EC2 Flashcards
What does EC2 stand for ?
Elastic Compute Cloud
What kind of as a service is ec2?
IaaS
EC2 conists of what?
- renting virtual machines (ec2)
- storing data on virtual drives (EBS)
- distributing load across machines (ELB)
- scaling services using auto-scaling group (ASG)
Knowing EC2 is fundamental to understand what?
how the Cloud works
what OS are available in ec2?
Linux, Windows, Mac OS
What are the config and sizing options
CPU, RAM, storage space
how is the amount of storage space configured?
Network-Attached (EBS and EFS); hardware (ec2 instance store)
ec2 network card
speed of card; public ip address
firewall roles
security group
Bootstrap script (configure at first launch):
EC2 User Data
what does bootstrapping mean?
launching commands when a machine starts
What is EC2 User Data Script for?
bootstrap our instances
When is the ec2 user data script run and how many times?
script is only run once at the instance first start
EC2 user data is used to automate boot tasks such as:
- Installing updates
- Installing software
- Downloading common files from the internet
- Anything you can think of
The EC2 User Data Script runs with
the root user
what is the naming convention for aws ec2 instance types?
instance class (letter), generation (number), size within the instance class name (example: m5.2xlarge)
what are ec2 instance general purpose type?
Great for a diversity of workloads such as web servers or code repositories
ec2 general purpose type balance between:
- Compute
- Memory
- Networking
ec2 compute optimized type
Great for compute-intensive tasks that require high performance processors: • Batch processing workloads • Media transcoding • High performance web servers • High performance computing (HPC) • Scientific modeling & machine learning • Dedicated gaming servers
EC2 Instance Types – Memory Optimized
Fast performance for workloads that process large data sets in memory
use cases for memory optimized
Use cases:
• High performance, relational/non-relational databases
• Distributed web scale cache stores
• In-memory databases optimized for BI (business intelligence)
• Applications performing real-time processing of big unstructured data
EC2 Instance Types – Storage Optimized
Great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage
storage optimized use cases
Use cases:
• High frequency online transaction processing (OLTP) systems
• Relational & NoSQL databases
• Cache for in-memory databases (for example, Redis)
• Data warehousing applications
• Distributed file systems
what are the ec2 instance types?
general-purpose, compute-optimized, memory-optimized, storage optimized
Security Groups are the fundamental of
network security in AWS
security groups control what in ec2?
control how traffic is allowed into or out of our EC2 Instances.
Security groups only contain ___ rules
allow rules
Security groups rules can reference by
IP or by security group
Security groups are acting as a
“firewall” on EC2 instances
Security groups regulate
- Access to Ports
- Authorised IP ranges – IPv4 and IPv6
- Control of inbound network (from other to the instance)
- Control of outbound network (from the instance to other)
Security groups can be attached to
multiple instances
Security groups are Locked down to a
region / VPC combination
Security groups Does live “outside” the EC2 – if
traffic is blocked the EC2 instance won’t see it
Security groups It’s good to maintain one separate security group for
SSH access
Security groups If your application is not accessible (time out), then it’s a
security group issue
Security groups If your application gives a “connection refused“ error, then it’s an
application error or it’s not launched
Security groups All inbound traffic is blocked
by default
Security groups All outbound traffic is authorised
by default
Security groups Classic Ports to know
- 22 = SSH (Secure Shell) - log into a Linux instance
- 21 = FTP (File Transfer Protocol) – upload files into a file share
- 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH
- 80 = HTTP – access unsecured websites
- 443 = HTTPS – access secured websites
- 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance
port 22 =
SSH (Secure Shell) - log into a Linux instance
port 21 =
FTP (File Transfer Protocol) – upload files into a file share
port 22 = SFTP (Secure File Transfer Protocol) –
upload files using SSH
port 80 =
HTTP – access unsecured websites
port 443 =
HTTPS – access secured websites
port 3389 =
RDP (Remote Desktop Protocol) – log into a Windows instance
ssh is available for what OS?
linux, macos, windows >=10
putty is available for what os?
windows
ec2 instance connect available for what os
linux, mac, windows
what is EC2 Instance Connect?
Connect to your EC2 instance within your browser with No need to use your key file that was downloaded
how does ec2 instance connect work? “magic”
temporary key is uploaded onto EC2 by AWS
EC2 Instance Connect works out of the box with
Amazon Linux 2
if using EC2 Instance Connect what port needs to be open?
