EC2

EC2
Share this page:

If you’ve just landed here, we’re doing a “Become a Cloud Architect” Unicorn Workshop by building a Unicorn Pursuit Web App step by step, and you’re more then welcome to join!

About EC2

Elastic Compute Cloud, or EC2 is AWS IaaS offer, which is where AWS dominates the market.

Cool: You pay Linux by Second, and Windows by the Hour.

Instance types (the most typical) are:

  • P, graphic
  • G3, graphic intensive
  • I for IOPS
  • H1, high DISK throughout
  • T2, Low Cost General Purpose (like Web Servers)
  • M5, General Purpose, for App Servers
  • C5, Compute Optimized
  • R for RAM optimized.
  • X1, huge (extreme) amount of RAM, like SAP HANA

Code

Deep Dive

AMI

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud. You can choose between:

  • HVM, Hardware Virtual Machine, that gives more options due to the advanced hardware drivers
  • PV, Para-Virtual, which is basically and old gen.

There are basically 3 pricing options in EC2:

  • On Demand Instances, pay per use
  • Reserved Instances, reserve for a period of time and get discount
  • Spot Instances, where you bid on UNUSED resources. This requires some additional engineering, but you can save a lot of money on expensive compute. If SPOT is terminated by AWS, you’re not charged for the last hour (if you terminate them, you DO pay for this last hour)

VM Import Connector: Import from vSphere or Hyper-V or Citrix XEN to copy the images to AWS as AMIs. This also works the other way around.

Elastic IP

Elastic IP Addresses are static IP addresses which are associated with your AWS account, they can be used to mask the failure of an instance by automatically remapping your address to another working instance in your account.

A disassociated Elastic IP address remains allocated to your account until you explicitly release it.

ENI

Elastic Network Interface, which EC2 is attached to, but has an independent lifetime, and it´s truly elastic. This way you can associate an ENI with a VPC, and a EC2 instance can be “free” to roam the region. A ENI has:

  • Description
  • Private IP Address
  • Elastic IP Address (from the public IP range)
  • MAC Address
  • Security Group(s)
  • Source/Destination Check Flag
  • Delete on Termination Flag

EBS

AWS EBS (Elastic Block Store) provides persistent block-level data storage. It’s basically a VIRTUAL DISK. Block storage stores files in multiple volumes called blocks, which act as separate hard drives; block storage devices are more flexible and offer higher performance than regular file storage. You need to mount EBS onto an Amazon EC2 instance. Use cases include business continuity, software testing, and database management.

EBS snapshot is encrypted if a EBS volume is encrypted. EBS snapshot has an SLA of 11 9-s.

Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

EBS comes in different volume types:

  • General Purpose SSD, under 10.000 IOPS
  • Provisioned IOPS SSD, over 10.000 IOPS, up to 20.000
  • Throughput Optimized HDD (cannot be boot volume)
  • Cold HDD, low cost, something like a File System
  • Magnetic… lowest cost, infrequent access, but it CAN be used as a boot volume, unlike other HDDs.

Authentication

To authenticate users to their instances, AWS employs a key pair method (private and public key). The keys that Amazon EC2 uses are 2048-bit SSH-2 RSA keys. You can have up to five thousand key pairs per region. A key pair consists of a public key that AWS stores and a private key file that you store (downloaded as PEM file). PEM stands for Privacy Enhanced Mail and is a widely used X.509 encoding format used for security certificates. Together, the two keys enable you to securely connect to your EC2 instance using SSH

Create a Key Pair on AWS when creating an instance. Download a .PEM file. Try SSH:

MatBook-Pro:~ mjovanovic$ ssh root@ec2-34-251-238-113.eu-west-1.compute.amazonaws.com

The authenticity of host ‘ec2-34-251-238-113.eu-west-1.compute.amazonaws.com (34.251.238.113)’ can’t be established. ECDSA key fingerprint is SHA256:wRJiPc5zBOXH+xdqwQ18zShfsR9360pGFH4OYKEfBTU. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘ec2-34-251-238-113.eu-west-1.compute.amazonaws.com,34.251.238.113’ (ECDSA) to the list of known hosts. root@ec2-34-251-238-113.eu-west-1.compute.amazonaws.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic). MatBook-Pro:~ mjovanovic$

Auto Scaling

Two main benefits are Availability and Reliability.

Where to find more info




Last modified April 30, 2020: adding links to cloud infra (43e9181)