AWS EC2
What is the EC2 metadata URL?
"http://169.254.169.254/latest/meta-data/" ________________________________________________________________ To view all categories of instance metadata from within a running instance, use the following IPv4 or IPv6 URIs: http://169.254.169.254/latest/meta-data/ This IPv4 address is a link-local address and it is valid only from the instance. http://[fd00:ec2::254]/latest/meta-data/ This IPv6 address is a unique local address. It is routable within the private network only. It is not routable on the Internet.
Spot Fleet
A collection of Spot Instances and, optionally, On-Demand Instances. Th spot fleet attempts to launch the number of Spot Instances and On-Demand instances to meet the target capacity you specified in the spot fleet request. The request is fulfilled if there is a available capacity and the maximum price you specified in the request exceed the current spot price. The spot fleet also attempts to maintain its target capacity fleet if your spot instances are interrupted.
Security Groups
A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don't specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.
VPN
A service that allows you to bridge the gap securely and easily between your physical data center and the AWS Cloud.
Which of the following services can be used to securely store confidential information like credentials and license codes so that they can be accessed by EC2 instances?
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values.
You have an EC2 instance in a single availability zone connected to an RDS instance. The EC2 instance needs to communicate to S3 to download some important configuration files from it. You try the command aws s3 cp s3://yourbucket /var/www/html however you receive an error message. You log in to Identity Access Management (IAM) and discover there is no role created to allow EC2 to communicate to S3. You create the role and attach it to the existing EC2 instance. How fast will the changes take to propagate?
Almost immediately. You can change the permissions on the IAM role associated with a running instance, and the updated permissions take effect almost immediately.
Reserved Instances
Amazon EC2 Reserved Instances (RI) provide a significant discount (up to 72%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone. EC2 RIs provide a discounted hourly rate and an optional capacity reservation for EC2 instances. AWS Billing automatically applies your RI's discounted rate when attributes of EC2 instance usage match attributes of an active RI.If an Availability Zone is specified, EC2 reserves capacity matching the attributes of the RI. The capacity reservation of an RI is automatically utilized by running instances matching these attributes. You can also choose to forego the capacity reservation and purchase an RI that is scoped to a region. RIs that are scoped to a region automatically apply the RI's discount to instance usage across AZs and instance sizes in a region, making it easier for you to take advantage of the RI's discounted rate.
Spot Instances
Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and test & development workloads. Because Spot Instances are tightly integrated with AWS services such as Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline and AWS Batch, you can choose how to launch and maintain your applications running on Spot Instances.
Amazon EC2 instance IP addressing
Amazon EC2 and Amazon VPC support both the IPv4 and IPv6 addressing protocols. By default, Amazon EC2 and Amazon VPC use the IPv4 addressing protocol; you can't disable this behavior. When you create a VPC, you must specify an IPv4 CIDR block.
EC2
Amazon Elastic Compute Cloud
Virtual private clouds (VPC)
Amazon Virtual Private Cloud (Amazon VPC) enables you to define a virtual network in your own logically isolated area within the AWS cloud, known as a virtual private cloud or VPC. You can create AWS resources, such as Amazon EC2 instances, into the subnets of your VPC. Your VPC closely resembles a traditional network that you might operate in your own data center, with the benefits of using scalable infrastructure from AWS. You can configure your VPC; you can select its IP address range, create subnets, and configure route tables, network gateways, and security settings. You can connect instances in your VPC to the internet or to your own data center.
Best definition for EC2
An EC2 instance provides scalable computing capacity in the AWS Cloud, which you can use to launch virtual servers, configure security and networking, and manage storage.
Elastic Fabric Adapter (EFA)
An Elastic Fabric Adapter (EFA) is a network device that you can attach to your Amazon EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications. EFA enables you to achieve the application performance of an on-premises HPC cluster, with the scalability, flexibility, and elasticity provided by the AWS Cloud. EFA provides lower and more consistent latency and higher throughput than the TCP transport traditionally used in cloud-based HPC systems. It enhances the performance of inter-instance communication that is critical for scaling HPC and machine learning applications. It is optimized to work on the existing AWS network infrastructure and it can scale depending on application requirements.
