AWS EC2 - Elastic Compute CloudFri, Jul 14, 2017
Provides resizable compute capacity in the cloud. Reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as computing requirements change.
Features of Amazon EC2
- Virtual computing environments, known as EC2 Instances
- Preconfigured templates for your instances, known as Amazon Machine Images (AMIs), that package the bits you need for your server (including the operating system and additional software)
- Various configurations of CPU, memory, storage, and networking capacity for your instances, known as Instance Types
- Secure login information for your instances using key pairs (AWS stores the public key, and you store the private key in a secure place)
- Storage volumes for temporary data that’s deleted when you stop or terminate your instance, known as Instance Store Volumes
- Persistent storage volumes for your data using Amazon Elastic Block Store (Amazon EBS), known as Amazon EBS volumes
- Multiple physical locations for your resources, such as instances and Amazon EBS volumes, known as regions and Availability Zones
- A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups
- Static IPv4 addresses for dynamic cloud computing, known as Elastic IP addresses
- Metadata, known as tags, that you can create and assign to your Amazon EC2 resources
- Virtual networks you can create that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network, known as virtual private clouds (VPCs)
EC2 - Options
- On-Demand Instances: Allow you to pay a fixed rate by the hour with no commitment.
- User that want low cost and flexibility without any upfront payment or long-term commitment.
- Applications with spiky, short term, or unpredictable workloads that cannot be interrupted.
- Applications being developed or tested on Amazon EC2 for the first time.
- Reserved Instances: 1 or 3 year terms, provide discounts on the hourly charge by providing a capacity reservation.
- Apps with steady state or predictable usage.
- Apps that require reserved capacity.
- Users able to make upfront payments to reduce their total computing costs even further.
- Scheduled Instances:
- Spot Instances: Enable you to bid whatever price you want for instance capacity, providing for even greater savings if your app has flexible start and end times Apps that are feasible to very low compute prices. Users with urgent computing needs for large amounts of additional capacity If the spot instance is terminated by Amazon EC2, you will not be charged for the partial hour of usage, but if you terminate the instance yourself, you will be charged for any hour in which the instance ran.
- Dedicated Instances:
- Dedicated Hosts: Physical EC2 server dedicated for your use. Dedicated Hosts can help you reduse costs by allowing you to use your existing server-bound software licenses.
EC2 Instance Types
|D2||Dense storage||File Servers/Data Warehousing/Hadoop|
|R4||Memory Optimized||Memory Intensive Apps/ DBs|
|M4||General Purpose||Application Servers|
|C4||Compute Optimized||CPU Intensive Apps/DBs|
|G2||Graphics/General Purpose GPU||Video Encoding, Machine Learning, 3D Application Streaming|
|I2||High Speed Storage||NoSQL DBs, Data Warehousing etc.|
|F1||Field Programmable Gate Array||Hardware acceleration for your code|
|T2||Lowest Cost, General Purpose||Web Servers/Small DBs|
|P2||Graphics/General Purpose GPU||Machine learing, Bit Coin mining etc.|
|X1||Memory Optimized||SAP HANA/Apache Spark etc.|
How to learn above instance types
DR MC GIFT PX : Doctor mac gift pix
- D for density
- R for RAM
- M main choice for general purpose application
- C for Compute
- G for Graphics
- I for IOPS
- F for FPGA
- T Cheap general purpose (Think T2 Micro)
- P for Graphics (Think Pics)
- X for Extreme Memory
There are several tenancy options for Amazon EC2 instances that can help customers achieve security and compliance goals.
- Shared Tenancy: Shared tenancy means that a single host machine may house instances from different customers. Shared tenancy is the default tenancy model for all Amazon EC2 instances, regardless of instance type, pricing model, and so forth.
- Dedicated Instances: Dedicated Instances run on hardware that’s dedicated to a single customer.
- A placement group is a logical grouping of instances within a single Availability Zone.
- Placement groups enable applications to participate in a low-latency, 10 Gbps network.
- Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. Remember that this represents network connectivity between instances.
- To fully use this network performance for your placement group, choose an instance type that supports enhanced networking and 10 Gbps network performance.
Placement Groups: Limitation
- A placement group can’t span multiple Availability Zones.
- The name you specify for a placement group must be unique within your AWS account.
- Only certain types of instances can be launched in a placement group.
- Amazon recommend using the same instance type for all the instance in the placement group.
- You can’t merge placement group.
- You can’t move existing instance into the placement group.
Amazon Machine Images (AMIs)
- An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud.