22
What are the EC2 Instances Purchasing Options?
on-demand instances, reserved, spot instances, dedicated hosts, dedicated instances
what are On-Demand Instances?
short workload, predictable pricing
what is the minimum duration for reserved instances
1 year
what are the workloads for Reserved Instances:
long workloads
Convertible Reserved Instances:
long workloads with flexible instances
Scheduled Reserved Instances:
run a specific time and day
Spot Instances:
short workloads, cheap, can lose instances (less reliable)
Dedicated Hosts:
book an entire physical server, control instance placement
Dedicated Instances:
no other customers will share your hardware
for ec2 on demand you pay for
what you use
for ec2 on demand linux you pay for
billing per second, after the first minute
for ec2 on demand windows and macos you pay for
billing per hour
ec2 on demand has the highest __ BUT no __ __
cost but no upfront payment
ec2 on demand has no ___ ___ commitment
long term commitment
EC2 ondemand is recommended for what type of workloads where ___?
Recommended for short-term and un-interrupted workloads, where you can’t predict how the application will behave
what is the max discount percentage of reserved instances to on demand?
72%
what is the reservation period impact on discount?
1 year = discount, 3 = more
what are the purchasing options for ec2 reserved instance?
no upfront costs, partial upfront, or all upfront
when is reserved instance recommended?
for easy steady-state usage apps (db)
what is a convertible reserved instance?
can change ec2 instance type
max discount for convertible reserved instance?
up to 45%
What scheduled reserved instances?
launch within time window you reserve, require fraction of day/week/month
what is the time commitment for scheduled reserved instances?
1 year only
max discount for spot instances compareed to on-demand
90%
what are spot instances?
instances you can lose at any point of time if your max price is less than the current spot price
what is the most cost-efficient ec2 instance ?
spot instances
spot instances are useful for workloads that are
resilient to failure
what type of instance would you use for batch jobs?
spot instances
what type of instance would you use for Dataa analysis?
spot instances
what type of instance would you use for image processing?
spot instances
what type of instance would you use for ANY distributed workloads?
spot instances
what type of instance would you use for workloads with flex start and end time?
spot instances
what instance is not suitable for critical jobs or databases?
spot instances
what is amazon ec2 dedicated host?
physical server with ec2 instance capacity fully dedicated to your use
what can ec2 dedicated hosts help you address?
compliance requirements
how can ec2 dedicated hosts help you reduce costs?
by allowing you to use your existing server-bound software licenses
ec2 dedicated hosts is allocated to your account for how long?
3-year period reservation
ec2 dedicated hosts is useful for software that have complicated _______ ___ ___
licensing model, Bring your Own License (BYOL)
ec2 dedicated hosts is useful for companies that have strong ____ or _____ ___
regulatory or compliance needs
what are dedicated instances?
instances running on hardware thats dedicated to you and may share with other instances in same acct
dedicated instances have no control over
instance placement ( can move hardware after stop/start)
What type of dedicated instance/hosts enables the use of dedicated physical servers?
both dedicated instances and dedicated hosts
What type of dedicated instance/hosts has per instance billing ?
dedicated instances
What type of dedicated instance/hosts has per host billing?
dedicated hosts
What type of dedicated instance/hosts has visibility of sockets, cores, host ID?
dedicated hosts
What type of dedicated instance/hosts affinity btwn a host and instance?
dedicated hosts
What type of dedicated instance/hosts target instance placement
dedicated hosts
What type of dedicated instance/hosts automatic instance placement
both
What type of dedicated instance/hosts add capacity using an allocation request
dedicated hosts
What is the best instance to purchase if it is like: coming and staying in resort whenver we like, we pay full price
on demand
What is the best instance to purchase if it is like: planning ahead and if we plan to stay for a long time we may get a good discount
reserved
What is the best instance to purchase if it is like: hotel allows people to bid for the empty rooms and highest bidder keeps the rooms, you can get kicked out any time
spot instances
What is the best instance to purchase if it is like: we book an entire building of the resort
dedicated hosts
how to make a spot instance request
define max spot price and get the instance while current spot price < max
what does hourly spot instance price depend on?
varies based on offer and capacity
If the current spot price > your max price you can choose to
stop or terminate your instance with a 2 minute grace period
what is spot blocking for spot instances?
