Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

EC2

Table of Contents

Introduction

  • EC2 is Amazon’s Elastic Compute Cloud
  • It is comprised of virtual machines, storage, load balancers, auto scaling VMs
  • You can run Windows, Linux, or MacOS
  • You can choose how many vCPUs and how much RAM you want
  • You can choose how much storage space you want
  • You can choose what type of network card and whether or not you need a public IP (Elastic IP)
  • You can run a bootstrap script at launch time called “user data”. The script is only run once when the instance first starts.
  • You can configure firewall rules via a Security Group

Budgets

  • You can create a budget and alert to ensure you don’t go over a certain cost
  • You need to enable “IAM user and role access to Billing information” in your account settings

Instance Types

  • General Purpose
    • Balance between compute, memory, and networking
    • Great for diversity of workloads such as web servers or code repositories
  • Compute Optimized
    • Optimized for compute intensive tasks
    • Examples: Machine Learning, batch processing, HPC, etc.
  • Memory Optimized
    • Optimized for memory intensive tasks
    • High performance databases or caches
  • Storage Optimized
    • Example use cases: OLTP, databases, caches, etc.
  • Accelerated Computing
    • HPC

Example:

m5.2xlarge
| |   |
| |   +-- 2xlarge: size within instance class
| +------ 5: generation
+--------- m: instance class

Security Groups

  • Security groups are like a firewall scoped to the EC2 instance
  • Security groups only contain allow rules
  • Security groups are stateful
  • Security groups can have a source of IP/range or another security group
  • An instance can have multiple security groups attached
  • A security group can be attached to multiple instances
  • Security groups are region-locked

Ports to know for the exam

  • 21 = FTP
  • 22 = SSH/sFTP
  • 80 = HTTP
  • 443 = HTTPS
  • 3389 = RDP
  • 5432 - Postgresql
  • 3306 - MySQL / MariaDB
  • 1521 - Oracle
  • 1433 - MSSQL

EC2 Purchasing Options

  • On-Demand
    • Short workload, predictable pricing
    • Linux or Windows, billed per second. Other operation systems, billed per hour
  • Reserved
    • 1 to 3 years commitment
    • Used for long workloads
    • Up to a 72% discount compared to on-demand
    • Pay upfront, partially upfront, or no upfront
    • Scoped to a region or zone
    • You can buy or sell them in the Reserved Instances Marketplace
  • Savings Plan
    • Up to a 72% discounted compared to on-demand
    • Commit to a certain type of usage (example: $10/hour for 1 to 3 years). Usage beyond the commitment is billed at the on-demand price
    • Locked to a specific instance family and AWS region (example: M5 in us-east-1)
    • 1 to 3 years commitment
    • Commit to an amount of usage
  • Spot Instances
    • Short workloads, cheap, less reliable
    • The MOST cost efficient option
    • Workload must be resilient to failure
  • Dedicated Hosts
    • Reserve an entire physical server, control instance placement
    • Allows you to address compliance or license requirements
    • Purchasing Options:
      • On-demand
      • Reserved for 1 to 3 years
    • The most expensive option
  • Dedicated Instances
    • No other customers will share your hardware
    • You may share the hardware with other instances in the same account
    • No control over the instance placement
  • Capacity Reservation
    • Reserve capacity in a specific AZ for any duration
    • You always have access to the EC2 capacity when you need it
    • No time reservations
    • Combine with regional reserved instances or a savings plan for cost savings
    • Even if you don’t launch instances, you still get charged

EBS Volumes

  • AN EBS (Elastic Block Store) Volume is a network drive which you can attach to you instances while they run
  • EBS volumes are bound to a specific Availability Zone
    • To move an EBS volume to another AZ, you must first snapshot it and then copy the snapshot
  • EBS volumes have a provisioned capacity
    • You are billed for the provisioned capacity
  • IOPS typically scale with capacity (i.e. larger volumes have better performance)
  • EBS volumes have a “Delete on Termination” attribute. This is enabled for the root volume by default, but not for other volumes

EBS Volume Snapshots

  • To move an EBS volume to another AZ, you must first snapshot it and then copy the snapshot
  • EBS Snapshot Archive
    • Gives you the ability to move snapshots to the archive tier, which is up to 75% cheaper
    • Takes 24-72 hours to restore the snapshot
  • EBS Snapshot Recycle Bin
    • Allows you to restore deleted snapshot
    • Retention can be 1 day to 1 year
  • Fast Snapshot Restore
    • Force full initialization of snapshot to have to latency on first use
    • can be very expensive