IAM policies for Amazon EC2
An IAM policy must grant or deny permissions to use one or more Amazon EC2 actions. It must also specify the resources that can be used with the action, which can be all resources, or in some cases, specific resources. The policy can also include conditions that you apply to the resource. Amazon EC2 partially supports resource-level permissions. This means that for some EC2 API actions, you cannot specify which resource a user is allowed to work with for that action. Instead, you have to allow users to work with all resources for that action.
Elastic network interfaces(ENI)
An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes: A primary private IPv4 address from the IPv4 address range of your VPC, one or more secondary private IPv4 addresses from the IPv4 address range of your VPC, one Elastic IP address (IPv4) per private IPv4 address, etc..
You have a three-tier web application with a web server tier, application tier, and database tier. The application is spread across multiple availability zones for redundancy and is in an Auto Scaling group with a minimum size of two and a maximum size of ten. The application relies on connecting to an RDS Multi-AZ database. When new instances are launched, they download a connection string file that is saved in an encrypted S3 bucket using a bootstrap script. During a routine scaling event, you notice that your new web servers are failing their health checks and are not coming into service. You investigate and discover that the web server's S3 read-only role has no policies attached to it. What combination of steps should you take to remediate this problem while maintaining the principle of least privilege?
Attach the S3 - read-only policy to the role. Leave the healthy instances as they are and allow new instances to come into service after fixing the policy issue.
Bootstrapping
Bootstrapping allows us to write and put a startup script while launching an EC2 Instance so that it execute automatically as soon as the instance launch. Bootstrap actions are scripts that run on cluster after Amazon EMR launches the instance using the Amazon Linux Amazon Machine Image (AMI). Bootstrap actions run before Amazon EMR installs the applications that you specify when you create the cluster and before cluster nodes begin processing data. If you add nodes to a running cluster, bootstrap actions also run on those nodes in the same way. You can create custom bootstrap actions and specify them when you create your cluster.
Cluster placement groups
Cluster - packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications. A cluster placement group is a logical grouping of instances within a single Availability Zone. A cluster placement group can span peered VPCs in the same Region. Instances in the same cluster placement group enjoy a higher per-flow throughput limit for TCP/IP traffic and are placed in the same high-bisection bandwidth segment of the network. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both
A cluster placement group can't span multiple Availability Zones. The maximum network throughput speed of traffic between two instances in a cluster placement group is limited by the slower of the two instances. For applications with high-throughput requirements, choose an instance type with network connectivity that meets your requirements. You can launch multiple instance types into a cluster placement group. However, this reduces the likelihood that the required capacity will be available for your launch to succeed. We recommend using the same instance type for all instances in a cluster placement group. Network traffic to the internet and over an AWS Direct Connect connection to on-premises resources is limited to 5 Gbps.
Cluster placement group rules and limitations
In order to enable encryption at rest using EC2 and Elastic Block Store, you must ____.
Configure encryption when creating the EBS volume. When you create a new, empty EBS volume, you can encrypt it by enabling encryption for the specific volume creation operation.
A new CIO joins your company and implements a new company policy that all EC2 EBS backed instances must have encryption at rest. What is the quickest and easiest way to apply this policy to your existing EC2 EBS backed instances?
Create a snapshot of the EC2 volume. Then create a copy of the snapshot, checking the box to enable encryption. Create an AMI of the copied snapshot and then redeploy the EC2 instance using the encrypted AMI. Delete the old EC2 instance.
Instance Metadata
Data about data - data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups.
You work for a government contractor who supply services that are critical to national security. Because of this your corporate IT policy states that no multi-tenant virtualization is authorized within the company. Despite this, they are interested in moving to AWS, but they cannot violate corporate IT policy. Which EC2 billing model would you recommend that they use to achieve this?
Dedicated Instances.
Regions
Each Amazon EC2 Region is designed to be isolated from the other Amazon EC2 Regions. This achieves the greatest possible fault tolerance and stability. When you work with an instance using the command line interface or API actions, you must specify its Regional endpoint. Each Region has multiple, isolated locations known as Availability Zones. If you distribute your instances across multiple Availability Zones and one instance fails, you can design your application so that an instance in another Availability Zone can handle requests.
EC2 Enhanced Networking
Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies. There is no additional charge for using enhanced networking.
An instance can be launched in one placement group at a time; it cannot span multiple placement groups.
