|
|
Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
What is Amazon EC2? |
|
|
Amazon Elastic Compute Cloud (Amazon EC2) provides on-demand, scalable computing capacity |
|
|
in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 reduces hardware costs so you can |
|
|
develop and deploy applications faster. You can use Amazon EC2 to launch as many or as few |
|
|
virtual servers as you need, configure security and networking, and manage storage. You can add |
|
|
capacity (scale up) to handle compute-heavy tasks, such as monthly or yearly processes, or spikes in |
|
|
website traffic. When usage decreases, you can reduce capacity (scale down) again. |
|
|
An EC2 instance is a virtual server in the AWS Cloud. When you launch an EC2 instance, the |
|
|
instance type that you specify determines the hardware available to your instance. Each instance |
|
|
type offers a different balance of compute, memory, network, and storage resources. For more |
|
|
information, see the Amazon EC2 Instance Types Guide. |
|
|
|
|
|
Features of Amazon EC2 |
|
|
Amazon EC2 provides the following high-level features: |
|
|
Instances |
|
|
Virtual servers. |
|
|
Amazon Machine Images (AMIs) |
|
|
Preconfigured templates for your instances that package the components you need for your |
|
|
server (including the operating system and additional software). |
|
|
Instance types |
|
|
Various configurations of CPU, memory, storage, networking capacity, and graphics hardware |
|
|
for your instances. |
|
|
Features |
|
|
|
|
|
1 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Amazon EBS volumes |
|
|
Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon EBS). |
|
|
Instance store volumes |
|
|
Storage volumes for temporary data that is deleted when you stop, hibernate, or terminate |
|
|
your instance. |
|
|
Key pairs |
|
|
Secure login information for your instances. AWS stores the public key and you store the private |
|
|
key in a secure place. |
|
|
Security groups |
|
|
A virtual firewall that allows you to specify the protocols, ports, and source IP ranges that can |
|
|
reach your instances, and the destination IP ranges to which your instances can connect. |
|
|
Amazon EC2 supports the processing, storage, and transmission of credit card data by a merchant |
|
|
or service provider, and has been validated as being compliant with Payment Card Industry (PCI) |
|
|
Data Security Standard (DSS). For more information about PCI DSS, including how to request a |
|
|
copy of the AWS PCI Compliance Package, see PCI DSS Level 1. |
|
|
|
|
|
Related services |
|
|
Services to use with Amazon EC2 |
|
|
You can use other AWS services with the instances that you deploy using Amazon EC2. |
|
|
Amazon EC2 Auto Scaling |
|
|
Helps ensure you have the correct number of Amazon EC2 instances available to handle the |
|
|
load for your application. |
|
|
AWS Backup |
|
|
Automate backing up your Amazon EC2 instances and the Amazon EBS volumes attached to |
|
|
them. |
|
|
Amazon CloudWatch |
|
|
Monitor your instances and Amazon EBS volumes. |
|
|
Related services |
|
|
|
|
|
2 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Access Amazon EC2 |
|
|
You can create and manage your Amazon EC2 instances using the following interfaces: |
|
|
Amazon EC2 console |
|
|
A simple web interface to create and manage Amazon EC2 instances and resources. If you've |
|
|
signed up for an AWS account, you can access the Amazon EC2 console by signing into the AWS |
|
|
Management Console and selecting EC2 from the console home page. |
|
|
AWS Command Line Interface |
|
|
Enables you to interact with AWS services using commands in your command-line shell. It is |
|
|
supported on Windows, Mac, and Linux. For more information about the AWS CLI , see AWS |
|
|
Command Line Interface User Guide. You can find the Amazon EC2 commands in the AWS CLI |
|
|
Command Reference. |
|
|
AWS CloudFormation |
|
|
Amazon EC2 supports creating resources using AWS CloudFormation. You create a template, in |
|
|
JSON or YAML format, that describes your AWS resources, and AWS CloudFormation provisions |
|
|
and configures those resources for you. You can reuse your CloudFormation templates to |
|
|
provision the same resources multiple times, whether in the same Region and account or in |
|
|
multiple Regions and accounts. For more information about supported resource types and |
|
|
properties for Amazon EC2, see EC2 resource type reference in the AWS CloudFormation User |
|
|
Guide. |
|
|
AWS SDKs |
|
|
If you prefer to build applications using language-specific APIs instead of submitting a request |
|
|
over HTTP or HTTPS, AWS provides libraries, sample code, tutorials, and other resources |
|
|
for software developers. These libraries provide basic functions that automate tasks such |
|
|
as cryptographically signing your requests, retrying requests, and handling error responses, |
|
|
making it easier for you to get started. For more information, see Tools to Build on AWS. |
|
|
AWS Tools for PowerShell |
|
|
A set of PowerShell modules that are built on the functionality exposed by the SDK for .NET. |
|
|
The Tools for PowerShell enable you to script operations on your AWS resources from the |
|
|
PowerShell command line. To get started, see the AWS Tools for PowerShell User Guide. You |
|
|
can find the cmdlets for Amazon EC2, in the AWS Tools for PowerShell Cmdlet Reference. |
|
|
Access EC2 |
|
|
|
|
|
4 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Get started with Amazon EC2 |
|
|
Use this tutorial to get started with Amazon Elastic Compute Cloud (Amazon EC2). You'll learn how |
|
|
to launch and connect to an EC2 instance. An instance is a virtual server in the AWS Cloud. With |
|
|
Amazon EC2, you can set up and configure the operating system and applications that run on your |
|
|
instance. |
|
|
Overview |
|
|
The following diagram shows the key components that you'll use in this tutorial: |
|
|
• An image – A template that contains the software to run on your instance, such as the operating |
|
|
system. |
|
|
• A key pair – A set of security credentials that you use to prove your identity when connecting to |
|
|
your instance. The public key is on your instance and the private key is on your computer. |
|
|
• A network – A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. |
|
|
To help you get started quickly, your account comes with a default VPC in each AWS Region, and |
|
|
each default VPC has a default subnet in each Availability Zone. |
|
|
• A security group – Acts as a virtual firewall to control inbound and outbound traffic. |
|
|
• An EBS volume – We require a root volume for the image. You can optionally add data volumes. |
|
|
|
|
|
8 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Cost for this tutorial |
|
|
When you create your AWS account, you can get started with Amazon EC2 for free using the AWS |
|
|
Free Tier. |
|
|
If you created your AWS account before July 15, 2025, it's less than 12 months old, and you haven't |
|
|
already exceeded the Free Tier benefits for Amazon EC2, it won't cost you anything to complete |
|
|
this tutorial, because we help you select options that are within the Free Tier benefits. Otherwise, |
|
|
you'll incur the standard Amazon EC2 usage fees from the time that you launch the instance (even |
|
|
if it remains idle) until you terminate it. |
|
|
If you created your AWS account on or after July 15, 2025, it's less than 6 months old, and you |
|
|
haven't used up all your credits, it won't cost you anything to complete this tutorial, because we |
|
|
help you select options that are within the Free Tier benefits. |
|
|
For information on how to determine whether you are eligible for the Free Tier, see the section |
|
|
called “Track your Free Tier usage”. |
|
|
Tasks |
|
|
• Step 1: Launch an instance |
|
|
• Step 2: Connect to your instance |
|
|
• Step 3: Clean up your instance |
|
|
9 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Next steps |
|
|
|
|
|
Step 1: Launch an instance |
|
|
You can launch an EC2 instance using the AWS Management Console as described in the following |
|
|
procedure. This tutorial is intended to help you quickly launch your first instance, so it doesn't |
|
|
cover all possible options. |
|
|
To launch an instance |
|
|
1. |
|
|
|
|
|
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. |
|
|
|
|
|
2. |
|
|
|
|
|
In the navigation bar at the top of the screen, we display the current AWS Region — for |
|
|
example, Ohio. You can use the selected Region, or optionally select a Region that is closer to |
|
|
you. |
|
|
|
|
|
3. |
|
|
|
|
|
From the EC2 console dashboard, in the Launch instance pane, choose Launch instance. |
|
|
|
|
|
4. |
|
|
|
|
|
