Server-Based Compute (EC2) Intermediate Flashcards
How do you create an AMI?
o AMIs (Amazon Machine Images) are used to build instances. They store snapshots of EBS volumes, permissions and a block device mapping which configures how the instance OS sees the attached volumes.
o 3 steps process:
Configure instance: source instance and attached EBS volumes are configured with any required software and configuration
Create image: Snapshots are created from volumes. AMI references snapshots, permissions and block device mappings
Launch instance: with appropriate launch permissions, instances can be created from an AMI. EBS volumes are created using snapshots as the source, and an EC2 instance is created using the block device mapping to reference its new volumes
What are the access types for an AMI?
o AMIs can be private (only the account that generated it can use it), public (any account can use it) or linked to account number (only the provided account number can access it)
When are AMIs more useful?
o AMIs are best used when you have complex application installations (done only once, then imaged) or when wanting to create an immutable architecture that you want to deploy quickly
What is Bootstrapping?
o Bootstrapping is the process where instructions are executed on an instance during its launch process
o Bootstrapping is used to configure the instance, perform software installations, and add application configuration
o In EC2, user data can be used to run shell scripts or run cloud-init directives
When is Bootstrapping most useful?
o Bootstrapping is best used for the variable parts (e.g. software updates), that can’t be baked in the AMI configuration
What is the difference between Private and Public Instances, and what is an Elastic IP Address?
o An Instance can be public (can be connected to from the internet) or private (can only be connected to from within its VPC)
o ENI = Elastic Network Interface: it is the virtual network interface the instance starts with; the default ENI is eth0
o The private IP address assigned to an EC2 instance is static, so it remains unchanged throughout its life (as opposed to the public one, that changes every time the instance is stopped and restarted – not if it is rebooted. This is because the instance moves to different hosts)
o Multiple Private IP addresses can be associated to the same instance: the total number depends on the type of instance
o Important: EC2 instances with public access make use of an Internet Gateway, that is responsible for the conversion between private and public IP (from an OS perspective, the instance has no public IP – check with ifconfig)
o If an Elastic IP Address is assigned (for a charge), this will be assigned to the instance and will remain unchanged for its lifetime (similarly to the Private address)
What are Instance Role?
o An Instance Role is a type of IAM role that can be assumed by EC2 using an intermediary called an instance profile. An Instance Profile is either created automatically when using the console UI or manually when using the CLI. It is a container for the role that is associated with an EC2 instance
o The instance profile allows applications on the EC2 instance to access the credentials from the role using the instance metadata
o Whenever possible use IAM Roles: the only case where they cannot be used is to give access to Users (because that would require long term credentials)
