diff --git a/README.md b/README.md
index 437846e..3b0b4da 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,8 @@
- What is Cloud Computing?, AWS Global Infrastructure, Shared Responsibility Model
- [IAM: Identity Access & Management](./sections/iam.md)
- What Is IAM?, Multi Factor Authentication - MFA, MFA devices options in AWS, How can users access AWS ?, What’s the AWS CLI?, What’s the AWS SDK?
+- [EC2: Virtual Machines](./sections/ec2.md)
+ - What is Amazon EC2?, Introduction to Security Groups, Classic Ports to know, EC2 Instance Launch Types, Which purchasing option is right for me?, Shared Responsibility Model for EC2
## Practice Exams ( dumps )
diff --git a/sections/cloud_computing.md b/sections/cloud_computing.md
index 08bc7db..ac7add6 100644
--- a/sections/cloud_computing.md
+++ b/sections/cloud_computing.md
@@ -34,12 +34,12 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap
### The Deployment Models of the Cloud
-| **Private Cloud** | **Public Cloud** | **Hybrid Cloud** |
-|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| Cloud services used by a single organization, not exposed to the public. | Cloud resources owned and operated by a third-party cloud service provider, delivered over the Internet. | Keep some servers on-premises and extend some capabilities to the cloud. |
-| Complete control over data, security, and compliance. | Cost-effective as infrastructure is shared among multiple users. | Allows data and applications to be shared between private and public clouds. |
-| Security for sensitive applications, ideal for critical workloads. | Suitable for less sensitive workloads that require high scalability and availability. | Offers flexibility, security, and scalability for different use cases. |
-| Meet specific business needs and compliance requirements. | No maintenance required as the cloud provider manages the infrastructure. | Provides business continuity, disaster recovery, and data backup solutions. |
+| **Private Cloud** | **Public Cloud** | **Hybrid Cloud** |
+| ------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------- |
+| Cloud services used by a single organization, not exposed to the public. | Cloud resources owned and operated by a third-party cloud service provider, delivered over the Internet. | Keep some servers on-premises and extend some capabilities to the cloud. |
+| Complete control over data, security, and compliance. | Cost-effective as infrastructure is shared among multiple users. | Allows data and applications to be shared between private and public clouds. |
+| Security for sensitive applications, ideal for critical workloads. | Suitable for less sensitive workloads that require high scalability and availability. | Offers flexibility, security, and scalability for different use cases. |
+| Meet specific business needs and compliance requirements. | No maintenance required as the cloud provider manages the infrastructure. | Provides business continuity, disaster recovery, and data backup solutions. |
### The Five Characteristics of Cloud Computing
@@ -66,11 +66,11 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap
### Types of Cloud Computing
-| **Infrastructure as a Service (IaaS)** | **Platform as a Service (PaaS)** | **Software as a Service (SaaS)** |
-|-------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|------------------------------------------------------------------------|
-| Provides virtualized computing resources over the internet (e.g., AWS EC2). | Provides a platform allowing customers to develop, run, and manage applications (e.g., AWS Elastic Beanstalk). | Provides software applications over the internet on a subscription basis (e.g., AWS Chime). |
-| Offers maximum control over the infrastructure. | Focus on deploying applications without managing underlying infrastructure. | Accessible over the internet, usually via a web browser. |
-| Suitable for developers needing control over OS, middleware, and runtime. | Ideal for developers who want to focus on application development. | Suitable for users needing access to software without infrastructure management. |
+| **Infrastructure as a Service (IaaS)** | **Platform as a Service (PaaS)** | **Software as a Service (SaaS)** |
+| --------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- |
+| Provides virtualized computing resources over the internet (e.g., AWS EC2). | Provides a platform allowing customers to develop, run, and manage applications (e.g., AWS Elastic Beanstalk). | Provides software applications over the internet on a subscription basis (e.g., AWS Chime). |
+| Offers maximum control over the infrastructure. | Focus on deploying applications without managing underlying infrastructure. | Accessible over the internet, usually via a web browser. |