Under Name and tags, for Name, enter a descriptive name for your instance. |
|
|
|
|
|
5. |
|
|
|
|
|
Under Application and OS Images (Amazon Machine Image), do the following: |
|
|
a. |
|
|
|
|
|
Choose Quick Start, and then choose the operating system (OS) for your instance. For |
|
|
your first Linux instance, we recommend that you choose Amazon Linux. |
|
|
|
|
|
b. |
|
|
|
|
|
From Amazon Machine Image (AMI), select an AMI that is marked Free Tier eligible. |
|
|
|
|
|
6. |
|
|
|
|
|
Under Instance type, for Instance type, select an instance type that is marked Free Tier |
|
|
eligible. |
|
|
|
|
|
7. |
|
|
|
|
|
Under Key pair (login), for Key pair name, choose an existing key pair or choose Create new |
|
|
key pair to create your first key pair. |
|
|
|
|
|
Warning |
|
|
If you choose Proceed without a key pair (Not recommended), you won't be able to |
|
|
connect to your instance using the methods described in this tutorial. |
|
|
8. |
|
|
|
|
|
Under Network settings, notice that we selected your default VPC, selected the option to use |
|
|
the default subnet in an Availability Zone that we choose for you, and configured a security |
|
|
group with a rule that allows connections to your instance from anywhere (0.0.0.0.0/0). |
|
|
|
|
|
Step 1: Launch an instance |
|
|
|
|
|
10 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Warning |
|
|
If you specify 0.0.0.0/0, you are enabling traffic from any IP addresses in the world. |
|
|
For the SSH and RDP protocols, you might consider this acceptable for a short time |
|
|
in a test environment, but it's unsafe for production environments. In production, be |
|
|
sure to authorize access only from the appropriate individual IP address or range of |
|
|
addresses. |
|
|
|
|
|
For your first instance, we recommend that you use the default settings. Otherwise, you can |
|
|
update your network settings as follows: |
|
|
|
|
|
9. |
|
|
|
|
|
• |
|
|
|
|
|
(Optional) To use a specific default subnet, choose Edit and then choose a subnet. |
|
|
|
|
|
• |
|
|
|
|
|
(Optional) To use a different VPC, choose Edit and then choose an existing VPC. If the VPC |
|
|
isn't configured for public internet access, you won't be able to connect to your instance. |
|
|
|
|
|
• |
|
|
|
|
|
(Optional) To restrict inbound connection traffic to a specific network, choose Custom |
|
|
instead of Anywhere, and enter the CIDR block for your network. |
|
|
|
|
|
• |
|
|
|
|
|
(Optional) To use a different security group, choose Select existing security group and |
|
|
choose an existing security group. If the security group does not have a rule that allows |
|
|
connection traffic from your network, you won't be able to connect to your instance. For |
|
|
a Linux instance, you must allow SSH traffic. For a Windows instance, you must allow RDP |
|
|
traffic. |
|
|
|
|
|
Under Configure storage, notice that we configured a root volume but no data volumes. This |
|
|
is sufficient for test purposes. |
|
|
|
|
|
10. Review a summary of your instance configuration in the Summary panel, and when you're |
|
|
ready, choose Launch instance. |
|
|
11. If the launch is successful, choose the ID of the instance from the Success notification to open |
|
|
the Instances page and monitor the status of the launch. |
|
|
12. Select the checkbox for the instance. The initial instance state is pending. After the instance |
|
|
starts, its state changes to running. Choose the Status and alarms tab. After your instance |
|
|
passes its status checks, it is ready to receive connection requests. |
|
|
|
|
|
Step 1: Launch an instance |
|
|
|
|
|
11 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Step 2: Connect to your instance |
|
|
The procedure that you use depends on the operating system of the instance. If you can't connect |
|
|
to your instance, see Troubleshoot issues connecting to your Amazon EC2 Linux instance for |
|
|
assistance. |
|
|
|
|
|
Linux instances |
|
|
You can connect to your Linux instance using any SSH client. If you are running Windows on |
|
|
your computer, open a terminal and run the ssh command to verify that you have an SSH client |
|
|
installed. If the command is not found, install OpenSSH for Windows. |
|
|
To connect to your instance using SSH |
|
|
1. |
|
|
|
|
|
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. |
|
|
|
|
|
2. |
|
|
|
|
|
In the navigation pane, choose Instances. |
|
|
|
|
|
3. |
|
|
|
|
|
Select the instance and then choose Connect. |
|
|
|
|
|
4. |
|
|
|
|
|
On the Connect to instance page, choose the SSH client tab. |
|
|
|
|
|
5. |
|
|
|
|
|
(Optional) If you created a key pair when you launched the instance and downloaded the |
|
|
private key (.pem file) to a computer running Linux or macOS, run the example chmod |
|
|
command to set the permissions for your private key. |
|
|
|
|
|
6. |
|
|
|
|
|
Copy the example SSH command. The following is an example, where key-pair-name.pem |
|
|
is the name of your private key file, ec2-user is the username associated with the image, and |
|
|
the string after the @ symbol is the public DNS name of the instance. |
|
|
ssh -i key-pair-name.pem ec2-user@ec2-198-51-100-1.us-east-2.compute.amazonaws.com |
|
|
|
|
|
7. |
|
|
|
|
|
In a terminal window on your computer, run the ssh command that you saved in the previous |
|
|
step. If the private key file is not in the current directory, you must specify the fully-qualified |
|
|
path to the key file in this command. |
|
|
The following is an example response: |
|
|
The authenticity of host 'ec2-198-51-100-1.us-east-2.compute.amazonaws.com |
|
|
(198-51-100-1)' can't be established. |
|
|
ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. |
|
|
Are you sure you want to continue connecting (yes/no)? |
|
|
|
|
|
Step 2: Connect to your instance |
|
|
|
|
|
12 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
8. |
|
|
|
|
|
User Guide |
|
|
|
|
|
(Optional) Verify that the fingerprint in the security alert matches the instance fingerprint |
|
|
contained in the console output when you first start an instance. To get the console output, |
|
|
choose Actions, Monitor and troubleshoot, Get system log. If the fingerprints don't match, |
|
|
someone might be attempting a man-in-the-middle attack. If they match, continue to the next |
|
|
step. |
|
|
|
|
|
9. |
|
|
|
|
|
Enter yes. |
|
|
The following is an example response: |
|
|
Warning: Permanently added 'ec2-198-51-100-1.useast-2.compute.amazonaws.com' (ECDSA) to the list of known hosts. |
|
|
|
|
|
Windows instances |
|
|
To connect to a Windows instance using RDP, you must retrieve the initial administrator password |
|
|
and then enter this password when you connect to your instance. It takes a few minutes after |
|
|
instance launch before this password is available. Your account must have permission to call the |
|
|
GetPasswordData action. For more information, see Example policies to control access the Amazon |
|
|
EC2 API. |
|
|
The default username for the Administrator account depends on the language of the operating |
|
|
system (OS) contained in the AMI. To determine the correct username, identify the language |
|
|
of the OS, and then choose the corresponding username. For example, for an English OS, the |
|
|
username is Administrator, for a French OS it's Administrateur, and for a Portuguese OS it's |
|
|
Administrador. If a language version of the OS does not have a username in the same language, |
|
|
choose the username Administrator (Other). For more information, see Localized Names for |
|
|
Administrator Account in Windows in the Microsoft website. |
|
|
To retrieve the initial administrator password |
|
|
1. |
|
|
|
|
|
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. |
|
|
|
|
|
2. |
|
|
|
|
|
In the navigation pane, choose Instances. |
|
|
|
|
|
3. |
|
|
|
|
|
Select the instance and then choose Connect. |
|
|
|
|
|
4. |
|
|
|
|
|
On the Connect to instance page, choose the RDP client tab. |
|
|
|
|
|
5. |
|
|
|
|
|
For Username, choose the default username for the Administrator account. The username you |
|
|
choose must match the language of the operating system (OS) contained in the AMI that you |
|
|
|
|
|
Step 2: Connect to your instance |
|
|
|
|
|
13 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
used to launch your instance. If there is no username in the same language as your OS, choose |
|
|
Administrator (Other). |
|
|
6. |
|
|
|
|
|
Choose Get password. |
|
|
|
|
|
7. |
|
|
|
|
|
On the Get Windows password page, do the following: |
|
|
a. |
|
|
|
|
|
Choose Upload private key file and navigate to the private key (.pem) file that you |
|
|
specified when you launched the instance. Select the file and choose Open to copy the |
|
|
entire contents of the file to this window. |
