What is EC2?
Amazon EC2 (Elastic Compute Cloud) gives you virtual servers in the cloud that you rent by the second or hour. You pick the operating system, the size of the machine, and the software it runs, then log in and use it just like a computer in your own office, except AWS owns the hardware and you can create or delete servers in minutes. It is the most fundamental compute service in AWS and the classic example of IaaS (Infrastructure as a Service), where AWS handles the physical machines and you manage everything from the operating system upward.
What EC2 actually gives you
When you launch an EC2 server, AWS carves out a slice of a real physical machine in one of its data centers and hands you full control of it. You get root or administrator access, a network connection, and storage. From there you decide what to install: a web server, a database, a game backend, a machine-learning training job, or anything else.
The key word is elastic. You can start with one small server today, add ten more next week to handle a traffic spike, and shut them all down again afterward, paying only for the time they ran. There are no long-term contracts and no upfront hardware purchase.
EC2 is IaaS, not a managed app. AWS keeps the hardware, networking, and hypervisor healthy, but patching the OS, securing the software, and configuring everything inside the server is your job.
The core pieces
A running EC2 setup is built from a handful of building blocks. Understanding these five terms unlocks almost everything else.
| Piece | What it is | Plain-English analogy |
|---|---|---|
| Instance | A single running virtual server. | One rented computer. |
| AMI (Amazon Machine Image) | A template with the OS and pre-installed software used to launch an instance. | The “factory image” you clone from. |
| Instance type | The hardware size: how many vCPUs and how much memory. | Choosing a small, medium, or large machine. |
| EBS (Elastic Block Store) | A virtual hard drive attached to the instance. | The disk where your OS and data live. |
| Security group | A virtual firewall controlling which traffic reaches the instance. | The guard deciding which doors are open. |
An instance is launched from an AMI, runs on the hardware defined by its instance type, stores its data on one or more EBS volumes, and is protected by a security group. That single sentence is the whole mental model.
Where EC2 fits among compute options
EC2 is the most flexible compute option, but flexibility means more responsibility. AWS offers lighter-weight choices when you do not need full control of a server.
| Service | You manage | Good for |
|---|---|---|
| EC2 | The whole OS and everything on it. | Full control, legacy apps, custom software. |
| Lambda | Just your function code. | Short event-driven tasks, no servers to run. |
| ECS / EKS | Containers, not the host. | Dockerized microservices. |
| Elastic Beanstalk | Just your app; AWS provisions EC2 for you. | Simple web apps without hands-on infra. |
Reach for EC2 when you genuinely need to control the operating system, install specific software, or run something that does not fit neatly into a container or function.
Launching your first instance
AWS Console steps:
- Open the EC2 console and choose Launch instances.
- Give the instance a Name (for example,
web-server-1). - Pick an AMI (for example, Amazon Linux 2023).
- Choose an Instance type (for example,
t3.micro, which is Free Tier eligible). - Select or create a key pair so you can log in over SSH.
- Under Network settings, create or pick a security group and allow SSH (port 22) from your IP.
- Click Launch instance.
The equivalent AWS CLI command (CLI v2):
aws ec2 run-instances \
--image-id ami-0abcdef1234567890 \
--instance-type t3.micro \
--key-name my-key-pair \
--security-group-ids sg-0a1b2c3d \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=web-server-1}]'Output:
{
"Instances": [
{
"InstanceId": "i-0a1b2c3d4e5f",
"ImageId": "ami-0abcdef1234567890",
"InstanceType": "t3.micro",
"State": { "Name": "pending" },
"PrivateIpAddress": "10.0.1.25"
}
]
}A t3.micro costs roughly $0.0104 per hour in us-east-1 (about $7.50 a month if left running 24/7), and is included in the AWS Free Tier for 750 hours a month during your first year.
The “stopped is not free” gotcha
This trips up almost every beginner. An EC2 instance has several states: running, stopped, and terminated. When you stop an instance, AWS stops charging you for the compute (the vCPU and memory). It feels like the meter is off. It is not entirely.
A stopped instance still costs money. You keep paying for its EBS storage and for any Elastic IP address you allocated but are not currently using. Only terminating the instance stops the bulk of the charges.
So if you launched a server to experiment, leaving it stopped still bills you for the attached disk. To actually stop most charges, either terminate the instance (which deletes it and, by default, its root EBS volume) or detach and delete unused volumes and release unused Elastic IPs.
# Stop (compute charges pause, EBS still billed):
aws ec2 stop-instances --instance-ids i-0a1b2c3d4e5f
# Terminate (deletes the instance; stops most charges):
aws ec2 terminate-instances --instance-ids i-0a1b2c3d4e5fA small gp3 root volume of 8 GiB costs around $0.64 a month even while the instance is stopped, and an idle Elastic IP costs about $0.005 per hour (roughly $3.60 a month). Small numbers, but they add up across forgotten test instances.
Best Practices
- Right-size before you scale. Start with the smallest instance type that works and grow only when monitoring shows you need to; oversized instances waste money around the clock.
- Lock down security groups. Never open SSH (port 22) or RDP (port 3389) to
0.0.0.0/0; restrict to your own IP or use AWS Systems Manager Session Manager instead. - Terminate, don’t just stop, throwaway instances. Remember stopped instances still bill for EBS and Elastic IPs, so clean up experiments fully.
- Use IAM roles, not stored keys. Attach an IAM role to the instance so apps get temporary credentials instead of hardcoding access keys.
- Tag everything. Consistent tags (owner, environment, project) make cost tracking and cleanup far easier.
- Back up important data. Take regular EBS snapshots; the instance is disposable, but your data should not be.