Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
-
On demand: You pay for computing capacity by per hour or per second depending on which instances you run.
-
Reserved Instance (RI): Provide a significant discount (up to 75%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone. You have to enter a contract.
-
Spot: Amazon EC2 Spot instances allow you to request spare Amazon EC2 computing capacity for up to 90% off the On-Demand price.
- If you terminate an instance, you will pay for the complete hour.
- If Amazon terminates the instance, you won't pay for the complete hour.
- The following are the possible reasons that Amazon EC2 might interrupt your Spot Instances:
- Price – The Spot price is greater than your maximum price.
- Capacity – If there are not enough unused EC2 instances to meet the demand for Spot Instances, Amazon EC2 interrupts Spot Instances. The order in which the instances are interrupted is determined by Amazon EC2.
- Constraints – If your request includes a constraint such as a launch group or an Availability Zone group, these Spot Instances are terminated as a group when the constraint can no longer be met.
-
Dedicated Hosts: Is a physical server with EC2 instance capacity fully dedicated to your use.
Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. EBS is automatically replicated in a specific AZ
SSD are good for random access.
- General Purpose SSD (GP2): General purpose SSD volume that balances price and performance. 3 IOPS per GB, up to 10k IOPS
- Provisioned IOPS SSD (io1): Designed for IO intensive, use it if you need more than 10k IOPS
Are great for sequential access (processing log files, bigdata work flows as an example).
- Throughput Optimized HDD (st1): Magnetic disk, this can't be a boot volume (root volume).
- Cold HDD (sc1): Lower cost storage, like file servers, can't be a boot volume.
- Magnetic (standard): Lowest cost per gigabyte of all EBS. It's bootable and it's from the previous storage generation.
As you would do in a bare-metal server, you can also create RAID arrays within AWS EC2 boxes using EBS volumes.
-
Remeber that the RAID available in AWS is only software
-
You can have two types of RAID:
- RAID 0 – splits ("stripes") data evenly across two or more disks. When I/O performance is more important than fault tolerance; for example, as in a heavily used database (where data replication is already set up separately). You can use RAID 0 configurations in scenarios where you are using heavy databases with perhaps mirroring and replication.
- RAID 1 – consists of an exact copy (or mirror) of a set of data on two or more disks. When fault tolerance is more important than I/O performance; for example, as in a critical application. With RAID 1 you get more data durability in addition to the replication features of the AWS cloud.
- RAID 5 and RAID 6 are not recommended for Amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes. Depending on the configuration of your RAID array, these RAID modes provide 20-30% fewer usable IOPS than a RAID 0 configuration. Increased cost is a factor with these RAID modes as well; when using identical volume sizes and speeds, a 2-volume RAID 0 array can outperform a 4-volume RAID 6 array that costs twice as much.
Remember also that you can create snapshots of your RAID arrays
- Termination protection is turned off by default.
- The EBS root volume by default is deleted at termination.
- Default AMI's (provided by Amazon) cannot be encrypted.
- Additional volumes can be encrypted.
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
- All Inbound traffic is Blocked by Default.
- All Outbound traffic is Blocked by Default.
- All security groups changes are applied immediately.
- Security groups are stateful. For example, if you allow the request to come in, automatically responses can go out even if you don't have anything on the outbound section of your security group.
- You can specify only allow rules, not deny rules.
- Instances and Volumes MUST be in the same AZ
- Snapshots exists in S3.
- Snapshots are a point in time copies of Volumes.
- Snapshots are incremental (only differences are saved)
- Snapshot of root volumes require the instance to be stopped.
- You can't delete a snapshot of an EBS volume that is used as the root device of a registered AMI.
- You can change EBS volumes size and type on the fly.
- To move an EC2 volume from one AZ/Region to another, take a snap or an image of it, then you can copy them to the new AZ/Region.
- Snapshots of encrypted volumes are encrypted automatically
- Volumes restored from an encrypted snapshot will be encrypted as well.
- You can share snapshots only if they are not encrypted, these snapshots can be made public.
-
EBS: Amazon EBS provides durable, block-level storage volumes that you can attach to a running instance
- EBS takes less time to provision.
- EBS volumes can be kept once the instance is terminated.
-
Instance Store / Ephemeral storage: This storage is located on disks that are physically attached to the host computer
- Instance Store Volumes can't be stopped, if the host fails, you lose data.
- You can reboot the instance without losing data.
- You can not detach Instance Store Volumes.
- Instance store volumes cannot be kept once the instance is terminated.
Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, and others.
- Application Load balancers: Best for load balancing HTTP & HTTPS traffic. They operate at layer 7.
