AWS Solutions Architect EC2: Complete Study Guide

Q: What is the difference between Security Groups and Network ACLs for EC2 instances?

Security Groups and Network ACLs both control traffic but operate differently. Security Groups are stateful firewalls at the instance level. They automatically allow return traffic for permitted inbound connections without explicit outbound rules. Only allow rules exist (implicit deny everything else). Network ACLs are stateless firewalls at the subnet level. They require explicit allow and deny rules for both directions, with rule numbers determining evaluation order. Security Groups protect individual instances while NACLs protect entire subnets. For the exam, remember that Security Groups are stateful while NACLs are stateless. Security Groups handle application-level access control, while NACLs provide subnet-level filtering. Both work together in a defense-in-depth strategy.

Q: What factors should I consider when selecting an EC2 instance type for my application?

Start by analyzing your workload characteristics. Compute-bound workloads need compute-optimized instances. Memory-intensive applications need memory-optimized instances. Balanced workloads suit general-purpose instances. Evaluate your performance requirements including required CPU, memory, network bandwidth, and storage I/O characteristics. Consider cost implications, since different instance families have different pricing per unit of performance. Think about availability requirements and whether you need multiple instances across Availability Zones. Review AWS Graviton processors versus Intel/AMD processors for your specific applications. Test and benchmark candidate instances on actual workloads when possible. Start with general-purpose instances for new applications and optimize based on observed metrics. Always consider future scaling needs and whether your choice allows cost-effective scaling as demand grows.

Q: How does EC2 storage work, and what are the differences between EBS volumes and instance store?

EBS (Elastic Block Store) provides persistent block storage volumes that attach to EC2 instances and survive instance termination. EBS volumes can be detached and reattached, supporting snapshots for backup and cross-region copying. Volume performance depends on type. General Purpose (gp3) works for most workloads. Provisioned IOPS (io2) suits databases needing consistent performance. Cold HDD (sc1) offers infrequent access cost efficiency. Instance store provides temporary block storage directly attached to the physical host. It offers high performance but loses all data when the instance stops. Use it only for temporary caches, scratch data, and highly parallel processing where data loss is acceptable. EBS costs based on volume size and provisioned IOPS. Instance store comes included with the instance. For durable data requiring persistence, always use EBS.

Q: Why are flashcards effective for studying EC2 and AWS Solutions Architect concepts?

Flashcards leverage spaced repetition and active recall, scientifically proven to enhance memory retention. EC2 requires memorizing numerous details like instance family purposes, pricing percentages, storage specifications, networking rules, and architectural patterns. Flashcards let you test yourself repeatedly on these facts until they become automatic. This is essential for timed exams where you must make quick decisions. They work particularly well for EC2 because many exam questions test quick recall of specifications (like io2 IOPS limits) combined with scenario analysis. Creating flashcards forces you to distill complex concepts into their essential components, deepening understanding. Regular review through flashcard apps implements spaced repetition automatically, reviewing more frequently when you struggle and less when you master topics. This focused, active learning approach reduces study time while improving retention compared to passive reading.

By FluentFlash Research Team·Updated 2026-04-30

Amazon EC2 (Elastic Compute Cloud) is a foundational AWS service for the Solutions Architect certification. It provides resizable compute capacity so you can launch virtual servers with complete control over resources.

EC2 mastery requires understanding instance types, pricing models, storage options, networking, security groups, and performance optimization. This topic typically accounts for 10-15% of the Solutions Architect exam.

Flashcards excel for EC2 learning because you need to memorize instance family purposes, recall pricing advantages, and quickly distinguish between similar concepts. Spaced repetition reinforces technical details and real-world exam scenarios.

Key Takeaways

•EC2 instance families (general-purpose, compute-optimized, memory-optimized, storage-optimized, accelerated computing) serve specific workload requirements and appear frequently on the exam
•Pricing models (On-Demand, Reserved Instances, Savings Plans, Spot, Dedicated) require understanding trade-offs between cost, commitment, and workload flexibility
•EBS volume types and specifications (IOPS, throughput, durability) critically impact performance and cost for stateful workloads and databases
•Security Groups are stateful instance-level firewalls while Network ACLs are stateless subnet-level filters; both are essential for secure EC2 deployment
•Performance optimization combines proper instance type selection, CloudWatch monitoring, Auto Scaling, and architectural patterns across multiple Availability Zones
•Spaced repetition through flashcards effectively locks in EC2 specifications and scenario-based decision-making required for exam success

EC2 Instance Types and Families

EC2 instances come in different families, each optimized for specific use cases. Each family name indicates its purpose and capabilities.

General-Purpose Instances

General-purpose instances (M5, M6i, M7i families) balance compute, memory, and networking resources. Use them for web applications, small to medium databases, and backend services. These suit most workloads when you lack specific performance requirements.

Specialized Instance Families

Compute-optimized instances (C5, C6i, C7i families) deliver high-performance processors. Choose them for batch processing, media transcoding, and high-performance web servers.