|
|
|
|
|
b. |
|
|
|
|
|
Choose Decrypt password. The Get Windows password page closes, and the default |
|
|
administrator password for the instance appears under Password, replacing the Get |
|
|
password link shown previously. |
|
|
|
|
|
c. |
|
|
|
|
|
Copy the password and save it in a safe place. This password is required to connect to the |
|
|
instance. |
|
|
|
|
|
The following procedure uses the Remote Desktop Connection client for Windows (MSTSC). If |
|
|
you're using a different RDP client, download the RDP file and then see the documentation for the |
|
|
RDP client for the steps to establish the RDP connection. |
|
|
To connect to a Windows instance using an RDP client |
|
|
1. |
|
|
|
|
|
On the Connect to instance page, choose Download remote desktop file. When the |
|
|
file download is finished, choose Cancel to return to the Instances page. The RDP file is |
|
|
downloaded to your Downloads folder. |
|
|
|
|
|
2. |
|
|
|
|
|
Run mstsc.exe to open the RDP client. |
|
|
|
|
|
3. |
|
|
|
|
|
Expand Show options, choose Open, and select the .rdp file from your Downloads folder. |
|
|
|
|
|
4. |
|
|
|
|
|
By default, Computer is the public IPv4 DNS name of the instance and User name is the |
|
|
administrator account. To connect to the instance using IPv6 instead, replace the public IPv4 |
|
|
DNS name of the instance with its IPv6 address. Review the default settings and change them |
|
|
as needed. |
|
|
|
|
|
5. |
|
|
|
|
|
Choose Connect. If you receive a warning that the publisher of the remote connection is |
|
|
unknown, choose Connect to continue. |
|
|
|
|
|
6. |
|
|
|
|
|
Enter the password that you saved previously, and then choose OK. |
|
|
|
|
|
7. |
|
|
|
|
|
Due to the nature of self-signed certificates, you might get a warning that the security |
|
|
certificate could not be authenticated. Do one of the following: |
|
|
• |
|
|
|
|
|
If you trust the certificate, choose Yes to connect to your instance. |
|
|
|
|
|
Step 2: Connect to your instance |
|
|
|
|
|
14 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
• |
|
|
|
|
|
User Guide |
|
|
|
|
|
[Windows] Before you proceed, compare the thumbprint of the certificate with the value |
|
|
in the system log to confirm the identity of the remote computer. Choose View certificate |
|
|
and then choose Thumbprint from the Details tab. Compare this value to the value of |
|
|
RDPCERTIFICATE-THUMBPRINT in Actions, Monitor and troubleshoot, Get system log. |
|
|
|
|
|
• |
|
|
|
|
|
[Mac OS X] Before you proceed, compare the fingerprint of the certificate with the |
|
|
value in the system log to confirm the identity of the remote computer. Choose Show |
|
|
Certificate, expand Details, and choose SHA1 Fingerprints. Compare this value to the |
|
|
value of RDPCERTIFICATE-THUMBPRINT in Actions, Monitor and troubleshoot, Get |
|
|
system log. |
|
|
|
|
|
8. |
|
|
|
|
|
If the RDP connection is successful, the RDP client displays the Windows login screen and |
|
|
then the Windows desktop. If you receive an error message instead, see the section called |
|
|
“Remote Desktop can't connect to the remote computer”. When you are finished with the RDP |
|
|
connection, you can close the RDP client. |
|
|
|
|
|
Step 3: Clean up your instance |
|
|
After you've finished with the instance that you created for this tutorial, you should clean up by |
|
|
terminating the instance. If you want to do more with this instance before you clean up, see Next |
|
|
steps. |
|
|
|
|
|
Important |
|
|
Terminating an instance effectively deletes it; you can't reconnect to an instance after |
|
|
you've terminated it. |
|
|
|
|
|
You'll stop incurring charges for that instance or usage that counts against your Free Tier limits as |
|
|
soon as the instance status changes to shutting down or terminated. To keep your instance |
|
|
for later, but not incur charges or usage that counts against your Free Tier limits, you can stop the |
|
|
instance now and then start it again later. For more information, see Stop and start Amazon EC2 |
|
|
instances. |
|
|
To terminate your instance |
|
|
1. |
|
|
|
|
|
In the navigation pane, choose Instances. In the list of instances, select the instance. |
|
|
|
|
|
2. |
|
|
|
|
|
Choose Instance state, Terminate (delete) instance. |
|
|
|
|
|
Step 3: Clean up your instance |
|
|
|
|
|
15 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
3. |
|
|
|
|
|
User Guide |
|
|
|
|
|
Choose Terminate (delete) when prompted for confirmation. |
|
|
Amazon EC2 shuts down and terminates your instance. After your instance is terminated, it |
|
|
remains visible on the console for a short while, and then the entry is automatically deleted. |
|
|
You cannot remove the terminated instance from the console display yourself. |
|
|
|
|
|
Next steps |
|
|
After you start your instance, you might want to explore the following next steps: |
|
|
• Explore the Amazon EC2 core concepts with the introductory tutorials. For more information, see |
|
|
Tutorials for launching EC2 instances. |
|
|
• Learn how to track your Amazon EC2 Free Tier usage using the console. For more information, |
|
|
see the section called “Track your Free Tier usage”. |
|
|
• Configure a CloudWatch alarm to notify you if your usage exceeds the Free Tier (for accounts |
|
|
created before July 15, 2025). For more information, see Tracking your AWS Free Tier usage in |
|
|
the AWS Billing User Guide. |
|
|
• Add an EBS volume. For more information, see Create an Amazon EBS volume in the Amazon EBS |
|
|
User Guide. |
|
|
• Learn how to remotely manage your EC2 instance using the Run command. For more |
|
|
information, see AWS Systems Manager Run Command in the AWS Systems Manager User Guide. |
|
|
• Learn about instance purchasing options. For more information, see Amazon EC2 billing and |
|
|
purchasing options. |
|
|
• Get advice about instance types. For more information, see Get recommendations from EC2 |
|
|
instance type finder. |
|
|
|
|
|
Next steps |
|
|
|
|
|
16 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Best practices for Amazon EC2 |
|
|
To ensure the maximum benefit from Amazon EC2, we recommend that you perform the following |
|
|
best practices. |
|
|
Security |
|
|
• Manage access to AWS resources and APIs using identity federation with an identity provider and |
|
|
IAM roles whenever possible. For more information, see Creating IAM policies in the IAM User |
|
|
Guide. |
|
|
• Implement the least permissive rules for your security group. |
|
|
• Regularly patch, update, and secure the operating system and applications on your instance. |
|
|
For more information, see Update management. For guidelines specific to Windows operating |
|
|
systems, see Security best practices for Windows instances. |
|
|
• Use Amazon Inspector to automatically discover and scan Amazon EC2 instances for software |
|
|
vulnerabilities and unintended network exposure. For more information, see the Amazon |
|
|
Inspector User Guide. |
|
|
• Use AWS Security Hub controls to monitor your Amazon EC2 resources against security best |
|
|
practices and security standards. For more information about using Security Hub, see Amazon |
|
|
Elastic Compute Cloud controls in the AWS Security Hub User Guide. |
|
|
Storage |
|
|
• Understand the implications of the root device type for data persistence, backup, and recovery. |
|
|
For more information, see Root device type. |
|
|
• Use separate Amazon EBS volumes for the operating system versus your data. Ensure that the |
|
|
volume with your data persists after instance termination. For more information, see Preserve |
|
|
data when an instance is terminated. |
|
|
• Use the instance store available for your instance to store temporary data. Remember that the |
|
|
data stored in instance store is deleted when you stop, hibernate, or terminate your instance. |
|
|
If you use instance store for database storage, ensure that you have a cluster with a replication |
|
|
factor that ensures fault tolerance. |
|
|
• Encrypt EBS volumes and snapshots. For more information, see Amazon EBS encryption in the |
|
|
Amazon EBS User Guide. |
|
|
17 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Resource management |
|
|
• Use instance metadata and custom resource tags to track and identify your AWS resources. |
|
|
For more information, see Use instance metadata to manage your EC2 instance and Tag your |
|
|
Amazon EC2 resources. |
|
|
• View your current limits for Amazon EC2. Plan to request any limit increases in advance of the |
|
|
time that you'll need them. For more information, see Amazon EC2 service quotas. |
|
|
• Use AWS Trusted Advisor to inspect your AWS environment, and then make recommendations |
|
|
