DEV Community

Cover image for AWS EC2 Mastery Bootcamp
Ntseze-Nelvis
Ntseze-Nelvis

Posted on

AWS EC2 Mastery Bootcamp

#aws #cli #devops #tutorial

AWS EC2 Series – 3-Days Intensive Hands-On Track

Tags: aws, ec2, devops, cloud, infrastructure

Overview

This 3-day sprint helps you master EC2 fundamentals, networking, and storage with real-world labs, AWS documentation links, and certification-oriented challenges.

Each day blends AWS Console + CLI + troubleshooting to make you exam-ready and project-capable.

🗓️ DAY 1 — EC2 FUNDAMENTALS & INSTANCE OPERATIONS

Overview

Understand EC2 basics AMIs, instance types, pricing models, and lifecycle.

You'll learn to launch, manage, and automate EC2 instances efficiently.

Hands-On Lab: Multi-Instance Launch & Lifecycle

Objective: Launch multiple EC2 instances across AZs.

# Create a key pair
aws ec2 create-key-pair --key-name cloudreality-KP --query 'KeyMaterial' --output text > cloudreality-KP.pem
chmod 400 cloudreality-KP.pem

# Launch instances
aws ec2 run-instances \
  --image-id ami-0c02fb55956c7d316 \   <!-- EDIT THIS: Use AMI for your region -->
  --count 2 \
  --instance-type t3.micro \
  --key-name cloudreality-KP \
  --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=DevOps-Lab}]'
Enter fullscreen mode Exit fullscreen mode

Practice Tasks

  • Stop/start and observe IP changes
  • Resize instance type
  • Terminate one and review volume behavior

📘 AWS Docs:

📚 Certification Focus

  • Exam Topic: EC2 lifecycle states, AMI and key pair management
  • AWS Certs: Cloud Practitioner (CLF-C02), Solutions Architect – Associate (SAA-C03)

Questions

  • What is the difference between stopping and terminating an instance?
  • Which EC2 purchase option best suits long-term stable workloads?

💡 Problem & Solution

Problem Cause Fix
Instance not showing Wrong region Switch to correct AWS region
Launch failed IAM policy missing Attach AmazonEC2FullAccess
Stopped instance lost IP Used public IP, not Elastic IP Allocate and associate an Elastic IP

📚 Certification Focus

  • Exam Topic: EC2 lifecycle states, AMI and key pair management
  • AWS Certs: Cloud Practitioner (CLF-C02), Solutions Architect – Associate (SAA-C03)

🎓 Certification Questions

Basic Level (Cloud Practitioner)

Q1: What happens to data on instance store volumes when an EC2 instance is stopped?

A: Data on instance store volumes is lost, while EBS volumes persist.

Q2: Which EC2 pricing model offers the lowest cost for uninterruptible workloads?

A: Reserved Instances (1-3 year commitment)

Intermediate Level (Solutions Architect)

Q3: Your company needs to run a batch processing job for 6 hours. Which purchasing option is most cost-effective?

A: Spot Instances, as they offer up to 90% discount for interruptible workloads.

Q4: How can you ensure an EC2 instance maintains the same public IP after restart?

A: Use an Elastic IP address and associate it with the instance.

Advanced Level (DevOps Engineer)

Q5: Describe how to implement instance refresh with Auto Scaling Groups while maintaining zero downtime.

A: Use rolling deployments with health checks, and configure minimum healthy percentage.

💼 Interview Questions

Basic Questions

  1. "What's the difference between stopping and terminating an EC2 instance?"
  2. "How do you choose between different instance families?"
  3. "What are the key factors in selecting an AMI?"

Intermediate Questions

  1. "How would you design a cost-optimized architecture for a web application with predictable traffic?"
  2. "Explain the process of migrating an on-premises application to EC2."
  3. "What monitoring metrics are crucial for EC2 instances?"

Advanced Questions

  1. "How do you implement disaster recovery for EC2 instances across regions?"
  2. "Describe a scenario where you'd use placement groups and the trade-offs involved."
  3. "How would you troubleshoot an instance that's failing health checks?"

