EC2 Basics

Question 1

What is the “Kernel” in an operating system?

Answer 1

A small piece of SW in the OS that runs in privileged mode and has full access to the HW components of the server:

CPU
Memory
Network Cards

Question 2

What mode do Apps run in, in a sever without virtualization?

Answer 2

User Mode/Unprivileged Mode

They must go through the OS to access the HW components.

Question 3

What mode does the Host OS run in on a virtualized server?

Answer 3

Privileged Mode - has access to the HW components with the Guest OS + Apps running on top of it (VM’s ).

Question 4

REVIEW - there are (4) different types of Virtualization:

Emulated Virtualization - Guest OS is not aware it’s virtualized and looks to read/write to HW. The Hypervisor controls that process/intercepts the Privileged Calls to the HW in what’s called “Binary Translation.”

Paravirtualization - same as Emulated, but the Guest OS makes calls to the Hypervisor instead of the HW itself.

Answer 4

HW-Assisted Virtualization - HW is now virt-aware. When the Guest OS looks to make Privileged Calls, the CPU handles it. That way, there is no translation at the Hypervisor level to improve efficiency.

SR-IOV (single root I/O virt) - HW + HW devices are virt-aware. A network card can present itself as many logical cards to VMs. This means no translation because Guest OS has access to logical Network cards whenever it wants.

Question 5

What is AWS Hypervisor called?

Answer 5

Nitro.

Question 6

EC2’s are ____ Resilient?

Answer 6

AZ Resilient.

All functions and network access is done within the particular AZ the EC2 hosts are sitting in.

Question 7

Typical use-cases for using EC2 (versus Lambda or Elastic Container Service).

FYI - this is the most used/default for VM requirements because it’s cost effective and fits this wide range of use cases:

Answer 7

○ Traditional OS + Application compute requirement

○ Long running compute needs (like if you have an app that runs 24/7 x 365)

○ Any apps that need server-style requirements (like VMs) that need a traditional OS

○ Any apps/services that need burst or steady-state requirements

○ Monolithic app stacks (like a DB)

○ Migrated app workloads or DR

Question 8

REVIEW:

→ By selecting the EC2 instance type and size, you can have granular control over what the resource configuration is

→ When selecting the proper instance type, the things to consider are:

Answer 8

○ Raw amounts - CPU, memory, local storage capacity, storage type

○ Resource ratios (some are better suited for memory caching versus compute-heavy apps)

○ Storage, network, and data bandwidth requirements

○ System ARCH and vendor (ARM v x86, Intel v AMD, etc.)

○ Additional features/capabilities (GPUs for example)

Question 9

What are the 5 main categories of EC2?

Answer 9

1. General purpose - this is the default for diverse, steady-state workloads, equal resource ratios
2. Compute optimized - media processing, high performance computing, gaming, etc.
3. Memory optimized - opposite of compute-optimized, and have a ton of memory like database workloads
4. Storage optimized - large amounts of super-fast local storage; massive amounts of I/O.. Good for data warehousing & analytics workloads
5. Accelerated computing - hardware GPUs, FPGA’s

Question 10

What are the 4 different types of Storage design options that we typically see?

Answer 10

→ Direct/local attached storage - storage on the EC2 host (physical disks);
○ AWS = Instance Store

→ Network attached storage - volumes are created and connected to a device over the network
○ AWS = Elastic Block Store (EBS)

→ Ephemeral Storage - temporary storage, not persistent
○ AWS = instance store

→ Persistent storage - permanent storage that lives on past the lifetime of the instance
AWS = EBS

Question 11

What are the 5 main categories of EC2?

Answer 11

1. General purpose - this is the default for diverse, steady-state workloads, equal resource ratios
2. Compute optimized - media processing, high performance computing, gaming, etc.
3. Memory optimized - opposite of compute-optimized, and have a ton of memory like database workloads
4. Storage optimized - large amounts of super-fast local storage; massive amounts of I/O.. Good for data warehousing & analytics workloads
5. Accelerated computing - hardware GPUs, FPGA’s

Question 12

What are the 4 different types of Storage design options that we typically see?

