EC2

Capabilities

Renting virtual machines (EC2)

Storing data on virtual drives (EBS)

Scaling services using auto-scaling group (ASG)

Distributing loads across machines (ELB)

Remote connection

EC2 Instance Connect

SSH

chmod 0400 EC2Tutorial.pem

ssh -i EC2Tutorial.pem ec2-user@18.144.89.1

Security Groups

EC2 User Data

Act as a "firewall" on EC2 instances

Control how traffic is allowed into or out for our EC2 Machines

Good to know

Can be attached to multiple instances

If you receive a "connection timeout" it is a security group issue

All outbound traffic is authorized by default

If you get a "connection refused" then it is an application error or it is not launched

All inbound traffic is blocked by default

Regulate

Inbound traffic

Outbound traffic

Access ports

Authorized IP ranges

Indicate which outbound traffic is allowed from our EC2 machine (from other to the instance)

Indicate the allowed inbound traffic to our EC2 machine (from instance to other)

It is possible to boostrap our instances using a EC2 User Data Stcript

change to root

sudo su

boostraping means launching commands when machine starts

Scripts are executed only the first time the machine starts.

Automate boot tasks

Anything you can think of

Downloading common files from internet

Installing software

Installing updates

Commands are automatically run as sudo

Launch Types

Reserved

Spot

On Demand

Short workload

Short workloads

Less reliable

Predictable pricing

You decide when to run/stop

Long Workloads - 1 year min

Reseved Instances

Convertible Reserved Instances

Scheduled Reserved Instances

Same Instance Type all the time

Flexible instances types.

Ex: Every thursday between 3 and 6 pm

Cheaper

Dedicated Instances

No other customers will share your hardware

Dedicated Hosts

Book an entire physical server

Elastic Network Interfaces

ENI

Logical Component in a VPC

Represents a virual network card

Each ENI can have

Primary Private IPv4

One or more secondary IPv4

One Elastic IP per private IPv4

One or more security groups

A MAC address

Can be attached on the fly

Bound to specific availability zone