Chapter 6 - Elastic Compute Cloud (EC2) Flashcards
What is EC2 what are it’s basic parameters?
EC2 is like a VM (Virtual Machine) hosted in AWS instead of your own data center.
Select the capacity you need right now.
Grow and shrink when you need.
Pay for what you use.
Wait minutes, not months.
What are the basic EC2 pricing options?
On-Demand
Pay by the hour or the second, depending on the type of instance you run.
Reserved
Reserved capacity for 1 or 3 years. Up to 72% discount on the hourly charge.
Spot
Purchase unused capacity at a discount of up to 90%. Prices fluctuate with supply and demand.
Dedicated
A physical EC2 server dedicated for your use. The most expensive option.
What is the AWS Command Line?
The AWS Command Line is the CLI (command line interface) for Amazon Linux.
What distributions of Linux is Amazon Linux based upon?
Amazon Linux 1 & 2 = Combination of Red Hat & Fedora
Amazon Linux 2022 = Fedora with SELinux
AL2022 will have SELinux enabled and enforced by default.
What are some fundamental Amazon Linux commands?
aws configure
Configure the CLI to interact with AWS
ls = list
Example: aws s3 ls
cd = change directory
Example: cd Downloads
chmod 400 filename = change the file’s permissions
Example: chmod 400 MyNVKP.pem
mb = make bucket
Example: aws s3 mb s3://bucketname
What is the basic formatting of Amazon Linux commands?
Format:
aws servicename command
Example:
aws s3 ls
This command would list all the buckets in S3 in an account.
AWS Command Line / Linux Best Practices & Compatibility
The Principle of Least Privilege
Always give your users the minimum amount of access required to do their job.
Use Groups
Create IAM groups and assign your users to groups.
Secret Access Key
You will only see this once! If you lose it, you can delete the access key and secret key and regenerate them. You will need to run the aws configure again.
Don’t Share Key Pairs
Each developer should have their own access key ID and secret access key. Just like passwords, they should not be shared.
Supports Linux, Windows, MacOS
You can install the CLI on your Mac, Linux or Windows PC. You can also use it on EC2 instances.
What is an IAM Role?
A role is an identity you can create in IAM (Identity and Access Management) that has specific permissions.
A role is similar to a user, as it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.
However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.
Are Roles Temporary?
Yes. A role does not have the standard long-term credentials the same way passwords or access keys do. Instead, when you assume a role, it provides you with temporary security credentials for your role session.
What Else Can Roles Do?
Roles can be assumed by people, AWS architecture, or other system-level accounts.
Roles can allow cross-account access. This allows one AWS account the ability to interact with resources in other AWS accounts.
What is the Linux Communication Protocol & Network Port?
SSH = Secure Shell
Port 22
What is the Windows Communication Protocol & Network Port?
RDP = Remote Desktop Protocol
Port 3389
What is the Unencrypted Web Browsing Protocol & Network Port?
HTTP = Hypertext Transfer Protocol
Port 80
What is the Encrypted Web Browsing Protocol & Network Port?
HTTPS = Secure Hypertext Transfer Protocol
Port 443
What is a Security Group in AWS?
Security groups are virtual firewalls for your EC2 instance.
What are the fundamental characteristics of Security Groups?
In real world scenarios you would only open SSH and HTTPS in order to maintain security.
Changes to security groups take effect immediately.
You can have any number of EC2 instances within a security group.
You can have multiple security groups attached to EC2 instances.
All inbound traffic is blocked by default
All outbound traffic is allowed.
What is the fundamental purpose for Bootstrap Scripts?
A bootstrap script is a script that runs when the instance first runs. It passes user data to the EC2 instance and can be used to install applications (like web servers and databases), as well as do updates and more.
What Is EC2 Metadata?
EC2 metadata is simply data about your EC2 instance.
This can include information such as private IP address, public IP address, hostname, security groups, etc.
What is User Data?
User data is simply bootstrap scripts.
You can use bootstrap scripts (user data) to access metadata.
What is ENI?
Elastic Network Interface
For basic day-to-day networking with speeds up to 10 Gbps.
Example: Perhaps you need a separate management network from your production network or a separate logging network, and you need to do this at a low cost. In this scenario, use multiple EINs for each network.
What is EN?
Enhanced Networking
For when you need speeds between 10 Gbps and 100 Gbps.
Anywhere you need reliable, high throughput.
What is EFA?
Elastic Fabric Adapter
For when you need to accelerate High Performance Computing (HPC) and machine learning applications, or if you need to do an OS-bypass.
If you see a scenario question mentioning HPC or ML asking what network adapter to choose, chose EFA.
ENA vs VF?
In ANY scenario based question, choose ENA (Elastic Network Adapter) over VF interface (Intel 82599 Virtual Function (VF) Interface).
What are Placement Groups?
A Placement Group is a methodology that allows you to influence the placement of a group of interdependent instances to meet the needs of your workload while minimizing correlated failures by placing instances in such a way that all of your instances are spread out across underlying hardware.
What are the 3 Types of Placement Groups and their basic use cases?
Cluster Placement Groups
Low network latency, high network throughput
Partition Placement Groups
Multiple EC2 instances; HDFS, HBase, and Cassandra
Spread Placement Groups
Individual critical EC2 instances
What are the fundamental characteristics of Cluster Placement Groups?
Grouping of instances within a single placement Availability Zone.
Recommended for applications that need low network latency, high network throughput, or both.
Only certain instance types can be launched into a cluster placement group.
What are the fundamental characteristics of Partition Placement Groups?
Each partition placement group has it’s own set of racks.
Each rack has its own network and power source.
No two partitions within a placement group share the same racks, allowing you to isolate the impact of hardware failure within your application.
Used for multiple instances and you want them to be on their own dedicated network and power sources.
What are the fundamental characteristics of Spread Placement Groups?
A spread placement group is a group of instances that are each placed on distinct underlying hardware.
Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other.
Used for individual instances such as a primary database and a backup database.
Which Placement Group types can and cannot span multiple Availability Zones?
Cluster = No
Partition and Spread = Yes
What types of instances CAN be launched into a Placement Group?
Compute optimized
GPU optimized
Memory optimized
Storage optimized
How is merging and moving of Placement Groups handled?
You can’t merge placement groups.
You can move an existing instance into a placement group. Before you move the instance, the instance must be in a stopped state. You can move or remove an instance using the AWS CLI or an AWS SDK, but you can’t do it via the console yet.
When do you choose Dedicated Hosts when dealing with licensing?
Choose Dedicated Hosts to answer any question that talks about special licensing requirements.
What are EC2 Spot Instances?
Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS Cloud.
What is the financial advantage of using EC2 Spot Instances?
Spot Instances are available at up to a 90% discount compared to On-Demand prices.
When should you use Spot Instances?
Useful for any type of computing where you don’t need persistent storage.
Stateless, fault-tolerant, or flexible applications
Applications such as big data, containerized workloads, CI/CD, high-performance computing (HPC), and other test and development workloads.
How can you block Spot Instances from terminating?
You can block Spot Instances from terminating by using Spot Block.
What is a Spot Fleet?
A Spot Fleet is a collection of Spot Instances and (optionally) On-Demand instances.