Answer 12

→ Direct/local attached storage - storage on the EC2 host (physical disks);
○ AWS = Instance Store

→ Network attached storage - volumes are created and connected to a device over the network
○ AWS = Elastic Block Store (EBS)

→ Ephemeral Storage - temporary storage, not persistent
○ AWS = instance store

→ Persistent storage - permanent storage that lives on past the lifetime of the instance
AWS = EBS

Question 13

What are the 3 main categories of Storage?

Briefly describe what each is.

Answer 13

Block - a collection of uniquely addressable storage “blocks” either presented as a Volume or as a blank physical hard drive.

File - storage provided by a file server that has a structured file system already made and ready to go.

Object - collection of objects, no organization, just flat storage; very scalable (pics, movies, files, videos ,etc)

Question 14

What is EBS?

Answer 14

Elastic Block Store - this service creates Storage Volumes that are shared to EC2 instances over the network.

EBS and the EC2’s it servers must be in the SAME availability zone.

Question 15

Is EBS AZ or Region Resilient?

Answer 15

AZ - volumes are tied to a single AZ you when they’re created you have to specify the AZ they’re going in.

You CANT have an EC2 in AZ-A attached to an EBS Volume in EZ-B

Question 16

What are the 2 types of SSD-based EBS Volumes?

Answer 16

** Designed for IOPS as dominant attribute **

→ General Purpose SSD (gp2) - “g” = general purpose
○ This is the default for almost all normal EC2 usage

→ Provisioned IOPS (io1) - “io” = IOPS
○ This is designed for low latency, high performance, and high thrupt use cases

Question 17

What are the 2 types of HDD-based EBS Volumes?

Answer 17

** Designed for Thrupt as dominant attribute **

→ Thrupt Optimized HDD (st1) - “t” = throughput
○ Designed for frequently accessed, Thrupt intensive workloads (like big data/data warehouses)

→ Cold HDD (sc1) - “c” = cold
○ Designed for data that is less frequently accessed

Question 18

EBS Summary:

· Volumes are created in an AZ; isolated

· If AZ fails, then volumes in that AZ fails

· EBS is HA/resilient inside an AZ; replicates data to multiple storage areas inside an AZ

· Generally; ONE volume is attached to ONE instance (EC2 instance)

Answer 18

· 1 x GB per month billing fee $$$ regardless of the state (even if instance is shut down)

· MAX Performance:
○ EBS maxes out at 80K IOPS for an instance and 64K IOPS for a volume (assuming io1)

· Max 2375 Mbps per instance of throughput, and 1000 Mbps per volume (assuming io1)

· SDD is designed for small, fast reads/writes whereas HDD is designed for sequential reads/writes of large blocks of data

Question 19

What is an Instance Store?

Answer 19

Instance Stores are local, physical storage that instances can utilize; they are present on a specific EC2 host.

Because they are local and aren’t shared over a network like EBS, they are much faster and better performing.

Question 20

When are Instance Stores attached?

Answer 20

At the time of EC2 launch - you can’t add this feature later on.

You either turn it on, or you don’t - it comes with the price of the EC2 that you’re already paying for.

Question 21

Instance Store Summary:

Answer 21

· Local to EC2 host

· Can be added at launch of an EC2 ONLY - either you use it or you don’t, but you can’t add it later

· Data in an instance volume is lost if the instance moves to a new host, is resized, or there is a HW failure

· They provide very high data performance (highest in AWS)

· Instance Volumes are NOT persistent - they are “ephemeral” (not long lasting); TEMPORARY

Question 22

When would you choose EBS over Instance Store?

