EC2 Fundamentals: Complete Guide to AMI, Instances, and EBS
Master AWS EC2 core concepts - AMI, instances, and EBS storage. Essential knowledge for SAA-C03 exam success with practical examples.
Related Exam Domains
- Domain 2: Design Resilient Architectures
- Domain 3: Design High-Performing Architectures
Key Takeaway
EC2 is AWS's virtual server service that lets you rent compute capacity in the cloud. Use AMIs as server templates, EBS for persistent storage, and instances for actual computing workloads.
Exam Tip
Exam Essential: When you stop an EC2 instance, EBS data persists but instance store data is lost. AMIs consist of EBS snapshots + metadata and are region-specific.
| Component | Purpose | Key Characteristic |
|---|---|---|
| AMI | Server template | OS + software + config, region-bound |
| Instance | Running virtual server | CPU, memory, networking |
| EBS | Persistent storage | Independent of instance, AZ-bound |
| Instance Store | Ephemeral storage | Physical disk, deleted on stop |
What is EC2?
Amazon EC2 (Elastic Compute Cloud) is a service that lets you create and manage virtual servers (instances) in the cloud.
Core Benefits of EC2
EC2 Advantages:
├── Elasticity: Create/delete instantly as needed
├── Scalability: Scale to hundreds of instances in minutes
├── Flexibility: Choose from various OS and instance types
├── Cost: Pay only for what you use (per-second billing)
└── Integration: Works with VPC, EBS, IAM, and other AWS services
EC2 Component Architecture
EC2 Instance Structure:
┌─────────────────────────────────────────────┐
│ EC2 Instance │
│ ┌─────────┐ ┌─────────┐ ┌─────────────┐ │
│ │ CPU │ │ Memory │ │ Network(ENI)│ │
│ └─────────┘ └─────────┘ └─────────────┘ │
│ │
│ ┌─────────────────┐ ┌─────────────────┐ │
│ │ Instance Store │ │ EBS Volume │ │
│ │ (Ephemeral) │ │ (Persistent) │ │
│ └─────────────────┘ └─────────────────┘ │
└─────────────────────────────────────────────┘
↑
Launched from AMI
AMI (Amazon Machine Image)
What is an AMI?
An AMI is a template for creating EC2 instances. It includes the OS, applications, and configurations.
AMI Components
AMI Structure:
├── Root Volume Template
│ ├── Operating System (Amazon Linux, Ubuntu, Windows, etc.)
│ └── Applications and configurations
├── Launch Permissions
│ └── Which AWS accounts can use this AMI
└── Block Device Mapping
└── Volume information to attach to instance
AMI Types
| Type | Root Device | Characteristics |
|---|---|---|
| EBS-backed | EBS volume | Can stop, data persists, slower boot |
| Instance Store-backed | Instance store | Cannot stop, reboot only, faster boot |
Exam Tip
Exam Point: Most modern AMIs are EBS-backed. Instance Store-backed AMIs are only used for special cases requiring high-performance temporary storage.
AMI Sources
AMI Source Types:
├── AWS-provided AMIs
│ ├── Amazon Linux 2023
│ ├── Ubuntu, Debian, RHEL
│ └── Windows Server
├── AWS Marketplace AMIs
│ └── Third-party software included (paid/free)
├── Community AMIs
│ └── Shared by other users
└── Custom AMIs
└── Created from your own instances
Creating and Sharing AMIs
Custom AMI Creation Flow:
1. Configure EC2 instance (install software, settings)
2. Stop instance (recommended for data consistency)
3. Actions > Create Image
4. AMI created (EBS snapshot auto-generated)
AMI Sharing:
├── Share with specific accounts: Modify AMI permissions
├── Public sharing: Share with all AWS accounts
└── Copy to other regions: Use AMI Copy feature
Exam Tip
Exam Essential: AMIs are region-specific. To use an AMI in another region, you must copy it to that region.
