Cloud Computing Service Choose your OS, Storage, Memory, Network Throughput. Launch and SSH into your server within minutes.
Elastic Compute Cloud (EC2) is a highly configurable server. EC2 is resizable compute capacity. It takes minutes to launch new instances. Anything and everything on AWS uses EC2 Instance underneath.
Choose your OS via Amazon Machine Image(AMI):
RedHatUbuntuWindowsAmazon LinuxSUSEChoose your Instance Type
t2.nanoC4.8xlarge…Add Storage (EBS, EFS):
SSDHDDVirtual Magnetic TapeMultiple VolumesConfigure your Instance
Security GroupsKey PairsUserDataIAM RolesPlacement Groupsbalance of compute, memory and networking resources Use-cases web servers and code repositories.
A1T3T3aT2M5M5aM4ideal for compute bound applications that benefit from high performance processor Use-cases scientific modeling, dedicated gaming servers and ad server engines
C5C5nC4fast performance for workloads that process large data sets in memory Use-cases in-memory caches, in-memory databases, real time big data analytics
R5R5aX1eX1High MemoryZ1dhardware accelerators, or co-processors Use-cases Machine learning, computational finance, seismic analysis, speech recognition
P3P2G3F1high, sequential read and write access to very large data sets on local storage Use-cases NoSQL, in-memory transaction databases, data warehosing
I3I3enD2H1EC2 Instance Size generally double in price and key attributes
NamevCPURAM(GIB)On-Demand per hourOn-Demand per montht2.small112$0.023$16.79t2.medium224$0.0464$33.87t2.large236$0.0928$67.74t2.xlarge454$0.1856$135.48Instead of embedding your AWS credentials (Access Key and Secret) in your code so your Instance has permission to access certain services you can Attach a role to an instance via an Instance Profile.
You want to always avoid embedding your AWS credentials when possible.
IAM Policy -> IAM Role -> Instance Profile <- EC2 Instance
An Instance Profile holds a reference to a role. The EC2 instance is associated with the Instance Profile. When you select an IAM role when launching an EC2 instance, AWS will automatically create the Instance Profile for you. Instance Profile are not easily viewed via the AWS Console.
Placement Group let you to choose the logical placement of your instances to optimize your communication, performance or durability. Placement groups are free.
Cluster
packs instances choose together inside an AZlow-latency network performance for tightly-coupled node-to-node communicationwell suited for High Performance Computing (HPC) applicationsClusters cannot be multi-AZPartition
spread instances across logical partitionseach partition do not share the underlying hardware each other (rack per partition)well suit for large distributed and replicated workloads (Hadoop, Cassandra, Kafka)Spread
each instance is placed on a different rackwhen critical instances should be keep separate from each otheryou can spread a max of 7 instances. spreads can be multi-AZYou can provide an EC2 with UserData which is a script that will be automatically run when launching an EC2 instance. You could install package, apply updates or anything you like.
From within the EC2 instance, if you want to SSH in and CURL this special URL you can see the UserData script e.g.
curl http://169.254.169.254/latest/user-data/From within your EC2 instance you can access information about the EC2 via a special url endpoint at 169.254.169.254 You would SSH into your EC2 instance and can see use the CURL command:
curl http://169.254.169.254/latest/meta-data/ [ec2-user@ip ~]$ curl http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ events/ hibernation/ hostname iam/ identity-credentials/ instance-action instance-id instance-life-cycle instance-type local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-keys/ reservation-id security-groups services/ /public-ipv4 get the current public IPV4 address/ami-id the AMI ID used to launch this EC2 instance/instance-type the Instance Type of this EC2 instanceCombine metadata with userdata scripts to perform all sorts of advanced AWS staging automation.
When you launch an EC2 instance it is by default using On-Demand Pricing. On-Demand has no up-front payment and no long-term commitment.
You are charged by the hour or by the minute (varies based on EC2 Instance Types)
On-Demand is for applications where the workload is for short-term, spikey or unpredictable When you have a new app for development or you want to run experiment.
low cost and flexibleonly pay per hourshort-term, spiky, unpredictable workloadscannot be interruptedfor first time appsAWS has unused compute capacity that they want to maximize the utility of their idle servers. It’s like when a hotel offers discounts for to fill vacant suites or planes offer discount to fill vacant seats.
Spot Instances provide a discount of 90% compared to On-Demand Pricing Spot Instance can be terminated if the computing capacity is needed by on-demand customers.
Designed for applications that have flexible start and end times or applications that are only feasible at very low compute costs.