Answer 22

· Highly available and reliable; can self correct when there are HW issues - it only fails if the entire AZ fails (much better resilience than an Instance Store)

· Persistent storage volumes - created independently of EC2 instances; you can stop/start/terminate/move/etc. and the data is still persistent

· Clusters and “Multi-Attach” - attach an” io1” volume (Provisioned IOPS SSD) to multiple instances at a time

· You can create snapshots to serve as a backup of the data to make the data Regionally resilient

· If you only require (performance and throughput caps):
○ Up to 64K IOPS and 1K MiB/s per volume
○ Up to 80K IOPS and 2375 Mbps per instance

Question 23

When would you use an Instance Store over an EBS Volume?

Answer 23

· Great value - they come with the instance within the cost of the instance; the larger/high-end instance type, they come with better performing instance store volumes (“free”)

· Performance & throughput –> More than the capped 80K IOPS and 2375 Mbps that EBS maxes out at
○ You can get to millions of IOPS and Gigs of throughput (super high levels of performance)

· Temporary storage volumes - caching could be a good use case; very fast, high performing, temporary data i.e cached

· Stateless services

· Rigid lifecycle - if you want to make sure no data is left behind when instances are moved or terminated

Question 24

What are the 2 main use cases for Snapshots?

Answer 24

Backup Resiliency - you can backup volumes to S3 which protects the data in case the AZ that the volumes are stored in goes down.

Data Migration - migrate data to different regions with S3 as the intermediary resource.

Question 25

What is Fast Snapshot Restore (FSR)?

How many are allowed per region?

Answer 25

Allows for immediate restore of a Snapshot from S3 that can be read immediately.

This costs extra $$$ and you can only do up to (50) FSR’s per region.

Question 26

Snapshot Billing:

Answer 26

○ Snapshots are billed per Gig/per Month

○ If you have 20GB of snaps stored for a month - you get billed for 20G

○ If you have 40GB of snaps for half a month - you get billed for the same 20G per month

○ YOU ARE NOT billed for the entire Storage Volume - only what is used on the volume… this means if you could have a 40GB Volume in size, but if you only use 10GB, then you only pay for 10GB

○ EBS doesn’t charge for unused areas of Volumes when performing snapshots

Question 27

Is EBS encrypted?

Answer 27

NO.

By default, data stored over the network on EBS is not encrypted.

Question 28

How is data encrypted in EBS?

Answer 28

The service utilizes KMS for encryption authority by way of a CMK.

The CMK held within KMS generates a DEK which is stored with the data on the Volume that’s encrypted.

Data is encrypted and decrypted via this DEK using KMS. EBS will ask KMS to decrypt the data.

“cu master key”
“data encryption key”

Question 29

EBS Encryption Summary:

Answer 29

· Accounts can be set to encrypt EBS by default - you can set a default CMK (AWS) or you can use a manual CMK (Cu-Managed)

· Each volume uses 1 unique DEK –> snapshots and future volumes use that same DEK

· Can’t change a volume from Encrypted to Decrypted - once encrypted it stays that way

· OS is not aware of encryption (only the EC2 Host and the EBS System are aware) which means there is no performance loss by using encryption

○ If the OS was to be aware, like if you needed to hold the key within the OS for whatever reason, you would then have to do full disk encryption but that would cause a performance loss

· Encryption uses AES256 algorithm

· EBS Encryption is very efficient, you don’t have to worry about keys, it’s free, and there’s no performance loss when using it

Question 30

How many Network Interfaces (ENI) does an EC2 start off with?

Answer 30

ONE

You can add 1 or more secondary interfaces however that can be in the same or different subnets.

Question 31

What does a Network Interface have on it?

Answer 31

• MAC Address
• 1 or more private IP’s
• 0 or 1 public IP’s
• 0 or 1 Elastic IP (which negates public IP if present); this is a Public IP that doesn’t change
• 0 or more IPv6’s
• SEC Groups

Question 32

What’s the added benefit to a secondary interface on an EC2?

