EC2 (Elastic Compute Cloud)
• It provides the infrastructure in the form of VMS.
• EC2 will not have access to S3 by default, you need to define the role and attach role to EC2.
• EC2 is defined on region basis and S3 too. Means any command on S3, which are not on the same region as EC2, you might need to pass the extra argument “--region” (as sometime it works, if S3 is in different region as that of EC2) so it’s safe to use “--region“
e.g. aws s3 cp –recursive s3:// /home/ec2-user –region eu-west-2
• Bootstrap script is a way to define the script, which can be used during the EC2 instance up time:
#!/bin/bash
yum update –y
yum install httpd –y
• EC2 instance Meta Data:
curl http://169.254.169.254/latest/meta-data, curl http://169.254.169.254/latest/meta-data/public-ipv4 This can be used to simulate a scenario as follows:
o Put this curl command while directing to a file as part of bootstrap script.
o Copy this file to s3 bucket.
o Have a lambda function defined with the trigger on this s3 bucket.
• EC2 instance user Data:
curl http://169.254.169.254/latest/user-data
• Amazon EC2 has a soft limit of 20 instances per region
• If the instance is stopped, AWS usually moves the instance to a new host computer. Your instance may stay on the same host computer if there are no problems with the host computer. In addition, its Elastic IP address is disassociated from the instance if it is an EC2-Classic instance. Otherwise, if it is an EC2-VPC instance, the Elastic IP address remains associated.
• For EC2 instances launched in EC2-Classic, AWS releases the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.
• For EC2 instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted. It is only released when the instance is terminated.
• Pricing, based on the used need, following are the pricing:
o On Demand
▪ per hour or per second.
▪ Without any upfront payment
▪ Being developed and tested for first time.
▪ To handle unpredictable workload.
o Reserved
▪ Predictable workload
▪ User can make upfront payment to reduce cost.
▪ Types:
• Standard
• Convertible
• Scheduled
o Spot: bidding
▪ Applications with flexible start and end time
▪ AWS will shut it off when the peak time comes but if you are shutting it down, you will be charged for complete hour.
▪ Spot instances typically offer a significant discount off the On-Demand prices
▪ Your instances can be interrupted by Amazon EC2 for capacity requirements with a 2-minute notification
▪ Spot prices adjust gradually based on long term supply and demand for spare EC2 capacity.
▪ You can choose to have your Spot instances terminated, stopped, or hibernated upon interruption. Stop and hibernate options are available for persistent Spot requests and Spot Fleets with the maintain option enabled.
o Dedicated Host
▪ Use for regulatory requirement, where you need to have the dedicated host.
• Pricing:
o On demand
o Reserved
• Instance Type: FIGHT DR MC PX
o F FPGA
o I IOPS
o G GRAPHICS
o H HIGH THROUGHPUT
o T CHEAP GENERAL PURPOSE, T2
o D DENSITY
o R RAM
o M MAIN CHOICE FOR GENERAL PURPOSE
o C COMPUTE
o P PICS/GRAPHICS
o X EXTREME MEMORY
• Status Checks
o System Status Checks: to check whether it can take the network packets, if not then there is a problem with underlying infrastructure like OS, if reboot doesn’t work, then you might need technical support.
o Instance Status Checks: it checks whether the underlying OS can accept the traffic, if not then reboot can correct it.
• Monitoring
o Basic: every 5 minutes.
o Detailed: every 1 minute.
• Termination protection is turned off by default, it should be turned on so that when you go to terminate it, it would first ask to disable it.
• Security Groups:
o It’s a virtual firewall.
o Hence any changes to the security group reflects immediately.
o Any rule added to “Inbound” will be applicable to “outbound” as well if no rule is mentioned in “outbound” and hence SG is stateful.
o All outbound traffic is allowed by default.
o All inbound traffic is blocked by default.
o The traffic can be configured for allowed, not for disallowed.
o To block IP address, use Network Access Control List.
o As mentioned, when we create AWS account, it attaches a default VPC in each of the region and each VPC has its default Security Group.
o You can assign multiple SGs to single EC2 instance.
o You can have multiple EC2 instances attached to same SG.
o When connecting to your EC2 instance via SSH, you need to ensure that port 22 is allowed on the security group of your EC2 instance.
