EC2 Basics

• EC2 = Elastic Compute Cloud

• Infrastructure as a Code (IaaS) service.

• It mainly consists in the capability of:

  • Renting Virtual Machines (EC2)

  • Storing data on virtual drives (EBS)

  • Distributing load across machine (ELB)

  • Scaling the services using an auto-scaling group (ASG)

EC2 sizing & configuration options

• OS: Linux, Windows & MacOS

• How much compute power and cores (CPU)

• How much random-access memory (RAM)

• How much storage space:

  • Hardware (EC2 instance store)

  • Network-attached (EBS & EFS)

• Public IP address

• Firewall rules: Security Groups

• Bootstrap script (configure at first launch only): EC2 user data

EC2 User Data

• It is possible to bootstrap the instances using an EC2 User Data Script.

• Bootstrapping means launching or running command when a machine starts.

• This script is only run once at the instance first start.

• EC2 user data can be used to automate boot tasks such as:

  • installing updates

  • installing softwares

  • downloading common files from the internet, etc.

• EC2 user data script runs with the root user.

EC2 Instance Types

Will add aws skill builder link here to read for the ec2 instance types.

• AWS has the following naming convention:

  m5.2xlarge

  • m: instance class

  • 5: generation (AWS improves them over time)

  • 2xlarge: size within the instance class (CPU, Memory, etc.)

• Below mentioned some of the most used instance types.

EC2 Instance Type - General Purpose

• Great for a diversity of workloads such as web servers or code repositories.

• Provide balance between:

  • Compute

  • Memory

  • Networking

EC2 Instance Type - Compute Optimized

• Great for compute intensive tasks that require high performance processors.

  • Batch processing workloads

  • Media transcoding

  • High performance web severs

  • High performance computing (HPC)

  • Scientific modeling & machine learning

  • Dedicated gaming servers

EC2 Instance Type - Memory Optimized

• Fast performance for workloads that process large data sets in memory (RAM).

  • High performance, relational/non-relational databases

  • Distributed web scale cache stores

  • In-memory databases optimized for BI (Business Intelligence)

  • Applications performing real-time processing of big unstructured data

EC2 Instance Type - Storage Optimized

• Great for storage intensive tasks that require high, sequential read and write access to large data sets on local storage.

  • High frequency online transaction processing (OLTP) systems

  • Relational and NoSQL databases

  • Cache for in-memory databases (ex. Redis)

  • Data warehousing applications

  • Distributed file systems

Security Groups (SG)

Introduction

• SG are the fundamental of network security in AWS.

• They control how traffic is allowed into or out of EC2 instances.

• SG only contain allow rules.

• SG rules can reference by IP or by Security group.

Deeper Dive

• SG acts as a firewall on EC2 instances.

• They regulate:

  • Access to ports

  • Authorized IP ranges - IPv4 or IPv6

  • Control of inbound network (from other to the instance)

  • Control of outbound network (from the instance to other)

Good to know

• SG can be attached to multiple instances.

• Locked down to a region/VPC combination. (if you switch a region or create a new VPC, you have to create new SG)

• Does live outside the EC2 - if traffic is blocked, the EC2 instance won't see it.

• It's good to maintain one separate SG for SSH access.

• If your application is not accessible (time out), then its a SG issue.

• If your application gives a "connection refused" error, then its probably an application issue.

• All inbound traffic is blocked by default.

• All outbound traffic is allowed by default.

Classic Ports to Know

• 22 = SSH (Secure Shell) - log into Linux instance

• 21 = FTP (File Transfer Protocol) - upload files into a file share

• 22 = SFTP (Secure File Transfer Protocol) - upload files using SSH

• 80 = HTTP - access unsecured websites

• 443 = HTTPS - access secured websites

• 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance

EC2 Instance Purchasing Options

• On-Demand Instances: short workload, predictable pricing, pay by second

• Reserved (1 & 3 years):

  • Reserved Instance: long workloads

  • Convertible Reserved Instance: long workloads with flexible instances

• Saving Plans (1 & 3 years): commitment to an amount of usage, long workload

• Spot Instance: short workloads, cheap, can lose instances anytime (less reliable)

• Dedicated Hosts: book an entire physical server, control instance placement

• Dedicated Instances: no other customer will share your hardware

• Capacity Reservations: reserve capacity in a specific AZ for any duration

EC2 On Demand

• Pay for what your use:

  • Linux or Windows - billing per second, after the first minute.

  • All other operating systems - billing per hour.

• Has the highest cost but no upfront payment.