Fact
You can create a maximum of 500 placement groups per account in each Region.
Fact
Individual EC2 instances are provisioned ____.
In Availability Zones
Why use Amazon EC2 Spot Instances?
Low, predictable prices - You can purchase Spot Instances at prices up to 90% lower than On-Demand instances. Massive scale - You can run hyperscale workloads at a significant cost savings or you can accelerate your workloads by running parallel tasks.
On-Demand Pricing
On-Demand Instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. This frees you from the costs and complexities of planning, purchasing, and maintaining hardware and transforms what are commonly large fixed costs into much smaller variable costs.Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped. Each partial instance-hour consumed will be billed per-second for Linux, Windows, Windows with SQL Enterprise, Windows with SQL Standard, and Windows with SQL Web Instances, and as a full hour for all other instance types.
Five ways to pay for Amazon EC2 instances
On-Demand, Savings Plans, Reserved Instances, Spot Instances, Dedicated Hosts.
You run the internal intranet for a corporate bank. The intranet consists of a number of web servers and single relational database running Microsoft SQL Server. Your peak demand occurs at 9am every week morning when users are first logging in to the intranet. They can only log in using the company's internal network and it is not possible to access the intranet from any location other than within the office building for security purposes. Management is considering a change and to move this environment to AWS where users will be able to access the intranet via a software VPN. You have been asked to evaluate a migration to AWS and to identify the best EC2 billing model for your company's intranet. You must keep costs low and to be able to scale at particular times of day. You must maintain availability of the intranet throughout office hours. Management do not want to be locked into any contracts in case for some reason they want to go back to hosting internally. What EC2 billing model should you recommend?
On-demand. On-Demand Instances let you pay for compute capacity by the hour or second (minimum of 60 seconds) with no long-term commitments. On-demand instances satisfy the requirements of: low cost, availability during office hours and no lock in contracts. Dedicated instances are more costly, Reserved instances are a long term (1 to 3 year) commitment, and spot instances may terminate at any time so do not meet the availability requirements.
Partition placement groups
Partition - spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka. Partition placement groups help reduce the likelihood of correlated hardware failures for your application. When using partition placement groups, Amazon EC2 divides each group into logical segments called partitions. Amazon EC2 ensures that each partition within a placement group has its own set of racks. Each rack has its own network and power source. No two partitions within a placement group share the same racks, allowing you to isolate the impact of hardware failure within your application. The following image is a simple visual representation of a partition placement group in a single Availability Zone.
A partition placement group supports a maximum of seven partitions per Availability Zone. The number of instances that you can launch in a partition placement group is limited only by your account limits. When instances are launched into a partition placement group, Amazon EC2 tries to evenly distribute the instances across all partitions. Amazon EC2 doesn't guarantee an even distribution of instances across all partitions. A partition placement group with Dedicated Instances can have a maximum of two partitions.
Partition placement group rules and limitations
Reserved Instance Marketplace
Reserved Instance Marketplace allows other AWS customers to list their Standard RIs for sale. Third-party Standard RIs are no different from the Standard Reserved Instances purchased directly from AWS except they are often listed at lower prices and shorter terms.
You are the IT manager at a furniture retailer and they are considering moving their web application to AWS. They currently colocate their servers in a co-location facility and the contract for this facility is now coming to an end. Management are comfortable signing a 3 year contract and want to get the cheapest web servers as possible while still maintaining availability. Their traffic is very steady and predictable. What EC2 pricing model would you recommend to maintain availability and to get the lowest cost price available?
Reserved Instances. A Reserved Instance (RI) is an EC2 offering that provides you with a significant discount on EC2 usage when you commit to a one-year or three-year term.
Savings Plans
Savings Plans is a flexible pricing model offering lower prices compared to On-Demand pricing, in exchange for a specific usage commitment (measured in $/hour) for a one or three-year period. AWS offers three types of Savings Plans - Compute Savings Plans, EC2 Instance Savings Plans, and Amazon SageMaker Savings Plans. Compute Savings Plans apply to usage across Amazon EC2, AWS Lambda, and AWS Fargate. The EC2 Instance Savings Plans apply to EC2 usage, and Amazon SageMaker Savings Plans apply to Amazon SageMaker usage. You can easily sign up a 1- or 3-year term Savings Plans in AWS Cost Explorer and manage your plans by taking advantage of recommendations, performance reporting, and budget alerts.
