EC2 Flashcards
EC2
Web service that provides resizable compute capacity in the cloud
EC2 Pricing Models
Dedicated, On Demand, Reserved and Spot
Dedicated Hosts
Physical EC2 Server; server-bound software licenses
On Demand
Pay fixed rate by the hour w/no commitment
Spot
Bidding; flexible start and end times
Reserved
Capacity reservation; 1/3 yr contracts
Reserved Pricing Types
Standard, Convertible and Scheduled
Spot instance termination
if terminated by AWS, you will not be charged for a partial hour of usage; if you terminate the instance, you will be charged
Termination Protection
Turned off by default, you must turn it on
What happens to the EBS root volume when instance gets terminated?
Default: Root EBS volume is deleted
What happens to other non root volumes when instances gets terminated?
remains, it has to be deleted manually
Can the EBS Root Volume of your default AMI be encrypted?
No but there are ways to do it
Can additional volumes be encrypted?
Yes
Inbound traffic default behavior
blocked
Outbound traffic default
allowed
When do changes for security groups take effect
immediately
Security group relation to EC2 instances
M:M
Security Group is STATEFUL
If you create an inbound rule, an outbound rule is created automatically (HTTP in, HTTP out). You don’t have to create it explicitly as part of the Security group Outbound rule.
Network Access Control Lists (NACL) are STATELESS
If you create an inbound rule, you have to create the outbound rule explicitly; it will not be created automatically
Blocking IP Addresses in Security Groups
cannot be done; it has to be done via the NACL
Specifying rules in Security Groups
only allow rules, not deny rules
EBS
Elastic Block Store - provides persistent block storage volumes for use with Amazon EC2 instances in the Cloud
Types of EBS Storage
GP (SSD), PI (SSD), Througput Optimised HDD, Cold HDD and Magnetic
GP SSD (Desc, Use Case, API Name, Volume Size, Max IOPS/Volume)
General purpose SSD, most work loads,gp2, 1 GiB- 16 TiB, 16,000
PI SSD (Desc, Use Case, API Name, Volume Size, Max IOPS/Volume)
High performance, Databases, io1, 4 GiB - 16 TiB, 64,000
Throughput Optimized HDD (Desc, Use Case, API Name, Volume Size, Max IOPS/Volume)
Low cost HDD for frequently accessed, throughput intensive workloads, Big Data& Data Warehouses, st1, 500GiB - 16 TiB, 500
Cold HDD (Desc, Use Case, API Name, Volume Size, Max IOPS/Volume)
Lowest cost HDD for less frequently accessed workloads, File Servers, sc1, 500 GiB - 16 TiB, 250
EBS Magnetic (Desc, Use Case, API Name, Volume Size, Max IOPS/Volume)
Prev gen HDD, Workloads where data is infrequently accessed, Standard, 1GiB - 1 TiB, 40-200
EC2 instance and EBS Volume AZ
They have to be in the same AZ to avoid lag
Volumes exist on
EBS (virtual hard disk)
Snapshots
exist on S3; photographs of the disk - point in time copies of Volumes
Snapshots are incremental
only the blocks that have changed since your last snapshots are moved to S3 (deltas)
Creating first snapshot
will take time to create
AMIs can be created from
Volumes and snapshots
Changing EBS volume sizes on the fly can be done for
can be done for size and storage
How to move an Ec2 volume from one AZ to another
- Take a snapshot of it
- Create an AMI from the snapshot
- Use AMI to launch the Ec2 instance in the new AZ
How to move an Ec2 volume from one region to another
- Take a snapshot of it
- Create an AMI from the snapshot
- Copy the AMI from one region to the other
- Use the copied AMI to launch the new Ec2 instance in the new Region
Snapshots of encrypted volumes are
encrypted aumotatically
Volumes restored from encrypted snapshots are
encrypted aumotatically
When can you share snapshots
only if they are unecrypted
How can you share snapshots
other AWS accounts or made public
AMI can be selected based on
- Region
- OS
- Architecture (32/64)
- Launch Permissions
- Storage for Root Device
2 types of storage for root device
- EBS - launched from the AMI that is an amazon EBS volume created from an Amazon EBS snapshot
- Instance Store - launched from the AMI that is an instance store volume created from a template stored in Amazon S3
Instance store volumes are sometimes called
Ephemeral Storage
Diff between instance store volume and EBS backed instance
- Instance store volumes cannot be stopped, if the underlying host fails, you will lose your data. EBS can be stopped and you will not lose data when stopped.
