EC2

Question 1

What is EC2?

Answer 1

EC2 = Elastic Cloud Computing = Infrastructure as Service

One of the most popular AWS’s services

Question 2

What does EC2 capability consist of?
/ What are you able to do with EC2?

(4 points)

Answer 2

It mainly consists in the capability of:

• Renting Virtual Machines (EC2)
• Storing Data on Virtual Drives (EBS)
• Distributing load across machines(ELB)
• Scaling the services using an auto-scaling group(ASG)

Question 3

EC2 Sizing and Configuration Options

- What can we choose for our instances?

Answer 3

EC2 sizing & configuration options. We can choose:
• Operating System (OS): Linux or Windows
• How much compute power & cores (CPU)
• How much random-access memory (RAM)

• How much storage space:
• Network-attached (EBS & EFS)
• or hardware-attached (EC2 Instance Store)
• Network card: speed of the card, Public IP address
• Firewall rules: security group
• Bootstrap script (configure at first launch): EC2 User Data

Question 4

What type of instances do we get for EC2?

Answer 4

Instance vCPU Mem (GiB) Storage Network Performance EBS Bandwidth (Mbps)

t2. micro 1 1 EBS-Only Low to Moderate
t2. xlarge 4 16 EBS-Only Moderate
c5d. 4xlarge 16 32 1 x 400 NVMe SSD Up to 10 Gbps 4,750
r5. 16xlarge 64 512 EBS Only 20 Gbps 13,600
m5. 8xlarge 32 128 EBS Only 10 Gbps 6,800

** t2.micro is part of the AWS free tier (up to 750 hours per month) **

Question 5

What is AMI?

Answer 5

AMI = Amazon Machine Image

AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance.

Question 6

How can you select/get an AMI?

3 points

Answer 6

You can create your own AMI’s
You can buy AMIs from AWS Marketplace
Get AMI from the Community

Question 7

Define Security Groups

What are they?

Answer 7

• Security Groups are the fundamental of network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.
• Security groups only contain ALLOW rules
• Security groups rules can reference by IP or by security group

Question 8

What is the purpose of Security Groups?

5 points

Answer 8

• Security groups are acting as a “firewall” on EC2 instances
- They regulate:
• Access to Ports
• Authorised IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)

Question 9

Name the Classic Ports (6 in total)

Answer 9

• 22 = SSH (Secure Shell) - log into a Linux instance
• 21 = FTP (FileTransport Protocol) – upload files into a file share
• 22 = SFTP (Secure FileTransport Protocol) – upload files using SSH
• 80 = HTTP – access unsecured websites
• 443 = HTTPS – access secured websites
• 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance

Question 10

EC2 instant connect

Answer 10

Uses your web browser to connect to your EC2 instance
Valid for Mac, Windows and Linux (all versions)
Works with Amazon NX2

Question 11

puTTy

Answer 11

PuTTY allows you to use the SSH protocol to connect into your EC2 instances.

PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.

Question 12

SSH

Answer 12

• Port 22

SSH is one of the most important function. It allows you to control a remote machine, all using the command line.

Mac/Linux Users:
We will see how we can configure OpenSSH ~/.ssh/config to facilitate the SSH into our EC2 instances

Question 13

How to connect computer over the web to your EC2 instance

Mac User

Answer 13

ssh - key - IP

In terminal:
ssh -i ‘reference the key fil (.pem) ec2-user@ ‘add IPv4 address here’

if you have a permission denied
in terminal - chmod 0400 “reference the key file”

Question 14

SSH Troubleshooting

Answer 14

1 - There’s a connection timeout

This is a security group issue. Any timeout (not just SSH) is related to security groups or a firewall. Ensure it is correctly assigned to your EC2 instance.

2 - Still a timeout issue

A corporate firewall or a personal firewall is blocking the connection. Please use EC2 instance Connect

Question 15

EC2 Instance Connect

Answer 15

Browser based SSH Connection

• Note: EC2 Instance Connect may only work with Amazon Linux 2

Question 16

EC2 Instances Purchasing Options

5 Options

Answer 16

• On-Demand Instances: short workload, predictable pricing
• Reserved: (MINIMUM 1 year commitment)
• Reserved Instances: long workloads
• Convertible Reserved Instances: long workloads with flexible instances (change their types over time)
• Scheduled Reserved Instances: example – every Thursday between 3 and 6 pm
• Spot Instances: short workloads, cheap, can lose instances (less reliable)
• Dedicated Hosts: book an entire physical server, control instance placement • Dedicated Instances: no other customers will share your hardware

Question 17

EC2 On Demand

6 points

Answer 17

• Pay for what you use:
• Linux - billing per second, after the first minute
• All other operating systems (ex:Windows) - billing per hour
• Has the highest cost but no upfront payment
• No long-term commitment
• Recommended for short-term and un-interrupted workloads, where you can’t predict how the application will behave

Question 18

EC2 Reserved Instances

Answer 18

• Up to 72% discount compared to On-demand
• Reservation period: 1 year = + discount | 3 years = +++ discount
• Purchasing options: no upfront | partial upfront = + | All upfront = ++ discount • Reserve a specific instance type
• Recommended for steady-state usage applications (think database)
• Convertible Reserved Instance
• can change the EC2 instance type • Up to 45% discount
• Scheduled Reserved Instances
• launch within time window you reserve
• When you require a fraction of day / week / month • Commitment for 1 year only

Question 19

EC2 Spot Instances

4 points

Answer 19

• Can get a discount of up to 90% compared to On-demand
• Instances that you can “lose” at any point of time if your max price is less than the current spot price
• The MOST cost-efficient instances in AWS
• Useful for workloads that are resilient to failure
• Batch jobs
• Data analysis
• Image processing
• Any distributed workloads
• Workloads with a flexible start and end time
• Not suitable for critical jobs or databases

Question 20

EC2 Dedicated Hosts

5 points

Answer 20

• An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses.
• Allocated for your account for a 3-year period reservation
• More expensive
• Useful for software that have complicated licensing model (BYOL – Bring Your Own License)
• Or for companies that have strong regulatory or compliance needs

Question 21

EC2 Dedicated Instances

3 points

Answer 21

• Instances running on hardware that’s dedicated to you
• May share hardware with other instances in same account
• No control over instance placement (can move hardware after Stop / Start)

Question 22

Shared Responsibility Model For EC2

What is AWS Responsible for?

Answer 22

AWS is responsible for all data centers, their infrastructure and security of them.

• Infrastructure (global network security)
• Isolation on physical hosts
• Replacing faulty hardware
• Compliance validation

Question 23

Shared Responsibility Model For EC2

What is the USER Responsible for?

Answer 23

The USER is responsible for the security in the cloud.

You define your own security group rules and this allows you or other people to access your EC2 instances

You own the entire virtual machine inside of your EC2 instance
All the patches and updates you have to do them
All the software and utilities that are installed on the EC2 instance are your responsibility.

• IAM Roles assigned to EC2 & IAM user access management
• Data security on your instance