Amazon EC2 Quick Guide: Amazon EC2 (Elastic Cloud Compute) is a web service that provides resizable compute capacity in the cloud. It is a way of provisioning virtual machines in the cloud and it reduces the time required to obtain and boot new server instances to minutes.
It allows you to quickly scale capacity both up and down as your computing requirements change.
We have four different pricing models for Amazon EC2
In this pricing model you pay a fixed rate by the hour (or by the second) with no long term commitments.
This is where you have a capacity reservation contract for terms of one years or three years.
The more you pay upfront and the longer the contract term the more discount you get.
This enables you to bid whatever price you want for instance capacity, basically moves around like the stock market
If a spot instance is terminated by Amazon EC2 because of the prices changed you’re not going to be charged for that partial hour of usage.
However if you terminate the instance yourself you are going to be charged for any hour in which the instance ran.
This is a physical EC2 service that is dedicated for you and it can be useful where you’ve got existing server bound software licenses or perhaps a regulation saying that you cannot use multi-tenant virtualization.
Amazon EC2 Quick Guide – Security Groups
- All inbound traffic is always blocked by default all outbound traffic is allowed.
- Changes to security groups take effect immediately so as soon as you open up port 80 which takes effect immediately
- You can have any number of EC2 instances within a security group and you can have multiple security groups attached to EC2 instances
- Security groups are Stateful. That means that when you open up a port it’s going to be open for both inbound and outbound traffic.
- If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again
- You cannot block specific IP addresses using security groups. Instead you’re going to be using network access control lists.
- You can always specify allowed rules with the security group but not deny rules
Amazon EBS (Amazon Elastic Block Store)
- EBS is basically a virtual hard disk drive in the cloud
- Just remember that termination protection is turned off by default so you must turn it on.
- So if you do want to go ahead and protect your EC2 instances from being accidentally deleted by your developers or system administrators make sure that termination protection is turned on
- On an EBS backed instance, the default action is for the root EBS volume to be deleted when the incidence is terminated
- So if you do go in and terminate your EC2 instances you are going to delete that root device volume automatically. But if you add additional attach volumes to that EC2 instance. Those additionally attach volumes won’t be deleted automatically unless you go in and check that checkbox
- Also remember that EBS root volumes of your default AMI’s can be encrypted. You can also use third party tools (such as bit locker for Windows) to encrypt the root device volume.
- It can also be done when creating AMI’s
- You can also do it through the AWS console or using the API.
- And also remember that additional volumes can also be encrypted.
Amazon EC2 Quick Guide: EBS Snapshots
- Snapshots exist on S3
- They are a point in time copies of the volumes
- Snapshots are incremental. So this means that only the blocks that have changed since your last snapshot are moved to S3
- If you take a snapshot for the first time it may take some time to create.
- For Amazon’s EBS volumes that serve as a root device volumes, you should always try and stop the instance before taking the snapshot that will give you a consistent snapshot, but that is optional you can take snapshots on running instances as well
- You can create AMIs from both volumes and snapshots
- you can actually change EBS volume sizes on the fly including changing the size and the storage type
- EBS volumes will always be in the same availability zone as the EC2 instance
- To move an EBS volume from one availability zone to another you just take a snapshot of it, you then create an AMI from the snapshot and then you use the AMI to launch that EC2 instance in a new availability zone.
- And likewise if you want to move EC2 volumes from one region to another take a snapshot of a AMI from the snapshot and then copy the AMI from one region to another and then you use the copied AMI to launch the new EC2 instance in the new region
- Snapshots of encrypted volumes are encrypted automatically
- Volumes restored from encrypted snapshots are encrypted automatically
- You can share snapshots but only if they are unencrypted
- You can share snapshots with other AWS accounts or you can actually make them public as well.
- Root device volumes can now be encrypted
- if you have an unencrypted root device volume that needs to be encrypted you need to do the following.
