AWS EC2 Series – 3-Days Intensive Hands-On Track
Tags: aws, ec2, devops, cloud, infrastructure
Overview
This 3-day sprint helps you master EC2 fundamentals, networking, and storage with real-world labs, AWS documentation links, and certification-oriented challenges.
Each day blends AWS Console + CLI + troubleshooting to make you exam-ready and project-capable.
🗓️ DAY 1 — EC2 FUNDAMENTALS & INSTANCE OPERATIONS
Overview
Understand EC2 basics AMIs, instance types, pricing models, and lifecycle.
You’ll learn to launch, manage, and automate EC2 instances efficiently.
Hands-On Lab: Multi-Instance Launch & Lifecycle
Objective: Launch multiple EC2 instances across AZs.
# Create a key pair
aws ec2 create-key-pair --key-name cloudreality-KP --query 'KeyMaterial' --output text > cloudreality-KP.pem
chmod 400 cloudreality-KP.pem
# Launch instances
aws ec2 run-instances \
--image-id ami-0c02fb55956c7d316 \ <!-- EDIT THIS: Use AMI for your region -->
--count 2 \
--instance-type t3.micro \
--key-name cloudreality-KP \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=DevOps-Lab}]'
Practice Tasks
- Stop/start and observe IP changes
- Resize instance type
- Terminate one and review volume behavior
📘 AWS Docs:
📚 Certification Focus
- Exam Topic: EC2 lifecycle states, AMI and key pair management
- AWS Certs: Cloud Practitioner (CLF-C02), Solutions Architect – Associate (SAA-C03)
Questions
- What is the difference between stopping and terminating an instance?
- Which EC2 purchase option best suits long-term stable workloads?
💡 Problem & Solution
| Problem | Cause | Fix |
|---|---|---|
| Instance not showing | Wrong region | Switch to correct AWS region |
| Launch failed | IAM policy missing | Attach AmazonEC2FullAccess |
| Stopped instance lost IP | Used public IP, not Elastic IP | Allocate and associate an Elastic IP |
📚 Certification Focus
- Exam Topic: EC2 lifecycle states, AMI and key pair management
- AWS Certs: Cloud Practitioner (CLF-C02), Solutions Architect – Associate (SAA-C03)
🎓 Certification Questions
Basic Level (Cloud Practitioner)
Q1: What happens to data on instance store volumes when an EC2 instance is stopped?
A: Data on instance store volumes is lost, while EBS volumes persist.
Q2: Which EC2 pricing model offers the lowest cost for uninterruptible workloads?
A: Reserved Instances (1-3 year commitment)
Intermediate Level (Solutions Architect)
Q3: Your company needs to run a batch processing job for 6 hours. Which purchasing option is most cost-effective?
A: Spot Instances, as they offer up to 90% discount for interruptible workloads.
Q4: How can you ensure an EC2 instance maintains the same public IP after restart?
A: Use an Elastic IP address and associate it with the instance.
Advanced Level (DevOps Engineer)
Q5: Describe how to implement instance refresh with Auto Scaling Groups while maintaining zero downtime.
A: Use rolling deployments with health checks, and configure minimum healthy percentage.
💼 Interview Questions
Basic Questions
- “What’s the difference between stopping and terminating an EC2 instance?”
- “How do you choose between different instance families?”
- “What are the key factors in selecting an AMI?”
Intermediate Questions
- “How would you design a cost-optimized architecture for a web application with predictable traffic?”
- “Explain the process of migrating an on-premises application to EC2.”
- “What monitoring metrics are crucial for EC2 instances?”
Advanced Questions
- “How do you implement disaster recovery for EC2 instances across regions?”
- “Describe a scenario where you’d use placement groups and the trade-offs involved.”
- “How would you troubleshoot an instance that’s failing health checks?”
Real-World Scenarios
Scenario 1: Cost Optimization Challenge
Problem: A company’s EC2 costs increased 200% due to developers using on-demand instances for development.