when opportunities exist to save money, improve system availability and performance, or help |
|
|
close security gaps. For more information, see AWS Trusted Advisor in the AWS Support User |
|
|
Guide. |
|
|
Backup and recovery |
|
|
• Regularly back up your EBS volumes using Amazon EBS snapshots, and create an Amazon |
|
|
Machine Image (AMI) from your instance to save the configuration as a template for launching |
|
|
future instances. For more information about AWS services that help achieve this use case, see |
|
|
AWS Backup and Amazon Data Lifecycle Manager. |
|
|
• Deploy critical components of your application across multiple Availability Zones, and replicate |
|
|
your data appropriately. |
|
|
• Design your applications to handle dynamic IP addressing when your instance restarts. For more |
|
|
information, see Amazon EC2 instance IP addressing. |
|
|
• Monitor and respond to events. For more information, see Monitor Amazon EC2 resources. |
|
|
• Ensure that you are prepared to handle failover. For a basic solution, you can manually attach |
|
|
a network interface or Elastic IP address to a replacement instance. For more information, see |
|
|
Elastic network interfaces. For an automated solution, you can use Amazon EC2 Auto Scaling. For |
|
|
more information, see the Amazon EC2 Auto Scaling User Guide. |
|
|
• Regularly test the process of recovering your instances and Amazon EBS volumes to ensure data |
|
|
and services are restored successfully. |
|
|
Networking |
|
|
• Set the time-to-live (TTL) value for your applications to 255, for IPv4 and IPv6. If you use a |
|
|
smaller value, there is a risk that the TTL will expire while application traffic is in transit, causing |
|
|
reachability issues for your instances. |
|
|
|
|
|
18 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Amazon Machine Images in Amazon EC2 |
|
|
An Amazon Machine Image (AMI) is an image that provides the software that is required to set up |
|
|
and boot an Amazon EC2 instance. Each AMI also contains a block device mapping that specifies |
|
|
the block devices to attach to the instances that you launch. You must specify an AMI when you |
|
|
launch an instance. The AMI must be compatible with the instance type that you chose for your |
|
|
instance. You can use an AMI provided by AWS, a public AMI, an AMI that someone else shared with |
|
|
you, or an AMI that you purchased from the AWS Marketplace. |
|
|
An AMI is specific to the following: |
|
|
• Region |
|
|
• Operating system |
|
|
• Processor architecture |
|
|
• Root device type |
|
|
• Virtualization type |
|
|
You can launch multiple instances from a single AMI when you require multiple instances with the |
|
|
same configuration. You can use different AMIs to launch instances when you require instances |
|
|
with different configurations, as shown in the following diagram. |
|
|
|
|
|
19 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
You can create an AMI from your Amazon EC2 instances and then use it to launch instances with |
|
|
the same configuration. You can copy an AMI to another AWS Region, and then use it to launch |
|
|
instances in that Region. You can also share an AMI that you created with other accounts so that |
|
|
they can launch instances with the same configuration. You can sell your AMI using the AWS |
|
|
Marketplace. |
|
|
Contents |
|
|
• AMI types and characteristics in Amazon EC2 |
|
|
• Find an AMI that meets the requirements for your EC2 instance |
|
|
• Paid AMIs in the AWS Marketplace for Amazon EC2 instances |
|
|
• Amazon EC2 AMI lifecycle |
|
|
• Instance launch behavior with Amazon EC2 boot modes |
|
|
• Use encryption with EBS-backed AMIs |
|
|
• Understand shared AMI usage in Amazon EC2 |
|
|
• Monitor AMI events using Amazon EventBridge |
|
|
• Understand AMI billing information |
|
|
• AMI quotas in Amazon EC2 |
|
|
20 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
AMI types and characteristics in Amazon EC2 |
|
|
When you launch an instance, the AMI that you choose must be compatible with the instance type |
|
|
that you choose. You can select an AMI to use based on the following characteristics: |
|
|
• Region |
|
|
• Operating system |
|
|
• Processor architecture |
|
|
• Launch permissions |
|
|
• Root device type |
|
|
• Virtualization types |
|
|
|
|
|
Launch permissions |
|
|
Launch permissions determine who can use an AMI to launch instances. You can think of launch |
|
|
permissions as sharing an AMI—when you grant launch permissions, you're sharing the AMI |
|
|
with other users. Only the owner of an AMI can determine its availability by specifying launch |
|
|
permissions. Launch permissions fall into the following categories. |
|
|
Launch |
|
|
permission |
|
|
|
|
|
Description |
|
|
|
|
|
public |
|
|
|
|
|
The owner grants launch permissions to all AWS accounts. |
|
|
|
|
|
explicit |
|
|
|
|
|
The owner grants launch permissions to specific AWS accounts, organizat |
|
|
ions, or organizational units (OUs). |
|
|
|
|
|
implicit |
|
|
|
|
|
The owner has implicit launch permissions for an AMI. |
|
|
|
|
|
Amazon and the Amazon EC2 community provide a large selection of public AMIs. For more |
|
|
information, see Understand shared AMI usage in Amazon EC2. Developers can charge for their |
|
|
AMIs. For more information, see Paid AMIs in the AWS Marketplace for Amazon EC2 instances. |
|
|
|
|
|
Root device type |
|
|
All AMIs are categorized as either backed by Amazon EBS or backed by instance store. |
|
|
AMI characteristics |
|
|
|
|
|
21 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Amazon EBS-backed AMI – The root device for an instance launched from the AMI is an Amazon |
|
|
Elastic Block Store (Amazon EBS) volume created from an Amazon EBS snapshot. Supported for |
|
|
both Linux and Windows AMIs. |
|
|
• Amazon instance store-backed AMI – The root device for an instance launched from the AMI is an |
|
|
instance store volume created from a template stored in Amazon S3. Supported for Linux AMIs |
|
|
only. Windows AMIs do not support instance store for the root device. |
|
|
For more information, see Root volumes for your Amazon EC2 instances. |
|
|
Note |
|
|
Instance store-backed AMIs are considered end of life and are not recommended for new |
|
|
usage. They are only supported on the following older instance types: C1, C3, D2, I2, M1, |
|
|
M2, M3, R3, and X1. |
|
|
|
|
|
The following table summarizes the important differences when using the two types of AMIs. |
|
|
Characteristic |
|
|
|
|
|
Amazon EBS-backed AMI |
|
|
|
|
|
Amazon instance store-backed |
|
|
AMI |
|
|
|
|
|
Root device volume |
|
|
|
|
|
EBS volume |
|
|
|
|
|
Instance store volume |
|
|
|
|
|
Boot time for an |
|
|
instance |
|
|
|
|
|
Usually less than 1 minute |
|
|
|
|
|
Usually less than 5 minutes |
|
|
|
|
|
By default, the root volume |
|
|
is deleted when the instance |
|
|
terminates.* Data on any other |
|
|
EBS volumes persists after |
|
|
instance termination by default. |
|
|
|
|
|
Data on any instance store |
|
|
volumes persists only during the |
|
|
life of the instance. |
|
|
|
|
|
Can be in a stopped state. Even |
|
|
when the instance is stopped and |
|
|
not running, the root volume is |
|
|
persisted in Amazon EBS. |
|
|
|
|
|
Cannot be in a stopped state; |
|
|
instances are running or |
|
|
terminated. |
|
|
|
|
|
Data persistence |
|
|
|
|
|
Stopped state |
|
|
|
|
|
Root device type |
|
|
|
|
|
22 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
Characteristic |
|
|
|
|
|
Modifications |
|
|
|
|
|
Charges |
|
|
|
|
|
AMI creation/bundling |
|
|
|
|
|
User Guide |
|
|
|
|
|
Amazon EBS-backed AMI |
|
|
|
|
|
Amazon instance store-backed |
|
|
AMI |
|
|
|
|
|
The instance type, kernel, RAM |
|
|
disk, and user data can be |
|
|
changed while the instance is |
|
|
stopped. |
|
|
|
|
|
Instance attributes are fixed for |
|
|
the life of an instance. |
|
|
|
|
|
You're charged for instance |
|
|
usage, EBS volume usage, and |
|
|
storing your AMI as an EBS snaps |
|
|
hot. |
|
|
|
|
|
You're charged for instance usage |
|
|
and storing your AMI in Amazon |
|
|
S3. |
|
|
|
|
|
Uses a single command/call |
|
|
|
|
|
Requires installation and use of |
|
|
AMI tools |
|
|
|
|
|
* By default, EBS root volumes have the DeleteOnTermination flag set to true. For information |
|
|
about how to change this flag so that the volume persists after termination, see Keep an Amazon |
|
|
EBS root volume after an Amazon EC2 instance terminates. |
|
|
** Supported with io2 EBS Block Express only. For more information, see Provisioned IOPS SSD |
|
|
Block Express volumes in the Amazon EBS User Guide. |
|
|
|
|
|
Determine the root device type of your AMI |
|
|
