Section 3: EC2

Question 1

General Purpose instance

Answer 1

t2.micro (1 vCPU, 1GB)

Lesson 28

Question 2

Compute Optimized instance

Answer 2

c5n.large (2 vCPU, 5.25GB)

Lesson 28

Question 3

Memory Optimized instance

Answer 3

r5ad.large (2 vCPU, 16GB)

Lesson 28

Question 4

Storage Optimized instance

Answer 4

d2.xlarge (4 vCPU, 30.5GB)

Lesson 28

Question 5

GPU instance

Answer 5

g2.2xlarge (8vCPU, 15GB)

Lesson 28

Question 6

Amazon Machine Image (AMI)

Answer 6

Includes:
- Template for the root volume of the image.
- Launch permissions.
- A block device mapping specifying the volumes to attach.

AMIs are regional. You can only launch an AMI from the region in which it is stored.

You can copy AMI’s to other regions using the console, command line, or the API.

Essentially an image that contains the operating system, and any configurations.

Defines the configuration of the instance.

An AMI is created from an EBS snapshot (a point in time backup of an instance).

Lesson 28

Question 7

EC2 Benefits

Answer 7

• Elastic computing
• Complete control
• Flexible
• Reliable
• Secure
• Inexpensive

Lesson 28

Question 8

Security Group

Answer 8

Instance-level Firewall.

Basically, a firewall, controlling inbound and outbound traffic.

Determines which ports, protocols, and IP addresses we can connect from.

It functions as a firewall securing access to our instances.

Question 9

Internet Gateway

Answer 9

Attached to a VPC and enables access to/from internet.

Question 10

Key pair

Answer 10

Used for connecting securely to our instances.

Question 11

User data

Answer 11

Ability to run commands when the system is starting. Data limited to 16KB.

Lesson 33

Question 12

Metadata

Answer 12

Data about your EC2 instance (e.g. private IPv4, public IPv4, etc.) that is recorded locally.

Lesson 33

Question 13

Access Keys

Answer 13

• Configured on the EC2 instance, and stored on the filesystem of the instance.
• Associated with an IAM User Account (e.g. Eric)
• Uses the permissions assigned to the IAM User.

Lesson 34

Question 14

EC2 Instance Profile

Answer 14

• the Role is assumed by the EC2 instance.
• No credentials are stored on the instance.

Question 15

Cluster Placement Group

Answer 15

Packs instances close together in an AZ to achieve low-latency using enhanced networking, low network latency necessary for tight coupled node-to-node (inter-instance) communication typical in HPC applications.

Lesson 38

Question 16

Partition Placement Group

Answer 16

Spreads instances across logical partitions (separate AWS rack) such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. Strategy typically used by large distributed and replicated workloads like Hadoop, Cassandra, and Kafka.

Neil used NoSQL as a use case.

Partitions can be in multiple AZs (up to 7 per AZ).

Lesson 38

Question 17

Spread Placement Group

Answer 17

Strictly places a small group of instances across distinct underlying hardware (separate AWS rack) to reduce correlated failures.

Lesson 38

Question 18

Network Interface (ENI, ENA, EFA)

Answer 18

• EC2 is within AZ (data center), not a public or private subnet.
• EC2 can be attached to multiple subnets through different adapters.
• The (auto) primary network interface has a private IP address and optional public IP address.
• EC2 can have another network interface but it has to be in same AZ.
• Cannot attach ENIs from subnets in different AZs.

Lesson 39

Question 19

Elastic Network Interface (ENI)

Answer 19

• Basic adapter for non HPC requirements.
• Supports all instance types.

Lesson 39

Question 20

Elastic Network Adapter (ENA)

Answer 20

• Enhanced network performance.
• Higher bandwidth and lower inter-instance latency.
• Must select a supported instance type.

Lesson 39

Question 21

Elastic Fabric Adapter (EFA)

Answer 21

• Use with HPC and Message Passing Interface (MPI) and ML use cases.
• Tightly coupled (low latency) applications.
• Supports all instance types.

