EC2 Fundamentals

 I. AWS Budget Setup

Bills

Free tier

To get alerts about your upcomming costs, the best thing to do is to go into creating an AWS Budget.



II. EC2 basics.
1. Amazon EC2.
  • EC2 is one of the most popular of AWS's offering.
  • EC2 = Elastic Compute Cloud = infrastructure as a service
  • it mainly consists in the capbility of:
    • Renting Virtual machines (EC2)
    • Storing data on virtual drives (EBS)
    • Distributing load across machines (ELB)
    • Scaling the services using an auto-scaling group (ASG)
  • Knowing EC2 is fundamental to understand how to Cloud works
2. EC2 rizing & and configuration options.
  • Operation System (OS): Linux, MacOS, Window.
  • How much compute power & cores (CPU)?
  • How much ramdom-access memory(RAM)
  • How much storage space:
    • Network-attached (EBS &EFS)
    • hardware  (EC2 instance storage)
  • Network card: speed of the card, Public IP address.
  • Firewall rules: security group
  • Bootstrap script ( configure at the first launch): UC2 User Data
3. EC2 User Data
  • it's possible to bootstrap our intances using EC2 user data script.
  • bootstrapping mean launching commads when a machine starts
  • that script is only run once at the instance first start
  • EC2 User Data is used to automate boot tasks such as: 
    • installing updates
    • installing software
    • Downloading common file from internet
    • any thing you can thing of
  • The EC2 User Data Script runs with the root user.
4. EC2 instance types
III. EC2 instance Type Basics
1. Overview
  • AWS has the following naming convention. Vd: m5.2xlarge
    • m: instance class
    • 5: generation (AWS improves they over time)
    • 2xlarge within the instance class
2. EC2 instance types - Compute Optimized
  • Greate for compute-intensive task that require hight performance processers:
    • Batch processing workloads
    • Media transcoding
    • Hight performance web server.
    • Hight performance computing(HPC)
    • Scientific modeling & machine learning
    • Dedicated server
3. EC2 instance types - Memory Optimized
  • Fast performance for workloads that process large data sets in memory
  • Use cases:
    • Hight performance, relational/non-relational databases
    • distributed web scale cache stores
    • in-memory databases optimized for BI (Business intellgence)
    • Application performing real-time processing of big unstructured data
4. EC2 instance types - Storage Optimized
  • Great for storage-intensive tasks that require hight, sequential read and write access to very large data sets on local storage.
  • use cases:
    • hight frequency online transaction processing (OLTP) systems
    • relational & NoSQL Databases
    • cache for in-memory database (for example: Redis)
    • Data warehousing applications
    • Distributed file system.
IV. Security Group and Classic ports Overview
1. introduction to security groups
  • Security groups are the fundamental of network security in AWS 
  • They control how traffic is allowed into or out of our EC2 instances
  • Security Groups only contain allow rules
  • Security Group rules can reference by IP or by security group
2. Security group deeper dive
  • Security group are acting as a "firewall" on EC2 instances
  • they regulate:
    • access to ports
    • authorised IP ranges - IPv4 and IPv6
    • Control of inbound network (from other to the instance)
    • Control of outbound network (from instance to the other)
3. Security Groups Diagram
4. Security Groups good to know
  • Can be attached to mutiple instances
  • Locked down to a region / VPC combination
  • Does live outside the EC2 - if traffic is blocked the EC2 instance won't see it
  • it's good to maintain one separate security group for SSH access
  • if your application is not accessible (time out), then it's a security group issue
  • if your application gives a "connection refused" error, then it's an application error or it's not launched
  • All inbound traffic is blocked by default
  • All outbound traffic is authorised by default
5. referencing orther security groups diagram
6. Classic ports to know
22 = SSH (Secure Shell) - log into a linux instance
21 = FTP ( File Tranfer Protocol) - upload files into a file share
22 = SFTP ( Secure File Tranfer Protocol) - upload files using SSH
80 = HTTP ( Access Unsecure Websites)
443 = HTTPS ( Access Secure Websites)
3389 = RDP (Remote Desktop Protocol) - log into a window instance
V. Security Groups Hands on
VI. SSH
  • SSH is one of the most important function. It allows you to control a remote machine, all using the command line.
  • Connect to EC2 instance using SSH from your PC via CLI

hello-world.pem is a key pair, it is associated with this EC2 instance.
VII. EC2 Instance Roles Demo
for example: 
  • never enter your IAM API key in the EC2 instance, it will confict with other user. instead, what we have to do is use IAM Roles
create or select IAM role
add Role to EC2 instance you want


