AWS EC2 (Elastic Compute Cloud)
Day4: Prep- AWS Certified Cloud Practitioner | CLF-C02
Table of contents
Link to exam: aws.amazon.com/certification/certified-clou..
1. Introduction to AWS EC2
Imagine EC2 instances as customizable virtual computers in the cloud, each serving a unique purpose in your digital world. They're like having different workstations tailored to specific tasks, whether it's hosting a website, processing data, or running applications.
Amazon Elastic Compute Cloud (EC2) offers a vast array of these instances, each with its own capabilities and configurations, giving you the flexibility to build and scale your virtual infrastructure effortlessly.
In this blog post, we'll embark on a journey to discover the fascinating realm of EC2 instances and how they serve as the building blocks of modern cloud computing.
EC2 Core Component of AWS IaaS:
EC2 serves as a fundamental building block within AWS's Infrastructure as a Service (IaaS) offerings.
It provides users with a scalable platform to deploy and manage virtual machines (instances) in the cloud environment.
Key Features of Amazon EC2:
Virtual Machine Rental(EC2): Users can rent instances tailored to their specific requirements, including computing power, memory, and storage capacity.
Storage on Virtual Drives (EBS): EC2 enables users to store data on virtual drives known as Elastic Block Store (EBS), offering flexibility and scalability in managing storage resources.
Load Distribution (ELB): Through Elastic Load Balancer (ELB) service, EC2 facilitates the distribution of incoming application or network traffic across multiple instances, enhancing performance and fault tolerance.
Auto-Scaling (ASG): With Auto Scaling Groups (ASG), EC2 allows automatic scaling of resources based on predefined conditions such as traffic volume or system load.
Getting Started with Amazon EC2:
Sign up for AWS: Create an AWS account to access the EC2 service and other AWS offerings.
Launch Instances: Choose an Amazon Machine Image (AMI), select the desired instance type, configure security settings, and launch instances based on your workload requirements.
Manage Instances: Monitor instance performance, configure networking settings, and automate management tasks using AWS tools and APIs.
Optimize Costs: Utilize cost management tools such as AWS Cost Explorer and Reserved Instances to optimize resource usage and minimize expenditure.
2. EC2 Instances
EC2 instances are virtual servers hosted in the AWS cloud. They come in various sizes and configurations, allowing users to choose the resources that best fit their workload requirements. Instances can be launched, stopped, terminated, and scaled up or down as needed.
Sizing Options
EC2 offers a variety of instance types tailored to different workload requirements.
Users can select instance types based on CPU, memory, storage, and network performance.
Options range from general-purpose to compute-optimized instances.
Configuration Options:
Users can select from various instance types optimized for different workloads, such as compute-intensive, memory-intensive, or storage-optimized tasks.
Operating Systems: EC2 supports multiple operating systems, including Linux, Windows, and various distributions.
Storage Options: Users can choose between network-attached like EBS volumes for persistent block storage, or Amazon EFS for scalable file storage or hardware like EC2 instance store volumes for temporary storage, .
Networking Settings: Configuration includes assigning Elastic IP addresses, setting up security groups, defining subnets, and configuring VPC networking.
Security Measures: EC2 instances can be secured using IAM roles, network ACLs, encryption options, and firewall rules.
Bootstrap Scripts (EC2 User Data)
EC2 User Data enables users to run bootstrap scripts or configure commands during instance first launch, facilitating customization and automation of instance setup.
Key benefits include:
Customization and Configuration: Users can tailor the instance setup to their specific requirements by executing scripts or commands during launch. This allows for the installation of software, configuration of applications, or performance of system updates automatically.
Automation: User Data streamlines the setup and configuration process of EC2 instances, reducing manual intervention and saving time. By automating tasks such as software installation and configuration, users can deploy instances more efficiently.
Flexibility: User Data accepts various formats, including
shell scripts,batch files, orcloud-init directives, providing users with flexibility in scripting and configuration options.Root Privileges: Scripts run with root privileges, ensuring users have full control over initialization tasks without encountering permission issues.
One-Time Execution: Scripts execute only once during instance startup, ensuring consistent configuration across instances while minimizing overhead.
3. Instance Types
AWS offers a diverse range of instance types optimized for different use cases, such as general-purpose, compute-optimized, memory-optimized, storage-optimized, and GPU instances. Each instance type comes with specific configurations of CPU, memory, storage, and networking capabilities.