+| Suitable for developers needing control over OS, middleware, and runtime. | Ideal for developers who want to focus on application development. | Suitable for users needing access to software without infrastructure management. |
### Example of Cloud Computing Types
@@ -85,10 +85,10 @@ Cloud computing is the on-demand delivery of compute power, database storage, ap
AWS follows three fundamental pricing principles based on the pay-as-you-go pricing model:
-| **Fundamental** | **Description** |
-|---------------------|-------------------------------------------------------------------------------------------------|
-| **Compute** | Pay for the compute time you consume. Examples include EC2 instance hours or Lambda invocation duration. |
-| **Storage** | Pay for the amount of data stored in the cloud. Examples include S3 storage space and EBS volume usage. |
+| **Fundamental** | **Description** |
+| --------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Compute** | Pay for the compute time you consume. Examples include EC2 instance hours or Lambda invocation duration. |
+| **Storage** | Pay for the amount of data stored in the cloud. Examples include S3 storage space and EBS volume usage. |
| **Data Transfer OUT** | Pay for data transfer out of the cloud. Data transfer IN is free. This pricing structure solves the issue of expensive data transfer fees in traditional IT systems. |
### How Cloud Pricing Solves Traditional IT Cost Issues
@@ -160,11 +160,11 @@ AWS follows three fundamental pricing principles based on the pay-as-you-go pric
### Example Responsibilities for Different AWS Services
-| **Service Type** | **AWS Responsibility** | **Customer Responsibility** |
-|--------------------------|----------------------------------------------------------|---------------------------------------------------------------------|
-| **IaaS (e.g., EC2)** | Securing physical infrastructure, hypervisor, and network. | Configure and secure OS, patch management, data, and network settings. |
-| **PaaS (e.g., RDS)** | Managing the database engine, backups, and patching. | Secure data at rest and in transit, manage DB access, and IAM roles. |
-| **SaaS (e.g., S3)** | Protecting the service's underlying infrastructure. | Manage permissions, bucket policies, and data lifecycle rules. |
+| **Service Type** | **AWS Responsibility** | **Customer Responsibility** |
+| -------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------- |
+| **IaaS (e.g., EC2)** | Securing physical infrastructure, hypervisor, and network. | Configure and secure OS, patch management, data, and network settings. |
+| **PaaS (e.g., RDS)** | Managing the database engine, backups, and patching. | Secure data at rest and in transit, manage DB access, and IAM roles. |
+| **SaaS (e.g., S3)** | Protecting the service's underlying infrastructure. | Manage permissions, bucket policies, and data lifecycle rules. |
### Summary
diff --git a/sections/ec2.md b/sections/ec2.md
new file mode 100644
index 0000000..8a7da8e
--- /dev/null
+++ b/sections/ec2.md
@@ -0,0 +1,358 @@
+# EC2: Virtual Machines
+
+- [EC2: Virtual Machines](#ec2-virtual-machines)
+ - [What is Amazon EC2?](#what-is-amazon-ec2)
+ - [EC2 Sizing \& Configuration Options](#ec2-sizing--configuration-options)
+ - [EC2 User Data](#ec2-user-data)
+ - [EC2 Instance Types - Overview](#ec2-instance-types---overview)
+ - [General Purpose Instances](#general-purpose-instances)
+ - [Compute Optimized Instances](#compute-optimized-instances)
+ - [Memory Optimized Instances](#memory-optimized-instances)
+ - [Storage Optimized Instances](#storage-optimized-instances)
+ - [EC2 Instance Types: Example](#ec2-instance-types-example)
+ - [Introduction to Security Groups](#introduction-to-security-groups)
+ - [Common Use Cases](#common-use-cases)
+ - [Deeper Dive](#deeper-dive)
+ - [Security Groups Diagram](#security-groups-diagram)
+ - [Examples of Security Group Rules](#examples-of-security-group-rules)
+ - [Good to Know](#good-to-know)
+ - [Classic Ports to Know](#classic-ports-to-know)
+ - [EC2 Instance Launch Types](#ec2-instance-launch-types)
+ - [On Demand Instance](#on-demand-instance)
+ - [Reserved Instances](#reserved-instances)
+ - [Savings Plans](#savings-plans)
+ - [Spot Instances](#spot-instances)
+ - [Dedicated Hosts](#dedicated-hosts)
+ - [Dedicated Instances](#dedicated-instances)
+ - [Capacity Reservations](#capacity-reservations)
+ - [EC2 Instance Launch Types Comparison](#ec2-instance-launch-types-comparison)
+ - [Which purchasing option is right for my use case?](#which-purchasing-option-is-right-for-my-use-case)
+ - [Price Comparison Example – m4.large – us-east-1](#price-comparison-example--m4large--us-east-1)
+ - [Shared Responsibility Model for EC2](#shared-responsibility-model-for-ec2)
+ - [EC2 Section – Summary](#ec2-section--summary)
+
+## What is Amazon EC2?
