EC2 Fundamentals Flashcards
What is EC2
Elastic Compute Cloud
Infrastructure as a service
What are the 4 main purposes of EC2?
- Renting virtual machines (EC2)
- Storing data on virtual drives (EBS)
- Distributing load across machines (ELB)
- Scaling the services using an auto-scaling group (ASG)
What does the cloud provide?
On demand computing
Features:
- Operating System (OS): Linux(most popular), Windows or Mac OS.
- How much compute power and cores (CPU)
- How much random-access memory (RAM)
- How much storage space:
- Network-attached (EBS & EFS)
- hardware (EC2 Instance store)
- Network card: speed of the card, Public IP address
- Firewall rules: security group
- Bootstrap script (configure at first launch): EC2 User Data
EC2 sizing & configuration options
How can an instance be bootstrapped?
With an EC2 User Data script
What is bootstrapping?
launching commands when the machine starts
When does the user data script run?
Once during the first start instance.
Examples:
- Installing updates
- installing software
- Downloading common files from the Internet
- Anything you can think of…
EC2 user data script to automate boot tasks.
EC2 User Data scripts runs with a root user?
True
Any command you have will have the pseudo rights?
True
Instance type:
- Balance between:
- Compute
- Memory
- Networking
- In the course, we will be using the t2.micro which is a General Purpose EC2 instance
General Purpose
Instance type:
- Batch processing workloads
- Media transcoding
- High performance web servers
- High performance computing (HPC)
- Scientific modeling & machine learning
- Dedicated gaming servers
Compute Optimized - of C name
Instance type:
- High performance, relational/non-relational databases
- Distributed web scale cache stores
- In-memory databases optimized for BI (Business Intelligence)
- Applications performing real-time processing of big unstructured data
Memory Optimized - of R/X/Z name
Instance type:
- High frequency online transactions processing (OLTP) system
- Relational and NoSQL databases
- Cache for in-memory databases (ex: Redis)
- Data warehousing applications
- Distributed systems
- HPC Optimized
- Instance Features
- Measuring Instance Performance
Storage Optimized - of I/G/H1
Uses hardware accelerators, or co-processors, to perform functions, such as floating point number calculations, graphics processing, or data pattern matching, more efficiently than is possible in software running on CPUs.
- Accelerated Computing
Provides a balance of compute, memory and networking resources, and can be used for a variety of diverse workloads. These instances are ideal for applications that use these resources in equal proportions such as web servers and code repositories.
General Purpose
Instance type:
- Generative AI applications, including question answering, code generation, video and image generation, speech recognition, and more.
- HPC applications at scale in pharmaceutical discovery, seismic analysis, weather forecasting, and financial modeling.
- Accelerated Computing
Great for compute-intensive tasks that require high performance processors:
Compute Optimized - of C name
Fast performance for workloads that process large data sets in memory
Memory Optimized - of R/X/Z name
Great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage
Storage Optimized - of I/G/H1
What are security groups
The fundamental of network security in AWS
What do security groups contain?
They only contain allow rules
What do security groups do?
Control how traffic is allowed into or out of our EC2 Instances
How can a security group rules be referenced?
By IP or by security group
What acts as a “firewall” on our EC2 instance?
Security groups
What do security groups regulate?
- Access to ports
- Authorized IP ranges - IPv4 and IPv6
- Control of inbound network (from other to the instance)
- Control of outbound network (from the instance to other)
How many instance can a security group be attached to?
Multiple instances
What can security groups be locked down to?
A region/VPC combination
What does it mean that a security group lives “outside” the EC2?
if the traffic is blocked the EC2 instance won’t see it
If the application is not accessible because of timeout…
It is a security group issue
If your application gives a “connection refused” error…
the it’s an application error or it’s not launched
By default all inbound traffic is…
block
By default all outbound traffic is…
authorized
Ports to know:
22 = SSH (Secure Shell)
log into Linux instance
Ports to know:
21 = FTP (file transfer protocol)
upload files into a file share
Ports to know:
22 = SFTP (Secure File Transfer Protocol)
upload files using SSH
Ports to know:
80 = HTTP
access unsecured websites
Ports to know:
443 = HTTPS
access secured websites
Ports to know:
3389 = RDP (Remote Desktop Protocol)
log into a Windows instance
What is SSH?
Secure Shell is the primary method for securely accessing Linux servers from a command line interface.
What is Putty?
Putty performs the same function as SSH but it’s for windows
What is “EC2 Instance Connect”
Offers a method to connect to EC2 instances directly through a web browser, simplifying the process without the need for terminal or additional software.
