3 - Compute Flashcards
What are the models to hire EC2 instances?
On-demand: pay per second (linux) or per hour (windows)
Reserved instances
Spot instances: placed a bid price. If AWS terminate, you don’t pay for the part-hour. If you terminate, you pay for full hour
What are the options for reserved instances?
Can be 1 or 3 year terms with full, partial or no upfront payment.
Standard RI is a fixed instance type and platform provided continuously
Convertible RI allows the instance type and platform to be exchanged for another convertible RI of equal or greater price
Scheduled RI is for particular time windows (daily, weekly or monthly)
How can EC2 instances use IAM?
Roles can be attached at launch or while they are running
What are the available instance types?
F1 - FPGA I3 - high-speed storage G3 - graphics H1 - high-disk throughput T2 - low cost
D2 - dense storage
R4 - memory optimised
M5 - general purpose
C5 - compute optimised
P3 - GPU
X1 - extreme memory i.e. for SAP
Use the mnemonic “FIGHT DR McPX”
How are EC2 instance monitored?
With instance checks, and health checks
in the context of EC2 instances, what are instance checks?
Instance checks are run every 5 minutes; additional charges apply for 1-minute monitoring
System status checks ensure the infrastructure is working by attempting to reach the hypervisor
Instance status checks ensure the instance is healthy by reaching the OS
What are health checks?
Health checks monitor EC2 instance metrics to determine whether they are healthy.
The healthy and unhealthy thresholds are the number of consecutive checks that must be passed/failed before the instance is declared as unhealthy or healthy again
What CloudWatch metrics are available?
The default metrics are CPU, disk operations, network and status checks.
A CloudWatch agent can be installed to upload the application logs.
Custom metrics can be implemented i.e. RAM usage and available disk space
How can instances access information about themselves?
Using the metadata service at http://169.254.169.254/latest/meta_data
How are EC2 instances protected?
Connections require a key pair consisting of a public and private key (the latter cannot be regenerated)
Security groups control traffic to and from the instance.
How do security groups work?
They are attached to one or more instances in a single VPC.
They are stateful - if traffic sent by an instance is allowed, the return traffic will be too.
Security group rules only allow traffic - everything is blocked by default.
Multiple security groups can be attached to one instance. It is possible to attach multiple SGs to one instance
Can one instance have multiple security groups?
Yes.
Can security groups block specific IP addresses?
No
What are the basics of EBS?
They are virtual drives that can be attached to EC2 instances.
They are placed in a specific AZ but are replicated to protect against component failure.
EBS volumes must be in the same AZ as the instance they are mounted to
What EBS volume types are available?
- GP2
- IO1
- ST1
- SC1
- Magnetic Standard
What is the GP2 volume type?
This is the default option. It is bootable and balances price with performance.
It provides 3 IOPS per GB up to 10,000 IOPS
Volumes of at least 3334 GB can burst up to 30,000 for extended periods of time
What is the IO1 volume type?
They can be provisioned for up to 10,000 IOPS for consistently high performance
What is the ST1 volume type?
Throughput optimised HDD - it isn’t bootable but is ideal for big data
What is the SC1 volume type?
Cold HDD - it is the lowest-cost EBS option but isn’t bootable
What is Magnetic Standard?
A legacy offering that can be used as a boot drive
How are EBS volumes managed?
The capacity of all volume types (except Magnetic Standard) can be increased while the device is running, even if it’s a boot volume
By default, root EBS volumes are deleted on instance termination. Other volumes persist.
Snapshots can be made periodically.
Why is it important to prevent accidentally terminating EC2 instances? How can this be done?
By default, root EBS volumes are deleted on instance termination.
Termination protection adds an extra step to terminating instances. It is off by default.
How do EBS snapshots work?
It is recommended - but not necessary - to stop instances before snapshotting their volumes
Snapshots are incremental and are stored in S3. They can be moved between AZs, copied to other regions, and converted into AMIs
Snapshots and AMIs of encrypted instances are encrypted by default
How do AMIs work?
Instance stores have a volume copied from S3 to ephemeral storage as their root device. They cannot be stopped; if the underlying host fails, the data is lost
EBS based AMIs do not lose data if the host fails
You can’t delete a snapshot that is being used as the root device of a registered AMI