AWS Certified Solution Architect Official Study Guide, Study Notes - EC2

instance types

instance types are classified basing on 4 dimensions:

• vCPU
• memory
• storage(size and type)
• network performance

Family	strength	Comments
C4	vCPU
r3	memory
i2	storage	huge amount of fast ssd
g2	GPU

Enhanced Networking
It reduce the impact of virtualization on network by Single Root I/O Virtualization (SR-IOV)
this result in more Packets Per Second (PPS), lower latency and less jitter.

AMI

Amazon Machine Image
AMI are x86 OS, for linux or windows

sources of AMI

1. AWS: almost just like install OS from official IOS files
2. AWS Market Place
3. Generate from existing Instances: make a AMI from an existing EC2 instance.
4. Uploaded Virtual Machines

Securely Using an Instance

addressing an instance

• use DNS generated by AWS automatically. this persists only when the instance is running.
• use public IP. this persists only when the instance is running.
• use elastic Public IP and Elastic IP are different. Public IP is bind to an instance, used as a feature or part of that instance. when the instance is died, public IP is removed. Elastic IP is a kind of resource bind to the customer, or user, not to an instance, like VPC. a customer always gives it to an instance, but that map can change anytime, manually or automatically or even triggered by events. Elasti

initial access

• linux:key-pair
• windows: encrypted by password, encrypted by key-pair

virtual firewall protection

security group, security is instance level, meaning, firewall for each instance is independent.

lifecycle of instances.

1. launching
2. bootstrapping
   userdata is attached to the instance and not encrypted. so no password should be in UserData
3. VM Import/Export :import vm from pn-premises or export vm to on-premises.
4. read instance metadata: instance OS access http://169.254.169.254/latest/meta-data to get metadata.
   • Security group
   • instance ID
   • instance type
   • AMI used to launch the instance.
   • other info…
5. tagging
6. monitoring:Amazon CloudWatch
7. modifying and instance
   • instance type:restart instance is needed.
   • security group:
8. termination Protection

Options

pricing options

• on-demand instances
• reserved instances
  • all upfront
  • partial upfront
  • no upfront
• Spot instances
  • customer terminate spot instances
  • spot price goes above the customers bid price
  • not enough unused capacity to run the spot instances.
    there will be a two-minute warning before AWS terminate the spot instance.

tenancy options

• shared tenancy. default model.
• dedicated Instances: hardware dedicated for a single customer.
• dedicated host: a physical server with EC2 fully dedicated to a single customer.

Placement Group

a placement group is a logical grouping of instances within a single AZ.
instances within a placement group will be placed with low latency, 10Gbps network.

Instances Stores

• block level storage
• located on disks that are physically attached to the host computer.
• ideal for temporary content that changes frequently, like a cache or a buffer, queue.
• instance stores are included in the cost of an EC2.
• temporary

Elastic Block Store (EBS)

EBS

• block level
• automatically replicated within AZ.
• has many types for different proformance.

Types of EBS Volumes

• magnetic volumes: lowest performance. lowest price, 1G to 1TB.
  • data infrequent accessed
  • sequential reads
  • low cost is needed
  • billed basing on amount of data space provisioned, not used.
• general-purpose SSD: 1GB to 16TB.
  • performance 3 IOPS per gigabyte provisioned.
  • under 1T, you can burst to 3,000 IOPS
  • billed basing on space provisioned.
  • good for
    • system boot volumes
    • small - to - medium sized databases
    • Development and test environments
• Provisioned IOPS SSD:
  • 4G to 16T
  • most expensive.
  • highest proformance.
  • provisioned IOPS/
  • Billed basing on Size of volumes and IOPS reserved.
  • good for
    • critical business application need high IOPS
    • large database workloads

EBS Volume Type Comparison
this need update with new HDD types. throughput-optimized HDD and cold HDD

characteristic	general-purpose SSD	Provisioned SSD	magnetic
user case	- system boot volumes - virtual desktop - small-to-medium DB - development and test environemnts	- critial business need high IOPS (like 10,000 IOPS or 160MB throughput per volume) - large DB	- cold workloads, infrequently accessed - low storage cost is needed
volume size	1GB - 16TB	4GB - 16TB	1GB - 1TB
maximum throughput	160MB	320MB	40-90MB
IPOS	3 IOPS/GB(upto 10,000IOPS)	consistently performs at provisioned level, up to 20,000 IOPS maximum	average 100 IOPS, burst to hundereds of IOPS

• EBS-Optimized Instances
  • need additional hourly charge
  • when you not use SSD and need I/O.
  • use an optimized configuration stack and provides additional, dedicated capacity for EBS I/O.
  • this is achieved by minimizing contention between EBS I/O and other traffic from your instance.

Protecting data

backup/recovery

incremental backups

taking snapshots

• AWS web console
• CLI
• API
• schedule of regular snapshots
  taking snaptshot is free, only need to pay for the storage of the snapshots. and the snapshots in S3 are not common S3 objects ownerd by users. they can only be manipulated by snapshot tools.
  • snapshots are in one region only automatically. you can copy them to other regions manually.

creating a volume from a snapshot

• to use a snapshot, create a new EBS volume from the snapshot.
• volume is accessible immeidately, but data is restored lazily.
• best practice is to access all data after restored from a snapshot.
• you can create a volume of any size from the snapshot. in this way, you can extend the size of the a EBS, by creating a new volume from the snapshot and replace the old one.

recovering EBS when instance failed.

Encryption

EBS offers a native encryption on all volume types.
key is managed by KMS
encryption is transparent

some of the exercies

get instances meta-data

[root@ip-172-31-17-48 ~]# for i in curl http://169.254.169.254/latest/meta-data/; do echo '#'$i is; curl http://169.254.169.254/latest/meta-data/$i/;echo; done
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 293 100 293 0 0 58600 0 --:–:-- --:–:-- --:–:-- 58600
#ami-id is
ami-0fcb508ec48b146df
#ami-launch-index is
0
#ami-manifest-path is
(unknown)
#block-device-mapping/ is
ami
root
#events/ is
maintenance/
#hostname is
ip-172-31-17-48.cn-northwest-1.compute.internal
#identity-credentials/ is
ec2/
#instance-action is
none
#instance-id is
i-0a4b82d33b2567159
#instance-type is
t2.micro
#local-hostname is
ip-172-31-17-48.cn-northwest-1.compute.internal
#local-ipv4 is
172.31.17.48
#mac is
06:e0:60:0b:9d:fc
#metrics/ is
vhostmd
#network/ is
interfaces/
#placement/ is
availability-zone
#profile is
default-hvm
#public-hostname is
ec2-52-83-65-133.cn-northwest-1.compute.amazonaws.com.cn
#public-ipv4 is
52.83.65.133
#public-keys/ is
0=aws-test-keys
#reservation-id is
r-013028430511ea4b0
#security-groups is
launch-wizard-1
#services/ is
domain
partition