[AWS] EC2 Basics

Elastic Compute Cloud (EC2) provides scalable computing capacity in the AWS Cloud, which you can use to launch virtual servers, configure security and networking, and manage storage.

EC2 is a foundational service used for managing virtual instances. You can provision an EC2 instance from a pre-configured template (Amazon Machine Image – AMI) and deploy your applications into the EC instance.

EC2 Features

  • EC2 Instances are grouped into families, which are designed for a specific broad type workload.
  • A security group must be assigned to an instance during the creation process.
  • Each instance must be placed into a VPC, an AZ, and a subnet.
  • Custom launch command (bootstrapping) can be passed into the instance via “user-data
  • Encrypted key-pairs are used to manage login authentication.
  • You are not billed if an instance is in a state of pending, stopping, stopped, shutting down, or terminated. EBD volumes incur charges regardless of the instance’s state.
  • AWS initially used a modified version of the Xen Hypervisor to host EC2 and then switched to Amazon’s own hypervisor Nitro.
  • EC2 Instance Role is an IAM role that can be assumed by an EC2 instance. An Instance Profile, which is a container for the roles, allows application on the EC2 instances to access the temporary credentials using the instance metadata.
  • You would use Elastic Load Balancing (ELB) to distribute web traffic between web-facing EC2 instances.

Bootstrapping

  • Bootstrapping is a process where instructions are executed on an instance during its launch process.
  • User Data can be used to run shell scripts (Bash or PowerShell) or run cloud-init directives.

How to access an EC2 instance

AWS Management Console

  • configures and manages instances via a web browser

Secure Shell (SSH)

  • establishes a direct secure connection to your instance
  • You need to generate a key pair (a private key + a public key).
  • A private key is used in your client machine and a public key is used in your EC2 instance.

EC2 Instance Connect (ECI)

  • provides a simple way to connect to your Linux instances using SSH
  • You need to configure every instance that will support using Instance Connect (this is a one-time requirement for each instance), and you need to grant permission to every IAM principal that will use Instance Connect.
  • After setting up, you can connect your instance using Amazon EC2 console (browser-based client), EC2 Instance Connect CLI, or a SSH client.

AWS Systems Manager


Private or Public Instances

  • Private Instances
    • Private IP is automatically allocated when an instance is launched and is used for internal communication.
    • Allocated with ip-x.x.x.x.ec2.internal DNS name – only works inside AWS.
    • The private IP and the domain name are unchanged during stop/starts – released when terminated.
  • Public Instances
    • A public IP is allocated when the machine starts and deallocated when it stops.
    • A Public IPs is auto-assigned based on the subnet settings. But you can assign a public IP to an instance during the launch process.
    • Elastic IP (EIP) can be allocated. It is a static IPv4 address and is not deallocated when the instance stops.

Instance Lifecycle

  • Start
    • Boot up OS(Operating System)
    • Run user data (bootstrap) script
    • Start Applications
  • Stop
    • The data is kept on the disk with EBS and will remain until the instance restarts.
  • Terminate
    • By default, the root device volume is also terminated.
  • Hibernate
    • The content in the memory (RAM) is moved to the EBS root volume.
    • The EBS root volume needs to be encrypted.
    • Instance RAM must be less than 150 GB.
    • Instances can not be hibernated for more than 60 days.
    • When an instance restarts from hibernation:
      • The EBS root volume is restored to its previous state.
      • The memory content is restored.
      • Any processes that were running are resumed.

Instance Metadata

  • Instance metadata is data relating to the instance that can be accessed from within the instance itself.

http://169.254.169.254/latest/meta-data/

  • The metadata provides the current external IPv4 address, the availability zone, and the security group.

EBS Optimized Instances

  • Legacy non-EBS-optimized instances
    • Use a shared networking path for data and storage.
  • EBS-optimized instances
    • Use dedicated communication path for storage and data.
    • Higher performance: improved network data transfer rates, fast rate of storage, higher level of consistency

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s