Please enable JavaScript.
Coggle requires JavaScript to display documents.
EC2 - Elastic Compute Cloud - Coggle Diagram
EC2 - Elastic Compute Cloud
Capabilities
Scaling services using an auto-scaling group(ASG)
Storing data on virtual drives(EBS)
Rent virtual machines (EC2)
Distributing load across machines(ELB)
AMI
(Amazon Machine Image)
an image to use
to create our instances
OS + user data
Public AMIs
Use AMIs from
other people
Found on the
Amazon Marketplace
Do not use an
AMI you don't
trust!
AMI Storage
Stored in S3
AMIs are private
by default
locked in your account/region
You get charged
for the actual space
it takes on S3
Cross Account AMI Copy
AMIs can be shared
with another account
Will not affect ownership
To own a the shared
AMI, you must copy it
Needs read access
to underlying snapshot in
S3(Instance store)/EBS
Can't copy encrypted AMI
To copy, you need
access to snapshot
and encryption key
Copy snapshot then
register as new AMI
Can't copy AMI
with billingProductCode
Launch EC2 then
create AMII
EC2 Instance Launch Modes
T2 Micro - Free Tier Eligible
On Demand
Short-term uninterrupted
workload, predictable pricing
Hourly pricing, billing per second
Highest cost, no
upfront payment;
No long term commitment
Reserved
Reserved Intances
long workloads
75% discount;
Pay upfront;
1-3 years
For steady state
usage applications
e.g. DBs
Convertible
flexible instances
e.g. M4XLarge today
C4Large tomorrow
up to 54% discount
Scheduled Reserved
e.g. every Thursday
between 3 and 6pm
Dedicated instances
No other customer
shares underlying
hardware
May share hardware
with other instances
but only in your account
No control over
instance placement
Dedicated Host
Book entire
physical server
Control instance
placement
Visible underlying
sockets/physical cores
3 years reservation;
more expensive
Useful for
Bring Your
Own License
Models
For strong regulatory/
compliance needs
Instance Details
Network
Default or custom VPC
Subnet
Choose an AZ
Shutdown behavior
EC2 could be stopped
on shutdown
EC2 USerData/Bootstrapping
Running commands
on first start
Installing updates,
software, etc
Runs as root user
Storage
EBS Volumes
Can be/not be deleted
on termination
Root storage = OS
Tags
Key value pairs
For classification
Security Groups
Firewall around EC2
If traffic is blocked
EC2 will not see
traffic at all
Controls inbound and outbound
traffic
Inbound
Traffic into EC2
Everythig is blocked
by default
Outbound
Traffic from EC2
Everything is allowed
by default
Regulates authorized
IP ranges
0.0.0.0/0 = Any IP
Regulates access to ports
Good to know
Can be attached to
multiple instances
Locked to a region/VPC
SGs live outside EC2
Maintain one SG
for just SSH
Referencing SGs
in inbound/outbound
rules
You can allow
other SGs on
inbound rules
Any EC2 attached to
this said SG is allowed
SSH (Secure Shell)
Gives SSH access
to EC2 via command line
Ensure EC2 has
security group
which has inbound
access to port 22
Timeout: Security group issue
Connection refused:
Application error
Key pairs
Downloads a PEM file
SSH Methods
SSH Utilities
On CMD, enter SSH
ssh -i {PEM file directory} ec2-user
{Public
IPV4}
Protect private key file
Linux: chmod 4000
Windows
PEM File > Properties >
Security > Advanced
Change owner to self
Disable Inheritance > Remove any other user
Needs full control access
Putty
PuttyGen
Convert keypair(PEM) to PPK
Input Public IPV4 of EC2
on Port 22
ec2-user@XX.XX.XX.XX
:22
Reference PPK File
Connection > SSH > Auth
Save profile with PPK
EC2 Instance Connect
Browser based SSH
Needs ec2-user
IPv4
Private
Only servers inside
a private network can
talk to each other
using their private IPs
Private IPs are
unique ONLY within
the private network
Will need a
NAT + Internet
Gateway to access
WWW
Only specified IP
range can be used
Public
Servers 1 and 2
can talk to each
other using Public
IPs via the internet
Public IPs are unique in WWW
Can be geolocated easily
EC2 Public IPs
are changed upon stop/start
Elastic IPs
Public IP will
