AWS: EC2

☁️ Architecture

Mar 20, 2025

18 min read

How to Launch an Amazon EC2 Linux Instance

Head over to EC2 and create an instance with the following steps:
- Click Launch Instance
- Specific “Ubuntu” and chose t2.micro
- Create a new key pair and download the file
- Set up security group in network settings, and select “Allow SSH traffic from”
- Configure storage should have the values 8 and gp2 pre populated
- Ensure the only things in advanced settings selected are the ones under hostname type, keep everything the same
- Go to instances and select the security table
- Switch the inbound rules, under source select “My IP”
Connect to the instance through SSH
- chmod 400 path/to/your/key.pem
- ssh -i "path/to/your/key.pem" ubuntu@your-instance-public-dns

Setting Up a Web Server on an EC2 Instance

Navigate to EC2 through the AWS Management Console
On the left hand side under Instances, click on Instances
Name: <name-of-instance>
Application and OS Images: Amazon Linux AMI (default)
Instance type: t2.micro
Key pair: create a new key pair
- Name: <key-pair-name>
- Type: RSA
- Network settings (click edit)
- Inbound rule one
  - Source type: SSH via My IP
- Inbound rule two
  - Source type: HTTP via Anywhere (0.0.0.0/0)
Click on Launch instance
SSH into your instance: ssh -i /path/to/YOUR-KEY.pem ec2-user@YOUR-EC2-PUBLIC-IP
Update the system: sudo yum update -y
Install Nginx: sudo yum install nginx -y
Start the Nginx service: sudo service nginx start
Enter your EC2 instance public IP address into your browser
Run the following command in the terminal cd /usr/share/nginx/html
Create a custom HTML page: echo '<h1>Welcome to my web page!</h1>' | sudo tee mypage.html > /dev/null
Override the default Nginx config: sudo vi /etc/nginx/conf.d/server.conf
Press i to enter Insert mode in Vi and paste in the following config

server {
    listen 80 default_server;
    server_name _;
    root /usr/share/nginx/html;

    location / {
        index mypage.html;
    }
}

Press escape and enter :wq! (to exit and save)
Reload Nginx for changes to take effect: sudo nginx -t && sudo service nginx reload
Reload your browser

Creating a Key Pair

Navigate to EC2 via the AWS Management Console
On the left hand side, under Network & Security, click Key Pairs
Click on Create key pair
Key type
- RSA: A widely used encryption algorithm (suitable for most scenarios)
- ED22519: Newer and faster encryption algorithm (for enhanced security and performance)
Key format
- .pem (privacy enhanced mail): used for SSH clients on Linux and Unix systems
- .ppk (PuTTY private key): popular for SSH clients on windows
Click Create key pair

Using EC2 Instance Connect to Connect to your Instance

Launch an EC2 Instance

Navigate to EC2 from the AWS Management Console
Launch an instance with the following configurations:
- Name: <instance-name>
- AMI: Amazon Linux
- Instance type: t2.micro
- Key pair: proceed without a key pair
- Network settings
  - Allow SSH traffic from: anywhere
  - Auto-assign public IP: enable
    - Under Network Settings click edit -> Under Auto-assign public IP dropdown menu, select enable

Connect to the EC2 Instance via Instance Connect

Navigate back to EC2
Select the EC2 instance you would like to connect to
Ensure that you have a Public IP address assigned and click Connect (the button is in the top right hand side)
You will then be redirected to a new tab, click on Connect

Launching an EC2 Instance with User Data

You can automate installation and configuration steps after launch by providing a script, this usually sits within the User Data section the meta data service, which is then executed by the operating system of the EC2 Instance.
Navigate to EC2 via the AWS Management Console and use the following configurations to set up an instance
- Name: <the-name>
- AMI: Amazon Linux
- Instance type: t2.micro
- Key pair
  - Name: <your-key-pair-name>
  - Type: RSA
  - Private key file format: .pem
- Network setting
  - Security group name: <security-name>
  - Description: Allow SSH and HTTP access
  - Inbound security group rules
    - Rule One
      - Type: SSH
      - Source Type: My IP
    - Rule Two
      - Type: HTTP
      - Source Type: Anywhere (0.0.0.0/0)
Click on the dropdown of Advanced details
- In User data - optional, paste the following script