The AMI that you use to launch an EC2 instance determines the type of the root volume. The root |
|
|
volume of an EC2 instance is either an EBS volume or an instance store volume. |
|
|
Nitro-based instances support only EBS root volumes. The following previous generation instance |
|
|
types are the only instance types that support instance store root volumes: C1, C3, D2, I2, M1, M2, |
|
|
M3, R3, and X1. |
|
|
Console |
|
|
To determine the root device type of an AMI |
|
|
1. |
|
|
|
|
|
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. |
|
|
|
|
|
Determine the AMI root device type |
|
|
|
|
|
23 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Amazon EC2 instances |
|
|
An Amazon EC2 instance is a virtual server in the AWS cloud environment. You have full control |
|
|
over your instance, from the time that you first start it (referred to as launching an instance) until |
|
|
you delete it (referred to as terminating an instance). You can choose from a variety of operating |
|
|
systems when you launch your instance. You can connect to your instance and customize it to meet |
|
|
your needs. For example, you can configure the operating system, install operating system updates, |
|
|
and install applications on your instance. |
|
|
Amazon EC2 provides a wide range of instance types. You can choose an instance type that |
|
|
provides the compute resources, memory, storage, and network performance that you need to run |
|
|
your applications. |
|
|
With Amazon EC2, you pay only for what you use. Billing for your instance starts when you launch |
|
|
your instance and it transitions to the running state. Billing stops when you stop your instance and |
|
|
resumes when you start your instance. When you terminate your instance, billing stops when it |
|
|
transitions to the shutting down state. |
|
|
Amazon EC2 provides features that you can use to optimize the performance and the cost of |
|
|
your instances. For example, you can use Amazon EC2 Fleet or Amazon EC2 Auto Scaling to scale |
|
|
your capacity up or down as your instance utilization changes. You can reduce the costs for your |
|
|
instances using Spot Instances or Savings Plans. |
|
|
A managed instance is managed by a service provider, such as Amazon EKS Auto Mode. You can’t |
|
|
directly modify the settings of a managed instance. Managed instances are identified by a true |
|
|
value in the Managed field. For more information, see Amazon EC2 managed instances. |
|
|
Features and tasks |
|
|
• Amazon EC2 instance types |
|
|
• Amazon EC2 managed instances |
|
|
• Amazon EC2 billing and purchasing options |
|
|
• Store instance launch parameters in Amazon EC2 launch templates |
|
|
• Launch an Amazon EC2 instance |
|
|
• Connect to your EC2 instance |
|
|
• Amazon EC2 instance state changes |
|
|
267 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Automatic instance recovery |
|
|
• Use instance metadata to manage your EC2 instance |
|
|
• Detect whether a host is an EC2 instance |
|
|
• Instance identity documents for Amazon EC2 instances |
|
|
• Precision clock and time synchronization on your EC2 instance |
|
|
• Manage device drivers for your EC2 instance |
|
|
• Configure your Amazon EC2 Windows instance |
|
|
• Upgrade an EC2 Windows instance to a newer version of Windows Server |
|
|
• Tutorial: Connect an Amazon EC2 instance to an Amazon RDS database |
|
|
|
|
|
Amazon EC2 instance types |
|
|
When you launch an instance, the instance type that you specify determines the hardware of the |
|
|
host computer used for your instance. Each instance type offers different compute, memory, and |
|
|
storage capabilities, and is grouped in an instance family based on these capabilities. Select an |
|
|
instance type based on the requirements of the application or software that you plan to run on |
|
|
your instance. For more information about features and use cases, see Amazon EC2 Instance Types. |
|
|
Amazon EC2 dedicates some resources of the host computer, such as CPU, memory, and instance |
|
|
storage, to a particular instance. Amazon EC2 shares other resources of the host computer, such as |
|
|
the network and the disk subsystem, among instances. If each instance on a host computer tries |
|
|
to use as much of one of these shared resources as possible, each receives an equal share of that |
|
|
resource. However, when a resource is underused, an instance can consume a higher share of that |
|
|
resource while it's available. |
|
|
Each instance type provides higher or lower minimum performance from a shared resource. For |
|
|
example, instance types with high I/O performance have a larger allocation of shared resources. |
|
|
Allocating a larger share of shared resources also reduces the variance of I/O performance. For |
|
|
most applications, moderate I/O performance is more than enough. However, for applications that |
|
|
require greater or more consistent I/O performance, consider an instance type with higher I/O |
|
|
performance. |
|
|
Contents |
|
|
• Available instance types |
|
|
• Hardware specifications |
|
|
Instance types |
|
|
|
|
|
268 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Hypervisor type |
|
|
• AMI virtualization types |
|
|
• Processors |
|
|
• Find an Amazon EC2 instance type |
|
|
• Get recommendations from EC2 instance type finder |
|
|
• Get EC2 instance recommendations from Compute Optimizer |
|
|
• Amazon EC2 instance type changes |
|
|
• Burstable performance instances |
|
|
• Performance acceleration with GPU instances |
|
|
• Amazon EC2 Mac instances |
|
|
• Amazon EBS-optimized instance types |
|
|
• CPU options for Amazon EC2 instances |
|
|
• AMD SEV-SNP for Amazon EC2 instances |
|
|
• Processor state control for Amazon EC2 Linux instances |
|
|
|
|
|
Available instance types |
|
|
Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. |
|
|
Instance types comprise varying combinations of CPU, memory, storage, and networking capacity |
|
|
and give you the flexibility to choose the appropriate mix of resources for your applications. Each |
|
|
instance type includes one or more instance sizes, allowing you to scale your resources to the |
|
|
requirements of your target workload. |
|
|
Instance type naming conventions |
|
|
Names are based on instance family, generation, processor family, capabilities, and size. For more |
|
|
information, see Naming conventions in the Amazon EC2 Instance Types Guide. |
|
|
Find an instance type |
|
|
To determine which instance types meet your requirements, such as supported Regions, compute |
|
|
resources, or storage resources, see Find an Amazon EC2 instance type and Amazon EC2 instance |
|
|
type specifications in the Amazon EC2 Instance Types Guide. |
|
|
Available instance types |
|
|
|
|
|
269 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Launch a container instance using an Inf1 or Inf2 instance and an Amazon ECS-optimized AMI. |
|
|
For more information, see Amazon Linux 2 (Inferentia) AMIs in the Amazon Elastic Container |
|
|
Service Developer Guide. |
|
|
• Create an Amazon EKS cluster with nodes running Inf1 instances. For more information, see |
|
|
Inferentia support in the Amazon EKS User Guide. |
|
|
|
|
|
Find an Amazon EC2 instance type |
|
|
Before you can launch an instance, you must select an instance type to use. The instance type |
|
|
that you choose might depend on the resources that your workload requires, such as compute, |
|
|
memory, or storage resources. It can be beneficial to identify several instance types that might suit |
|
|
your workload and evaluate their performance in a test environment. There is no substitute for |
|
|
measuring the performance of your application under load. |
|
|
You can get suggestions and guidance for EC2 instance types using the EC2 instance type finder. |
|
|
For more information, see the section called “EC2 instance type finder”. |
|
|
If you already have running EC2 instances, you can use AWS Compute Optimizer to get |
|
|
recommendations about the instance types that you should use to improve performance, |
|
|
save money, or both. For more information, see the section called “Compute Optimizer |
|
|
recommendations”. |
|
|
Tasks |
|
|
• Find an instance type using the console |
|
|
• Describe an instance type using the AWS CLI |
|
|
• Find an instance type using the AWS CLI |
|
|
• Find an instance type using the Tools for PowerShell |
|
|
|
|
|
Find an instance type using the console |
|
|
You can find an instance type that meets your needs using the Amazon EC2 console. |
|
|
To find an instance type using the console |
|
|
1. |
|
|
|
|
|
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. |
|
|
|
|
|
2. |
|
|
|
|
|
From the navigation bar, select the Region in which to launch your instances. You can select |
|
|