EBS
o Elastic Block Storage
o If EC2 is a virtual server, then EBS is virtual volume hence EBS should be in the same AZ, where EC2 is.
o EBS is independent instance than EC2, so you can choose if you don’t want EBS to be deleted on EC2 termination, by default it’s enabled that means the EBS (only root volume) would be deleted on EC2 termination.
o EBS Root volume of the default AMI (which comes from Amazon) can’t be encrypted, only a third-party tool can be used to encrypt it. Other option is when we create AMI from EC2 instance then encryption can be turned on during AMI creation.
o The volume configuration, like volume type, size can be changed on the fly but not for magnetic without impacting the down time.
o Creating snapshot, images are the way to migrate the EC2 instance to any region and any AZ.
o To create the snapshot for boot volume, the boot volume should be stopped but it doesn’t mean that it can’t be done, it’s just to avoid any risk.
o Snapshot of encrypted volume will be encrypted automatically.
o Only the unencrypted volumes can be shared with others and even other account.
o Snapshots exist on S3 because it’s not volume.
o Snapshots are incremental, means the blocks which have changes since the last snapshot will be copied as part of next snapshot.
o Snapshot can be created from the given volume. (snapshot means back up)
o Once the snapshot is created,
▪ the volume can be created from the same in any AZ in the given region.
▪ The snapshot can be copied to any region.
▪ The image can be created in the same region.
o You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.
Automating snapshot management helps you to:
▪ Protect valuable data by enforcing a regular backup schedule.
▪ Retain backups as required by auditors or internal compliance.
▪ Reduce storage costs by deleting outdated backups.
▪ Combined with the monitoring features of Amazon CloudWatch Events and AWS CloudTrail, Amazon DLM provides a complete backup solution for EBS volumes at no additional cost.
▪ it is the fastest and cost-effective solution in providing an automated way of backing up your EBS volumes.
o Types
• Boot volume is c drive.
• You cannot mount 1 EBS volume to more than 1 EC2 instances, instead use EFS.
• 50:1 is the maximum ratio of provisioned IOPS to requested volume size in Gibibyte (GiB). So for instance, a 10 GiB volume can be provisioned with up to 500 IOPS. Any volume 640 GiB in size or greater allows provisioning up to the 32,000 IOPS maximum (50 × 640 GiB = 32,000).
• RAID: Redundant Array of Independent Disk, if you need good IO operations, then create the multiple volumes and put them in the RAID.
o RAID 0: Array of 2 or more disks and the volume is stripped across the disks and hence if 1 disk fails then entire raid fails and hence no redundancy. Good performance.
o RAID 1: Array of 2 or more disks and the disks are mirror to each other, hence redundancy.
o RAID 5: Good for reads, bad for writes. AWS doesn’t recommend this.
o RAID 10: Combination of 0 and 1, hence stripped and mirrored, good redundancy and good performance.
• Remote Desktop Connection
o Any EC2 instance can be connected through Remote Desktop client, given the SG has inbound rule defined for RDP.
o IP, user name and password can be generated on the given EC2 instance in AWS console.
o If you have multiple volumes added while creating the EC2, the same can be added as RAID array, after launching windows instance using Remote Desktop Connection.
EBS vs Instance Store
o EBS backed volumes are persistent, instance store backed volumes are not persistent. Means EBS backed volumes is independent of EC2 instance and hence can be detached or reattached. Means instance store exist only for the life of the EC2 instance. Means instance store volumes cannot be stopped, if you do this the data will be wiped out. Means EBS backed volume is long term.
o Instance store based EC2 allows maximum 1 instance store (volume) to be added.
o Post creation of Instance store based EC2, you can add any number of EBS based volume.
o Instance store based EC2 can’t be stopped, it can be rebooted or terminated. That means if the underlying host fails, it will lose the data.
o Instance store volume is called Ephemeral Storage.
ELB (Elastic Load Balancer)
o Types:
▪ Application Load Balancer
• Best for HTTP and HTTPS, it’s at layer 7
• If you need flexible application management and TLS termination then we recommend that you use Application Load Balancer.
