Amazon EC2 - rajeshkumarplv/aws-ccp-notes GitHub Wiki

Amazon EC2

EC2== Elastic Compute Cloud == IaaS

It mainly consists of the below Capabilities:

  1. Renting VMs (EC2)
  2. Storing Data on Virtual Drives (EBS Volumes)
  3. Distributing load Across VMs (ELB: Elastic Load Balancer)
  4. Scaling the Services using Auto Scaling Group (ASG)

Knowing EC2 is fundamental to understand how Cloud Works.

EC2 sizing & configuration options

  • Operating System (OS): Linux or Windows
  • How much compute power & cores (CPU)
  • How much random-access memory (RAM)
  • How much storage space:
  • Network-attached (EBS & EFS)
  • hardware (EC2 Instance Store)
  • Network card: speed of the card, Public IP address
  • Firewall rules: security group
  • Bootstrap script (configure at first launch): EC2 User Data

Steps to Launch EC2 Instance

Step 1: Choose an Amazon Machine Image (AMI) AnAMI is a template that contains the software configuration(operating system, application server, and applications) required to launch your instance. You can select an AMI provided by AWS, our user community, or the AWS Marketplace; or you can select one of your own AMIs.

Step 2: Choose an Instance Type Amazon EC2 provides a wide selection of instance types optimized to fit different use cases. Instances are virtual servers that can run applications. They have varying combinations of CPU, memory, storage, and networking capacity, and give you the flexibility to choose the appropriate mix of resources for your applications.

Step 3: Configure Instance Details Configure the instance to suit your requirements. You can launch multiple instances from the same AMI, request Spot instances to take advantage of the lower pricing, assign an access management role to the instance, and more.

#!/bin/bash

#comment get admin privileges sudo su #install httpd yum update -y yum install -y httpd.x86_64 systemctl start httpd.service systemctl enable httpd.service echo "Hello World from $(hostname -f)" > /var/www/html/index.html

Step 4: Add Storage Your instance will be launched with the following storage device settings. You can attach additional EBS volumes and instance store volumes to your instance, or edit the settings of the root volume. You can also attach additional EBS volumes after launching an instance, but not instance store volumes.

Step 5: Add Tags A tag consists of a case-sensitive key-value pair. For example, you could define a tag with key = Name and value = Webserver. A copy of a tag can be applied to volumes, instances or both.Tags will be applied to all instances and volumes.

Step 6: Configure Security Group A security group is a set of firewall rules that control the traffic for your instance. On this page, you can add rules to allow specific traffic to reach your instance. For example, if you want to set up a web server and allow Internet traffic to reach your instance, add rules that allow unrestricted access to the HTTP and HTTPS ports. You can create a new security group or select from an existing one below.

Introduction to Security Groups

  • • Security Groups are the fundamental of network security in AWS
  • • They control how traffic is allowed into or out of our EC2 Instances.
  • • Security groups only contain rules
  • • Security groups rules can reference by IP or by security group

Security groups are acting as a “firewall” on EC2 instances

They regulate:

  • • Access to Ports
  • • Authorized IP ranges – IPv4 and IPv6
  • • Control of inbound network (from other to the instance)
  • • Control of outbound network (from the instance to other)

Classic Ports to know

  • • 22 = SSH (Secure Shell) - log into a Linux instance
  • • 21 = FTP (File Transport Protocol) – upload files into a file share
  • • 22 = SFTP (Secure File Transport Protocol) – upload files using SSH
  • • 80 = HTTP – access unsecured websites
  • • 443 = HTTPS – access secured websites
  • • 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance

Use EC2 Instance Connect it will work with Amazon Linux 2 AMI.

Default EC2 user is ec2-user

Never run aws configure on EC2 Server.

Attach IAM Role to the EC2 instance to be able to view the user info for the instance.

EC2 Instances Purchasing Options

  • On-Demand Instances: short workload, predictable pricing
  • Reserved: (MINIMUM 1 year)
  • Reserved Instances: long workloads
  • Convertible Reserved Instances: long workloads with flexible instances
  • Scheduled Reserved Instances: example – every Thursday between 3 and 6 pm
  • Spot Instances: short workloads, cheap, can lose instances (less reliable)
  • Dedicated Hosts: book an entire physical server, control instance placement
  • Dedicated Instances: no other customers will share your hardware

EC2 On Demand

  • • Pay for what you use:
  • • Linux - billing per second, after the first minute
  • • All other operating systems (ex: Windows) - billing per hour
  • • Has the highest cost but no upfront payment
  • • No long-term commitment
  • • Recommended for short-term and un-interrupted workloads, where you can't predict how the application will behave

EC2 Reserved Instances

  • • Up to 72% discount compared to On-demand

  • • Reservation period: 1 year = + discount | 3 years = +++ discount

  • • Purchasing options: no upfront | partial upfront = + | All upfront = ++ discount

  • • Reserve a specific instance type

  • • Recommended for steady-state usage applications (think database)

  • • Convertible Reserved Instance

  •  • can change the EC2 instance type

  •  • Up to 45% discount

  • • Scheduled Reserved Instances

  •  • launch within time window you reserve

  •  • When you require a fraction of day / week / month

  •  • Commitment for 1 year only

  • EC2 Spot Instances

  • • Can get a discount of up to 90% compared to On-demand

  • • Instances that you can “lose” at any point of time if your max price is less than the current spot price

  • • The MOST cost-efficient instances in AWS

  • • Useful for workloads that are resilient to failure

  • • Batch jobs

  • • Data analysis

  • • Image processing

  • • Any distributed workloads

  • • Workloads with a flexible start and end time

  • • Not suitable for critical jobs or databases

  • EC2 Dedicated Hosts

  • • An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use.

  • Dedicated Hosts can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses.

  • **• Allocated for your account for a 3-year period reservation **

  • • More expensive

  • • Useful for software that have complicated licensing model (BYOL – Bring Your Own License) Or for companies that have strong regulatory or compliance needs

  • EC2 Dedicated Instances

  • • Instances running on hardware that’s dedicated to you

  • • May share hardware with other instances in same account

  • • No control over instance placement (can move hardware after Stop / Start)

  • Which purchasing option is right for me?

  • • On demand: coming and staying in resort whenever we like, we pay the full price

  • • Reserved: like planning ahead and if we plan to stay for a long time, we may get a good discount.

  • • Spot instances: the hotel allows people to bid for the empty rooms and the highest bidder keeps the rooms. You can get kicked out at any time

  • • Dedicated Hosts: We book an entire building of the resort

Shared Responsibility Model for EC2 AWS:

  • • Infrastructure (global network security)
  • • Isolation on physical hosts
  • • Replacing faulty hardware
  • • Compliance validation

End Users:

  • • Security Groups rules
  • • Operating-system patches and updates
  • • Software and utilities installed on the EC2 instance
  • • IAM Roles assigned to EC2 & IAM user access management
  • • Data security on your instance