- Create a snapshot of the unencrypted root device volume
- You should create a copy of the snapshot then select the encrypt option
- Create an AMI from the encrypted snapshot
- use that AMI to launch the encrypted instances.
Amazon EC2 Quick Guide: EBS VS Instance Store
- Instance store volumes are sometimes referred to as ephemeral storage
- Instance stored volumes cannot be stopped if the underlying host or hypervisor fails you’re going to lose your data
- EBS backed instances can be stopped however you won’t lose the data on this instance if it’s stopped
- you can reboot both and not lose your data
- by default both root volumes will be deleted on termination however for EBS volumes you can actually tell AWS to keep the root device volume from being deleted so you can basically stop it from automatically being deleted
Amazon EC2 Quick Guide: Amazon CloudWatch
- CloudWatch is used for monitoring performance.
- Amazon CloudWatch can monitor most of the AWS as well as your applications that run on AWS
- AWS CloudWatch with EC2 will monitor events every five minutes by default.
- You can have one-minute intervals by turning on detailed monitoring
- You can create CloudWatch alarms which then go ahead and trigger notifications
- CloudWatch is all about performance and CloudTrail is all about auditing
What users can do with Amazon CloudWatch?
- You can create dashboards and this will allow you to see what’s happening within your AWS environment
- Can create alarms. And this allows you to set alarms that notify you when a particular threshold is hit like 80 percent or 90 percent CPU utilization
- We can monitor events. CloudWatch events helps us in tracking state changes in our AWS resources
- You can use CloudWatch logs. Logs will help you aggregate and monitor and store your logging data
CloudTrail VS CloudWatch
- CloudWatch monitors performance
- CloudTrail monitors API calls in the AWS platforms
- A CloudTrail will tell you who provisioned an EC2 instance or who set up an S3 bucket etc..
AWS CLI (Command Line)
- You can interact with AWS from anywhere in the world using the CLI
- You are going to need to set up access in IAM. This gives you an access key ID and secret access key.
Roles for EC2 Instance
- Roles are a much more secure way than storing your access key ID and secret access key on individual EC2 instances
- Much easier to manage
- Roles can be assigned to an EC2 instance after it’s being created using both the console and the command line
- Roles are universal. You can use them in any region in the world.
Amazon Elastic File System (EFS)
- It supports the Network File System version 4 (NFSv4) protocol
- You only pay for the storage that you use
- You don’t need to pre-provision
- It can scale all the way up to petabytes
- It can support thousands of concurrent NFS East connections
- With EFS data is stored across multiple Availability Zones within a region
- In terms of the consistency model you get read after rate consistency
Amazon EC2 Placement Groups
A placement group is simply how you place your EC2 instances.
There’s three different types of placement groups:
Clustered placement group
- A clustered placement group is where you want low network latency high network throughput
- This will be where all your EC2 instances are in the same availability zone and as close together as possible so that you don’t have any sort of latency
- The clustered placement group doesn’t span multiple Availability Zones
Spread placement group
- These are for individual critical EC2 instances.
- So you have to make sure that they are basically in different availability zones and different pieces of hardware.
- So if a does fail it’s only going to affect the one EC2 instance, it’s not going to take two or three out at a time
- The spread placement group can span multiple Availability Zones
Partitioned placement group
- Partitioned placement groups are effective for multiple Ec2 instances
- So this will be for things like HDFS, HBase, and Cassandra clusters
- And this is where you have multiple E2 instances into a partition and each partition is always going to be on separate hardware or separate racks from the other partitions
- The Partitioned placement group can span multiple Availability Zones
- The name that you specify for a placement group must be unique within your own AWS account
- Only certain types of instances can be launched into placement groups
- so these will be things like compute-optimized, GPU, memory-optimized, storage optimized
- AWS recommends homogenous instances within a cluster clustered placement groups
- You can’t merge placement groups and you can’t move an existing instance into a placement group.
- You can create an AMI from your existing instance and then launch the new instance from the AMI into a placement group
Click here to read about more articles on Cloud Computing