Elastic Cloud Compute EC2

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable (scalable) compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. It is the central part of Amazon’s cloud-computing platform known as Amazon Web Services (AWS). Unlike traditional data centers, which lease physical resources, Amazon EC2 clouds lease virtualized resources which are mapped and run transparently to the client by the cloud’s virtualization middleware called ‘Xen’. EC2 is an IaaS cloud computing service that opens Amazon’s large computing infrastructure to its clients. The service is elastic in the sense that it enables customers to increase or decrease its infrastructure by launching or terminating new virtual machines known as instances.

EC2 Benefits

Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing customers to quickly scale capacity, both up and down, as their computing requirements change.

Customers have complete control over the type of storage they want to use, the network configurations, the security configuration, …

Customers have the choice of multiple instance types, operating systems, and software packages. 

  • Amazon EC2 allows its customers to select a configuration of memory, CPU, instance storage, and the boot partition size that is optimal for their choice of operating system and application.
  • Amazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. .

Amazon EC2’s simple web service interface allows customers to obtain and configure capacity with minimal friction. It provides them with complete control of their computing resources and lets them run on Amazon’s proven computing environment. 

Amazon EC2 is integrated with most of the AWS services such as S3, VPC, Lambda Redshift, RDS, EMR, and so on.

  • Using EC2 and the other services of AWS, customers can get a complete solution for all of their IT needs. The data center and network architecture of AWS built to meet the requirements of the most security-sensitive organizations.
  • Amazon EC2 works in conjunction with Amazon VPC to provide security and robust networking functionality for it’s customers compute resources.

Leverage agile frameworks to provide a robust synopsis for high level overviews. Iterative approaches to corporate strategy foster collaborative thinking to further the overall value proposition. 

EC2 Features

Instances:- Amazon EC2 presents a virtual computing environment, allowing its customers to use web service interfaces to launch instances with a variety of operating systems, load them with their custom application environment, manage network’s access permissions, and run their image using as many or few systems as they desire

Regions and Availability Zones:- AWS offers multiple physical locations for its customers resources such as instances and Amazon EBS volumes, known as Regions and Availability Zones.

Amazon EBS volumes (EBS):- EBS is an easy to use and high performance block storage service designed for use with Amazon EC2 for both throughput and transaction intensive workloads at any scale.

Virtual private clouds (VPCs):- Amazon Virtual Private Cloud (Amazon VPC) is a secure and seamless bridge between customers existing IT infrastructure and the AWS cloud. Amazon VPC enables customers to connect their existing infrastructure to a set of isolated AWS compute resources via a Virtual Private Network (VPN) connection.

Instance types:- Amazon EC2 provides a large selection of instance types, which can be optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity and give customers the flexibility to choose the appropriate mix of resources for their applications. Each instance type includes one or more instance sizes, allowing customers to scale their resources to the requirements of their target workload.

Key pairs:- Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place)

Amazon Machine Images (AMIs):-  AMI is a special type of virtual product that is used to create a virtual machine within EC2. It is a Pre-configured templates for customers instances, that package the bits they need for their server which includes the operating system and additional software.

Security groups:- A firewall that enables customers to specify the protocols, ports, and source IP ranges that can reach them instances using security groups

Tag:- Tags are words or phrases that act as metadata for identifying and organizing your AWS resources. A resource can have up to 50 user-applied tags.

Elastic IP addresses:- An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with customers AWS accounts. With an Elastic IP address, AWS customers can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.

Instance store volumes:- An AWS instance store is a temporary storage type located on disks that are physically attached to a host machine. Instance stores are made up of single or multiple instance store volumes exposed as block devices. Storage volumes are for temporary data which will be deleted when customers stop or terminate their instance.

Flexible Pricing:- Charge of the server is on an hourly basis or per second, such that customers don’t have to pay a huge amount of expense when provision their servers on EC2.

Amazon Machine Image

Amazon Machine Image

Amazon Machine Image

An Amazon Machine Image (AMI) is a packaged environment containing a software configuration and other parts that is used to create a virtual machine within the EC2. In other word, an AMI is a template that contains a software configuration from where customers launch instances, which are copies of the AMI running as virtual servers in the cloud.