AMI (AWS Machine Image)

  • VM Image

  • AMI’s are built for a specific region and can be copied to other regions

  • AMI Types:

    • Private
    • Public
    • MarketPlace

  • AMI Creation Process

    • Start instance and customize it
    • Stop the instance
    • Capture the AMI

EC2 Instance Store

  • Storage mounted in an EC2 instance that is local to the physical host
  • High performance
  • The storage is wiped when the EC2 instance stops or is terminated
  • Use cases: cache, temporary content, or scratch space

EBS Volume Types

  • GP2/GP3 - General SSD

    • 1 GB up to 16 TB

  • IO1/IO2 - High performance SSD

  • ST1 (hdd) - low cost HDD volume

  • SC1 (hdd) - Lowest cost HDD volume

  • Only GP2/3 and IO1/2 can be used as root (bootable) volumes

EBS Multi-attach

  • Attach the same EBS volume to multiple instances (up to 16) in the same AZ
  • Only available for IO1/IO2 family of EBS volumes
  • Each instance will have read/write access to the volume
  • You must use a file system that is cluster aware

EFS

  • Managed NFS (Network File System)

  • Pay per use

  • 3x more expensive than a GP2 EBS volume

  • Can be mounted on different EC2 instances in different Availability Zones

  • EFS Scale

    • 1000s of concurrent clients, 10 GB+ throughput
    • Grow to petabyte scale network file system, automatically
    • Performance Classes:
      • Performance Mode:
        • General purpose: latency sensitive use cases (web server, CMS, etc…)
        • Max I/O: higher latency, throughput, highly parallel (big data, media processing)
      • Throughput Mode:
        • Bursting: 1 TB= 50MB/s + burst up to 100MB/s
        • Provisioned - set your throughput regardless of storage size
        • Elastic - Automatically scales throughput up or down based on your workloads
    • Storage Classes:
      • Storage Tiers (move files to another tier after ‘x’ number of days)
        • Standard
        • Infrequent Access
        • Archive
      • Implement lifecycle policies to move files between tiers

Elastic Load Balancer (ELB)

  • Load balancers forward traffic to multiple backend servers

  • ELB is a managed load balancer

  • ELB is integrated with many offerings and services ()

  • ELB supports health checks to verify if a backend instance is working before forwarding traffic to it

  • Types of load balancers on AWS:

    • Application Load Balancer

      • Layer 7
        • Support HTTP2 and WebSockets
      • Supports HTTP redirects
      • Supports URL path routing, hostname routing, query string routing, header routing
      • Backend instances are grouped into a Target Group
      • You get a fixed hostname
      • The app servers don’t see the IP of the client directly
        • If the app servers need to know the client IP/port/protocol, they can check the following headers:
          • X-Forwarded-For
          • X-Forwarded-Proto
          • X-Forwarded-Port

    • Network Load Balancer

      • Layer 4
        • Supports UDP and TCP
      • High performance
      • One static IP per availability zone

    • Gateway Load Balancer

      • Layer 3
      • Used for 3rd party network appliances on AWS, example: Firewalls
      • Extremely high performance
      • Supports the GENEVE protocol

    • Target Groups

      • EC2 Instances
      • ECS Tasks
      • Lambda Functions
      • Private IP addresses

    • Sticky Sessions

      • Cookie Names

        • Application-based cookies
          • Custom Cookie
            • Generated by the target
            • Can include any custom attributes required by the application
            • Cookie name must be specified individually for each target group
            • You cannot use AWSALB, AWSALBAPP, or AWSALBTG (these are reserved by the ELB)
          • Application Cookie
            • Generated by the load balancer
            • Cookie name is AWSALBAPP
        • Duration-based Cookie
          • Cookie generated by the load balancer
          • Cookie name is AWSALB for ALB, AWSELB for CLB

    • Cross-zone load balancing

      • Each load balancer instance distributes traffic evenly across all registered instances in all availability zones

Autoscaling Groups

  • Scale out EC2 instances to match increased load or scale in to match a decreased load
  • Specify parameters to have a minimum and maximum number of instances
  • Automatically replace failed instances
  • Uses a launch template

IMDS

  • IMDSv1 vs. IMDSv2
    • IMDSv1 is accessing http://169.254.169.254/latest/meta-data directly
    • IMDSv2 is more secure and is done in two steps
      1. get a Session token
      2. Use session token in the IMDSv2 calls