EC2 Flashcards
Instance Type
Allows varying combinations of CPU, memory, storage, networking
Types of IP addresses on EC2
Public, Private, Elastic IP
Private IP address
IP address retained when instance is stopped
Used in public and private subnets
Public IP address
Dynamic address, Lost when the instance is stopped (not lost when instance is restarted)
Used in public subnet
No charge
Associated with private IP address on the instance
Cannot be moved between instances
Elastic IP address
Static public IP address
You are charged if not used
Associated with a private IP address on the instance
Can be moved between instances and Elastic Network Adapters
Can be moved across AZs and remapped to a different ENI
AMI
provides information required to launch an instance
Defines the OS, software, instance type, and storage for the instance
Includes:
A template for the root volume for the instance
Launch permissions
A block device mapping specifying the volumes to attach
AMIs are regional - can only launch an AMi from the region it is stored in
Can copy AMIs to other regions using console, CLI or API
EC2 Metadata and URL
instance metadata is data about the EC2 instance like ami-id, istance-id, hostname, etc.
http://169.254.169.254/latest/metadata
What are versions of Instance Metadata Service (IMDS) and what do they do?
IMDS v1 - older and less secure
IMDS v2 - newer, more secure and reqires a session token for authorization
Default launch settings for EC2 may disable IMDSv1 depending on settings
EC2 User Data
Script that runs when instance starts for the first time
must be base64 encoded
Limited to 16kb in raw form (before base 64 encoded)
http://169.254.169.254/latest/user-data
Elastic Placement Groups
Cluster, Spread, Partition
Elastic Placement Groups Cluster
Packs instances close together inside an AZ. This strategy enables workloads to achieve the low-latency networks network performance necessary for tightly coupled node to node communication that is typical of HPC applications
uses enhanced networking, low network latency and high throughput for inter-instance traffic
Elastic Placement Groups Partition
spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in a different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra and Kafka
partitions are located in separate AWS rack, up to 7 AZs
Elastic Placement Groups Spread
strictly places a small group of instances across distinct underlying hardware to reduce correlated failures
each instance in different AWS rack
AWS Network Interface types?
ENI - Elastic Network Interface
ENA - Elastic Network Adapter
EFA - Elastic Fabric Adapter
ENI?
Can you have multiple ENI on one instance?
Can ENI be in different AZs?
Can you move an ENI to a different instance?
Elastic Network Interface
basic adapter type for when you don’t have any high performance requirements
can use with all instance types
if network interface attached to public subnet, the primary network interface has a private IP and optionally a public IP
Additional ENI can be attached from subnets within the same AZ
You can’t have nework interface span AZ
Yes, you can move an ENI to a different instance
ENA
Elastic Network Adapter
Enhanced network performance adapter for high bandwidth and low inter-instance latency
Must choose supported instance type
EFA
Elastic Fabric Adapter
Use with HPC or MPI (message passing interface) and ML use cases
Tightly coupled applications
Can use with all instance types
How does AWS perform NAT for Public addresses
When the instance makes a request, the traffic goes out with source as private IP to the IGW.
The IGW performs Network Address Translation by replacing the private IP with the public IP
When the request is returned it has the destination as the Public IP and the IGW replaces the destination with the corresponding Private IP
Private Subnet
By default all instances launched will not have a public IP
No route in route table pointing to IGW (igw-id)
Public Subnet
By default all instances launched will have a public IP
Must have IGW attached to the VPC and NAT Gateway attached to public subnet
By default main Route table of VPC includes destination equal to subnet CIDR and target to Local (e.g. local to other subnets within the VPC) and all other traffic routed to the IGW
How do you build a private EC2 instance(s) that can process outbound request but is unreachable from the internet?
Create VPC or use default
Create a public subnet and private subnet
Attach IGW to VPC
Deploy NGW into public subnet with an Elastic IP to communicate with the internet on behalf of instances in the private subnet
Create a route table different from the main RT
Configure RT with VPC cider as destination and Target as local
Configure RT for any other address to target NGW
private instance makes connects via NGW with private IP and NGW connects to IGW to make internet request
NAT Instance
How do you use the instance vs NGW
What is preferred NAT instance or NGW
special AMI string that has “amzn-ami-vpc-nat” in the name; you must disable source and destination checks
In the custom route table instead of targetting the NGW for all other traffic outside the VPC CIDR, specify target as the NAT Instance
you should prefer NGW over NAT instance
NAT GW vs NAT Instance
Instance
Instance managed by you
Scale up manually by changing the instance type and use enhanced networking
No HA, you can script to auto scale
HA possible using multiple NATs in multiple subnets
Need to assign security groups
Can use as bastion
Use EIP or public IP address
Can implement port forwarding through manual customization
NGW
Service managed by AWS
Fully elastic for scaling up to 45 Gbps
Provides automatic HA within an AZ and can be place in multiple AZs (different instance)
No need to assign security groups
Can’t access via SSH
Choose the EIP to associate at creation
Doesn’t support port fowarding
What kind of EC2 instance can you stop?
