Compute

Question 1

What is EC2?

Answer 1

Elastic Cloud Compute

• Web service that provides resizable compute capacity in the cloud
• Reduces time needed to obtain and boot new server instances to minutes, allowing quick scale capacity, as compute requirements change
• Four types of pricing
  
  1. On Demand
  2. Reserved
  3. Spot
  4. Dedicated Hosts

Question 2

EC2 - On Demand

Answer 2

• Pay fixed rate by the hour with no commitment
• Good for spinning up for a few hours to testing something then shutting down
• Also useful for:
  
  • Users that don’t want up-front payment or long-term commitment
  • Apps with short-term, spiky/unpredictable workloads that cannot be interrupted
  • Apps being developed or tested on EC2 for the first time

Question 3

EC2 - Reserved

Answer 3

• Provides capacity reservation, with significant discount on hourly rate
• Contract terms are 1 to 3 years
• Useful for:
  
  • Apps with stead/predictable usage
  • Apps that require reserved capacity
• Can pay upfront to reduce costs further
• Pricing:
  
  • Standard: up to 75% discount off On Demand. More paid upfront and longer the contract, the cheaper
  • Convertible: up to 54% discount off On Demand. Allows switching between instance types (e.g. higher RAM, CPU etc)
  • Scheduled: available to launch within time windows you reserve. Can match capacity with a predictable schedule

Question 4

EC2 - Spot

Answer 4

• Enables price bidding for instance capacity, providing for even greater savings if your apps have flexible start and end times
• Is essentially left-over compute not used by others. Price goes up/down depending on supply
• Useful for:
  
  • Apps with flexible start/end times
  • Apps that are only feasible at very low compute prices
  • Users with urgent computing needs for large amounts of additional capacity
• If AWS terminate an instance, you are not charged the whole hour, however if you terminate, you are charged the hour

Question 5

EC2 - Dedicated hosts

Answer 5

• Physical EC2 server dedicated for you use
• Can help reduce costs by allowing you to use your existing server-bound software licences (e.g. Oracle). Useful for:
  
  • Regulatory requirements that don’t support multi-tenant virtualisation
  • Licensing which does not support multi-tenant or cloud deployments
  • Can be purchased On-Demand
  • Can be purchased as a Reservation

Question 6

Launching an EC2 instance

Answer 6

• Termination protection is turned off by default, must turn it on
• On an EC2-backed volume, the default action is for the root EBS volume to be deleted when the instance is terminated
• EBS Root Volumes of your DEFAULT AMIs can be encrypted. You can also use a third-party tool (e.g. bit locker) to encrypt the root volume
• Additional volumes can be encrypted

Question 7

Security Groups

Answer 7

• All inbound traffic is blocked by default - but you can enable individual ports
• All outbound traffic is allowed
• Changes to security groups take effect immediately
• You can have many EC2 instances in one security group
• You can have multiple security groups attached to EC2 instances
• Security groups are stateful - inbound changes are reflected in outbound traffic
• You cannot block specific IP addresses using Security Groups - use a NACL instead
• You can specify allow rules, but not deny rules

Question 8

EBS

Answer 8

• Like a virtual hard disk in the cloud
• Provides persistent block storage volumes for EC2 instances
• Each EBS volume is automatically replicated within its AZ to protect you from component failure
  Acronyms:
• IOPS: input output per second
• SSD: solid-state drives
• HDD: hard-disk drives

Question 9

5 types of EBS storage

Answer 9

1. General purpose: SSD; most workloads; API name: gp2; up to 16k IOPS/volume
2. Provisioned IOPS: highest performing SSD; use: Databases; API Name: io1; up to 64k IOPS/volume
3. Throughput Optimised Hard Disk Drive:: HDD; low cost, frequently accessed; use: big data and warehouses; API Name: st1; up to 500 IOPS/volume
4. Cold Hard Disk Drive: HDD; lowest cost, for less frequently access; use: file servers; API name: sc1; Up to 250 IOPS/volume
5. Magnetic: previous generation HDD; use: workloads where data is infrequently accessed; API name: Standard; 40-200 IOPS/volume

Question 10

Volumes and Snapshots

Answer 10

• An EBS volume is the block-level storage you attach to an EC2 instance, like a hard drive
• Snapshots can be taken of volumes and stored on S3. They are like a photograph of the disk taken at a point in time
• Snapshots are incremental: only blocks that have changed since your last snapshot are saved on S3
• If taking a snapshot of an EBS volume that servers as a root device, you should stop the instance first
• You can create AMIs from snapshots, which provides the configuration required to launch an instance