Solution: Implemented Auto Scaling with Spot Instances for non-production workloads, saving 65% on compute costs.
Scenario 2: Performance Issue
Problem: Application experiencing high CPU steal on shared tenancy instances.
Solution: Migrated to dedicated instances and implemented proper monitoring with CloudWatch.
🗓️ DAY 2 — NETWORKING, SECURITY GROUPS & ELASTIC IPs
Overview
Secure instance access, configure firewall rules, and deploy a simple web app.
Hands-On Lab: Deploy a Public Web Server
Objective: Assign an Elastic IP, configure SGs, and host a simple webpage.
# Allocate Elastic IP
aws ec2 allocate-address --domain vpc
# Associate to instance
aws ec2 associate-address \
--instance-id i-0abcd1234efgh5678 \
--allocation-id eipalloc-0abcdef1234567890
# Create Security Group
aws ec2 create-security-group \
--group-name web-sg \
--description "Allow SSH & HTTP access" \
--vpc-id vpc-0ab12c34d56e78f90
# Add ingress rules
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 80 --cidr 0.0.0.0/0
Validation
- SSH into instance
- Install Apache
- View site in browser
sudo yum install -y httpd
sudo systemctl start httpd
echo "<h1>Hello from Nelvis EC2 Web Server</h1>" | sudo tee /var/www/html/index.html
📘 AWS Docs:
📚 Certification Focus
- Exam Topic: EC2 connectivity, networking, security boundaries
- AWS Certs: SysOps Administrator, DevOps Engineer
Questions
- Compare Security Groups and NACLs.
- Why does Elastic IP retain its address across instance stops?
- How can you secure SSH access from a corporate network only?
📘 AWS Docs:
💡 Problem & Solution
| Problem | Cause | Fix |
|---|---|---|
| SSH Timeout | SG rule missing | Allow TCP 22 inbound |
| Webpage not loading | HTTP rule missing or Apache off | Add port 80 + start service |
| Elastic IP not reachable | Wrong instance association | Reassociate using CLI |
📚 Certification Focus
- Exam Topic: EC2 connectivity, networking, security boundaries
- AWS Certs: SysOps Administrator, DevOps Engineer
🎓 Certification Questions
Basic Level
Q1: What’s the difference between Security Groups and NACLs?
A: Security Groups are stateful (return traffic allowed automatically) and operate at instance level, while NACLs are stateless and operate at subnet level.
Q2: Why does an Elastic IP retain its address across instance stops?
A: Elastic IPs are allocated to your AWS account, not specific instances.
Intermediate Level
Q3: How can you restrict SSH access to only your corporate network?
A: Modify Security Group to allow port 22 only from your corporate IP range (e.g., 192.168.1.0/24).
Q4: What happens to Elastic IP charges when an instance is stopped?
A: You’re charged for unattached Elastic IPs, but not for attached ones to running instances.
Advanced Level
Q5: Design a network architecture that spans multiple AZs with proper failover capabilities.
A: Use multiple subnets across AZs, Elastic IPs with failover scripts, and proper route table configurations.
Interview Questions
Basic Questions
- “What’s the default behavior of a new Security Group?”
- “How do Security Groups differ from traditional firewalls?”
- “When would you use an Elastic IP vs. a public IP?”
Intermediate Questions
- “How would you design security groups for a 3-tier web application?”
- “What are the implications of using 0.0.0.0/0 in security group rules?”
- “How do you troubleshoot connectivity issues between instances in different subnets?”
Advanced Questions
- “Design a network architecture that complies with PCI-DSS requirements.”
- “How would you implement zero-trust networking in AWS?”
- “What strategies would you use for gradual security group rule migration?”
Real-World Scenarios
Scenario 1: Security Breach
Problem: Company exposed SSH to 0.0.0.0/0, leading to brute force attacks.
Solution: Implemented security group rules restricting SSH to corporate IP, set up AWS WAF, and used Session Manager for SSH.