+
+- **Amazon Elastic Compute Cloud (EC2)** is a scalable compute service that allows users to rent virtual servers in the cloud.
+- It provides flexibility to scale compute resources up or down based on demand, offering a cost-effective solution for applications with variable workloads.
+- Key features include:
+ - **On-Demand Instances**: Pay for compute capacity by the hour or second, with no long-term commitments.
+ - **Reserved Instances**: Make a one-time payment for a significant discount on instance usage over a one- or three-year term.
+ - **Spot Instances**: Bid for unused EC2 capacity at a potentially lower price, allowing cost savings for flexible workloads.
+
+### EC2 Sizing & Configuration Options
+
+- EC2 allows for customized sizing and configurations, which include:
+ - **Instance Type**: Selecting the appropriate type based on the application's performance requirements.
+ - **Storage Options**: Using Amazon EBS for persistent block storage or instance store for temporary storage.
+ - **Networking**: Configuring VPCs, subnets, and security groups to control access and manage traffic.
+ - **Elastic Load Balancing**: Distributing incoming traffic across multiple EC2 instances to enhance availability and fault tolerance.
+ - **Auto Scaling**: Automatically adjusting the number of instances based on demand, ensuring the application has the necessary resources.
+
+### EC2 User Data
+
+- **User data** is a powerful feature for automating the setup of EC2 instances.
+- It can be specified at instance launch and is executed on the instance when it first boots.
+- bootstrapping means launching commands when a machine starts
+- That script is **only run once** at the instance **first start**
+- **Common use cases include**:
+ - Installing software packages (e.g., `yum install httpd -y` for Apache).
+ - Downloading configuration files or scripts from Amazon S3.
+ - Configuring system settings and services (e.g., starting an application server).
+
+### EC2 Instance Types - Overview
+
+Amazon EC2 offers a variety of instance types, each designed to meet specific application requirements.()
+
+#### General Purpose Instances
+
+- General purpose instances provide a balanced mix of compute, memory, and network resources.
+- They are suitable for a variety of workloads and can handle different application types effectively.
+- **Use Cases**:
+ - Web servers and applications
+ - Small to medium-sized databases
+ - Development and testing environments
+ - Enterprise applications
+
+| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** |
+| ----------------- | --------- | ---------------- | ----------------------- | ----------- |
+| **t4g.micro** | 2 | 1 | Up to 5 Gigabit | EBS only |
+| **t3.micro** | 2 | 1 | Up to 5 Gigabit | EBS only |
+| **m5.large** | 2 | 8 | Up to 10 Gigabit | EBS only |
+| **m5.xlarge** | 4 | 16 | Up to 10 Gigabit | EBS only |
+
+#### Compute Optimized Instances
+
+- Compute optimized instances are designed for applications that require high-performance processors and are well-suited for compute-intensive workloads.
