Ultimate Amazon EC2 Cheatsheet

Introduction to Amazon EC2

Amazon Elastic Compute Cloud (EC2) is a core service of Amazon Web Services (AWS) that provides scalable compute capacity in the cloud. EC2 eliminates the need to invest in hardware upfront, allowing users to develop and deploy applications faster. It enables you to launch virtual servers (instances), configure security and networking, and manage storage. EC2’s pay-as-you-go model lets you scale capacity up or down as needed, paying only for what you use. EC2 is the foundation of many cloud architectures, offering the flexibility, reliability, and affordability needed for workloads ranging from web applications to high-performance computing.

EC2 Core Concepts

Instance Types Overview

Instance Size Scaling

Note: Exact specifications vary by instance family. This is a general pattern.

EC2 Instance States

EC2 Storage Options

Amazon EBS Volume Types

Instance Store vs EBS Comparison

Networking Features

VPC and EC2 Networking

Security Group Rules Syntax

Inbound Rules Format:

Protocol: [tcp/udp/icmp/all]
Port Range: [port or range]
Source: [CIDR block / security group ID / prefix list]
Description: [optional description]

Outbound Rules Format:

Protocol: [tcp/udp/icmp/all]
Port Range: [port or range]
Destination: [CIDR block / security group ID / prefix list]
Description: [optional description]

Common Security Group Configurations:

EC2 Purchasing Options

Instance Purchasing Model Comparison

Reserved Instance Types

EC2 Management and Deployment

AMI Creation and Management

# Create AMI from running instance
aws ec2 create-image --instance-id i-1234567890abcdef0 --name "My AMI" --description "My custom AMI"

# Copy AMI to another region
aws ec2 copy-image --source-region us-east-1 --source-image-id ami-12345678 --name "My AMI Copy" --region us-west-2

# Share AMI with another account
aws ec2 modify-image-attribute --image-id ami-12345678 --launch-permission "Add={UserId=123456789012}"

# Make AMI public (use with caution)
aws ec2 modify-image-attribute --image-id ami-12345678 --launch-permission "Add={Group=all}"

EC2 Launch Templates vs. Launch Configurations

User Data Example (Linux)

#!/bin/bash
# Update system packages
yum update -y

# Install web server
yum install -y httpd

# Start web server
systemctl start httpd
systemctl enable httpd

# Create a simple web page
echo "<html><body><h1>Hello from EC2</h1></body></html>" > /var/www/html/index.html

User Data Example (Windows)

<powershell>
# Install IIS
Install-WindowsFeature -name Web-Server -IncludeManagementTools

# Create a simple web page
New-Item -Path "C:\inetpub\wwwroot\index.html" -ItemType File -Value "<html><body><h1>Hello from EC2</h1></body></html>"

# Set administrator password
$admin = [adsi]("WinNT://./administrator, user")
$admin.SetPassword("MySecurePassword123!")
</powershell>

EC2 Auto Scaling

Auto Scaling Components

Common Scaling Policies

Auto Scaling CLI Examples

# Create Auto Scaling group
aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name my-asg \
  --launch-template LaunchTemplateId=lt-1234567890abcdef0,Version='$Latest' \
  --min-size 2 \
  --max-size 10 \
  --desired-capacity 2 \
  --vpc-zone-identifier "subnet-1234567890abcdef0,subnet-0987654321abcdef0"

# Configure target tracking scaling policy
aws autoscaling put-scaling-policy \
  --auto-scaling-group-name my-asg \
  --policy-name cpu70-target-tracking-scaling-policy \
  --policy-type TargetTrackingScaling \
  --target-tracking-configuration file://config.json

# Content of config.json:
# {
#   "TargetValue": 70.0,
#   "PredefinedMetricSpecification": {
#     "PredefinedMetricType": "ASGAverageCPUUtilization"
#   }
# }

EC2 Load Balancing

Load Balancer Types

Common Load Balancer Settings

EC2 Monitoring and Management

CloudWatch Metrics for EC2

CloudWatch Alarm Example (CLI)

# Create alarm for high CPU utilization
aws cloudwatch put-metric-alarm \
  --alarm-name ec2-high-cpu \
  --alarm-description "Alarm when CPU exceeds 80%" \
  --metric-name CPUUtilization \
  --namespace AWS/EC2 \
  --statistic Average \
  --period 300 \
  --threshold 80 \
  --comparison-operator GreaterThanThreshold \
  --dimensions Name=InstanceId,Value=i-1234567890abcdef0 \
  --evaluation-periods 2 \
  --alarm-actions arn:aws:sns:us-east-1:123456789012:my-topic

CloudWatch Agent Configuration (Basic)

{
  "metrics": {
    "append_dimensions": {
      "InstanceId": "${aws:InstanceId}"
    },
    "metrics_collected": {
      "mem": {
        "measurement": ["mem_used_percent"]
      },
      "disk": {
        "measurement": ["used_percent"],
        "resources": ["/"]
      }
    }
  },
  "logs": {
    "logs_collected": {
      "files": {
        "collect_list": [
          {
            "file_path": "/var/log/messages",
            "log_group_name": "/var/log/messages"
          }
        ]
      }
    }
  }
}

