What is Amazon EC2? A guide to deciding whether to use it, what it can do, and how much it costs

When preparing a server environment in the cloud, Amazon EC2 is the first name that comes to mind. However, while EC2 offers "free use of virtual servers," it can also be a service that can be confusing after implementation if you don't understand the fees and operational responsibilities. 

In this article, we will explain the basics of what EC2 is, as well as what it can do, its components, pricing structure, and common stumbling blocks.

What is Amazon EC2?

Amazon EC2 (Elastic Compute Cloud) is a service that allows you to launch and freely use virtual servers (instances) on AWS. You can prepare a server environment with the performance you need when you need it in the cloud, without having to purchase or install a physical server.

Since you can choose the OS and specifications to build it, it is used for a wide range of purposes, from website operations to business systems.

What you can do with EC2

The role of EC2 is to have a "server that you can manage in-house" on the cloud.

Some uses include:

• Web application and site server operations

• Business system execution environment (internal tools, core systems, etc.)

• Setting up a development and verification environment (short-term PoC and testing)

• Use as a cloud migration destination for existing servers

It is characterized by its flexibility in changing specifications and increasing or decreasing the number of units, making it easy to adjust to changes in traffic volume.

Why EC2 has "high degree of freedom = operational responsibility"

While EC2 offers a high degree of freedom, the responsibility for server operation remains with the user. AWS only manages the underlying physical infrastructure, and users must handle anything beyond the OS themselves.

For example, the following tasks are performed by EC2 users:

• Updates and patches for OS and middleware

• Security settings (SSH management, network control)

• Recovery design and backup operations in the event of a failure

• Monitoring, log management, and cost optimization

EC2 is not a "server that you can use freely" but a "service that allows you to use it freely but is designed to include operation."

Three things to know before understanding EC2

EC2 is one of the most frequently used services in AWS, but if you hear that you can set up a virtual server and immediately implement it, you may encounter unexpected problems.

What is an instance?

In EC2, a launched virtual server is called an "instance." An instance is a server environment that you create by selecting the configuration of CPU, memory, storage, etc.

Just like a physical server, you can run the OS and install and use applications. The cloud is unique in that you can change performance and increase the number of servers as needed.

In other words, EC2 is not a service where you "buy a server," but rather a service where you "rent and run a server environment according to your needs."

EC2 is not complete on its own

EC2 provides the virtual server itself, but in actual use it is assumed to be combined with peripheral services.

For example, simply launching an EC2 instance does not provide the following elements:

• Network infrastructure (VPC, subnets)

• External communication control (Security Group)

• Disks and backups (EBS, snapshots)

• Access Permission Management (IAM)

• Monitoring and log collection (CloudWatch, etc.)

EC2 is not a "self-contained system" and can only be operated when the surrounding design is included.

Common failure patterns when using EC2

A typical pitfall for beginners when using EC2 is the idea that "if I just set up a server, everything will be fine." However, because EC2 offers a high degree of freedom, starting without proper planning can lead to a sudden increase in operational burden.

Examples of situations where this can easily go wrong include:

• Weak security settings lead to unintended exposure

• Without backups, recovery is not possible in the event of a failure.

• I forgot to turn it off in the intended testing environment, and costs increased.

• Choosing EC2 even though a managed service would suffice makes operations heavy.

EC2 is not a "service to choose first," but rather a "service to choose when you have a reason to need it."

Cases where you should choose EC2 / cases where you shouldn't

The purpose of the cloud is not to have a server, but to run the system in the way you want. Therefore, you need to decide on the balance between the degree of freedom and the operational burden.

Cases where EC2 is suitable

EC2 is the best choice when "being able to freely build an environment" is essential. Typical examples are as follows:

• Want to have detailed control over OS and middleware configurations

• I want to migrate my existing system to the cloud as is (lift and shift)

• You have specific software or configuration requirements that cannot be met through managed services

• Want to flexibly set up and test development and testing environments

• Companies that are over a certain size and have a system in place to manage operations in-house

EC2 is a great option if you need to design and manage your own servers.

No need for EC2 if managed services are sufficient (RDS/Lambda/Fargate)

If your purpose is clear, it makes more sense to choose a managed service over EC2.

• Want to run a database → RDS

• Execute batch processing or API → Lambda

• Want to run an app in a container? → Fargate (ECS)

These services significantly reduce operational burdens because AWS handles OS management, patch application, redundancy, etc. EC2 offers greater flexibility, but operational responsibility remains with the user, so unless there is a compelling reason to use EC2, it is safer to avoid it.