Scenario 2: High Availability Requirement
Problem: Application needed to survive AZ failure with minimal downtime.
Solution: Deployed across multiple AZs with Elastic IP failover automation and health checks.
🗓️ DAY 3 — EBS VOLUMES, SNAPSHOTS & BACKUPS
Overview
Understand persistent storage, expand volumes, and set up snapshot automation.
Hands-On Lab: EBS Management
Objective: Create, attach, and back up a volume.
# Create EBS Volume
aws ec2 create-volume \
--availability-zone us-east-1a \
--size 10 \
--volume-type gp3
Attach to instance
aws ec2 attach-volume \
--volume-id vol-0abcdef1234567890 \
--instance-id i-0abcd1234efgh5678 \
--device /dev/xvdf
Then SSH into the instance:
sudo mkfs -t xfs /dev/xvdf
sudo mkdir /data
sudo mount /dev/xvdf /data
df -h
📘 AWS Docs:
💡 Problem & Solution
| Problem | Cause | Fix |
|---|---|---|
| Volume not attaching | Different AZ | Recreate volume in same AZ |
| Data lost after termination | Root volume deleted | Disable DeleteOnTermination |
| Snapshots not running | Missing IAM role | Attach AmazonDLMFullAccess |
📚 Certification Focus
- Exam Topic: Storage, Backup, High Availability
- AWS Certs: Solutions Architect, DevOps Engineer
🎓 Certification Questions
Basic Level
Q1: What happens when you detach a root EBS volume?
A: The instance becomes unusable as the operating system is on the root volume.
Q2: How can you restore a snapshot to a new volume?
A: Create a new volume from the snapshot in the EC2 console or using AWS CLI.
Intermediate Level
Q3: What’s the difference between gp2, gp3, and io2 volumes?
A: gp2: baseline performance, gp3: provisioned performance, io2: highest performance with durability.
Q4: How do you increase the size of an EBS volume?
A: Modify volume size in console/CLI, then extend filesystem in OS.
Advanced Level
Q5: Design a backup strategy for a mission-critical database on EC2.
A: Use application-consistent snapshots with DLM, multi-region replication, and automated recovery testing.
💼 Interview Questions
Basic Questions
- “What are the different EBS volume types and their use cases?”
- “How does EBS snapshot pricing work?”
- “What’s the process for resizing an EBS volume?”
Intermediate Questions
- “How would you design a backup strategy for compliance requirements?”
- “What are the performance characteristics of different EBS volume types?”
- “How do you monitor EBS performance and troubleshoot issues?”
Advanced Questions
- “Design a disaster recovery strategy with RTO of 15 minutes and RPO of 5 minutes.”
- “How would you implement cross-region snapshot replication automatically?”
- “What are the considerations for EBS-optimized instances?”
Real-World Scenarios
Scenario 1: Database Performance Issue
Problem: Database performance degraded due to insufficient IOPS on gp2 volumes.
Solution: Migrated to gp3 volumes with provisioned IOPS, implemented monitoring, and set up performance baselines.
Scenario 2: Backup Failure
Problem: Critical snapshots failed due to IAM permissions during automated backup process.
Solution: Implemented proper IAM roles with least privilege, added backup success/failure notifications, and created runbooks.
📘 Extra Learning & Exam Resources
| Category | Resource |
|---|---|
| EC2 Official Docs | https://docs.aws.amazon.com/ec2 |
| AWS Hands-On Tutorials | https://aws.amazon.com/getting-started/hands-on/ |
| AWS Labs GitHub | https://github.com/aws-samples |
| Exam Prep – AWS Cloud Practitioner | https://aws.amazon.com/certification/certified-cloud-practitioner/ |
| Exam Prep – Solutions Architect | https://aws.amazon.com/certification/certified-solutions-architect-associate/ |
| Exam Prep – DevOps Engineer | https://aws.amazon.com/certification/certified-devops-engineer-professional/ |
| 💬 Troubleshooting Reference | https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-troubleshooting.html |
