AWS EC2 – Elastic Cloud Compute

Elastic Cloud Compute – EC2

• Elastic Compute Cloud – EC2 provides scalable computing capacity in AWS.
• EC2 offers the broadest and deepest compute platform, with over 1,000 instance types and choice of the latest processor, storage, networking, operating system, and purchase model.
• Elastic Compute Cloud – EC2
  • eliminates the need to invest in hardware upfront, so applications can be developed and deployed faster.
  • can be used to launch as many or as few virtual servers as you need, configure security and networking, and manage storage.
  • enables you to scale up or down to handle changes in requirements or spikes in popularity, reducing the need to forecast traffic.
  • launches instances in minutes, scales capacity in seconds, and you pay only for what you use with no capital expenditure.

EC2 features

• EC2 instances – Virtual computing environments running on the AWS Nitro System, a purpose-built hypervisor that offloads virtualization functions to dedicated hardware.
• Amazon Machine Images (AMIs) – Preconfigured templates for the instances that package the bits needed for a server (including the operating system and additional software). Supported OS includes Amazon Linux 2023, Windows Server 2025, Ubuntu, Red Hat, SUSE, and macOS.
• Instance types – Various configurations of CPU, memory, storage, and networking capacity for the instances, organized into families: General Purpose, Compute Optimized, Memory Optimized, Storage Optimized, Accelerated Computing, and High-Performance Computing (HPC).
• Processor Options – Choice of processors including AWS Graviton (Arm-based), Intel Xeon, and AMD EPYC. AWS Graviton processors are custom-built by AWS for the best price-performance.
• Key Pairs – Secure login information for the instances (AWS stores the public key, and you store the private key in a secure place). Supports ED25519 and RSA key types.
• Instance Store Volumes – Storage volumes for temporary data that are deleted when you stop or terminate your instance (ephemeral storage)
• EBS Volumes – Persistent storage volumes for the data using Elastic Block Store (EBS)
• Regions and Availability Zones – Multiple physical locations for the resources, such as instances and EBS volumes
• Security Groups – A virtual firewall that enables you to specify the protocols, ports, and source IP ranges that can reach the instances
• Elastic IP addresses – Static IPv4 addresses for dynamic cloud computing
• Tags – Metadata can be created and assigned to EC2 resources
• Placement Groups – Logical grouping of instances (Cluster, Spread, or Partition) to influence instance placement for performance or fault tolerance

AWS Nitro System

• The AWS Nitro System is the underlying platform for all modern EC2 instances.
• Nitro System offloads virtualization functions (networking, storage, security) to dedicated hardware and software, delivering practically all of the compute resources of the host hardware to the instances.
• Components include:
  • Nitro Cards – Dedicated cards that handle I/O for VPC networking, EBS storage, and instance storage. Latest is 6th generation Nitro Cards (2026).
  • Nitro Security Chip – Provides hardware root of trust, continuously monitors and protects instance hardware and firmware.
  • Nitro Hypervisor – Lightweight hypervisor that manages memory and CPU allocation. Features the Nitro Isolation Engine (GA 2026) – a formally verified component that provides mathematical proof of VM isolation.
  • Nitro Enclaves – Isolated compute environments within an EC2 instance for processing highly sensitive data (PII, healthcare, financial). No persistent storage, no admin access, no external networking.
  • NitroTPM – Virtual Trusted Platform Module (TPM 2.0) for securely storing passwords, certificates, and encryption keys used to authenticate the instance.
• Security model is locked down and prohibits administrative access, eliminating the possibility of human error and tampering. No AWS operator has access to the system.

AWS Graviton Processors

• AWS Graviton processors are custom Arm-based processors designed by AWS to deliver the best price-performance for cloud workloads.
• Graviton2 – 64 Arm Neoverse N1 cores, supports always-on 256-bit DRAM encryption. Powers 6th gen instances (M6g, C6g, R6g, T4g).
• Graviton3 – 25% better compute performance, 2x floating-point and crypto performance, 50% faster memory access, 60% lower energy consumption vs. Graviton2. Powers 7th gen instances (M7g, C7g, R7g).
• Graviton4 (2024) – Up to 30% better compute performance vs. Graviton3, up to 3x more vCPUs (up to 48xlarge) and memory. Uses DDR5 memory. Powers 8th gen instances (M8g, C8g, R8g).
• Graviton5 (2026) – Up to 25% better compute performance vs. Graviton4, 192 cores, 33% lower inter-core latency. Most powerful and energy-efficient AWS processor. Powers 9th gen instances (M9g). Apps run 35% faster, ML inference 35% faster, databases 30% faster.
• Graviton instances offer up to 40% better price-performance compared to equivalent x86 instances.
• Support Arm features including Scalable Vector Extension (SVE), SVE2, Pointer Authentication, and Branch Target Identification (generation dependent).