Various instance types
Instance types in AWS are designed to cater to different workload requirements and are optimized for specific use cases. Here's a breakdown of the main differences between the various instance types:
| Instance Type | Feature | Use Cases | Example Instances |
| General Purpose | Balanced compute, memory, and networking resources. | For wide range of workloads, including web servers, databases, dev environments | t3, m5 |
| Compute Optimized | High compute (CPU) performance | For compute-bound applications like batch processing, gaming, HPC | Instance Class c : c5, c6g |
| Memory Optimized | High memory-to-CPU ratio | For memory-intensive workloads like in-memory DB for BI, analytics, real-time big data analytics, and high-performance DB. | r5, x1 |
| Accelerated Computing | Specialized hardware | For parallel processing or high-performance computing with specialized hardware, ML, data processing, graphic rendering. | p3, f1 |
| Storage Optimized | High I/O performance for storage-intensive workloads | For Big data processing, data warehousing, distributed file systems, OLTP, Cache (ex: Redis) gives high-speed, low-latency storage options | i3, d2 |
| HPC Optimized (High-Performance Computing) | High computational power, low-latency networking, and parallel processing | For Scientific simulations, financial modeling, and engineering simulations | hpc6 |
| Instance Features | Additional capabilities | Enhanced networking, storage options | - |
| Measuring Performance | CPU power, memory capacity, network bandwidth, and storage I/O performance. | CloudWatch metrics for monitoring | - |
This table provides a clear overview of the different instance types available in AWS, their main characteristics, and the aspects they emphasize.
Instance Types Naming Convention
Let's dissect the instance type "c5d.4xlarge" to grasp its components:
c (Instance Class): Signifies it's part of the "Compute Optimized" family, designed for high-performance computing tasks.
5 (Generation): Places it within the fifth generation of compute optimized instances, typically featuring enhanced performance and efficiency.
d (Local Instance Storage): Denotes the inclusion of ephemeral storage, offering temporary, high-speed storage directly attached to the instance.
4xlarge (Instance Size): Indicates a larger variant with "4xlarge" providing expanded CPU and memory resources.
Instance Types Examples
| Instance Type | Use Case | CPU | Memory | Storage | Network Performance | EBS Bandwidth |
| t2.micro | Development, Testing | 1 vCPU | 1 GiB | EBS only | Low to Moderate | - |
| t2.xlarge | Compute-Intensive Workloads | 4 vCPUs | 16 GiB | EBS only | Moderate | - |
| c5d.4xlarge | Compute-Optimized, Data-Intensive Workloads | 16 vCPUs | 32 GiB | 1x 400 NVMe SSD | Up to 10 Gbps | 4,750 Mbps |
| r5.16xlarge | Memory-Optimized, Database Workloads | 64 vCPUs | 512 GiB | EBS only | 20 Gbps | 13,600 Mbps |
| m5.8xlarge | General-Purpose, Business Applications | 32 vCPUs | 128 GiB | EBS only | 10 Gbps | 6,800 Mbps |
Hands-On Practice choice
The t2.micro instance type is an excellent choice for hands-on practice, especially for those who are just starting with AWS. Since it falls under the AWS Free Tier ( up to 750 hours per month), you can use it without incurring any additional costs within the Free Tier usage limits.
This instance type is considered a "General Purpose" instance, offering a balanced mix of compute, memory, and networking resources, making it suitable for a wide range of workloads.
4. Security Groups
Security Groups are like wrapper of EC2, they live outside EC2 and protect it. If there is a traffic blocked, EC2 won't even see it.
Instance-Level Firewall: Virtual firewalls for instances running in the AWS cloud, controlling inbound and outbound traffic at the instance level.
Stateful Filtering: Any response traffic for allowed inbound connections is automatically allowed outbound, simplifying rule management.
Granular Control: Each instance can be associated with one or more Security Groups for precise network access control.
Default Deny Principle: Blocks all inbound traffic by default, necessitating explicit permission via rules. Therefore Security Groups include only ALLOW rules
Dynamic Updates: Allow real-time adjustments to network access controls without instance restarts.
Elastic IP Whitelisting: Security Groups can restrict access based on Elastic IP addresses, limiting exposure to only specific IP ranges or addresses.
Protocol and Port-Based Rules: Define rules based on protocols (e.g., TCP, UDP, ICMP) and port numbers for precise traffic control.
VPC Integration:: Security Groups are closely integrated with Amazon Virtual Private Cloud (VPC), allowing them to control traffic within the VPC as well as between VPCs and the internet.
Layered Security: Complements other security features as Network Access Control Lists (NACLs) and IAM policies.
Auditing and Monitoring: Supports tracking changes and monitoring network traffic for compliance through services like AWS CloudTrail and Amazon CloudWatch.
Note:
Security Group rules can reference IP addresses or other Security Groups for access control.
Security groups are locked down to region and VPC, thus, if you switch region or VPC, you'll have to recreate security group
We usually the firewall protection by security group during "connection refused" issues. However, if there is a "time-out", the issue is the security group itself. That means you must check the rules of your security group.