+- **Use Cases**:
+ - High-performance web servers
+ - Batch processing
+ - Data analytics
+ - Machine learning inference
+
+| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** |
+| ----------------- | --------- | ---------------- | ----------------------- | ----------- |
+| **c5.large** | 2 | 4 | Up to 10 Gigabit | EBS only |
+| **c5.xlarge** | 4 | 8 | Up to 10 Gigabit | EBS only |
+| **c5.2xlarge** | 8 | 16 | Up to 10 Gigabit | EBS only |
+| **c5n.9xlarge** | 36 | 96 | 10 Gigabit | EBS only |
+
+#### Memory Optimized Instances
+
+- Memory optimized instances provide high memory bandwidth and are optimized for applications that require large amounts of memory.
+- **Use Cases**:
+ - High-performance databases (e.g., SAP HANA)
+ - In-memory caches (e.g., Redis, Memcached)
+ - Real-time big data analytics
+ - Data mining applications
+
+| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** |
+| ----------------- | --------- | ---------------- | ----------------------- | ----------- |
+| **r5.large** | 2 | 16 | Up to 10 Gigabit | EBS only |
+| **r5.xlarge** | 4 | 32 | Up to 10 Gigabit | EBS only |
+| **r5.4xlarge** | 16 | 128 | Up to 10 Gigabit | EBS only |
+| **r5b.12xlarge** | 48 | 384 | 10 Gigabit | EBS only |
+
+#### Storage Optimized Instances
+
+- Storage optimized instances are designed for applications that require high, sequential read and write access to large datasets.
+- **Use Cases**:
+ - Data warehousing applications
+ - Hadoop distributed computing
+ - High-frequency trading applications
+ - NoSQL databases (e.g., Cassandra)
+
+| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Network Performance** | **Storage** |
+| ----------------- | --------- | ---------------- | ----------------------- | ------------------- |
+| **i3.large** | 2 | 15 | Up to 10 Gigabit | 1 x 475 GB NVMe SSD |
+| **i3.xlarge** | 4 | 30 | Up to 10 Gigabit | 1 x 950 GB NVMe SSD |
+| **i3.2xlarge** | 8 | 61 | Up to 10 Gigabit | 1 x 1.9 TB NVMe SSD |
+| **d2.8xlarge** | 36 | 244 | Up to 10 Gigabit | 12 x 2 TB HDD |
+
+### EC2 Instance Types: Example
+
+Here's a quick overview of some example instance types in each category, along with their characteristics:
+
+| **Instance Type** | **vCPUs** | **Memory (GiB)** | **Storage** | **Use Case** |
+| ----------------- | --------- | ---------------- | ------------------- | -------------------------------------------------------------------------------------------------------------------------- |
+| **t3.micro** | 2 | 1 | EBS only | General-purpose applications with burstable performance; suitable for low-traffic web servers or development environments. |
+| **c5.large** | 2 | 4 | EBS only | Compute-intensive applications like gaming, web servers, and machine learning inference. |
+| **m5.xlarge** | 4 | 16 | EBS only | Balanced workloads, such as small databases and caching fleets. Ideal for web applications. |
+| **r5.xlarge** | 4 | 32 | EBS only | Memory-intensive applications such as databases, in-memory caches, and analytics workloads. |
+| **i3.2xlarge** | 8 | 61 | 1 x 2.5 TB NVMe SSD | Storage-intensive applications like NoSQL databases, data warehousing, and big data analytics. |
+| **p3.2xlarge** | 8 | 61 | EBS only | GPU-accelerated computing for machine learning, high-performance computing (HPC), and graphics-intensive applications. |
+
+t2.micro is part of the AWS free tier (up to 750 hours per month)
+
+## Introduction to Security Groups
+
+- **Security Groups** are **virtual firewalls** that control inbound and outbound traffic to Amazon EC2 instances.
+- They act at the instance level, not the subnet level, and provide a way to manage access to resources within a VPC (Virtual Private Cloud).
+- Security groups can be associated with multiple instances and can be modified at any time, allowing for flexible management of network access.
+- **Key Features**:
+ - By default, all inbound traffic is denied, and all outbound traffic is allowed.
+ - You can specify rules based on protocol (TCP, UDP, ICMP), port number, and source IP address or CIDR block.