any Region that's available to you, regardless of your location. |
|
|
|
|
|
Find an instance type |
|
|
|
|
|
274 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
3. |
|
|
|
|
|
In the navigation pane, choose Instance Types. |
|
|
|
|
|
4. |
|
|
|
|
|
(Optional) Choose the preferences (gear) icon to select which instance type attributes to |
|
|
display, such as On-Demand Linux pricing, and then choose Confirm. Alternatively, select the |
|
|
name of an instance type to open its details page and view all attributes available through |
|
|
the console. The console does not display all the attributes available through the API or the |
|
|
command line. |
|
|
|
|
|
5. |
|
|
|
|
|
Use the instance type attributes to filter the list of displayed instance types to only the |
|
|
instance types that meet your needs. For example, you can filter on the following attributes: |
|
|
• Availability zones – The name of the Availability Zone, Local Zone, or Wavelength Zone. For |
|
|
more information, see the section called “Regions and Zones”. |
|
|
• vCPUs or Cores – The number of vCPUs or cores. |
|
|
• Memory (GiB) – The memory size, in GiB. |
|
|
• Network performance – The network performance, in Gigabits. |
|
|
• Local instance storage – Indicates whether the instance type has local instance storage |
|
|
(true | false). |
|
|
|
|
|
6. |
|
|
|
|
|
(Optional) To see a side-by-side comparison, select the checkbox for multiple instance types. |
|
|
The comparison is displayed at the bottom of the screen. |
|
|
|
|
|
7. |
|
|
|
|
|
(Optional) To save the list of instance types to a comma-separated values (.csv) file for further |
|
|
review, choose Actions, Download list CSV. The file includes all instance types that match the |
|
|
filters you set. |
|
|
|
|
|
8. |
|
|
|
|
|
(Optional) To launch instances using an instance type that meet your needs, select the |
|
|
checkbox for the instance type and choose Actions, Launch instance. For more information, |
|
|
see Launch an EC2 instance using the launch instance wizard in the console. |
|
|
|
|
|
Describe an instance type using the AWS CLI |
|
|
You can use the describe-instance-types command to describe a specific instance type. |
|
|
To fully describe an instance type |
|
|
The following command displays all available details for the specified instance type. The output is |
|
|
lengthy, so it is omitted here. |
|
|
aws ec2 describe-instance-types \ |
|
|
--instance-types t2.micro \ |
|
|
Find an instance type |
|
|
|
|
|
275 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
EC2 Fleet and Spot Fleet |
|
|
EC2 Fleet and Spot Fleet are designed to be a useful way to launch a fleet of tens, hundreds, |
|
|
or thousands of Amazon EC2 instances in a single operation. Each instance in a fleet is either |
|
|
configured by a launch template or a set of launch parameters that you configure manually at |
|
|
launch. |
|
|
Topics |
|
|
• Features and benefits |
|
|
• Which is the best fleet method to use? |
|
|
• Configuration options for your EC2 Fleet or Spot Fleet |
|
|
• Work with EC2 Fleet |
|
|
• Work with Spot Fleet |
|
|
• Monitor your EC2 Fleet or Spot Fleet |
|
|
• Tutorials for EC2 Fleet |
|
|
• Example CLI configurations for EC2 Fleet |
|
|
• Example CLI configurations Spot Fleet |
|
|
• Quotas for EC2 Fleet and Spot Fleet |
|
|
|
|
|
Features and benefits |
|
|
Fleets provide the following features and benefits, enabling you to maximize cost savings and |
|
|
optimize availability and performance when running applications on multiple EC2 instances. |
|
|
Multiple instance types |
|
|
A fleet can launch multiple instance types, ensuring it isn't dependent on the availability of any |
|
|
single instance type. This increases the overall availability of instances in your fleet. |
|
|
Distributing instances across Availability Zones |
|
|
A fleet automatically attempts to distribute instances evenly across multiple Availability Zones |
|
|
for high availability. This provides resiliency in case an Availability Zone becomes unavailable. |
|
|
|
|
|
Features and benefits |
|
|
|
|
|
1933 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Multiple purchasing options |
|
|
A fleet can launch multiple purchase options (Spot and On-Demand Instances), allowing you to |
|
|
optimize costs through Spot Instance usage. You can also take advantage of Reserved Instance |
|
|
and Savings Plans discounts by using them in conjunction with On-Demand Instances in the |
|
|
fleet. |
|
|
Automated replacement of Spot Instances |
|
|
If your fleet includes Spot Instances, it can automatically request replacement Spot capacity if |
|
|
your Spot Instances are interrupted. Through Capacity Rebalancing, a fleet can also monitor and |
|
|
proactively replace your Spot Instances that are at an elevated risk of interruption. |
|
|
Reserve On-Demand capacity |
|
|
A fleet can use an On-Demand Capacity Reservation to reserve On-Demand capacity. A fleet can |
|
|
also include Capacity Blocks for ML, allowing you to reserve GPU instances on a future date to |
|
|
support short duration machine learning (ML) workloads. |
|
|
|
|
|
Which is the best fleet method to use? |
|
|
As a general best practice, we recommend launching fleets of Spot and On-Demand Instances with |
|
|
Amazon EC2 Auto Scaling because it provides additional features you can use to manage your fleet. |
|
|
The list of additional features includes automatic health check replacements for both Spot and OnDemand Instances, application-based health checks, and an integration with Elastic Load Balancing |
|
|
to ensure an even distribution of application traffic to your healthy instances. You can also use |
|
|
Auto Scaling groups when you use AWS services such as Amazon ECS, Amazon EKS (self-managed |
|
|
node groups), and Amazon VPC Lattice. For more information, see the Amazon EC2 Auto Scaling |
|
|
User Guide. |
|
|
If you can't use Amazon EC2 Auto Scaling, then you might consider using EC2 Fleet or Spot Fleet. |
|
|
EC2 Fleet and Spot Fleet offer the same core functionality. However, EC2 Fleet is only available |
|
|
using a command line and does not provide console support. Spot Fleet provides console support, |
|
|
but is based on a legacy API with no planned investment. |
|
|
Use the following table to determine which fleet method to use. |
|
|
|
|
|
Which fleet method to use? |
|
|
|
|
|
1934 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Fleet method |
|
|
|
|
|
When to use? |
|
|
|
|
|
Use case |
|
|
|
|
|
Amazon EC2 Auto Scaling |
|
|
|
|
|
• You need multiple |
|
|
instances with either a |
|
|
single configuration or a |
|
|
mixed configuration. |
|
|
|
|
|
Create an Auto Scaling group |
|
|
that manages the lifecycle of |
|
|
your instances while maintaini |
|
|
ng the desired number of |
|
|
instances. Supports horizontal |
|
|
scaling (adding more instances |
|
|
) between specified minimum |
|
|
|
|
|
• You want to automate the |
|
|
lifecycle management of |
|
|
your instances. |
|
|
EC2 Fleet |
|
|
|
|
|
• You need multiple |
|
|
instances with either a |
|
|
single configuration or a |
|
|
mixed configuration. |
|
|
• You want to self-manage |
|
|
your instance lifecycle. |
|
|
• If you don’t need auto |
|
|
scaling, we recommend |
|
|
that you use an instant |
|
|
type EC2 Fleet. |
|
|
|
|
|
and maximum limits. |
|
|
Create an instant fleet of |
|
|
both On-Demand Instances |
|
|
and Spot Instances in a single |
|
|
operation, with multiple |
|
|
launch specifications that |
|
|
vary by instance type, AMI, |
|
|
Availability Zone, or subnet. |
|
|
The Spot Instance allocation |
|
|
strategy defaults to lowestprice per unit, but we |
|
|
recommend changing it to |
|
|
price-capacity-opt |
|
|
imized . |
|
|
|
|
|
Spot Fleet |
|
|
|
|
|
• We strongly discourage |
|
|
using Spot Fleet because |
|
|
it is based on a legacy API |
|
|
with no planned investmen |
|
|
t. |
|
|
|
|
|
Use Spot Fleet only if you |
|
|
need console support for a |
|
|
use case for when you would |
|
|
use EC2 Fleet. |
|
|
|
|
|
• If you want to manage |
|
|
your instance lifecycle, |
|
|
rather use EC2 Fleet. |
|
|
• If you don't want to |
|
|
manage your instance |
|
|
|
|
|
Which fleet method to use? |
|
|
|
|
|
1935 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
Fleet method |
|
|
|
|
|
User Guide |
|
|
|
|
|
When to use? |
|
|
|
|
|
Use case |
|
|
|
|
|
lifecycle, rather use an |
|
|
Auto Scaling group. |
|
|
|
|
|
Configuration options for your EC2 Fleet or Spot Fleet |
|
|
When planning your EC2 Fleet or Spot Fleet, we recommend that you consider the following |
|
|
options when deciding how to configure your fleet. |
|
|
|
|
|
Configura |
|
|
tion |
|
|
option |
|
|
|
|
|
Question |
|
|
|
|
|
Documentation |
|
|
|
|