• No long-term commitment.

• Recommended for short-time and un-interrupted workloads, where you can't predict how the application will behave.

EC2 Reserved Instances

• Up to 72% discount compared to on-demand.

• You reserve a specific instance attributes (Instance type, Region, Tenancy, OS).

• Reservation Period - 1 year (+ discount) or 3 years (+++ discount).

• Payment options -No upfront (+), Partial upfront (++), All upfront (+++).

• Reserved Instances' scope - Regional or Zonal (reserve capacity in an AZ).

• Recommended for steady-state usage applications (like database).

• You can buy and sell in the Reserved Instances Marketplace if it is no more needed.

• Convertible Reserved Instances

  • Can change the EC2 instance type, instance family, scope, OS and Tenancy.

  • Up to 66% discount.

EC2 Savings Plans

• Get a discount based on long-term usage (up to 72% - same as RIs).

• Commit to a certain type of usage ($10/hour for 1 or 3 years).

• Usage beyond EC2 Savings Plans is billed at the On-Demand price.

• Locked to a specific instance family and AWS region (ex: M5 in us-east-1).

• Flexible across:

  • Instance size (ex: m5.xlarge, m5,2xlarge).

  • OS (ex: Linux, Windows).

  • Tenancy (Host, Dedicated, Default).

EC2 Spot Instances

• Can get a discount of up to90% compared to On-Demand.

• Instances that you can lose at any point of time if your max price is less than the current spot price.

• Define max-spot price and get the instance while current spot price < max.

  • The hourly spot price varies based on offer and capacity

  • If the current spot price > your max price, you can choose to stop or terminate your instance with a 2 minutesgrace period.

• The most cost-efficient instances in AWS.

• Useful for workloads that are resilient to failure:

  • Batch jobs

  • Data analysis

  • Image processing

  • Any distributed workloads

  • Workloads with a flexible start and end time

• Not suitable for critical jobs or databases.

EC2 Dedicated Hosts

• A physical server with EC2 instance capacity fully dedicated to your use.

• Allows you address compliance requirements and use your existing server-bound software licenses (per-socket, per-core, per-VM software licenses).

• Purchasing options:

  • On-Demand - pay per second for active Dedicated Host

  • Reserved - 1 or 3 years (No upfront, Partial upfront, All upfront)

• The most expensive options in AWS.

• Useful for software that have complicated licensing model (BYOL - Bring Your Own License).

• For companies that have strong regulatory or compliance needs.

EC2 Dedicated Instances

• Instances run on hardware that's dedicated to you.

• May share hardware with other instances in same account.

• No control over instance implement (can move hardware after stop/start).

Dedicated Hosts VS Dedicated Instances

EC2 Capacity Reservations

• Reserved On-Demand instances capacity in a specific AZ for any duration.

• You always have access to EC2 capacity when you need it.

• No time commitment (create/cancel anytime), no billing discounts.

• Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts.

• You're charged at On-Demand rate whether you run instances or not.

• Suitable for short-time, un-interrupted workloads that need to be in a specific AZ.

Spot Fleets

• Spot Fleets = set of Spot Instances + (optional) On-Demand Instances.

• The Spot Fleet will try to meet the target capacity with price constraints.

  • Define possible launch pools: instance type (m5.large), OS, availability zone.

  • Can have multiple launch pools, so that the fleet can choose.

  • Spot Fleet stops launching instances when reaching capacity or max cost.

• Strategies to allocate Spot Instances:

  • lowestPrice: from the pool with the lowest price (cost optimization, short workload)

  • diversified: distributed across all pools (great for availability, long workloads)

  • capacityOptimized: pool with the optimal capacity for the number of instances

  • priceCapacityOptimized (recommended): pools with highest capacity available, then select the pool with the lowest price (best choice for most workloads)

• Spot Fleet allow us to automatically request Spot Instances with the lowest price.

Public IP VS Private IP (IPv4)

• Networking has two sorts of IPs. IPv4 and IPv6.

  • IPv4: 1.160.10.240

  • IPv6: 1900:4545:3:200:f8ff:fe21:67cf

• IPv4 is still the most common format used online.

• Ipv6 is newer and solves problems for the Internet of Things (IoT).

• IPv4 allows for 3.7 billion different addresses in the public space.

• IPv4: [0-255].[0-255].[0-255].[0-255]

Difference between Public IP and Private IP

• Public IP:

  • Public IP means the machine can be identified on the internet (www).

  • Must be unique across the whole web (not two machines can have the same public IP).

  • Can be geo-located easily.

