When I first started using AWS EC2, I thought I was just spinning up a server. That’s what most tutorials said. Just “launch an instance” and you’re good. But what I didn’t know was this: EC2 is simple on the surface, but has a lot of hidden details that can cost you time, money, and sanity. Here’s everything I wish someone told me before I used EC2 for the first time — so you can avoid the mistakes I made. 1. Choosing the Right Instance Type is Not Optional The first decision you make is the instance type. You’ll see names like t2.micro, t3.medium, m5.large, and so on. t2.micro t3.medium m5.large Back then, I picked the cheapest one — t2.micro. Free tier, right? t2.micro But my app kept crashing. Why? I didn’t understand how “burstable” instances work. What I learned: What I learned t2.micro uses CPU credits. You earn credits over time and spend them when your app needs more CPU. If you run a long-running process (like a build or script), you can run out of credits fast. Once you run out, your instance becomes very slow. t2.micro uses CPU credits. You earn credits over time and spend them when your app needs more CPU. t2.micro CPU credits If you run a long-running process (like a build or script), you can run out of credits fast. Once you run out, your instance becomes very slow. very slow What to do instead: What to do instead If you're just experimenting or hosting a static site, t2.micro is fine. If you need something more stable for background tasks, use t3 or m series. Always match the instance to your actual workload — not the price tag. If you're just experimenting or hosting a static site, t2.micro is fine. t2.micro If you need something more stable for background tasks, use t3 or m series. t3 m Always match the instance to your actual workload — not the price tag. 2. Security Groups Are Firewalls (And They Matter) When I launched my EC2 instance, I couldn’t SSH into it. I thought it was broken. But it was just the security group — EC2’s version of a firewall — blocking my access. security group What I learned: What I learned By default, EC2 blocks all incoming traffic. You have to manually open ports, even for SSH (port 22) or HTTP (port 80). If you want to visit your app in a browser, you need to allow port 80 (or 443 for HTTPS). By default, EC2 blocks all incoming traffic. all You have to manually open ports, even for SSH (port 22) or HTTP (port 80). manually open ports If you want to visit your app in a browser, you need to allow port 80 (or 443 for HTTPS). What to do instead: What to do instead When setting up your instance, add a rule to allow SSH from your IP. For public websites, allow HTTP and HTTPS. Don’t open all ports to the world. That’s asking for trouble. When setting up your instance, add a rule to allow SSH from your IP. add a rule to allow SSH For public websites, allow HTTP and HTTPS. Don’t open all ports to the world. That’s asking for trouble. 3. EC2 Is Just a Blank Server When I got into my instance, I typed node to run my Node app. node “Command not found.” I tried git pull. That didn’t work either. git pull Then it hit me — EC2 is just a bare OS. Nothing comes preinstalled. bare OS What I learned: What I learned You need to install everything: Node, Python, Git, Nginx, whatever. There’s no GUI, just a terminal. It’s basically like renting a computer from the cloud. You need to install everything: Node, Python, Git, Nginx, whatever. There’s no GUI, just a terminal. It’s basically like renting a computer from the cloud. What to do instead: What to do instead Use a startup script to automate initial setup. Or create your own custom AMI once everything is configured the way you want. If you’re deploying often, consider using Elastic Beanstalk or AWS AMI images with pre-installed stacks. Use a startup script to automate initial setup. startup script Or create your own custom AMI once everything is configured the way you want. custom AMI If you’re deploying often, consider using Elastic Beanstalk or AWS AMI images with pre-installed stacks. Elastic Beanstalk AWS AMI images 4. EC2 Doesn’t Store Your Data Unless You Tell It To I once restarted my EC2 instance and all my app files were gone. Gone. Why? I was using ephemeral storage — which wipes clean on stop/start. ephemeral storage What I learned: What I learned EC2 has two main storage types: Instance Store (temporary) and EBS (persistent). Only EBS volumes keep your data after shutdown. Some AMIs default to instance store unless changed. EC2 has two main storage types: Instance Store (temporary) and EBS (persistent). Instance Store EBS Only EBS volumes keep your data after shutdown. Some AMIs default to instance store unless changed. What to do instead: What to do instead Always use EBS for