AWS EC2

core concepts

sizing & configuration options

  • OS (Linux, Windows, MacOS)
  • CPU
  • RAM
  • Storage
    • EBS & EFS
    • EC2 Instance Store
  • Network card
  • Security Group
    • Inbound
    • Outbound
  • Bootstrap script (user data)

User Data

  • Bootstrap instances using an EC2 User data script
  • executing commands when instance starts
  • only run once
  • run with the root user (privilege)

EC2 Instances

m5.2xlarge:

  • m: instance class
  • 5: generation
  • 2xlarge: size within the instance class

instance types

  • general purpose
  • compute optimized
    • batch processing workload
    • media transcoding
    • high performance web servers
    • high performance computing
    • scientific modeling & machine learning
    • dedicated gaming servers
  • memory optimized
    • high performance, relational/non-relational db
    • distributed web scale cache stores
    • in-memory databases optimized for business intelligence
    • applications performing real-time processing of big unstructured data
  • accelerated computing
  • storage optimized
    • high frequent OLTP systems
    • relational & NoSQL db
    • cache
    • data warehousing
    • distributed file system
  • graviton
    • best price performance
    • not support windows
  • HPC optimized
  • instance features
  • measuring Instance Performance

included metrics

  • CPU
  • Network
  • StatusCheck
  • Disk

RAM is not included in the AWS EC2 metrics

Security Groups

  • control how traffic is allowed into or out of our EC2
  • only contain allow rules
  • can reference by IP or by security group

aws-security-group-sample.png

referencing other security group, don’t need to configure instance-ip

should know

  • Can be attached to multiple instances
  • Locked down to a region / VPC combination
  • Does live “outside” the EC2 – if traffic is blocked the EC2 instance won’t see it
  • It’s good to maintain one separate security group for SSH access
  • If your application is not accessible (time out), then it’s a security group issue
  • If your application gives a “connection refused“ error, then it’s an application error or it’s not launched
  • All inbound traffic is blocked by default
  • All outbound traffic is authorized by default

classic ports

  • 22 = SSH (Secure Shell)
  • 21 = FTP
  • 22 = SFTP
  • 80 = HTTP
  • 443 = HTTPS
  • 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance

EC2 with ssh 

1
2

# aws create default user `ec2-user`
ssh -i your_ec2_private_key.pem ec2-user@public_v4_ip

EC2 Instance Connect

  • a temporary key is uploaded onto EC2 by AWS
  • works only out-of-the-box with Amazon Linux 2
  • need open port 22

Instance Roles

Combine EC2 user ec2-user to your desired roles, to limit awscli permissions.

It’s a bad idea to save your own access-key to the EC2 instance.

Purchasing Options

  • On-Demand Instances – short workload, predictable pricing, pay by second(linux, windows), other-operating-systems billing per hour
    • the highest cost but no upfront payment
    • no long-term commitment
  • Reserved (1 & 3 years)
    • reserve a specific instance attributes (instance-type, region, tenancy, OS)
    • Reserved Instances – long workloads
    • regional, zonal
    • Convertible Reserved Instances – long workloads with flexible instances
    • stop ASAP as you don’t need it any more, and sell at AWS EC2 market
  • Savings Plans (1 & 3 years) – commitment to an amount of usage, long workload
    • long term usage
    • commit to a certain type of usage
  • Spot Instances – short workloads, cheap, can lose instances (less reliable)
    • distributed workloads
  • Dedicated Hosts – book an entire physical server, control instance placement
    • allows you address compliance requirements and use your existing server-bound software licenses
    • most expensive option
  • Dedicated Instances – no other customers will share your hardware
    • may share hardware with other instances in same account
    • no control over instance replacement (can move hardware after Stop/Start)
  • Capacity Reservations – reserve on-demand instances capacity in a specific AZ for any duration
    • no time commitment, no billing discounts

Spot instances

90% discount compared to on-demand

Spot Request

  • maximum price
  • desired number of instances
  • launch specification
  • request type: one-time | persistent
  • valid from, valid until

Spot Fleets: automatically request spot instances with the lowest price

  • a set of spot instances + on-demand instances
  • try to meet the target capacity with price constraints
  • strategies to allocate
    • lowest price
    • diversified
    • capacity optimized
    • price capacity optimized

IP

EC2 public IP is temporal by default, changes every reboot. We could bind elastic-ip to prevent this. you can only have 5 ElasticIP in your account by default.