stick across reboots
Can be attached one
instance at a time
Only 5 Elastic
IPs in your account
You will be charged for
reserving but not
associating an elastic IP
Can mask failure
of an instance by
moving Elastic IP to
another EC2
ifconfig -a
Gives information
about your net
interfaces
Installing Apache
sudo su
Elevate rights to
root account
yum update -y
Update EC2
yum install -y httpd.x86_64
Install httpd
systemctl start httpd.service
start httpd service
systemctl enable httpd.service
makes sure httpd is enabled
across reboots
curl localhost:80
views html page
binded to port 80 locally
Add SG to allow port 80
traffic inbound
views html page
binded to port 80 externally
echo "Hello World from $(hostname -f)"
/var/www/html/index.html
modify apache default page
$(hostname -f)
displays EC2
internal DNS name
"#!/bin/bash"
so script would always run with bash
Spot instances
short workload that
are resilient to failure
not for
critical jobs
or DBs
cheap but less reliable;
90% discount
Can lose instance
if spot price > max price
that you set
2 minute grace
period to either
stop or terminate
Reserved instances for baseline,
On-demand/Spot for peaks
Spot block
Blocks a spot
instance between
1 to 6 hours
Spot request
Maximum price
Desired number of instances
Launch specification
Request type
One-time
Persistent
Cancel spot request first > terminate instances
Valid from, valid until
Spot Fleets
set of Spot instances +
optional on-demand
will try to meet
target capacity
with price constraints
Define possible launch pools
instance type,
OS, AZ
Can have multiple
launch pools
Stops launching
instances when
reaching capacity
or max cost
Strategies
lowestPrice
from pool with
the lowest price
cost optimization
short workload
diversified
distributed across
all pools
great for
availability,
long workloads
capacityOptimized
pool with the
optimal capacity
for the number
of instances
EC2 Instance Types
R
needs a lot of RAM
in-memory caches
C
needs good CPU
compute/databases
M
balanced
(think "medium")
general /web app
I
needs good
local I/O(instance
storage)
databases
G
needs GPU
video rendering/
maching learning
T2/T3
burstable instances
boosts CPU on
unexpected load
loses burst credits
in the process
CPU will go
bad after losing
credits
credits will
accumulate
when machine
stops bursting
if consistently
losing credit,
consider moving
to M or C
CPU Credits Table
https://imgur.com/a/kz1PghC
unlimited burst
pay extra when
you go over your
credits
Placement Groups
Cluster
Puts instances
into a low latency
group in one AZ
EC2 are in just
one rack/hardware
Only for high
instance types
Pros: Great network(10gbps)
Cons: If rack fails, all
EC2 fails
Use cases
Big Data jobs
that needs to
complete fast
Application that
needs extremely
low latency and
high network
throughput
https://imgur.com/a/x0QReo9
Spread
Spreads instances
across underlying
hardware
Max 7 instances
per group per AZ
Different racks,
different AZs
Use cases
Apps that need
HA
Critical apps
where instances
must be isolated
from failure
https://imgur.com/a/oUZDpcn
Partition
Spreads instances
across many different
partitions within an AZ
Relies on racks
Partitions do
not share racks
with each other
100s of EC2 per group
Up to 7 partitions
per AZ
Use cases HDFS, HBase,
Cassandra, Kafka
Elastic Network Interfaces
(ENI)
Virtual Network Card
Attributes
One primary private,
multiple secondary IPv4
One Elastic IP
per private IPv4
One Public
One or more
SGs
MAC
Can create ENIs
independently and
attach to EC2 on
the fly for failover
Bound to specific AZ
EC2 HIbernate
in-memory (RAM) state
is preserved
must be less than 150GB
OS is not stopped
so instance boot is
faster
cannot be hibernated
more than 60 days
RAM state will be written
toa file in the root EBS
Root EBS must be
encrypted
not for instance store, should be large
Use cases
long-running processing
saving RAM state
services that takes time
to initialize
https://imgur.com/a/8HrBvCi
Supported instance types: C,R,M
for On-Demand/Reserved
Instances