What kind of EC2 instance can’t be stopped?
EBS instance backed
Instance store backed instance can’t be stopped
What happens when an EC2 instance is that is stopped?
EBS volume remains which is chargeable, while instance changes stop
Data is lost in RAM
Instance is migrated to a different host if restarted
Private IPv4 or v6 addresses are retained; public addresses are released
Associated EIPs are retained
What happens when you hibernate an EC2 instance and what types of instances can be hibernated?
Only applies to certain AMIs
Contents of RAM are saved to EBS
Must be enabled for hibernation
What happens when you start an EC2 instance after hibernation?
The EBS root volume is restored to its previous state
The RAM contents re reloaded
The processes that were running previously on the instance are resumed
What happens when you reboot an EC2 instances
Equivalent to an OS reboot (AWS recommends rebooting via EC2 not OS)
DNS name and all IPv2 or v6 addresses retained
Doesn’t affect billing
What happens when you retire an EC2 instances? What other way is an instance reitred?
Instances may be retired if AWS detects irreparable failure of the underlying HW that hosts the instance
When an instance reaches its scheduled retirement date, it is stopped or terminated by AWS
What is and what happens to terminated instances?
Terminating an instance is deleting it
Can’t be recovered once terminated
By default, the root EBS volumes are deleted
How can you recover an EC2 instance?
CloudWatch can be used to monitor system status checks and recover the instance
Applies if the instance becomes impaired due to underlying HW or platform issues
Recovered instance is identical to original instance
AWS Nitro
underlying platform for next generation EC2 instances
support for many virtualized or bare metal instance types
tries to eliminate performance penalty of virtualization by access bare metal
breaks functions into specialized HW with Nitro Hypervisor
specialized HW includes:
nitro cards for VPC
nitro cards for EBS
nitro cards for Instance Storage
nitro cards for controller
nitro security chip
nitro hypervisor
nitro enclaves
Benefits of Nitro
Improves performance, security, and innovation:
performance close to bare meta for virtual instances
ENA and EFA use Nitro
more bare metal instance types
higher network performance
HPC optimizations
Dense storage instances
Nitro Enclaves
isolated compute environments
runs on isolated hardened VMs
no persistent storage, interactive access or external networking
uses cryptographic attestation to ensure only authorized code is running
integrates with AWS KMS
protects and securely processes highly sensitive data (PII, PHI, Financial data and Intellectual property)
EC2 Pricing Options
On-demand
Reserved
Spot
Dedicated Instances
Dedicated Hosts
Savings Plan
Name and describe types of Reserved Instance ?
Standard RI - change AZ, instance size (Linux) and networking type - use ModifyReservedInstance API
Covertable RI - can change AZ, instance size (Linux) and networking type, change family, OS, tenancy and payment option - use ExchangeReservedInstances API
both terms are 1 or 3 years
Can pay all upfront, partial upfront or no upfront but discount of up to 75% will vary with lower upfront payments
How is the discount applied for Reserved Instances?
When teh attributes of a used instance match the attributes of the RI the discount is applied
EC2 On Demand Capacity Reservation
Reserve compute capacity for your EC2s in specific AZ
Any duration
Mitigates against risk of being unable to get on demand capacity
Doesn’t require any long term commitments and can be cancelled at any time
When you create a reservation for EC2 On Demand what do you specify?
AZ
number of instances
instance attributes - type, tenancy, platform/OS
What type of savings plans?
Compute Savings Plan
EC2 Savings Plan
Compute Savings Plan
1 or 3 year commitment of usage of Fargate, Lambda, and EC2
Any region, family, size, tenancy and OS
EC2 Savings Plan
1 or 3 year commitment of usage of EC2 within a selected region and instance family
Any size, tenancy and OS
Spot Instances
One or more EC2 instances
up to 90% discount
can define separate OD/spot capacity targets, spot price, instance type and AZs
you get a 2 minute warning if AWS needs to reclaim capacity available via instance meta data and cloud watch events
Spot Fleet
launces and maintains the number of Spot/on-demand instances to meet specified target capacity
EC2 Fleet
launches and maintains specified number of spot / on-demand / RI in a single API call
Spot Block
Need uninterrupted capacity for set duration of time
Pricing is 30-45% less than on demand