Typical examples where beginners get confused

The following are some of the situations where beginners tend to get confused:

"First of all, we need a server"

→ First, consider whether you can use Lightsail or a managed service instead.

"I want to get started with EC2 to learn about AWS."

→ Effective for verification purposes. However, cost management for forgetting to turn it off is essential.

"We want to move our production system to the cloud."

→ Depends on the migration requirements. For simple migration, prioritize EC2, but to reduce operational burden, prioritize managed.

EC2 is not a "standard service that you should use first," but rather a server platform to choose when you need flexibility.

Understanding the basic configuration of EC2

EC2 is a service that provides virtual servers, but in reality it is a set of peripheral elements. To launch an instance and operate it safely, you need to understand the underlying OS template, storage, communication control, and network infrastructure.

AMI (launch template)

An AMI (Amazon Machine Image) is a template for launching an EC2 instance. It includes the OS and initial settings, and determines which environment to launch when creating an instance.

For example, the following AMIs are used:

• Amazon linux

• Ubuntu and Windows Server

• AMIs with pre-built applications (e.g., from the Marketplace)

Since EC2 instances are launched based on AMIs, selecting an AMI is the starting point for configuration.

EBS (storage) and snapshots

The standard storage for EC2 is EBS (Elastic Block Store), which is the disk space connected to an instance and stores the OS and data.

The important thing to note is that your environment may disappear if you stop or delete your EC2 instance.

Therefore, how you handle EBS is the basis of your operations.

Additionally, EBS has a snapshot feature.

• Take a backup of the volume

• Leave a state that can be restored in the event of a failure

• Duplicate the same configuration

When operating EC2, the minimum backup design is "EBS + snapshots."

Security Group (Virtual Firewall)

Security Group is a mechanism to control communication to EC2 instances. It sets which IP addresses and ports are allowed to access.

For example, the following control is typical:

• Only allow HTTP/HTTPS for web publishing

• Restrict SSH to specific administrator IP addresses

• Close unnecessary ports

The extent to which an instance is exposed to the outside world is determined by the security group settings.

This is the first thing you should be aware of when it comes to EC2 security.

VPC (the foundation of the network)

VPC (Virtual Private Cloud) is a mechanism for defining a network space on AWS.

EC2 is placed within a VPC, and communication paths are determined by subnet and route settings.

The key points to understand about VPCs are:

• Should it be configured to be exposed to the internet or for internal use only?

• Separate deployments by subnet (public/private)

• Controlling connections with routing and gateways

EC2 is a service for setting up servers, but it is also a service that requires network design.

You can get the whole picture of the pricing system here

EC2 is a service where costs can easily increase if you start using it without understanding the pricing structure. The concept of billing may seem complicated, but it is basically determined by "what you run and how much."

Charges are determined by "boot time + specs + storage"

EC2 pricing consists of three components:

• Running time (charged in seconds/hours)

• Selected instance type (CPU and memory performance)

• Associated storage (EBS capacity and type)

In other words, charges will continue to be incurred as long as the server is running. Even if you are using it for testing purposes, you will continue to be charged if you leave it running.

In addition, there may be additional charges for peripheral services such as data usage and load balancers, so please note that the fee is not determined solely by EC2.

Differences between on-demand, reserved, and spot

EC2 offers multiple pricing plans, with options varying depending on usage period and purpose.

• On-Demand Instances

  • Standard plan for immediate use when needed. Flexible but expensive.

• Reserved Instances/Savings Plans

  • Discounted plans for long-term use such as 1 year or 3 years. Suitable for production environments.

• Spot Instances

  • You can use surplus resources cheaply, but there is a possibility of interruptions. Suitable for limited use such as batch processing.

It is common for beginners to start with on-demand and then consider long-term discounts once they have established stable operation.

The basis for managing EC2 costs is to regularly check whether the instance is running and whether there are any unnecessary resources remaining.

Required operations

AWS only manages the physical infrastructure, and the OS and above are managed by the user. If you use EC2 in production, you will need to design operations after launch.

OS and middleware patch management

With EC2, you need to update your OS and middleware yourself.

• OS security updates

• Update your web server (Apache/Nginx, etc.)

• Application runtime vulnerability response

Stopping updates increases the risk of known vulnerabilities being exploited. EC2 is a service that allows you to rent a server, not a service that no longer requires operation.

Backup and recovery design (stopping does not mean deleting)

With EC2, it is essential to have a backup plan in case of failures or operational errors. You need to pay attention to the state of the instance and how data is handled.

• Stopping an instance only stops billing, but does not necessarily mean that data will be lost.

