EC2

Solution Architect Associate

Developer Associate

  • Termination protection for an instance it turned on by default.
  • Supports Para-Virtual and Hardware Virtual Machine virtualization types
  • 20 instances per region by default

Pricing Options

  • On Demand - pay a fixed rate by the hour or second with no commitment
    • Perfect for users who want low cost and flexibility without long term commitment
    • Short term workloads that cannot be interrupted
    • During development
  • Reserved - provides you with a capacity reservation, and offer a significant discount on the hourly charge. 1 or 3 year terms
    • Applications with steady state or predictable usage
    • Applications that require reserved capacity
    • Can make up front payments to reduce computing cost even further
    • Standard instances can be up to 75% off on demand cost for a 3 year term
    • Convertable instances feature the ability to change the attributes of a reservation assuming the new instance is of equal or greater value
    • Scheduled Reserved Instances are available within a time window you reserve. For example, you’d use this if you have a monthly spike in capacity needs
  • Spot - Allows you to bid a price you want to pay for capacity if your apps have flexible start and end times
    • Applications that have flexible start and end times
    • Applications that are only feasible at very low compute prices
    • Great if you have urgent needs for large amounts of compute capacity
  • Dedicated Hosts - Physical EC2 servers dedicated for your use. Allows you to use your existing server-bound software licenses
    • Great for regulatory requirements that don’t support multi-tenancy
    • Great for licencing that doesn’t support cloud or multi-tenancy
    • Can be purchased on demand
  • You can attach tags to an instance upon creation. This helps you to understand where costs are coming from if you use them properly
  • Remember you need to CHMOD your keypair PEM file with CHMOD 400 before being able to SSH using it.
  • When SSHing into an instance, use the ec2-user user from the command line

Instance Types

  • Don’t need to know all of the types for the associate exams. But you do need to know them for other exams.
  • FIGHTDRMCPX (Fight Dr. McPx) - Pneumonic for remembering the valid instance type letters

Security Groups

  • A security group is basically a virtual firewall that controls access to your instance
  • You can have multiple security groups on your instance
  • Any change you make to rules in a security group applies immediately
  • As soon as you add an inbound rule, an outbound rule for the same protocol is added for you automatically. This is called being “stateful”.
    • For inbound traffic, if the inbound rule is allowed the outbound will automatically be allowed.
    • For outbound traffic, if the outbound rule is allowed the inbound will automatically be allowed.
  • All traffic is blocked by default, you can only allow traffic in using security groups. You can do this with network access control lists in VPC, but not with security groups.

Instance Metadata

  • Using the AWS CLI
  • curl http://169.254.169.254/latest/meta-data/
    • This returns a set of extra bits for the URL based upon the action you want to take
    • For example, the public-ipv4 task would be done by curling to http://169.254.169.254/latest/meta-data/public-ipv4
    • You can then pipe this over to a file using the >, and perhaps use the AWS CLI to move that info to S3, triggering a Lambda to update Route53 based upon the public IP address or something like that.

Networking

  • ENI is basically a network card. You can create dual homed instances with workloads on distinct subnets with multiple ENIs. Used for basic networking.
  • Enhanced Networking: For high-performance networking between 10 GB/sec and 100 GB/sec.
    • Provides higher bandwidth, higher performance
    • You can use it using an Elastic Network Adapter (ENA) or a Virtual Function (VF) interface
      • ENA supports up to 100 GB/sec, VF used for 10 GP/sec (typically older)
      • Always choose ENA
  • EFA (Elastic Fabric Adapter): a network device that you can attach to your EC2 to accelerate high performance computing and machine learning.
    • EFAs can use an OS-Bypass to communicate directly with the elastic fabric device. Only Linux today, not Windows

EC2 Placement Groups (Know This For The Exam!!)

  • Three Types of Placement Groups
    • Clustered Placement Groups
      • Grouping of instances within a single Availability Zone. Recommended for applications that need low network latency and high network throughput
      • Grerat for things like Cassandra or other types of apps which require super low latency
      • Only certain instances can be launched into Clustered Placement Groups. Typically things like high CPU/RAM instances are used
    • Spread Placement Groups
      • Group of instances each placed onto distinct underlying hardware.
      • Recommended for applications that have a small number of critical instances that should be kept isolated from each other. Multiple devices, multiple Availability Zones.
    • Partitioned Placement Groups
      • Each partition placement group has its own specific rack. No two partitions with a placement group share a similar rack. Helps isolate failures from hardware/rack issues.
      • You can have up to 7 partitions in each AZ
  • Names for placement groups must be unique within your AWS Account
  • AWS recommend using homogenous instances within a placement group (i.e. same type)
  • You cannot move an existing instance into a placement group. You can create an AMI from an instance and launch that into a placement group though.

More Spot Instances

  • Lets you take advantage of unused EC2 capacity in the cloud. Provide up to 90% discounts
  • Use when you need stateless, fault tolerant or flexible workloads
  • To use spot instances, you first must decide on your maximum spot price. The instance will be provisioned as long as the spot price is below your dedicated maximum price
    • When the price rises above your maxmimum spot price, your instances will be terminated. You have 2 minutes to choose whether to continue or terminate.
  • The hourly spot price varies based upon region/AZ
  • Spot Blocks can be used to stop your instances from being terminated when the spot price goes above your maximum. Can be set for 1 - 6 hours of extended time before termination
  • Useful for big data analytics, image and media rendering, high performance computing
  • To terminate spot instances under a persistent spot request, you have to first cancel the spot request. Then you can manually terminate instances (know for exam!!)
  • Spot Fleet: A collection of spot instances and potential on demand instances.
    • The spot fleet attempts to launch a number of spot instances and on-demand instances that meet your target capacity
    • The request for a spot instance is fulfilled if there is available capacity and the maximum price you specified exceeds the current spot price
    • Attempts to maintain its target capacity fleet if your spot instances are interrupted
    • Essentially a way to meet your capacity within your budget.
    • You can have one of four strategies
      • Capacity Optimized: spot instances come from the pool with optimal capacity
      • Lowest Price: spot instances come from the pool with the lowest price. This is default
      • Diversified: spot instances are distributed across all pools
      • Instance Pools To Use Count: spot instances are distributed across the pools you specify

Dedicated Instances vs Dedicated Hosts

  • Dedicated Instances are EC2 instances that run in a VPC on hardware dedicated to you. I.e. these instances are physically isolated from instances from other AWS accounts
  • Dedicated Instances may share hardware with other instances from the same AWS account that are not dedicated instances
  • Dedicated Hosts gives you additional visibility and control over how instances are placed on a physical server. A dedicated host allows you to use things like host based licenses, where you need to guarantee that software runs on the same physical hardware
  • Remember the main difference is that Dedicated Hosts provide additional visibility into the host
  • Look out for scenarios that have regulatory situations/etc. and know that usually Dedicated Hosts are the way to go for those.

EC2 Enhanced Networking (SR-IOV)

  • Provides higher bandwidth, higher PPS (packets per second), and lower latency. Great for high performance computing
  • Two options:
    • Option 1: Elastic Network Adapter (ENA) provides up to 100 GB per second. Go with this
    • Option 2: Intel 82599 VF provides up to 10 GB per second - considered legacy at this point
  • Elastic Fabric Adapter (EFA)
    • Improved ENA for HPC
    • Only works for Linux
    • Great for inter-node communication and tightly coupled workloads
    • Bypasses the underlying Linux OS to provide low-latency, reliable transport
< Previous: Compute Next: Elastic Beanstalk >