EC2 Instance Types (Current Generation)

• General Purpose (M-series, T-series, Mac) – Balance of compute, memory, and networking. Includes M8g, M8gd, M8a, M8in, M9g (Graviton5), T3, T4g. Mac instances (M4, M4 Pro, M4 Max) support Apple Silicon for iOS/macOS development.
• Compute Optimized (C-series) – High-performance processors for batch processing, gaming, ML inference. Includes C8g, C8gd, C8gn (600 Gbps networking), C8ine.
• Memory Optimized (R-series, X-series, U-series) – Fast performance for workloads processing large data sets in memory. Includes R8g, R8gd, R8gn (600 Gbps), R8in, X2idn, U-series High Memory (up to 24 TB).
• Storage Optimized (I-series, D-series, H-series) – High sequential read/write access to large data sets on local storage. Includes I4g, Im4gn, Is4gen, D3, H1.
• Accelerated Computing (P-series, G-series, Trn-series, Inf-series) – Hardware accelerators for ML, graphics, HPC. Includes P5e (NVIDIA H200), G7e (NVIDIA RTX PRO 6000 Blackwell), Trn1/Trn2 (AWS Trainium for ML training), Inf2 (AWS Inferentia2 for ML inference).
• High-Performance Computing (HPC-series) – Purpose-built for tightly coupled HPC workloads. Includes Hpc7g (Graviton), Hpc7a (AMD), Hpc8a (5th Gen AMD EPYC, 192 cores, 300 Gbps EFA).

EC2 Instance Naming Convention

• Instance types follow the convention: [Family][Generation][Attributes].[Size]
• Example: m8g.xlarge = General Purpose (m), 8th generation (8), Graviton (g), extra-large size
• Common attributes:
  • g – AWS Graviton (Arm-based)
  • a – AMD processor
  • i – Intel processor
  • n – Network optimized
  • d – NVMe local storage (instance store)
  • b – EBS optimized
  • e – Extra storage or memory

EC2 Networking

• Elastic Network Adapter (ENA) – High-performance network interface supporting up to 200 Gbps bandwidth on supported instances.
• ENA Express – Uses AWS Scalable Reliable Datagram (SRD) protocol to deliver up to 25 Gbps single-flow bandwidth and lower tail latency. Now supports cross-AZ traffic (2026) and 120+ instance types.
• Elastic Fabric Adapter (EFA) – Network interface for HPC and ML workloads, supports OS-bypass for low-latency inter-node communication. Up to 300 Gbps on Hpc8a instances.
• Enhanced Networking – Uses SR-IOV to provide high-performance networking capabilities. Enabled by default on Nitro-based instances.
• EC2 instances support IPv4 and IPv6 addressing.
• Network bandwidth scales with instance size, up to 200 Gbps for largest instances.

EC2 Security

• Instance Metadata Service v2 (IMDSv2) – Session-oriented metadata access that adds defense-in-depth against unauthorized metadata access. IMDSv2 is now the default for all new instance launches and mandatory for new instance type families (since mid-2024).
• Security Groups – Stateful virtual firewall at the instance level.
• Key Pairs – SSH key-based access (Linux) or password decryption (Windows). Supports ED25519 and RSA.
• IAM Roles – Attach IAM roles to EC2 instances for secure access to AWS services without storing credentials.
• Nitro Enclaves – Isolated environments for confidential computing.
• NitroTPM – Hardware-based root of trust for measured boot and platform integrity.
• Nitro Isolation Engine (2026) – Formally verified hypervisor component providing mathematical guarantees of VM isolation.

