Amazon EC2

Secure and resizable compute capacity in the cloud. Launch applications when needed without upfront commitments.

AWS Certified Solutions Architect Certification details:

Regions and availability zones

  • An AWS Region is a completely independent entity in a geographical area. There are two more Availability Zones in an AWS Region
  • Within a region, Availability Zones are connected through lowlatency links
  • Any number of components of a workload can be moved into AWS, but it is the customer’s responsibility to ensure that the entire workload remains compliant with various certifications and thirdparty attestations
  • Each availability zone consists of multiple discrete data centers with redundant power and networking/connectivity
  • Since each AWS Region is isolated from other regions, it provides for high fault tolerance and stability
  • For launching an EC2 instance, we have to select an AMI within the same region
  • A Region is a geographical area with two or more availability zones
  • An availability zone is simply one or more data centers in a region (A AZ can be more than one data center)
  • Edge location Content delivery network endpoint (Cloudfront) a cache of media in the cloud

EC2 Elastic Compute Cloud

  • Virtual machines in the cloud
  • Four network capacity ratings: Low, moderate, high and 10 Gbps
  • Instance metadata is information about the EC2 instance that can be defined such as instance ID, instance type, security groups – this data can be obtained by a HTTP call inside the instance
  • The default the maximum Amazon EC2 instance limit for all regions is 20 but can be increased by request
  • Amazon Elastic Compute Cloud (EC2) is a web service that provides resizable compute capacity in the cloud. Amazon EC2 reduce the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change
  • Amazon EC2 changes the economics of computing by allowing you to pay only for capacity that you actually use
  • EC2 provides developers the tools to build failure resilient applications and isolate themselves from common failure scenarios
  • Default soft limit is 20 EC2 instances per REGION. AWS can increase this if you submit a request varies on the instance type, 20 reserved per AZ
  • When you launch and instance it goes into pending state and then moves to running
  • When you stop an instance, it can only be done if you are using EBS storage
  • If you’re using ephemeral storage, you cannot stop it, it can only be terminated which causes it to move from running to shutting-down to terminated at which point it goes away for good and all data is lost in ephemeral storage which is local storage on the server the AMI is running on
  • A terminated instance remains visible in the console for a while before it is deleted. You cannot recover an terminated instance
  • A stopped instance does not incur any charges but it does charge for storage in the EBS volumes of stopped instances
  • You can modify certain attributes of stopped instances including the instance type
  • Starting a stopped instance puts it back into the pending state which moves the instance to a new host machine in the defined regions availability zone and VPC
  • When you start and stop an instance, you lose any data on the instance store volumes (Ephemeral) on the previous host computer
  • Instances are almost always deployed inside of a VPC
  • An instance can be deployed in different availability zones inside of a region
  • EC2 instances can use elastic block store or EBS for block storage volumes in each AZ and the EBS volumes can be saved using snapshots
  • EC2 uses PKI for security and a public private key pair to encrypt and decrypt the login information, you must have the private key to SSH into the instance which is holding the public key
  • Windows uses a key pair and then also a username password to log in using the remote desktop protocol (RDP)

EC2 instance options

AWS offers several options on reserving and purchases instances and are explained below

On demand instances

  • Fixed rate charges by the hour with no commitment
  • Users want the low cost flexibility of Amazon EC2 without any upfront payment or long term commitment
  • Applications with short term, spikey, or unpredictable workload that cannot be interrupted.
  • Applications being developed and tested on Amazon EC2 for the first time. Test and development environments (use and delete when done)
  • Supplement reserved instances, black Friday load increase for example