Placement Group

Place Strategy

  • Cluster - clusters instances into a low-latency group in a single AZ
  • Partition - spreads instances across many different partitions within an AZ
    • Scales to 100s of EC2 per group (Hadoop, Cassandra, Kafka)
  • Spread - spreads instances across underlying hardware (max 7 instances per group per AZ)

ENI

  • Elastic Network Interfaces
  • Logical component in a VPC that represents a virtual network card
  • could be created independently and attached to EC2 instances for failover on the fly
  • Bound to a specific AZ
  • attributes (IPv4)
    • primary private IP, one or more secondary IP
    • one elastic IP per private IP
    • one public IP
    • one or more security groups
    • one mac address

EC2 Hibernate

  • The in-memory state is preserved
  • The instance boot is much faster
  • the RAM state is written to a file in the root EBS volume
  • The root EBS volume must be encrypted

on start

  • os boots
  • user data script
  • os boots up
  • application starts

good to know

  • RAM must be less than 150 GB
  • not supported for bare metal instances
  • support multiple AMIs
  • must be EBS, encrypted
  • available for on-demand, reserved and spot instances
  • can not be hibernated more than 60 days

EBS (Elastic Block Store)

  • A network drive you can attach to your instances while they are running
  • allows your instances to persist data, after their termination
  • only can be mounted to one instance at a time (at the CCP level)
  • bound to a specific AZ
  • has a provisioned capacity (size in GBs, and IOPS)
  • Delete on Termination Attribute (controls the EBS behavior when an EC2 instance terminates)
    • by default, the root EBS volume is deleted
    • through AWS console / AWSCLI
  • EBS Snapshots
    • make a backup (snapshot) of EBS volume at a point in time
    • can copy snapshots across AZ or Region (s3)
    • features
      • snapshot archive
      • recycle bin for snapshot
      • FSR (fast snapshot restore)
        • force full initialization of snapshot to have no latency on the first use ($$$)

AMI

  • Amazon Machine Image
  • a customization of an EC2 instance
  • built for a specific region, can be copied across region
  • built from running instance (with EBS snapshots)
  • AWS provided, custom, Image Market

Instance Store

high-performance hardware disk Very High IOPS (compared to EBS)

  • better I/O performance, writeIOPS 35000 ~ 1.6 million
  • ephemeral lose storage contents if stopped
  • good for buffer / cache / scratch data / temporary content
  • risk of data loss if hardware fails
  • backup and replication are your responsibility

EBS Volume Types

characterized Size, through-put, IOPS

  • GP2 / GP3 (SSD) General Purpose
    • 1GiB ~ 16 TiB
    • max IOPS 16000
  • IO1 / IO2 (SSD) Highest-performance
    • more than 16000 IOPS
    • 4 GiB ~ 16TiB, 64TiB
    • supports EBS multi-attach (single AZ)
    • max IOPS 256000 / 64000
  • HDD
    • cannot be root volume
    • 125 GiB ~ 16 TiB
    • ST1 (HDD): low cost hdd volume designed for frequently accessed, throughput-intensive workloads
    • SC1 (HDD): lowest cost hdd designed for less frequently accessed workloads

only gp2/gp3 and io1/io2 can be used as boot volumes

EBS MISC

  • EBS Multi-Attach (IO1/IO2), attach the same EBS volume to multiple EC2 instances in the same AZ
    • up to 16 EC2 at a time
    • must use a file system that’s cluster-aware (not XFS, EXT4, etc…)
  • EBS encryption
    • Data at rest is encrypted inside the volume
    • All the data in flight moving between the instance and the volume is encrypted
    • All snapshots are encrypted
    • All volumes created from the snapshot
    • encrypt an unencrypted EBS volume 1. create an snapshot of the volume 2. encrypt the EBS snapshot (using copy) 3. create new EBS volume from the snapshot which will also be encrypted

EFS - Elastic File System

  • Managed NFS (NFSv4.1 protocol)
  • works with EC2 instances in multi-AZ
  • highly available, scalable, expensive (3x gp2), pay per use
  • use security group to control access to EFS
  • Compatible with Linux based AMI (POSIX file system)
  • EFS Scale
    • 1000s of concurrent NFS clients, 10GB+/s throughput
    • grow to petabyte-scale NFS, automatically
  • storage tiers
    • standard
    • infrequent access (EFS-IA)
  • availability and durability
    • standard
    • one-zone
  • performance mode
    • general purpose
    • max IO
  • throughput mode
    • bursting
    • provisioned
    • elastic

References

AWS Cloud
Licensed under CC BY-NC-SA 4.0
© 2021 - 2024 harus-note
Get Things Done
Built with Hugo
Theme Stack designed by Jimmy