3 - Compute Flashcards
What are the models to hire EC2 instances?
On-demand: pay per second (linux) or per hour (windows)
Reserved instances
Spot instances: placed a bid price. If AWS terminate, you don’t pay for the part-hour. If you terminate, you pay for full hour
What are the options for reserved instances?
Can be 1 or 3 year terms with full, partial or no upfront payment.
Standard RI is a fixed instance type and platform provided continuously
Convertible RI allows the instance type and platform to be exchanged for another convertible RI of equal or greater price
Scheduled RI is for particular time windows (daily, weekly or monthly)
How can EC2 instances use IAM?
Roles can be attached at launch or while they are running
What are the available instance types?
F1 - FPGA I3 - high-speed storage G3 - graphics H1 - high-disk throughput T2 - low cost
D2 - dense storage
R4 - memory optimised
M5 - general purpose
C5 - compute optimised
P3 - GPU
X1 - extreme memory i.e. for SAP
Use the mnemonic “FIGHT DR McPX”
How are EC2 instance monitored?
With instance checks, and health checks
in the context of EC2 instances, what are instance checks?
Instance checks are run every 5 minutes; additional charges apply for 1-minute monitoring
System status checks ensure the infrastructure is working by attempting to reach the hypervisor
Instance status checks ensure the instance is healthy by reaching the OS
What are health checks?
Health checks monitor EC2 instance metrics to determine whether they are healthy.
The healthy and unhealthy thresholds are the number of consecutive checks that must be passed/failed before the instance is declared as unhealthy or healthy again
What CloudWatch metrics are available?
The default metrics are CPU, disk operations, network and status checks.
A CloudWatch agent can be installed to upload the application logs.
Custom metrics can be implemented i.e. RAM usage and available disk space
How can instances access information about themselves?
Using the metadata service at http://169.254.169.254/latest/meta_data
How are EC2 instances protected?
Connections require a key pair consisting of a public and private key (the latter cannot be regenerated)
Security groups control traffic to and from the instance.
How do security groups work?
They are attached to one or more instances in a single VPC.
They are stateful - if traffic sent by an instance is allowed, the return traffic will be too.
Security group rules only allow traffic - everything is blocked by default.
Multiple security groups can be attached to one instance. It is possible to attach multiple SGs to one instance
Can one instance have multiple security groups?
Yes.
Can security groups block specific IP addresses?
No
What are the basics of EBS?
They are virtual drives that can be attached to EC2 instances.
They are placed in a specific AZ but are replicated to protect against component failure.
EBS volumes must be in the same AZ as the instance they are mounted to
What EBS volume types are available?
- GP2
- IO1
- ST1
- SC1
- Magnetic Standard
What is the GP2 volume type?
This is the default option. It is bootable and balances price with performance.
It provides 3 IOPS per GB up to 10,000 IOPS
Volumes of at least 3334 GB can burst up to 30,000 for extended periods of time
What is the IO1 volume type?
They can be provisioned for up to 10,000 IOPS for consistently high performance
What is the ST1 volume type?
Throughput optimised HDD - it isn’t bootable but is ideal for big data
What is the SC1 volume type?
Cold HDD - it is the lowest-cost EBS option but isn’t bootable
What is Magnetic Standard?
A legacy offering that can be used as a boot drive
How are EBS volumes managed?
The capacity of all volume types (except Magnetic Standard) can be increased while the device is running, even if it’s a boot volume
By default, root EBS volumes are deleted on instance termination. Other volumes persist.
Snapshots can be made periodically.
Why is it important to prevent accidentally terminating EC2 instances? How can this be done?
By default, root EBS volumes are deleted on instance termination.
Termination protection adds an extra step to terminating instances. It is off by default.
How do EBS snapshots work?
It is recommended - but not necessary - to stop instances before snapshotting their volumes
Snapshots are incremental and are stored in S3. They can be moved between AZs, copied to other regions, and converted into AMIs
Snapshots and AMIs of encrypted instances are encrypted by default
How do AMIs work?
Instance stores have a volume copied from S3 to ephemeral storage as their root device. They cannot be stopped; if the underlying host fails, the data is lost
EBS based AMIs do not lose data if the host fails
You can’t delete a snapshot that is being used as the root device of a registered AMI
Under what conditions can EBS volumes be encrypted?
It’s not possible to encrypt root volumes of default AMIs - either use a third-party tool or AMI
Additional volumes can be encrypted as-is
Can snapshots and AMIs be shared between accounts?
Yes, but not if they are encrypted as the encryption keys are stored in the account
What are the key use cases for RAID arrays?
Even more IOPS or redundancy is required
What is a key consideration when managing RAID arrays?
Taking a snapshot excludes data in the cache - this is problematic as it is purely software; EC2 doesn’t support hardware RAID
As such, it is recommended to take an application consistent snapshot by first freezing the file system, unmounting the RAID array, or shutting down the instance
How do placement groups work?
There are two kinds:
- Clustered placement groups place instances in the same AZ
- Spread placement groups create instances in separate AZs
Only certain instance types support placement groups. Amazon recommends that all instances in a group are the same type.
Instances can only be added to groups at launch time.
What load balancer types are available on AWS?
Application Load Balancers operate on Level 7, allowing intelligent routing decisions
Network Load Balancers operate on Layer 4 and so are used where high-performance is required
Classic Load Balancers are a legacy offering that allows for some Layer 7 functions i.e. sticky sessions
What happens if a load balancer can’t reach the backing servers?
You get an Error 504: Gateway Timeout
Can backing servers see the IP of the original client?
Yes as load balancers pass along the X-Forwarded_for header
What are auto-scaling groups used for?
Managing demand and failing instances
How do auto-scaling groups work?
They maintain a fleet of EC2 instances at the desired count. This count can be modified based on CloudWatch Alarms using scaling policies
They are generally configured to receive traffic from ELBs. Health checks are continuously performed for their instances.
Which services can trigger Lambda functions?
API Gateway, Alexa Skills, AWS IoT, CloudFront, CloudWatch Events and Logs, CodeCommit, Cognito Sync, Kinesis, S3, SNS and DynamoDB
What are the advantages of containerisation?
It provides better control over dependencies, ensures consistent deployments, and isolation between applications on a server
What are the key concepts of Docker?
An image contains everything to build a container. A DockerFile contains the actual instructions to do this
How does ECS work?
It runs containers on a fleet of EC2 instances or FarGate
It’s a regional service but can span multiple AZs and can work within a VPC
Tasks to run are specified by the Task Definition, which defines the images to use, resources to assign, and the Desired Count
What is required for EC2 servers to run ECS tasks?
The ECS Container Agent, which is only working on EC2 and only on Linux
How are permissions applied to ECS?
The server needs an IAM role to access the ECS service; separate roles can be assigned to each task
However, security groups apply at the instance level - not to individual tasks
How are ECS tasks scheduled?
An ECS Cluster is a logical grouping of instances. They are region specific and can include a mixture of instances.
The Service Scheduler automatically maintains the desired count and reschedules tasks if they fail. It allows a task to be registered against an ALB.
A Custom Scheduler allows direct management using an API
