Section 5a: EC2 Flashcards
EC2 stands for ___ and is what type of cloud computing?
Elastic Compute Cloud. Infrastructure as a Service.
EC2 User data script allows you to
bootstrap your EC2 instance
Bootstrapping means
launching commands when a machine starts
The 4 major types of EC2 Instances are
General Purpose, Compute Optimized, Memory Optimized, Storage Optimized,
General Purpose EC2 instances are useful for
a diversity of workloads such as web servers or code repositories
Compute Optimized EC2 instances are useful for
compute-intensive tasks that require high performance
processors
Memory Optimized EC2 instances are useful for
workloads that process large data sets in memory
Storage Optimized EC2 instances are useful for
storage-intensive tasks that require high, sequential read and write
access to large data sets on local storage
What do Security Groups control?
They control how traffic is allowed into or out of our EC2 Instances & are the fundamental of network security in AWS.
Security Groups are
“firewalls” on EC2 instances
Security Groups regulate these 4 things
- Access to Ports
- Authorised IP ranges – IPv4 and IPv6
- Control of inbound network (from other to the instance)
- Control of outbound network (from the instance to other)
Can SGs be attached to one or multiple instances?
Multiple
Can SGs be used in any region or are they confined to one region?
Confined to the region they were created in as VPCs
Do SGs live “within” or “Outside” the EC2 instance?
Outside. EC2 instances can be blocked from “seeing” SGs.
All outbound traffic is ____ and all inbound traffic is ___ by default.
All outbound traffic is authorized and all inbound traffic is blocked by default.
Port 22
SSH (for linux)
and
SFTP (Secure File Transfer Protocol) – upload files using SSH
Port 21
FTP (File Transfer Protocol) – upload files into a file share
Port 80
HTTP – access unsecured websites
Port 443
HTTPS – access secured websites
Port 3389
RDP (Remote Desktop Protocol) – log into a Windows instance
What are the 7 EC2 Instance Purchasing Options?
- On-Demand Instances
- Reserved (1 & 3 years)
- Savings Plans (1 & 3 years)
- Spot Instances
- Dedicated Hosts
- Dedicated Instances
- Capacity Reservations
On-Demand Instances
short workload, predictable pricing, pay by second, highest cost. For short-term and uninterrupted workloads
Reserved (1 & 3 years)
- Reserved Instances – long workloads. Recommended for steady-state usage applications
- Convertible Reserved Instances – long workloads with flexible instances
Savings Plans (1 & 3 years)
commitment to an amount of usage, long workload. Locked to a specific instance family & AWS region
Dedicated Hosts
book an entire physical server, control instance placement.
*Allows you address compliance requirements and use your existing server- bound software licenses.
*Can be on-demand or Reserved.
*Useful for software that have complicated licensing model
*Also useful for companies that have strong regulatory/compliance needs
Dedicated Instances
no other customers will share your hardware
* Instances run on hardware that’s dedicated to you
* May share hardware with other instances in same account
* No control over instance placement
Capacity Reservations
reserve capacity in a specific AZ for any duration
*charged at On-Demand rate whether you run instances or not
* Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ
Spot Instances
short workloads, cheap, can lose instances (less reliable). The MOST cost-efficient instances in AWS. Not suitable for critical jobs or databases
For EC2, AWS is responsible for
- Infrastructure (global
network security) - Isolation on physical hosts
- Replacing faulty hardware
- Compliance validation
For EC2, the customer is responsible for
- Security Groups rules
- Operating-system patches and updates
- Software and utilities installed
on the EC2 instance - IAM Roles assigned to EC2 &
IAM user access management - Data security on your instance