5. Key Pairs
Key Pairs are SSH key pairs used to securely connect to EC2 instances. They consist of a public key, which is stored on the instance, and a private key, which is securely stored by the user. Key pairs are essential for SSH-based access to EC2 instances.
Introduction to SSH
SSH (Secure Shell) is a cryptographic network protocol for secure remote login and command execution, encrypting all communication between client and server for confidentiality and integrity.
Key Features of SSH:
Secure Remote Access: Enables secure remote system access over the internet.
Encrypted Communication: Encrypts all data exchanged between client and server, thwarting eavesdropping and tampering.
Public Key Authentication: Supports password-less authentication via public key authentication.
Port Forwarding: Facilitates secure access to remote services via port forwarding.
Secure File Transfer: Includes utilities like SCP and SFTP for secure file transfers between systems.
Comparison of SSH Clients:
| SSH Client | Platforms Supported | Description |
| SSH | Mac, Linux, Windows 10 and later | Built-in SSH client available on most modern operating systems |
| PuTTY | Windows | Free and open-source SSH client primarily for Windows |
| EC2 Connect | Mac, Linux, Windows | Web-based SSH client integrated into the AWS Management Console |
6. AMIs (Amazon Machine Images)
Amazon Machine Images are pre-configured templates for EC2 instances, including the operating system, software, and configuration settings. Users can choose from a range of public AMIs provided by AWS or create their own custom AMIs to suit their specific requirements.
7. Pricing Models
1. On-Demand Instances
Pay for compute capacity by the hour or by the second with no long-term commitments.
Billing: Linux or Windows instances are billed per second after the first minute; all other operating systems are billed per hour.
Ideal Use Case: Short-term, irregular workloads or users requiring flexibility to scale up and down.
Payment: Pay-per-use (varies).
2.Reserved
A one or three years commitment
a) Reserved Instances (RIs)
Commitment to specific instance attributes (Instance Type, Region, Tenancy, OS) for one or three years.
Scope: Regional or Zonal (reserve capacity in an AZ).
Marketplace: Can buy and sell in the Reserved Instance Marketplace.
Savings: Up to 75% compared to On-Demand pricing.
Ideal Use Case: Steady-state or predictable workloads like databases.
Payment: Upfront payment, lower hourly rates.
b) Convertible Reserved Instances
Allow changes in instance type, operating system, scope, or tenancy without modifying the term or payment schedule.
Savings: Up to 66% compared to On-Demand pricing.
Ideal Use Case: Evolving usage patterns or uncertain requirements.
Payment: Upfront payment, lower hourly rates.
3. Savings Plans
Flexible discounts on EC2 usage in exchange for committing to a consistent dollar-per-hour usage over one or three years.
Savings: Up to 72% compared to On-Demand pricing.
Flexibility: Automatically applies to EC2 usage, allowing changes between instance families and AWS regions.
Payment: Upfront payment with reduced hourly rates.
4. Spot Instances
Bid on unused EC2 capacity, risking loss if your bid falls below the current spot price.
Savings: Offers up to 90% savings compared to On-Demand pricing.
Ideal Use Case: Ideal for fault-tolerant and flexible workloads like batch jobs, data analysis, and image processing.
NOT suitable Use Case: Not recommended for critical jobs or databases due to potential instance termination.
Pricing: Varies based on supply and demand dynamics.
5. Dedicated
a) Dedicated Hosts
Provide physical servers dedicated to a single AWS customer, offering full control over hardware, instance placement, and management.
Compliance and Licensing Flexibility: Address compliance requirements and leverage existing server-bound software licenses, such as per-socket, per-core, or per-VM licenses.
Purchasing Options:
On-Demand: Pay per second for active Dedicated Host usage.
Reserved: Commit to 1 or 3 years with options for No Upfront, Partial Upfront, or All Upfront payment models.
Ideal Use Case:
Compliance Requirements: Suited for businesses with strict regulatory or compliance needs.
Licensing Constraints: Ideal for applications requiring dedicated hardware due to licensing constraints.
Pay for the entire host regardless of usage
b) Dedicated Instances
Virtual machine instances running on hardware dedicated to a single AWS customer, ensuring physical isolation from other instances but may share hardware with other instances in the same account.
Isolation: Ensures dedicated hardware for enhanced security and compliance.
Resource Utilization: Balances isolation with resource efficiency.
Control: No control over instance placement; hardware may be moved after Stop/Start.
Ideal Use Case: Workloads demanding additional security or compliance.
Payment: Pay-per-use (varies) based on usage.
c) Dedicated Host Reservation
Reserve dedicated host capacity for one or three years, providing cost savings similar to Reserved Instances but specifically for dedicated hosts. Each reservation guarantees exclusive access for the duration of the term.
