DEV Community: Md. Arafat Islam

Amazon EC2 Fundamentals

Md. Arafat Islam — Sat, 30 Nov 2024 18:10:37 +0000

Introduction to EC2

Amazon Elastic Compute Cloud (EC2) is a highly configurable virtual server.

This is like a super flexible computer in the cloud. You can adjust its size and power to match your needs. It only takes a few minutes to set up and run. Almost everything on AWS uses EC2 in the background.

Before starting, we need to know,

What is an EC2 Instance?
An AWS EC2 instance is, in simple terms, a virtual computer in the cloud. It provides computing power that can run applications, process data, or serve client devices. Unlike a physical computer, it is highly scalable and customizable, allowing you to choose the operating system, storage, and performance level to meet your needs.

Key Setup Options for EC2 Instances

Choose an Operating System (OS):
- Pick your preferred OS using an Amazon Machine Image (AMI). Examples include Red Hat, Ubuntu, Windows, Amazon Linux, and SUSE.
Pick the Right Instance Type:
- Example:
  - t2.nano: Low-cost, small-scale instance.
    - $0.0065/hour ($4.75/month).
    - 1 virtual CPU (vCPU) and 0.5 GB memory.
  - C4.8xlarge: High-performance, large-scale instance.
    - 36 vCPUs, 60 GB memory, 10 Gbps speed.
Add Storage:
- Options include SSD, HDD, or Virtual Magnetic Tape.
Configure the Instance:
- Set up Security Groups (like a firewall), Key Pairs (for access), and IAM Roles (to manage permissions).

EC2 Instance Families

What are Instance Families?
Instance families are different combinations of CPU, Memory, Storage, and Networking capacity.

Instance families allow you to choose the appropriate combination of resources to meet your application’s unique requirements.

Different instance families vary due to the hardware used to give them their unique properties.

Choosing the Right EC2 Instance Family for Your Needs

General Purpose

- A1, T2, T3, T3a, T4g, M4, M5, M5a, M5n, M6zn, M6g, M6i, Mac.

- Balance of compute, memory, and networking resources.
  Use-cases: Web servers, code repositories.

Compute Optimized

- EC5, C4, C5a, C5n, C6g, C6gn.

- Ideal for compute-bound applications that benefit from
  high-performance processors.

- Use-cases: Scientific modeling, dedicated gaming servers,
  ad server engines.

Memory Optimized

- ER4, R5, R5a, R5b, R5n, X1, X1e, High Memory, z1d.

- Fast performance for workloads that process large datasets in memory.

- Use-cases: In-memory caches, in-memory databases, real-time big data
  analytics.

Accelerated Optimized

- P2, P3, P4, G3, G4ad, G4dn, F1, Inf1, VT1.

- Hardware accelerators or co-processors.

- Use-cases: Machine learning, computational finance, seismic
  analysis, speech recognition.

Storage Optimized

- I3, I3en, D2, D3, D3en, H1.

- High sequential read and write access to very large datasets on
  local storage.

- Use-cases: NoSQL, in-memory or transactional databases, data
  warehousing

EC2 Instance Types

An instance type is a combination of instance size and instance family:

A common pattern for instance sizes:

nano
micro
small
medium
large
xlarge
2xlarge
4xlarge
8xlarge
...

There are many exceptions to the pattern, eg.

- c6g.metal: A bare metal machine.

- C5.9xlarge: Does not follow the power-of-2 or even-numbered
  size convention.

EC2 Instance Size

EC2 Instance Sizes generally double in price and key attributes

Dedicated Host vs Dedicated Instance

EC2 – Dedicated Host

Dedicated Hosts are single-tenant EC2 instances designed to let you Bring-Your-Own-License (BYOL) based on machine characteristics.

Here is the comparison between the dedicated host and the instance:

EC2 Tenancy

EC2 has three levels of tenancy:

Managing Cloud Resources: VPC, Elastic IPs, and Security Groups Explained

VPC (Virtual Private Cloud):
Think of a VPC as your own private space in the AWS cloud. It's like having your own section of the internet where you control who and what can access your resources. You can think of it as a private and secure data center, but in the cloud.

Elastic IPs:
An Elastic IP is a static IP address that you can attach to an AWS resource (like an EC2 instance). It’s like having a permanent address for your house, even if you switch houses (or servers). This way, your application or website always has the same address.

Security Groups:
A security group acts as a firewall for your AWS resources. It decides who is allowed to come in (ingress rules) and go out (egress rules) of your resources. For example:

Allowing only specific people to knock on your door (SSH access for admins).
Letting only certain apps talk to your server (e.g., web traffic on port 80 or 443).

