EC2 Flashcards
components
AMI; Instance Type; Network Interface; Storage.
Facts
a security group must be assigned to an instance during the creation process.
each instance must be placed into an existing VPC, AZ and subnet.
Automated(bootstrapping) custom launch commands can be passed into the instance during launch via “user-data” scripts.
“Tags” can be used to help name and organize provisioned instances.
Encrypted key-pairs are used to manage login authentication.
limits on the amount of instances you can run in a region at any particular time.( 20 on demand instances)
EC2 Shared Responsibility Model
Customer – managing the software level security on instances:
–Security groups;
–Firewalls;
–EBS encryption provided by AWS – EBS encryption –utilizes AWS Key Management Service; encryptiing the entire file system using an encrypted file system.
–applying an SSL Certificate to the ELB.
AWS: managing the hypervisor and physical layer of security for EC2: DDOS protection; Port scanning protection;
Ingress network filtering.
Placement Groups
- a CLuster of instances within the same availablity zone.
-Used for applications that require an extremely low latency network between them.
-attempts to place all the instances as close as physically possible in the data center to reduce latency.
-instances within a placement group have a low-latency, 10 Gbps network connection between them.
Instances that are in the placement group need to have enhanced networking in order to maximize placement groups.
Toubleshooting Placement Groups
if an instance stoped, once it is started again it will continue to be a member of the same placement group.
- it is suggested to launch all the required instances within the placement group in a single request, and that the same instance type is used for all instances within the placement group.
- It is possible, if more instances are added at a later time to the placement group OR if a placement group instance is stopped and started again, to receive an “insufficient capacity error”.
- resolve the capacity error by stopping all instances int he member group and attempting to start them again.
AMI
community AMIs: free to use, generally with these AMIs you are just selecting the OS you want.
AWS Marketplace AMIs:
Pay to use; generally comes packaged with additional, licensed software.
My AMIs: create by you.
Vitualization
run using the Xen Hypervisor software.
the maintenance of the physical AWS server and the Xen Hypervsor is handled by AWS.
Linux AMI Virtualization types:
HVM AMI: take advantage of hardware extensions that provide fast access to the underlying hardware on the host system. PV AMIs(Paravirtual).
curl http://169.254.169.254/latest/user-data/
displays bootstrapping commands
EFS
is a storage option for EC2 that allows for a scalable storage option;
elastic;
fully managed, no maintenance required.
Supports the Network File System version 4.0 and 4.1(NFSv4) protocols when mounting.
Best performance when using an EC2 AMI with Linux kernel 4.0 or newer.
Benefits of EFS:
can be accessed by one or more EC2 instances at the same time.
– share file access across all your EC2 instances;
– application that span multiple EC2 instances can access the same data.
pay only for the amount of storage you are using
can be mounted to on-premises servers(when connected to your VPC via AWS Direct Connect). this allow you to migrate data from on-prem servers to EFS and /or use it as a back up solution.
Scale to petabytes in size, while maintaining low-latency and high levels of throughput.
EFS SECURITY
Control file system access through POSIX permissions.
VPC for network access control, and IAM for API access control.
Encrypt data at rest using AWS Key Management Service.
EFS When to Use
Big data and analytics
Media processing workflows
Web Serving and Content Management
EBS Basics
network attached storage. can be only attached to one EC2 instance at a time.
EBS Performance
EBS volumes measure input/output operations in IOPS:
IOPS – input/output operations per second.
measure IOPS in 256KB chunks
Initializing EBS Volume
- new EBS volumes no longer need to be “pre-warmed”;
- New Volumes will receive their maximum performance at the moment they are created.
- Volumes created from an EBS snapshot must be initialized.
- initializing occurs the first time a storage block on the volume is read – and the performance impact can be impacted by up to 50%.
- You can avoid this impact in production enviroments by manually reading all the blocks.
General Purpose SSD
use for dev/test/environments and smaller DB instances.
performance of 3 IOPS/GIB of storage size
Volume size of 1GiB to 16 TiB
Considerations when using T2 instances with SSD root volumes (burstable vs. baseline performance).
Provisioned IOPS SSD
used for mission critical applications that require sustained IOPS performance.
Large database workloads;
Volume size of 4GIB to 16TIB;
performs at provisioned level and can provision up to 20,000 IOPS per volume.
Magnetic
Low storage cost;
Used for workloads where performance is not important or data is infrequently accessed
Volume size of Min 1GiB Max 1 TiB
Instance Store Volumes:
Instance-store volumes are virtual devices whose underlying hardware is physically attached to the host computer that is running the instance.
ephemeral data, meaning the data on the volumes only exists for the duration of the life of the instance.
the instance can be rebooted and still maintain its ephemeral data.
EBS Snapshots
point-in-time backups of EBS volumes that are stored in S3.
Snapshot properties:
incremental in nature.
only stores changes since the most recent snapshot, thus reducing costs by only having to ay for storage for the “incremental changes” between snapshots).
However, if the “original” snapshot is deleted, all data is still available in all the other snapshots.
can be used to create fully restored EBS volumes
Other snapshot notes
frequent snapshots of your data increases data durability – so highly recommended.
when a snapshot is being taken against the EBS volume, it can degrade performance so snapshots should occur during non-production or non-peak load hours.
EC2 Key Pair
Each Key pari consists of a public key and a private key.
AWS sores the public key on the instance, and you are responsible for storeing the private key.