• Private IP:

  • Private IP means the machine can only be identified on a private network only.

  • The IP must be unique across the private network.

  • But two different private networks (two companies) can have the same IPs.

  • Machines connect to www using an internet gateway (a proxy).

  • Only a specified range of IPs can be used as private IP.

Elastic IP

• When you stop and then start the EC2 instance, it can change its public IP.

• If you need to have a fixed public IP for your instance, you need an Elastic IP.

• An Elastic IP is a public IPv4 IP you own as long as you don't delete it.

• You can attach it to one instance at a time.

• With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.

• You can only have 5 Elastic IP in your AWS account (you can ask AWS to increase that).

• Overall, try to avoid using Elastic IP:

  • They often reflect poor architectural decisions.

  • Instead, use a random public IP and register a DNS name to it.

  • Or use a Load Balancer and don't use a public IP.

EC2 Placement Groups

• Sometimes you want control over the EC2 instance placement strategy.

• That strategy can be defined using placements groups.

• When you create a placement group, you specify one of the following strategies for the group:

  • Clusters - clusters instances into a low-latency group in a single AZ.

  • Spread - spreads instances across underlying hardware (max 7 instances per group per AZ) - critical applications

  • Partition - spreads instances across many different partitions (which rely on different sets of racks) within an AZ. Scales to 100s of EC2 instances per group (Hadoop, Cassandra, Kafka).

Placement Group - Cluster

• Pros: Great network (10 Gbps bandwidth between instances with enhanced networking enabled - recommended).

• Cons: If the AZ fails all instances fails at the same time.

• Use case:

  • Big data jobs that needs to complete fast.

  • Applications that needs extremely low latency and high network throughput.

Placement Group - Spread

• Pros:

  • Can span across AZs

  • Reduced risk of simultaneous failure.

  • EC2 instances are on different physical hardware.

• Cons:

  • Limited to 7 instances per AZ per placement group.

• Use case:

  • Application that needs to maximize high availability.

  • Critical applications where each instance must be isolated from failure from each other.

Placement Group - Partition

• Up to 7 partitions per AZ.

• Can span across multiple AZs in the same region.

• Up to 100s of EC2 instances.

• The instances in a partition do not share racks with the instances in the other partitions.

• A partition failure can affect many EC2 but won't affect other partitions.

• EC2 instances get access to the partition information as metadata.

• Use case: HDFC, HBase, Cassandra, Kafka.

Elastic Network Interfaces (ENI)

• Logical component in a VPC that represents a Virtual Network Card.

• The ENI can have the following attributes:

  • Primary private IPv4, one or more secondary IPv4

  • One Elastic IP (IPv4) per private IPv4

  • One public IPv4

  • One or more security groups

  • A MAC address

• You can create ENI independently and attach them on the fly (move them) on EC2 instances for failover.

• Bound to a specific availability zone (AZ).

EC2 Hibernate

• We know we can stop, terminate instances

  • Stop - the data on disk (EBS) is kept intact till the next start.

  • Terminate - any EBS volumes (root) also set-up to be destroyed is lost.

• On start, the following happens:

  • First start: the OS boots and the EC2 User Data script is run.

  • Following starts: the OS boots up.

  • Then your application starts, caches get warmed up, and that can take time.

• Introducing EC2 Hibernate:

  • They in-memory (RAM) state is preserved.

  • The instance boot is much faster (the OS is not stopped or restarted).

  • Under the hood: the RAM state is written to a file in the root EBS volume.

  • For this, the root EBS volume must be encrypted and it must have enough space to contain the RAM.

  • Use Case:

    • Long-running processes

    • Saving the RAM state

    • Services that takes time to initialize

EC2 Hibernate - Good to know

• Supported instance families - C3, C4, C5, I3, M3, M4, R3, R4, T2, T3, etc.

• Instance RAM size - must be less than 150 GB.

• Instance size - not supported for bare metal instances.

• AMI - Amazon Linux 2, Linux AMI, Ubuntu, RHEL, CentOS and Windows, etc.

• Root volume - must be EBS, encrypted, not instance store and large.

• Available for On-Demand, Reserved and Spot instances.

• An instance can not be hibernated for more than 60 days.

---

EC2 Storage

EBS Volume

• EBS stands for Elastic Block Store.

• An EBS volume is a network drive you can attach to your instances while they run.

• It allows your instances to persist data, even after their termination.

• One EBS volume can be mounted to one instance but some "multi-attach" feature is also available for some EBS.

