Section 3: AWS Fundamentals: EC2 Flashcards
What does EC2 stands for?
Elastic Computer Cloud
What are EC2โs four main capabilities?
Renting virtual machines (EC2)
Storing data on virtual drives (EBS)
Distributing load accross machines (ELB)
Scaling the services using an auto-scaling group (ASG)
What does EBS stands for?
Elastic Block Store
What does ELB stands for?
Elastic Load Balancing
What does ASG stands for?
Auto-Scaling Group
How do I SSH into an EC2 instance?
ssh -i keypair.pem ec2-user@XXX.XXX.XXX.XXX
What is the standard TCP port for SSH?
22
MAC: What to do if I get โWARNING: UNPROTECTED PRIVATE KEY FILE!โ while trying to connect to my EC2 instance via SSH?
Run the command โchmod 0400 keypair.pemโ
WINDOWS: What to do if I get โWARNING: UNPROTECTED PRIVATE KEY FILE!โ while trying to connect to my EC2 instance via SSH?
Look at the properties of the .pem file and make sure that Iโm the sole Owner of the file
What is a key pair?
A key pair is โkeypair.pemโ looking file which allows me to connect to my EC2 instance via SSH
What are the fundamentals of network security in AWS?
Security Groups
What is the function of Security Groups?
To control how traffic is allowed into or out of our EC2 machines
What do security groups regulate?
Allowed ports
Authorized IP ranges - IPv4 and IPv6
Can a security group be attached to many instances at the same time?
Yes
Are security groups global?
No, they are locked down to a region / VPC
What does VPC stands for?
Virtual Private Cloud
Where do security groups lives (in relation to EC2 instances)?
They live outside of EC2 instances. These instances arenโt aware of blocked traffic.
What common problem occurs when security groups are badly configured?
Application is not accessible (Timeout)
What does a โconnection refusedโ error mean when it comes to security groups?
They are unrelated, โconnection refusedโ errors come from the EC2 itself or an application running on it. If a security group blocks your request, you wonโt see anything other than a timeout after a while.
By default, security groups ____ all inbound traffic and ____ all outbound traffic.
block all inbound traffic
allow all outbound traffic
Characteristics of Public IP
Public IP can be identified on the internet (WWW)
Must be unique across the whole web
Can be geo-located easily
Characteristics of Private IP
Can only be identified on a private network only
Must be unique across the private network
E.g. Two different private networks can have the same IPs
Machines connect to WWW using an internet gateway (a proxy)
Only a specified range of IPs can be used as private IP
Characteristics of Elastic IP?
When you stop and then start an EC2 instance, it can change its public IP.
If you need to have a fixed public IP for your instance, you need an Elastic IP
An Elastic IP is a public IPv4 IP you own as long as you donโt delete it
You can attach it to one instance at a time
What happens to the public IP of an EC2 instance if the machine is stopped and then started?
The public IP can change
What is an EC2 User Data script?
A script that gets run when the EC2 instance first starts (It wonโt get executed on future stop/start)
What tasks can an EC2 User Data script do?
Anything, for e.g. Install updates Install software Download common files from the internet etc.
As which user does the EC2 user data script run?
root
What are the EC2 Instance Launch Types?
On-Demand Instances
Reserved Instances
- Convertible Reserved Instances
- Scheduled Reserved Instances
Spot Instances
Dedicated Instances
Dedicated Hosts
On-Demand Instances pricing
Pay for what you use
Highest cost but no upfront payment and no long term commitment
On-Demand Instances recommended use case
Short term un-interrupted workloads where you canโt predict how the application will behave
Reserved Instances pricing
75% discount compared to On-demand
Pay upfront for what you use
Reserved Instances reservation period
1 or 3 years
Reserved Instances recommended use case
Steady state usage applications (think database)
Convertible Reserved Instance pricing
Up to 54% discount compared to On-demand
Convertible Reserved Instance main characteristic
Can change the EC2 type
Scheduled Reserved Instances main characteristic
Launch within the time window you reserve (when you require a fraction of day/week/month)
Spot Instances pricing
Up to 90% discount compared to On-demand
Price varies based on offer and demand
Spot Instances usage time
You bid a price and get the instance as long as its under the price
How are spot instances reclaimed by AWS?
Spot instances are reclaimed with a 2 minute notification warning when the spot price goes above your bid
Spot Instances recommended use case
Batch jobs
Big Data analysis
Workloads that are resilient to failures
Dedicated Hosts recommended use case
Software that have complicated licensing model (BYOL โ Bring Your Own License)
Companies that have strong regulatory or compliance needs
Dedicated Hosts characteristics
Physical dedicated EC2 server for your use
Full control of EC2 Instance placement
Visibility into the underlying sockets / physical cores of the hardware
Dedicated Hosts pricing
More expensive than reserved instances
Dedicated Hosts reservation period
1 to 3 years
Dedicated Instances characteristics
Running on hardware thatโs dedicated to you
May share hardware with other instances in same account
On what time increments are EC2 instances usage billed?
On one second increments with a minimum of 60 seconds
What factors influence an EC2 instance price?
Its type
Its region
Its pricing model (On-Demand, Savings Plan, Reserved, Spot, Dedicated Host)
Its OS
What does AMI stands for?
Amazon Machine Image
How to customize an existing AMI at runtime?
!/bin/bash
By using an EC2 User Data script like the following:
######################################################## ##### USE THIS FILE IF YOU LAUNCHED AMAZON LINUX 2 ##### ########################################################
# get admin privileges sudo su
# install httpd (Linux 2 version) yum update -y yum install -y httpd.x86_64 systemctl start httpd.service systemctl enable httpd.service echo "Hello World from $(hostname -f)" > /var/www/html/index.html
What is the scope of an AMI?
Its region, it cannot be used in another region
What are some advantages of using a custom AMI?
Having pre-installed packages
Faster boot time
Machine can be configured with monitoring / enterprise software
Installing your app ahead of time (faster deploys when auto-scalling)
Optimization out of the box
What are the 5 distinct characteristics of EC2 instances?
RAM CPU I/O (disk performance, EBS optimisations) Network GPU
What are burstable instances (T2, T3, T3a)
Machines that can handle a hard spike in load very efficiently but wonโt last if the load doesnโt decrease
What are burstable instances (T2, T3, T3a) good at?
Handling unexpected traffic and getting the insurance that it will be handled correctly
When should you consider using scheduled reserved instances?
When you have workloads that require a fraction of day/week/month