EC2 Instances
Instance Lifecycle
Instance States:
pending → running ⟷ stopping → stopped
↓
shutting-down → terminated
State Details:
├── pending: Starting (no charge)
├── running: Running (charged)
├── stopping: Stopping (EBS-backed only)
├── stopped: Stopped (no instance charge, EBS charged)
├── shutting-down: Terminating
└── terminated: Terminated (no charges)
Stop vs Terminate vs Reboot
| Action | EBS Data | Instance Store | Public IP | Private IP |
|---|---|---|---|---|
| Reboot | Retained | Retained | Retained | Retained |
| Stop | Retained | Lost | Released | Retained |
| Terminate | Configurable | Lost | Released | Released |
Exam Tip
Exam Trap: When you stop an instance, the Public IP is released. Use Elastic IP if you need a fixed IP address.
Instance Type Naming Convention
Instance Type Example: m5.xlarge
m 5 . xlarge
│ │ │
│ │ └── Size (nano, micro, small, medium, large, xlarge, 2xlarge...)
│ └── Generation (higher = newer)
└── Family (purpose)
Families:
├── General Purpose: t, m, a
├── Compute Optimized: c
├── Memory Optimized: r, x, z
├── Storage Optimized: d, i, h
├── Accelerated Computing: p, g, inf, trn
└── HPC: hpc
EBS (Elastic Block Store)
What is EBS?
EBS is persistent block storage that attaches to EC2 instances. Data persists even when instances are stopped or terminated.
Key EBS Characteristics
EBS Features:
├── Network-attached: Connected via network, not physical
├── AZ-bound: Can only attach to instances in same AZ
├── Resizable: Can expand size while running
├── Snapshots: Backup to S3, restore to other AZ/region
├── Encryption: Encrypt data at rest with KMS
└── Multi-Attach: Only io1/io2 support Multi-Attach
EBS Volume Types
| Type | Use Case | IOPS | Throughput | Best For |
|---|---|---|---|---|
| gp3 | General SSD | 16,000 | 1,000MB/s | Most workloads |
| gp2 | General SSD | 16,000 | 250MB/s | Legacy, prefer gp3 |
| io2 | Provisioned IOPS | 256,000 | 4,000MB/s | Databases |
| io1 | Provisioned IOPS | 64,000 | 1,000MB/s | Legacy, prefer io2 |
| st1 | Throughput HDD | 500 | 500MB/s | Big data, logs |
| sc1 | Cold HDD | 250 | 250MB/s | Archive |
Exam Tip
Exam Point: gp3 is the default recommendation. io2 for high-performance databases. st1/sc1 cannot be boot volumes (HDD). gp3 is cheaper than gp2 with independent IOPS and throughput settings.
EBS Snapshots
EBS Snapshots:
├── Stored in S3 (managed, no direct access)
├── Incremental backup (only changed blocks)
├── Can restore to different AZ/region
├── Foundation for AMI creation
└── Shareable (other accounts, public)
Snapshot Best Practices:
├── Create regular snapshots (use AWS Backup)
├── When creating volume from snapshot, can choose different AZ
└── Can create encrypted volume from unencrypted snapshot
Root Volume Deletion Behavior
EBS Behavior on Instance Termination:
├── Root Volume: Default "Delete on Termination" = Yes
│ └── Automatically deleted on termination
├── Additional Volumes: Default "Delete on Termination" = No
│ └── Retained after termination
Important: Set root volume to "Delete on Termination" = No
if you need to preserve data!
Instance Store vs EBS
Comparison Table
| Feature | Instance Store | EBS |
|---|---|---|
| Connection | Physical disk (direct) | Network (virtual) |
| Data Persistence | Ephemeral (lost on stop/terminate) | Persistent (independent of instance) |
| Performance | Very high (physical disk) | High (network latency) |
| Resize | Not possible | Possible (even while running) |
| Snapshots | Not possible | Possible |
| Detach/Reattach | Not possible | Possible |
| Cost | Included in instance price | Separate charge |
Use Cases
Use Instance Store for:
├── Buffers, caches, temporary data
├── High-performance temporary storage needs
├── Data that can be lost
└── Examples: HPC scratch disk, Redis cache
Use EBS for:
├── Databases (persistent data)
├── Application data
├── Boot volumes (OS)
└── Most workloads
Exam Tip
Exam Essential: "Data must persist after instance restart" → EBS "Need high-performance temporary storage" → Instance Store
EC2 Metadata and User Data
Instance Metadata
Instances can query their own information from inside.