#!/bin/bash

# Step 1: Update the system
sudo yum update -y

# Step 2: Install Nginx
sudo yum install nginx -y

# Step 3: Start Nginx Service
sudo service nginx start

# Create a custom HTML page directly in the HTML directory
echo '<h1>Welcome to my web page!</h1>' | sudo tee /usr/share/nginx/html/mypage.html > /dev/null

# Add the configuration directly
echo 'server {
    listen 80 default_server;
    server_name _;
    root /usr/share/nginx/html;

    location / {
        index mypage.html;
    }
}' | sudo tee /etc/nginx/conf.d/server.conf > /dev/null

# Reload Nginx for the changes to take effect
sudo nginx -t && sudo service nginx reload

Click on Launch instance
Wait for the instance state to go from pending to running, and the status check from initialising to 2/2 checks passed
Take not and copy the Public IPv4 address
Navigate to the welcome page via the IP address previously copied

Launching Spot Instances

Navigate to EC2 and on the left hand side under instances, select spot requests
Create a spot fleet request with Amazon Linux 2 AMI and your key pair
Under “additional request details” tab, choose the PlayCloud-Sandbox as the IAM role
In instance type requirements tab, choose manually select instance types and select “add instance”
Click launch

Spot Instance Pricing History

Navigate to Spot requests again
At the top of the page on the right hand side, click the button called, “Pricing History”
You should be able to see the Spot price history for each instance type in each region

Spot Placement Score

Next to the “Pricing History” button, there is a button called, “Spot placement score” - click on this button
Spot placement score can recommended an AWS Region or Availability Zone based on your Spot capacity requirements and indicates how likely that Spot request will succeed in a region or AZ

Vertically Scaling an Amazon EC2 Instance

Scaling an EC2 instance vertically means modifying it’s size to meet a workload demand.
Create an EC2 instance with the following configurations:
- Name: <name>
- Instance type: t2.nano
- AMI: Linux
- Key pair: the key pair you created when setting up the instance
In order to scale, you will need to stop the instance
Now navigate to the “Instances” tab on the left
Click on the “Actions” button, it will bring up a dropdown menu
- Click on instance settings and select change instance type
Change t2.nano to t2.micro
- If the instance type supports EBS optimisation, you can enable/disable it via the checkbox
Click apply
Restart the instance

Exploring Instance Metadata

Instance metadata allows you to access information about EC2 instances
It’s divided into categories: host name, events and security groups
You can use instance metadata to access user data that you specified when launching your instance
The data is not protected by authentication or cryptographic methods (thus shouldn’t store sensitive data here)

Create a Launch Template

Name: <name>
Instance type: t2.micro
AMI: Ubuntu
Key pair: create a new key pair with type RSA and the private key format of .pem
In network settings: allow ssh traffic from (my IP)
Click “launch instance”

Connect to the Instance

Find the public DNS name or IP address of the instance to connect to it
SSH into your key: ssh -i "path_toyour_key.pem" ec2-user@your-instance-public-dns

Access Instance Metadata

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \
&& curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/

You can explore hostname, public-keys, ami-id etc. by adding these to the end of the URL, as follows:

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/public-hostname

Managing Instance Volumes Using EBS

Create New EC2 Instances

Name: <name one> and <name two>
Instance type: t2.micro
AMI: Linux
New Key Pair
- Name: <key_name>
- Type: RSA
- Private key file format: .pem

Create an EBS Volume

Navigate to volumes and make note of the AZ
Click “Create volume”
- Volume Type: General purpose SSD (GP2)
- Size: 10GiB
- AZ: us-east-1a (or nearest AZ to current location)

Changes to EBS Volume and Reattaching it to an EC2 Instance

Right click on the EBS volume and select, “Attach volume”
Select the instance ID of the first instance and then click on the Attach volume button