- By default, both root volumes will be deleted on termination but with EBS, you can tell AWS to keep the root device volume
Similarity between EBS and instance store
You can reboot both, you will not lose your data
Root device encryption by default
uencrypted
If a snapshot is encrypted, can you unencrypt it?
NO
Steps to encrypt the root device volume
- Create a snapshot of the unencrypted root device volume.
- Create a copy of the Snapshot and select the encrypt option.
- Create an AMI from the encrypted snapshot
- Use that AMI to launch new encrypted instances
Amazon Cloudwatch
is a monitoring service to monitor your AWS resources, as well as the applications that you run on AWS
CloudWatch can monitor
- Compute - EC2 instances, Autoscaling Groups, Elastic Load Balancers, Route 53 Health Checks
- Storage & Content Delivery - EBS Volumes, Storage Gateways, CloudFront
Host level metrics consists of
- CPU
- Network
- Disk
- Status Check
AWS CloudTrail
increases visibility into your user and resource activity by recording AWS Management Console Actions and API calls.
Difference between CloudWatch and CloudTrail
> Cloudwatch monitors performance (gym trainor) while cloudtrail monitors API calls in the AWS Platform (CCTV)
Cloudwatch = Performance; CloudTrail = Auditing
CloudWatch with EC2 will monitor events every
5 mins by default (detailed monitoring can be turned on - 1 min intervals)
Who is provisioning what resource in AWS such as S3 or EC2 – CloudTrail or CloudWatch?
CloudTrail
Figuring out what the network throughput is or disk IO on your EC2 instance – CloudTrail or CloudWatch
CloudWatch
What can you do with Cloudwatch?
- Dashboards
- Alarms
- Events
- Logs
CLI
AWS Command Line Interface
How can you use CLI to access your Ec2 instances
setup access in IAM
Roles versus access key
- Roles are more secure
- Roles are easier to manage
- Roles can be assigned to an Ec2 instance after it is created using both the console & command line.
- Roles are universal - you can use them in any region.
Bootstrap scripts
> run when an Ec2 instance first boots
> powerful way of automating software installs and updates
Instance meta data
curl http://169.254.169.254/meta-data/
Instance user data
curl http://169.254.169.254/user-data/
Amazon EFS
a file storage service for Amazon Elastic Compute Cloud (EC2) instances
Can an EBS volume be shared by 2 EC2 instances?
No
Can EFS volume be shared by 2 EC2 instances?
Yes
EFS supports
NFSv4 protocol
EFS storage
pay for the storage you use (no pre-provisioning required)
EFS scale
petabytes
EFS can support # of concurrent NFS connections
thousands
Data in EFS is stored across multiple AZs within a region - true or false
true
EFS Consistency
Read after Write Consistency
2 types of placement group
- Clustered
2. Spread
Cluster placement group
grouping of instances within a single AZ
Cluster placement group are recommended for
applications that need low network latency, high network throughput or both
Spread placement group
group of instances that are each placed on distinct underlying hardware
Spread placement group are recommended for
applications that have a small number of critical instances that should be kept separate from each other
Diff between spread and clustered
Clustered can’t span multiple AZs but spread can
Naming of placement group
must be unique within your AWS account
Types of instances that can be launched in a placement group
Compute Optimized, GPU, Memory Optimized, Storage Optimized
AWS recommends what to be placed in placement groups
homogenous instances
Can you merge placement groups
no
can you move an existing instance into a placement group
no
How to move an existing instance into a placement group
- Create an AMI from your existing instance
2. Launch a new instance from the AMI into a placement group