VIII. EC2 Instances Purchasing Options
  • On-demand instances - short workload, predictable pricing, pay by second
  • Reserved (1 &3 years)
    • Reserved instances - long workload
    • Convertible Reserved Instance long workload with flexible instances.
  • Savings plan (1 & 3 years) - commitment to an amount of usage, long workload
  • Spot instances - short workloads, cheap, can lose instance (less reliable)
  • Dedicated Hosts - book an entire physical server, control instance placement
  • Dedicated Instances - no other customers will share your hardware
  • Capacity Reservations - reserve capacity in a specific AZ for any duration
1. EC2 On-Demand
  • Pay for what you use:
    • Linux or window: billing per second after fisrt minute
    • All other Operating systems billing per hour
  • Has the highest cost but no upfront payment
  • No long-term commitment
  • Recommended for sort-term and un-interrupted workloads, where you can't predict how the application will behave
2. EC2 Reserved Instances
  • upto 72% discount compared to On-demand
  • you reserve a specific instance attributes (Instance type, Region, Tenancy, OS)
  • Reservation Period: 1year (+ discount) or three year (+++discount)
  • Payment Options: No Upfront(+), Partial Upfront (++), All Upfront (+++) 
  • Reserved Instance's Scope - Regional or Zonal (reserve capacity in a AZ)
  • Recommended for steady-state usage applications (think database)
  • You can buy and sell in the Reserved Instance Marketplace
  • Convertible Reserved Instance
    • can change the EC2 instance type, instance family, OS, Scope, tenancy
    • upto 66% discount
3. EC2 Saving Plans
  • Get a discount based on long-term usage (up to 72% - same as RIs)
  • Commit to a certian type of usage (10$/hour for 1 or 3 years)
  • Usage beyond EC2 Saving Plans is billed at the On-Demand Price
  • Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
  • Flexible across:
    • Instance size (e.g., m5.xlarge, m5.2xlarge)
    • OS (e.g, Linux, Window)
    • Tenancy (Host, Dedicated, default)
4. EC2 Spot Instances
  • Can get a discount of up to 90% discount compared to On-demand
  • Instances that you can "lose" at any point of time if your max price is less than the current spot price.
  • the most cost-efficient instances in AWS
  • Useful for workloads that are resilient to failure
    • Batch jobs
    • Data analysis
    • Image processing
    • Any distributed workloads
    • Workload with a flexible start and end time
  • Not suitable for critical jobs or databases
5. EC2 Dedicated Hosts
  • A physical server with EC2 instance capacity full dedicated to your use
  • Allows you address compliance requirements and use your existing server-bound software Licenses (per-socket, per-core, per-VM software licenses)
  • Purchasing Options:
    • On-Deman - pay per second for active dedicated host
    • Reserved - 1 or 3 years (No upfront, partial upfront, All upfront)
  • The most expensive option
  • Useful for software that have complicated licensing model (BYOL - Bring your own licenses)
  • Or for companies that have a strong regulatory or compliance needs.
6. EC2 Dedicated Instances
  • Instances that run on hardware that's dedicated for you
  • May share hardware with other instances in same account
  • No control over instance placement (can move hardware after stop/start)
7. EC2 Capacity Reservations
  • Reserve On-demand instances capacity in a specific AZ for any duration
  • You always have access to EC2 capacity when you need
  • No time commitment (create/cancel anytime), no billing discounts
  • Combine with Regional Reserved Instances and Saving plans to benefit from billing discouts
  • you're charged at On-Demand rate whether you run instances or not
  • Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ.
Price Comparison


Reference: Content based on "Ultimate AWS Certified Developer Associate 2023 NEW DVA-C02."

    Comments

    Post a Comment

    Popular posts from this blog

    IAM & AWS CLI

    Image
     I. IAM introduction: Users. Groups, Policies 1. IAM: Users & Groups IAM = indentity and Access Management, Global service. Root account create by default, shouldn't be used or shared (not best practice to use the root account) Users are people within organization, and can be grouped. Groups only contain users, not other groups. Users don't have to belong to a group, and user can belong to mutiple groups 2. IAM: Permissions Users or Groups can be assigned JSON ducuments called policies. These policies define the permissions of the users In AWS you apply the least privilege principle: don't give more permissions than a user needs. II. IAM Users & Groups Hands On create User  create or select one Group existed III. IAM Policies A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. Permissions in the policies determine whether the request is allowed or denied. AWS Document :  Policies and permissions in IAM 1...
    Read more

    AWS Fundamentals: ELB + ASG

    Image
    I. Elastic Load Balacing overview 1. What is load balacing? Load Balances are servers that forward traffic to multiple servers(e.g., EC2 instances) downstream 2. Why use a load balacer? Spread load across multiple downstream instances Expose of single point of access (DNS) to your application Seamlessly hanle failures of downstream instances Do regular health checks to your instances Provide SSL termination (HTTPS) for your websites Enforce stickiness with cookies High availability across zones Separate public traffic from private traffic 3. Why use an Elastic load balancer? An Elastic load balancer is a managed load balancer AWS guarantees that it will be working AWS takes care of upgrades, maintenance, hight availability AWS provides only a few configuration knobs It costs less to setup your own load balancer but it will be a lot more effort on your end It's intergrated with many AWS offerings/ services EC2, EC2 Auto Scaling Groups, Amazon ECS AWS Certificate Manager (ACM), Cloud...
    Read more