Format and Mount an Attached Volume

Connect to the first instance using EC2 Instance Connect
Check available disk devices: lsblk
Format the data volume with ext4 file system: sudo mfks -t ext4 /dev/xvdf
Create a mount point in the data volume
- sudo mkdir /<name-of-folder>
- sudo mount /dev/xvdf /<name-of-folder>
- lsblk -f
Go to <name-of-folder> directory and create a file inside of it
- sudo su
- echo "Welcome!" > message.txt
- ls
Go back to the volumes listing page, right click on the data volume and select Detach volume action, click Detach in the confirmation dialogue box
Attach the data volume to the second instance instead
Connect to the second instance via Instance connect
Create a directory and mount it again to the second instance
- Add a directory: sudo mkdir /<name-of-folder>
- Mount the EBS volume: sudo mount /dev/xvdf /<name-of-folder>
- Verify if the file exists: cd /<name-of-folder> && ls

Creating a Capacity Reservation

AWS Capacity Reservation enables you to reserve capacity for your Amazon EC2 instances in a specific AZ zone for a duration. This is particularly useful for applications that require specific host or instance placement.
Navigate to to EC2
On the left hand side, under instances select Capacity Reservations
In Capacity Reservation types, select the Create On-Demand Capacity Reservation and click get started
The following details are needed:
- Instance type: the type of instance to launch into the reserved capacity
- Platform: the operating system for your instances
- AZ: specify the availability zone where you want to reserve the capacity
- Tenancy: specify whether to fun on shared hardware or dedicated instance
- Placement group ARN (optional): the ARN of the cluster placement group in which to create the Capacity Reservation
- Quantity: the request will be denied if the specified number of instances exceed the remaining on-demand instance limit for the chosen instance type

Purchasing Reserved Instance

Reserved Instances come with a fixed period of either 1 or 3 years
Navigate to EC2 and select Reserved Instances from the left hand side understand Instances
Click on Purchased Reserved Instances
Configuration:
- Platform: Linux
- Tenancy: default
- Offering class: standard
- Instance type: t3.micro
- Term: 1 - 12 months
- Payment option: all upfront
Click Order All

Assigning an Elastic IP on Amazon EC2

Create an EC2 Instance

Name: <instance-name>
AMI: Amazon Linux
Instance type: t2.micro
Key pair
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Network settings (click create security group)
- Auto-assign public IP: select enable
- Firewall (security groups): tick on the create security group
  - Ensure that Allow SSH traffic from is checked and is My IP

Checking the IP address of the Instance

Click on the newly created instance and navigate to the details tab at the bottom
Take note of the public IPv4 address

Allocate an Elastic IP Address

Navigate to Elastic IPs (on the left hand side under network & security)
Click Allocate Elastic IP address
Choose Amazon’s Pool of IPv4 addresses and leave the rest as default and click Allocate

Associate the Elastic IP Address with your EC2 Instance

In the Elastic IPs section, select the elastic IP address you just allocated
Click on Actions and select Associate Elastic IP Address
In the Associate Elastic IP address
- For instance, select your EC2 instance from the dropdown list
- For Private IP address select the private IP address of the instance (usually pre-filled)
- Click on associate

Creating Placement Groups (3 Types)

Placement groups allow you to have control over the placements of instances within a cluster - eg. meeting specific needs such as high throughput or low latency
You can create a placement group using one of the following placement strategies
- Cluster: packs instances closely together with an AZ to achieve low-latency network performance for high performance computing (HPC) applications that require tightly coupled node-to-node communication
- Partition: instances are distributed across logical partitions ot ensure that groups of instances in one partition do not share hardware with groups of instances in different partitions (this approach is commonly used iby large distributed and replicated workloads like Hadoop, Cassandra and Kafka)
- Spread: strictly places a small group of instances across distinct underlying hardware to reduce correlated failures

