Server-Based Compute (EC2) Advanced Flashcards
How does Encryption works, for EBS Volumes and Snapshots?
o Volume Encryption uses EC2 host hardware to encrypt data at rest and in transit between EBS and EC2 instances.
o Encryption generates a Data Encryption Key (DEK) from a Customer Master Key (CMK) in each Region
o CMKs can be AWS Managed (provide and managed by AWS) or Customer Managed (created and managed by Customer, with added controls including key rotations)
o A unique DEK decrypts each volume
o Snapshots of that volume are encrypted with the same DEK, as are any other volumes created from that snapshot
o The encryption / decryption process is handled by an AWS Service called Key Management Service (KMS)
What is EBS Optimisation?
Legacy, non-EBS optimised instances used a shared networking path for data and storage communications
As a result, performance for storage and normal networking can be impacted, in case of parallel access
EBS-optimised mode, which is now the default, adds optimisation and dedicated communication paths for storage and data networking
This allows consistent utilisation of both
What is Enhanced Networking?
Traditionally, virtual networking meant a virtual host (EC2 host) arranging access for n virtual machines to access one physical network card – this happens via software, and is typically slow
Enhanced Networking uses SR-IOV (Single Route Input Output Virtualisation), which allows a single physical network card to appear as multiple physical devices
Each instance can be given one of these (fake) physical devices
This results in faster transfer rates, lower CPU usage and lower consistent latency
EC2 delivers this via the Elastic Network Adapter (ENA) or Intel 82599 Virtual Function (VF) Interface
What are the 3 type of Placement Groups?
Cluster PG: Designed for maximum performance. They place instances physically near each other in a single AZ. Every instance can talk to any other instance at the same time, at full speed. Works with enhanced networking for peak performance
Partition PG: Designed for maximum availability for large infrastructures. Instances are separated into partitions (max 7 per AZ), each occupying isolated racks in AZs/Regions. Can span multiple AZs
Spread PG: Designed for maximum availability for small infrastructures (email servers, file servers). Max of 7 instances per AZ that need to be separated. Each instance occupies a partition and has an isolated fault domain.
How does the EC2 On Demand Billing model work?
pay per use of EC2 instance, with a minimum billing unit of 60”, and continues after that with 1” increments. AWS has no advance warning, which implies they need to guarantee spare capacity
How does the EC2 Spot Billing model work?
exploits AWS spare capacity specific to each Region. The higher the spare capacity, the lower the Spot price. Instances are provided as long as your bid price is above the spot price, and you only ever pay the spot price. If your bid is exceeded, the instance is terminated with a 2-minute warning. Ideal for non-critical workloads, burst workloads, or consistent non-critical jobs that can tolerate interruptions without impacting functionality. Note: Spot price can exceed On Demand price!
How does the EC2 Reserved Instances model work?
Reserved Instances lock in a reduced rate for one to three years. Zonal reserved instances include a capacity reservation. Your commitment incurs costs even if instances are not launched. These are best used for long-running, well understood and consistent workloads. Can pay full upfront, partial upfront, no upfront (with bonuses on hourly rates).
How does the EC2 Dedicated Instances model work?
Dedicated Hosts are EC2 Hosts for a given type and size that can be fully dedicated to you. The number of instances that can run on the host is fixed, depending on type and size. An On-Demand or Reserved fee is charged for the dedicated host, and there are no charges for instances running on the host. Ideal when software is licensed per core/CPU and not compatible with running within a shared cloud environment