“block” spot instance during a specified time frame (1-6 hours) w/o interruptions
what are spot instances primarily used for?
batch jobs, data analysis, workloads that are resilient to failures
spot instances are not great for
critical jobs or databases
whenn can you cancel a spot instance requests?
requests that are open, active, or disabled
T/F: Canceling a spot request doesnt terminate instances
T
How do you terminate a spot request
first cancel, then terminate
what does a spot fleet consist of ?
set of Spot Instances, (optional) on-demand instances
Spot fleet will try to meet the target capacity with
price constraints
when do stop fleets stops launching instances?
reach capacity or max cost
what are the strategries to allocate spot instances
lowestPrice, diversified, capacityOptimized
what is the lowestPrice strategy ?
allocate spot instances by from the pool with lowest price (cost optimization, short workload)
what is the diversified stragey?
allocate spot instances - distributed across all pools (great for availability, long workloads)
what capacityOptimized?
pool with the optimal capacity for the number of instances
what do spot fleets allow us to do?
automatically request spot instances with the lowest price
public ip
the machine can be id’d on the internet
public ip are unique across the web means
2 machines cant have same public ip
T/F: Public ip’s cannot be geo-located easily
F
Private IP
machine can only be id’d on a private network only
how do machines on private ip connect to internet?
using a NAT + internet gateway (proxy)
Elastic IP
when you stop and then start an ec2 inst, it can change its public IP
what kind of ip do you need if you require a fixed public ip for your instance?
elastic ip
what is a public IPv4 ip you own as long as you dont delete it?
elastic ip
you can attach elastic ip to one
instance
what is the max amount of elastic IP you can have
5 , but can ask aws for more
what can you mask with elastic ip address?
mask failure of an instance or software by rapidly remapping the address to another inst in your acct
Why should you avoid using elastic ip?
reflect poor architectural decisions
how can you prevent using elastic ip?
use random public IP and register DNS name to it, or use a load blancer and dont use a public ip
what are placement groups?
when you want to control over the ec2 instance placement strategy
when you create placement groups, what do you specify?
cluster, spread, partition
what are clusters in placement groups?
clusters instances into a low-latency group in a single AZ
what are spread in placement groups?
spreads instances across underlying hardware
what are partition in placement groups?
spread instances across many different partitions that rely on different sets of racks within AZ
what are the adv of placement group clusters?
fastet network 10Gbps bandwidth btwn instances w/ enhanced networking enabled
what is disadv of placement group clusters?
if rack fails, all instances fails at same time
In terms of placment groups, what should be used for big data jobs that needs to complete fast?
placement group cluster
In terms of placment groups, what should be used for apps that need extremely low latency and high network throughput?
placement group cluster
what are the adv of placement group spread?
can span accross az, reduced risk is simultaneous fails, ec2 instances are on different physical hardware
what is disadv of placement group spread?
limited to 7 instances per AZ placement group
In terms of placment groups, what should be used for apps that need to max high availability?
spread
In terms of placment groups, what should be used for critical apps where each instance must be isolated from failure from each other?
spread
In terms of placment groups, what should be used for HDFS, HBase, Cassandra, Kafka
paritition
max partitions per AZ?
7
t/f: Partitions can span accross multiple az in the same region
t
paritions has up to ___s of ec2 instancs
100s
instances in a partition dont share racks with
the instances in th other partitions
a parition failure can affect
many ec2 but wont impact other partitions
how do ec2 instances get access to partition info as
metadata
ENI
elastic network interfaces
what are the attributes of ENI?
primary private IPv4 or more secondary ipv4; 1 elastic ip per ipv4; one public ipv4, one or more security groups, a MAC address
T/F: You can’t create ENI independently and attach them on the fly (move them) on EC2 instances for failover
F, you can
ENI is bound to a specific
AZ, availability zone
what happens when you stop an EC2 instance?
the data on the disk (EBS) is kept intact for the next start
what happens when you terminate an EC2 instance?
any EBS volumes (root) also set up to be destroyed is lost
what happens when you FIRST START an EC2 instance?
OS boots & EC2 User Data Script is run
what happens when you Following STARTs an EC2 instance?
os boots, then your app starts, caches get warmed up (can take time)
What is EC2 Hibernate with respect to RAM?
in-memory (RAM) state is preserved
What is EC2 Hibernate with respect to instance boot speed?
faster since the OS isnt stopped or restarted
What is EC2 Hibernate with respect to RAM under the hood?
RAM state is written to a file in the root EBS volume
What is EC2 Hibernate with respect to EBS volume must be ?
encrypted
What EC2 mode would you use for the following use cases: long-running processes, saving the RAM state, services that take time to initialize
EC2 Hibernate
EC2 Hibernate Support which instance families?