+
+### Common Use Cases
+
+- Restricting access to an application server (allowing only specific IPs).
+- Allowing traffic from specific ports (e.g., HTTP/HTTPS).
+- Isolating database instances from public access.
+
+## Deeper Dive
+
+- **Inbound Rules**: Define the traffic allowed into your instances.
+- **Outbound Rules**: Define the traffic allowed out from your instances.
+- Each rule includes:
+ - **Type**: The protocol used (e.g., HTTP, SSH).
+ - **Protocol**: The protocol number (TCP = 6, UDP = 17).
+ - **Port Range**: The port(s) affected by the rule.
+ - **Source/Destination**: The IP address or CIDR range from which traffic is allowed.
+
+### Security Groups Diagram
+
+
+
+### Examples of Security Group Rules
+
+| **Rule Type** | **Protocol** | **Port Range** | **Source/Destination** |
+| ------------- | ------------ | -------------- | --------------------------- |
+| Inbound Rule | TCP | 22 | 203.0.113.0/24 (SSH Access) |
+| Inbound Rule | TCP | 80 | 0.0.0.0/0 (HTTP Access) |
+| Outbound Rule | All Traffic | All | 0.0.0.0/0 |
+
+### Good to Know
+
+- **Limits**: Each security group can have up to 60 inbound and 60 outbound rules by default (this limit can be increased by requesting through AWS Support).
+- **Default Security Group**: When you create a VPC, a default security group is automatically created, which allows all outbound traffic and denies all inbound traffic by default.
+- **Multiple Security Groups**: You can assign multiple security groups to a single EC2 instance, enabling fine-grained control over traffic.
+- **Security Best Practices**:
+ - Apply the principle of least privilege (only allow necessary traffic).
+ - Regularly review and audit security group rules.
+ - Use descriptive names and tags for easy management.
+
+## Classic Ports to Know
+
+| **Port Number** | **Protocol** | **Service** | **Description** |
+| --------------- | ------------ | ------------------- | --------------------------------------------------------------------------------------------------- |
+| 20 | TCP | FTP (Data Transfer) | Used for transferring files over FTP. |
+| 21 | TCP | FTP (Control) | Used for controlling file transfer sessions. |
+| 22 | TCP | SSH | Secure Shell for secure logins and command execution. |
+| 80 | TCP | HTTP | Hypertext Transfer Protocol for web traffic. |
+| 443 | TCP | HTTPS | Secure HTTP for secure web traffic. |
+| 3389 | TCP | RDP | Used for Remote Desktop Protocol, allowing users to connect to and control remote Windows machines. |
+
+## EC2 Instance Launch Types
+
+- [**On Demand Instances**](#on-demand-instance): short workload, predictable pricing
+- [**Reserved**](#reserved-instances): (1 & 3 years)
+ - **Reserved Instances**: long workloads
+ - **Convertible Reserved Instances**: long workloads with flexible instances
+- [**Savings Plans**](#savings-plans) (1 & 3 years): commitment to an amount of usage, long workload
+- [**Spot Instances**](#spot-instances): short workloads, for cheap, can lose instances
+- [**Dedicated Instances**](#dedicated-instances): no other customers will share your hardware
+- [**Dedicated Hosts**](#dedicated-hosts): book an entire physical server, control instance placement
+- [**Capacity Reservations**](#capacity-reservations): reserve capacity in a specific AZ for any duration
+
+### On Demand Instance
+
+- Pay for what you use:
+ - Linux or Windows - billing per second, after the first minute
+ - All other operating systems - billing per hour
+- Has the highest cost but no upfront payment
+- No long-term commitment
+- Recommended for **short-term** and **un-interrupted workloads**, where you can't predict how the application will behave
+
+### Reserved Instances
+
+- Up to 72% discount compared to On-demand
+- You reserve a specific instance attributes (Instance Type, Region, Tenancy, OS)
+- Reservation Period – 1 year (+discount) or 3 years (+++discount)
+- Payment Options – No Upfront (+), Partial Upfront (++), All Upfront (+++)
+- Reserved Instance’s Scope – Regional or Zonal (reserve capacity in an AZ)
+- Recommended for steady-state usage applications (think database)
+- You can buy and sell in the Reserved Instance Marketplace
+
+- Convertible Reserved Instance
+ - Can change the EC2 instance type, instance family, OS, scope and tenancy