  • An instance is a virtual server in the cloud. Its configuration at launch is a copy of the AMI that AWS clients specified when they launched the instance. They are able to launch different types of instances from a single AMI. An instance type essentially determines the hardware of the host computer used for customers instance. Each instance type offers different compute and memory capabilities.
  • An AMI defines the initial software that will be on an instance when it is launched. It also defines every aspect of the software state at instance launch, which includes: 
    • The Operating System (OS) and its configuration 
    • The initial state of any patches 
    • Application or system software.
  • Launch permissions control which AWS accounts can use the AMI to launch instances. The owner of an AMI determines its availability by specifying launch permissions. The owner of an AMI determines its availability by specifying launch permissions. There are three types of Launch permissions
    • Public:- where the owner grants launch permissions to all AWS accounts. 
    • Explicit:- The owner grants launch permissions to specific AWS accounts. 
    • Implicit:–The owner has implicit launch permissions for an AMI.

AMIs come in four main categories:

  1. Community AMIs by AWS:—AWS publishes AMIs with versions of many different OSs, both Linux and Windows. Launching an instance based on one of these AMIs will result in the default OS settings, similar to installing an OS from the standard OS ISO image. Free to use, generally customers just select the operating system they want. 
  2. AWS Marketplace AMIs:—AWS Marketplace is an online store that helps customers find, buy, and immediately start using the software and services that run on Amazon EC2. It is used for software providers to sell their products through AWS Marketplace. The customers will be billed by AWS, then AWS will pay the AMI owner in their share of the sale. 
  3. Generated from Existing Instances:—An AMI can be created from an existing Amazon EC2 instance. This is a very common source of AMIs. Customers launch an instance from a published AMI, and then the instance is configured to meet all the customer’s corporate standards for updates, management, security.
  4. My AMIsUploaded Virtual Servers:—AMIs that customers create themselves. Using AWS VM Import/Export service, customers can create images from various virtualization formats, including raw, VHD, VMDK, and OVA.
    • VM Import/Export not only enables AWS clients import Virtual Machines (VMs) form their existing environment as an Amazon EC2 instance, but it also export them back to their on-premises environment as the client desire. They also can export imported instances back to their on-premises virtualization infrastructure, allowing them to deploy workloads across their IT infrastructure.

Regions

The AWS Cloud infrastructure is built around Regions and Availability Zones (AZs). A Region is a physical location in the world with multiple AZs. Availability Zones consist of one or more discrete data centers, each with redundant power and networking, housed in separate facilities that are located on stable flood plains. 

A Region is a geographical area that it is completely independent, and each Availability Zone is isolated. However,  the Availability Zones in a Region are connected through low-latency links. A Local Zone is the extension of a Region, which is different customer Region. It is AWS infrastructure deployment that places select services closer to clients end users, and provides a high-bandwidth backbone to the AWS infrastructure, that is ideal for latency-sensitive applications

Since each Amazon Region is designed to be completely isolated from the other Amazon Regions. 

    • It achieves the greatest possible fault tolerance and stability. 
    • It enable customers to replicate data within a region and between regions using private or public Internet connections.
    • It allow customers to retain complete control and ownership over the region in which their data is physically located.

An AWS account provides multiple Regions so that its customers can launch Amazon EC2 instances in locations that meet their requirements. 

  • The largest AWS region North East US, where N. Virginia has six zones followed by Ohio (three). The rest includes N. California (three), Oregon (three),  Mumbai (two), Seoul (two), Singapore (two), Sydney (three), Tokyo (four), Bahrain Canada Central (two) China Beijing (two), Frankfurt (three), Ireland (three), London (two), and São Paulo (three). Moving forward, new AWS regions will have three or more zones whenever necessary. When a customer create certain resources in a region, they will be asked to choose a zone in which to host that resource.
AWS Regions and Availability Zones

AWS Regions and Availability Zones

Availability Zones

Availability Zones

Availability Zones are physically separate and isolated from each other. AZs span one or more data centers and have direct, low-latency, high throughput and redundant network connections between each other. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. 