Question 11

Volumes and Snapshots 2

Answer 11

• You can change EBS volume sizes on the fly, including changing the size and storage type
• Volumes with ALWAYS be in the same AZ as the EC2 instance
• To move and EC2 volume from one AZ to another, take a snapshot of it, create an AMI from the snapshot and then use the AMI to launch the EC2 instance in the new AZ
• To move an EC2 volume from one region to another, take a snapshot, create an AMI from the snapshot and then copy the AMI from one region to another. Then use the copied AMI to launch the new EC2 instance in the new region

Question 12

AMI selection options

Answer 12

You can select your AMI based on:

• Region (or AZ)
• OS
• Architecture (32-bit or 64-bit)
• Launch permissions
• Storage for the root device:
  
  • Instance store (ephemeral storage)
  • EBS backed volumes

Question 13

EBS vs Instance Store

Answer 13

All AMIs are categorised as either backed by EBS or instance store:

• For EBS volume: the root device for an instance launch from the AMI is an EBS volume created from an EBS snapshot
• For instance store: the root device for an instance launched from the AMI is an instance store volume created from a template stored in S3
• Instance store volumes are also called ephemeral storage because when you delete the instance you lose all data stored as well
• Instance store volumes cannot be stopped. You will lose all data if it is stopped
• EBS-backed instances can be stopped. You will not lose all data if stopped
• You can reboot both and not lose data
• By default, both ROOT volumes with be deleted on termination. However, with EBS volumes you can tell AWS to keep the root device volume

Question 14

ENI vs ENA vs EFA

Answer 14

• ENI: Elastic Network Inference. Essentially a virtual network card. For basic networking
  
  • E.g. if you need separate, low cost networks for different functions such as management, production, logging etc. You could use multiple ENIs for each network
• EN: Enhanced Networking. Uses single root I/O virtualisation to provide high-performance networking capabilities on supported instance types.
  
  • For when you need speeds between 10Gbps and 100Gbps. Anywhere you need reliable, high throughput
• EFA: Elastic Fabric Adapter. A network device that you can attach to you EC2 instance to accelerate High Performance Computing (HPC) and ML applications

Question 15

Encrypted root device volumes and snapshots

Answer 15

• Root device volume: the EBS volume that has your OS stored on it
• Snapshots of encrypted volumes are encrypted automatically, as are volumes restored from encrypted snapshots
• You can only share UNencrypted snapshots (i.e. with others or made public)
• You can encrypt root device volumes upon creation of the EC2 instance
  To encrypt an already-created unencrypted root device volume:
  
  1. Create a snapshot of the unencrypted root device volume
  2. Create a copy of the snapshot and select the encryption option
  3. Create an AMI from the encrypted snapshot
  4. Use that AMI to launch new encrypted devices

Question 16

Spot instances and spot fleets

Answer 16

• Use spot instances for various stateless, fault-tolerant or flexible apps such as big data, containerised workloads, CI/CD, web servers, HPC, and other test and dev workloads
• Once you’ve selected your Spot Price, the instance is provisioned as long as the spot price is below your max spot price (you can use spot blocks to spot instances being terminated if price goes up)
• Spot Fleets are a combination of Spot and On-Demand instances. It will try and match your target compute capacity within your price constraints

Question 17

EC2 Hibernate

Answer 17

• We can set the OS of an EC2 instance to ‘hibernate’ (suspend-to-disk).
• Hibernation saves the content from RAM to your EBS root volume. We persist the instance’s EBS root volume and any attached data volumes
• Makes rebooting the instance much faster (don’t reload the OS)
• Instance RAM must be less than 150GB
• Max 60 days hibernation
• Available On-Demand and Reserved Instances
• Useful for long-running processes and services that take a long time to initialise

Question 18

What is Cloudwatch?

Answer 18

• A monitoring service to monitor your AWS resources, as well as the applications that you run on AWS
• Its key function is PERFORMANCE MONITORING
• Can monitor:
  
  • Compute (EC2, Autoscaling groups, elastic load balances, Route53 health checks)
  • Storage and content delivery (EBS volumes, storage gateways, cloudfront)
  • Will monitor EC2 events every 5 minutes by default, but set to 1 min intervals
• Can also set up CloudWatch alarms, such as for billing

Question 19

What can you do with Cloudwatch?

Answer 19

• Host-level metrics consist: CPU, Network, Disk, Status checks
• Create dashboards to see what is happening with your entire AWS environment
• Alarms for when particular thresholds are hit
• Events: help you respond to state changes in your AWS resources
• Logs: helps you aggregate, monitor and store logs

Question 20

What is CloudTrail?

