EC2 Flashcards
What is one of the main limitations of EC2 and its associated EBS volume?
It’s all AZ specific e.g. Network interface or EBS cannot cross/connect AZ’s they are isolated
AMI’s etc covered separately
What is EC2 good for?
- Long-running compute
- Server style apps
- Burst or steady-state load
- Monolithic application stacks
- Migrated app workloads or DR
STRENGTH - blast radius within one AZ
What type of workload would you use general purpose EC2 type for?
Default - Diverse workloads, equal resource ratio
Should use this type as starting point
What type of workload would you use Compute Optimised EC2 type for?
Media processing, HPC, Scientific modelling, gaming, machine learning
Offer high performance CPUs
What type of workload would you use Memory Optimised EC2 type for?
Processing large in -memory datasets, some database workloads
What type of workload would you use Accelerated Computing EC2 type for?
Hardware GPU, Field programmable gate arrays (FPGA’s)
What type of workload would you use Storage Optimised EC2 type for?
Sequential and random IO - scale-out transactional db’s, data warehousing, elasticsearch, analytics worklaods
Large amounts of fast local storage, many io ops per second
How is storage throughput calculated? and how do you maximise
IO (block) Size x IOPS = Throughput
i.e. IO is like size of wheels on the car
E.g. 16k, 64k, 1Mb x 1, 2 seconds = xx MB/S
Maximising either will increase throughput although there are maximums depending on type of storage
Is EBS resilient across multiple AZ’s?
Volume = ONE AZ, but HA/Resilient in that AZ
If entire AZ has issues then could go down
Can be SSD or HDD (varying performance iops)
How is EBS billed?
Billed GB/M ( amount of time volume exists and size) IF you use for half month then less etc.
GB/M fee regardless of instance state
What are the 4 EBS volume types?
- General purpose SSD (gp2)
- Provisioned IOPS SSD (io1)
- Throughput optimised HDD (st1)
- Cold HDD (sc1)
What is the dominant performance attribute of each of the 4 EBS volume types?
- General purpose SSD (gp2) IOPS
- Provisioned IOPS SSD (io1) IOPS
- Throughput optimised HDD (st1) THROUGHPUT MiB/s
- Cold HDD (sc1) THROUGHPUT MiB/s
In what situation would you choose Provisioned IOPs SSD (io1)?
IO1 should be used when:
- High IOPs
- Latency
- Ability to pick performance separate from size
- Small volume sizes with high IO requirements
When can instance store volumes be attached to an EC2 instance?
Only at launch
How long does the data persist for on an instance store volume?
Storage is temporary/ephemeral as a result non-persistent and lost on instance restart, resize or hardware failure
Trade off is that instance store volumes have the highest performance
Why use EBS?
- Highly available and reliable storage
- Persist independently from EC2 instance
- Clusters - multi attach feature of io1
- Region resilience backup (can be automated vs instance store)
- If you only require up to 64,000 IOPS and 1000 MiB/s per VOLUME OR
- Up to 80,000 IOPS and 2,375 MB/S per INSTANCE
Why use instance store?
- Great value (included in the price of the instance provisioned) if you don’t care about it being permanent
- Performance is superior as its directly connected more than 80,000 IOPS & 2,375, good for caching speeds etc. like db products
- Stateless services e.g. web services that do media processing, temp storage
- You want to guarantee no data is left over when the system is terminated or restarted etc
How can you improve resilience of EBS volumes and make snapshots region resilient?
Store them on S3
How can you migrate or copy EBS volumes to other AZ’s or regions?
Use of snapshots, can be attached to other EC2 instance
To aware of:
- Snaps restore lazily - fetched gradually therefore reads in the interim may happen from S3 which is slower performance
- Can force a read of data immediately (pulling all data from S3 to new volume hence good performance immediately (use FSR - fast snapshot restore, 50 per region limit and costs extra)
If a snapshot of an encrypted EC2 is created which encryption key will be used to decrypt?
The same one used to encrypt will be used to decrypt via KMS. Brand new EBS volume will have new key.
Exam power ups:
- OS is not aware of the encryption - no performance loss
- Can’t change volume to not be encrypted
- AWS accounts can be setup to encrypt by default - default CMK
How many regions can an AMI work in?
One Region, only works in one region
Can be copied between regions (includes snapshots)
How can you edit an AMI?
AMI cannot be edited.. launch instance, update configuration and make a new AMI
Permissions are defaulted to your account
What is the best practice way to grant AWS services permissions to other AWS services on your behalf?
IAM Role - can allow service to assume role e.g. EC2 instance roles can allow anything running in the instance to assume - must create an ‘instance profile’ on EC2.
Instance Roles - credentials inside the meta-data, iam/security-credentials/role-name, cred are auto rotated hence always valid, app need to be careful about caching
Should ALWAYS use roles as opposed to access keys
