AWS Compute Services - EC2

Question 1

Compute services:
Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Container Service (ECS)
Amazon Elastic Container Service with Kubernetes (EKS)
Amazon Lightsail
AWS Batch
AWS Lambda

Answer 1

Compute services

Question 2

Instances instead of servers
AWS programmatically creates a new virtual machine (VM) instance rather than providing an actual physical server when you launch and EC2 instance.

Answer 2

Instances instead of servers

Question 3

Hypervisor
Each physical server has a host operating system that runs a virtual machine monitor (VMM) also known as a hypervisor which instantiates multiple VM instances that you can use. These instances use guest operating systems that you can manage.

Answer 3

Hypervisor

Question 4

EC2
A linux-based/windows based/mac based virtual server that you can provision
You are limited to running on-demand instances per your vCPU based on demand instance limit, purchasing 20 reserved instances, and requesting spot instances per your dynamic spot limit per region

Answer 4

EC2

Question 5

AWS Nitro System
the underlying platform of the next generation of EC2 instances. Traditionally hypervisors protect the physical hardware and bios, virtualize the CPU, storage, networking, and provide a rich set of management capabilities. With the Nitro system these functions are offloaded to dedicated hardware and software, thereby reducing costs of your instances in the process. The Nitro hypervisor delivers performance that is indistinguishable from bare metal and performs better than its predecessor

Answer 5

AWS Nitro System

Question 6

Amazon Machine Images (AMI)

Package OS and additional installations in a reusable template

Answer 6

Amazon Machine Images

Question 7

Instance types - various configurations of CPU, memory, storage, and networking capacity for your instances.
t-type and m-type for general purpose
c-type for compute optimized
r-type, x-type, and z-type for memory optimized
d-type, h-type, and i-type for storage optimized
f-type, g-type, p-type for accelerated computing

Answer 7

instance types

Question 8

Key pairs - secure login information for your instances

Answer 8

key pairs

Question 9

instance store volumes
storage volumes for temporary data that are deleted when you STOP or TERMINATE your instance, known as instance store volumes.
You can stop an EBS-backed instance but not an instance store backed instance. You can only either start or terminate an instance store backed instance

Answer 9

Instance store volumes

Question 10

Persistent storage volumes for your data using Elastic Block Store (EBS) volumes

Answer 10

Persistent

Question 11

Security groups
a firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups

Answer 11

security groups

Question 12

Elastic IP addresses

static IPv4 addresses for dynamic cloud computing

Answer 12

Elastic IP addresses

Question 13

user-data

a script that will run on instance boot

Answer 13

user-data

Question 14

Host recovery for EC2

automatically restarts your instances on a new host in the event of an unexpected hardware failure on a dedicated host

Answer 14

Host recovery for EC2

Question 15

EC2 hibernation
available for on-demand and reserved instances. You can enable hibernation for your EBS-backed instances at launch. You can then hibernate and resume your instances through the AWS management console or through the AWS SDK and CLI using the existing stop-instances and start-instance commands. Hibernation requires an EC2 instance to be an encrypted EBS-backed instance

Answer 15

EC2 hibernation

Question 16

Instance States
start - run your instance normally. You are continuously billed while your instance is running.
Stop - just a normal instance shutdown. You may restart it again anytime. All EBS volumes remain attached, but data in instance store volumes are deleted. You won’t be charged for usage while instance is stopped. You can attach or detach EBS volumes. You can also create an AMI from the instance, change the kernel, RAM disk, and instance type while in this state.
Terminate - instance performs a normal shutdown and gets deleted. You won’t be able to restart an instance once you terminate it. The root device volume is deleted by default, but any attached EBS volumes are preserved by default. Data in instance store volumes are deleted.

Answer 16

Instance states

Question 17

Root Device volumes

the root device volume contains the image used to boot the instance.

Answer 17

Root device volumes

Question 18

Instance store - backed instances
any data on the instance store volumes is deleted when the instance is terminated (instance store-backed instances do not support the stop action) or if it fails (such as if an underlying drive has issues). You should also backup critical data from your instance store volumes to persistent storage or a regular basis

Answer 18

instance store - backed instances

Question 19

Amazon EBS-backed instances
an EBS backed instance can be stopped and later restarted without affecting data stored in the attached volumes. When in a stopped state, you can modify the properties of the instance, change its size, or update the kernel it is using, or you can attach your root volume to a different running instance for debugging or any other purpose.
by default the root device volume for an AMI backed by EBS is deleted when the instance terminates

