Full Stack • Java • System Design • Cloud • AI Engineering

AWS2026-06-17

AWS EC2

Master AWS EC2 interview questions with visual diagrams covering instances, AMI, security groups, load balancers, auto-scaling, and more. Complete guide with data flows and architecture patterns.

Q1: What is Amazon EC2?

graph TB
    EC2[Amazon EC2<br/>Elastic Cloud Computing] --> Features[Key Features]
    
    Features --> F1[Resizable Computing]
    Features --> F2[Virtual Servers]
    Features --> F3[Configurable Security]
    Features --> F4[Flexible Storage EBS]
    Features --> F5[Multiple Instance Types]
    
    style EC2 fill:#FF9900
    style Features fill:#232F3E

EC2 Fundamentals:

  • Elastic Cloud Computing provides resizable computing capacity in AWS cloud
  • Launch as many or as few virtual servers as needed within minutes
  • Scale capacity up or down based on demand automatically
  • Configure security groups and network access control
  • Attach EBS volumes for persistent block storage
  • Choose from various instance types optimized for different workloads
  • Pay only for compute capacity you actually use (per-second billing)
  • Eliminates need to invest in hardware upfront

Q2: Elastic IP Address

sequenceDiagram
    participant User
    participant Instance
    participant AWS
    
    User->>AWS: Launch EC2
    AWS->>Instance: Public IP: 54.123.45.67
    User->>Instance: Connect
    
    User->>Instance: Stop Instance
    Note over Instance: Stopped
    
    User->>Instance: Start Instance
    AWS->>Instance: New IP: 52.98.76.54
    Note over User: IP Changed!
    
    User->>AWS: Attach Elastic IP
    AWS->>Instance: Elastic IP: 3.45.67.89
    Note over Instance: Permanent IP
    
    User->>Instance: Stop and Start
    Note over Instance: IP Remains: 3.45.67.89

Elastic IP Benefits:

  • Static IPv4 address that persists across instance stop/start cycles
  • Without Elastic IP, public IP changes every time instance restarts
  • Essential for applications requiring consistent IP address (DNS, whitelisting)
  • Can be remapped to another instance in case of failure
  • Charged when allocated but not associated with running instance
  • Limited to 5 Elastic IPs per region by default (can request increase)
  • Can be released back to AWS pool when no longer needed

Q3: Amazon Machine Image (AMI)

graph LR
    AMI[AMI<br/>Machine Image] --> Launch1[Instance 1<br/>Same Config]
    AMI --> Launch2[Instance 2<br/>Same Config]
    AMI --> Launch3[Instance 3<br/>Same Config]
    
    Instance[Running Instance] --> Customize[Customize<br/>Install Software]
    Customize --> Save[Save as<br/>Custom AMI]
    Save --> NewAMI[New Custom AMI]
    
    style AMI fill:#FF9900
    style NewAMI fill:#FF9900

AMI Characteristics:

  • Template containing software configuration (OS, application server, applications)
  • Launch multiple identical instances from single AMI
  • Includes root volume template, launch permissions, and block device mapping
  • Can create custom AMI from configured instance for reuse
  • AMIs are region-specific but can be copied across regions
  • Public AMIs available from AWS and community, or create private AMIs
  • Reduces deployment time—no need to configure each instance individually
  • Version control for infrastructure—maintain different AMI versions

Q4: Instance Types

graph TB
    Types[EC2 Instance Types] --> General[General Purpose<br/>t3, m5]
    Types --> Compute[Compute Optimized<br/>c5, c6g]
    Types --> Memory[Memory Optimized<br/>r5, x1]
    Types --> Storage[Storage Optimized<br/>i3, d2]
    Types --> GPU[Accelerated Computing<br/>p3, g4]
    
    General --> G1[Balanced Resources]
    Compute --> C1[High Performance CPU]
    Memory --> M1[Large Memory]
    Storage --> S1[High Sequential IO]
    GPU --> GP1[ML, Graphics]
    
    style Types fill:#FF9900

Instance Type Selection:

  • General Purpose (t3, m5): Balanced CPU, memory, network for web servers, small databases
  • Compute Optimized (c5, c6g): High-performance processors for batch processing, gaming
  • Memory Optimized (r5, x1): Large memory for in-memory databases, real-time analytics
  • Storage Optimized (i3, d2): High sequential I/O for data warehouses, Hadoop
  • Accelerated Computing (p3, g4): GPU instances for machine learning, video rendering
  • Instance families indicate generation (higher number = newer generation)
  • Can change instance type by stopping instance and modifying instance type
  • Choose based on workload requirements to optimize cost and performance

Q5: Stop vs Terminate

flowchart TD
    Instance[EC2 Instance] --> Action{Action?}
    
    Action -->|Stop| Stop[Instance Stopped]
    Stop --> S1[✅ Can Restart]
    Stop --> S2[✅ EBS Data Preserved]
    Stop --> S3[✅ No Instance Charges]
    Stop --> S4[⚠️ Storage Charges Apply]
    