• Free Tier: 30 GB of free EBS storage of type General Purpose (SSD) or Magnetic per month.

• It's a network drive (not a physical drive).

  • It uses the network to communicate the instance, which means there might be a bit of latency.

  • It can be detached from an EC2 instance and attached to another one quickly.

• They are bound to a specific availability zone.

  • An EBS volume in us-east-1a cannot be attached to us-east-1b.

  • To move a volume across, you first need to snapshot it.

• Have a provisioned capacity (size in GBs, and IOPS).

  • You get billed for all the provisioned capacity.

  • You can increase the capacity of the drive over time.

EBS - Delete on Termination attribute

• We have an attribute in EBS called as Delete on Termination.

• It controls the EBS behavior when an EC2 instance terminates:

  • By default, the root EBS volume is deleted (attribute enabled)

  • By default, any other attached EBS volume is not deleted (attribute disabled)

• This can be controlled by the AWS Console / AWS CLI.

• Use case: preserve root volume when instance is terminated.

EBS Snapshots

• Make a backup (snapshot) of your EBS volume at any point in time.

• Not necessary to detach volume to do snapshot, but recommended.

• Can copy snapshots across AZ or Region.

EBS Snapshots Features

• EBS Snapshot Archive

  • Move a snapshot to an 'archive tier' that is 75% cheaper.

  • Takes within 24 to 72 hours for restoring the archive.

• Recycle bin for EBS Snapshots

  • Setup rules to retain deleted snapshots so you can recover them after an accidental deletion.

  • Specify retention (1 day to 1 year).

• Fast Snapshot Restore (FSR)

  • Force full initialization of snapshot to have no latency on the first use.

  • It is very costly.

AMI

• AMI - Amazon Machine Image.

• AMI are a customization of an EC2 instance.

  • You add your own software, configuration, operating system, monitoring, etc.

  • Faster boot/configuration time because all your software is pre-packaged.

• AMI are build for a specific region (and can be copied across regions).

• You can launch EC2 instance from:

  • Public AMI: AWS provided

  • Your own AMI: you make and maintain them yourself

  • AWS Marketplace AMI: an AMI someone else made (and potentially sells)

AMI Process (from an EC2 instance)

• Start an EC2 instance and customize it.

• Stop the instance (for data integrity).

• Build an AMI - this will also create EBS snapshots.

• Launch instances from other AMIs.

• 

EC2 Instance Store

• EBS volumes are network drives with good but limited performance.

• If you need a high performance hardware disk, use EC2 instance store.

• It has better I/O performance.

• EC2 instance store lose their storage if they're stopped (ephemeral).

• Good for buffer/cache/scratch data/temporary content.

• Risk of data loss if hardware fails.

• Backups and Replications are your responsibility.

EBS Volume Types

• EBS volumes come in 6 types:

  • gp2 / gp3 (SSD): General purpose SSD volume that balances price and performance for a wide variety of workloads.

  • io1 / io2 Block Express (SSD): Highest performance SSD volume for mission-critical low-latency or high-throughput workloads.

  • st1 (HDD): Low cost HDD volume designed for frequently accessed, throughput-intensive workloads.

  • sc1 (HDD): Lowest cost HDD volume designed for less frequently accessed workloads.

• EBS volumes are characterized in Size | Throughput | IOPS.

• Only gp2/gp3 and io1/io2 Block Express can be used as boot volumes.

EBS volume types - General Purpose SSD

• Cost effective storage, low-latency.

• System boot volumes, virtual desktops, development and test environments.

• Storage vary from 1GB - 16TB.

• gp3:

  • Baseline of 3000 IOPS and throughput of 125 Mbps.

  • Can increase IOPS up to 16,000 and throughput up to 1000 Mbps independently.

• gp2:

  • Small gp2 volumes can burst IOPS to 3000.

  • Size of the volume and IOPS are linked, max IOPS is 16,000.

  • 3 IOPS per GB, means at 5334 GB we are at the max IOPS.

EBS volume types - Provisioned IOPS (PIOPS) SSD

• Critical business applications with sustained IOPS performance.

• Or applications that need more than 16,000 IOPS.

• Great for database workloads (sensitive to storage performance and consistency).

• io1 (4GB - 16TB):

  • Max PIOPS: 64,000 for Nitro EC2 instances and 32,000 for other.

  • Can increase PIOPS independently from storage size.

• io2 Block Express (4GB - 64TB):

  • Sub-millisecond latency.

  • Max PIOPS: 256,000 with an IOPS: GB ratio of 1000:1

• Supports EBS Multi-attach.