Memory-optimized instances (R5, R6i, X1 families) provide large memory capacity. Use them for in-memory databases, data analytics, and real-time big data processing.

Storage-optimized instances (I3, D2, H1 families) offer high sequential read/write access. Select them for NoSQL databases and data warehousing.

Accelerated computing instances (P3, G4, F1 families) include GPUs or FPGAs. They power machine learning, graphics rendering, and hardware acceleration.

Understanding Instance Naming

The naming convention matters for the exam. The letter indicates the family, the number indicates the generation, and the letter suffix indicates size within that generation. Newer generations offer better performance and efficiency than older ones.

Create flashcards pairing use cases with appropriate instance families. Build another set comparing performance metrics and costs across families.

EC2 Pricing Models and Cost Optimization

AWS offers multiple pricing models that significantly impact your architecture decisions and costs. Choosing the right model matters on the exam and in real deployments.

Core Pricing Models

On-Demand instances charge per hour with no commitment. Use them for unpredictable workloads and development or testing environments.
Reserved Instances provide up to 72% discount in exchange for one or three-year commitments. Perfect for steady-state production workloads.
Savings Plans offer flexibility across instance families and regions with similar discounts to Reserved Instances.
Spot Instances let you bid on unused capacity at up to 90% discount. They can be interrupted with two minutes notice, so use them for fault-tolerant workloads like batch processing.
Dedicated Hosts provide physical servers for compliance requirements or licensed software.
Dedicated Instances run on hardware dedicated to a single customer.

Cost Optimization Strategy

A common exam scenario involves optimizing costs for baseline load plus spiky traffic. Use Reserved Instances for the baseline and On-Demand or Spot for peaks. Calculate break-even points between models for your specific usage patterns.

Flashcards work exceptionally well for pricing because you must quickly recall discount percentages, commitment periods, and appropriate scenarios. Create cards comparing when to use each model.

EC2 Storage and Block Storage Integration

EC2 instances require storage solutions, which primarily involve Amazon EBS (Elastic Block Store) volumes. EBS provides persistent block-level storage volumes that attach to running instances and survive instance termination.

EBS Volume Types and Specifications

General Purpose (gp3, gp2) volumes suit balanced performance needs. GP3 volumes support up to 16,000 IOPS and 1,000 MB/s throughput.

Provisioned IOPS (io2, io1) volumes deliver high-performance for databases. IO2 volumes reach 64,000 IOPS for consistent low-latency performance.

Throughput Optimized (st1) volumes handle sequential workloads efficiently. Cold HDD (sc1) volumes provide cost-effective storage for infrequent access.

Instance Store Volumes

Instance store provides temporary block-level storage directly attached to the physical host. It offers high performance but loses all data when the instance stops. Use it only for temporary caches, scratch data, and parallel processing where data loss is acceptable.

Backup and Disaster Recovery

EBS snapshots create point-in-time backups and can be copied across regions for disaster recovery. For durable data requiring persistence, always use EBS.

Flashcards excel at distinguishing between volume types and memorizing IOPS/throughput specifications. Create comparison cards that help you quickly identify which volume type suits different scenarios.

EC2 Networking, Security Groups, and VPC Integration

EC2 instances operate within Virtual Private Cloud (VPC) environments and require proper networking configuration. Networking controls what can communicate with your instances.

Security Groups Fundamentals

Security Groups act as stateful firewalls controlling inbound and outbound traffic at the instance level. Define allowed protocols (TCP, UDP, ICMP), ports, and source/destination IP addresses or other Security Groups. Security Groups are stateful, meaning return traffic for allowed inbound connections flows out automatically without explicit outbound rules.

Network Interfaces and IP Addressing

Elastic Network Interfaces (ENIs) attach to instances and provide network connectivity. Each ENI has a primary private IPv4 address and optionally public IPv4 addresses or Elastic IPs. Elastic IPs are static public IPv4 addresses that you can reassign between instances for high availability.

Network ACLs and Subnet-Level Control

Network ACLs operate at the subnet level and are stateless, requiring explicit allow rules for both inbound and outbound traffic. The exam frequently tests understanding of when to use Security Groups versus NACLs and how they work together.

Public and Private Subnets

Public subnets contain instances reachable from the internet. Private subnets require NAT instances or NAT gateways for outbound internet access. This architecture controls what resources the internet can access.

Flashcards help you memorize Security Group rule syntax, recall stateful versus stateless differences, and practice designing network architectures. Create scenario-based cards testing what inbound/outbound rules specific applications need.

EC2 Performance, Monitoring, and Best Practices

Optimizing EC2 performance involves understanding instance characteristics, monitoring capabilities, and architectural best practices. Performance design prevents bottlenecks and wasted spending.

CloudWatch Monitoring

CloudWatch provides metrics like CPU utilization, network throughput, and disk I/O for monitoring instance health. Detailed monitoring increases metric frequency from 5-minute to 1-minute intervals for faster issue detection. Undersized instances create bottlenecks while oversized instances waste money.