  • Availability Zones offer clients the ability to operate production applications and databases that are more highly available, fault tolerant, and scalable.
    • Each AZ is designed as an independent failure zone.
    • Although Availability Zones are isolated the Availability Zones in a Region, however, are connected through low-latency links. 
  • Each AWS Region has multiple Availability Zones and data centers. AWS clients can deploy their applications across multiple Availability Zones in the same region.
    • Availability Zones are connected to each other with fast and private fiber-optic network, which enables applications to automatically fail-over between Availability Zones without interruption.
  • In addition to replicating applications and data across multiple data centers in the same Region using Availability Zones, clients can also choose to further increase redundancy and fault tolerance by replicating data between geographic Regions
    • They can do so using both private and public Networks to provide an additional layer of business continuity, or to provide low latency access across the globe.
    • Each Availability Zone is designed as an independent failure zone. This means that Availability Zones are physically separated within a typical metropolitan region and are located in lower risk flood areas.
      • An Availability Zone is represented by a region code followed by a letter identifier; for example, us-east-1a.
      • Inorder to coordinate Availability Zones across accounts, clients need to use the AZ ID, that is a unique and consistent identifier for an Availability Zone. 
        • use1-az1 is an AZ ID for the us-east-1.
      • Viewing AZ IDs enables customers to determine the location of resources in one account relative to the resources in another account.
  • When an instance launched, AWS clients can select an Availability Zone or let AWS choose one for them. Distributing instances across multiple Availability Zones enable customers use the other inst incase one instance fails. They can design their application so that an instance in another Availability Zone can handle requests.
  • They can also use Elastic IP addresses to mask the failure of an instance in one Availability Zone by rapidly remapping the address to an instance in another Availability Zone.

 

Local Zones

AWS Local Zones are an AWS infrastructure deployment service, that places AWS compute, storage, database, and other select services closer to large population, industry, and IT centers where no AWS Region exists today.

  • Each AWS Local Zone location is an extension of an AWS Region where clients can run their latency-sensitive applications using AWS services such as Amazon Elastic Compute Cloud, Amazon Virtual Private Cloud, Amazon Elastic Block Store, Amazon FSx, and Amazon Elastic Load Balancing in geographic proximity to end-users.
  • Local Zones enable customers seamlessly connect to the full range of services in the AWS Region such as Amazon Simple Storage Service and Amazon DynamoDB through the same APIs and tool sets.
  • AWS Local Zones provide a high-bandwidth, secure connection between local workloads and those running in the AWS Region, enabling customers to seamlessly connect back to their other workloads running in AWS and to the full range of in-region services through the same APIs and tool sets.
  • A Local Zone is represented by a Region code followed by an identifier that indicates the location, 
    • us-west-2-lax-1a —> Los Angeles
  • With AWS Local Zones, clients can easily run single-digit millisecond latency for use cases such as media & entertainment content creation, real-time gaming, reservoir simulations, electronic design automation, and machine learning. 

Edge Location

Edge locations are Content Delivery Network (CDN) endpoints for CloudFront. Amazon CloudFront is a web service that speeds up distribution of customers static and dynamic web content, such as .html, .css, .js, and image files, to their  users. 

  • CloudFront delivers customer content through a worldwide network of data centers called edge locations. When a user requests content that they’re serving with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.
  • If the content is already on the edge location with the lowest latency, CloudFront delivers it immediately.
  • If the content is not in that edge location, CloudFront retrieves it from an origin that the wayy the customer defined it—such as an Amazon S3 bucket, a MediaPackage channel, or an HTTP server.
  • CloudFront speeds up the distribution of customer content by routing each user request.

Regional Edge Caches sit between customers CloudFront Origin servers and the Edge Locations.

A Regional Edge Cache has a larger cache-width than each of the individual Edge Locations.

security group

Security group

A security group acts as a virtual firewall for customers instance to control inbound and outbound traffic. Security groups allow customers to control traffic based on port, protocol, and source/destination. 

