Amazon Web Services(AWS): AWS Elastic Compute Cloud -EC2

Elastic Compute Cloud (EC2) is a virtual Machine on AWS Host (Physical servers). AWS uses a XEN hypervisor to create virtualization and provide virtual machines. it comes under AWS Compute service. This Virtual Machines refer as EC2 Instance in AWS.

1. you can create windows and Linux virtual Machine in AWS. EC2 provides resizable compute capacity on Cloud and you will have Root/Admin access on virtual Machines (EC2).

2. EC2 Instance has 99.5 % SLA, means approx. 22 minutes per month server can be down.

3. There are 20 EC2 instance soft limit in per region per account, which can be increased.

4. There are Two Type of Block storage is supported in AWS. Below are Block storage types which can be added on EC2 Instance.

1. Elastic Blocked storage (EBS)

This is Block level, Network attached storage provided by AWS. This is persistent storage, means if you Stop/Start the EC2 Instance data will not lose.

2. Instance-Store

This is direct attached storage(DAS), So virtual Machine and storage both are on the same physical server. There is some limitation of AWS instance store volume.

a. If you are using Instance stored as the root volume of AWS VM then you cannot stop this VM.

b. If you are using the Instance-store as data Drive, then after start/stop of EC2 Instance, data will lose.

5. You can use EBS and Instance-store volumes as Root/Boot volume of EC2 Instance.

6. If Root Volume is EBS type, then we call this Instance as EBS backed instance.

7. If Root/Boot volume is Instance-store, then we call this Instance as Instance-store backed EC2 Instance.

If you want to read more about AWS Block Storage, please Click Here to check My Article on “EBS-Fundamental”

A. Amazon Machine Image (AMI)

AMI is the virtual server images, which is used to create the EC2 instance. Below are the properties which help you to select the right image to create an EC2 instance as per your requirement.

a. Operating System:

It can be different type of windows and Linux flavors. like Window 2012, RHEL 7.0 etc.

b. Root Device Type:

It indicates the Boot storage type. It can be EBS (Elastic Block Storage) or Instance-store.

c. Virtualization Type:

AWS uses the XEN hypervisor which support two types of virtualization technique. i.e. Para-virtualization (PV) and HVM (Hardware-assisted virtualization)

HVM has higher performance than Para-virtualization. Below are reasons to select the HVM comparison to Para-virtualization AMI.

a. More CPU cycle could be utilized

b. Much lower cache miss

c. HVM support both window and Linux OS but Para-virtualization support Linux only.

d. ENA (Elastic Network Adapter) Enabled:

Single Root I/O Virtualization (SR- I/OV) is network interface virtualization technique. In this, EC2 instance has direct access of virtual Network interface. Basically XEN virtualizing the network adapter on the physical host for enhancing networking. SR-I/O provides

1. High data transfer rate

2. Low latency

3. Very low network jitter

If ENA enabled “Yes” in AMI, then it indicates that AMI support SR-I/O virtualization. Which helps high data transfer. Not all Instance type support for ENA enabled AMI.

e. Architecture:

It provides two options i.e. 32 Bit or 64 Bit virtual server.

B. Instance Type:

We need a different type of EC2 Instance according the application requirement, which we host on the server. Like some application required high memory, some application required high I/O, some required high network performance etc.

So AWS provides different type of Instance type to fulfill the different type of use cases.

Below are the properties which help you select the required Instance Type for your use case.

1. Instance Type Category:

Actually, it is category of Instance types according the use cases. The Instance type are divided in five Families. This property indicates the high level use case of this Instance type.

Below are the details of “Instance type” and Each Instance Type have Multiple Series, which contains different property like Number of vCPU, RAM (Memory GIB), applicable block Storage (EBS /Instance Store) etc.

a. General Purpose

If your Application Need Balance Compute, memory and networking resources, then the General purpose is ideal Instance type.

Supported Series: T2, T3, M5 etc.

b. Compute Optimized

It is good for those applications which is required high performance compute processor.

Supported Series: C4 ,C5 etc.

c. Memory Optimized

If your application process large set of Data in memory, then you need to go with Memory Optimized Instance type.

Supported Series: R, X and Z.

d. Storage Optimized

If your application required very high sequential (not parallel) read, write operation on a large set of local storage. Then go for this option.

Supported Series: I, D and H.

e. GPU Instances

If your requirement is high parallel computing, AI deep learning, graphics processing, Data pattern matching etc. then you can go with GPU instance.

Supported Series: P, G and F.

2. EBS Optimized

It helps you to utilized the full I/O performance of EBS which is connected to your EC2 Instance. This is all about data high performance data transfer between EC2 and EBS volume. It supports with all types of EBS.

So with the help of this you can optimize your mission critical application which required high I/O like Databases.