Answer 32

Secondary interfaces don’t act the same as a primary int, but the critical difference is that you can detach and move them to other EC2 instances.

Question 33

Summary for Network Interfaces:

Answer 33

· Instances have 1+ network interfaces (ENI); primary and secondaries

· For each ENI, there can be different types of IP addresses:
○ Primary/secondary private IP
○ Optional - 1 x public IP
○ Optionally - 1+ Elastic IP’s (which then negate the public IP); you’d have more than one if you had multiple private IP’s

· Legacy SW in AWS is usually licensed by MAC Address - when it comes to EC2, if you create a Secondary ENI and use that ENI’s MAC address for licensing, you can then move that ENI to another host and retain the same licensing i.e portability

· Instances can have ENI’s in different subnets - this can be good for SEC Groups; different rules for different IP’s that are attached to different ENI

· The OS never sees the public IPv4 address; this is handled by NAT via the IGW
○ As far as the OS is concerned - you ALWAYS configure the private v4 address in the ENI interface
○ Meaning - you would NEVER need to configure a windows or Linux OS with a PUBLIC address

· Stopping and starting an instance will generate a new/changed IP v4 public address, simply restarting the instance will not
○ If you want to keep this consistent, then you assign an Elastic IP

· Public DNS given to the instance for a public v4 address will ALWAYS resolve to the primary private IP from within the VPC i.e communication between instances that never leave the VPC

· If it leaves the VPC, then it resolves to the public IP sitting on the IGW

Question 34

What is an Amazon Machine Image (AMI)

Answer 34

→ Allows you to create a template of an instance config, and then create many instances from that template.

When you launch an EC2, it’s always launching based off an AMI (provided by AWS), but this feature allows you to create your own customer AMIs.

AMI’s can be AWS-made, Community-made, or Customer-made.

Question 35

How is a custom AMI made?

Answer 35

1. Launch an instance (from an AWS-managed instances)
2. Add configuration to the instance - like customizations.
3. Create an image of the config via a Snapshot.
4. Launch new AMI based off of that Snapshot.

** The original AMI is called the “Block Device” which is what the new Snapshot will reference.

Block Device + Snapshot = Custom AMI

Question 36

Summary of AMI’s:

Answer 36

· AMI’s only work in the region that they are created

· AMI Baking - creating an AMI from a configured instance + an added application (something like WordPress for example)
○ “baking” the config of a specific instance into an AMI
○ This is how we mass-produced the Word Press use case in the demo lessons

· AMI’s cannot be edited or updated - you’d instead have to launch the AMI, update the config and then make a new AMI

· AMI’s can be copied between AWS REGIONS

· Default permission is only accessible in the account it’s created; you can explicitly add extra accounts if needed

Question 37

What are the 4 main pricing models for EC2 Instances?

Answer 37

on-demand - default

spot - up to 90% savings

reserved - up to 75% of savings

dedicated hosts

Question 38

What is On-Demand billing good for?

Answer 38

Default pricing model

Based on instance type, size, OS, extra SW, etc. and billed on an hourly rate as you use the instance; basically you’re billed when the instance is in the running state

→ Great for:

○ new apps being put in AWS or if you’re uncertain about the extent of app requirements - this alleviates you making any potential costly commitments

○ Good for short-term, spiky, or unpredictable workloads which can’t tolerate any kind of disruption

Question 39

What is Spot billing good for?

Answer 39

→ Good for:

○ when apps have flexible start/stop times and can tolerate disruption

○ Apps that make sense at a low cost

Question 40

What is Reserved billing good for?

Answer 40

→ Good for:

○ You have a known, steady-state, long term need

○ Lowest cost for apps which can’t handle disruption

○ Need capacity and want to reserve capacity in a specific AZ

Question 41

What are the 2 Instance Checks when booting up an EC2?

Answer 41

1. system status (power, connectivity, HW/SW)

2. instance status (file system, OS kernel)

Question 42

What is the Auto Recovery feature?