|
Fleet |
|
|
request |
|
|
type |
|
|
|
|
|
Do you want a fleet that submits a one-time |
|
|
request for the desired target capacity, or a fleet |
|
|
that maintains target capacity over time? |
|
|
|
|
|
EC2 Fleet and Spot Fleet |
|
|
request types |
|
|
|
|
|
Spot |
|
|
Instances |
|
|
|
|
|
Do you plan to include Spot Instances in your |
|
|
fleet? Review the Spot best practices and use |
|
|
them when you plan your fleet so that you can |
|
|
provision the instances at the lowest possible |
|
|
price. |
|
|
|
|
|
Best practices for Amazon |
|
|
EC2 Spot |
|
|
|
|
|
Spending |
|
|
limit for |
|
|
your fleet |
|
|
|
|
|
Do you want to limit how much you'll pay for |
|
|
your fleet per hour? |
|
|
|
|
|
Set a spending limit for your |
|
|
EC2 Fleet or Spot Fleet |
|
|
|
|
|
Instance |
|
|
types and |
|
|
attribute |
|
|
-based |
|
|
instance |
|
|
type |
|
|
selection |
|
|
|
|
|
Do you want to specify the instance types in |
|
|
your fleet, or let Amazon EC2 select the instance |
|
|
types that meet your application requirements? |
|
|
|
|
|
Specify attributes for instance |
|
|
type selection for EC2 Fleet |
|
|
or Spot Fleet |
|
|
|
|
|
Configuration options |
|
|
|
|
|
1936 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Configura |
|
|
tion |
|
|
option |
|
|
|
|
|
Question |
|
|
|
|
|
Documentation |
|
|
|
|
|
Instance |
|
|
weighting |
|
|
|
|
|
Do you want to assign weights to each instance |
|
|
type to represent their compute capacity and |
|
|
performance, so that Amazon EC2 can select any |
|
|
combination of available instance types to fulfil |
|
|
your desired target capacity? |
|
|
|
|
|
Use instance weighting to |
|
|
manage cost and performanc |
|
|
e of your EC2 Fleet or Spot |
|
|
Fleet |
|
|
|
|
|
Allocation |
|
|
strategies |
|
|
|
|
|
Do you want to decide whether to optimize for |
|
|
available capacity, price, or instance types to use |
|
|
for the Spot Instances and On-Demand Instances |
|
|
in your fleet? |
|
|
|
|
|
Use allocation strategies to |
|
|
determine how EC2 Fleet or |
|
|
Spot Fleet fulfills Spot and |
|
|
On-Demand capacity |
|
|
|
|
|
Capacity |
|
|
Rebalanci |
|
|
ng |
|
|
|
|
|
Do you want your fleet to automatically replace |
|
|
at-risk Spot Instances? |
|
|
|
|
|
Use Capacity Rebalancing in |
|
|
EC2 Fleet and Spot Fleet to |
|
|
replace at-risk Spot Instances |
|
|
|
|
|
OnDemand |
|
|
Capacity |
|
|
Reservati |
|
|
on |
|
|
|
|
|
Do you want to reserve capacity for the OnDemand Instances in your fleet? |
|
|
|
|
|
Use Capacity Reservations to |
|
|
reserve On-Demand capacity |
|
|
in EC2 Fleet |
|
|
|
|
|
EC2 Fleet and Spot Fleet request types |
|
|
The request type for an EC2 Fleet or Spot Fleet determines whether the request is synchronous or |
|
|
asynchronous, and whether it is a one-time request for the desired target capacity or an ongoing |
|
|
effort to maintain the capacity over time. When configuring your fleet, you must specify the |
|
|
request type. |
|
|
Both EC2 Fleet and Spot Fleet offer two request types: request and maintain. In addition, EC2 |
|
|
Fleet offers a third request type called instant. |
|
|
|
|
|
Request types |
|
|
|
|
|
1937 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Fleet request types |
|
|
instant (EC2 Fleet only) |
|
|
If you configure the request type as instant, EC2 Fleet places a synchronous one-time request |
|
|
for your desired capacity. In the API response, it returns the instances that launched and |
|
|
provides errors for those instances that could not be launched. For more information, see |
|
|
Configure an EC2 Fleet of type instant. |
|
|
request |
|
|
If you configure the request type as request, the fleet places an asynchronous one-time |
|
|
request for your desired capacity. If capacity diminishes due to Spot interruptions, the fleet does |
|
|
not attempt to replenish Spot Instances, nor does it submit requests in alternative Spot capacity |
|
|
pools if capacity is unavailable. When creating a Spot Fleet of type request using the console, |
|
|
clear the Maintain target capacity checkbox. |
|
|
maintain (default) |
|
|
If you configure the request type as maintain, the fleet places an asynchronous request for |
|
|
your desired capacity, and maintains it by automatically replenishing any interrupted Spot |
|
|
Instances. When creating a Spot Fleet of type maintain using the console, select the Maintain |
|
|
target capacity checkbox |
|
|
|
|
|
Configure an EC2 Fleet of type instant |
|
|
The EC2 Fleet of type instant is a synchronous one-time request that makes only one attempt to |
|
|
launch your desired capacity. The API response lists the instances that launched, along with errors |
|
|
for those instances that could not be launched. There are several benefits to using an EC2 Fleet of |
|
|
type instant, which are described in this article. Example configurations are provided at the end of |
|
|
the article. |
|
|
For workloads that need a launch-only API to launch EC2 instances, you can use the RunInstances |
|
|
API. However, with RunInstances, you can only launch On-Demand Instances or Spot Instances, but |
|
|
not both in the same request. Furthermore, when you use RunInstances to launch Spot Instances, |
|
|
your Spot Instance request is limited to one instance type and one Availability Zone. This targets |
|
|
a single Spot capacity pool (a set of unused instances with the same instance type and Availability |
|
|
Zone). If the Spot capacity pool does not have sufficient Spot Instance capacity for your request, |
|
|
the RunInstances call fails. |
|
|
Request types |
|
|
|
|
|
1938 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Instead of using RunInstances to launch Spot Instances, we recommend that you rather use the |
|
|
CreateFleet API with the type parameter set to instant for the following benefits: |
|
|
• Launch On-Demand Instances and Spot Instances in one request. An EC2 Fleet can launch OnDemand Instances, Spot Instances, or both. The request for Spot Instances is fulfilled if there is |
|
|
available capacity and the maximum price per hour for your request exceeds the Spot price. |
|
|
• Increase the availability of Spot Instances. By using an EC2 Fleet of type instant, you can |
|
|
launch Spot Instances following Spot best practices with the resulting benefits: |
|
|
• Spot best practice: Be flexible about instance types and Availability Zones. |
|
|
Benefit: By specifying several instance types and Availability Zones, you increase the number |
|
|
of Spot capacity pools. This gives the Spot service a better chance of finding and allocating |
|
|
your desired Spot compute capacity. A good rule of thumb is to be flexible across at least 10 |
|
|
instance types for each workload and make sure that all Availability Zones are configured for |
|
|
use in your VPC. |
|
|
• Spot best practice: Use the price-capacity-optimized allocation strategy. |
|
|
Benefit: The price-capacity-optimized allocation strategy identifies instances from the |
|
|
most-available Spot capacity pools, and then automatically provisions instances from the |
|
|
lowest priced of these pools. Because your Spot Instance capacity is sourced from pools with |
|
|
optimal capacity, this decreases the possibility that your Spot Instances will be interrupted |
|
|
when Amazon EC2 needs the capacity back. |
|
|
• Get access to a wider set of capabilities. For workloads that need a launch-only API, and where |
|
|
you prefer to manage the lifecycle of your instance rather than let EC2 Fleet manage it for |
|
|
you, use the EC2 Fleet of type instant instead of the RunInstances API. EC2 Fleet provides |
|
|
a wider set of capabilities than RunInstances, as demonstrated in the following examples. |
|
|
For all other workloads, you should use Amazon EC2 Auto Scaling because it supplies a more |
|
|
comprehensive feature set for a wide variety of workloads, like ELB-backed applications, |
|
|
containerized workloads, and queue processing jobs. |
|
|
You can use EC2 Fleet of type instant to launch instances into Capacity Blocks. For more |
|
|
information, see Tutorial: Configure your EC2 Fleet to launch instances into Capacity Blocks. |
|
|
AWS services like Amazon EC2 Auto Scaling and Amazon EMR use EC2 Fleet of type instant to |
|
|
launch EC2 instances. |
|
|
|
|
|
Request types |
|
|
|
|
|
1939 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Prerequisites for EC2 Fleet of type instant |
|
|
For the prerequisites for creating an EC2 Fleet, see EC2 Fleet prerequisites. |
|
|
How instant EC2 Fleet works |
|
|
When working with an EC2 Fleet of type instant, the sequence of events is as follows: |
|
|
1. Configure: Configure the CreateFleet request type as instant. For more information, see |
|
|