C3-C5; M3-M5, R3-R5
EC2 Hibernate instance RAM size must be less than
150 GB
EC2 Hibernate instance size is not supported for
bare metals instances
EC2 Hibernate AMI:
Amazon Linux 2, Linux AMI, Ubuntu & Windows
EC2 Hibernate root volume:
must be EBS, encrypted, not instance store, and large
EC2 Hibernate is available for
On-Demand and Reserved Instances
an ec2 instance cannot be hibernated for more than how many days?
60 days
What is the underlying platform for the next generation of ec2 instances and new virtualization tech?
EC2 Nitro
EC2 Nitro allows for
better performance & underlying security
EC2 Nitro provides better networking how?
enhanced networking, HPC, IPv6
EC2 Nitro has higher speed
EBS
what can run on one cpu?
multiple threads
each thread is represented by a
virtual cpu
ec2 instances come with a combo of
RAM and vCPU
when are the # of CPU cores decreased?
need high RAM and low number of CPU (lower price)
when do you disable multithreading?
high performance computing (HPC) workloads
When can threads and vcpus be specified?
during instance launch
what do capacity reservations ensure?
you have ec2 capacity when needed
the end date for capacity reservations can be
manual or planned
capacity reservations do not need what commitment
1 or 3 year
capacity access is ___ and you get billled when __
immediate, when it starts
what do you specify for capacity reservations?
AZ, number of instances, instance attributes
What should you combine for cost savings?
Reserved Instances and Saving Plans
What is an EBS Volume?
Elastic Block Store Volume is a network drive you can attach to your instances while they run
What do EBS volumes allow for your instances data?
persist data even after their termination
EBS volumes can be mounted to
one instance at a time at CCP level
EBS volumes are bound to a
specific availability zone
EBS volumes uses the network to
communicate the instance
EBS volumes uses the network to communicate the instance means
latency
EBS volumes can be detached from an ec2 instance and then
attached to another quickly
EBS volumes are locked to a
AZ
to move an EBS volumes accross an AZ, you must
first snapshot it
EBS volumes have a provissioned
capacity (size in GB and IOPS)
how do you get billed for EBS volumes
for all provisioned capacity, which can be increased over time
what does Delete on Termination attribute for ebs?
controls the behaviour when an ec2 instance terminates
What happens by default when Delete on Termination attribute is enabled?
the root EBS volume is deleted
What happens by default when Delete on Termination attribute is disabled?
any other attached ebs volume isnt deleted
When do you use when Delete on Termination attribute on ebs?
preserve root volume when the instance is terminated
What is an EBS Snapshot?
make a backup/snapshot of your EBS volume at a point in time
What is recommended when doing an ebs snapshot?
detach your ebs volume
with ebs snapshot you can copy them across
AZ or region
AMI stands for
Amazon Machine Image
What are AMI’s?
customization of an ec2 isntance
AMI you add your own
software, configuration, OS, monitoring
why are ami faster boot/config time than regular ec2 ?
all your software is pre-packaged
AMI are built for a
specfiic region that can be copied across regions
where can ec2 instances be launchd from?
public AMI, your own ami, AWS marketplace ami
What is the ami process from an ec2 instance?
Start EC2 instance and customize it; stop instance for data integrity, build AMI (creates EBS snapshots), launch from other amis
EBS volumes are network drives with good but _____ performance
“limited”
What should you use if your need a high-performance hardware disk (better i/o)?
EC2 Instance Store
what happens if an EC2 instance store stops?
they lose their storage (ephemeral)
EC2 instance store are good for what?
buffer, cache, scratch data, temporary content
EC2 instance store has risk of ?
data loss if hardware fails
what are you responsible for with EC2 instance store
backups and replication
What are the 6 types of EBS Volume Types?
gp2, gp3, io1, io2 (ssd); st1, sc1 (hdd)
what are gp2, gp3 SSD ebs volume types?
general-purpose ssd volume that balances price and performance for a wide variety of workloads
what are io1, io2 SSD ebs volume types? (ssd)
highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
what are st1 HDD ebs volume types?
low cost hdd volume deisgned for frequently accessed, throughput-intensive workloads
what are sc1 HDD ebs volume types?
lowest cost hdd volume designed for less frequently accessed workloads
ebs volume are characterized in
Size, Throughput, IOPS(I/O Ops Per Sec)
what ebs volume types can be used as boot volumes?