You are a developer for a genomics firm that is moving its infrastructure to AWS. Their environment consists of a three-tier web application, a web tier, an application tier and a relational database tier. They have a separate fleet of virtual machines that are used to access large HPC clusters on the fly. Their lab researchers run multiple projects simultaneously and they will need to launch and decommission 1,000's of nodes on-demand while reducing the time required to complete genomic sequencing from weeks to days. In order to stay competitive they need to do this at as low cost as possible, with no long-term contracts. These HPC clusters can run any time day or night and their workloads store information in S3, so the instances can be terminated at any time without any effect on the data. What is the most COST EFFECTIVE EC2 pricing model for their requirements?
Spot Instances. Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud and are the lowest cost option for on-demand and short term capacity requirements. As the HPC cluster nodes store the data in S3 the termination of Spot instances will not impact the data processing. Both on-demand and dedicated instances are more expensive than Spot instances, and reserved instances are for long running applications (1 to 3 years) so are not suitable for this HPC cluster scenario.
Spread placement groups
Spread - strictly places a small group of instances across distinct underlying hardware to reduce correlated failures. A spread placement group is a group of instances that are each placed on distinct racks, with each rack having its own network and power source. Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other. Launching instances in a spread placement group reduces the risk of simultaneous failures that might occur when instances share the same racks. Spread placement groups provide access to distinct racks, and are therefore suitable for mixing instance types or launching instances over time. A spread placement group can span multiple Availability Zones in the same Region. You can have a maximum of seven running instances per Availability Zone per group.
A spread placement group supports a maximum of seven running instances per Availability Zone. For example, in a Region with three Availability Zones, you can run a total of 21 instances in the group (seven per zone). If you try to start an eighth instance in the same Availability Zone and in the same spread placement group, the instance will not launch. If you need to have more than seven instances in an Availability Zone, then the recommendation is to use multiple spread placement groups. Using multiple spread placement groups does not provide guarantees about the spread of instances between groups, but it does ensure the spread for each group, thus limiting impact from certain classes of failures. Spread placement groups are not supported for Dedicated Instances.
Spread placement group rules and limitations
What is the minimum time that AWS requires you to keep an EC2 instance online after you've turned it on?
There is no minimum uptime requirement for an EC2 instance once it has been enabled.
Metadata and user data
When working with instance user data, keep the following in mind: User data must be base64-encoded. The Amazon EC2 console can perform the base64-encoding for you or accept base64-encoded input. User data is limited to 16 KB, in raw form, before it is base64-encoded. The size of a string of length n after base64-encoding is ceil(n/3)*4. User data must be base64-decoded when you retrieve it. If you retrieve the data using instance metadata or the console, it's decoded for you automatically. User data is treated as opaque data: what you give is what you get back. It is up to the instance to be able to interpret it. If you stop an instance, modify its user data, and start the instance, the updated user data is not run when you start the instance
When would you need to create an EC2 Dedicated Instance?
When you have an auditing requirement to run your hosts on single-tenant hardware
Placement groups
When you launch a new EC2 instance, the EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures. You can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload.
What is EC2 metadata commonly used for?
When your code needs to learn something about the EC2 instances that it's running on. EC2 instance metadata can be used to configure or manage a running instance, and can also be used to access user data that was specified when the instance was launched.
Dedicated Hosts
You can provision your Amazon EC2 resources on Dedicated Hosts, which are physical servers with EC2 instance capacity fully dedicated to your use. Dedicated Hosts can help you address compliance requirements and reduce costs by allowing you to use your existing server-bound software licenses. Amazon EC2 Dedicated Hosts allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2, so that you get the flexibility and cost effectiveness of using your own licenses, but with the resiliency, simplicity and elasticity of AWS. An Amazon EC2 Dedicated Host is a physical server fully dedicated for your use, so you can help address corporate compliance requirements.
What happens when your Spot instance is chosen by AWS for termination?
You will get a 2-minute notification posted to the metadata of your EC2 instance.
Amazon Elastic Compute Cloud - EC2
a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2's simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon's proven computing environment.
In general, what is the first AWS CLI command that you'll run on a new EC2 instance?
aws configure