๐ Hello to all cloud enthusiasts and those stepping into the world of AWS for the first time! Are you ready to take a fast-track tour through the heart of AWS compute?
๐ In this blog post, we're jumping straight into the core ideas behind Amazon Web Services' compute features.
๐ Imagine this blog post as your trusty guide to quickly grasp or remind yourself of the important AWS compute concepts.
EC2 Introduction
EC2 stands for Elastic Compute Cloud, which is a service provided by Amazon Web Services (AWS) that allows users to launch virtual servers, called instances, in the AWS environment.
It is a widely used service, and is often a component of different solutions for various use cases.
When creating an EC2 instance, there are several elements to consider:
Amazon Machine Image (AMI): This is the type of software that will run on the instance, such as a specific operating system or application.
Instance Type: This refers to the type of hardware resources (e.g. CPU, memory, storage) that the instance will have.
Instance Purchasing Options: This includes the options for how you pay for the instance, such as On-Demand, Reserved, or Spot.
Tenancy: This refers to whether the instance will run on shared or dedicated hardware.
User Data: This is additional data or scripts that can be passed to the instance at launch time.
Storage Options: This includes the type of storage that will be attached to the instance, such as Elastic Block Storage (EBS) or instance store.
Security: This includes the security measures that can be taken to protect the instance, such as firewalls and key-based access.
AMI (Amazon Machine Images)
AMIs (Amazon Machine Images) are templates of pre-configured EC2 instances that allow you to quickly launch a new EC2 instance based on the configuration within the AMI.
AMIs include an operating system and applications along with any custom configuration.
AWS provides a large number of AMIs covering different operating systems such as Linux, Red Hat, and Microsoft Windows.
You can also create your own custom AMI images to help speed up your own deployment.
AWS marketplace is an online store that allows you to purchase AMIs from trusted vendors like Cisco, Citrix, Alert Logic.
Community AMIs are repository of AMIs created and shared by other AWS members.
Using AMIs can greatly aid in implementing auto scaling.
INSTANCES
Instance type defines the size of the instance based on parameters such as:
ECUs (EC2 compute units)
vCPUs (number of virtual CPUs)
Physical processor
Clock speed
Memory
Instance storage
EBS optimized availability
Network performance
IPV6 support
Process architecture
AES-NI (advanced encryption standard new instructions)
AVX (advanced vector extensions)
Turbo (support for intel or AMD turbo boost technologies)
Key parameters to be aware of for general usage include vCPUs, memory, instance storage, and network performance.
Instance types are categorized into different families that offer distinct performance benefits, and within each family there are different types with varied CPU, memory, storage, and network performance.
The instance families can be summarized as:
Micro instances: low cost, minimal CPU and memory, ideal for low throughput use cases
General-purpose: balanced mix of CPU, memory, and storage, ideal for small to medium databases, test and development servers, back-end servers
Compute optimized: high-performing processes, ideal for high-performance front-end servers, web servers, high-performance science and engineering applications, video encoding, and batch processing.
GPU: optimized for graphic intensive applications
FPGA: allows customization of field programmable gate arrays for applications that use massively parallel processing power, such as genomics and financial computing.
Memory optimized: ideal for large-scale enterprise class in-memory applications, such as real-time processing of unstructured data, and enterprise applications such as Microsoft SharePoint
Storage optimized: optimized for enhanced storage, using SSD-backed instance storage for low latency and high I/O and IOPS, ideal for analytic workloads and NoSQL databases
The flexibility of different instance types allows you to select the most appropriate size or power of an instance for optimal performance within your applications.
INSTANCE PURCHASING OPTIONS
EC2 instances can be purchased through different payment plans to help save cost depending on the use case.
