AWS Cheat Sheets - Compute Services - EC2 Dojo Flashcards
What is EC2?
A Linux/Windows/Mac based virtual server that you can provision
AWS Ntro System
This is the underlying platform of the next generation of EC2 instances.
Traditionally, hypervisors protect the physical hardware and BIOS, virtualize the CPU, storage, networking and provide a rich set of management capabilities.
With the Nitro System, these functions are offloaded to dedicated hardware and software, thereby reducing costs of your instances in the process.
Hence, the Nitro Hypervisor delivers performance that is indistinguishable from bare metal and performs better than its predecessors
Host Recovery fro Amazon EC2
This automatically restarts your instances on a new host in the event of an unexpected hawardware failure on a Dedicated Host
EC2 Hibernation
This is available for On Demand and Reserved Instances running on freshly launched instances running Amazon Linux and Ubuntu.
You can enable hibernation for your EBS backed instances at launch.
You can then hibernate and resume your instances through the AWS Management Console or through the AWS SDK and CLI using the existing stop instances and start instances commands
Hibernation requires an EC2 instance to be an encrypted EBS backed instance
EC2 Instance States
Start - run your instance normally. You are continuously billed when your instance is running
Stop - This is just a normal shutdown. You may restart it again anytime. All EBS volumes remain attached, but data in instance store volumes are deleted. You wont be charged for usage while instance is stopped. You can attach or detach EBS volumes.You can also create an AMI from the instance, and change the kernel, RAM disk, and instance type while in this state
Hibernate - When an instance is hibernated, it writes the in memory state to a file in the root EBS volume and then shuts itself down. The AMI used to launch the instance must be encrypted, and also the root EBS volume of the instance. The encryption ensures proper protection for sensitive data when it is copied from memory to the EBS volume. While the instance is in hibernation, you pay only for the EBS volumes and Elastic IP Addresses attached to it; there are no hourly charges
Terminate - Instance performs a normal shutdown and gets deleted. You wont be able to restart an instance once you terminate it. The root device volume is deleted by default, but any attached EBS volumes are preserved by default. Data in instance store volumes are deleted. You can prevent accidental termination by enabling termination protection
Root Device Volumes
The root device volume contains the image used to boot the instance
Instance Store Backed Instances
Any data on the instance store volumes is deleted when the instance is terminated (instance store backed instances do not support the Stop action) or if it fails (such as if an underlying drive has issues)
You should also back up critical data from your instance store volumes to persistent storage on a regular basis
Amazon EBS Backed Instances
An Amazon EBS backed instance can be stopped and later restarted without affecting data stored in the attached volumes
When in a stopped state, you can modify the properties of the instance, change its size, or update the kernel it is using, or you can attach your root volume to a different running instance for debugging or any other purpose
By default the root device volume for an AMI backed by Amazon EBS is deleted when the instance terminates
Previously, to launch an encrypted EBS backed EC2 instance from an unencrypted AMI, you would first need to create an encrypted copy of the AMI and use that to launch the EC2 instance. Now you can launch encrypted EBS backed EC2 instances from unencrypted AMIs directly
Amazon Machine Image (AMI)
This is a template for the root volume for the instance (OS, application server and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it is launched
You can copy AMIs to different regions
EC2 Pricing
On Demand - pay for the instances that you use by the second, with no long term commitments or upfront payments
Reserved - Make a low, one time, up front payment for an instance, reserve it for a one or three year term, and pay a significantly lower hourly rate for these instance. It has two offering classes: Standard and Convertible
The Standard Class provides the most significant discount but you can only modify some of its attributes during the term. It can also be sold in the Reserved Instance Marketplace
The Convertible Class provides a lower discount than Standard Reserved Instances, but can be exchanged for another Convertible Reserved Instance with different instance attributes. However this one cannot be sold in the Reserved Instance Marketplace
Spot - request unused EC2 instances, which can lower your costs significantly. Spot Instances are available at up to a 90% discount compared to On Demand.
Spot Fleet
This is a collection of Spot instances and optionally On Demand Instances. The service attempts to launch the number of Spot Instances and On Demand Instances to meet your specified target capacity. The request for Spot Instances is fulfilled if there is available capacity and the maximum price you specified in the request exceeds the current spot price. The Spot Fleet also attempts to maintain its target capacity fleet if your Spot Instances are interrupted
Spot Capacity Pool
This is a set of unused EC2 instances with the same instance type, OS, Availability Zone and network platform.
You can start and stop your Spot Instances backed by Amazon EBS at will.
You can modify instance types and weights for a running EC2 Fleet or Spot Fleet without having to recreate it
EC2 Security
Use IAM to control access to your instances with IAM Policies and IAM roles
Restrict access by only allowing trusted hosts or networks to access ports on your instance
Security Group
Acts as a virtual firewall that controls the traffic for one or more instances.
You can create different security groups to deal with instances that have different security requirements
You can add rules to each security group that allow traffic to or from its associated instances
You can modify the rules for a security group at any time
New rules are automatically applied to all instances that are associated with the security group
Evaluates all the rules from all the security groups that are associated with an instance to decide whether to allow traffic or not
By default, security groups allow all outbound traffic
Security Groups rules are always permissive; you cant create rules that deny access
Security groups are stateful
Elastic IP Address
This is a static IPv4 address designed for dynamic cloud computing
With it, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
If you have not enabled auto assign public IP address for your instance, you need to associate an Elastic IP address with your instance to enable communication with the Internet
An Elastic IP address is for use in a specific region only
By default, all AWS accounts are limited to 5 Elastic IP addresses per region, because public internet addresses are a scarce public resource
