Please enable JavaScript.
Coggle requires JavaScript to display documents.
EC2 - Coggle Diagram
EC2
Placement Group
Spread Placement Group
-
Recommended for app with a small number of critical instances that should kept separated
(e.g. Primary SQL DB and Secondary SQL DB)
Used for small number of critical instances that needs to be separated,max 7 instances per AZ
-
Cluster Placement Group
-
-
-
- Good for app needs low network latency, high network throughput or both
- Not good for availability (ideally you would need a copy of your stack in another AZ)
-
Details
Only certain instance types can be launched in a placement group: Compute Optimised, GPU, Memory Optimised, Storage Optimised
-
- cluster placement group can't span multiple AZ
- spread and partition placement group can span multiple AZ
- none can span multiple Regions
-
You can move an existing instance into a placement group. Before you move the instance must be in the stopped state. You can move or remove instances only using CLI or API
-
When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimise correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload
Use Cases
- Increase TCP/IP Traffic Flow
-
Basics
-
-
-
-
-
AWS CLI
Secret Access Key
You will see this once, If you loose it you can delete your Access Key ID. You will need to run aws configure again
Don't share Key Pairs
Each developer should have their own access key ID and secret access key. Just like password, they should not be shared
Use Groups
Create IAM groups and assign your users to groups. Group permissions are assigned using IAM policy documents
Supports Linux, Windows and MacOS
You can install AWS CLI on Linux, Windows and MacOS. You can also use it on EC2 instances.
-
-
HPC
-
Compute
- CPU optimized, GPU optimized
- Hpc7g - graviton
- Hpc7ga - amd
- Hpc6id - intel
- Hpc6a - amd
- Hpc
- Spot Instances / Spot Fleets for cost savings + Auto Scaling
- EC2 Cluster Placement Group for good network performance
Networking
- EN
- ENA (100Gbps)
- VT (10Gbps)
- ENA
Storage
- Instance Storage
- EBS (up to 256K IOPS with io2 Block Express
- Instance Store (millions of IOPS, ephemeral)
- Network Storage
Orchestration
- AWS Batch
- AWS ParallelCluster (Open Source)
-
Pricing
Reserved
Reserved capacity for 1 or 3 years.
Up to 72% discount o the hourly charge
Great for known , fixed needs
-
-
Convertible RIs
Up to 54% off the on-demand price
Exchange with another CRI with different configuration: instance family, operating system, and tenancy
Has the option to change to a different RI type of equal or greater value
Cannot be exchanged for another CRI from a different Region
-
Scheduled RIs
Launch within the time window you define
Match capacity reservation to a predictable recurring schedule that only requires a fraction of a day, week or month
RI attributes:
- Instance type
- Region
- (Optionally) AZ
- Tenancy
- Platform (aka OS)
Saving Plans with RIs
-
Super Flexible
Not only EC2, but also serverless like Lambda and Fargate (Compute SP) or SageMaker
-
Make a commitment to a consistent usage amount, measured in USD per hour. Flexibility to use instance configurations, instead of making a commitment to a specific instance configuration
Modify Reserved Instances
- modify Standard or Convertible Reserved Instances and continue to benefit from the billing benefit
- modify attributes such as the AZ, instance size (within the same instance family and generation), and scope of your RI
- modify all or a subset of your RI
- separate your original RIs into two or more new RIs. E.g. 10 x us-east-1a --> 5 x us-east-1a and 5 x us-east-1b
- merge two or more RIs into a single RI. E.g., 4 x t2.small RI of one instance each, you can merge them to create one t2.large RI
- after modification, the benefit of the RI is applied only to instances that match the new parameters
-
-
Dedicated
Physical EC2 server dedicated
The most expensive option
Mainly used for OS/SW licensing needs
Licensing based Requirements
- Great for licensing that does not support multi-tenancy or cloud deployments
- Allows you to use your existing per-socket, per-core or per-VM licenses including Windows Server, MS SQL Server and SLES, Oracle
-
Compliancy based Requirements
Regulatory requirements that may not support multi-tenant virtualization
Reserved
Can be purchased as a reservation for up to 70% oof the on-demand price. The longer the contract and the greater you pay upfront, the higher is the discount
Dedicated Hosts (runs on a specific dedicated HW) vs Dedicated Instances (runs on a non-specific dedicated HW) both allow you to run EC2 on physical servers that are dedicated to you. The difference is that Dedicated Host gives you additional visibility and control over sockets, cores and host ID and how instances are placed on a physical server and consistently deploy your instances to the same physical server over time. As a result, Dedicated Hosts enable you to use your existing server-bound software licenses and address corporate compliance and regulatory requirements.