Answer 19

Amazon EBS-backed instance

Question 20

AMI
includes the following:
a template for the root volume for the instance (OS, application server, and applications)
launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it’s launched

Answer 20

AMI

Question 21

AMI backed by EBS

root device for an instanced launched from the AMI is an EBS volume. AMIs backed by EBS snapshots can use EBS encryption

Answer 21

AMI backed by EBS

Question 22

AMI backed by instance store

root device for an instance launched from the AMI is an instance store volume created from a template stored in S3

Answer 22

AMI backed by instance store

Question 23

On-Demand pricing

pay for the instances that you use by the second, with no long-term commitments or upfront payments

Answer 23

On-Demand pricing

Question 24

Reserved - make a low, one-time, up-front payment for an instance, reserve it for a one or three year term, and pay a significantly lower hourly rate for these instances. 
Standard class provides the most significant discount but you can only modify some of its attributes during the term. it can also be sold in the reserved instance marketplace.
convertible class provides a lower discount than standard reserved instances but can be exchanged for another convertible reserved instance with different instance attributes. this one can not be sold on the reserved instance marketplace

Answer 24

reserved pricing

Question 25

spot - request unused EC2 instances which can lower your costs significantly. Spot instances are available at up to a 90% discount compared to on-demand prices
spot instances with a defined duration (spot blocks) are designed not to be interrupted and will run continuously for the duration you select. this makes team ideal for jobs that take a finite time to complete such as batch processing, encoding and rendering, modeling and analysis, and continuous integration

Answer 25

spot instance

Question 26

spot fleet is a collection of spot instances and optionally on-demand instances. the service attempts to launch the number of spot instances and on-demand instances to meet your specified target capacity. the request for spot instances and on-demand instances is fulfilled if there is available capacity and the maximum price you specified in the request exceeds the current spot price. the spot fleet also attempts to maintain its target capacity fleet if your spot instances are interrupted.

Answer 26

spot fleet

Question 27

spot instance pool is a set of unused EC2 instances with the same instance type, operating system, availability zone, and network platform

Answer 27

spot instance pool

Question 28

allocation strategy for spot instances
lowest price - the spot instances come from the pool with the lowest price. this is the default strategy
diversified - the spot instances are distributed across all pools
capacity optimized the spot instances come from the pool with optimal capacity for the number of instances that are launching
instance pools to use count - the spot instances are distributed across the number of spot pools that you specify

Answer 28

allocation strategy for spot instances

Question 29

additional pricing
dedicated hosting - pay for a physical host that is fully dedicated to running your instances, and bring your existing per socket, per core, or per vm software licenses to reduce costs
dedicated instances - pay, by the hour, for instances that run on single-tenant hardware
there is a data transfer charge when copying AMI from one region to another
EBS pricing is different from instance pricing
AWS imposes a small hourly charge if an elastic IP address is not associated with a running instance, or if it is associated with a stopped instance or an unattached network interface
Your are charged for any additional elastic IP addresses associated with an instance
if data is transferred between two instances, it is charged at “data transfer out from EC2 to another aws region” for the first instance and data transfor in from another aws region for the second instance

Answer 29

additional pricing information

Question 30

IAM
Use IAM to control access to your instances;
IAM policies
IAM roles

Answer 30

IAM

Question 31

Restrict access

by only allowing trusted hosts or networks to access ports on your instance

Answer 31

Restrict Access

Question 32

Security Group
acts as a virtual firewall that controls the traffic for one or more instances.
Create different security groups to deal with instances that have different security requirements
You can add rules to each security group that allow traffic to or from its associated instances
You can modify the rules for a security group at any time
New rules are automatically applied to all instances that are associated with the security group
evaluates all the rules from all the security groups that are associated with an instance to decide whether to allow traffic or not
by default, security groups allow all outbound traffic
security group rules are always permissive, you can’t create rules that deny access
security groups are stateful
if you don’t specify a security group when you launch an instance, the instance is automatically associated with the default security group for the VPC which has the following rules:
allows all inbound traffic from other instances associated with the default security group
allows all outbound traffic from the instance

Answer 32

security group

Question 33

Networking
an Elastic IP address is a static IPv4 address designed for dynamic cloud computing. With it you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
if you have not enabled auto-assign public IP address for your instance, you need to associate an Elastic IP address with your instance to enable communication with the internet
An Elastic IP address is for use in a specific region only
by default, all AWS accounts are limited to 5 elastic IP addresses per region, because public internet addresses are a scarce public resource
by default EC2 instances come with a private IP
an elastic network interface is a logical networking component in a VPC that represents a virtual network card, which directs traffic to your instance
every instance in a VPC has a default network interface called a primary network interface (eth0). You cannot detach a primary network interface from an instance.
you can create and attach additional network interfaces. The maximum number of network interfaces that you can use varies by instance type
you can attach a network interface to an instance in a different subnet as long as its within the same AZ
default interfaces are terminated with instance termination
scale with EC2 scaling groups and distribute traffic among instances using Elastic Load Balancer
you can configure EC2 instances as bastion hosts (aka jump boxes) in order to access your VPC instances for management, using SSH or RDP protocols