Answer 20

• Think “CCTV of you cloud actions”
• Increases visibility into your user and resource activity by recording AWS Management Console actions and API calls
• You can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.
• Remember: CloudWatch is all about performance; CloudTrail is all about auditing

Question 21

IAM and EC2

Answer 21

IAM roles are more secure than storing your access key and secret access key on individual EC2 instances

• Roles are easier to manage
• Roles can be assigned to an EC2 instance after it is created using both the console and CLI
• Roles are universal - you can use them in any region

Question 22

Bootstrap scripts and instance metadata

Answer 22

• Bootstrap scripts are scripts that we run when the EC2 instance starts up, for example: “add some html to the webpage and save the html as a file in a new S3 bucket”
• Instance Metadata is used to get information about an instance (such as public IP address)

Question 23

Elastic File System (EFS)

Answer 23

• A file system service for EC2
• Similar to EBS, but allows for one file system to be shared between more than one instance
• Unlike EBS, storage capacity is elastic - it continues to grow as you add files
• Supports the Network File System version 4 (NFSv4) protocol
• You only pay for the storage you use
• Can scale to petabytes
• Can support thousands for concurrent NFS connections
• Data is stored across multiple AZs within a region
• Read after write consistency

Question 24

FSx for Windows

Answer 24

• Native Microsoft Windows file system that enables you to easily move your Windows-based applications that require file storage to AWS
• Built on a Windows Server
• E.g.: use with SQL Server, Active Directory, Sharepoint
• Compared with EFS:
  
  • We choose Windows FSx when we need a server that runs Windows Server Message Block (SMB)-based file services, or need to run Windows applications
  • We choose EFS for Unix and Linux and for shared storage

Question 25

FSx for Lustre

Answer 25

• Fully managed file system that is optimised for compute-intensive workloads, such as high-performance computing, ML, media data processing workflows and electronic design automation
• Run a Lustre file system that can process massive data sets at up to 100s of GiB/second of throughput, millions of IOPS, and sub-millisecond latencies
• Can store data directly on S3

Question 26

EC2 placement groups and 3 types of placement

Answer 26

A way of placing your EC2 instances

1. Clustered placement groups: grouping instances in a single AZ.
   
   • Recommended for applications that need low network latency, high network throughput, or both
2. Spread placement groups: a group of instances that are each placed on distinct underlying hardware.
   
   • Recommended for apps that have a small number of critical instances that should be kept separate from each other
3. Partitioning placement groups: AWS divides each group into logical segments called partitions. Each partition within a placement group has its own set of racks. Each rack has its own network and power source. No two partitions within a placement group share the same racks, allowing you to isolate that impact of hardware failure within your application

Question 27

EC2 placement groups uses

Answer 27

• Clustered: low network latency/high network throughput; Spread: individual critical EC2 instances; Partitioned: multiple EC2 instances HDFS, HBase and Cassandra
• A clustered placement group can’t span multiple AZs, but spread and partitioned can
• The name for the placement group must be unique within you AWS account
• Only certain types of instances can be launched in a placement group (i.e. compute optimised, GPU, memory optimised etc.)
• AWS recommend homogenous instances within clustered placement groups
• You can’t merge placement groups
• You can move an existing instance into a placement group, but the instance must be in the stopped state.

Question 28

High Performance Compute (HPC) on AWS

Answer 28

• Cloud serves HPC well as you can create a large number of resources quickly then destroy them once finished
• HPC: Data transfer (getting into AWS)
  
  • Snowball, Snowmobile
  • AWS Datasync to S3, EFS, FSx
  • Direct Connect
• HPC: Compute and Networking
  
  • EC2 GPU or CPU optimised
  • EC2 fleets
  • Placement groups
  • Enhanced networking
  • Elastic Fabric Adaptors
• HPC: Storage
  
  • Instance-attached storage: EBS (scale up to 64,000 IOPS); Instance store (scale up to millions of IOPS)
  • Network storage: S3 (object), EFS (file system), FSx for Lustre
• HPC: orchestration and automation
  
  • AWS Batch: run hundreds of thousands of batch computing jobs; multi-node parallel jobs; single job across multiple EC2 instances; easily schedule jobs and launch EC2 instances where needed
  • AWS ParallelCluster: open-source cluster management tool; uses a simple text file for model and provision resources in an automated manner; automate the creation of VPCs, subnets, cluster type, instance type etc

Question 29

AWS WAF

Answer 29

• Web application firewall that lets you monitor HTTP and HTTPS requests that are forwarded to Amazon CloudFront and Application Load Balancer or API Gateway
• Lets you control access to you content
• Can configure conditions such as what IP addresses, countries etc. are allowed to make this request or what query string parameters need to be passed for the request to be allowed
• Application load balancer or CloudFront or API Gateway will either allow access to content or give a HTTP 403 Status Code
• WAF enables three behaviours:
  
  • Allow all requests except the ones you specify
  • Block all requests except the ones you specify
  • Count the requests that match the properties you specify
• Protects against web attaches based on characteristics of web requests such as:
  
  • IP addresses; countries; values in request headers; strings/regex that appear in requests; length of requests; presence of SQL code that may be malicious (SQL injection); presence of a script that may be malicious (cross-site scripting)