EC2 Flashcards
Here are some EC2 configuration options:
OS: Linux, Windows or MAC OS
CPU: compute power and cores
RAM: how much memory
Storage space: Network-attached (EBS & EFS) or hardware (EC2 Instance Store)
Network card: speed of the card, public IP address
Firewall rules: security group
Bootstrap script (configure at first launch): EC2 User Data
Using an EC2 User Data script you can ____ the instances, meaning you can launch commands when the machine starts.
The script is run as the root user.
bootstrap
The EC2 user data script is only run once when the instance is ____.
first started
EC2 user data is used to automate boot tasks such as:
installing updates
installing software
downloading common files from the internet
just about anything else
AWS instance naming convention - m5.2xlarge
m: instance class
5: generation
2xlarge: size within the instance class
Which EC2 instance type is described below:
- great for a diversity of workloads such as web servers or code repositories.
- balance between compute, memory and networking
general purpose
Which EC2 instance type is described below:
- great for compute-intensive tasks that require high performance, such as:
- batch processing workloads
- media transcoding
- high performance web servers
- high performance computing (HRC)
- scientific modeling and machine learning
- dedicated gaming servers
compute optimized
Which EC2 instance type is described below:
- fast performance for workloads that process large data sets in memory
- use cases:
- high performance, relational/non-relational databases
- distributed web scale cache stores
- in-memory databases optimized for BI
- applications performing real-time processing of big unstructured data
memory optimized
Which EC2 instance type is described below:
- great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage
- use cases:
- high frequency online transaction processing (OLTP) systems
- relational and NoSQL databases
- cache for in-memory databases (for example, Redis)
- data warehousing applications
- distributed file systems
storage optimized
____ are fundamental to network security in AWS.
They control how traffic is allowed into or out of EC2 instances.
Security groups
Security groups only contain ____ rules.
allow
Security groups rules can reference by ____ or by ____.
IP
security group
Security groups act as a ____ on EC2 instances.
They regulate:
- access to ports
- authorized IP ranges - IPv4 and IPv6
- control of inbound network
- control of outbound network
firewall
Security groups can be attached to ____ instances.
multiple
Security groups are locked down to a ____ combination.
region/VPC
If you move to a different Region or VPC, you have to recreate the security group.
Security groups live ____ the EC2, so if traffic is blocked the EC2 instance will not see it.
outside
Best practice is to maintain a separate security group for ____ access.
SSH
If your application is not accessible (time out), then it’s a ____ issue.
If your appication gives a “connection refused” error; then its an ____ issue or its not launched.
security group
application
All EC2 inbound traffic is ____ by default.
All EC2 outbound traffic is ____ by default.
blocked
allowed
Security groups referencing other security groups example.
Identify the port number used for each scenario below:
__ - SSH to log into a Linux instance
__ - FTP to upload files into a file share
__ - SFTP to upload files using SSH
__ - HTTP to access unsecured websites
__ - HTTPS to access secured websites
__ - RDP (Remote Desktop Protocol) to log into a Windows instance
22
21
22
80
443
3389
Never enter your personal aws access id/keys (aws configure) into an EC2 instance.
Other users of your AWS account can retrieve those credentials.
Attach an IAM role to the EC2 instance instead.
Then you can run aws commands from the instance.
EC2 instance purchase options overview:
On-Demand - short workload, predictable pricing, pay by second
Reserved (1 & 3 years)
- Reserved Instances - long workloads
- Convertible Reserved Instances - long workloads with flexible instances
Savings Plans (1 & 3 years) - commitment to an amount of usage, long workload
Spot Instances - short workloads, cheap, can lose instances (less reliable)
Dedicated Hosts - book an entire physical server, control instance placement
Dedicated Instances - no other customers will share your hardware
Capacity Reservations - reserve capacity in a specific AZ for any duration
Which EC2 instance type is described below:
Pay for what you use:
- Linux or Windows - billing per second, after the first minute
- All other operating systems - billing per hour
Has the highest cost but no upfront payment
No long-term commitment
Recommended for short-term and un-interrupted workloads, where you can’t predict how the application will be behave
On-Demand
With EC2 Reserved instances, you reserve what specific instance attributes?
instance type, region, tenancy, OS
What reservation period durations are offered with EC2 Reserved instances?