Real-World Scenarios

Scenario 1: Cost Optimization Challenge

Problem: A company's EC2 costs increased 200% due to developers using on-demand instances for development.

Solution: Implemented Auto Scaling with Spot Instances for non-production workloads, saving 65% on compute costs.

Scenario 2: Performance Issue

Problem: Application experiencing high CPU steal on shared tenancy instances.

Solution: Migrated to dedicated instances and implemented proper monitoring with CloudWatch.

🗓️ DAY 2 — NETWORKING, SECURITY GROUPS & ELASTIC IPs

Overview

Secure instance access, configure firewall rules, and deploy a simple web app.

Hands-On Lab: Deploy a Public Web Server

Objective: Assign an Elastic IP, configure SGs, and host a simple webpage.

# Allocate Elastic IP
aws ec2 allocate-address --domain vpc

# Associate to instance
aws ec2 associate-address \
  --instance-id i-0abcd1234efgh5678 \
  --allocation-id eipalloc-0abcdef1234567890

# Create Security Group
aws ec2 create-security-group \
  --group-name web-sg \
  --description "Allow SSH & HTTP access" \
  --vpc-id vpc-0ab12c34d56e78f90

# Add ingress rules
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 22 --cidr 0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-name web-sg --protocol tcp --port 80 --cidr 0.0.0.0/0
Enter fullscreen mode Exit fullscreen mode

Validation

  • SSH into instance
  • Install Apache
  • View site in browser 
sudo yum install -y httpd
sudo systemctl start httpd
echo "<h1>Hello from Nelvis EC2 Web Server</h1>" | sudo tee /var/www/html/index.html
Enter fullscreen mode Exit fullscreen mode

📘 AWS Docs:

📚 Certification Focus

  • Exam Topic: EC2 connectivity, networking, security boundaries
  • AWS Certs: SysOps Administrator, DevOps Engineer

Questions

  • Compare Security Groups and NACLs.
  • Why does Elastic IP retain its address across instance stops?
  • How can you secure SSH access from a corporate network only?

📘 AWS Docs:

💡 Problem & Solution

Problem Cause Fix
SSH Timeout SG rule missing Allow TCP 22 inbound
Webpage not loading HTTP rule missing or Apache off Add port 80 + start service
Elastic IP not reachable Wrong instance association Reassociate using CLI

📚 Certification Focus

  • Exam Topic: EC2 connectivity, networking, security boundaries
  • AWS Certs: SysOps Administrator, DevOps Engineer

🎓 Certification Questions

Basic Level

Q1: What's the difference between Security Groups and NACLs?

A: Security Groups are stateful (return traffic allowed automatically) and operate at instance level, while NACLs are stateless and operate at subnet level.

Q2: Why does an Elastic IP retain its address across instance stops?

A: Elastic IPs are allocated to your AWS account, not specific instances.

Intermediate Level

Q3: How can you restrict SSH access to only your corporate network?

A: Modify Security Group to allow port 22 only from your corporate IP range (e.g., 192.168.1.0/24).

Q4: What happens to Elastic IP charges when an instance is stopped?

A: You're charged for unattached Elastic IPs, but not for attached ones to running instances.

Advanced Level

Q5: Design a network architecture that spans multiple AZs with proper failover capabilities.

A: Use multiple subnets across AZs, Elastic IPs with failover scripts, and proper route table configurations.

Interview Questions

Basic Questions

  1. "What's the default behavior of a new Security Group?"
  2. "How do Security Groups differ from traditional firewalls?"
  3. "When would you use an Elastic IP vs. a public IP?"

Intermediate Questions

  1. "How would you design security groups for a 3-tier web application?"
  2. "What are the implications of using 0.0.0.0/0 in security group rules?"
  3. "How do you troubleshoot connectivity issues between instances in different subnets?"

Advanced Questions

  1. "Design a network architecture that complies with PCI-DSS requirements."
  2. "How would you implement zero-trust networking in AWS?"
  3. "What strategies would you use for gradual security group rule migration?"

Real-World Scenarios

Scenario 1: Security Breach

Problem: Company exposed SSH to 0.0.0.0/0, leading to brute force attacks.