• There are cases where an instance cannot be restored after it is deleted.

• EBS snapshots can be saved for recovery.

If you "think about backups" later, you are likely to end up in a state where recovery is not possible, so it is essential to incorporate snapshot operations from the start.

Monitoring, logging, and security measures are prerequisites

Since EC2 requires you to manage a large area yourself, monitoring and security measures are also required.

• Monitoring to detect CPU and disk pressure (e.g., CloudWatch)

• Collect logs to enable tracking of abnormalities

• Closing unnecessary communications with Security Groups

• Minimize SSH key management and IAM permissions

There are limitations to manually checking whether something is working, so the starting point for EC2 operations is to design it with monitoring, logging, and permission control in mind.

Differences between EC2 and other services

When wondering whether to choose EC2, the deciding factor is whether you need to manage your servers yourself. AWS offers options to reduce operational burdens, and the optimal solution will vary depending on your goals.

EC2 vs Lambda (Serverless)

Lambda is a service that allows you to execute processes without setting up a server.

• EC2: Prepare a virtual server and manage the OS in-house

• Lambda: Just put your code in and it runs, no server operations required

Lambda is suitable for short-term API processing or batch processing, while EC2 is the better choice for systems that require constant operation or OS-level control.

EC2 vs ECS/Fargate (Container Operation)

ECS/Fargate is a system that runs applications on a container-by-container basis.

• EC2: Managed on a server-by-server basis, offering high flexibility but heavy operation

• Fargate: Move server management to AWS and focus on running your apps

Fargate is a reasonable choice for new developments that require container operations. EC2 is more practical if you need to migrate existing systems or use special configurations.

EC2 vs Lightsail (simple version)

Lightsail is a service for small businesses that makes it easy to use EC2.

• EC2: Freely designable, including network and permissions

• Lightsail: Fixed configuration, quick to launch

Lightsail is sufficient for personal websites and small-scale testing. If you need scalability and detailed control for production, you will ultimately need an EC2 configuration.

Quick Start with EC2: How to Create a Test Environment

When using EC2 for production use, the number of design elements increases, but for testing purposes, it is possible to try it with a minimal configuration. Beginners will be less likely to fail if they prioritize "launching safely and shutting down reliably."

The smallest steps to launch

The setup of the verification environment will proceed as follows:

1. Select a region

2. Select an AMI (OS image)

3. Choose an instance type (minimum specs are sufficient)

4. Create a key pair (required for SSH connections)

5. Allow connections in the Security Group

6. Start the instance and log in via SSH

At this stage, the goal is to "try it out," so it's best to start with a minimal configuration.

Safety settings that beginners should do

The most common accident in EC2 testing is unintentional public settings.

At a minimum, be sure to focus on the following:

• Do not open SSH (port 22) completely

• Limit source IP to your own environment

• Do not allow unnecessary ports

• If you don't need to expose it, don't add a public IP address

Even a testing environment can be a target for attacks if it is exposed to the Internet. Security Group settings are the first line of defense.

Stop/delete when you're done using it

EC2 instances are charged as long as they are running. In a testing environment, the most common cause of increased costs is forgetting to stop them.

• Stop the instance when you're done using it

• If it is not needed, terminate (delete) it and leave no resources behind

• Check if there are any remaining EBS volumes or Elastic IPs.

Just because it's stopped doesn't mean it's free; if storage remains, you'll continue to be charged. For verification purposes, it's important to be mindful of the need to clean up afterward.

Conclusion

Amazon EC2 is a popular service that allows you to freely build virtual servers on AWS. It can be used for a wide range of purposes, including web servers, business systems, and testing environments, but the user is also responsible for operating system management, security settings, and monitoring.

The deciding factor in whether to choose EC2 is whether you need to manage your servers yourself. Depending on your purpose, managed services such as Lambda or Fargate, which can reduce operational burden, may be more suitable.

EC2 is not an all-purpose option, but rather a platform that is effective when flexibility is required. It is important to understand the pricing structure and operational burden before choosing the best option for your company.

Do you have any concerns about AWS?

If you have any questions or concerns about using AWS, estimates, configuration, operation, etc., please feel free to contact us. We will help you make a smooth decision by establishing a common understanding with the local team and clarifying prerequisites.

This service, "IIJ Managed Cloud for AWS," is jointly provided by the IIJ Group, Japan's first commercial Internet service provider, and Serverworks, an AWS Premier Tier Service Partner. It is compatible with global environments, including Southeast Asia, and provides AWS support tailored to on-site decisions.

▶ Check out the detailed documentation
▶ Consult with us about using AWS