Amazon Elastic Compute Cloud (EC2) is the service that, more than any other, defines what the cloud means: the ability to rent a fully functional computer in seconds, run anything you like on it, and pay only for the time you use it. Before EC2, launching a new server meant buying hardware, racking it in a data center, installing an operating system, and waiting days or weeks. With EC2, the same thing takes a couple of minutes and a single API call.

EC2 sits at the heart of the AWS ecosystem. Web servers, databases, machine-learning training jobs, game servers, CI/CD build runners, and entire enterprise applications all run on EC2 instances. Even many higher-level AWS services are built on top of it behind the scenes. If you are learning AWS, EC2 is the right place to build a solid mental model of how cloud compute works.

This guide is a complete, practical tour of EC2: the core concepts, the instance families and how to read their cryptic names, storage and networking, every pricing model, scaling, and a hands-on walkthrough of launching, connecting to, securing, and monitoring an instance using the Console, the AWS CLI, and the boto3 Python SDK.

What Is Amazon EC2?

EC2 provides resizable compute capacity as virtual machines called instances. Each instance is created from an Amazon Machine Image (AMI) — a template that contains the operating system and any preinstalled software — and runs on a specific instance type that defines how much CPU, memory, storage, and network bandwidth it has.

Because you have full operating-system access (root on Linux, Administrator on Windows), an EC2 instance behaves exactly like a physical server. The difference is everything around it is software-defined and elastic: you can stop it, resize it, clone it from a snapshot, place it in a private network, attach more disks, or throw it away entirely — all through the API.

Core Concepts You Must Know

  • AMI (Amazon Machine Image) — the OS + software template you launch from (Amazon Linux, Ubuntu, Windows Server, or your own custom image).
  • Instance type — the hardware profile (vCPU, RAM, network), e.g. t3.micro or m7g.large.
  • EBS volume — durable network-attached disk storage that persists independently of the instance.
  • Key pair — the public/private keys used to log in securely over SSH.
  • Security group — a virtual firewall controlling inbound and outbound traffic.
  • Region & Availability Zone (AZ) — the geographic location and isolated data center your instance runs in.

The EC2 Instance Lifecycle

An instance moves through well-defined states, and understanding them saves money and confusion:

  • pending — starting up after launch.
  • running — active and billable.
  • stopping / stopped — shut down; you stop paying for compute but still pay for attached EBS storage. The instance keeps its data and can be restarted.
  • terminated — permanently deleted; root EBS volume is usually deleted too.
Key money-saving insight: stopping an instance halts compute charges but keeps your disk; terminating destroys it. Stop instances you'll reuse; terminate ones you're done with.

EC2 Instance Families (and How to Read the Names)

AWS offers dozens of instance types grouped into five families. Picking the right one is the single biggest factor in EC2 cost-efficiency.

  • General Purpose (T3, T4g, M7, M6) — a balanced mix of CPU, memory, and network. The default choice for web servers, microservices, small databases, and dev environments. The T family is burstable: cheap baseline performance with the ability to burst using accrued credits.
  • Compute Optimized (C7, C6) — high CPU-to-memory ratio for batch processing, scientific modeling, high-traffic web servers, game servers, and ML inference.
  • Memory Optimized (R7, X2, High Memory) — large RAM for in-memory caches (Redis), real-time analytics, and big relational databases.
  • Storage Optimized (I4, D3, Im4gn) — very high local-disk IOPS and throughput for data warehouses, distributed file systems, and large NoSQL databases.
  • Accelerated Computing (P5, G6, Inf2, Trn1) — GPUs and custom chips for deep-learning training/inference, video rendering, and HPC.

The instance name encodes everything. Take m7g.large:

  • m — family (general purpose).
  • 7 — generation (higher is newer/faster).
  • g — processor attribute (here, AWS Graviton ARM CPU; i=Intel, a=AMD).
  • large — size within the family (nano < micro < small < medium < large < xlarge < 2xlarge ...).

Storage: EBS vs Instance Store

EC2 instances use two kinds of storage:

  • Amazon EBS (Elastic Block Store) — durable, network-attached volumes that survive instance stops and terminations (if configured). Volume types include gp3 (general-purpose SSD, the default), io2 (high-IOPS SSD for databases), st1 (throughput HDD), and sc1 (cold HDD). You can snapshot EBS volumes to S3 for backups.
  • Instance store — physically attached temporary disk that is fast but ephemeral: data is lost when the instance stops or terminates. Use it only for caches and scratch data.

Networking and Security Groups

Every instance launches inside a VPC (virtual private network) and a subnet. Traffic is controlled by security groups — stateful firewalls where you allow specific ports and source IP ranges. A typical web server allows inbound 443 (HTTPS) from anywhere and 22 (SSH) only from your IP.

Other key networking pieces: an Elastic IP gives an instance a fixed public address; Elastic Network Interfaces (ENIs) are virtual network cards you can attach; and placing instances in private subnets keeps them off the public internet entirely.

EC2 Pricing Models (Choosing the Right One Saves the Most)

  • On-Demand — pay per second with no commitment. Best for short-lived, unpredictable, or first-time workloads.
  • Savings Plans / Reserved Instances — commit to a 1- or 3-year usage level for up to ~72% savings. Best for steady, always-on workloads.
  • Spot Instances — bid on spare capacity for up to ~90% off, but AWS can reclaim them with a two-minute warning. Ideal for fault-tolerant batch jobs, CI, and big-data processing.
  • Dedicated Hosts / Instances — physical isolation for licensing or compliance needs.
  • Free Tier — 750 hours/month of t2.micro/t3.micro for the first 12 months.