Reserved instances

  • Reserve for 1 – 3 years with a capacity reservation
  • Big discount from the hourly on-demand service
  • Applications with steady state or predictable usage
  • Applications that require reserved capacity
  • Users able to make upfront payments to reduce their total computing costs further
  • Cheaper the more you pay up front and the longer the term
  • You can change the instance type only within the same instance type family
  • You can change the availability zone of a reserved instance
  • You cannot move a reserved instance to another region
  • You cannot change the operating system nor the instance type family (specific to instance type)
  • Limit of 20 reserved instances per region Reserved Instances provide you with a significant discount (up to 75%) compared to on-Demand instance pricing
  • You have the flexibility to change families, OS types, and tenancies while benefiting from Reserved Instance pricing when you use Convertible Reserved Instances

Spot instances

  • Enables you to bid whatever price you want for instance capacity, lowest cost offering but not guarantee of start and stop times
  • If you are outbid and Amazon give two minute notice when you are outbid and they are shutting down your spot instance. Use for High performance, Hadoop etc.
  • Applications that have flexible start and stop times and can be interrupted by AWS
  • Applications that are only feasible at very low compute prices
  • Users with urgent computing needs for large amounts of additional capacity
  • In Amazon EC2, you bid for a computing instance. Any instance procured by bidding is a Spot Instance
  • Multiple users bid for an EC2 Instance
  • A spot instance request includes the bid price and instance type which includes the AMI, instance type and the total number of instances you are requesting
  • Once the bid price exceeds the Spot price, the user with the highest bid can launch the instance
  • As long as the bid price remains higher than the spot price, the instance is yours to use
  • Spot price varies with the supply and demand
  • You are actually charged at the spot price rate, not your bid price, however the spot price must be below the bid price
  • Once spot price exceeds bid price, the instance will be taken back from the user
  • If AWS terminates your spot instance, you will not be charged for the final hour when the instance was terminated
  • When bidding on spot instances, it is a good idea to bid in multiple AZ’s as pricing is based on AZs, this allows for you to get the best pricing
  • If AWS terminates the spot instance, you are not charged for the partial hour
  • If you terminate the spot instance you are charge for the complete hour at the current rate
  • You are never charged more than your maximum bid price
  • If the spot price exceeds your bid price, you are given a two minute notice that it will be terminated

Instance differences

  • Spot Instance and On-demand Instance are very similar in nature. The main difference between these is of commitment
  • In Spot Instance there is no commitment. As soon as the Bid price exceeds Spot price, a user gets the Instance
  • In an On-demand Instance, a user has to pay the On-demand rate specified by Amazon. Once they have bought the Instance they have to use it by paying that rate
  • In Spot Instance, once the Spot price exceeds the Bid price, Amazon will shut the instance. The benefit to user is that they will not be charged for the partial hour in which Instance was taken back from them

Instance types

  • T2: Cheap web servers small database
  • M3, M4,M5: General purpose application servers
  • C3, C4,C5: CPU intensive Apps/DB’s
  • R3, R4,X1: memory intensive apps/DB’s
  • G2,G3: Graphics intensive video encoding/machine learning/3D apps, application streaming
  • I2/I3: High speed storage, NoSQL, DB’s, Data Warehousing
  • D2: Dense storage fileservers/data warehouse/Hadoop

Amazon EC2 Instance Types

  • General Purpose – (T2, M5, M4, M3)
  • Computer Optimized – (C5, C4, C3)
  • Memory Optimized – (X1, R4, R3)
  • Accelerated Computing – (P3, P2, G3, F1)
  • Storage optimized – (I3)
  • Dense-storage Instances – (D2)
  • D- for Density
    R- for RAM
    M- Main choice for general purpose apps
    C- for Compute
    G- for Graphics
    I- for IOPS
    F- Is for FPGA
    T- Cheap general purpose (Think T2 Micro)
    P- Graphics (think Pics)
    X- Extreme memory

HSM Instance Hardware Security Module

  • Instance with a hardware encryption card installed
  • AWS manages the hardware but does not touch the keys
  • Dedicated hardware to manage encryption keys
  • If there is a too many failed passwords, the HSM deletes and zeros out all keys and data
  • To increase performance place the HSM as close to your EC2 instances as possible