AWS Batch is an easy and convenient way to use Spot Pricing Termination Conditions Instances can be terminated by AWS at anytime If your instance is terminated by AWS, you don’t get charged for a partial hour of usage. If you terminate an instance you still be charge for any hour that it ran.
request spare computing capacityflexible start and end timescan handle interruptions (server randomly stopping and starting)for non-critical background jobsDesigned for applications that have a steady-state, predictable usage, or require reserve capacity. Reduced Pricing is based on Term x Class Offering x Payment Option
Standard Up to 75% reduced pricing compared to on-demand. Cannot Convertible Up to 54% reduced pricing compared to on-demand. Allows you to change RI Attributes if greater or equal in value. Scheduled You reserve instances for specific time period e.g. once a week for a few hours. Saving vary Terms You commit to a 1 Year or 3 Year contract. The longer the term the greater savings. Payment Options All Upfront, Partial Upfront, and No Upfront. The greater upfront the great the savings.
RIs can be shared between multiple accounts within an org Unused RIs can sold in the Reserve Instance Marketplace.
steady state or predictable usagecommit to EC2 over 1 or 3 year termcan resell unused reserved instancesDesigned to meet regulatory requirement. When you have strict server-bound licensing that won’t support multi-tenancy or cloud deployments.
Multi-TenantWhen multiple customer are running workloads on the same hardware. Virtual Isolation is what separate customers. Single TenantWhen a single customer has dedicated hardware. Physical Isolation is what separate customerOffered in both On-demand and Reserved (70% off on-demand pricing)
Enterprises and Large Organizations may have security concerns or obligations about against sharing the same hardware with other AWS Customers.
Dedicated serverscan be on-demand or reserved (upto 70% off)when you need a guarantee of isolate hardware (enterprise requirements)A template to configure new Instances.
Amazon Machine Image (AMI) provides the information required to launch an instance. You can turn your EC2 instances into AMIs so you can create copies of your servers
An AMI holds the following information:
A template for the root volume for the instance (EBS Snapshot or Instance Store template). e.g. an operating system, an application server, and applications.Launch permissions that control which AWS accounts can use the AMI to launch instances.A block device mapping that specifies the volumes to attach to the instance when it’s launched.AMIs help you keep incremental changes to your OS, application code and system packages.
web-server-000 Ruby, Node, Postgres Client Installedweb-server-001 Redis for Sidekiq Installedweb-server-002 ImageMagick for Image Processing Installedweb-server-003 CloudWatch Agent InstalledUsing System Manager Automation you can routinely patch your AMIs with security updates and bake those AMIs.
AMIs are used LaunchConfigurations. When you want to roll out updates to multiple instances you make a copy of your LaunchConfiguration with new AMI
You can create an AMI from an existing EC2 instance that’s either running or stopped.
AWS has hundreds of AMIs you can search and select from.
Community AMI are free AMIs maintained by the community AWS Marketplace free or paid AMIs maintained by vendors.
AMIs have an AMI ID. AMIs are region specific will have different AMI ID per region.
AMIs can be selected based on:
RegionOperating SystemArchitecture (32-bit or 64-bit)Launch PermissionsRoot Device Volume Instance Store (Ephemeral Storage)EBS Backed VolumesAMIs are categorized as either backed by Amazon EBS or backed by Instance Store.
AMIs are region specific. If you want to use an AMI from another region. You need to Copy the AMI and then select the destination region.
Set scaling rules which will automatically launch additional EC2 instance or shutdown instances to meet current demand.
Auto Scaling Groups (ASG) contains a collection of EC2 instances that are treated as a group for the purpose of automatic scaling and management.
Automatic scaling can occur via:
Capacity SettingsHealth Check ReplacementsScaling PoliciesThe size of an Auto Scaling Group is based on Min, Max and Desired Capacity
Min is how many EC2 instances should at least be running Max is number EC2 instances allowed to be running.
Desired Capacity is how many EC2 instances you want yo ideally run.
ASG will always launch instances to meet minimum capacity.
EC2 Health Check Type ASG will perform a health check on EC2 instances to determine if there is a software or hardware issue. This is based on the EC2 Status Checks. If an instance is considered unhealthy. ASG will terminate and launch a new instance.
ELB Health Check Type ASG will perform a health check based on the ELB health check. ELB can perform health checks by pinging an HTTP(S) endpoint with an expected response. If ELB determines a instance is unhealthy it forwards this information to ASG which will terminate the unhealthy instance.
Scaling Policies Scaling Out: Adding More Instances Scaling In: Removing Instances
Target Tracking Scaling Policy Maintains a specific metric at a target value
e.g. If Average CPU Utilization exceeds 75% then add another server.