Creating a Placement Group

Navigate to EC2 and under Network & Security chose Placement Groups
Create a cluster placement groups
- Enter and provide the name of the cluster placement groups
- Select Cluster as the Placement Strategy
- Click the Create Group to proceed with the creation
Create a spread placement group
- Enter and provide the name of the spread placement groups
- In selecting Spread as the placement strategy, you need to chose the spread level (we will use rack)
  - Rack: no restrictions
  - Host: only for outposts
- Click the create group to proceed with the creation
Create a partition placement group
- Same as the steps above, input the name of the group
- Chose Partition as the placement strategy, then select the number of partitions within the group
- Click Create Group

Managing Network Interfaces in EC2

A Network Interface represents a virtual network card
Each network interface has attributes such as, primary private IPv4 address, one or more private IPv4 addresses, an IPv6 address, an elastic IP address, a MAC address, and one or more security groups
Ever EC2 instance has a primary network interface attached by default when launched however you can create additional network interfaces for customisation of instances - use cases may involve traffic segmentation, high availability etc.

Create a Network Interface

Navigate to EC2 and on the left hand side under Network & Security click on Network Interfaces
Configure the following:
- Description: Something to describe your network interface
- Subnet: Chose a subnet from the dropdown list (make sure the subnet is in the same VPC as the instance you plan to attach this network interface to, eg us-east-1a)
- Private IPv4 address: leave it in auto-assign
- Security groups: select an existing security group or create a new one
Click on Create network interface

Launch an EC2 Instance

Launch an EC2 instance with the following configuration
- Name: <name-of-instance>
- AMI: Amazon Linux
- Instance type: t2.micro
- Key pair
  - Name: <key-pair-name>
  - Type: RSA
  - Format: .pem
- Network settings (click edit)
  - Subnet: Ensure you chose the same subnet as the subnet of your network interface created earlier
Leave the rest as default and click Launch Instance

Attach the Secondary Network Interface to an EC2 Instance

Select the instance created earlier
Click on Actions > Networking > Attach network interface
Select the network interface you create from the dropdown list and click Attach
Verify the secondary network interface is now listed in Network Interfaces section of the instance details

Detach the Secondary Network Interface

Go back to the Network Interfaces section within EC2
Select the secondary network interface you previously created
Click Actions > Detach

Things to note

Each EC2 instance has a primary network interface by default, which cannot be detached

Setting Amazon Time Sync Service for Amazon EC2 Linux Instance

Launch an EC2 Instance

Name: <instance-name>
AMI: Amazon Linux
Instance type: t2.micro
Key pair (create a new one)
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Network settings
- Auto-assign public IP: enable
- Firewall (security groups): tick box on Create security group
- Ensure that Allow SSH traffic from is checked set to My IP

Verify Current Time and Time Zone

SSH into your new instance (right click, connect to instance)
Check the current system and time zone

date
timedatectl

Install and Configure Chrony

Install Chrony on your instance: sudo yum install chrony -y
Enable and start the Chrony service

sudo systemctl enable chronyd
sudo systemctl start chronyd

Verify the Chrony service status: sudo systemctl status chronyd
(Optional, if you need to change the default NTP servers/settings) configure Chrony by editing config file: sudo vi /etc/chrony.conf
Verify Time Synchronisation by checking the Chrony tracking and sources

chronyc tracking
chronyc sources -v

Set the Correct Time Zone

List available time zones: timedatectl list-timezones
Set your desired time zone: sudo timedatectl set-timezone [your-timezone-pasted-here]
Verify changes: timedatectl

Setting Amazon Time Sync Service for Amazon EC1 Windows Instance

Launch an EC2 Instance

Name: <instance-name>
AMI: Microsoft Windows 2022 Base
Instance type: t2.micro
Key pair (create a new one)
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Network settings
- Auto-assign public IP: enable
- Firewall (security groups): click Create security group
- Ensure that Allow SSH traffic from is checked long with My IP

Verify Current Time and Time Zone

Connect to your instance using Remote Desktop Protocol (RDP), copy the public DNS and Username
You can decrypt your password by clicking Get password
Upload the .pem file of your key pair and click Decrypt password
Copy and paste the password
Check the current system time and time zone: w32tm /query /status
Check the time zone settings: tzutil /g