EC2 Security Best Practices

Security Checklist

1. Instance Hardening

   • Use up-to-date AMIs
   • Regularly patch OS and applications
   • Remove unnecessary services and ports
   • Implement host-based firewalls

2. Access Control

   • Use IAM roles instead of access keys
   • Implement least privilege principles
   • Rotate credentials regularly
   • Use SSH keys for Linux, complex passwords for Windows

3. Network Security

   • Restrict security groups to necessary traffic
   • Place instances in private subnets where possible
   • Use VPC endpoints for AWS service access
   • Implement network monitoring and logging

4. Data Protection

   • Encrypt EBS volumes and snapshots
   • Encrypt sensitive data in transit
   • Implement backup and recovery procedures
   • Secure AMIs with sensitive configurations

5. Compliance and Auditing

   • Enable CloudTrail for API call logging
   • Configure CloudWatch for monitoring
   • Implement tagging for resource tracking
   • Regular security assessments and audits

EC2 Compliance Summary

EC2 Cost Optimization

Cost Optimization Strategies

Cost Analysis Tools

AWS CLI Commands for EC2

Instance Management

# Launch a new instance
aws ec2 run-instances --image-id ami-0abcdef1234567890 --instance-type t3.micro --key-name MyKeyPair --security-group-ids sg-0abcdef1234567890 --subnet-id subnet-0abcdef1234567890 --count 1

# Describe instances (list all running instances)
aws ec2 describe-instances --filters "Name=instance-state-name,Values=running"

# Stop an instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Start an instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0

# Terminate an instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

# Get console output
aws ec2 get-console-output --instance-id i-1234567890abcdef0

Volume Management

# Create a new EBS volume
aws ec2 create-volume --availability-zone us-east-1a --size 50 --volume-type gp3

# Attach volume to instance
aws ec2 attach-volume --volume-id vol-1234567890abcdef0 --instance-id i-1234567890abcdef0 --device /dev/sdf

# Create snapshot of volume
aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description "My snapshot"

# Copy snapshot to another region
aws ec2 copy-snapshot --source-region us-east-1 --source-snapshot-id snap-1234567890abcdef0 --region us-west-2 --description "Copy of snapshot"

Security Group Management

# Create security group
aws ec2 create-security-group --group-name MySecurityGroup --description "My security group" --vpc-id vpc-1234567890abcdef0

# Add inbound rule (allow SSH)
aws ec2 authorize-security-group-ingress --group-id sg-1234567890abcdef0 --protocol tcp --port 22 --cidr 203.0.113.0/24

# Add outbound rule (allow all traffic)
aws ec2 authorize-security-group-egress --group-id sg-1234567890abcdef0 --protocol all --port all --cidr 0.0.0.0/0

# Delete rule
aws ec2 revoke-security-group-ingress --group-id sg-1234567890abcdef0 --protocol tcp --port 22 --cidr 203.0.113.0/24

EC2 Troubleshooting

Common Issues and Solutions

Instance Status Checks

Recovery Procedures

1. Unresponsive Instance:

   # Stop and start (EBS-backed only)
   aws ec2 stop-instances --instance-ids i-1234567890abcdef0
   aws ec2 start-instances --instance-ids i-1234567890abcdef0
   
   # If still failing, create AMI and launch new instance
   aws ec2 create-image --instance-id i-1234567890abcdef0 --name "Recovery-AMI" --no-reboot
   

2. Volume Recovery:

   # Create snapshot of problematic volume
   aws ec2 create-snapshot --volume-id vol-1234567890abcdef0 --description "Recovery snapshot"
   
   # Create new volume from snapshot
   aws ec2 create-volume --availability-zone us-east-1a --snapshot-id snap-1234567890abcdef0
   
   # Attach to recovery instance
   aws ec2 attach-volume --volume-id vol-0abcdef1234567890 --instance-id i-0abcdef1234567890 --device /dev/sdf
   

Advanced EC2 Features

EC2 Nitro System

EC2 Instance Connect

# Install EC2 Instance Connect CLI
pip install ec2instanceconnectcli

# Connect to instance (no need for key management)
mssh ec2-user@i-1234567890abcdef0 --region us-east-1

Hibernation vs. Stop vs. Terminate

EC2 Fleet Types

Resources for Further Learning

Official AWS Documentation

• Amazon EC2 User Guide
• Amazon EC2 API Reference
• AWS CLI EC2 Commands

AWS Training and Certification

• AWS Certified Solutions Architect
• AWS Certified SysOps Administrator
• AWS Technical Essentials
• Architecting on AWS

Community Resources

• AWS re:Invent sessions (YouTube)
• AWS This Week (A Cloud Guru)
• AWS Blog
• Reddit r/aws community
• Stack Overflow aws tag

Quick Reference: EC2 Resource Limits

Note: Limits may change over time. Check AWS Service Quotas for current values.