Storage Options: Comparing EBS and Instance Store

When choosing storage for your Amazon EC2 instance, two popular options come to mind: Amazon Elastic Block Store (EBS) and Instance Store. Each has unique features and serves specific use cases. Let’s break down their key differences to help you decide which one suits your needs.

Elastic Block Store (EBS)
EBS is a highly durable, persistent storage solution. It works like an external hard drive attached to your EC2 instance. Here’s what makes EBS stand out:

Persistence: EBS volumes retain data even after the EC2 instance stops or is terminated.
Scalability: You can resize volumes easily without interrupting your workload.
Backup and Recovery: Snapshots can be taken and stored in Amazon S3 for quick recovery or cloning.
Use Case: Ideal for databases, application data, and workloads requiring long-term storage.

Instance Store
Instance Store is a temporary storage solution directly attached to the physical host of the EC2 instance. Its notable characteristics include:

Ephemeral Storage: Data is lost when the instance stops, terminates, or fails.
High Performance: Best for applications requiring fast, temporary storage, such as caches or buffers.
No Backups: There are no built-in backup options.
Use Case: Suitable for temporary files or data that can be regenerated if lost.

Key Differences at a Glance

Which Should You Choose?

Choose EBS if you need reliable, persistent storage for important data, like databases or logs.
Choose Instance Store if you need high-speed, temporary storage for disposable or transient data.

AWS Global Infrastructure Explained: The Backbone of the Internet

Md. Arafat Islam — Fri, 29 Nov 2024 19:19:04 +0000

So, first of all,

What is the AWS Global Infrastructure?

The AWS Global Infrastructure is globally distributed hardware and data centers that are physically networked together to act as one large resource for the end customer.

The AWS Global Infrastructure is made up of the following resources:

- 34 Launched Regions
- 108 Availability Zones
- 135 Direct Connection Locations
- 600+ Points of Presence
- 41 Local ZOne
- 29 Wavelength Zones

Regions

Regions are geographically distinct locations consisting of one or more availability zones.

Every region is physically isolated from and independent of every other region in terms of location, power, water supply.

The most important region we should give attention to which is:

- US-East-1
- Northern Virginia
- AWS First Region (2006)

This is what a region will look like represented in an architectural diagram:

Okay, now Let's find the facts and understand why the US-East-1 region is so important...

Each region generally has three Availablity Zones

Some new users are limited to two eg. US-West New Services almost always become available first in US-East Not all AWS Services are available in all regions All your billing information appears in US-East-1 (North Virginia) The cost of AWS services varies per region

When you choose a region there are four factors you need to consider:

What Regulatory Compliance does this region meet?
What is the cost of AWS services in this region?
What AWS services are available in this region?
What is the distance or latency to my end-users?

Regions vs Global Services

Regional Services
AWS scopes its AWS Management Console in a selected region.
This will determine where an AWS service will be launched and what will be seen within an AWS Service's console.
You generally don't explicitly set the Region for a service at the time of creation.

Global Services
Some AWS Services operate across multiple regions and the region will be fixed to "Global". E.g. Amazon S3, CloudFront, Route53, IAM

For these global services at the time of creation:

There is no concept of region. eg. IAM User
A single region must be explicitly chosen. eg. S3 Bucket
A group of regions are chosen. eg. CloudFront Distribution

Availability Zones

An availability Zone (AZ) is a physical location made up of one or more data centers.

A data center is a secured building that contains hundreds of thousands of computers.

A region will generally contain 3 Availability Zones
Datacenters within a region will be isolated from each other (different buildings). But they will be close enough to provide low latency (< 10ms).

It's common practice to run workloads in at least 3 AZS to ensure services remain available in case one or two data centers fail. (High Availability)

AZs are represented by a Region Code, followed by a letter identifier eg. us-east-1a

A subnet is associated with an Availablity Zone.

You never choose the AZ when launching resources. You choose the Subnet which is associated with the AZ.

Here is an example of an architectural diagram, representing two AZs, the Subnet associated with those AZs, and EC2 instances (Virtual Machines) launched in those subnets

The US_EAST-1 region has 6 AZs (the most Availability Zones of any region)

Some important bullet points to be noted:

- A region has multiple Availability Zones
- An Availability Zone is made up of one or more data centers
- All AZS in an AWS Region are interconnected with high- 
  bandwidth, low-latency networking, over fully redundant, 
  dedicated metro fiber providing high-throughput, low-latency 
  networking between
- All traffic between AZS is encrypted
- AZs are within 100 km (60 miles) of each other.

Fault Tolerance

first, we have to know,
What is a fault domain?
A fault domain is a section of a network that is vulnerable to damage if a critical device or system fails. The purpose of a fault domain is that if a failure occurs it will not cascade outside that domain, limiting the damage possible.

A collection of fault domains is called a fault level.