Answer 42

If an instance fails one of the 2 instance checks, you can either manually stop, terminate, or restart the instance - but that is all manual.

Auto Recovery will move the instance to a new host and starts it up with the exact same config, and IP addressing saved.

Question 43

What is a caveat with Auto Recovery?

Does it work with any Storage?

Answer 43

New instance must be in the same AZ.

It only works with EBS Volumes (not Instance Store because those are attached to the failed EC2 host).

Question 44

What is Vertical Scaling within EC2?

Answer 44

Re-sizing an EC2 instance based on demand - either making the instance “larger” or “smaller”

So going from a t2.large to a t2.2xlarge for example (quadruples the size of vCPU and memory).

Question 45

What are two caveats to be aware of when scaling Vertically?

Answer 45

1 - There is downtime associated to moving to a bigger/smaller instance i.e you will likely need a maintenance window.

2 - there is a maximum size of instance/type i.e there is an eventual limitation on how high you can scale

Question 46

What is Horizontal Scaling with EC2?

Answer 46

Instead of increasing the size of an individual instance, we just add more and more instances of the same type/size to give additional capacity.

Question 47

What else must be present for Horizontal Scaling?

Answer 47

A Load Balancer that sits between the end users/customers and the EC2 instances.

The LB evenly distributes the load across the fleet of EC2’s either at random or predefined, as they scale up and scale down.

Question 48

What is a caveat when doing Horizontal scaling within EC2?

Answer 48

Sessions between a user and app end or change when engaging the app (think going back to an online cart and adding something else).

Question 49

What is Off-Host Sessions? (also know as Application Support for EC2)

Answer 49

Active sessions for an application are held/stored in an external DB; external to the EC2 instance.

This means that the applications are stateless because the session data is held externally to the application; the individual instances are “dumb instances”

Question 50

What are 3 benefits of Horizontal Scaling?

Answer 50

1. no disruption to services when scaling
2. infinite scale
3. more granularity i.e adding more instances of the same size versus having to jump to a much larger single instance (cost effective)

Question 51

What is EC2 Instance Metadata?

Answer 51

Service that EC2 provides to instances.

It’s data about the instance that can be used to configure or manage a running instance; used by apps running on the instance to query it for information (like network type information).

Question 52

Is Instance Metadata encrypted?

Answer 52

NO.

Question 53

What is a Storage Volume?

Answer 53

An allocation of raw, physical disks.

Question 54

How can you make EBS Volumes more resilient than just replicating within an AZ?

Answer 54

Performing Backups/Snapshots to S3; S3 is regionally resilient and the data will be replicated to multiple AZ’s.

Question 55

What is a EBS Volume Credit Bucket?

What is the default amount of Credits in the bucket?

Answer 55

GP2 SSD Architecture that uses a bucket to dictate the available performance.

Bucket has 5.4 Million I/O Credits. As you use the credits to perform operations, the bucket gets refilled with 100 I/O per second.

This means the 5.4 million allows you to burst at a high rate for a period of time, but in theory, you could deplete the entire bucket if it was running at a high rate for a long period of time.

Question 56

What is the Volume Size for a EBS Volume?

What’s the size for GP2 Volumes?

What’s the default max IOPS for GP2?

Answer 56

125GB to 16TB

GP2 = 1TB to 16TB

3000 IOPS

Question 57

What is the difference between a GP2 and GP3 Volume?

Answer 57

○ Removes the Credit Bucket ARCH that’s associated to the GP2 SSD’s

○ 20% cheaper than EC2

○ Same standard performance as GP2 (regardless of Volume size) :
§ starts with 3000 IOPS (3000 x 16KB operations per second) by default
§ can transfer up to 125 MiB per second by default
§ ** Volume Size ranges from 1TB to 16TB **

○ GP3 can scale to higher transfer rate (up to 1000 MiB’s per second) and higher IOPS (16,000)