AWS Certified Solution Architect Official Study Guide, Study Notes - EC2
instance types
instance types are classified basing on 4 dimensions:
- vCPU
- memory
- storage(size and type)
- network performance
| Family | strength | Comments |
|---|---|---|
| C4 | vCPU | |
| r3 | memory | |
| i2 | storage | huge amount of fast ssd |
| g2 | GPU |
Enhanced Networking
It reduce the impact of virtualization on network by Single Root I/O Virtualization (SR-IOV)
this result in more Packets Per Second (PPS), lower latency and less jitter.
AMI
Amazon Machine Image
AMI are x86 OS, for linux or windows
sources of AMI
- AWS: almost just like install OS from official IOS files
- AWS Market Place
- Generate from existing Instances: make a AMI from an existing EC2 instance.
- Uploaded Virtual Machines
Securely Using an Instance
addressing an instance
- use DNS generated by AWS automatically. this persists only when the instance is running.
- use public IP. this persists only when the instance is running.
- use elastic Public IP and Elastic IP are different. Public IP is bind to an instance, used as a feature or part of that instance. when the instance is died, public IP is removed. Elastic IP is a kind of resource bind to the customer, or user, not to an instance, like VPC. a customer always gives it to an instance, but that map can change anytime, manually or automatically or even triggered by events. Elasti
initial access
- linux:key-pair
- windows: encrypted by password, encrypted by key-pair
virtual firewall protection
security group, security is instance level, meaning, firewall for each instance is independent.
lifecycle of instances.
- launching
- bootstrapping
userdata is attached to the instance and not encrypted. so no password should be in UserData - VM Import/Export :import vm from pn-premises or export vm to on-premises.
- read instance metadata: instance OS access http://169.254.169.254/latest/meta-data to get metadata.
- Security group
- instance ID
- instance type
- AMI used to launch the instance.
- other info…
- tagging
- monitoring:Amazon CloudWatch
- modifying and instance
- instance type:restart instance is needed.
- security group:
- termination Protection
Options
pricing options
- on-demand instances
- reserved instances
- all upfront
- partial upfront
- no upfront
- Spot instances
- customer terminate spot instances
- spot price goes above the customers bid price
- not enough unused capacity to run the spot instances.
there will be a two-minute warning before AWS terminate the spot instance.
tenancy options
- shared tenancy. default model.
- dedicated Instances: hardware dedicated for a single customer.
- dedicated host: a physical server with EC2 fully dedicated to a single customer.
Placement Group
a placement group is a logical grouping of instances within a single AZ.
instances within a placement group will be placed with low latency, 10Gbps network.
Instances Stores
- block level storage
- located on disks that are physically attached to the host computer.
- ideal for temporary content that changes frequently, like a cache or a buffer, queue.
- instance stores are included in the cost of an EC2.
- temporary
Elastic Block Store (EBS)
EBS
- block level
- automatically replicated within AZ.
- has many types for different proformance.
Types of EBS Volumes
- magnetic volumes: lowest performance. lowest price, 1G to 1TB.
- data infrequent accessed
- sequential reads
- low cost is needed
- billed basing on amount of data space provisioned, not used.
- general-purpose SSD: 1GB to 16TB.
- performance 3 IOPS per gigabyte provisioned.
- under 1T, you can burst to 3,000 IOPS
- billed basing on space provisioned.
- good for
- system boot volumes
- small - to - medium sized databases
- Development and test environments
- Provisioned IOPS SSD:
- 4G to 16T
- most expensive.
- highest proformance.
- provisioned IOPS/
- Billed basing on Size of volumes and IOPS reserved.
- good for
- critical business application need high IOPS
- large database workloads
EBS Volume Type Comparison
this need update with new HDD types. throughput-optimized HDD and cold HDD
| characteristic | general-purpose SSD | Provisioned SSD | magnetic |
|---|---|---|---|
| user case | - system boot volumes - virtual desktop - small-to-medium DB - development and test environemnts | - critial business need high IOPS (like 10,000 IOPS or 160MB throughput per volume) - large DB | - cold workloads, infrequently accessed - low storage cost is needed |
| volume size | 1GB - 16TB | 4GB - 16TB | 1GB - 1TB |
| maximum throughput | 160MB | 320MB | 40-90MB |
| IPOS | 3 IOPS/GB(upto 10,000IOPS) | consistently performs at provisioned level, up to 20,000 IOPS maximum | average 100 IOPS, burst to hundereds of IOPS |
- EBS-Optimized Instances
- need additional hourly charge
- when you not use SSD and need I/O.
- use an optimized configuration stack and provides additional, dedicated capacity for EBS I/O.
- this is achieved by minimizing contention between EBS I/O and other traffic from your instance.
Protecting data
backup/recovery
incremental backups
taking snapshots
- AWS web console
- CLI
- API
- schedule of regular snapshots
taking snaptshot is free, only need to pay for the storage of the snapshots. and the snapshots in S3 are not common S3 objects ownerd by users. they can only be manipulated by snapshot tools.- snapshots are in one region only automatically. you can copy them to other regions manually.
creating a volume from a snapshot
- to use a snapshot, create a new EBS volume from the snapshot.
- volume is accessible immeidately, but data is restored lazily.
- best practice is to access all data after restored from a snapshot.
- you can create a volume of any size from the snapshot. in this way, you can extend the size of the a EBS, by creating a new volume from the snapshot and replace the old one.
recovering EBS when instance failed.
Encryption
EBS offers a native encryption on all volume types.
key is managed by KMS
encryption is transparent
some of the exercies
get instances meta-data
[root@ip-172-31-17-48 ~]# for i in curl http://169.254.169.254/latest/meta-data/; do echo '#'
i
i
s
;
c
u
r
l
h
t
t
p
:
/
/
169.254.169.254
/
l
a
t
e
s
t
/
m
e
t
a
−
d
a
t
a
/
i is; curl http://169.254.169.254/latest/meta-data/
iis;curlhttp://169.254.169.254/latest/meta−data/i/;echo; done
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 293 100 293 0 0 58600 0 --:–:-- --:–:-- --:–:-- 58600
#ami-id is
ami-0fcb508ec48b146df
#ami-launch-index is
0
#ami-manifest-path is
(unknown)
#block-device-mapping/ is
ami
root
#events/ is
maintenance/
#hostname is
ip-172-31-17-48.cn-northwest-1.compute.internal
#identity-credentials/ is
ec2/
#instance-action is
none
#instance-id is
i-0a4b82d33b2567159
#instance-type is
t2.micro
#local-hostname is
ip-172-31-17-48.cn-northwest-1.compute.internal
#local-ipv4 is
172.31.17.48
#mac is
06:e0:60:0b:9d:fc
#metrics/ is
vhostmd
#network/ is
interfaces/
#placement/ is
availability-zone
#profile is
default-hvm
#public-hostname is
ec2-52-83-65-133.cn-northwest-1.compute.amazonaws.com.cn
#public-ipv4 is
52.83.65.133
#public-keys/ is
0=aws-test-keys
#reservation-id is
r-013028430511ea4b0
#security-groups is
launch-wizard-1
#services/ is
domain
partition