EC2 Reference
Instance Type Families
| Family | Purpose | Examples |
|---|---|---|
| t3/t4g | Burstable general purpose | t3.micro, t4g.small |
| m6i/m7g | Balanced general purpose | m6i.large, m7g.xlarge |
| c6i/c7g | Compute optimized | c6i.2xlarge, c7g.4xlarge |
| r6i/r7g | Memory optimized | r6i.large, r7g.2xlarge |
| p3/p4/g4 | GPU instances (ML/graphics) | p3.2xlarge, g4dn.xlarge |
| i3/i4i | Storage optimized (NVMe SSD) | i3.large, i4i.xlarge |
| inf1/inf2 | ML inference | inf1.xlarge, inf2.xlarge |
Security Groups
# Create security group
aws ec2 create-security-group \
--group-name web-sg \
--description "Web server security group" \
--vpc-id vpc-12345678
# Add inbound rules
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp --port 80 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp --port 443 --cidr 0.0.0.0/0
# Allow SSH from specific IP
aws ec2 authorize-security-group-ingress \
--group-id sg-12345678 \
--protocol tcp --port 22 --cidr 203.0.113.5/32
# Allow traffic from another security group
aws ec2 authorize-security-group-ingress \
--group-id sg-backend \
--protocol tcp --port 5432 \
--source-group sg-12345678
Key Pairs & User Data
# Create key pair
aws ec2 create-key-pair \
--key-name my-key \
--query 'KeyMaterial' \
--output text > my-key.pem
chmod 400 my-key.pem
# Import existing public key
aws ec2 import-key-pair \
--key-name my-imported-key \
--public-key-material fileb://~/.ssh/id_rsa.pub
# Launch with user data (base64 encoded cloud-init script)
aws ec2 run-instances \
--image-id ami-0abcdef1234567890 \
--instance-type t3.micro \
--key-name my-key \
--user-data file://init.sh
# init.sh example
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from EC2</h1>" > /var/www/html/index.html
EBS Volumes
# Create and attach EBS volume
aws ec2 create-volume \
--volume-type gp3 \
--size 100 \
--availability-zone us-east-1a \
--encrypted
aws ec2 attach-volume \
--volume-id vol-1234567890abcdef0 \
--instance-id i-1234567890abcdef0 \
--device /dev/xvdf
# Create snapshot
aws ec2 create-snapshot \
--volume-id vol-1234567890abcdef0 \
--description "Daily backup"
# Resize volume (no downtime with gp3)
aws ec2 modify-volume \
--volume-id vol-1234567890abcdef0 \
--size 200
AMIs
# Create AMI from running instance
aws ec2 create-image \
--instance-id i-1234567890abcdef0 \
--name "MyApp-v1.0-$(date +%Y%m%d)" \
--no-reboot
# Find latest Amazon Linux 2023 AMI
aws ec2 describe-images \
--owners amazon \
--filters "Name=name,Values=al2023-ami-*" \
"Name=architecture,Values=x86_64" \
--query 'sort_by(Images, &CreationDate)[-1].ImageId' \
--output text
# Copy AMI to another region
aws ec2 copy-image \
--source-region us-east-1 \
--source-image-id ami-12345678 \
--name "MyApp-copy" \
--region eu-west-1
Spot Instances
# Request spot instance
aws ec2 request-spot-instances \
--instance-count 1 \
--type one-time \
--launch-specification file://spot-spec.json
# spot-spec.json
{
"ImageId": "ami-0abcdef1234567890",
"InstanceType": "c5.xlarge",
"KeyName": "my-key",
"SecurityGroupIds": ["sg-12345678"],
"SubnetId": "subnet-12345678"
}
# Spot Fleet (mixed instance types for resilience)
aws ec2 request-spot-fleet \
--spot-fleet-request-config file://fleet.json
# Use EC2 Auto Scaling with mixed instances policy for production
# OnDemandBaseCapacity: 1, SpotInstancePools: 4