EBS volume types - Hard Disk Drives (HDD)

• Cannot be a boot volume.

• Storage vary from 125 GB - 16 TB.

• Throughput Optimized HDD (st1):

  • Big data, Data warehouses, Log processing.

  • Max throughput 500 Mbps - max IOPS 500.

• Cold HDD (sc1)

  • For data that is infrequently accessed.

  • Scenario where lowest cost is important.

  • Max throughput 250 Mbps - max IOPS 250.

EBS Multi-attach - io1/io2 family

• Attach the same EBS volume to multiple EC2 instances in the same AZ.

• Each instance has full read and write permissions to the high-performance volume.

• Use case:

  • Achieve higher application availability in clustered Linux application (ex: Teradata).

  • Applications must manage concurrent write operations.

• Can attach to up to 16 instances at a time.

• Must use a file system that's cluster-aware (not XFS, EXT4, etc.).

EBS Encryption

• When you create an encrypted EBS volume, you get the following:

  • Data at rest is encrypted inside the volume.

  • All the data in flight moving between the instance and the volume is encrypted.

  • All the snapshots are encrypted.

  • All volumes create from snapshots are encrypted.

• Encryption and decryption are handled transparently.

• Encryption has a minimal impact on latency.

• EBS encryption leverages keys from KMS (AES-256).

• Copying an unencrypted snapshot allows encryption.

• Snapshots of encrypted volumes are encrypted.

• Snapshots created from unencrypted EBS volume is also unencrypted.

Encryption: encrypt an unencrypted EBS volume

• Create an EBS snapshot of the volume.

• Encrypt the EBS snapshot (using copy).

• Create new EBS volume from the snapshot (the volume will also be encrypted).

• Now you can attach the encrypted volume to the original instance.

Amazon EFS

• EFS stands for Elastic File System.

• Managed NFS (Network File System) that can be mounted on many EC2.

• EFS works with EC2 instances in Multi-AZ.

• It is highly-available, scalable, expensive (3*gp2), pay per use.

• 

• Use case: content management, web serving, data sharing, Wordpress.

• Uses NFSv4.1 protocol.

• Uses security group to control access to EFS.

• Compatible with Linux based AMI (not Windows).

• Can enable encryption at rest using KMS.

• POSIX file system (~Linux) that has a standard file API.

• File system scales automatically, pay per use, no capacity planning.

EFS - Performance

• EFS Scale

  • 1000s of concurrent NFS clients, 10GB+/s throughput.

  • Grow to petabyte-scale network file system, automatically.

• Performance Mode (set at EFS creation time)

  • General purpose (default) - latency-sensitive use case (web server, CMS, etc.)

  • Max I/O - higher latency, throughput, highly parallel (big data, media processing).

• Throughput Mode

  • Bursting - 1TB = 50Mbps+ burst of up to 100Mbps.

  • Provisioned - set your throughput regardless of storage size, ex: 1Gbps for 1TB of storage.

  • Elastic - automatically scales throughput up or down based on your workloads.

    • Up to 3Gbps for reads 1Gbps for writes.

    • Used for unpredictable workloads.

EFS - Storage Classes

• Storage Tiers (lifecycle management features - move file after N days)

  • Standard: for frequently accessed files.

  • Infrequent Access (EFS-IA): cost to retrieve files, lower cost to store the files.

  • Archive: rarely accessed data (few times a year), 50% cheaper.

  • Implement lifecycle policies to move files between storage tiers.

• Availability and Durability

  • Standard: Multi-AZ, great for production.

  • One Zone: One AZ, great for dev, backup enabled by default, compatible with IA (EFS One Zone-IA).

• Overall, by using the right EFS storage classes, you can do up to 90% in cost savings.

EBS VS EFS

Elastic Block Storage (EBS)

• EBS volumes...

  • attach to one instance (except multi-attach io1/io2).

  • are locked at the Availability Zone (AZ) level.

  • gp2: IO increases if the disk size increases.

  • gp3 and io1: can increase IO independently.

• To migrate an EBS volume across AZ:

  • Take a snapshot.

  • Restore the snapshot to another AZ.

  • EBS backups use IO and you shouldn't run them while your application is handling a lot of traffic.

• Root EBS volumes of instances get terminated by default if the EC2 instance gets terminated (can disable that).

Elastic File Storage (EFS)

• Mounting 100s of instances across AZ.

• EFS shares website files (Wordpress).

• Only for Linux instances (POSIX).

• EFS has a higher price point than EBS.

• Can leverage storage tiers for cost savings.