Answer 33

Networking

Question 34

Monitoring
EC2 items to monitor
CPU utilization, network utilization, disk performance, disk reads/writes using EC2 metrics
memory utilization, disk swap utilization, page file utilization, log collection using a monitoring agent/cloudwatch logs
automated monitoring tools include:
system status checks - monitor the AWS systems required to use your instance to ensure they are working properly. These checks detect problems with your instance that require AWS involvement to repair
instance status checks - monitor the software and network configuration of your individual instance. these checks detect problems that require your involvement to repair
Amazon CloudWatch Alarms - watch a single metric over a time period you specify, and perform one or more actions based on the value of the metric relative to a given threshold over a number of time periods
Amazon CloudWatch Events - automate your AWS services and respond automatically to system events
Amazon CloudWatch logs - monitor, store, and access your log files from Amazon EC2 instance, AWS CloudTrail, or other sources

Monitor your EC2 instances with CloudWatch. by default EC2 sends metric data to CloudWatch in 5 minute periods
you can also enable detailed monitoring to collect data in 1 minute period

Answer 34

Monitoring

Question 35

Instance metadata and user data
instance metadata is data about your instance that you can configure or manage the running instance
instance metadata and user data are not protected by cryptographic methods
view all categories of instance metadata from within a running instance at http://169.254.169.254/latest/meta-data
you can pass two types of user data to EC2; shell scripts and cloud-init directives
user data is limited to 16 kb
if you stop an instance, modify its user data, and start the instance, the updated user data is not executed when you start the instance
retrieve user data from within a running instance at http://169.254.169.254/latest/user-data

Answer 35

instance metadata and user data

Question 36

Placement groups
you can launch or start instances in a placement group, which determines how instances are placed on underlying hardware
cluster-clusters instances into low-latency group in a single AZ. Recommended for applications that benefit from low network latency, high network throughput, or both, and if the majority of the network traffic is between the instances in the group
spread - spreads instances across underlying hardware. Recommended for applications that have a small number of critical instances that should be kept separate from each other.

partition placement groups is an EC2 placement strategy that helps reduce the likelihood of correlated failures for large distributed and replicated workloads such as HDFS, HBase and Cassandra running on EC2
partition placement groups spread EC2 instances across logical partitions and ensure that instances in different partitions do not share the same underlying hardware. in addition, partition placement groups offer visibility into the partitions and allow topology aware applications to use this information to make intelligent data replication decisions, increasing data availability and durability

Answer 36

Placement groups

Question 37

Storage
EBS - Elastic Block Store - provides durable, block level storage volumes that you can attach to a running instance. Use as a primary storage device for data that requires frequent and granular updates. To keep a backup copy of your data, create a snapshot of an EBS volume, which is stored in S3. You can create an EBS volume from a snapshot and attach it to another instance.

Instance store - provides temporary block-level storage for instances. The data on an instance store volume persists only during the life of the associated instance; if you stop or terminate an instance, any data on instance store volumes is lost.

Elastic File System - provides scalable file storage for use by EC2. You can create an EFS file system and configure your instances to mount the file system. You can use an EFS file system as a common data source for workloads and applications running on multiple instances.

S3 - provides access to reliable and inexpensive data storage infrastructure. Storage for EBS snapshots and instance store-backed AMIs

Resources and tagging - EC2 resources include images, instances, volumes, and snapshots. When you create a resource, AWS assigns the resource a unique resource ID. Some resources can be used in all regions (global) and some resources are specific to the region or AZ in which they reside

Answer 37

Storage

Question 38

Networking
Enhanced networking-provides higher bandwidth, higher packet per second performance, and consistent lower inter-instance latencies, which is being used in placement groups. It uses single root I/O virtualization to provide high-performance networking capabilities.
Elastic Fabric Adapter (EFA) - a network device that you can attach to your EC2 instance to significantly accelerate machine learning applications and high performance computing (HPC). It empowers your computing resources to achieve the application performance of an on-premises HPC cluster, with the elasticity and scalability provided by AWS.

Answer 38

Networking