  • A security group is default deny; that is, it does not allow any traffic that is not explicitly allowed by a security group rule, which is defined by the three attributes 
    • Port:– The port number affected by this rule. For instance, port 80 for HTTP traffic. 
    • Protocol:– The communications standard for the traffic affected by this rule. Source/Destination Identifies the other end of the communication, the source for incoming traffic rules, or the destination for outgoing traffic rules. 
    • The source/destination:– can be defined in two ways: CIDR block—An x.x.x.x/x style definition that defines a specific range of IP addresses. 
  • Security group includes any instance that is associated with the given security group. This helps prevent coupling security group rules with specific IP addresses.
  • Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in their VPC can be assigned to a different set of security groups.
  • For each security group, customers add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic. 
  • Customers can add or remove rules for a security group (also referred to as authorizing or revoking inbound or outbound access). A rule applies either to inbound traffic (ingress) or outbound traffic (egress). 
  • If the customers VPC has a VPC peering connection with another VPC, a security group rule can reference another security group in the peer VPC. 
  • Security group is the firewall of EC2 Instances
  • Security groups are tied to an instance
  • Security groups has to be assigned explicitly to the instance. This means any instances within the subnet group gets the rule applied. If you have many instances, managing the firewalls using Network ACL can be very useful. Otherwise, with Security group, you have to manually assign a security group to the instances.
  • Security groups are stateful: This means any changes applied to an incoming rule will be automatically applied to the outgoing rule. 
  • Security group support allow rules only (by default all rules are denied). e.g. You cannot deny a certain IP address from establishing a connection.
  • All rules in a security group are applied whereas i.e. Security groups evaluate all the rules in them before allowing a traffic 
  • Security group first layer of defense

Key Pair

Amazon EC2 uses public-key cryptography to encrypt and decrypt login information. At the basic level, a sender uses a public key to encrypt data, which its receiver then decrypts using another private key. These two keys, public and private, are known as a key pair.

  • Key pairs can be created through the AWS Management Console, CLI, or API, or customers can upload their own key pairs. AWS stores the public key, and the private key is kept by the customer.
  • Public-key cryptography enables customers to securely access their instances using a private key instead of a password.
  • Linux instances do not have a password already set and customers must use the key pair to log in to Linux instances. 
  • On Windows instances, customers need the key pair to decrypt the administrator password. Using the decrypted password, they can use RDP and then connect to their Windows instance. 
  • Amazon EC2 stores only the public key, thus customers either need to generate it inside Amazon EC2 or import it. Since the private key is not stored by Amazon, it’s advisable to store it in a secure place as anyone who has this private key can access the AWS account.
  • When launching an instance, customers need to specify the name of the key pair that they plan to use to connect to the instance. 
  • Customers also must specify the private key that corresponds to the key pair they specified when they launched the instance.

Instance Metadata (TAGS)

Instance metadata is data about customers instance that they can use to configure or manage the running instance. Instance metadata is divided into categories such as, host name, events, and security groups.

  • Amazon Web Services allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources. Although there are no inherent types of tags, they enable customers to categorize resources by purpose, owner, environment, or other criteria.
  • The AWS Management Console is organized by AWS service, allows customers to create a custom console that organizes and consolidates AWS resources based on one or more tags or portions of tags. Using this tool, customers can consolidate and view data for applications that consist of multiple services and resources in one place.

Best Practices for Tags 

  • Employ a Cross-Functional Team to Identify Tag Requirements
  • Use Tags Consistently.
  • Consider tags from a cost/benefit perspective when deciding on a list of required.  
  • Adopt a Standardized Approach for Tag Names and Names for AWS tags are case sensitive.
  • Use Both Linked Accounts and Cost Allocation Tags
  • Avoid Multi-Valued Cost: Allocation Tags For shared resources.  
  • Tag Everything

EC2 instances

The  type of instance that client specify determines the hardware of the host computer used for their instance. Each instance type offers different compute, memory, and storage capabilities and are grouped in instance families based on these capabilities. Each instance type provides higher or lower minimum performance from a shared resource.

