AWS EC2 and VPC

Amazon EC2

Amazon Elastic Compute Cloud (EC2) provides scalable computing capacity in the AWS cloud.

Instance Types

Categories:

  • General Purpose (t3, m5)
  • Compute Optimized (c5)
  • Memory Optimized (r5)
  • Storage Optimized (i3, d2)
  • GPU Instances (p3, g4)

Launch Instance

# Using AWS CLI
aws ec2 run-instances \
    --image-id ami-0c55b159cbfafe1f0 \
    --instance-type t2.micro \
    --key-name MyKeyPair \
    --security-group-ids sg-903004f8 \
    --subnet-id subnet-6e7f829e

Amazon VPC

Amazon Virtual Private Cloud (VPC) lets you provision a logically isolated section of the AWS Cloud.

VPC Components

Key Elements:

  • Subnets (Public/Private)
  • Route Tables
  • Internet Gateway
  • NAT Gateway
  • Security Groups
  • Network ACLs

Create VPC

# Create VPC with CIDR block
aws ec2 create-vpc --cidr-block 10.0.0.0/16

# Create subnet
aws ec2 create-subnet \
    --vpc-id vpc-1234567890abcdef0 \
    --cidr-block 10.0.1.0/24

Networking

VPC Connectivity

# Create Internet Gateway
aws ec2 create-internet-gateway

# Attach to VPC
aws ec2 attach-internet-gateway \
    --internet-gateway-id igw-1234567890abcdef0 \
    --vpc-id vpc-1234567890abcdef0

# Create NAT Gateway
aws ec2 create-nat-gateway \
    --subnet-id subnet-1234567890abcdef0 \
    --allocation-id eipalloc-1234567890abcdef0

Route Tables

# Create route table
aws ec2 create-route-table --vpc-id vpc-1234567890abcdef0

# Add route to Internet Gateway
aws ec2 create-route \
    --route-table-id rtb-1234567890abcdef0 \
    --destination-cidr-block 0.0.0.0/0 \
    --gateway-id igw-1234567890abcdef0

Security

Security Groups

# Create security group
aws ec2 create-security-group \
    --group-name WebServer \
    --description "Web Server security group"

# Add inbound rule
aws ec2 authorize-security-group-ingress \
    --group-id sg-1234567890abcdef0 \
    --protocol tcp \
    --port 80 \
    --cidr 0.0.0.0/0

Network ACLs

NACL vs Security Groups:

  • Stateless vs Stateful
  • Subnet level vs Instance level
  • Numbered rules vs Allow/Deny
  • Default deny vs Default allow

Management

Instance Management

# Start instance
aws ec2 start-instances --instance-ids i-1234567890abcdef0

# Stop instance
aws ec2 stop-instances --instance-ids i-1234567890abcdef0

# Terminate instance
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

Monitoring

Monitoring Tools:

  • CloudWatch
  • CloudTrail
  • VPC Flow Logs
  • AWS Config

Best Practices

EC2 Best Practices:

  • Use appropriate instance types
  • Implement auto scaling
  • Use EBS optimized instances
  • Regular backups (AMIs/Snapshots)
  • Monitor performance metrics

VPC Best Practices:

  • Plan IP addressing carefully
  • Use private subnets for backend
  • Implement proper security layers
  • Enable VPC Flow Logs
  • Use VPC endpoints

Cost Optimization

EC2 Cost Optimization

Strategies:

  • Right-sizing instances
  • Reserved Instances
  • Spot Instances
  • Scheduled scaling
  • Savings Plans

VPC Cost Optimization

Tips:

  • Use NAT Gateway wisely
  • Optimize data transfer
  • VPC endpoints vs NAT
  • Monitor unused resources