# Metadata endpoint (IMDSv1)
curl http://169.254.169.254/latest/meta-data/
# Available information:
├── instance-id
├── instance-type
├── ami-id
├── public-ipv4
├── local-ipv4
├── iam/security-credentials/<role-name> # IAM role temp credentials
└── ...
Exam Tip
Exam Point: IMDSv2 (token-based) is recommended for security. Metadata provides IAM role temporary credentials, so you don't need to hardcode credentials in EC2.
User Data
Scripts that run automatically when an instance starts.
#!/bin/bash
# User Data example
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "Hello from EC2" > /var/www/html/index.html
User Data Characteristics:
├── Runs only on first boot (default)
├── Runs as root
├── Max 16KB
├── Passed as Base64 encoded
└── Log location: /var/log/cloud-init-output.log
Security Groups
What are Security Groups?
Security Groups are virtual firewalls for EC2 instances. They control inbound/outbound traffic.
Security Group Characteristics:
├── Stateful: Response traffic automatically allowed
├── Allow rules only (no Deny rules)
├── Default inbound: All traffic blocked
├── Default outbound: All traffic allowed
├── Can attach to multiple instances
└── Multiple SGs can attach to one instance
Security Group Rule Examples
| Type | Protocol | Port | Source | Purpose |
|---|---|---|---|---|
| SSH | TCP | 22 | My IP | Admin access |
| HTTP | TCP | 80 | 0.0.0.0/0 | Web server |
| HTTPS | TCP | 443 | 0.0.0.0/0 | Web server (SSL) |
| Custom | TCP | 3306 | sg-xxx | RDS access (SG reference) |
Exam Tip
Exam Point: Security groups can reference other security groups as source. This allows access only from instances in a specific group, regardless of IP changes.
SAA-C03 Exam Focus Points
Common Question Types
| Topic | Key Point |
|---|---|
| Data Persistence | EBS = persistent, Instance Store = ephemeral |
| AMI Region | AMI is region-bound, must copy for other regions |
| Instance Stop | EBS data retained, instance store lost, Public IP released |
| Boot Volume | Only gp2, gp3, io1, io2 allowed (no HDD) |
| Metadata | Query at 169.254.169.254, includes IAM role credentials |
| Security Groups | Stateful, allow only, can reference other SGs |
Common Exam Traps
❌ Instance store data persists after reboot
→ Reboot retains data, but stop/terminate deletes it
❌ AMI can be used directly in another region
→ AMI is region-bound, must copy first
❌ EBS volume can attach to instance in different AZ
→ EBS is AZ-bound, use snapshot to restore in another AZ
❌ Security groups support Deny rules
→ Security groups allow only, NACLs support Deny
❌ st1 volume can be used as boot volume
→ HDD (st1, sc1) cannot be boot volumes
Frequently Asked Questions
Q: Am I charged when I stop an EC2 instance?
Instance charges stop. However, charges continue for attached EBS volumes and Elastic IPs (if not associated).
Q: What's the difference between AMI and snapshot?
A snapshot is a backup of an EBS volume. An AMI consists of snapshot + metadata (launch permissions, block device mapping). You can launch instances directly from an AMI, but from a snapshot you must first create a volume.
Q: Can I reduce EBS volume size?
No, EBS volumes can only be expanded. To reduce size, create a smaller volume and copy the data.
Q: How do I know if an instance type has instance store?
Instance types with 'd' in the name have instance store. Examples: m5d.large, c5d.xlarge, r5d.4xlarge. You can also check in the AWS console or documentation.
Q: What is EBS Multi-Attach?
A feature that attaches io1/io2 volumes to multiple instances in the same AZ simultaneously. Requires a cluster file system, supports up to 16 instances. Standard file systems risk data corruption, so use with caution.
Summary
EC2 is AWS's core compute service. Key points:
- AMI: Server template, region-bound, based on EBS snapshots
- Instance: Virtual server, understand stop/terminate/reboot behavior
- EBS: Persistent storage, AZ-bound, backup with snapshots
- Instance Store: Ephemeral storage, high performance, deleted on stop
- Security Groups: Stateful firewall, allow rules only
Next, learn about EC2 Instance Type Selection Guide and EC2 Pricing Options Comparison to complete your EC2 knowledge.