-
-
AWS Outpost
Extends AWS data center directly to you on-premise with services such as:
- EC2
- EBS
- S3
- EKS
- ECS
- RDS
- EMR
Benefits
- Low-latency access to on-premises systems
- High-throughput local data processing
- Data residency
- Easier migration from on-premises to the cloud
- Fully managed service
- Staging and validation for AWS migrations
- Consistency bring AWS Management Console, APIs, and SDK into your data center, allowing uniform consistency in your hybrid environment
Family Members
Outpost Rack
Provides AWS compute, storage, database and other services locally
Gives same AWS infrastructure, services and APIs in your own data center
-
-
Outpost Server
Useful for small space requirements, such as retail stores, branch offices, healthcare provider locations or factory floors
-
-
Process
2 Install AWS staff will come on-site to install and deploy hardware, including power, networking and connectivity
-
-
-
S3 on AWS Outposts
- S3 Storage Class named S3 Outposts
- Default encryption SSE-S3 (and SSE-C is available)
- Usage options:
- S3 Outpost <--- S3 Access Point <--- VPC
- S3 Outpost ---> AWS DataSync ---> S3
-
Zonal Reserved Instance:
- Term = 1-year or 3-years commitment
- Capacity = capacity reserved in a specific zone
- Billing = provides billing discount
- Instance limits = default is 20 per AZ, you can request an increase
Regional Reserved Instance:
- Term = 1-year or 3-years commitment
- Capacity = no capacity reserved
- Billing = provides billing discount
- Instance limits = default is 20 per Region, you can request an increase
Capacity Reservation:
- Term = no term commitment, can be created and canceled as needed
- Capacity = capacity reserved in a specific AZ
- billing = no billing discount
- Instance limits = your on-demand instance limits per Region apply
Saving Plans:
- Term = 1-year or 3-years commitment
- Capacity = no capacity reserved
- Billing = provides billing discount
- Instance limits = no limit
Metadata
-
-
Metadata is data about your EC2 instance
(e.g. private IP, hostname, security groups, keys etc.)
Networking with EC2
-
EFA
Elastic Fabric Adapter
For HPC, Computational Fluid Dynamics (CFD), Weather Forecast, ML, OS-bypass
-
- High levels of inter-node communications
- Lower latency
- More consistent latency
- Higher throughput wrt TCP transport used for traditional cloud-based HPC
- Whether Modelling
- Fluid Dynamics
EFA use OS-Bypass only for Linux. If you attach an EFA to a Windows instance, it functions as an ENA, without the added EFA capabilities
-
-
ENI
Elastic Network Interface
For basic , day-to-day-networking
- Private IPv4 Addresses
- MAC Addresses
- Public IPv4 Addresses
- Many IPv6 Addresses
- up to 5 Security Group
- Create management network and/or logging network (separated from prod network) with multiple ENIs
- Use network and security appliances in your VPC
- Create dual-homed instances with workloads/roles on distinct subnets
- Create low budget, high-availability solution
- Simply attaching an ENI will not increase the network bandwidth
You can attach a network interface to an instance:
- Hot Attach: when it's running
- Warm Attach when it's stopped
- Cold Attached: the instance is being launched
You can detach secondary network interfaces when the instance is running or stopped. You can't detach the primary network interface. More here
Instance Recovery
- Terminated instances cannot be recovered
- A recovered instance is identical to the original instance, including the instance ID, private IP addresses, Elastic IP addresses, and all instance metadata
- If the impaired instance has a public IPv4 address, the instance retains the public IPv4 address
- If the impaired instance is in a placement group, the recovered instance runs in the placement group
To automatically recover an instance when a system status check failure occurs, you can use the default configuration of the instance or create CloudWatch alarm
If an instance becomes unreachable because of an underlying hardware failure or a problem that requires AWS involvement to repair, the instance is automatically recovered
-
VMware Cloud on AWS
-
Deployment
Each host has 2 sockets with 18 cores per socket, 512 GB RAM and 15.2 TB Raw SSD storage
-
-
Status Checks
- To troubleshoot System Status Checks --> stop and start the virtual machine
- To troubleshoot Instance Status Checks --> reboot the instance
- Stopping then starting the instance in AWS will usually transfer your instance to new hardware
- Restarting an instance isn't the same as stopping and starting an instance in AWS. Your machine won't switch hardware / hosts
- System status checks StatusCheckFailed_System monitor the AWS systems on which your instance runs
- Instance status checks StatusCheckFailed_Instance monitor the software and network configuration of your individual instance. These checks detect problems that require your involvement to repair
pending -> terminated
If your EC2 instance goes from the pending state to the terminated state immediately after restarting then it could be caused by one of the following reasons:
- You’ve reached your EBS volume limit
- An EBS snapshot is corrupt
- The root EBS volume is encrypted and you do not have permissions to access the KMS key for decryption
- The instance store-backed AMI that you used to launch the instance is missing a required part (an image.part.xx file)