    Action -->|Terminate| Term[Instance Terminated]
    Term --> T1[❌ Cannot Restart]
    Term --> T2[❌ EBS Volumes Deleted]
    Term --> T3[❌ Permanent Deletion]
    Term --> T4[✅ No Charges]
    
    style Stop fill:#4CAF50
    style Term fill:#F44336

Stop vs Terminate:

  • Stop: Instance can be restarted later, data on EBS volumes preserved
  • Stopped instances don't incur compute charges, only EBS storage charges
  • Instance retains instance ID, private IP, and Elastic IP (if attached)
  • Terminate: Permanent deletion, instance cannot be restarted
  • EBS volumes deleted by default (unless deleteOnTermination set to false)
  • All instance data lost unless backed up to AMI or snapshot
  • Use stop for temporary shutdown, terminate when instance no longer needed
  • Enable termination protection to prevent accidental termination

Q6: Security Groups

graph TB
    Internet[Internet] --> SG[Security Group<br/>Virtual Firewall]
    
    SG --> Rules[Inbound Rules]
    Rules --> R1[SSH: Port 22<br/>Your IP]
    Rules --> R2[HTTP: Port 80<br/>0.0.0.0 Slash 0]
    Rules --> R3[HTTPS: Port 443<br/>0.0.0.0 Slash 0]
    
    SG --> Instance1[EC2 Instance 1]
    SG --> Instance2[EC2 Instance 2]
    SG --> Instance3[EC2 Instance 3]
    
    SG --> Outbound[Outbound Rules<br/>All Traffic Allowed]
    
    style SG fill:#FF9900

Security Group Features:

  • Virtual firewall controlling inbound and outbound traffic for instances
  • Stateful—return traffic automatically allowed regardless of outbound rules
  • Rules specify protocol (TCP/UDP), port range, and source/destination
  • Can reference other security groups as source (e.g., allow traffic from web tier SG)
  • Changes take effect immediately without instance restart
  • Default: all inbound traffic denied, all outbound traffic allowed
  • Multiple security groups can be assigned to single instance
  • Best practice: Create separate security groups for different tiers (web, app, database)

Q7: Auto Scaling with Load Balancer

graph TB
    Users[Users] --> LB[Load Balancer<br/>Distributes Traffic]
    
    LB --> ASG[Auto Scaling Group]
    
    ASG --> I1[Instance 1]
    ASG --> I2[Instance 2]
    ASG --> I3[Instance 3]
    
    Monitor[CloudWatch] --> Check{CPU > 80%?}
    Check -->|Yes| Scale[Scale Out<br/>Add Instances]
    Check -->|No| Normal[Normal Operation]
    
    Scale --> I4[Instance 4]
    Scale --> I5[Instance 5]
    
    style LB fill:#FF9900
    style ASG fill:#4CAF50

Auto Scaling Architecture:

  • Auto Scaling Group automatically adjusts number of instances based on demand
  • CloudWatch monitors metrics (CPU, memory, custom metrics) and triggers scaling
  • Scale out (add instances) when load increases, scale in (remove) when decreases
  • Load Balancer distributes traffic evenly across healthy instances
  • Health checks ensure traffic only sent to healthy instances
  • Maintains desired capacity, minimum, and maximum instance counts
  • Reduces costs by running only needed capacity
  • Improves availability by replacing unhealthy instances automatically

Q8: Load Balancer Types

graph TB
    ELB[AWS Elastic Load Balancing] --> CLB[Classic Load Balancer]
    ELB --> ALB[Application Load Balancer]
    ELB --> NLB[Network Load Balancer]
    
    CLB --> C1[Layer 4 TCP or SSL]
    CLB --> C2[Simple load balancing]
    CLB --> C3[Legacy applications]
    
    ALB --> A1[Layer 7 HTTP or HTTPS]
    ALB --> A2[Content-based routing]
    ALB --> A3[Microservices, containers]
    
    NLB --> N1[Layer 4 TCP or UDP]
    NLB --> N2[Ultra-high performance]
    NLB --> N3[Millions requests per sec]
    
    style ELB fill:#FF9900
    style ALB fill:#4CAF50

Load Balancer Comparison:

  • Classic Load Balancer: Layer 4 (TCP/SSL), simple load balancing, legacy support
  • Application Load Balancer: Layer 7 (HTTP/HTTPS), content-based routing, path/host-based
  • Routes to different target groups based on URL path or hostname
  • Network Load Balancer: Layer 4 (TCP/UDP), extreme performance, millions of requests/sec
  • Ultra-low latency, static IP support, preserves source IP
  • ALB best for modern web applications and microservices
  • NLB best for gaming, IoT, or applications requiring extreme performance
  • All types support health checks and SSL termination