Elastic Compute Cloud (EC2)
- AWS Elastic Compute Cloud (EC2) is a web service which provides resizable compute capacity.
- EC2 pricing model:
- On demand: experiments, short-term workloads that cannot be interrupted;
- Reserved: applications with steady state or predictable usage;
- Standard reserved instances, convertible reserved instances, scheduled reserved instances.
- Spot: applications that have flexible start & end times;
- Dedicated hosts (dedicated instances): applications with regulatory requirements.
- To avoid terminating a EC2 instance by mistake, you can turn on termination protection (by default, it is not turned on).
- On an EBS-backed EC2 instance, the root EBS will be deleted by default when the instance is terminated.
- When using the default AMI, the root EBS volume cannot be encrypted.
- You can use a 3rd-party tool to encrypt it (such as bit locker);
- You can also create your AMI using AWS console or CLI to encrypt it.
- Additional EBS volumes can always be encrypted if needed.
- By default, AWS allows up to 5 elastic IP addresses per account.
Security Groups (SG)
- All inbound traffic is blocked by default.
- All outbound traffic is allowed.
- Changes to SG take effect immediately.
- You can have any number of EC2 instances within 1 SG, and each EC2 instance can belong to any number of SGs.
- You can only whitelist (rather than blacklist) specific IP addresses using SG rules. To block certain IP addresses, use Network Access Control Lists instead.
- You can specify allow rules, but not deny rules.
- SG rules are stateful. When there is an inbound allow rule, that traffic is automatically allowed outbound.
Auto Scaling Groups (SDG)
- EC2 instances can be grouped into ASGs, which will auto-scale in/out instances depending on certain rules (such as CPU usage).
- This shall be used together with launch configurations.
IAM Roles for EC2
- Roles are more secure than storing your access key and secret access key on individual EC2 instances.
- Roles can be assigned to EC2 instances, through either management console or AWS CLI.
- EC2 metadata can be used to get information about an EC2 instance, such as public IP, bootstrap script, etc.
Elastic File System (EFS)
- EFS is a file storage service for EC2 instances. EC2 instances connect to EFS using a network interface called mount target.
- EFS supports thousands of concurrent connections.
- EFS supports Network File System version 4 (NFSv4) protocol.
- There is no pre-provisioning needed. You only pay for the storage you use, and it could automatically scale up.
- In other words, EFS comes with unlimited storage. There is no need to specify its size before hand.
- Data in EFS is stored across multiple AZs within the same region.
- EFS ensures read-after-write consistency.
EC2 Placement Groups
- There are two types of placement groups:
- Clustered placement group: group of instances within the same AZ, with very low network latency and high throughput. However, only certain instances can be launched in such placement groups;
- A clustered placement group cannot span multiple AZs.
- Partition placement group: partition the instances into a few groups, such that instances in one group do not share underlying hardware with instances in another group;
- A partition placement group can have at most 7 partitions in a single AZ;
- A partition placement group with dedicated instances can have at most 2 partitions;
- A partition placement group cannot use dedicated hosts.
- Spread placement group: group of instances that are placed on distinct underlying hardware to prevent hardware failure.
- A spread placement group can span multiple AZs, but must be in the same region;
- Each spread placement group can have at most 7 instances per AZ;
- A spread placement group cannot use dedicated instances or dedicated hosts.
- The name for a placement group must be unique within the same AWS account.
- AWS recommends homogenous instances within placement groups.
- Placement groups cannot be merged.
- Existing instances cannot be moved into placement groups.
References