% price/performance gain
  • Use gp3 instead of gp2 EBS volumes
  • Tag-based cost allocation and AWS Cost Explorer
  • Stop or hibernate idle dev/test instances

Performance Optimization

  • Choose appropriate instance type and generation (Nitro-based)
  • Use cluster, partition, or spread placement groups
  • Enable enhanced networking (ENA, ENA Express, EFA)
  • Tune EBS: gp3 with provisioned IOPS/throughput, io2 Block Express
  • Use local NVMe instance store for scratch data
  • Leverage CPU options (threads-per-core) for licensed workloads

Scaling Techniques

  1. Horizontal Scaling

    • EC2 Auto Scaling groups with launch templates
    • Predictive, target-tracking, step, and scheduled scaling
    • Warm pools for faster scale-out

  2. Vertical Scaling

    • Stop, change instance type, restart
    • Live resize of EBS volumes (Elastic Volumes)

Monitoring and Logging

  • Amazon CloudWatch (metrics, alarms, dashboards)
  • CloudWatch Agent for in-guest metrics/logs
  • CloudTrail (API auditing)
  • VPC Flow Logs and Traffic Mirroring
  • AWS X-Ray for distributed tracing
  • Health Dashboard and EC2 instance health checks

Backup and Disaster Recovery

  • EBS snapshots (incremental, cross-region/cross-account copy)
  • AMI creation and AMI sharing
  • AWS Backup for centralized, policy-driven backups
  • Multi-AZ and multi-Region architectures
  • AWS Elastic Disaster Recovery (AWS DRS)
  • Recycle Bin for accidental deletion protection

Compliance and Governance

  • AWS Config rules and conformance packs
  • AWS Organizations and Service Control Policies (SCPs)
  • AWS Control Tower for landing zones
  • AWS Audit Manager
  • Compliance programs: SOC, PCI DSS, HIPAA, FedRAMP, ISO

Integration Ecosystem

  • AWS Lambda
  • Elastic Container Service (ECS) and ECS Anywhere
  • Elastic Kubernetes Service (EKS) and EKS Anywhere
  • CloudFormation, CDK, Terraform
  • AWS Systems Manager (Patch, Run Command, State Manager, Inventory)
  • Image Builder for golden AMIs

Hybrid and Edge Scenarios

  • AWS Direct Connect
  • Site-to-Site and Client VPN
  • AWS Outposts (EC2 on-premises)
  • Local Zones and Wavelength Zones
  • AWS Snow Family for edge compute
  • Migration via AWS Application Migration Service (MGN)

Purchasing / Tenancy Models

  • On-Demand Instances
  • Savings Plans (Compute / EC2 Instance)
  • Reserved Instances (Standard / Convertible)
  • Spot Instances
  • Dedicated Instances and Dedicated Hosts (for BYOL and compliance)
  • Capacity Reservations and On-Demand Capacity Reservations in Capacity Blocks for ML

Deprecations to Be Aware Of

  • EC2-Classic has been fully retired — use VPC only
  • IMDSv1 should be disabled; require IMDSv2 tokens
  • Launch Configurations are deprecated — use Launch Templates
  • gp2 is superseded by gp3 for most workloads
  • Older instance families (T2, M4, C4, R4, etc.) are still supported but newer generations offer better price/performance

Recommended Learning Resources

  • AWS Documentation and EC2 User Guide
  • AWS Skill Builder (Training and Certification)
  • AWS Whitepapers and Prescriptive Guidance
  • AWS Well-Architected Framework (and EC2-focused lenses)
  • AWS Workshops and Hands-on Labs

Recommended Learning Path

  1. Cloud computing fundamentals
  2. AWS core services (IAM, VPC, S3, EC2)
  3. EC2 deep dive (Nitro, instance families, networking, storage)
  4. Architecture design with the Well-Architected Framework
  5. Security, identity, and compliance
  6. Automation with IaC (CloudFormation, CDK, Terraform) and Systems Manager
  7. Cost optimization, observability, and advanced scaling patterns

Continue Learning

Discover more cheatsheets to boost your productivity

All CheatsheetsMore VirtualizationSearch Library
Skip to content