launching-ec2-instance-with-best-practices
Launching EC2 Instances with Best Practices
Overview
Domain expertise for launching EC2 instances with sensible defaults optimized for security, cost-efficiency, and operational best practices. Covers AMI selection, instance type recommendation, network configuration, IAM role creation, security group hardening, storage configuration, tagging strategy, and post-launch verification.
Launch an EC2 instance
To launch a fully configured EC2 instance with best-practice defaults, follow the procedure exactly. See EC2 instance launch procedure.
The procedure handles:
- Intelligent defaults based on workload type and environment
- Network validation (VPC, subnet, public/private placement)
- AMI selection with architecture compatibility checks
- Least-privilege IAM roles for required AWS service access
- Hardened security groups with minimal port exposure
- Encrypted gp3 storage with environment-appropriate retention
- Comprehensive tagging for cost tracking and organization
- Post-launch verification and connection instructions
Troubleshooting
Insufficient instance capacity
Try a different availability zone or instance type (e.g., t3a instead of t3). See the full troubleshooting guide in the launch procedure.
Instance immediately terminates
Check console output with aws ec2 get-console-output. Verify EBS volume size is sufficient and AMI is compatible with the instance type.
Cannot connect via SSH
Verify the security group allows SSH from your IP, key file permissions are 400, and the instance is running. Consider AWS Systems Manager Session Manager as an alternative.
More from aws/agent-toolkit-for-aws
aws-iam
Verified corrections for IAM behaviors that AI agents frequently get\
209aws-serverless
Builds, deploys, manages, debugs, configures, and optimizes serverless applications on AWS using Lambda, API Gateway, Step Functions, EventBridge, and SAM/CDK. Covers cold starts, CORS debugging, event source mappings, troubleshooting, concurrency, SnapStart, Powertools, function URLs, EventBridge Scheduler, Lambda layers, Durable Functions, durable execution, checkpoint-and-replay, and production readiness. Use when the user mentions Lambda, API Gateway, Step Functions, SAM templates, CDK serverless stacks, DynamoDB stream triggers, SQS event sources, cold starts, timeouts, 502/504 errors, throttling, concurrency, CORS, Powertools, Durable Functions, durable execution, checkpoint-and-replay, or any event-driven architecture on AWS, even if they don't say "serverless." Do NOT use for EC2, ECS/Fargate containers, or Amplify hosting.
190aws-sdk-python-usage
|
183aws-cloudformation
Author, validate, and troubleshoot AWS CloudFormation templates. Covers template authoring with secure defaults, pre-deployment validation (cfn-lint, cfn-guard, change sets), and root-cause diagnosis of failed stacks using CloudFormation events and CloudTrail correlation.
183aws-cdk
Authors, deploys, and troubleshoots AWS infrastructure using CDK with TypeScript or Python. Covers best practices, stack architecture, and construct patterns. Always use when writing CDK constructs, bootstrapping environments, running cdk deploy/synth/diff, fixing CDK or CloudFormation errors, planning stack structure, importing existing resources, resolving drift, or refactoring stacks without resource replacement.
182aws-messaging-and-streaming
>
152