Configure Windows time Service

Configure the Windows time service to use a specific NTP server: w32tm /config /manualpeerlist:"0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org" /syncfromflags:manual /reliable:YES /update
Start and stop the Windows Time service: net stop w32time and net start w32time
Force synchronisation with the NTP servers: w32tm /resync
Check the status of the Windows Time service to ensure synchronisation: w32 /query /status

Set the Correct Time Zone

List the available time zones: tzutil /l
Set your desired time zone: tzutil /s "<your-time-zone>"
Verify the changes: w32tm /query /status and tzutil /g

Creating an Amazon Machine Image (AMI) from an EBS-backed EC2 Instance

An AMI is a blueprint of an EC2 instance; it contains all the information needed to launch an instance with configurations, such as operating system, custom settings and installed applications
You can create an AMI for an instance and this will help you launch multiple new instances with the same instance
During the creation of an AMI, Amazon EC2 takes snapshots of the instances root volume and any other EBS volumes that are attached to the instance

Creating the EC2 Instances

Name: <instance-name>
Type: t2.nano
AMI: Linux
Key pair (create a new one)
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Security group name: <group-name>
Description: “Allow SSH and HTTP access”
Inbound security group rules
- Rule one
  - Type: SSH
  - Source type: My IP
- Rule Two
  - Type: HTTP
  - Source Type: Anywhere (0.0.0.0/0)

Setting Up a Web Server on an EC2 Instance

Connect to your instance via SSH: ssh -i /path/to/YOUR-KEY.pem ec2-user@YOUR-EC2-PUBLIC-IP
Run the following, once connected

# Step 1: Update the system
sudo yum update -y

# Step 2: Install Nginx
sudo yum install nginx -y

# Step 3: Start Nginx Service
sudo service nginx start

# Create a custom HTML page directly in the HTML directory
echo '<h1>Welcome to my web page!</h1>' | sudo tee /usr/share/nginx/html/mypage.html > /dev/null

# Add the configuration directly
echo 'server {
    listen 80 default_server;
    server_name _;
    root /usr/share/nginx/html;

    location / {
        index mypage.html;
    }
}' | sudo tee /etc/nginx/conf.d/server.conf > /dev/null

# Reload Nginx for the changes to take effect
sudo nginx -t && sudo service nginx reload

#Automatically start NGINX at boot time
sudo systemctl enable nginx

Restart the nginx, check your web browser

Creating an Amazon Machine Image (AMI) from an EBS-Backed EC2 Instance

Navigate to EC2 from the AWS Management Console and select Instances from under Instances on the left hand side
Click on Actions (top right) and select Image and templates form the dropdown and select Create image from that dropdown menu
Add a name and leave everything else as default, click Create image
On the left hand side, click on AMIs and select the AMI to check the status
Check the AMI status is available

Create an EC2 instance from the custom AMI

Navigate back to EC2 and select AMIs on the left hand side
Click on Launch instances from AMI
Name and tags: <name-tag>
Instance type: t2.micro
Select the existing key pair
Click on Launch instance

Deregistering your AMI

Navigate to AMIs through EC2
Click on Actions in the top right and click on Deregister AMI

Amazon EC2 Management Using EventBridge for Scheduled Start/Stop

Automating the start and stop of EC2 instances based on a schedule
Amazon EventBridge is a serverless event bus service that enables the creation of event driver architectures
- This is done by routing events from various AWS services, eg Lambda

Create an Amazon EC2 Instance

Name: <instance-name>
AMI: Amazon Linux
Instance type: t2.micro
Key pair (create a new one)
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Network settings (click Create security group)
- Auto-assign public IP: enable
- Firewall (security groups): tick box
  - Ensure that Allow SSH traffic from is checked and is My IP