1 & 3 year
What payment options are offered with EC2 Reserved instances?
No Upfront, Partial Upfront or All Upfront
What are the reserved instances’s scope offered with EC2 Reserved instances?
Regional or Zonal (reserve capacity in an AZ)
What EC2 instance type is recommended for steady-state usage applications, such as databases?
EC2 Reserved Instances
You can buy and sell EC2 Reserved instances in a ____.
marketplace
With a EC2 ____ instance, you can change the instance type, family, OS, scope and tenancy.
Convertible Reserved
Which EC2 instance type is described below:
Get a discount based on long-term usage
Commit to a certain type of usage ($10/hour for 1 or 3 years)
Savings Plans
Usage beyond EC2 Savings Plans is billed at the ____ price.
On-Demand
Which EC2 instance type is described below:
Locked to a specific instance family and AWS region (e.g., M5 in us-east-1)
Flexible across:
- instance size (e.g., m5.xlarge, m5.2xlarge)
- OS
- Tenancy (host, dedicated, default)
Savings Plans
EC2 ____ instances are the most cost-efficient instances in AWS with the most aggressive discounts.
Spot
With EC2 ____ instances, you can “lose” your instance at any point in time if your max price is less than the current price.
Spot
Which EC2 instance type is most suitable for workloads that are resilient to failure such as :
- batch jobs
- data analysis
- image processing
- any distributed workloads
- workloads with a flexible start and end time
Spot
EC2 ____ instances are not suitable for critical jobs are databases.
Spot
A EC2 ____ is a physical server with EC2 instance capacity fully dedicated to your use.
Dedicated Hosts
Which EC2 purchase option allows you to address compliance requirements and use your existing server-bound software licenses (per-socket, per-core, per-VM software licenses)?
Dedicated Hosts
EC2 ____ is the most expensive EC2 purchase option.
EC2 Dedicated Hosts
What are the purchasing options for EC2 Dedicated Hosts?
On-demand - pay per second for active Dedicated Hosts
Reserved - 1 or 3 years (No Upfront, Partial Upfront, All Upfront)
Which EC2 purchase option is best for software that has complicated licensing models (BYOL - Bring Your Own License)?
EC2 Dedicated Hosts
Which EC2 purchase option is best for companies that have strong regulatory or compliance needs?
EC2 Dedicated Hosts
Which EC2 purchase option is described below:
- Instances run on hardware that’s dedicated to you
- May share hardware with other instances in same account
- No control over instance placement (can move hardware after Stop/Start)
EC2 Dedicated Instances
Difference between Dedicated Hosts and Dedicated Instances
EC2 ____ allow you to reserve On-Demand instance capacity in a specific AZ for any duration.
Capacity Reservations
Which EC2 purchase option is described below:
- You always have access to EC2 capacity when you need it
- No time commitment, no billing discounts
- Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts.
Capacity Reservations
With EC2 ____ instances, you are charged at On-Demand rates whether you run instances or not.
Capacity Reservations
Which EC2 purchase option is suitable for short-term, uninterrupted workloads that needs to be in a specific AZ?
Capacity Reservations
Which EC2 purchasing option is best? Analogy
Starting in Feb 2024, there is a charge for all Public IPv4 addresses created in your account.
This is because they are trying to push people to IPv6.
EC2 Spot Instances can get a discount up to 90% compared to ____.
On-Demand
With EC2 Spot instances, you define a ____ and get the instance with the current spot price < than the max.
max spot price
If the current spot price > your max price, you can choose to stop or terminate your instance with a ____ minutes grace period.
