EC2 Summary (53)

  Amazon Web Services (AWS)

https://www.udemy.com/aws-certified-solutions-architect-associate/learn/v4/t/lecture/2050798?start=0

EC2: Know the differences between

  • On Demand
  • Spot
    • if you terminate the instance, you pay for the hour
    • If AWS terminates the instance, you get that hour for free.
  • Reserved
  • Dedicated Hosts

Dr Mc Gift Px

  • D2=Dense Storage: Fileservers / Data Warehousing / Hadoop
  • R4=Memory Optimized: Memory Intensive Apps / DBs
  • M4=Main, or General Purpose. Used for Application Servers
  • C4=Compute Optimized: CPU Intensive Apps / DBs
  • G2=Graphics Intensive: Video Encoding / 3D Application Streaming
  • I2=IOPs – High Speed Storage: NoSQL DBs, Data Warehousing, etc.
  • F1=Field Programmable Gate Array: Hardware acceleration for your code
  • T2=Tiny, General Purpose: Web Servers / Small DBs
  • P2=Pixel, Graphics & General Purpose GPU: Machine Learning / Bit Coin Mining etc.
  • X1=Extreme Memory Optimized: SAP HANA / Apache Spark, etc.

EBS Elastic Block Storage

  • SSD – General Purpose – GP@ (Up to 10,000 IOPs)
  • SSD – Provisioned IOPs – IO1 (Over 10,000 IOPs)
  • HDD – Throughput Optimized – ST1 (Frequently accessed workloads)
  • HDD – Cold – SC1 – Less frequently accessed data
  • HDD – Magnetic – Standard – Infrequently Accessed, Bootable
  • You cannot mount an EBS volume to more than 1 instance.  Instead, use EFS

EC2 Setups

  • EC2 Termination Protection is NOT enabled by default. You must manually enable it.
  • On EBS backed instances, the default action is to terminate the root EBS volume when the instance is terminated.
  • Root volumes cannot be encryped by default. You need a 3rd party tool (such as Bit Locker)
  • Additional Volumes can be encrypted.

Volumes vs Snapshots

  • Volumes exist on EBS
  • Snapshots exist on S3
  • You can take a snapshot of a volume, this will store that volume on S3
  • Snapshots are ‘point in time’ copies of Volumes
  • Snapshots are Incremental, this means that only the blocks that have changed since you last snapshot are moved to S3

Volumes vs Snapshots – Security

  • Snapshots of encrypted volumes re encryped automatically
  • Volumes restored from encrypted snapshots re encrypted automatically
  • You can share unencrypted snapshots
    • These snapshots can be shared with other AWS accounts or made public.

Snapshots of root devices

  • To create a snapshot for EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

EBS vs. Instance Store

  • Instance Store volumes are sometimes called Ephemeral Storage
  • Instance Store volumes cannot be stopped.  If the underlying host fails, you will lose your data.
  • EBS volumes can be stopped with no loss of data.
  • You can reboot both instances without losing data.
  • By default both ROOT volumes will be deleted on termination, however with EBS you can tell AWS to keep the root device.

How to take a snapshot of a RAID Array

  • Problem – Take a snapshot, the snapshot excludes data held in the cache by applications and the OS.  This tends not to matter on a single volume, however using multiple volumes in a RAID array, this can be a problem due to interdependencies of the array.
  • Solution – Take an application consistent snapshot
    • Stop the application from writing to disk
    • Flush all caches to the disk.
    • How to do this?
      • Freeze the file system
      • Unmount the RAID Array
      • Shut down the associated EC2 Instance

AMIs

  • AMIs are Regional.  You can only launch an AMI from the region it is stored in.  However, you can copy AMIs to other regions using the console, command line, or the Amazon EC2 API.

CloudWatch

  • Standard Monitoring = 5 minutes
  • Detailed Monitoring = 1 minute
  • CloudWatch is for Performance Monitoring
  • CloudTrail is for auditing (who, what, where, when, etc.)
  • You can perform the following
    • Create Dashboards (Line, Stacked, Number and Text widgets)
    • Set Alarms that notify you if a specific trigger/threshold is reached
    • Create Events to help you respond to state changes in your AWS resources
    • Monitor, store and aggregate (combine) Logs

Roles

  • Roles are more secure than storing your access key and secret access key on individual EC2 instances.
  • Roles are easier to manage
  • Roles can be assigned to an ES2 instance AFTER it has been provisioned using both the command line and the AWS console
  • Roles are universal, you can use them in any region.

Instance Meta-data

  • Used to get information about an instance (such as IP info)
  • curl http://169.254.169.254/latest/meta-data/

EFS Elastic File System

  • Supports the Network File System version 4 (NFSv4) protocol
  • Only pay for the storage used.  No pre-provisioning required)
  • Can scale up to Petabytes
  • Can support thousands of concurrent NFS connections
  • Data is stored across multiple AZs within a region
  • Read After Write consistency

Lambda

  • AWS Lambda is a compute service where you can upload your code and create a Lambda function.  Lambda takes care of provisioning and managing the servers that you use to run the code.  (aka serverless).  You don’t have to worry about Operating Systems, patching, scaling, etc.  You can use Lambda in the following ways.
    • As an event-driven compute service where AWS Lambda runs your code in response to events.  These events could be changes to data in an S3 bucket or a DynamoBD table.
    • As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls made using A.W.S. S.D.K.s (Software Development Kits).

 

 

LEAVE A COMMENT