Lesson 39

Question 22

Public, Private, and Elastic IP Addresses (EIP)

Answer 22

Public - dynamic. Changes on restart.
Elastic- public and static. Associate with network interface.

ENIs can be remapped to a different instance in the same AZ.

EIPs can be remapped in the same **or across* different AZs.

Lesson 41

Question 23

Public IP Address

Answer 23

• Lost when the instance is stopped but not restarted/rebooted.
• Used in public subnets.
• No charge.
• Associated with a private IP address on the instance.
• Cannot be moved between instances.

Lesson 41

Question 24

Private IP Address

Answer 24

• Retained when the instance is stopped.
• Used in public and private subnets. Always have a private IP address.

Lesson 41

Question 25

Elastic IP (EIP) Address

Answer 25

• Static public IP address.
• Available within a region when allocated.
• Charged even if not used.
• Associated with a private IP address on the instance.
• Can be moved between instances and Elastic Network Adapters.

Lesson 41

Question 26

Network Address Translation (NAT) for Public Adresses

Answer 26

• On EC2, you only see the private IP address and knows nothing about the public IP address.
• The public IP addesss is associated to the adapter and private IP adress.
• The Internet Gateway (IG) performs NAT.
• The NAT gateway will change the private IP address source address to the public IP address and vice-versa coming back inbound.

Lesson 42

Question 27

Bastion Host / Jump Host

Answer 27

• Using instance in public subnet to connect to instance in private subnet.
  -Helps connect to instances in a private subnet.

Lesson 44

Question 28

0.0.0.0/0

Answer 28

Anything source / anything else.

Lesson 44

Question 29

Private subnet

Answer 29

• Don’t have a public IP address l. No public IP address assigned.
• Don’t have a route. Route table associated has no Internet Gateway attached to it.
• Because no public IP address, an Internet Gateway (IG) cannot be attached.

Lesson 44

Question 30

Local

Answer 30

Route within the VPC.

Lesson 45

Question 31

Classless Inter-Domain Routing (CIDR)

Answer 31

Lesson 45

Question 32

NAT Gateways and NAT Instances Overview

Answer 32

• Purpose to enable instances deployed in private subnets to connect to the Internet. Outbound only.
• If we needed bi-directional, we would deploy the instances to a public subnet with a public IP address and use the Internet Gateway.
• Use cases like a connect to an outbound service or download software to install for updates.

Lesson 46

Question 33

NAT Gateway

Answer 33

• AWS service.
• Highly available and automatic scaling.
• NAT Gateway is created in public subnet.
• deployed to a public subnet. It will have an Elastic IP Address (EIP) used to talk the Internet Gateway (attached to the VPC) on behalf of the private instance.
• the NAT Gateway ID must be specified in the private subnet Route Table.

Lesson 46

Question 34

NAT Instance

Answer 34

• Used a lot before NAT Gateways came along.
• EC2 instance, not an AWS service.
• Uses a special AMI with the string ”amzn-ami-vpc-nat” in the name.
• Must disable source/destination checks.
• the NAT Instance ID must be specified in the private subnet Route Table.

Lesson 46

Question 35

NAT Instance vs NAT Gateway

Answer 35

NAT Instance:
- Manged by you (e.g. operating system, software updates).
- Scale up (instance type) manually and use enhanced networking.
- No high availability - scripted/auto-scaled HA possible using multiple NATs in multiple subnets.
- Need to assign Security Group.
- Can use a a bastion host.
- Use and Elastic IP Adress or Public IP Address with a NAT Instance.
- Can implement port forwarding through manual customization.

Lesson 46

Question 36

NAT Gateway vs NAT Instance

Answer 36

NAT Gateway:
- Managed by AWS.
- Elastic scalability up to 45 Gbps.
- Provides automatic high availability within an AZ and can be placed in multiple AZs.
- No Security Groups.
- Cannot access through SSH.
- Choose the Elastic IP Address to associate with a NAT Gateway at creation.
- Does not support port forwarding.