gp2, gp3, io1, io2 (ssd)
EBS volume General Purpose SSD is best used for what kind of storage and latncy?
cost effective storage, low-latency
EBS volume General Purpose SSD is best used for what scenarios?
sys boot volumes, virtual desktops, development and test envs
EBS volume General Purpose SSD size range
1 GiB - 16 TiB
gp3 baseline IOPs and throughput of
3000 IOPS; 125 MiB/s
gp3 max IOPs and throughput of
16000; 1000
small gp2 volumes can burst IOPs to
3000
gp2 max IOPs
16000
gp2 size of volume and OPS are
linked
what are the io1/io2 ebs volumes considered?
Provisioned IOPS (PIOPS) SSD
when should Provisioned IOPS (PIOPS) SSD be used ?
critical business apps with sustained IOPS performance, or apps that need more than 16000 IOPS
What kind of workloads are Provisioned IOPS (PIOPS) SSD great for?
database workloads with sensitve storage perf and consistency
io1/io2 storage range:
4 GiB- 16 TiB
io1/io2 Max PIOPS for nitro ec2
64000
io1/io2 Max PIOPS for non-nitro ec2
32000
io1/io2 can increase PIOPS independdently from
storage size
how is io2 better than io1?
more durability and more IOPS per GiB
io2 Block Express size range
4GiB - 64 TiB
io2 Block Express has what kind of latency?
sub-millisecond latency
io2 Block Express Max PIOPS:
256,000 w/ an IOPS:GiB ratio of 1000:1
io2 Block Express supports
EBS Multi-Attach
EBS HDD cannot be a
boot volume
EBS HDD size range
125 MiB - 16TiB
Throughput Optimized HDD is which hdd ebs volume
st1
what is st1 good for ?
big data, data warehouses, log processing
st1 max throughput
500 MBps
st1 max IOPS
500
Cold HDD
sc1
when should sc1 be used?
data not accessed often, lowest cost is vital
sc1 max throughput and IOPS
250
what is ebs multi-attach
when you attached the same ebs volume to multiple ec2 instances in the same AZ
ebs multi-attach each instance has full
read & write permissions to the volume
When do you use ebs multi-attach?
achieve higher app availability in cluster linux apps; apps must manage concurrent write ops
to do ebs multi-attach, you must use a file sys that is
cluster-aware
what happens when you create an encrypted EBS volume?
data at rest is encrypted inside the volume, all the data in flight moving between the instance and volume is encrypted, all snapshots are encrypted, all volumes created from the snapshot
how is the encryptions and decryption of ebs volumes handled?
transparently, you do nothing
ebs encryotion has ___ impact on latency
minimal
ebs encrytpion leverages keys from
kms (aes-256)
t/f: copying an unencrypted volume snapshot allows encyrption
t
snapshotsof encrypted volumes are encrypted t/f
t
How do you encrypt an unencrytped EBS volume?
- create an ebs snapshot of the volume
- encrypt the ebs snapshot (using copy)
- create new ebs volume from the snapshot (volume will also be encrypted_
- attach encrypted volume to the original instance
EFS
Elastic File Sys
what is EFS?
managed NFS (netowrk file sys) that can be mounted on many ec2
EFS works with ec2 in
multi-AZ
T?F: EFS is highly available ,scalable, expenssive, pap per use
t
Use cases for efs
content mgmt, web serving, data sharing, Wordpress
what protocol does efs use?
NFSv4.1
how do you control access to efs?
use a secruity group
efs is comptabile with
linux based ami (not windows)
efs encryption at rest used
kms
what kind of file sys is efs?
POSIX file sys ~ Linux that has standard file API
efs scales
automatically, pay-per-use, no capacity planning
EFS Scale
1000s of concurrent NFS clients, 10 GB+ /s throughput, grow to Petabyte-scale network file sys automatically
EFS Performance mode is set at
efs creation time
efs performance mode general-purpose default?
lattency-senseitve use cases (web server, cms)
efs performance mode max i/o
higher latency, throughput, highly paralelel (big data, media processing)
efs throughput mode bursting
1TB = 50 MiB/s + burst of 100 MiB/s
efs throughput mode provisioned
set trhoughput regardless of storage size
efs storage tiers
lifecycle management feature
efs standard storage tier
often accessed files
efs infrequent access storage tier (EFS-IA)
cost to retrieve files and lower price to store