▪ Network Load Balancer
• Meant for TCP traffic, it’s at layer 4
• If extreme performance and static IP is needed for your application then we recommend that you use Network Load Balancer.
▪ Classic Load Balancer
• It’s a legacy load balancer, works at layer 7 for HTTP and HTTPS and at layer 4 for TCP
• If your application is built within the EC2 Classic network then you should use Classic Load Balancer.
• When you create a Classic Load Balancer, the default for cross-zone load balancing depends on how you create the load balancer. With the API or CLI, cross-zone load balancing is disabled by default. With the AWS Management Console, the option to enable cross-zone load balancing is selected by default. After you create a Classic Load Balancer, you can enable or disable cross-zone load balancing at any time.
• You can set up your load balancer in EC2-Classic to distribute incoming requests across EC2 instances in a single Availability Zone or multiple Availability Zones. First, launch EC2 instances in all the Availability Zones that you plan to use. Next, register these instances with your load balancer. Finally, add the Availability Zones to your load balancer. After you add an Availability Zone, the load balancer starts routing requests to the registered instances in that Availability Zone. Note that you can modify the Availability Zones for your load balancer at any time.
• By default, the load balancer routes requests evenly across its Availability Zones. To route requests evenly across the registered instances in the Availability Zones, enable cross-zone load balancing.
o It doesn’t give the IP address, Amazon maintains it internally.
EC2 Placement Group
o Types
▪ Clustered Placement Group: it’s grouping of multiple instances with in the same AZ
▪ Spread Placement Group: Group of instances that each are placed on distinct underlying H/W
o The name of the PG should be unique in your AWS A/C
o A placement group can’t be deployed across multiple Availability Zones.
o Only certain type of instance type can be launched in a PG (Compute Optimized, GPU, Memory Optimized, Storage Optimized)
o AWS recommend homogenous instances within PG
o You can’t merge PG
o You can’t move existing instance from the PG. What you can do is you can create the AMI from the given instance and then launch another instance.
Example:
• Created an EC2 instances.
• Downloaded the Word press content.
• As part of this web site, we can upload the media as well, which is going to the same EC2 instance.
• Define 2 S3 bucket one for code and other for media.
• Have the cron job defined to synch the content of code part of WP to code bucket and another cron job defined to synch the media content to media bucket.
• This way we are making sure that if the instances are going down, we have the back up.
• Define the cloud front and link it to media bucket.
• Have the .httpaccess file defined redirecting the media access to cloud front.
• Define an ELB to have this EC2 instance.
• Create an AMI from this EC2 instance.
• Define ASG group to have 3 instances from this AMI.
• Now these 3 instances will act as code content (web site hosting).
• ASG will make sure that at least 3 instances are alive.
• Modify the instance list in ELB to remove the older instances, which would act as media serving and redirecting to media bucket.
• Modify the instance list in ELB to add 3 instances, which got created form ASG.
EC2 Container Service
• It provides the dockerization.
• It's a container management service.
Elastic Beanstalk
• if the developer doesn’t want to worry about the underlying infrastructure while coding, it’s the best one.
• When you create the sample application or upload any web application code, it creates following:
o EC2 instance
o SG
o ASG
o S3 bucket
o Cloud watch
o Domain name
• It's one place entry for any code deployment, you don’t have to worry about creating any infrastructure.
Light Sail
• While creating the infrastructure, if the engineer doesn’t want to worry about the other underlying service such as RDB, fixed IP address etc.
Lambda
• it provides the execution environment in java, node js.
• For every execution, it creates separate environment.
• It scales out automatically, so you don’t have bring in any infrastructure like ELB.
• Following triggers are available for lambda
o API Gateway
o AWS IoT
o Alexa Skill Kit
o Alexa Smart Home
o Cloud Front
o Cloud Watch Events
o Cloud Watch Logs
o Code Commit
o Cognito Sync Trigger
o Dynamo DB
o Kinesis
o S3
o SNS
o SQS
• Languages Supports:
o Node Js
o Java
o Python
o .Net
o Go
• Lambda is serverless but EC2 is not serverless.
• Lambda execution maximum time is 5 minutes.
• Lambda scales out (not up) automatically.
Batch
• To do any batch computing in cloud.
Top comments (0)