Solution: Implemented security group rules restricting SSH to corporate IP, set up AWS WAF, and used Session Manager for SSH.

Scenario 2: High Availability Requirement

Problem: Application needed to survive AZ failure with minimal downtime.

Solution: Deployed across multiple AZs with Elastic IP failover automation and health checks.

🗓️ DAY 3 — EBS VOLUMES, SNAPSHOTS & BACKUPS

Overview

Understand persistent storage, expand volumes, and set up snapshot automation.

Hands-On Lab: EBS Management

Objective: Create, attach, and back up a volume.

# Create EBS Volume
aws ec2 create-volume \
  --availability-zone us-east-1a \
  --size 10 \
  --volume-type gp3
Enter fullscreen mode Exit fullscreen mode

Attach to instance 

aws ec2 attach-volume \
  --volume-id vol-0abcdef1234567890 \
  --instance-id i-0abcd1234efgh5678 \
  --device /dev/xvdf
Enter fullscreen mode Exit fullscreen mode

Then SSH into the instance: 

sudo mkfs -t xfs /dev/xvdf
sudo mkdir /data
sudo mount /dev/xvdf /data
df -h
Enter fullscreen mode Exit fullscreen mode

📘 AWS Docs:

💡 Problem & Solution

Problem Cause Fix
Volume not attaching Different AZ Recreate volume in same AZ
Data lost after termination Root volume deleted Disable DeleteOnTermination
Snapshots not running Missing IAM role Attach AmazonDLMFullAccess

📚 Certification Focus

  • Exam Topic: Storage, Backup, High Availability
  • AWS Certs: Solutions Architect, DevOps Engineer

🎓 Certification Questions

Basic Level

Q1: What happens when you detach a root EBS volume?

A: The instance becomes unusable as the operating system is on the root volume.

Q2: How can you restore a snapshot to a new volume?

A: Create a new volume from the snapshot in the EC2 console or using AWS CLI.

Intermediate Level

Q3: What's the difference between gp2, gp3, and io2 volumes?

A: gp2: baseline performance, gp3: provisioned performance, io2: highest performance with durability.

Q4: How do you increase the size of an EBS volume?

A: Modify volume size in console/CLI, then extend filesystem in OS.

Advanced Level

Q5: Design a backup strategy for a mission-critical database on EC2.

A: Use application-consistent snapshots with DLM, multi-region replication, and automated recovery testing.

💼 Interview Questions

Basic Questions

  1. "What are the different EBS volume types and their use cases?"
  2. "How does EBS snapshot pricing work?"
  3. "What's the process for resizing an EBS volume?"

Intermediate Questions

  1. "How would you design a backup strategy for compliance requirements?"
  2. "What are the performance characteristics of different EBS volume types?"
  3. "How do you monitor EBS performance and troubleshoot issues?"

Advanced Questions

  1. "Design a disaster recovery strategy with RTO of 15 minutes and RPO of 5 minutes."
  2. "How would you implement cross-region snapshot replication automatically?"
  3. "What are the considerations for EBS-optimized instances?"

Real-World Scenarios

Scenario 1: Database Performance Issue

Problem: Database performance degraded due to insufficient IOPS on gp2 volumes.

Solution: Migrated to gp3 volumes with provisioned IOPS, implemented monitoring, and set up performance baselines.

Scenario 2: Backup Failure

Problem: Critical snapshots failed due to IAM permissions during automated backup process.

Solution: Implemented proper IAM roles with least privilege, added backup success/failure notifications, and created runbooks.

📘 Extra Learning & Exam Resources

Category Resource
EC2 Official Docs https://docs.aws.amazon.com/ec2
AWS Hands-On Tutorials https://aws.amazon.com/getting-started/hands-on/
AWS Labs GitHub https://github.com/aws-samples
Exam Prep – AWS Cloud Practitioner https://aws.amazon.com/certification/certified-cloud-practitioner/
Exam Prep – Solutions Architect https://aws.amazon.com/certification/certified-solutions-architect-associate/
Exam Prep – DevOps Engineer https://aws.amazon.com/certification/certified-devops-engineer-professional/
💬 Troubleshooting Reference https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-troubleshooting.html

Top comments (0)