Just a place to put
some notes on the “AWS Essentials” course from https://linuxacademy.com
5) Elastic Compute Cloud (EC2)
5.1) EC2 Basics
Amazon Elastic
Compute Cloud (Amazon EC2):
- Provides scalable
computing capacity in the Amazon Web Services (AWS) cloud.
- Eliminates your need to invest in hardware up front, so
you can develop and deploy applications
faster.
- Enables you to scale
up or down to handle changes in requirements or spikes in popularity,
reducing your need to forecast traffic.
Basic Computer EC2
Components v Components
---------------+-----------
O/S : AMIs
CPU : Instance Type
Hard Drive : EBS
Network Card : IP Addressing
Firewall : Security Groups
RAM : RAM
Image: Services
> Compute > EC2
Link:
Amazon EC2 Pricing
Note: Free Tier use is available for EC2.
EC2 Instance Purchasing Options (most common):
- On-Demand
- Reserved
- Spot
On-Demand (most
expense):
- Choose any instance type you like and
provision/terminate at any time
- Only charged when the instance is running (billed per
hour)
Reserved
(significant price discount):
- Purchase an instance for a set time period of 1 or 3
years
- Pay upfront, partial upfront, no upfront
- Charged regardless of how often you use it
Spot
(substantial price discount):
- “Bid” on an instance type, and only pay for and use
when the spot price is equal or below your “bid” price
- Allows Amazon to sell the use of unused instances for short amounts of time
- Prices fluctuate based on supply and demand (billed per
hour)
- Instances automatically terminate when spot price > “bid”
price
How are you
charged for using EC2?
1) Purchasing
Option
2) Instance Type
(processing power):
- General purpose
- Compute optimized
- GPU optimized
- Memory optimized
- Storage optimized
- EBS optimized (option for higher IOPS performance)
3) AMI Type
(varies on O/S):
- Linux
- Windows
4) Data Transfer (in/out
of the instance)
5) Region
5.2) Amazon Machine Images (AMIs)
Amazon Machine
Image (AMI) provides the information (template) required to launch an
instance (virtual server.)
AMIs come in 3 main categories:
1) Community AMIs:
Free to use, essentially just an OS
2) AWS Marketplace
AMIs: Pay to use, generally package with additional licensed software
3) My AMIs
Image: Amazon EC2
> Launch Instance
Image: AMI
categories
5.3) Instance Types
When you launch and
instance...
The instance type
determines the (virtual) hardware used for your instance.
Instance Type
Components:
(1) Family (General Purpose, Compute Optimized, Memory
Optimized, Storage Optimized)
(2) Type
(3) vCPUs
(4) Memory (GiB)
(5) Instance
Storage (GB)
(6) EBS-Optimized
Available
(7) Network
Performance
5.4) Elastic Block Store (EBS)
Amazon Elastic Block Store (EBS) provides block level storage volumes for use
with EC2 instances.
- EBS volumes are highly
available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone.
- EBS volumes that are attached to an EC2 instance are
exposed as storage volumes that persist
independently from the life of the instance.
AWS Definition of
IOPs:
“IOPs are a unit
measure representing input/output
operations per second. The operations are measured in KiB, and the
underlying drive technology determines the maximum amount of data that a volume
type counts as a single I/O. I/O size is capped at 256 KiB for SSD volumes and 1024
KiB for HDD volumes.”
EBS volume size determines the amount of IOPS. Larger size = more IOPS.
“Root” vs
Additional EBS Volumes
(1) Every EC2 instance MUST have a “root” volume, which
may or may not be EBS
(2) By default, EBS “root” volumes are set to be
deleted when the instance is terminated (you can choose to have EBS volume
persist)
(3) During the creation of an EC2 instance (and
afterwards) you can add additional EBS Volumes to the instance.
(4) Any Additional EBS volume can be attached or detached
from the instance at any time, and is not deleted (by default) when the
instance is terminated.
Snapshots:
- A snapshot is an “image” of an EBS volume that can be stored as a backup of the volume OR
used to create a duplicate. It is NOT an active EBS volume (cannot attach
or detach to an EC2 instance.)
- To restore create
a new EBS volume using the snapshot as template.
Image: AWS Console
> Services > EC2 > Elastic Block Store: (EBS) Volume and Snapshots
5.5) Security Groups
A security group
acts as a virtual firewall that
controls the traffic for one or more
instances.
- You associate one or more security groups with an
instance.
- Can modify
the rules for a security group at any
time.
- We evaluate all the
rules from all the security groups
that are associated with the instance.
Inbound and
Outbound Rules
- When you create a new Security Group, ALL inbound traffic
is DENIED and ALL outbound traffic is ALLOWED by default.
- All traffic is DENIED unless there is an EXPLICIT ALLOW
rule for it (there are only ALLOW rules.)
Best Practice:
Allow ONLY traffic that is required.
Image: AWS Console
> Services > EC2 > Network & Security > Security Groups
Note: In the image
above, inbound just allows traffic from whatever is in the security group.
5.6) IP Addressing
- (By default) ALL EC2 instances have a private IP address. Private IP addresses allow for instances to
communicate with each other as long as they are located in the same VPC or
broader private network.
- EC2 instances can be launched with or without a public IP address, depending on VPC/subnet
settings. Public IP addresses are
REQUIRED for the instance to communicate with the Internet.
Note: The “default”
VPC and subnets are configured so that any new instance that is provisioned
has a public IP address.
5.7) Provisioning EC2 (example)
AWS Console >
Services > EC2 > Launch Instance
Step 1) Quick Start: Amazon
Linux (Free
tier eligible) > Select
Step 2) Instance Type: General Purpose t2.micro (Free tier eligible) > Next: Configure Instance Details
Step 3) Configure Instance Details: Configure > Next: Add
Storage
Image: Step 3)
Configure Instance Details (example)
Step 4) Add Storage: Configure
> Next: Add Tags
Image: Step 4) Add
Storage (example)
Step 5) Add Tag: Give
the ‘Name’ key a value (optional) > Next:
Configure Security Group
Step 6) Configure Security Group: Configure > Review and
Launch
Image: Step 6) Configure
Security Group (example)
Step 7) Review Instance Launch: Launch > Create a new key
pair > Download Key Pair >
Launch Instance
Image: Step 7)
Downloading Key Pair prior to Launch Instance(s)
Give it a few minutes and your instance is up and
running!
Image: AWS Console
> Services > EC2 > Instances: Instances
Note: If you’re
using the Free Tier, remember to stop your instances when you’re not using them.
5.8) Quiz: EC2 Essentials
T: When launching an EC2 instance, you need to select the
AMI, Storage and Instance Type.
Q: What best describes IOPS?
A: Read/write performance of storage volumes &
Input/output operations per second
Q: If you were to remove the route to the IGW from a
route table, what would happen to traffic inside the VPC?
A: Traffic could be sent between EC2 instances inside the
VPC but would not reach the Internet.
T: AMI = A preconfigured package that provides the
information required to launch an EC2 instance.
T: Every EC2 instance is automatically assigned a private
IP address. Public IP addresses are optional, but are required for direct
Internet access.
T: EC2 stands for Elastic Compute Cloud
T: You can only configure ALLOW rules for security groups. If there is not an explicit allow rule for a certain type of traffic, then that traffic will be denied.
T: EBS volumes are the instance’s storage.
Comments
Post a Comment