EC2 & EBS

Amazon Elastic Compute Cloud and Amazon Elastic Block Store

EC2

Compute Basics

  • Computational power required to fulfill your workload

  • EC2 launch virtual servers called instances

  • 2 concepts:

    • the amount of virtual hardware

    • the software loaded on the instance

Instance Types

  • Dimensions:

    • Virtual CPUs(vCPU)

    • Memory

    • Storage

    • Network performance

Amazon Machine Image (AMIs)

  • Defines the initial software that will be on instance when it is launched

  • Includes

    • The Operating System (OS)

    • The initial state of any patches

    • Application or system software

  • 4 sources

    • Published by AWS

      • default OS settings

    • The AWS Marketplace

      • not need to install the software and the license agreement

      • cost: standard hourly cost for the instance, additional per-hour charge for additional softwares

    • Generated from existing instance

      • generated from the configured instance

    • Uploaded Virtual Servers

      • various virtualization formats: raw, VHD, VMDK, OVA

  • AMIs storage for the Root device (Root Device Volume)

    • Instance Store (EPHEMERAL STORAGE)

      • Can not stop the instance.

      • If the instance failed, basically you lost the instance.

      • The root device for an instance launched from the AMI is an instance store volume created from a template store in Amazon S3.

    • EBS Backed Volumes

      • The root device for an instance launched from the AMI is an Amazon EBS volume created from an EBS snapshot.

      • Can stop the instance. Load Balancer & Health checks

Securely Using an Instance

Addressing an Instance

  • Public Domain Name System (DNS) Name

    • Generated automatically, cannot be specified

    • Persists only while the instance is running

    • Cannot be transferred

  • Public IP

    • Assigned form the addresses reserved, cannot be specified

    • Persist only while the instance is running

    • Cannot be transferred

  • Elastic IP

    • Persist while the customer releases it

    • Can be transferred

Initial Access

  • EC2 using public-key cryptography called key pair

  • Stored in ~/.ssh/authorized_keys on the instance

  • Best practice: change the initial local administration password

Virtual Firewall Protection

  • Called Security Group

  • EC2 must have at least one and can have multiple Security Group

  • By default

    • All inbound traffic is blocked

    • All outbound traffic is allowed

  • Security group are stateful firewall → if you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.

  • Cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists

  • Can specify allow rules, but not deny rules

The Lifecycle of Instances

Launching

  • Bootstraping

    • Configure instances and install applications programmatically

    • Examples

      • Applying patches and updates to the OS

      • Enrolling in a directory service

      • Installing application software

      ...

    • UserData is stored with the instance and is not encrypted → not to include any secrets such as password or keys in UserData

  • VM Import/Export

    • Can only export previously imported instances.

    • Instances launched within AWS from AMIs cannot be exported

  • Instance Metadata

    • Call to http://169.254.169.254/lastest/meta-data

    • Including

      • Associated security group

      • Instance ID

      • Instance type

      • AMI used to launch the instance

Managing instances

  • Up to 10 tags per instance

Monitoring Instances

  • Cloud watch

    • Standard Monitoring = 5 minutes

    • Detailed Monitoring = 1 minutes

    • Dashboard - Create dashboard to see what is happening with your AWS environment

    • Alarms - set Alarms that notify you when particular threshold are hit

    • Events - CloudWatch Events helps you to respond to state changes in your AWS resources.

    • Logs - helps you aggregate, monitor, and store logs.

    • Cloud watch - logging, monitoring of a resources. Cloud Trail monitoring all AWS services.

Modifying Instance

  • Instance Type

    • Can be changed to a different size

    • Stop and restart the instance to change

  • Security Groups

    • Can change which security groups are associated with

    • EC2-Classic (out of AWS VPC) cannot be changed

Termination Protection

  • Termination Protection is off by default

  • Terminate the instance will fail until termination protection is disabled

  • Does not prevent termination by OS shutdown command

Options

Pricing Options

  • On-Demand Instances

    • The least cost effective

    • Provisions a variable level of compute

  • Reserved Instances

    • Capacity reservations for predictable workloads

    • Save up to 75% over the on-demand options

    • Term commitment can be either 1 or 3 years

    • Logger the term, bigger the discount

    • Terms can be changed

      • AZ within a region

      • EC2-VPS → EC2-Classic

      • Instance type (Linux only)

  • Spot Instances

    • Customers can bid price

    • For workloads that

      • Not time critical

      • Tolerant of interruption

    • Offer greatest discount

    • Terminate

      • Customer terminates the instances

      • Spot price goes over the customer bid

      • Not enough unused capacity to meet the demand

    • 2 minutes warning before termination

    • Use cases

      • Analytics

      • Financial modeling

      • Big data

      • Media encoding

      • Scientific computing

      • Testing

Tenancy Options

  • Shared Tenancy

    • default tenancy

    • single host may house instances from different customers

  • Dedicated Instances

    • hardware that's dedicated to a single customer

    • other instances (not designated as dedicated) of the account will run on shared tenancy

  • Dedicated Host

    • Physical server for a single customer's use

    • Best for licensing requirements

    • Can bought with on-demand pricing option (hourly)

    • 70% discount with reservation beforehand

Placement groups

  • Logical grouping of instances within a single Az

  • Low network latency, high network throughput

  • Choose instance type supports enhanced networking and 10 Gbps network performance

Instance Stores

  • Ephemeral Storage provides temporary block-level storage

  • Temporary storage of information that changes frequently: buffers, caches, scratch data,...

  • Very cost-effective solution

  • Do not rely on if the data is valuable or long-term used

EBS

  • Used for workloads requires durable block storage

Elastic Block Store Basics

  • Provides persistent block-level storage volumes for EC2 instances

  • Automatically replicated within its AZ

Types of Amazon EBS Volumes

Amazon EBS-Optimized Instances

  • When using any volume type other than magnetic, EBS I/O is of consequence

  • Need to be prepared to take advantage of the I/O of the EBS volume

  • Pay additional hourly charge

Protecting Data

Backup/Recovery (Snapshots)

  • Point-in-time snapshots, incremental backup (only save changed blocks)

  • Taking Snapshots

    • Data stored in an AWS controlled S3 storage

    • Access by AMZ EBS Snapshot

    • Constrain to the region

  • Creating a Volume from a Snapshot

    • Volume is created immediately but loaded lazily

    • Can be used to increase the size of the EBS

Recovering Volumes

  • Detach the volume from the failed instance

  • Can be attached to another instance

Encryption Options

  • Using AWS KMS and AES-256 Algorithms

  • Encrypted volumes are automatically encrypted

Review questions: 75% → NEED TO REVIEW!

  • vm import/export

  • instance store

  • reserved contract

MINDMAP

Last updated