2
With a ____ strategy, you can block a EC2 Spot instance during a specified time frame (1 to 6 hours) without interruptions.
In rare situations, the instance may be reclaimed.
No longer offered by AWS.
Spot Block
How to terminate Spot Instances?
____ allow you to automatically request Spot Instances with the lowest price.
Spot Fleets
A Spot Fleet is a set of Spot Instances + (optional) On-Demand Instances
Spot Fleet stops launching instances when reaching ____ or ____.
capacity
max cost
Strategies to allocate Spot instances with Spot Fleet:
- lowestPrice: from the pool with the lowest price (cost optimization, short workload)
- diversified: distributed across all pools (great for availability, long workloads)
- capacityOptimized: pool with the optimal capacity for the number of instances
- priceCapacityOptimized (recommended): pools with highest capacity available, then selects the pool with the lowest price (best choice for most workloads)
If you need to have a fixed public IP for your instance, you need an ____.
Elastic IP
An ____ is a public IPv4 IP that you own as long as you don’t delete it.
Elastic IP
You can only have ____ Elastic IPs in your account, but you can ask AWS to increase that number.
5
Try to avoid using Elastic IPs, as they often reflect poor architectural decisions.
Instead use a random public IP and register a DNS name to it
OR
Use a Load Balancer and don’t use a public IP
By default, your EC2 machine comes with
- a private IP for the internal AWS network
- a public IP for the www
EC2 ____ give you control over the EC2 placement strategy.
Placement Groups
When you create a placement group, you specify one of the following strategies for the group:
Cluster - will cluster instances into a low-latency group in a single Availability Zone
Spread - spreads instances across underlying hardware (max 7 instances per group per AZ). For critical applications.
Partition - spreads instances across many different partitions (which rely on different sets of racks) within an AZ. Scales to 100s of EC2 instances per group. (Hadeep, Cassandra, Kafka)
EC2 Placement Group - Cluster
All EC2 instances are in the same AZ.
Pros:
- great network ( 10Gbps bandwidth between instances with Enhanced Networking enabled - recommended)
Cons:
- if the AZ fails, all instances fail at the same time
Use Case:
- Big data job that needs to complete fast
- Application that needs extremely low latency and high network throughout
EC2 Placement Group - Spreads
Each EC2 instance is located on different hardware.
Pros:
- can span across multiple Azs
- reduced risk of simultaneous failure
- EC2 instances are on different hardware
Cons:
- limited to 7 instances per AZ per placement group
Use Cases:
- application that needs to maximize high availability
- critical applications where each instance must be isolated from failure from each other
EC2 Placement Group - Partitions
Each partition can have multiple EC2 instances.
The partitions can be spread across multiple AZs in the same region.
Up to 7 partitions per AZ.
The instances in a partition do not share racks with the instances in the other partitions.
A partition failure can affect many EC2, but won’t affect other partitions.
EC2 instances get access to the partition information as metadata.
Use Cases: big data such as HDFS, HBase, Cassandra, Kafka
After you create your EC2 placement groups, you can then go to launch a new EC2 instance there will be an option to select the group.
____ is a logical component in a VPC that represents a virtual network card.
Elastic Network Interfaces
An Elastic Network Interface can have the following components:
- primary private IPv4, one or more secondary IPv4
- one Elastic IP (IPv4) per private IPv4
- one public IPv4
- one or more security groups
- a MAC address
You can create an Elastic Network Interface and attach it on the fly (move them) on EC2 instances for failover.
Elastic Network Interfaces are bound to a specific ____.
availability zone
With EC2 Hibernate, the in-memory (RAM) state is ____.
preserved
This is done by writing the RAM state to a file in the root EBS volume.
With EC2 Hibernate, the root EBS volume must be ____.
encrypted
Use cases for EC2 Hibernate:
- long-running processing
- saving the RAM state
- services that take time to initialize