+ - Up to 66% discount
+
+### Savings Plans
+
+- Get a discount based on long-term usage (up to 72% - same as RIs)
+- Commit to a certain type of usage ($10/hour for 1 or 3 years)
+- Usage beyond EC2 Savings Plans is billed at the On-Demand price
+
+- Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
+- Flexible across:
+ - Instance Size (e.g., m5.xlarge, m5.2xlarge)
+ - OS (e.g., Linux, Windows)
+ - Tenancy (Host, Dedicated, Default)
+
+### Spot Instances
+
+- Can get a discount of up to 90% compared to On-demand
+- Instances that you can “lose” at any point of time if your max price is less than the current spot price
+- The MOST cost-efficient instances in AWS
+- Useful for workloads that are resilient to failure
+ - Batch jobs
+ - Data analysis
+ - Image processing
+ - Any distributed workloads
+ - Workloads with a flexible start and end time
+- Not suitable for critical jobs or databases
+
+### Dedicated Hosts
+
+- A physical server with EC2 instance capacity fully dedicated to your use
+- Allows you to address compliance requirements and use your existing server- bound software licenses (per-socket, per-core, pe—VM software licenses)
+- Purchasing Options:
+ - On-demand – pay per second for active Dedicated Host
+ - Reserved - 1 or 3 years (No Upfront, Partial Upfront, All Upfront)
+- The most expensive option
+- Useful for software that have complicated licensing model (BYOL – Bring Your Own License)
+- Or for companies that have strong regulatory or compliance needs
+
+### Dedicated Instances
+
+- Instances run on hardware that’s dedicated to you
+- May share hardware with other instances in same account
+- No control over instance placement (can move hardware after Stop / Start)
+
+### Capacity Reservations
+
+- Reserve On-Demand instances capacity in a specific AZ for any duration
+- You always have access to EC2 capacity when you need it
+- No time commitment (create/cancel anytime), no billing discounts
+- Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts
+- You’re charged at On-Demand rate whether you run instances or not
+- Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ
+
+### EC2 Instance Launch Types Comparison
+
+| **Launch Type** | **Cost Structure** | **Payment Options** | **Commitment** | **Use Case** | **Flexibility** |
+| ------------------------- | ----------------------------------------------------------------------------------- | ------------------------------------------------------ | ----------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------------------ |
+| **On-Demand Instances** | - Linux/Windows: per second after the first minute
- Other OS: billed per hour | No upfront payment | No long-term commitment | Short-term and unpredictable workloads | High flexibility; can start/stop anytime |
+| **Reserved Instances** | Up to 72% discount compared to On-Demand | - No Upfront
- Partial Upfront
- All Upfront | 1 year or 3 years | Steady-state applications (e.g., databases) | Reserved capacity in a specific region or AZ |
+| **Savings Plans** | Up to 72% discount based on long-term usage | Commit to a certain usage amount | 1 year or 3 years | Applications with predictable usage patterns | Flexible across instance size, OS, and tenancy |
+| **Spot Instances** | Discount up to 90% compared to On-Demand | Pay the Spot price | No commitment required | Cost-sensitive, resilient workloads (e.g., batch jobs) | Instances can be terminated anytime if spot price exceeds your max price |
+| **Dedicated Hosts** | Most expensive; pay per second for active host | - On-Demand
- Reserved (1 or 3 years) | Long-term commitment possible | Compliance-heavy applications or complex licensing models | Full control over server; ideal for BYOL scenarios |
+| **Dedicated Instances** | Higher than shared instances; not the most expensive | On-Demand pricing | No long-term commitment | Workloads needing dedicated hardware but can share resources | Limited control over instance placement |
+| **Capacity Reservations** | Billed at On-Demand rates regardless of instance running | No upfront payment | No time commitment | Ensures EC2 capacity availability in a specific AZ | Can create/cancel anytime; no discounts on billing |
+
+## Which purchasing option is right for my use case?