Create a Lambda Function

Chose Author from scratch
Function name EC2StartStopFunction
Runtime: Latest Python version
Permissions: change default execution role to execution role
- Select Use an existing role and chose the role PlayCloud-Sandbox
Click Create function
Add the following code and replace the placeholder <EC2-INSTANCE-ID> with your instance ID

import boto3

ec2 = boto3.client('ec2')

def lambda_handler(event, context):
    instance_id = '<EC2-INTANCE-ID>'  # Replace with your instance ID
    action = event['action']  # 'start' or 'stop'

    if action == 'start':
        ec2.start_instances(InstanceIds=[instance_id])
        return 'Instance started'
    elif action == 'stop':
        ec2.stop_instances(InstanceIds=[instance_id])
        return 'Instance stopped'
    else:
        return 'Invalid action'

Click Deploy

Create Amazon EventBridge Rules to Trigger Lambda

Navigate to EventBridge
Click on Rules on the left hand side and click Create rule
Settings to create a Start Rule
- Name: StartInstanceRule
- Rule type: Schedule
Click Continue to create rule
Set the cron expression to stop the instance to a preferred time
Under Targets, click Add target
- Target: Choose Lambda function
- Function: Select the Lambda function created in EC2StartStopFunction
- Additional settings: Select Constant (JSON text) and enter {"action": "start"}
Click Next and then Review and create section, click on Create rule
Repeat the steps above to create a stop rule
- {"action": "stop"}

Test the Set Up

Navigate to the Lambda Dashboard and verify EventBridge is a trigger
Trigger the Lambda but adding a test event
- Event Name: stopTrigger-Test
- Event JSON: {"action": "stop"}
Save it and click on Test
Check to see if your instance has been automatically stopped
Repeat these steps to start a trigger test

Scaling EC2 Instances using Auto Scale Group (ASG)

Auto Scaling ensures that your application maintains availability and let’s you scale Amazon EC2 capacity up/down automatically (horizontal scaling)
Vertical scaling: increasing of specs of a single instance

Creating a Launch Template

Navigate to EC2, under Instances, select Launch Templates and then Create launch template
Name: <asg-template-name>
Check the box for Auto Scaling guidance
Under Application and OS images, click on the default Amazon Linux AMI
Type: t2.micro
Create a new key pair
- Name: <key-pair-name>
- Type: RSA
- Format: .pem
Network settings
- Name: <security-group-name>
- Description: <description-of-security-group>
- VPC: select default
- Inbound rule one
  - SSH via My IP
Scroll down to Advanced details
- Select Enable under Detailed CloudWatch monitoring
Click on create instance

Creating an Auto Scaling Group

In EC2, on the left hand side under Auto Scaling, navigate to Auto Scaling Groups and click Create Auto Scaling group
Name: <asg-template-name>
In the network section, select the default VPC and default subnets from Availability Zones and subnets section
Click Next
Set the following config for group size:
- Desired capacity: 2
- Minimum capacity: 1
- Maximum capacity: 3
Set automatic scaling to No scaling policies
Click Skip to review button
Click Create Auto Scaling Group

Configuring the Auto Scaling Group with a Simple Scaling Policy

Click on the Automatic scaling table and then select Create dynamic scaling policy
Create a scale-out policy
- Type: Simple scaling
- Name: Scale out
- Take the action: add 1 capacity units
- And then wait: 0 seconds
Create a cloud watch alarm (opens up a new tab on the CloudWatch console)
- On Specify metric and conditions click Select metric
- Select EC2
- Select By Auto Scaling Group
- Select an auto scaling group
- In Metric change the period to be 1 minute
- In conditions: static, greater/equal, and than 30
Remove Notifications from Configure actions and then click Next
Select the alarm you created and click Next and then Create alarm
Go back to the ASG tab, click on the reload icon and select the alarm from the dropdown, click Create
Create another scale in policy but the action should to be Remove 1 capacity units and Scale in
- The threshold type should be Static and Lower/Equal

Testing the Scale in Policy

Go back to ASG and click on Instance Management tab
In the Activity tab you should be able to see most recent updates (click refresh)
SSH into your EC2 Instance and run the following commands

#This updates the package list in your system
sudo yum update -y

#This installs stress
sudo yum install stress -y

#Spawns 50 workers for 5 minutes
stress --cpu 50 --timeout 5m

Monitor the Activity for scaling notifications or check the Instance Management tab