Lesson 46

Question 37

EC2 Instance Lifecycle

Answer 37

AMI:
- Launch -> Pending state -> Running state
- Reboot -> Rebooting state -> Running state
1. Terminate -> Shutting Down state -> Terminated state
2. Stop -> Stopping state -> Stopped state ( Terminate -> Terminated state | Start -> Pending state )
3. Stop-Hibernate

Note: Stopping and Stop-Hibernate is only applicable to EBS-backed volumes, not Instance store volumes.

Lesson 48

Question 38

Stopping EC2 Instance

Answer 38

• EBS backed instances only.
• No charge for stopped instances.
• EBS volumes remain attached (chargeable).
• Data in RAM lost.
• Instance is migrated to a different host (e.g. scheduled hardware maintenance).
• Private IPv4 and IPv6 addresses retained; public IPv4 addresses released.
• Associated Elastic IP Addresses retained.

Lesson 48

Question 39

Hibernating EC2 Instances

Answer 39

• Applies to an on-demand or reserved Linux instances.
• Contents of RAM saved to EBS volume.
• Must be enabled for hibernation when launched.
• Specific prerequisites apply.
• When started (after hibernation):
• The EBS root volume is restored to its previous state.
• The RAM contents are reloaded.
• The processes that were previously running on the instance are resumed.
• Previously attached data volumes are reattached and the instance retains its instance ID.

Lesson 48

Question 40

Rebooting EC2 Instances

Answer 40

• Equivalent to an OS reboot.
• DNS name and all IPv4 and IPv6 adresses are retained.
• Does not affect billing

Lesson 48

Question 41

Retiring EC2 Instances

Answer 41

• Instances can be retired if AWS detects irreparable failure of the underlying hardware that hosts the instance.
• When an instance reaches its scheduled retirement date, it is stopped or terminated by AWS.

Lesson 48

Question 42

Terminating EC2 Instances

Answer 42

• Means deleting the EC2 instance.
• Cannot recover a terminated instance.
• By default, root EBS volumes are deleted.

Lesson 48

Question 43

Recovering EC2 Instances

Answer 43

• CloudWatch can be used to monitor system status to check and recover instance if needed.
• Applies if the instance becomes impaired due to underlying hardware / platform issues.
• Recovered instance is identical to original instance.

Lesson 48

Question 44

AWS Nitro System

Answer 44

• underlying platform for the next generation of EC2 instances.
• support very many virtualized and bare metal instance types.
• breaks functions into specialized hardware with a Nitro Hypervisor.
• Specialized hardware includes:
• Niteo cards for VPC.
• Niteo cards for EBS.
• Niteo cards for Instance Storage.
• Nitro cars controller.
• Nitro security chip.
• Nitro Hypervisor.
• Nitro Enclaves.

Lesson 49

Question 45

AWS Nitro System Benefits

Answer 45

• Improves security, performance, and innovation:
• Performance close to bare metal for virtualized instances.
• Elastic Network Adapter and Elastic Fabric Adapter.
• More bare metal instance types.
• Higher network performance (e.g. 100 Gbps).
• HPC optimizations.
• Dense storage instances (e.g. 60 TB).

Lesson 49

Question 46

AWS Nitro Enclaves

Answer 46

• Really about security.
• Isolated compute environments.
• Runs on isolated and hardened virtual machines.
• No persistent storage, interactive access, or external networking.
• Uses cryptographic attestation to ensure only authorized code is running.
• Integrates with AWS KMS.
• Protect and securely process highly sensitive data (PII, Healthcare, Financial, and Intellectual Property data).

Lesson 49

Question 47

On-Demand EC2 Pricing

Answer 47

Standard rate - no discount, no commitment; dev/test, short term or unpredictable workloads.

Lesson 50

Question 48

Reserved EC2 Pricing

Answer 48

1 or 3 year commitment; up to 75% discount; steady-state, predictable workloads and reserved capacity.

Lesson 50

Question 49

Spot EC2 Pricing

Answer 49

Get discounts of up to 90% for unused capacity; Can be terminated at any time.

Lesson 50

Question 50

Dedicated Instances (Pricing)

Answer 50

Physical isolation at the host hardware level from instances belonging to other customer.

