Elastic Compute Cloud (EC2) Overview
- A service that allows you to run virtual machines (AMIs) in the could
- Pay as you go (on-demand) default model
- Integrates with storage, networking, and security
- Enables fast turnaround/ time to market
- No hardware racking & stacking needed
- While the legacy model takes weeks to spin up a server, EC2 instances can be spun in minutes
- OS support:
- Windows 2003 R2 up to Windows 2019
- Linux support includes Amazon Linux, Debian, Suse, CentOS, Redhat Enterprise, and Ubuntu
- AMIs range from free tier to specialized images costing hundred of thousands of dollars
- Custom images can also be used
Elastic Compute Cloud (EC2) can implement instances in the free tier as well as AMIs costing thousands of dollars; The AWS Marketplace has many AMIs available for download/ purchase.
AMI – Amazon Machine Image
EC2 Benefits
- Time to market
- Scalability
- Reliability
- Security
- Controls
- Services Integration
- Cost Efficiency
EC2 Deployment Steps
- Select an AMI
- Configure network and security
- Choose instance type
- Choose the Availability Zone (AZ)
- Attache (EBS) storage
- Start the instance
EC2 Instance Types Overview
| General Purpose (T, M) |
   M3    – Provides a balance of memory and network resources (not optimized) – T2 provides burst performance – Burst = credits accrue during the idle time, and then credits are used to burst performance – M5, M4, and M3 have no burst option; good for dev, test, staging, etc. – M5, M4, M3 are not optimal for high-volume/ intense processing |
| Compute Optimized (C) | Memory Optimized (X, R) |
    – Useful for CPU intensive applications – Media coding – Many concurrent users – Intensive batch jobs – Gaming servers – Anything compute-intensive |     – Useful for high-memory requirements – processing large datasets, in-memory databases – big data processing |
| Storage Optimized (H, I, D) | Advance Computing (P, G, F) |
   – Useful for high sequential reads/ writes – Relational databases, data warehouses, image storage and processing |     – Useful for specialized compute requirements – Graphic Processing Unit (GPU) and Field-Programmable Gate Array (FPGA) processing |
EC2 Pricing Overview
Pricing Categories
| On-Demand | Reserved | Spot |
| – Charges for usage/ flat rate – Billed in 60-second increments rounded up | – Hours – Reserve usage minimum 1 year – Can be less expensive; – Based on pre-calculated usage | – Bid on unused compute time – Up to 90% discount over on-demand instances – Requires flexibility in order to use it when available |
Operational Cost Factors
- Is the instance running?
- How much storage does it have/ does it use?
- What is the network throughput?
Reserved Instance Pricing
- All up-front
- The cheapest option
- Partial up-front
- Middle tier
- No up-front
- The most expensive
Connecting to EC2
EC2-USER = default account user
Linux
The access and secret key are required to access a Linux instance through SSH. After connecting with SSH, you can update the instance and perform other administrative tasks. Always take care to protect the keys used to access EC2.
Windows
It is important to remember that Windows instances require more processing power than Linux instances in most cases.
After launching a Windows instance, connect to it with Remote Desktop (RDP). You’ll need an RDP config file downloaded from AWS to access Windows instance.
Tenancy Models
Shared Tenancy
- Multiple organizations sharing data center computing power/ servers
- Sharing physical servers with other tenants
- Numerous customers share the time and space on the physical machine
- Default EC2 instance behaviour
Shared Tenancy Considerations
| Pros | Cons |
| – Reduces Cost – Simpler Deployments | – Lower Performance – Less Control |
The shared tenancy model indicates that multiple instances from multiple customers will be on the same physical hardware. It is the default behaviour of an EC2 instance. Using shared tenancy can reduce costs, but it may not comply with internal security policies.
Dedicated Host
- Physical machines running the virtualization
- Used by one customer
- Must be explicitly configured
- Not available in the free tier
- Performance is not the major motive
BYOL – Bring Your Own License
Dedicated Host Considerations
| Pros | Cons |
| – More accurate license management – More detailed reporting (e.g. on licensing) – Compliance management (physical security requirements) – Determine host placement during instance restart | – Cost |
Dedicated Instance
- Runs on a physical machine in isolation
- It’s the only instance running on that machine
- On-restart, the instance may be moved to another machine
- Used by one customer
- Must be explicitly configured
- Not available in the free tier
Dedicated Instance Considerations
| Pros | Cons |
| – Runs on hardware dedicated to the customer – Provides performance advantages of a dedicated host | – Less accurate licensing management – It doesn’t allow placement determination |
Amazon Machine Image (AMI)
- Blueprint with server configuration details
- Similar to localized image solutions (+ base config apart from the OS)
- The term instance indicated use of the AMI
- All instances are created from an AMI
- Amazon (free)
- AWS Marketplace (free and premium)
- Community
AMI Creation Options
- Use an existing AWS AMI
- Customize an existing one
- Create a new one from scratch
- Use one from another public source
AMI Launch Permissions
- Who can launch an instance of an AMI?
- Public: anyone
- Explicit: specified customer/s
- Implicit: owner only
- Must be set for an AMI
- Default = implicit
Hardware Virtual Machine (HVM) AMIs
- AMI fully visualizes the hardware
- Requires hardware-assisted virtualization
Paravirtual (PV)
- Run on hosts without specific support for virtualization
- Doesn’t perform as well as HVM AMIs
Instance Root Volume
- Contains the boot sector
- Boot sector initiates the boot loader
- Boot loader launches the OS
- Boot sector initiates the boot loader
- Instance store-blocked AMI
- The root volume is stored in S3
- No support for the stop action
- On failure, data in the instance store is lost
- EBS-backed AMI
- Root volumes stored in an EBS volume
- Support for the stop action
- On failure, data in the EBS volume is not lost
Instance Management
Launching Instances
- Bootstrapping
- Providing code to run on an instance at launch; startup script
- VM Import/ Export
- Importing existing virtual machines into EC2
Instance Metadata
- Security groups info
- InstanceId, InstanceType, AMI base of the instance etc.
Changing Instance Type
- Stop the instance
- Change the type
- Start the instance
Security Groups
- Limited to five (5) per instance
- You can layer security groups
- Instances receive the default security group for the VPC
- Default setting
- Other security groups can be attached
- The default security group can be detached
| Security Groups | Network ACLs |
| – Operates at the instance level; – Max 5 groups per instance – Support “allow” rules only – Is stateful, i.e. no inbound traffic is allowed without request, return traffic is automatically allowed regardless of any rules – All rules are evaluated before allowing traffic – Only applicable to instances; – Separate inbound and outbound rules | – Operates at the subnet level; – Supports both allow and deny rules – Is stateless i.e. return traffic must be explicitly allowed per rules – Evaluated in a sequence, first match if applied – Automatically applies to all instances in a subnet – Can be attached to more than one instance – Order of rules is important |
Elastic Container Service (ECS)
- A way AWS implements Docker containers
- No AMIs/ virtual machine builds required
- It uses Amazon Fargate to create environments in the background automatically
- Can use EC2 instances for more control –> with ECS you simply don’t have to
- Enables microservice architecture and extra scalability
- Used for n-tier applications
- Components for the webserver, app server, message queue etc.
Elastic Beanstalk
- An orchestration service used to create runtime environments
- It employs Auto Scaling and Elastic Load Balancing to scale and balance workloads
- Predefined instance builds for common application frameworks including .NET, Java, Node.js, Python and Ruby