On-demand instances:
Can be launched at any time
Provisioned and available within minutes
Paid by the second at a flat rate based on the instance type
Typically used for short-term, irregular workloads where the workload can be interrupted
When stopped or terminated, you'll stop paying for the compute resource
Reserved instances:
Purchase a discount for an instance type with set criteria for a set period of time (1 or 3 years)
Reduced cost compared to on-demand instances
Available payment options: all upfront, partial upfront, or no upfront payments
Used for long-term, predictable workloads
Scheduled instances:
Similar to reserved instances
Pay for reservations on a recurring schedule (daily, weekly, monthly)
Used for scheduled workloads that are not continuously running
Spot instances:
Bid for unused EC2 compute resources
Bid price must be higher than current spot price set by AWS
If bid price is lower than spot price, the instance will automatically terminate and be removed from the environment
Can be used to bid for large EC2 instances at a low cost, but usage may be interrupted suddenly
On-demand capacity reservations:
Purchase on-demand instances with a capacity reservation
Instances will be launched in the reserved capacity
Reduces the likelihood of capacity not being available.
TENANCY
EC2 tenancy refers to the underlying host where an EC2 instance will be placed on.
There are two options for EC2 tenancy: shared and dedicated.
Shared tenancy:
Instances are placed on any available host with the specified resources.
Other customers may also have instances on the same host.
Cost-effective as it allows AWS to utilize their resources more efficiently.
Advanced security mechanisms are implemented to prevent one instance from accessing another on the same host.
Dedicated tenancy:
Includes both dedicated instances and dedicated hosts.
Dedicated instances are placed on hardware that is not shared with any other customer.
Recommended for customers with strict security and compliance requirements.
More expensive as it prevents other customers from utilizing the same hardware.
Dedicated hosts offer additional visibility and control over the placement of instances on a specific physical host and allows use of existing licenses.
In summary, EC2 tenancy allows customers to choose how instances are placed on underlying hosts. Shared tenancy is the default option that allows for cost savings, but may raise security concerns. Dedicated tenancy, on the other hand, offers complete isolation and control over instances but comes with additional charges. If a customer does not have specific compliance or security requirements, shared tenancy is the recommended option to reduce costs.
USER DATA
User data is a section during the configuration of an EC2 instance that allows the user to enter commands that will run during the first boot cycle of the instance.
User data can be used to automatically perform functions upon boot, such as pulling down additional software from software repositories or downloading the latest OS updates.
For example, you could enter "yum update -y" for a Linux instance, which will automatically update its software at the time of boot.
This is a great way to automate the setup process and ensure that the instances are in a known state when they are launched.
STORAGE OPTIONS
Storage options for EC2 instances include persistent storage and ephemeral storage.
Persistent storage is available through Elastic Block Storage (EBS) volumes, which are separate devices from the EC2 instance itself and are considered network-attached storage.
EBS volumes are automatically replicated for resiliency and can be detached and reattached to different instances.
Encryption and backup snapshots can also be implemented on EBS volumes.
Ephemeral storage, also known as instance-backed storage, is physically attached to the underlying host and any data saved on it is lost when the instance is stopped or terminated.
It is not recommended to use ephemeral storage for data that needs to be retained, instead use EBS volumes for persistent data storage.
Ephemeral storage cannot be detached from the instance.
SECURITY
Security is important for any AWS deployment, and specifically for EC2 instances.
During the creation of an EC2 instance, a security group must be selected.
A security group is an instance level firewall that allows for restriction of ingress and egress traffic by specifying allowed traffic, source ports, and protocols.
Instances are associated with a security group, and more information on security groups can be found in AWS documentation.
A key pair is required at the end of the EC2 instance creation process, which is made up of a public key and a private key.
The key pair is used to encrypt and decrypt login information for Linux and Windows instances, and the private key is used to remotely connect to Linux instances via SSH.
The public key is kept by AWS, and the private key must be kept safe and not compromised.
Additional access controls can be set up after initial authentication, such as local windows accounts or Microsoft Active Directory.
It is the user's responsibility to maintain and install the latest OS and security patches as per AWS shared responsibility model.