Scaling: Auto Scaling and Load Balancing

Real applications rarely run on one fixed server. An Auto Scaling Group (ASG) automatically adds or removes instances based on demand (CPU, request count, or a schedule), while an Elastic Load Balancer (ELB) spreads incoming traffic across them. Together they give you elasticity (pay for what you need right now) and high availability (if one instance or AZ fails, traffic shifts to healthy ones).

Real-World Use Cases

  • Web applications and APIs — instances behind an ELB with Auto Scaling for traffic spikes.
  • Batch and data processing — large fleets of Spot instances crunching jobs cheaply.
  • Machine learning — GPU instances for training, then smaller ones for inference.
  • Lift-and-shift migrations — moving existing on-prem servers to the cloud with minimal changes.
  • Dev/test environments — spin up on demand, stop when idle.

Launching an EC2 Instance: Step by Step (Console)

  1. Open the EC2 console and click Launch instance.
  2. Choose an AMI (e.g. Amazon Linux 2023).
  3. Pick an instance type (e.g. t3.micro for Free Tier).
  4. Select or create a key pair and download the .pem file.
  5. Configure the security group (allow SSH from your IP, HTTP/HTTPS if it's a web server).
  6. Set storage (the default 8–30 GB gp3 volume is fine to start).
  7. Click Launch and wait for the state to become running.

Launching with the AWS CLI

aws ec2 run-instances \
  --image-id ami-0abcdef1234567890 \
  --instance-type t3.micro \
  --key-name my-key-pair \
  --security-group-ids sg-0123456789 \
  --count 1 \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=web-1}]'

# Check what's running
aws ec2 describe-instances \
  --query "Reservations[].Instances[].[InstanceId,State.Name,PublicIpAddress]" \
  --output table

Launching with boto3 (Python)

import boto3

ec2 = boto3.resource("ec2")

instances = ec2.create_instances(
    ImageId="ami-0abcdef1234567890",
    InstanceType="t3.micro",
    KeyName="my-key-pair",
    MinCount=1,
    MaxCount=1,
    TagSpecifications=[{
        "ResourceType": "instance",
        "Tags": [{"Key": "Name", "Value": "web-1"}],
    }],
)
print("Launched instance:", instances[0].id)

Connecting to Your Instance

There are three common ways in:

  • SSH with your key pair (classic):
chmod 400 my-key-pair.pem
ssh -i my-key-pair.pem ec2-user@<PUBLIC_IP>
  • EC2 Instance Connect — browser-based SSH from the Console, no local key needed.
  • AWS Systems Manager Session Manager — the modern best practice: shell access without opening port 22 or managing keys at all.

Monitoring with CloudWatch

EC2 publishes metrics to Amazon CloudWatch — CPU utilization, network in/out, disk I/O — plus two status checks (system and instance). Set alarms (e.g. "CPU > 80% for 5 minutes") to trigger Auto Scaling or notifications. Note that memory and disk-space usage require the CloudWatch agent, as they aren't visible to the hypervisor by default.

Security Best Practices

  • Restrict security groups to specific IPs and ports — never leave SSH open to 0.0.0.0/0.
  • Attach an IAM role to the instance instead of storing access keys on it.
  • Keep instances patched; use immutable AMIs and replace rather than patch in place where possible.
  • Put application and database tiers in private subnets.
  • Prefer Session Manager over open SSH ports.

Common Mistakes to Avoid

  • Leaving idle instances running — the #1 surprise on AWS bills. Stop or terminate them.
  • Over-provisioning — start small, measure with CloudWatch, then right-size.
  • Open security groups — a wide-open port 22 is a top attack vector.
  • Losing the key pair — without the private key you cannot SSH in.
  • Relying on instance store for data — it's wiped on stop/terminate; use EBS.

Frequently Asked Questions

Is stopping an instance free? Compute charges stop, but you still pay for attached EBS volumes and any Elastic IP not in use.

Can I change the instance type later? Yes — stop the instance, change its type, and start it again (works for EBS-backed instances).

What's the difference between a Region and an AZ? A Region is a geographic area (e.g. us-east-1); each Region has multiple isolated Availability Zones for fault tolerance.

Graviton (ARM) or x86? Graviton (the g instances) usually offers better price/performance — great if your software supports ARM.

Summary Table

ConceptWhat it is
AMIOS + software template to launch from
Instance typeHardware profile (vCPU/RAM/network)
EBSDurable network-attached disk
Security groupStateful firewall
Auto ScalingAdds/removes instances automatically
SpotCheap, reclaimable spare capacity

Reference

This article follows the official AWS documentation. Read the full reference here: Amazon EC2 documentation.

Conclusion

EC2 is the foundation of compute on AWS: elastic virtual servers you can launch in minutes and shape to almost any workload. The keys to using it well are choosing the right instance family, picking a pricing model that matches your usage pattern, locking down security groups and using IAM roles, and combining Auto Scaling with load balancing for resilience. Master EC2 and the rest of AWS becomes far easier to reason about, because so much of the platform builds on these same ideas.