Accessing EC2

• Amazon EC2 console
  • Amazon EC2 console is the web-based user interface that can be accessed from the AWS management console
• AWS Command Line Interface (CLI)
  • Provides commands for a broad set of AWS products, supported on Windows, Mac, and Linux.
• AWS Tools for Windows PowerShell
  • Provides commands for a broad set of AWS products for those who script in the PowerShell environment
• AWS SDKs
  • AWS provides SDKs in various languages (Python/Boto3, Java, Go, .NET, JavaScript, etc.) which provide API abstractions and handle authentication, retries, and error handling
• AWS CloudFormation / Infrastructure as Code
  • EC2 instances can be provisioned and managed using CloudFormation, CDK, or Terraform
• EC2 Instance Connect
  • Browser-based SSH connection to EC2 instances without needing to manage SSH keys
• AWS Systems Manager Session Manager
  • Secure shell access without opening inbound ports, managing SSH keys, or using bastion hosts

EC2 Key Changes and Deprecations

• EC2-Classic Retired (August 2023) – All instances now run in VPC only. EC2-Classic networking is no longer available.
• Amazon Linux 1 EOL (December 31, 2023) – No security updates or bug fixes since January 1, 2024. Migrate to Amazon Linux 2023.
• Amazon Linux 2 Extended Support Ending – AWS recommends migration to Amazon Linux 2023. ECS AL2 AMIs end support June 30, 2026.
• IMDSv2 Default (2024) – New instance types only support IMDSv2. Account-level default can enforce IMDSv2 for all launches.
• Windows Server 2025 Support (November 2024) – Available with License Included AMIs, supports Nitro instance types only.
• Previous Generation Instances – Older instance families (M1, M3, C1, C3, etc.) are classified as “previous generation” and still supported but not recommended for new deployments.

Additional Reading

• AWS EC2 Amazon Machine Image
• AWS EC2 Instance Types
• AWS EC2 Instance Purchase Options
  • AWS EC2 Spot Instances
• AWS EC2 Instance Lifecycle
• AWS EC2 Storage
• AWS EC2 VM Import/Export
• AWS EC2 Network
  • AWS EC2 – Enhanced Networking
• AWS EC2 Security
• AWS EC2 Best Practices
• AWS EC2 Monitoring
• AWS EC2 Troubleshooting

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. What are the Amazon EC2 API tools?
   1. They don’t exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
   2. Command-line tools to the Amazon EC2 web service
   3. They are a set of graphical tools to manage EC2 instances.
   4. They don’t exist. The Amazon API tools are a client interface to Amazon Web Services.
2. When a user is launching an instance with EC2, which of the below mentioned options is not available during the instance launch console for a key pair?
   1. Proceed without the key pair
   2. Upload a new key pair
   3. Select an existing key pair
   4. Create a new key pair
3. Which of the following is the underlying platform for all modern EC2 instances that offloads virtualization functions to dedicated hardware?
   1. Xen Hypervisor
   2. KVM Hypervisor
   3. AWS Nitro System
   4. VMware ESXi
4. Which AWS processor family is custom-designed by AWS using Arm architecture to deliver the best price-performance for cloud workloads?
   1. Intel Xeon
   2. AMD EPYC
   3. AWS Graviton
   4. Apple Silicon
5. Which version of the EC2 Instance Metadata Service is now required by default for all new instance type launches since mid-2024?
   1. IMDSv1
   2. IMDSv2
   3. IMDSv3
   4. IMDS is optional and not required
6. A company needs isolated compute environments within their EC2 instances to securely process PII data. Which AWS feature should they use?
   1. Security Groups
   2. VPC Private Subnets
   3. AWS Nitro Enclaves
   4. AWS KMS
7. Which EC2 networking feature uses the AWS Scalable Reliable Datagram (SRD) protocol to deliver up to 25 Gbps single-flow bandwidth?
   1. Enhanced Networking
   2. Elastic Fabric Adapter
   3. ENA Express
   4. AWS Direct Connect
8. Which of the following is NOT a valid EC2 instance type family category?
   1. High-Performance Computing (HPC)
   2. Storage Optimized
   3. Network Optimized
   4. Accelerated Computing
9. A developer needs to build and test iOS applications on AWS. Which EC2 instance type family should they choose?
   1. G-series (GPU instances)
   2. C-series (Compute Optimized)
   3. Mac instances (Apple Silicon)
   4. T-series (Burstable Performance)
10. Which AWS Graviton processor generation was released in 2026 featuring 192 cores and up to 25% better compute performance than the previous generation?
    1. Graviton3
    2. Graviton4
    3. Graviton5
    4. Graviton6

References

• AWS EC2 User Guide
• Amazon EC2 Instance Types
• AWS Nitro System
• AWS Graviton Processors
• Amazon EC2 Mac Instances