The scope of a fault domain could be:

specific servers in a rack
an entire rack in a data center
an entire room in a data center
the entire data center building

It's up to the Cloud Service Provider (CSP) to define the
boundaries of a domain

Each Amazon Region is designed to be completely isolated from the other Amazon Regions.

This achieves the greatest possible fault tolerance and stability Each Availability Zone is isolated, but the Availability Zones in a Region are connected through low-latency links Each Availability Zone is designed as an independent failure zone - A "Failure Zone" is AWS describing a Fault Domain.

Failure Zone

 - Availability Zones are physically separated within a typical 
   metropolitan region and are located in lower-risk flood 
   plains
 - discrete uninterruptible power supply (UPS) and onsite backup 
   generation facilities
 - data centers located in different Availability Zones are 
   designed to be supplied by independent substations to reduce 
   the risk of an event on the power grid impacting more than 
   one Availability Zone.
 - Availability Zones are all redundantly connected to multiple 
   tier-1 transit providers

Multi-AZ for High Availability
If an application is partitioned across AZs, companies are better isolated and protected from issues such as power outages, lightning strikes, tornadoes, earthquakes, and more.

AWS Global Network

The AWS Global Network represents the interconnections between AWS Global Infrastructure.
Commonly referred to as the "The Backbone of AWS".

Think of it as a private expressway, where things can move very fast between data centers.

Edge Locations can act as on and off-ramps to the AWS Global Network
- AWS Global Accelerator / AWS S3 Transfer Acceleration uses Edge Locations as an on-ramp to quickly reach AWS resources in other regions by traversing the fast AWS Global Network
- Amazon CloudFront (CDN) uses Edge Locations as an off- ramp, to provide at Edge Storage and compute near the end user.
VPC Endpoints: Ensuring your resources stay within the AWS Network and traverse over the public internet.

Points of Presence (PoP)

This is an intermediate location between an AWS Region and the end user, and this location could be a data center or a collection of hardware.

For AWS a Point of Presence is a data center owned by AWS or a trusted partner that is utilized by AWS Services related for content delivery or expediated upload.

PoP resources are:

- Edge Locations
- Regional Edge Caches

Edge Locations are data centers that hold cached (copy) on the most popular files (eg. web pages, images, and videos) so that the delivery of distance to the end users is reduced.

Regional Edge Locations are data centers that hold much larger caches of less-popular files to reduce a full round trip and also to reduce the cost of transfer fees.

AWS Availability Zones are all redundantly connected to multiple tier-1 transit providers

AWS Services using PoPs

The following AWS Services use PoPs for content delivery or expediated upload -

Amazon CloudFront is a Content Delivery Network (CDN) Service that -

You point your website to CloudFront so that it will route requests to the nearest Edge Location cache
Allows you to choose an origin (such as a web server or storage) that will be the source of cached
Caches the contents of what origin would returned to various Edge Locations around the world

Amazon S3 Transfer Acceleration allows you to generate a special URL that can be used by end users to upload files to a nearby Edge Location. Once a file is uploaded to an Edge Location, it can move much faster within the AWS Network to reach $3.

AWS Global Accelerator can find the optimal path from the end user to your web servers. Global Accelerator are deployed within Edge Locations so you send user traffic to an Edge Location instead of directly to your web application.

AWS Direct Connect

This is a private/dedicated connection between your data center, office, co-location, and AWS.

Direct Connect has two very-fast network connection options:

Lower Bandwidth 50MBps-500MBps
Higher Bandwidth 1GBps-10GBps

Helps reduce network costs and increase bandwidth throughput. (great for high-traffic networks)
Provides a more consistent network experience than a typical internet-based connection. (reliable and secure)

Direct Connect Locations
These are trusted partnered data centers where you can establish a** dedicated high-speed, low-latency connection from on-premise to AWS.**

AWS Local Zones

Local Zones are data centers located very close to densely populated areas to provide single-digit millisecond low latency performance (eg. 7ms) for that area.

Los Angeles, California was the first Local Zone to be deployed
- It is a logical extension of the US-West Region
- The Identifier looks like the following: us-west-2-lax-1a

Only specific AWS Services have been made available

 - EC2 Instance Types (T3, C5, R5, R5d, 13en, G4)
 - EBS (io1 and gp2)
 - Amazon FSx
 - Application Load Balancer
 - Amazon VPC

The purpose of the Local zone is to support highly demanding applications sensitive to latencies:
- Media & Entertainment
- Electronic Design Automation
- Ad-Tech
- Machine Learning

AWS Wavelength Zones

These zones allow for edge-computing on 5G Networks.
So, applications will have ultra-low latency being as close as possible to the users.

Here you create a subnet tied to a wavelength zone and then you can launch Virtual Machines (VMs) to the edge of the targeted 5G Networks.