All Instance family does not provide EBS optimized feature.

3. Instance Storage :

Some Instance type provides Local Storage (DAS storage), which can be SSD or HDD.

If “EBS only” written in this property that means there is no Local storage provided with this Instance type, you have only Network attached EBS option.

You can add Instance-store Storage at the time of EC2 Instance creation only.

4. IPV6 Support

It suggests that Instance family support IPV6 or not.

C. Key Pair

This is the concept of private and public key combination to access the EC2 instances. You can use the same key pair in multiple instances. When you created the Key pair, it contains two keys.

Public Key: It is stored on AWS.

Private Key: it is downloadable once. Means You can download only one time while creating the key pair.

Using the combination of Public and private key you can login securely on AWS EC2 Instance.

With help of private Key,

1. you can obtain the password of Admin account for Windows server.

2. You can securely SSH into Linux server.

D. EC2 Instance “User Data” Property

If you want to execute some script during the EC2 Instance boot, then you can pass these scripts in user data property during the EC2 launch or you can modify it later.

1. User data are limited to 16 KB.

2. User Data is not encrypted, so don’t pass sensitive information in user data.

E. EC2 IAM Role

You can attach an IAM role to an EC2 instance, with the help of this EC2 instance can access the AWS service without supplying the credentials. Like S3 services etc.

F. EC2 Tenancy (Shared vs Dedicated) Model

AWS Host (Physical server) can be shared between two or more customer of AWS; Means Multiple customer “virtual Machine (EC2 Instance)” can run on one AWS host. We called this as shared tenancy Model which is by default provided by AWS and its cheap.

If you don’t want to share the AWS host with other AWS customer, then you have to use Dedicated tenancy.

Tenancy can apply when you are creating the virtual Machine (EC2 Instance) or you can apply this at VPC level (virtual Private Cloud)

VPC level tenancy, overwrite the EC2 level tenancy. Means if you have selected Dedicated tenancy on VPC and you creating EC2 Instance in this VPC with shared tenancy, in this case EC2 will be created in Dedicated Tenancy Model because you have applied Dedicated tenancy on VPC level.

G. EC2 Instance purchasing option

AWS provides three types of EC2 purchasing option which help you to optimize cost. Example On-Demand, Spot Instance and Reserved Instance.

1. On-Demand Instance

In this purchase option, you pay instance and compute capacity that you use by the hour. Some AMI provided per second billing as well. There is no long term commitments or upfront cost.

Use cases: if you have short term or unpredictable workload that cannot be interrupted

2. Spot Instance

It allows to use compute capacity with no upfront cost and cheaper than On-demand Instance. In this option customer bid for Instance price, if it meets the price, AWS allocates the compute capacity, but AWS may terminate the spot Instance any time if the market price goes higher than bid price provided by Customer.

Use cases: if you have a short term workload and termination of EC2 instance cannot effect application. Like Data Analysis, Batch jobs, background processing etc.

3. Reserved Instance (RI Instance)

Actually in this option, you don’t buy Instance rather you reserved capacity in AZ/Region with long term commitment. Any On-demand Instance that match with Reserved Instance, then Reserved Instance price apply on those on-demand Instance and AWS apply this on monthly billing. You can purchase it with high discount.

1. Reserved Instance term option is one year or three years.

2. to purchase reserved Instance need selection of the following

a. Availability zone /Region

b. Instance type (like m1. large etc.)

c. Platform (for example, Linux)

d. Term (time period)

e. Tenancy (dedicated or shared)

f. Offering (No Upfront, Partial Upfront, All Upfront)

3. Reserved Instance Scope can be Availability zone or Region Specific. Means you can reserve capacity on specific Availability zone or the whole AWS region.

4. Reserved Instance benefits cannot apply on spot Instance.

5. You have no control on which on Demand EC2 Instance, reserved Instance discount will apply.

6. Once purchased, you cannot refund or cancel but you can sell these reserved Instance on AWS market place if it is Availability zone specific.

7. You can modify the existing Reserved Instances. Below are some possibilities of modification.

a. You can change the Availability zone of reserved Instance within the same region, if you have purchased Availability zone specific reserved Instance.

b. You can change the Instance size with in a family.

c. You can modify all or subset of reserved Instance

8. scheduled Reserved Instances (Scheduled Instances) enable you to purchase capacity reservations that recur on a daily, weekly, or monthly basis, with a specified start time and duration, for a one-year term.

9. Scheduled Instances are a good choice for workloads that do not run continuously, but do run on a regular schedule for e.g. weekly or monthly batch jobs.

10. Scheduled reserved instances are not supported for all Instance types.

H. Block device Mapping

This is a mapping of Block storage device in AMI, it helps you to provide which Block storage (Root and data) can be included while creating the EC2 Instance using this AMI.

