Amazon EC2 Explained: Instances, Pricing, and Best Practices
— ny_wk
Amazon EC2 quietly powers a huge slice of the internet, yet most explainers stop at "it's a server in the cloud." That's true but useless when you're staring at hundreds of instance types and four pricing models wondering which won't blow your budget. This guide goes deeper: what EC2 actually is, how to pick the right instance, what each pricing model really costs you, the security setup that matters, and the mistakes that bite beginners.
What Amazon EC2 actually is
Amazon Elastic Compute Cloud (EC2) is a web service that provides secure, resizable compute capacity in the cloud — virtual servers, called instances, that you launch in minutes and pay for by the second. Instead of buying hardware, sizing it for peak load, and watching it sit idle, you rent exactly what you need and turn it off when you don't. The "elastic" part is the whole point: capacity flexes with demand.
You keep full control — choice of operating system, instance size, storage, networking, and root/admin access — running on AWS's proven, global infrastructure.
The core building blocks (and how they connect)
- Instance — the virtual server itself.
- AMI (Amazon Machine Image) — the template it boots from: OS + preinstalled software (Amazon Linux, Ubuntu, Windows, or a custom image you bake).
- Instance type — the hardware shape (vCPU, RAM, network). More on families below.
- EBS volume — durable network-attached disk that survives stop/restart (and even instance termination if you choose).
- Key pair — the SSH key for secure Linux login (or password retrieval for Windows).
- Security group — a stateful virtual firewall controlling inbound/outbound traffic per instance.
- Elastic IP — a static public IP you can keep across instance restarts.
A launched instance is an AMI running on an instance type, with EBS for storage, reachable through a security group, and accessed via a key pair. Get that mental model and the console stops being intimidating.
Choosing an instance type: the families
AWS groups instance types into families tuned for different workloads. Pick by your bottleneck:
| Family | Optimized for | Typical use |
|---|---|---|
| T (t3, t4g) | Burstable, general purpose | Dev boxes, small sites, low-traffic apps |
| M (m6i, m7g) | Balanced CPU/RAM | Web/app servers, general workloads |
| C (c6i, c7g) | Compute-heavy | Batch processing, gaming, HPC |
| R / X | Memory-heavy | In-memory caches, large databases |
| G / P / Inf | GPU / accelerators | ML training/inference, graphics |
Tip: the g suffix (e.g., m7g) means Graviton — AWS's ARM chips that are usually cheaper and more power-efficient. If your software runs on ARM, they're often the best price/performance.
Pricing models — what they really mean
| Model | How it works | Best for |
|---|---|---|
| On-Demand | Pay per second/hour, no commitment | Spiky or unpredictable workloads, testing |
| Savings Plans / Reserved | Commit 1-3 yrs for up to ~72% off | Steady, always-on workloads |
| Spot | Spare capacity, up to ~90% off, can be reclaimed with 2-min notice | Fault-tolerant batch, CI, stateless jobs |
| Dedicated Hosts | Physical server reserved for you | Licensing/compliance needs |
A common pro pattern: run your steady baseline on a Savings Plan, absorb spikes with On-Demand, and push interruptible batch work onto Spot. That mix routinely cuts compute bills in half.
Launching an instance — the quick walkthrough
- Pick an AMI (e.g., Amazon Linux 2023).
- Choose an instance type (start with
t3.microfor testing — it's in the free tier). - Create or select a key pair and download the
.pem(you can't re-download it later). - Configure the security group: open port 22 (SSH) only to your IP, plus 80/443 if it's a web server.
- Set EBS size, launch, and connect:
ssh -i key.pem ec2-user@<public-ip>.
Security: the settings that actually matter
- Never open SSH (22) to 0.0.0.0/0. Restrict to your IP, or use AWS Systems Manager Session Manager and skip public SSH entirely.
- Attach an IAM role to the instance instead of storing AWS keys on it — temporary, auto-rotated credentials.
- Keep security groups tight — open only the ports you need, to the sources that need them.
- Patch and bake AMIs so new instances launch already-hardened.
Common mistakes that cost money or cause outages
- Leaving instances running idle — stop or terminate dev boxes; pay-per-second cuts both ways.
- Forgetting EBS bills separately — volumes (and snapshots) cost money even when the instance is stopped.
- Storing data only on instance store — ephemeral disks are wiped on stop/terminate. Use EBS for anything you must keep.
- Over-provisioning — start small, watch CloudWatch metrics, and right-size; don't guess big.
- Public SSH open to the world — the #1 way EC2 boxes get compromised.
Key takeaways
- EC2 = resizable virtual servers billed by usage; launch from an AMI, size with an instance type.
- Pick the instance family by bottleneck (T/M general, C compute, R memory, G/P GPU); consider Graviton for price/performance.
- Blend pricing: Savings Plans for baseline, On-Demand for spikes, Spot for interruptible work.
- Lock down SSH, use IAM roles not stored keys, and keep persistent data on EBS.
Frequently asked questions
Which EC2 instance should a beginner start with?
t3.micro (or t2.micro) — it's free-tier eligible and fine for learning and small workloads.
Do I keep paying when an instance is stopped?
You stop paying for compute, but attached EBS volumes and Elastic IPs (if unused) still bill. Terminate to stop all charges.
What's the difference between stop and terminate?
Stop = shut down but keep the instance and its EBS (restart later). Terminate = delete it; EBS root volume is removed unless you set otherwise.
Are Spot instances safe to use?
For fault-tolerant, stateless, or checkpointed work, yes — huge savings. Avoid them for single-instance databases or anything that can't tolerate a 2-minute reclaim notice.
Graviton (ARM) or Intel/AMD?
If your stack runs on ARM, Graviton usually wins on price/performance. Test compatibility for compiled dependencies first.
Master the building blocks, match the instance family and pricing model to the job, lock down access, and EC2 goes from "a server in the cloud" to a precise, cost-controlled tool you can scale on demand.