Create an EC2 Fleet. Note that after you make the API call, you can't modify it. |
|
|
2. Request: When you make the API call, Amazon EC2 places a synchronous one-time request for |
|
|
your desired capacity. |
|
|
3. Response: The API response lists the instances that launched, along with errors for those |
|
|
instances that could not be launched. |
|
|
4. Describe: You can describe your EC2 Fleet, list the instances associated with your EC2 Fleet, and |
|
|
view the history of your EC2 Fleet. |
|
|
5. Terminate instances: You can terminate the instances at any time. |
|
|
6. Delete fleet request: The fleet request can be deleted either manually or automatically: |
|
|
• Manual: You can delete the fleet request after your instances launch. |
|
|
Note that a deleted instant fleet with running instances is not supported. When you delete |
|
|
an instant fleet, Amazon EC2 automatically terminates all its instances. For fleets with |
|
|
more than 1000 instances, the deletion request might fail. If your fleet has more than 1000 |
|
|
instances, first terminate most of the instances manually, leaving 1000 or fewer. Then delete |
|
|
the fleet, and the remaining instances will be terminated automatically. |
|
|
• Automatic: Amazon EC2 deletes the fleet request some time after either: |
|
|
• All the instances are terminated. |
|
|
• The fleet fails to launch any instances. |
|
|
Examples |
|
|
The following examples show how to use EC2 Fleet of type instant for different use cases. For |
|
|
more information about using the EC2 CreateFleet API parameters, see CreateFleet in the Amazon |
|
|
EC2 API Reference. |
|
|
Examples |
|
|
• Example 1: Launch Spot Instances with the capacity-optimized allocation strategy |
|
|
Request types |
|
|
|
|
|
1940 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
Networking in Amazon EC2 |
|
|
Amazon VPC enables you to launch AWS resources, such as Amazon EC2 instances, into a virtual |
|
|
network dedicated to your AWS account, known as a virtual private cloud (VPC). When you launch |
|
|
an instance, you can select a subnet from the VPC. The instance is configured with a primary |
|
|
network interface, which is a logical virtual network card. The instance receives a primary private IP |
|
|
address from the IPv4 address of the subnet, and it is assigned to the primary network interface. |
|
|
You can control whether the instance receives a public IP address from Amazon's pool of public |
|
|
IP addresses. The public IP address of an instance is associated with your instance only until it is |
|
|
stopped or terminated. If you require a persistent public IP address, you can allocate an Elastic IP |
|
|
address for your AWS account and associate it with an instance or a network interface. An Elastic IP |
|
|
address remains associated with your AWS account until you release it, and you can move it from |
|
|
one instance to another as needed. You can bring your own IP address range to your AWS account, |
|
|
where it appears as an address pool, and then allocate Elastic IP addresses from your address pool. |
|
|
To increase network performance and reduce latency, you can launch instances in a placement |
|
|
group. You can get significantly higher packet per second (PPS) performance using enhanced |
|
|
networking. You can accelerate high performance computing and machine learning applications |
|
|
using an Elastic Fabric Adapter (EFA), which is a network device that you can attach to a supported |
|
|
instance type. |
|
|
Features |
|
|
• Regions and Zones |
|
|
• Amazon EC2 instance IP addressing |
|
|
• EC2 instance hostnames and domains |
|
|
• Bring your own IP addresses (BYOIP) to Amazon EC2 |
|
|
• Elastic IP addresses |
|
|
• Elastic network interfaces |
|
|
• Amazon EC2 instance network bandwidth |
|
|
• Enhanced networking on Amazon EC2 instances |
|
|
• Elastic Fabric Adapter for AI/ML and HPC workloads on Amazon EC2 |
|
|
• Amazon EC2 instance topology |
|
|
• Placement groups for your Amazon EC2 instances |
|
|
2176 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
• Network maximum transmission unit (MTU) for your EC2 instance |
|
|
• Virtual private clouds for your EC2 instances |
|
|
|
|
|
Regions and Zones |
|
|
Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of AWS |
|
|
Regions, Availability Zones, Local Zones, AWS Outposts, and Wavelength Zones. |
|
|
• Regions are separate geographic areas. |
|
|
• Availability Zones are multiple, isolated locations within each Region. |
|
|
• Local Zones provide you with the ability to place resources, such as compute and storage, in |
|
|
multiple locations closer to your end users. |
|
|
• Wavelength Zones provide you with the ability to build applications that deliver ultra-low |
|
|
latencies to 5G devices and end users. Wavelength deploys standard AWS compute and storage |
|
|
services to the edge of telecommunication carriers' 5G networks. |
|
|
• AWS Outposts brings native AWS services, infrastructure, and operating models to virtually any |
|
|
data center, colocation space, or on-premises facility. |
|
|
AWS operates state-of-the-art, highly available data centers. Although rare, failures can occur that |
|
|
affect the availability of instances that are in the same location. If you host all of your instances in a |
|
|
single location that is affected by a failure, none of your instances would be available. |
|
|
For more information, see AWS Global Infrastructure. |
|
|
Contents |
|
|
• Regions |
|
|
• Availability Zones |
|
|
• Local Zones |
|
|
• Wavelength Zones |
|
|
• AWS Outposts |
|
|
|
|
|
Regions |
|
|
Each Region is designed to be isolated from the other Regions. This achieves the greatest possible |
|
|
fault tolerance and stability. |
|
|
Regions and Zones |
|
|
|
|
|
2177 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
When you launch an instance, select a Region that puts your instances close to specific customers, |
|
|
or that meets the legal or other requirements that you have. You can launch instances in multiple |
|
|
Regions. |
|
|
When you view your resources, you see only the resources that are tied to the Region that you |
|
|
specified. This is because Regions are isolated from each other, and we don't automatically |
|
|
replicate resources across Regions. |
|
|
|
|
|
Available Regions |
|
|
For the list of available Regions, see AWS Regions. |
|
|
|
|
|
Regional endpoints for Amazon EC2 |
|
|
When you work with an instance using the command line interface or API actions, you must specify |
|
|
its Regional endpoint. For more information about the Regions and endpoints for Amazon EC2, see |
|
|
Amazon EC2 service endpoints in the Amazon EC2 Developer Guide. |
|
|
For more information, see AWS Regions in the AWS Regions and Availability Zones User Guide. |
|
|
|
|
|
Availability Zones |
|
|
Each Region has multiple, isolated locations known as Availability Zones. The code for an |
|
|
Availability Zone is its Region code followed by a letter identifier. For example, us-east-1a. |
|
|
By launching EC2 instances in multiple Availability Zones, you can protect your applications from |
|
|
the failure of a single location in the Region. |
|
|
The following diagram illustrates multiple Availability Zones in an AWS Region. Availability Zone A |
|
|
and Availability Zone B each have one subnet, and each subnet has EC2 instances. Availability Zone |
|
|
C has no subnets, therefore you can't launch instances into this Availability Zone. |
|
|
|
|
|
Availability Zones |
|
|
|
|
|
2178 |
|
|
|
|
|
�Amazon Elastic Compute Cloud |
|
|
|
|
|
User Guide |
|
|
|
|
|
For more information, see Virtual private clouds for your EC2 instances. |
|
|
|
|
|
Availability Zones by Region |
|
|
For the list of Availability Zones by Region, see AWS Availability Zones. |
|
|
|
|
|
Instances in Availability Zones |
|
|
When you launch an instance, you select a Region and a virtual private cloud (VPC). Then, you |
|
|
can either select a subnet from one of the Availability Zones or let us choose a subnet for you. |
|
|
When you launch your initial instances, we recommend that you let us select an Availability Zone |
|
|
for you based on system health and available capacity. If you launch additional instances, specify |
|
|
an Availability Zone only if your new instances must be close to, or separated from, your existing |
|
|
instances. |
|
|
If you distribute instances across multiple Availability Zones and an instance fails, you can design |
|
|
your application so that an instance in another Availability Zone handles requests instead. |
|
|
For more information, see AWS Availability Zones in the AWS Regions and Availability Zones User |
|
|
Guide. |
|
|
Availability Zones |
|
|
|
|
|
2179 |
|
|
|
|
|
� |
