⏱ Duration: 5 Hours
📚 Learning Objectives
- Understand EC2 and its use cases
- Learn about instance types and families
- Create and manage key pairs
- Configure security groups
- Launch and connect to EC2 instances
📖 Core Concepts (2 Hours)
What is EC2?
Amazon Elastic Compute Cloud (EC2) provides scalable virtual servers in the cloud. It's the backbone of AWS compute services.
- Instances: Virtual servers running your applications
- AMI: Amazon Machine Image - template for instances
- Instance Types: CPU, memory, storage configurations
- Security Groups: Virtual firewall for instances
- Key Pairs: SSH keys for secure access
EC2 Instance Types
Instance Type Format: [Family][Generation].[Size]
Example: t3.medium, m5.large, c6i.xlarge
Instance Families:
├── General Purpose (t3, m5, m6i)
│ └── Balanced compute, memory, networking
│
├── Compute Optimized (c5, c6i)
│ └── High-performance processors
│
├── Memory Optimized (r5, r6i, x2)
│ └── Large datasets in memory
│
├── Storage Optimized (i3, d2)
│ └── High sequential read/write
│
└── Accelerated Computing (p4, g5)
└── GPU instances for ML/graphics
Free Tier: t2.micro or t3.micro (750 hours/month)
Amazon Machine Images (AMIs)
AMI Types:
├── AWS Provided
│ ├── Amazon Linux 2023
│ ├── Ubuntu Server
│ ├── Windows Server
│ └── Red Hat Enterprise Linux
│
├── AWS Marketplace
│ └── Pre-configured software stacks
│
├── Community AMIs
│ └── Shared by AWS community
│
└── Custom AMIs
└── Your own configured images
# Find AMIs via CLI
aws ec2 describe-images \
--owners amazon \
--filters "Name=name,Values=amzn2-ami-hvm-*-x86_64-gp2" \
--query 'Images[*].[ImageId,Name,CreationDate]' \
--output table
Security Groups
Security Group = Virtual Firewall
Rules:
┌─────────────────────────────────────────────────┐
│ Type │ Protocol │ Port │ Source │
├───────────┼──────────┼──────┼──────────────────┤
│ SSH │ TCP │ 22 │ Your IP │
│ HTTP │ TCP │ 80 │ 0.0.0.0/0 │
│ HTTPS │ TCP │ 443 │ 0.0.0.0/0 │
│ Custom │ TCP │ 3000 │ 10.0.0.0/16 │
└───────────┴──────────┴──────┴──────────────────┘
Key Points:
• Stateful: Return traffic automatically allowed
• Default: All inbound denied, all outbound allowed
• Can reference other security groups
• Changes apply immediately
Key Pairs
Key Pair = SSH Authentication
# Create key pair via CLI
aws ec2 create-key-pair \
--key-name my-key \
--query 'KeyMaterial' \
--output text > my-key.pem
# Set permissions
chmod 400 my-key.pem
# List key pairs
aws ec2 describe-key-pairs --output table
# Delete key pair
aws ec2 delete-key-pair --key-name my-key
# Important:
# - Private key is shown ONLY at creation
# - Store securely, cannot be recovered
# - One key pair can be used for multiple instances
🔬 Hands-on Lab (2.5 Hours)
Lab 1: Create Key Pair and Security Group
- Create an SSH key pair
- Create a security group with SSH access
# Create key pair
aws ec2 create-key-pair \
--key-name devops-key \
--query 'KeyMaterial' \
--output text > devops-key.pem
chmod 400 devops-key.pem
# Get default VPC ID
VPC_ID=$(aws ec2 describe-vpcs \
--filters "Name=is-default,Values=true" \
--query 'Vpcs[0].VpcId' --output text)
# Create security group
SG_ID=$(aws ec2 create-security-group \
--group-name devops-sg \
--description "DevOps training security group" \
--vpc-id $VPC_ID \
--query 'GroupId' --output text)
# Add SSH rule (restrict to your IP in production)
aws ec2 authorize-security-group-ingress \
--group-id $SG_ID \
--protocol tcp \
--port 22 \
--cidr 0.0.0.0/0
# Add HTTP rule
aws ec2 authorize-security-group-ingress \
--group-id $SG_ID \
--protocol tcp \
--port 80 \
--cidr 0.0.0.0/0
echo "Security Group ID: $SG_ID"
Lab 2: Launch EC2 Instance via Console
- Navigate to EC2 Dashboard
- Click "Launch Instance"
- Configure instance settings
# Console Steps:
1. EC2 Dashboard → Launch Instance
2. Name: "devops-server"
3. AMI: Amazon Linux 2023 (Free tier eligible)
4. Instance Type: t2.micro
5. Key Pair: Select devops-key
6. Network Settings:
- VPC: Default
- Security Group: devops-sg
7. Storage: 8 GB gp3 (default)
8. Review and Launch
# Wait for "Running" state
# Note the Public IP address
Lab 3: Launch EC2 Instance via CLI
- Find the latest Amazon Linux 2023 AMI
- Launch instance with CLI
- Get instance details
# Get latest Amazon Linux 2023 AMI
AMI_ID=$(aws ec2 describe-images \
--owners amazon \
--filters "Name=name,Values=al2023-ami-2023*-x86_64" \
"Name=state,Values=available" \
--query 'Images | sort_by(@, &CreationDate) | [-1].ImageId' \
--output text)
echo "AMI ID: $AMI_ID"
# Launch instance
INSTANCE_ID=$(aws ec2 run-instances \
--image-id $AMI_ID \
--instance-type t2.micro \
--key-name devops-key \
--security-group-ids $SG_ID \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=devops-cli-server}]' \
--query 'Instances[0].InstanceId' \
--output text)
echo "Instance ID: $INSTANCE_ID"
# Wait for instance to be running
aws ec2 wait instance-running --instance-ids $INSTANCE_ID
# Get public IP
PUBLIC_IP=$(aws ec2 describe-instances \
--instance-ids $INSTANCE_ID \
--query 'Reservations[0].Instances[0].PublicIpAddress' \
--output text)
echo "Public IP: $PUBLIC_IP"
Lab 4: Connect and Manage Instance
- SSH into the instance
- Install and run a web server
- Stop and terminate instance
# Connect via SSH
ssh -i devops-key.pem ec2-user@$PUBLIC_IP
# Inside instance - install and start nginx
sudo yum install -y nginx
sudo systemctl start nginx
sudo systemctl enable nginx
# Test (from local machine)
curl http://$PUBLIC_IP
# Instance management
aws ec2 stop-instances --instance-ids $INSTANCE_ID
aws ec2 start-instances --instance-ids $INSTANCE_ID
aws ec2 reboot-instances --instance-ids $INSTANCE_ID
# Terminate instance (clean up)
aws ec2 terminate-instances --instance-ids $INSTANCE_ID
# Clean up security group and key pair
aws ec2 delete-security-group --group-id $SG_ID
aws ec2 delete-key-pair --key-name devops-key
rm devops-key.pem
✅ Day 2 Checklist
- Understand EC2 instance types and families
- Can create and manage key pairs
- Can configure security groups
- Successfully launched EC2 instance
- Connected via SSH
- Can start, stop, terminate instances