- An AMI is basically an template and can be used to launch as many instances as needed
- Within an VPC, instances can be launched from as many different AMIs
An AMI includes the following:
- A template for the root volume for the instance for e.g. an operating system, an application server, and applications
- Launch permissions that control which AWS accounts can use the AMI to launch instances for e.g. AWS account ids with whom the AMI is shared
- A block device mapping that specifies the volumes to attach to the instance when it’s launched
There are four sources of AMIs:
- Published by AWS: AWS publishes AMIs with versions of many different OSs, both Linux and Windows.
- The AWS Marketplace: AWS Marketplace is an online store that helps customers find, buy, and immediately start using the software and services that run on Amazon EC2. Many AWS partners have made their software available in the AWS Marketplace.
- Generated from Existing Instances: An AMI can be created from an existing Amazon EC2 instance. This is a very common source of AMIs.
- Uploaded Virtual Servers: Using AWS VM Import/Export service, customers can create images from various virtualization formats, including raw, VHD, VMDK, and OVA.
Addressing an Instance
There are several ways that an instance may be addressed over the web upon creation:
- Public Domain Name System (DNS) Name: When you launch an instance, AWS creates a DNS name that can be used to access the instance. This DNS name is generated automatically and cannot be specified by the customer.
- Public IP: A launched instance may also have a public IP address assigned. This IP address is assigned from the addresses reserved by AWS and cannot be specified. This IP address is unique on the Internet, persists only while the instance is running, and cannot be transferred to another instance.
- Elastic IP: An elastic IP address is an address unique on the Internet that you reserve independently and associate with an Amazon EC2 instance.
Private IP addresses and Elastic Network Interfaces (ENIs) are additional methods of addressing instances
Difference between Public IP and Elastic IP This IP address persists until the customer releases it and is not tied to the lifetime or state of an individual instance. Because it can be transferred to a replacement instance in the event of an instance failure, it is a public address that can be shared externally without coupling clients to a particular instance
Amazon EC2 uses public-key cryptography to encrypt and decrypt login information. Publickey cryptography uses a public key to encrypt a piece of data and an associated private key to decrypt the data. These two keys together are called a key pair. Key pairs can be created through the AWS Management Console, CLI, or API, or customers can upload their own key pairs. AWS stores the public key, and the private key is kept by the customer. The private key is essential to acquiring secure access to an instance for the first time.
Virtual Firewall Protection
- AWS allows you to control traffic in and out of your instances through virtual firewalls called security groups
- A security group is default deny; that is, it does not allow any traffic that is not explicitly allowed by a security group rule.
- an instance is associated with multiple security groups. the rules are aggregated and all traffic allowed by each of the individual groups is allowed
Security Group Rule Attributes
- Port: The port number affected by this rule. For instance, port 80 for HTTP traffic.
- Protocol: The communications standard for the traffic affected by this rule.
- Source/Destination: Identifies the other end of the communication, the source for incoming traffic rules, or the destination for outgoing traffic rules. The source/destination can be defined in two ways:
- CIDR block: An x.x.x.x/x style definition that defines a specific range of IP addresses.
- Security group: Includes any instance that is associated with the given security group.
A security group is a stateful firewall; that is, an outgoing message is remembered so that the response is allowed through the security group without an explicit inbound rule being required.
The Lifecycle of Instances
- Bootstrapping: The process of providing code to be run on an instance at launch is called bootstrapping. One of the parameters when an instance is launched is a string value called UserData.
UserData is stored with the instance and is not encrypted, so it is important to not include any secrets such as passwords or keys in the UserData.
- VM Import/Export: VM Import/Export enables you to easily import Virtual Machines (VMs) from your existing environment as an Amazon EC2 instance and export them back to your on-premises environment.
You can only export previously imported Amazon EC2 instances.
Instance Metadata: Instance metadata is data about your instance that you can use to configure or manage the running instance. An HTTP call to http://169.254.169.254/latest/meta-data/ will return the top node of the instance metadata tree. Instance metadata includes a wide variety of attributes, including:
- The associated security groups
- The instance ID
- The instance type
- The AMI used to launch the instance
- Tags can help you manage not just your Amazon EC2 instances, but also many of your AWS Cloud services.
- Tags are key/value pairs you can associate with your instance or other service.
- Tags can be used to identify attributes of an instance like project, environment (dev, test, and so on), billable department, and so forth.
- You can apply up to 10 tags per instance.
Monitoring Instances: AWS offers a service called Amazon CloudWatch that provides monitoring and alerting for Amazon EC2 instances, and also other AWS infrastructure.