- Network Load Balancer: Loadbalancing TCP traffic where extreme performance is needed. They operate at layer 4.
- Classic Load Balancer: Legacy ELB, mostly operate at layer 4, but can go up to 7.
(XFF) The HTTP header field is a common method for identifying the originating IP address of a client connecting to a web server through an HTTP proxy or load balancer.
- You must set up health checks in order to let the load balancer to understand if the instances are up and running
- Load balancers won't expose any IP, instead they expose DNS names.
dig +short MyClassicELB-57286656.eu-west-2.elb.amazonaws.com
35.176.153.196
35.176.224.44At the time of writing, the lab instructs you to create one EC2 instance and configure the load balancer to simply point against it.
My suggestion is to create 2 instances instead and change the index.html in something like instance_1 and instance_2 so you can see what box the load balancer decides to send your requests. Doing so, allows you to also confirm that if an instance is down, the load balancer automatically forwards traffic to the remaining one still online.
- Standard monitoring is 5 min and * Detailed monitoring is 1 min (you will be charged for it)
- Dashboard used to visualize what's happening with your AWS environment.
- Alarms can be set to notify when a specific threshold is hit
- Events can be used to perform actions when state changes happen in your AWS resources.
- Logs can be aggregated in a single place to better troubleshoot. Remember that you need to install an agent on the EC2 instance.
- By default, Matrics on EC2 instances are: CPU related, Disk related, Network related and Status check related.
Remember that:
- CloudWatch: is for monitoring resources
- CloudTrail: is for auditing
- Roles avoid you to store credentials inside EC2 instances in order to communicate with other AWS services
- Roles can be assigned after an EC2 instance it has been provisioned
- Roles are universal, you can use them in any region.
Within your local instance run:
http://169.254.169.254/latest/meta-data
This will give you the top level metadata items, something like this.
[ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
events/
hostname
iam/
instance-action
instance-id
instance-type
local-hostname
local-ipv4
mac
metrics/
network/
placement/
profile
public-hostname
public-ipv4
public-keys/
reservation-id
security-groups
services/
If you want to access a specific item, simply add it at the end of your request:
[ec2-user ~]$ curl http://169.254.169.254/latest/meta-data/ami-id
ami-12345678There is also one URL for user data
[ec2-user ~]$ curl http://169.254.169.254/latest/user-data/- A launch configuration is an instance configuration template that an Auto Scaling group uses to launch EC2 instances
- An Auto Scaling group contains a collection of Amazon EC2 instances that are treated as a logical grouping for the purposes of automatic scaling and management.
Autoscaling group will automatically spread evenly on the number of instances across the AZ you selected once you configured it. So 3 AZ with 3 as group size, means 1 box in each AZ
You can launch or start instances in a placement group, which determines how instances are placed on the underlying hardware. When you create a placement group, you specify one of the following strategies for the group:
- Cluster – clusters instances into a low-latency group in a single Availability Zone.
- Spread – spreads instances across underlying hardware and can spread in multiple Availability Zones.
- Partition – spreads instances across logical partitions, ensuring that instances in one partition do not share underlying hardware with instances in other partitions.
Some notes about placement groups:
- The name you specify for a placement group must be unique within your AWS account.
- Only specific types of instances can be launched in a placement group.
- You can't merge placement groups.
- You can't move an existing instance into a placement group.
- If the exam refers to placement groups, without mentioning which type, it's most probably talking about the Cluster ones since those are the old ones.
Amazon EFS provides scalable file storage for use with Amazon EC2. You can create an EFS file system and configure your instances to mount the file system
-
Supports NFSv4.
-
You only pay for the storage you use.
-
Scale up to petabytes.
-
Can support thousands of concurrent connections.
-
Data is stored across multiple AZ.
-
Read after write consistency.
-
You need to make sure that the EC2 instance that needs to connect with the EFS volume, is associated with the same security group you have on the EFS volume.
-
You can assign permissions at the file level and at the folder level.
AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume - there is no charge when your code is not running. Lambda basically is based on triggers.
You can use lambda in two ways:
- Event-driven based: Lambda runs your code based on events, such, new file on S3 or a new alarm on cloudwatch
- Compute-service based: Lambda runs your code based on HTTP requests using an API Gateway or API calls made using AWS SDKs.
AWS lambda, supports: C#, Node.js, Python, and Java
Lambda is charged as follow:
- First 1M requests per month are free. $0.20 PER 1M requests thereafter
- Duration: You are charged for the amount of memory you allocate on your functions. First 400,000 GB-seconds per month, up to 3.2M seconds of computing time, are free.
- Your functions can't go over 5 minutes in run-time.
Make sure you have a look at what CORS is.