+
+- **On-Demand Instances**:
+ - Staying at a resort whenever we want and paying the full price for each night.
+ - Ideal for a startup running a web application with unpredictable traffic spikes.
+- **Reserved Instances**:
+ - Planning a long vacation in advance, allowing us to get a significant discount for booking ahead.
+ - Best for a company operating a database server that requires constant uptime for a year.
+- **Savings Plans**:
+ - Committing to a set amount per hour for a specified duration while enjoying any room type
+ - Suitable for a SaaS provider that anticipates steady usage of compute resources over three years.
+- **Spot Instances**:
+ - Bidding for available rooms; the highest bidder secures the room, but they can be asked to leave at any moment.
+ - Perfect for a research team processing large data sets where jobs can be paused and resumed.
+- **Dedicated Hosts**:
+ - Renting an entire wing of the resort exclusively for ourselves.
+ - Appropriate for a financial institution needing to comply with strict regulatory requirements and using custom software licenses.
+- **Dedicated Instances**:
+ - Having a private room that's solely ours but sharing some amenities with other guests.
+ - Great for a business running non-critical applications that need some level of hardware isolation.
+- **Capacity Reservations**:
+ - Booking a room for a set period at full price, even if we don’t end up using it.
+ - Useful for an enterprise ensuring EC2 capacity for a new product launch in a specific availability zone.
+
+## Price Comparison Example – m4.large – us-east-1
+
+| **Launch Type** | **Hourly Price** | **Monthly Price (Approx.)** | **Notes** |
+| ------------------------- | ------------------------------------ | --------------------------- | ---------------------------------------------------------------- |
+| **On-Demand Instance** | $0.096 per hour | $69.12 | Pay-as-you-go pricing. Ideal for short-term usage. |
+| **Reserved Instances** | $0.054 per hour (1-year term) | $39.24 | Commit to one year for a significant discount. |
+| **Savings Plans** | $0.058 per hour (1-year term) | $41.76 | Flexible savings plan applicable to any instance type. |
+| **Spot Instances** | $0.028 per hour (varies with demand) | $20.16 | Pricing varies; can be interrupted. Best for flexible workloads. |
+| **Dedicated Hosts** | $0.12 per hour (per host) | $86.40 | Dedicated physical server; pricing per host. |
+| **Dedicated Instances** | $0.096 per hour | $69.12 | Similar to on-demand but on dedicated hardware. |
+| **Capacity Reservations** | $0.096 per hour | $69.12 | Reserved capacity at on-demand pricing. |
+
+## Shared Responsibility Model for EC2
+
+| **Responsibility** | **AWS Responsibilities** | **User Responsibilities** |
+| --------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- |
+| **Infrastructure Security** | The security of the underlying infrastructure, including hardware, software, networking, and facilities. | Securing the EC2 instances, including operating systems and applications. |
+| **Physical Security** | Ensures physical security of data centers where EC2 instances run. | N/A |
+| **Network Security** | Implements security measures for the network, including firewalls and DDoS protection. | Configuring security groups, network ACLs, and VPC settings. |
+| **Data Protection** | Provides encryption options for data at rest and in transit. | Managing data encryption and access control. |
+| **Access Management** | Offers IAM services to manage access to AWS resources. | Configuring IAM users, roles, and policies for access management. |
+| **Compliance** | Complies with various compliance standards and certifications for infrastructure. | Compliance related to the applications and data hosted on EC2 instances. |
+| **Patch Management** | Provides a secure and up-to-date infrastructure. | Applying patches and updates to the operating system and applications. |
+
+## EC2 Section – Summary
+
+- EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data
+- Security Groups: Firewall attached to the EC2 instance
+- EC2 User Data: Script launched at the first start of an instance
+- SSH: start a terminal into our EC2 Instances (port 22)
+- EC2 Instance Role: link to IAM roles
+- Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance