An EC2 instance is essentially a Virtual Machine but it behaves just like a real server. They have access to storage, memory and a network interface, complete with a clean operating system.
Provisioning an Instance
Configuration of an instances OS and hardware specs (the CPU, memory, storage and network) before launching them. The OS is defined by the Amazon Machine Image (AMI).
EC2 Amazon Machine Images
An AMI is just a template defining what OS and application software to include. There are four kinds of AMIs:
Amazon Quick Start AMIs, AWS Marketplace AMIs, Community AMIs and Private AMIs.
AWS allocates hardware resources to your instances according to the instance type, or hardware profile selected. There are over 75 instance types, here are the EC2 instance type families:
|Instance Type Family||Types|
Configuring an Environment
AWS servers are housed in data centres around the world and organized by geographical region. EC2 resources can be managed only when you're "located within" their region. Costs and functionally of services and features may vary between regions.
Virtual private clouds (VPCs) are AWS network organizers for organizing you infrastructure. It's common to create a new VPC for each one of your projects.
EC2 instance creation presents an opportunity to choose a tenancy model. The default setting is shared tenancy. It's possible to select a dedicated option which ensures your instance will run on its own dedicated physical server but this will cost more.
Configuring Instance Behaviour
Optionally you can tell EC2 to execute commands on your instance as it boots (sometimes called bootstrapping).
For always-on deployment that are expected to run for less than 12 months, normally pay for each hour using the on-demand model but per hour is the most expensive.
For lights on 24/7 for more than a year, discounts can be had using reserve instance. This is paid up-front.
For workloads that can withstand unexpected disruption,. purchasing instances on Amazons Spot market can save lots of money.
Instance that are terminated instantly save money, resources are reallocated back to the general AWS poo.
Savings can also be had simply stopping and starting them, thus reserving data and configuration. IP address will most likely be assigned a different address when restarted.
The best way to keep track of resources, especially the more you deploy is to use tags. Tags have keys and options values (key/values pairs).
By default, each AWS account has limits to the number of instances of a services you're able to launch. These limits can be raised by request.
Storage drives (volumes as described in AWS docs) are essentially virtualised spaces carved out of physical drives.
There are different kinds of AWS volumes:
Elastic Block Store Volumes
Elastic Block Store (EBS) volumes work just as hard drives, flash drives or USB devices.
The AWS SLA guarantees data reliability of data as at least 99.999 percent availability.
There are currently four EBS volume types, two using solid-state drive (SSD) and two using the older hard drives (HDDs). Performance of each is measured in max IOPS/volume. (IOPS - input/output operations per second).
- EBS-Provisioned IOPS SSD
- EBS General-Purpose SSD
- Throughput-Optimized HDD
- Cold HDD
EBS Volume Features
- All EBS volumes can be copied by creating a snapshot.
- Existing snapshots can be used to generate other volumes or converted to images from which AMIs are made.
Instance Store Volumes
Instance store volumes are ephemeral (lasting for a very short time). This means when instances they're attached to are shut down, their data is permanently lost.
- Instance Store Volumes are SSDs that are physically attached to the server hosting your instance, connected via fat NVMe interface.
- The use of them is included in the price of the instance
- Instance Store Volumes work well for deployment models for short-term roles and effectively disposable.
Accessing EC2 Instances
EC2 instances are identified by unique IP addresses. All instances are assigned at least one private IPv4 address the will fall within one of these ranges:
You'll only be able to connect to an instance from within its subnet and instances will have no direct contact to the internet. However, instances can be assigned a public IP through which full Internet access is possible. Default public IPs are ephemeral but a permanent elastic IP can be allocated for long-term deployments.
When logged onto an instance you can list data about the instance:
Securing Your EC2 Instance
- An EC2 security group plays the role of a firewall.
- By default a security group will deny all incoming traffic
- You define group behaviour by setting policy rules that either block or allow specified traffic types.
- Security groups control traffic at the instance level. (See NACLs for subnet level control)
You can control access to AWS resources through the use of IAM roles. IAM roles are defined by giving permissions to perform actions on specified services or resources.
For instances without public IP address thus no Internet connectivity you'll still need a method for instances to receive software updates. AWS provides two methods a NAT instance or NAT gateway.
Private keys will allow you to open SSH sessions to instances. Each key pair AWS generates will remain installed with its original region. and available for newly launch instances.
AWS Systems Manager
Systems Manager Services is a collection of tools for monitoring and managing resources running in AWS and any on-premises infrastructure.
Placement groups are useful for multiple EC2 instances that require especially low-latency network inter-connectivity.
- Cluster groups
- Spread groups
AWS Elastic Beanstalk
Elastic Beanstalk lets you upload application code and define parameters, AWS will configure, launch and maintain all the infrastructure necessary to keep it up and running.
Amazon Elastic Container Service and AWS Fargate
With ECS AWS lets you launch a pre-built Docker host instance and define the way DOcker containers will behave (called a task).
Fargate further abstracts the ECS configuration.
Lambda allows operations to be performed instantly and on-demand without having to provision and pay for always-on servers.
VM Import/Export allows you to easily move virtual machine images between on-premise VMware environments to AWS.
Elastic Load Balancing and Auto Scaling
A Load balancer directs user requests between multiple EC2 instances. Auto-scaling will react to pre-set performance thresholds by automatically increasing or decreasing the number of EC2 instances running subject to demand.
The software stack that runs on an EC2 instance is defined by your choice of image and any scripts or user data you add. Tenancy settings determine whether you instance shares a physical host or not. It's important to tag all your AWS resources as to easily identify groups/projects. There are limits imposed on you AWS account that can be raised by request. For long-term projects significant saving can be had using a reserved instance. There are four kinds of EBS volumes, two high IOPS and low-latency SSD types and two traditional hard drives. All EC2 instance are given at least one private IP address, they can be assigned a non permanent public IP or a pinned Elastic IP. EC2 instances can be secured using software firewalls known as security groups.
Information on this page was obtained from source: AWS Certified Solutions Architect Second Edition ISBN 978-1-119-50421-4
Notes taken are kept brief and for personal reference. I urge and highly recommend anyone using this page as a source of information to purchase the source material for the complete information. The original book is fantastic and includes exercises, practice questions, verbose explanations and extra learning resources.