Simple Scaling Policy Scales when an alarm is breached. (Not recommend, legacy policy)
3, Scaling policies with steps Scales when an alarm is breached, can escalates based on alarm value changing
ASG can be associated with Elastic Load Balancers (ELB). When ASG is associated with ELB richer health checks can be set.
ASG -> CLB Classic Load Balancers (CLB) are associated directly to the ASG
ASG -> Target Group -> ALB, NLB Application Load Balancers (ALB) and Network Load Balancers (NLB) are associated indirectly via Target Groups
A launch configuration is an instance configuration template that Auto Scaling group uses to launch EC2 instances.
A Launch Configuration is the same process as Launching an EC2 instance except you are saving that configuration to Launch an Instance for later. Hence Launch Configuration.
Launch Configurations cannot be edited. When you need to update your Launch Configuration you create a new one or clone the existing configuration and then manually associate that new Launch Configuration. Launch Templates are Launch Configuration with Versioning. Everyone appears to still use Launch Configurations.
Distributes incoming application traffic across multiple target, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.
Load Balancers can be physical hardware or virtual software that accepts incoming traffic, and then distributes the traffic to multiple targets. They can balance the load via different rules. These rules vary based on types of load balacers.
Elastic Load Balancer (ELB) is the AWS solution for load balancing traffic, and there are 3 types available:
Application Load Balancer, ALB (HTTP/HTTPS)Network Load Balancer, NLB (TCP/UDP)Classic Load Balancer, CLB (Legacy)Listeners Incoming traffic is evaluated against listeners. Listeners evaluate any traffic that is matches the Listener’s port. For Classic Load Balancer, EC2 instances are directly registered to the Load Balancer.
Rules (Not available for Classic Load Balancer) Listeners will then invoke rules to decide what to do with the traffic. Generally the next step is to forward traffic to a Target Group
Target Group (Not available for Classic Load Balancer) EC2 instances are registered as targets to a Target Group.
For Application Load Balancer (ALB) or Network Load Balancer (NLB) traffic is sent to the Listeners. When the port matches it then checks the rules what to do. The rules will forward the traffic to a Target Group. The target group will evenly distribute the traffic to instances registered to that target group.
For Classic Load Balancer (CLB) traffic is sent to the Listeners. When the port matches it then it forwards the traffic to any EC2 instances that are registered to the Classic Load Balancer. CLB does not allow you to apply rules to listeners.
Application Load Balancer are designed to balance HTTP and HTTPS traffic.
They operate at Layer 7 (of the OSI Model)
ALB has a feature called Request Routing which allows you to add routing rules to your listeners based on the HTTP protocol.
Web Application Firewall (WAF) can be attached to ALB.
Greate for Web Applications
OSI LayersLayer 7 ApplicationLayer 6 PresentationLayer 5 SessionLayer 4 TransportLayer 3 NetworkLayer 2 Data LinkLayer 1 PhysicalNetwork Load Balancer are designed to balance TCP/UDP
They operate at Layer 4 (of the OSI Model)
Can handle millions of requests per second while still maintaining extremely low latency.
Can perform Cross-Zone Load Balancing
Great for Multiplayer Video Games or When network performance is critical.
It was AWS first load balancer (legacy)
Can balance HTTP, HTTPS or TCP traffic (not at the same time)
It can use Layer 7-specific features (OSI Model) such as sticky sessions
It can also use strict Layer 4 (OSI Model) balancing for purely TCP applications.
Can perform Cross-Zone Load Balancing
It will response with a 504 error (timeout) if the underlying application is not responding. (at the web-server or database level)
Not recommended for use, instead use NLB or ALB
Sticky Sessions is an advanced load balancing method that allows you to bind a user’s session to a specific EC2 instance.
Ensures all requests from that session are sent to the same instance.
Typically utilized with a Classic Load Balancer
Can be enabled for ALB though can only be set on a Target Group not individual EC2 instances
Cookies are used to remember which EC2 instance.
Useful when specific information is only stored locally on a single instance
If you need the IPv4 address of a user, check the X-Forwarded-For header
The X-Forwarded-For (XFF) header is a command method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or a load balancer.
Instances that are monitored by the Elastic Load Balancer (ELB) report back Health Checks as InService, or OutofService
Health Checks communicate directly with the instance to determine its state
ELB does not terminate (kill) unhealthy instance. It will just redirect traffic to healthy instances.
Only for Classic and Network Load Balancer
Cross-Zone Load Balancing Enabled requests are distributed evenly across the instances in all enabled AZs
Cross-Zone Load Balancing Disabled requests are distributed evenly across the instances in only its AZ.
Apply rules to incoming request and then forward or redirect traffic.
Host headerSource IPPathHttp headerHttp header methodQuery string