Similar to Dedicated Hosts: Offers upfront commitment and exclusive access.
Cost Savings: Upfront payment with lower hourly rates.
6. Capacity Reservations
Reserve capacity in specific AWS Availability Zones for guaranteed EC2 instance placement, ensuring capacity when needed.
Reservation Type: Reserve On-Demand instances capacity in a specific AZ for any duration.
Flexibility: No time commitment; create or cancel anytime without billing discounts.
Ideal Use Case: Applications with specific placement requirements or regulatory compliance needs, suitable for short-term, uninterrupted workloads.
Payment: Upfront payment with fixed capacity; charged at On-Demand rate whether instances are running or not.
Optimization: Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts.
8. EC2 Hands-On Practice
Launching an EC2 instance involves a series of essential steps, from selecting an appropriate AMI to configuring instance details and security groups.
For a detailed walkthrough, check out the comprehensive guide titled "AWS EC2 Hands-On | A Step-by-Step Guide" available at this link.
This guide covers crucial tasks such as creating key pairs, launching servers, and managing security measures. Additionally, you'll gain insights into SSH access, connecting via AWS EC2 Instance Connect, and attaching IAM roles. Mastering EC2 is vital for confidently managing your cloud infrastructure.
9. Commonly Used Ports
For AWS Certified Cloud Practitioner (CLF-C02) preparation, it's essential to be familiar with some classic ports commonly used in networking and AWS services. Here are the ports you should know:
TCP Port 80: HTTP traffic, which is the standard unsecured web traffic port.
TCP Port 443: HTTPS traffic, providing secure communication over HTTP.
TCP Port 21: File Transfer Protocol (FTP), allowing file transfer between a client and server by uploading file in file share.
TCP Port 22:
Secure File Transfer Protocol (SFTP), a secure version of FTP.
SSH (Secure Shell) access, commonly used for secure remote administration of servers (login to Linux instance).
TCP Port 3389: Remote Desktop Protocol (RDP), which allows remote access to Windows servers (login to Windows instance).
TCP Port 25: Simple Mail Transfer Protocol (SMTP), primarily for sending email messages.
UDP Port 53: Domain Name System (DNS) services, translating domain names to IP addresses.
Knowing these classic ports will be helpful for understanding network traffic and configuring security groups and firewall rules within AWS services.
10. Auto Scaling and Load Balancing
Auto Scaling allows users to automatically adjust the number of EC2 instances in response to changes in demand. It helps maintain performance and availability while minimizing costs by scaling up during peak periods and scaling down during off-peak periods.
Elastic Load Balancing distributes incoming traffic across multiple EC2 instances to ensure high availability and fault tolerance. It helps distribute the workload evenly and prevents any single instance from becoming a bottleneck.
11. Monitoring and Management
AWS provides various tools for monitoring and managing EC2 instances, including Amazon CloudWatch, AWS Systems Manager, and AWS CLI. These tools allow users to monitor performance metrics, automate administrative tasks, and troubleshoot issues efficiently.
12. Best Practices
Use tags to organize and manage EC2 resources effectively.
Regularly monitor and optimize instance utilization to minimize costs.
Implement security best practices, such as using IAM roles and encrypting data at rest and in transit.
Regularly patch and update operating systems and applications to maintain security and compliance.
13. Summary
Introduction
- EC2: Virtual servers in AWS cloud for flexible and scalable workloads.
EC2 Instances
Configuration options: AMI (OS), Instance Size (CPU + RAM), storage, network settings.
Customization with Security Groups and EC2 User Data.
Instance Types
Various types general-purpose, compute-intensive, memory-intensive, and storage-optimized tasks optimized for different purposes.
Configurations tailored to workload demands.
Pricing Models
On-Demand: Pay by hour/second with no commitment.
Reserved: Commit for 1/3 years for savings.
Savings Plans: Flexible discounts for usage commitment.
Spot Instances: Bid for unused capacity for savings.
Security Groups
Firewall for controlling inbound/outbound traffic.
Granular network access control.
Key Pairs
SSH for secure remote access on Port 22.
Essential for authentication and encryption.
AMIs (Amazon Machine Images)
- Pre-configured templates for instances.
Commonly Used Ports
TCP 80: HTTP
TCP 443: HTTPS
TCP 21: FTP
TCP 22: SFTP/SSH
TCP 3389: RDP
TCP 25: SMTP
UDP 53: DNS
Auto Scaling & Load Balancing
Dynamic instance adjustment based on demand.
Traffic distribution across instances for availability.
Monitoring & Management
- CloudWatch, Systems Manager for monitoring and automation.
Best Practices
- Tagging, utilization optimization, security measures, updates.
Master these essentials for effective deployment and management of cloud infrastructure.