General purpose instances

General purpose instances provide a balance of compute, memory and networking resources, and can be used for a variety of diverse workloads. These instances are ideal for applications that use these resources in equal proportions such as web servers and code repositories. 

  • Amazon EC2 A1 instances deliver significant cost savings and are ideally suited for scale-out and Arm-based workloads that are supported by the extensive Arm ecosystem. Powered by the AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor.
  • T3 and T3a instances are the next generation burstable general-purpose instance type that provide a baseline level of CPU performance with the ability to burst CPU usage at any time for as long as required. T3 instances offer a balance of compute, memory, and network resources and are designed for applications with moderate CPU usage that experience temporary spikes in use.
  • T2 instances are Burstable Performance Instances that provide a baseline level of CPU performance with the ability to burst above the baseline.
  • Amazon EC2 M6g instances are powered by Arm-based AWS Graviton2 processors. They deliver up to 40% better price/performance over current generation M5 instances and offer a balance of compute, memory, and networking resources for a broad set of workloads. 
    • Custom built AWS Graviton2 Processor with 64-bit Arm Neoverse cores 
    • Support for Enhanced Networking with Up to 25 Gbps of Network bandwidth

Compute Optimised

Compute Optimized instances are ideal for compute bound applications that benefit from high performance processors. Instances belonging to this family are well suited for batch processing workloads, media transcoding, high performance web servers, high performance computing (HPC), scientific modeling, dedicated gaming servers and ad server engines, machine learning inference and other compute intensive applications.

  • C5n instances are ideal for high compute applications (including High Performance Computing (HPC) workloads, data lakes, and network appliances such as firewalls and routers) that can take advantage of improved network throughput and packet rate performance. C5n instances offers up to 100 Gbps network bandwidth and increased memory over comparable C5 instances.
  • C5 instances are optimized for compute-intensive workloads and deliver cost-effective high performance at a low price per compute ratio. C5 instances offer a choice of processors based on the size of the instance.
    • C5 instances are ideal for applications where you prioritize raw compute power, such as gaming servers, scientific modeling, high-performance web servers, and media transcoding. 
  • C4 instances are the latest generation of Compute-optimized instances, featuring the highest performing processors and the lowest price/compute performance in EC2

Memory Optimised

Memory optimized instances are designed to deliver fast performance for workloads that process large data sets in memory. 

  • Amazon EC2 z1d instances offer both high compute capacity and a high memory footprint. High frequency z1d instances deliver a sustained all core frequency of up to 4.0 GHz, the fastest of any cloud instance.
  • X1 and X1e instances are optimized to provide a high ratio of memory to compute with the X1e family delivering the highest memory to compute ratio among EC2 offerings. 
    • These instances are used for the highest need memory-intensive applications such as SAP HANA, providing a strong foundation for real-time applications.
    • Instances are optimized for large-scale, enterprise-class, in-memory applications and high-performance databases, and have the lowest price per GiB of RAM among Amazon EC2 instance types.
  • High Memory instances have the greatest amount of available RAM, providing 6 TB, 9 TB, or 12 TB of memory in a single instance. Like X1 and X1e, these are suited to production deployments of hugely memory intensive, real-time databases such as SAP HANA.
  • R4 instances are optimized for memory-intensive applications and offer better price per GiB of RAM than R3. The RAM sizes are a step below the X1s.
  • R5 and R5a are respectively the Intel and AMD offerings of “regular” memory optimized instances. These instances are ideal for memory intensive applications such as real-time big data analytics, large in-memory caches, and high-performance databases. The R5 and R5a instances benefit from the AWS Nitro System, which gives you access to almost all of the compute and memory resources of a server (i.e. allocating as little as possible to the OS). This optimization allows for lower cost when compared on a per-GiB basis to competitors

Storage Optimised:– Storage optimized instances are designed for workloads that require high, sequential read and write access to very large data sets on local storage. They are optimized to deliver tens of thousands of low-latency, random I/O operations per second (IOPS) to applications.