Data Residency

This is the physical or geographic location of an organization's data, information, or cloud resources.

What are Compliance Boundaries?
A regulatory compliance (legal requirement) by a government or organization that describes where data and cloud resources are allowed to reside.

What is Data Sovereignty?
Data Sovereignty is the jurisdictional control or legal authority that can be asserted over data because its physical location is within jurisdictional boundaries.

For workloads that need to meet compliance boundaries strictly defining the data residency of data and cloud resources in AWS, you can use:

AWS Outposts is a physical rack of servers that you can put in your data center. Your data will reside whenever the Outpost Physically resides.
AWS Config is a Policy as Code service.
You can create rules to continuously check AWS resource
configuration. If they deviate from your expectations you are
alerted or AWS Config can in some cases auto-remediate.
IAM Policies can be written explicitly to deny access to
specific AWS Regions. A Service Control Policy (SCP) is
permissions applied organization-wide.

AWS for Government

First of all, we need to know, what is the public sector.
The public sector includes public goods and governmental services. Such as:

- military           - public education
- law enforcement    - healthcare
- infrastructure     - the government itself
- public transit

AWS can be utilized by the public sector or organizations developing cloud workloads for the public sector.

AWS achieves this by meeting regulatory compliance programs along with specific governance and security controls

AWS has special regions for US regulation called GovCloud

GovCloud

To understand what GovCloud is first, we need to understand what FedRAMP is.

Federal Risk and Authorization Management Program (FedRAMP)
a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Now, what is GovCloud?
A Cloud Service Provider (CSP) generally will offer an isolated region to run FedRAMP workloads.

AWS GovCloud Regions allow customers to host sensitive Controlled Unclassified Information and other types of regulated workloads.

GovCloud Regions are only operated by employees who are U.S. citizens, on U.S. soil.
They are only accessible to U.S. entities and root account holders who pass a screening process

Customers can architect secure cloud solutions that comply with:

FedRAMP High baseline
DOJ's Criminal Justice Information Systems (CJIS) Security Policy
U.S. International Traffic in Arms Regulations (ITAR)
Export Administration Regulations (EAR)
Department of Defense (DoD) Cloud Computing Security Requirements Guide

AWS in China

AWS China is the AWS cloud offering in Mainland China.
AWS China is completely isolated intentionally from AWS Global to meet regulatory compliance for Mainland China.

- AWS China is on its own domain at: amazonaws.cn

In order to operate in an AWS China Region you need to have a Chinese Business License (ICP license)
Not all services are available in China eg. Route53
Running in Mainland China (instead of Singapore) means you would not need to traverse the Great Firewall.

Sustainability

AWS Cloud's Sustainability goals are composed of three parts:

Renewable Energy AWS is working towards having its AWS Global Infrastructure powered by 100% renewable energy by 2025. AWS purchases and retires environmental attributes to cover the non-renewable energy for AWS Global Infrastructure:
- Renewable Energy Credits (RECs)
- Guarantees of Origin (GOs)
Cloud Efficiency AWS's infrastructure is 3.6 times more energy efficient than the median of U.S. enterprise data centers surveyed.
Water Stewardship Direct evaporative technology to cool our data center Use of non-potable water for cooling purposes (recycled water) On-site water treatment allows us to remove scale-forming minerals and reuse water for more cycles Water efficiency metrics to determine and monitor optimal water use for each AWS Region

AWS Ground Station

AWS Ground Station is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure.

Use cases for Ground Station:

- weather forecasting
- surface imaging
- communications
- video broadcasts

To use Ground Station:

You schedule a Contact (select satellite, start and end time, and the ground location
use the AWS Ground Station EC2 AMI to launch EC2 instances that will uplink and downlink data during the contact or receive downlinked data in an Amazon S3 bucket.

Use Case:
A company reaches an agreement with a Satellite Imagery Provider to take satellite photos of a specific region. They use AWS Ground Station to communicate with that company's Satellite and download the S3 image data.

AWS Outposts

AWS Outposts is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience.

A quick note:

AWS Outposts is the rack of servers running AWS Infrastructure on your physical location

AWS Outposts comes in 3 form factors: 42U, 1U and 2U

AWS delivers it to your preferred physical site fully assembled and ready to be rolled into final position. It is installed by AWS and the rack needs to be simply plugged into power and network.

These are servers that you can place into your existing racks:

- 1U                              - 2U
- suitable for 19-inch wide       - suitable for 19-inch wide
- 24-inch deep cabinets           - 36-inch deep cabinets
- AWS Gravion2 (up to 64 vCPUs)   - Intel processor
                                    (up to 64 vCPUs)
- 128 GiB memory                  - 256 GiB memory
- 4TB of local NVMe storage       - 8TB of local NVMe storage