anything important. Take snapshots of your volume regularly. If you need even more durability, consider storing files on S3 instead. Always use EBS for anything important. Take snapshots of your volume regularly. snapshots If you need even more durability, consider storing files on S3 instead. S3 5. Public IPs Can Change (Unless You Use Elastic IPs) I built a nice little app, deployed it on EC2, and sent the IP to my friends. A few days later, they said it wasn’t working. I checked. The public IP had changed. What I learned: What I learned EC2 assigns a new public IP every time you stop and start the instance. If you want a stable IP, you must use an Elastic IP. EC2 assigns a new public IP every time you stop and start the instance. new public IP every time you stop and start If you want a stable IP, you must use an Elastic IP. Elastic IP What to do instead: What to do instead Go to EC2 > Elastic IPs and allocate one. Associate it with your instance. Update your DNS or use this IP in your frontend code. Go to EC2 > Elastic IPs and allocate one. Associate it with your instance. Update your DNS or use this IP in your frontend code. Note: You’ll be charged for unused Elastic IPs, so release them when not needed. 6. SSH Key Pairs Are Everything You can’t just log in with a password. When you launch your instance, AWS asks for a key pair — that .pem file. key pair .pem I deleted mine thinking I didn’t need it again. Big mistake. What I learned: What I learned Without the .pem file, you can’t SSH into the instance. If you lose it, you’ll need to create a new instance or use a snapshot workaround. Without the .pem file, you can’t SSH into the instance. .pem If you lose it, you’ll need to create a new instance or use a snapshot workaround. What to do instead: What to do instead Store your key securely. Never delete it unless you're 100% done with the instance. Use a password manager or secure backup tool. Store your key securely. Never delete it unless you're 100% done with the instance. Use a password manager or secure backup tool. 7. You Need to Set Up Auto Shutdown or You’ll Forget I once left an EC2 instance running for a month. Didn’t even realize it. Until the bill came. What I learned: What I learned EC2 charges by the second, but only while the instance is running. There's no warning or reminder if something stays running. EC2 charges by the second, but only while the instance is running. by the second There's no warning or reminder if something stays running. What to do instead: What to do instead Set a calendar reminder to stop unused instances. Use AWS Budgets to get alerts on spend. You can also set up a Lambda function to auto-stop idle EC2 instances. Set a calendar reminder to stop unused instances. Use AWS Budgets to get alerts on spend. AWS Budgets You can also set up a Lambda function to auto-stop idle EC2 instances. Lambda function 8. EC2 Is Powerful, But Not Always the Best Choice If you're just trying to host a static website, EC2 is overkill. Same if you don’t want to manage Linux. What I learned: What I learned EC2 gives you full control — which means full responsibility. For simpler use cases, AWS offers easier tools: Amplify for frontend apps Elastic Beanstalk for managed backends Lightsail for WordPress or quick server setup Lambda for serverless tasks EC2 gives you full control — which means full responsibility. For simpler use cases, AWS offers easier tools: Amplify for frontend apps Elastic Beanstalk for managed backends Lightsail for WordPress or quick server setup Lambda for serverless tasks Amplify for frontend apps Elastic Beanstalk for managed backends Lightsail for WordPress or quick server setup Lambda for serverless tasks Amplify for frontend apps Amplify Elastic Beanstalk for managed backends Elastic Beanstalk Lightsail for WordPress or quick server setup Lightsail Lambda for serverless tasks Lambda What to do instead: What to do instead Think about what you actually need. If you're just testing something, EC2 is fine. But don’t force yourself to manage infrastructure unless it makes sense. Think about what you actually need. If you're just testing something, EC2 is fine. But don’t force yourself to manage infrastructure unless it makes sense. Final Thoughts EC2 is a powerful tool. But like most AWS services, it assumes you know what you’re doing. The documentation doesn’t always make things simple. And one small setting can lead to hours of debugging or unexpected costs. But once you understand the basics — instances, IPs, storage, firewalls — EC2 starts to make sense. It becomes a tool you can rely on. Just remember: treat EC2 like a real server. Because that’s exactly what it is. And a little preparation will save you a lot of pain later.