  • H1 and D2 instances feature up to 16 TB 48 TB of HDD-based local storage respectively, both deliver high disk throughput, and a balance of compute and memory. D2 instances offer the lowest price per disk throughput performance on Amazon EC2.
  • I3 and I3en These instance family provides Non-Volatile Memory Express (NVMe) SSD-backed instance storage optimized for low latency, very high random I/O performance, high sequential read throughput (I3) and provide high IOPS, high sequential disk throughput (I3en), and offers the lowest price per GB of SSD instance storage on Amazon EC2.

Pricing

AWS provides different families of instance types based on different needs. Some families support general-purpose computing, while others are optimized for processing, memory, storage, and other purposes.Within each family, different sizes of instances offer increasing levels of processing power, available memory, storage capacity, and network bandwidth.

  • Amazon EC2 is free to try. There are four ways to pay for Amazon EC2 instances: 
    • On-Demand, 
    • Reserved Instances, and 
    • Spot Instances. 
    • Customers can also pay for Dedicated Hosts which provide them with EC2 instance capacity on physical servers dedicated to your use.

On-Demand

  • With On-Demand instances, users pay for computing capacity by per hour or per second depending on which instances they run. 
  • Applications with short term, spiky, or unpredictable workloads that cannot be interrupted.
  • Applications being developed or tested on EC2 for the first time.
  • This is the most flexible pricing option, as it requires no up-front commitment, and the customer has control over when the instance is launched and when it is terminated. 
  • It is the least cost-effective of the three pricing options per compute hour, but its flexibility allows customers to save by provisioning a variable level of computing for unpredictable workloads.

Reserved Instances

  • Reserved Instances provide customers with a significant discount (up to 75%) compared to On-Demand instance pricing. 
  • For applications that have steady-state or predictable usage, require reserved capacity or can commit to using EC2 for a 1 or 3 year period, Reserved Instances can provide significant savings compared to using On-Demand instances. 
  • The Reserved Instance pricing option enables customers to make capacity reservations for predictable workloads. By using Reserved Instances for these workloads, customers can save up to 75 percent over the on-demand hourly rate. 

An additional benefit is that capacity in the AWS data centers is reserved for that customer. There are two factors that determine the cost of the reservation: the term commitment (The amount of the discount is greater the more the customer pays upfront), and the payment option (All Upfront, Partial Upfront, No Upfront

Spot Instances

  • Amazon EC2 Spot instances allow users to bid on spare Amazon EC2 computing capacity for up to 90% off the On-Demand price. 
    • Spot instances are recommended for applications that have flexible start and end times, applications that are only feasible at very low compute prices or users with urgent computing needs for large amounts of additional capacity.
  • Spot instances are for workloads that are not time-critical and are tolerant of interruption, Spot Instances offer the greatest discount. 
  • With Spot Instances, customers specify the price they are willing to pay for a certain instance type. When the customer’s bid price is above the current Spot price, the customer will receive the requested instance(s). 
  • These instances will operate like all other Amazon EC2 instances. The instances will run until 
    • The customer terminates them. 
    • The Spot price goes above the customer’s bid price. 
    • There is not enough unused capacity to meet the demand for Spot Instances.

EC2 Dedicated Host

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server.

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to use your existing per-socket, per-core, or per-VM software licenses, including Windows Server, Microsoft SQL Server, SUSE, and Linux Enterprise Server.

Sing up with AWS

When you sign up for Amazon Web Services (AWS), your AWS account is automatically signed up for all services in AWS, including Amazon EC2. You are charged only for the services that you use. 

 

Creating a Security Group

Security groups act as a firewall for associated instances, controlling both inbound and outbound traffic at the instance level. You must add rules to a security group that enable you to connect to your instance from your IP address using SSH. You can also add rules that allow inbound and outbound HTTP and HTTPS access from anywhere.

 

Creating A key-pair

AWS uses public-key cryptography to secure the login information for your instance. A Linux instance has no password; you use a key pair to log in to your instance securely. You specify the name of the key pair when you launch your instance, then provide the private key when you log in using SSH.

Launching an EC2 Instance