1. It includes both types of Block storage i.e. EBS and Instance-Store.

2. You can change the Block Device mapping while creating the Instance or later when it is created.

3. Below are some limitations of Block device mapping

a. For Root Volume, you can modify the volume size, Volume type and “Delete on Termination” flag.

b. You cannot decrease the EBS volume size. You can just increase or use same size.

I. EC2 Placement Group

This is logical grouping(Clustering) of EC2 instances in same AZ or different AZ to provide low latency and high Network throughput between EC2 Instance communication.

1. There is no extra charge for creating the Placement group.

2. You should use ENA enabled (Single root I/O virtualization based) EC2 instance for placement group.

3. You should try to launch all Instances at same time for guarantee availability.

4. You can create placement group across the VPC peering but both VPC should be in the same region.

5. The Placement group name must be unique in AWS account for a region.

6. There are two ways to create the placement groups

a. Cluster:

1. Cluster the Instances into a same availability Zone.

2. All EC2 instances, in placement group lying on the same physical host.

b. Spread:

1. Cluster the instance into different availability Zone.

2. Instance lying on different availability zone physical host.

3. You can have maximum seven running EC2 instances per availability zone per group.

J. EC2 Monitoring:

There are two type.

1. Basic Monitoring

It is by default and free. In this EC2 service send it metric data to AWS cloud watch at every five minutes. This doesn’t cover memory utilization of EC2 Instance.

2. Details Monitoring

It is chargeable. In this EC2 service send it metric data to AWS cloud watch at every one minute.

K. EC2 status Check

EC2 check is built in service which run every one minute to check software and hardware issue on the EC2 instance.

1. Each EC2 check either run pass or fail. If one or more, check get failed, then the overall status of EC2 instance is changed to Impaired.

2. As this is built in service, so you cannot delete, disabled or change this.

3. You can configure Cloudwatch to initiate action (Reboot or recovery) on the impaired EC2 instance.

4. If EC2 instance is changed to Impaired, then AWS also tries schedule stop/start of EBS backed instance.

L. EC2 Instance States

1. When you launch the EC2 instance, it goes to pending then running state.

2. Stop Instance maintains the Instance ID.

3. You cannot stop Instance-backed (Instance which root volume is Instance-store type) Instance.

4. There is no charge of Stop Instance, however attach volume incurred charges.

5. In Stop Instance, you can detach / re-attach their EBS volume including the root volume.

6. When you start the Stopped EC2 Instance, most probably it will restart on the new physical host.

7. When you stop EC2 instance, then EC2 instance retain private IPV4 address, IPV6 address and EIP (Elastic IP).

8. Always use AWS reboot instead on OS reboot because.

a. If AWS initiates the reboot, it waits for four minutes to reboot. If Instance did not reboot, then AWS force hard reboot.

b. AWS reboot create an AWS CloudTrail log, which is helpful for troubleshooting.

9. By Default, “Delete on Termination” flag is true for EBS root volume. Means when you delete the Instance root volume is automatically deleted.

10. By Default, “Delete on Termination” is false for additional data volumes. Means when you delete the Instance additional volume is not deleted automatically, it will persist.

11. You can change the “Delete on Termination” flag of volume during the Instance launch or running instance.

M. Bastion Host or RDP Gateway

1. It is like jump server, with the help of this you can connect your EC2 instances.

2. It has auto assigned public IP or EIP.

3. To configure bastion host/RDP gateway in HA, you can use auto scaling group.

N. EC2 VM Import / Exports:

1. You can migrate VMware, Microsoft hypervisor and XEN VM into AWS cloud.

2. You can also convert EC2 Instance into VMware, XEN and Microsoft hypervisor supported format VM file, so that it can import again into your private cloud. This applies only on those EC2 instance which is actually imported from private cloud, you cannot apply this functionality on EC2 instance which is created by AWS AMI.

3. Import/Export support by AWS API and CLI only.

O. Elastic Network Interface (ENI)

IP is assigned on ENI. You can specify which IP address you want specify to your EC2 instance in the subnet or Leave to AWS to assign IP from Subnet.

1. Security Groups are applied on ENI level.

2. You can attach more than one ENI to EC2 instance. Maximum number of ENI depends on Instance type.

3. Assigning ENI on running EC2 instance is called “HOT ATTACH”.

4. Assigning ENI on Stopped EC2 instance is called “WARM ATTACH”.

5. Assigning ENI at the time of EC2 launched is called “COLD ATTACH”

6. ENI have one primary IP and can have one or more secondary IP.

You assign maximum five security group to ENI.

Thursday, January 2, 2020

AWS Elastic Compute Cloud -EC2