Placement Groups for Low-Latency Communication

Cluster Placement Groups pack instances into a low-latency group within a single Availability Zone. Partition Placement Groups spread instances across logical partitions for distributed systems like Hadoop and Kafka. Spread Placement Groups distribute instances across underlying hardware within an AZ.

Fleet Management and Automation

AWS Systems Manager helps manage EC2 fleets through automation, patching, and configuration. EC2 Image Builder streamlines creation of custom AMIs with consistent configurations. Auto Scaling groups provide dynamic capacity that adjusts to demand.

High Availability and Disaster Recovery

High Availability architectures use multiple EC2 instances across Availability Zones with load balancing. Disaster recovery strategies involve regularly backed-up AMIs and cross-region replication. Design resilient, performant, and cost-effective architectures.

Flashcards help you remember specific CloudWatch metrics, recall performance optimization techniques, and match architectural requirements to EC2 configurations. Create cards linking common performance problems to their solutions.

Start Studying AWS EC2 Solutions Architect

Master EC2 instance types, pricing models, storage options, and networking with interactive flashcards designed for Solutions Architect certification prep. Use spaced repetition to lock in critical specifications and ace scenario-based exam questions.

Create Free Flashcards

Frequently Asked Questions

What is the difference between Security Groups and Network ACLs for EC2 instances?

Security Groups and Network ACLs both control traffic but operate differently. Security Groups are stateful firewalls at the instance level. They automatically allow return traffic for permitted inbound connections without explicit outbound rules. Only allow rules exist (implicit deny everything else).

Network ACLs are stateless firewalls at the subnet level. They require explicit allow and deny rules for both directions, with rule numbers determining evaluation order. Security Groups protect individual instances while NACLs protect entire subnets.

For the exam, remember that Security Groups are stateful while NACLs are stateless. Security Groups handle application-level access control, while NACLs provide subnet-level filtering. Both work together in a defense-in-depth strategy.

How do I choose between Reserved Instances, Savings Plans, and On-Demand pricing for EC2?

Choose based on your workload predictability and commitment tolerance.

On-Demand works best for unpredictable workloads, development environments, or short-term projects where you need flexibility. No long-term commitment required.

Reserved Instances suit steady-state production workloads where you can commit to one or three years, offering up to 72% savings. Calculate your baseline load and commit only to what you truly need.

Savings Plans provide flexibility across instance families and regions with similar discounts to RIs. Choose this when your instance type might change but your compute needs remain steady.

Spot Instances maximize savings at up to 90% discount for fault-tolerant, flexible workloads like batch processing. Risk interruption with two minutes notice.

A hybrid approach works best: size Reserved Instances for your baseline load, use On-Demand for unpredictable spikes, and Spot for optional workloads. Calculate break-even points between models for your specific usage patterns.

What factors should I consider when selecting an EC2 instance type for my application?

Start by analyzing your workload characteristics. Compute-bound workloads need compute-optimized instances. Memory-intensive applications need memory-optimized instances. Balanced workloads suit general-purpose instances.

Evaluate your performance requirements including required CPU, memory, network bandwidth, and storage I/O characteristics. Consider cost implications, since different instance families have different pricing per unit of performance.

Think about availability requirements and whether you need multiple instances across Availability Zones. Review AWS Graviton processors versus Intel/AMD processors for your specific applications. Test and benchmark candidate instances on actual workloads when possible.

Start with general-purpose instances for new applications and optimize based on observed metrics. Always consider future scaling needs and whether your choice allows cost-effective scaling as demand grows.

How does EC2 storage work, and what are the differences between EBS volumes and instance store?

EBS (Elastic Block Store) provides persistent block storage volumes that attach to EC2 instances and survive instance termination. EBS volumes can be detached and reattached, supporting snapshots for backup and cross-region copying.

Volume performance depends on type. General Purpose (gp3) works for most workloads. Provisioned IOPS (io2) suits databases needing consistent performance. Cold HDD (sc1) offers infrequent access cost efficiency.

Instance store provides temporary block storage directly attached to the physical host. It offers high performance but loses all data when the instance stops. Use it only for temporary caches, scratch data, and highly parallel processing where data loss is acceptable.

EBS costs based on volume size and provisioned IOPS. Instance store comes included with the instance. For durable data requiring persistence, always use EBS.

Why are flashcards effective for studying EC2 and AWS Solutions Architect concepts?

Flashcards leverage spaced repetition and active recall, scientifically proven to enhance memory retention. EC2 requires memorizing numerous details like instance family purposes, pricing percentages, storage specifications, networking rules, and architectural patterns.

Flashcards let you test yourself repeatedly on these facts until they become automatic. This is essential for timed exams where you must make quick decisions. They work particularly well for EC2 because many exam questions test quick recall of specifications (like io2 IOPS limits) combined with scenario analysis.

Creating flashcards forces you to distill complex concepts into their essential components, deepening understanding. Regular review through flashcard apps implements spaced repetition automatically, reviewing more frequently when you struggle and less when you master topics. This focused, active learning approach reduces study time while improving retention compared to passive reading.