Lesson 50

Question 51

Dedicated Hosts (Pricing)

Answer 51

Physical server dedicated for your use; Socket/core visibility, host affinity; pay per host; workloads with server bound software licenses.

Lesson 50

Question 52

Savings Plans

Answer 52

Commitment to a consistent amount of usage (EC2 + Fargate + Lambda); Pay by $/hour; 1 or 3 year commitment.

Lesson 50

Question 53

Amazon EC2 Billing - Per Second

Answer 53

• Billed per second; Minimum of 1 minute.
• Per- second is for Amazon Linux and Ubuntu and also now Windows in On-Demand, Reserved, and Spot forms.

Lesson 50

Question 54

Amazon EC2 Billing - Per Hour

Answer 54

• Billed per hour; Minimum of 1 hour
• Windows, commercial distros such as Redhat Linux EL and SuSE Enterprise Server (ES)uses hourly pricing.

Lesson 50

Question 55

Amazon EBS Volume Pricing

Answer 55

• Volumes billed per second; Minimum of 1 minute.

Lesson 50

Question 56

Amazon EC2 (Standard) Reserved Instances

Answer 56

• Change AZ, instance size (Linux), networking type.
• Use ModifyReserveInstances API.

Lesson 50

Question 57

Standard RI

Answer 57

• Change AZ, instance size (Linux), networking type.
• Use ModifyReserveInstances API.

Lesson 50

Question 58

Convertible RI

Answer 58

• Change AZ, instance size (Linux), networking type.
• Change family, OS, tenancy, payment option.
• Use ExchangeReserveInstances API.

Lesson 50

Question 59

RI Terms and Payment Option

Answer 59

• 1 or 3 year
• All upfront, partial upfront, no upfront.

Lesson 50

Question 60

Amazon EC2 Reserved Instances (RIs)

Answer 60

• When the attributes of a used instance match the attributes of an RI, the discount is applied.
• Includes type of instance (e.g. A1, M4, R5a).
• Can include operating system.
• Tenancy - Default or Dedicated (hardware).
• AZ - can specify when reserving capacity.
• Region - does not reserve capacity; discount applies all AZs.

Lesson 50

Question 61

Scheduled RIs (deprecated)

Answer 61

• Match capacity to reservation to recurring schedule.
  Minimum 1200 hours per year.
• Example - Reporting app that runs 6 hours a day 4 days a week = 1248 hours per week.

Lesson 50

Question 62

AWS (Compute) Savings Plan

Answer 62

• 1 or 3 yearly; hourly commitment to usage of Fargate, Lambda, and EC2; Any Region, family, size, tenancy, and OS.

Lesson 50

Question 63

AWS (EC2) Savings Plan

Answer 63

• 1 or 3 year; hourly commitment to usage of EC2 within a selected Region and Instance Family; Any size, tenancy and OS.

Lesson 50

Question 64

Amazon EC2 Spot Instances (Spot, Spot Fleet, EC2 Fleet)

Answer 64

• Spot Instances - one or more EC2 instances.
• Spot Fleet - launches and maintains the number of Spot / On-Demand instances to meet specified target capacity.
• EC2 Fleet - launches and maintains specified number of Spot / On-Demand / Reserved Instances in a single API call.

Note: with EC2 Fleet, can define separate OD/Spot capacity targets, bids, instance types, and AZs.

2 minute warning if AWS needs to reclaim capacity - available via instance metadata and CloudWatch Events.

Lesson 50

Question 65

Spot Block

Answer 65

• Requirement: Uninterrupted for 1-6 hours.
• Pricing is 30 - 45% less than On-Demand.

Lesson 50

Question 66

Dedicated Instances vs Dedicated Hosts

Answer 66

Dedicated Instances (3 benefits)
- Enables the use of dedicated physical servers.
- Per instance billing (subject to a $2 per region fee).
- Automatic instance placement.

Dedicated Hosts (7 benefits)
- Enables the use of dedicated physical servers.
- Per-host billing.
- Visibility of sockets, cores, host ID.
- Affinity between a host and instance (which instance the host will run on).
- Targeted instance placement.
- Automatic instance placement.
- Add capacity using an allocation request.

Lesson 50