AWS EC2
You cannot mount EBS volumes to multiple EC2 instances. Instead use EFS.
Can you mount EBS volumes to multiple instances?
Dr McGift Px - D for Density - R for RAM - M for general purpose - C for Compute - G for graphics - I for IOPS - F for Field Programmable Gate Arrays - T for cheap general purpose (burstable) - P for graphics (Think pictures) - X for extreme memory
For 2017, what are valid EC2 instance types?
An AMI Amazon Machine Image is a template that contains the software configuration (OS, application server and applications) required to launch your instance. You can select an AMI provided by AWS, the user community, the AWS marketplace or you can select one of your own AMIs.
For Step 1: choose an AMI, what is an AMI?
Two types of virtualization Hardware Virtual (HVM) and ParaVirtual (PV)
For Step 1: choose an AMI, what type of virtualization is available?
You can select an instance type and size, i.e. m4.large - m4.10xlarge, c4.large - c4.8xlarge (Think Dr McGift Px)
For Step 2: Choose an instance type. What does this mean?
You can select: number of instances to launch, purchasing option, Network (VPC), Subnet (AZ), Auto-assign Public IP, IAM role, Shutdown behavior, termination protection, Monitoring, Tenancy, Advanced Details
For Step 3: Configure Launch details. What does this mean?
You can assign your EC2 instance a public ip address or not have a public IP address (making the instance a private instance)
For Step 3: What does Auto-Assign Public IP mean?
You can assign an IAM role which allows your instance to interact with AWS sevices without having to store CLI / Access key or Secret Access key on your EC2 instance. The IAM role uses STS to provide temporary credentials to your EC2 instance.
For Step 3: What does IAM role mean?
You can select a VPC to launch your EC2 instance or create a new VPC
For Step 3: What does Network mean?
You can accept default monitoring 5 minute replies or detailed monitoring 1 minute replies
For Step 3: What does monitoring mean?
You can select a number of instances to launch or launch instances into an Autoscaling group.
For Step 3: What does number of instances to launch mean?
If you check the request request spot instances, additional options include current price, max price, launch group, request valid from, request valid to, persistent request.
For Step 3: What does purchasing option mean?
You can select a public or private subnet in an Availability Zone that was provisioned. Note 1 subnet = 1 AZ
For Step 3: What does subnet mean?
For Advanced Details: You can add user data that allows bootstrap scripts to be created. You can add user data in the form of a bash script to automatically configure an instance. i.e. yum update.
For Step 3: What is Advanced Details?
The tenancy for your EC2 instance can be Shared hardware, Dedicated instance or Dedicated Host
For Step 3: What is Tenancy?
If you want to prevent your instance from being accidentally terminated using Amazon EC2, you can enable termination protection for the instance. Termination Protection is off by default. You must turn it on if you want to protect your instances from termination
For Step 3: What is enable termination protection?
When an instance is shutdown, you can choose whether an instance stopped or terminated.
For Step 3: What is shutdown behavior?
On an EBS backed instance, the default action for the root EBS volume to be deleted when the instance is terminated
For Step 4: Add Storage (EBS) volumes what is the default action for an EBS backed instance?
Yes, you can enable delete on termination and encryption for any additional EBS volumes.
For Step 4: Add Storage (EBS) volumes, on additional EBS volumes, can delete on termination and encryption be enabled?
EBS root volume of your default AMI cannot be encrypted. You can also use a 3rd party tool to encrypt the root volume, or this can be done when creating AMIs in the console of the API.
For Step 4: Is the EBS root volume encrypted?
You can add tags (metadata) to help identify the purpose of the ec2 instance. A tag consists of a case-sensitve key-value pair.
For Step 5: Add Tags, what are tags?
Security group is a virtual firewalls that allows various types of traffic. An sg consists of a type: SSH, Protocol (i.e TCP), port Range (i.e. 22) and a Source (Selects what IP addresses can connect to the instance - you can restrict to just your cpu)
For Step 6: Configure Security groups. What are Security Groups?
A PEM key is a key pair which consists of a public key that AWS stores and a private key that you store. Together, they allow you to connect to your instance. For windows AMIs, the private key file is required to obtain your password used to log into the instance. For linux AMIs, the private key allows you to securely SSH into your instance.
For Step 7, What is a PEM key?
An Auto Scaling group starts by launching enough EC2 instances to meet its desired capacity. The Auto Scaling group maintains this number of instances by performing periodic health checks on the instances in the group. If an instance becomes unhealthy, the group terminates the unhealthy instance and launches another instance to replace it.
How do autoscaling groups perform?
• Log into the EC2 instance - ssh ec2-user@<xx.xxx.xxx> • Type: curl http://169.254.169.254/latest/meta-data
How do you determine EC2 metadata?
Reboot the instance
How do you fix an Instance Status Check?
Stop and Start the instance
How do you fix an System Status Check?
Select the instance, select actions, instance settings, change termination protection.
If you attempt to terminate an instance with termination protection on, what must you do to change this?
EBS volume - EC2 instances • Boot time is less than 1 minute • Can start • Can stop • Can reboot • Can terminate • Can upgrade the instance type, kernel, RAM and user data while the instance is stopped. • Charged for instance usage, EBS volume usage and storing your AMI as an EBS snapshot • AMI creation uses a single command / call
What Actions can you do with EBS volumes EC2 instances?
Instance Store Volumes - EC2 instances • Boot time is less than 5 minutes • Can only reboot • Can only terminate • Cannot stop • Instance attributes are fixed for the life of the instance • Charged for instance usage and storing your AMI in S3 • AMI creation requires installation and use of AMI tools
What Actions can you do with instance store volumes EC2 instances?
SSD - GP2 and IO1 Magnetic - ST1, SC1 and Magnetic Standard
What EBS volume types are available?
The more secure method for the CLI is using IAM roles. Storing your AWS CLI keys on an instance could result in lost revenue due to someone using your CLI keys to bitcoin
What are AWS CLI best practices?
A placement group is a logical grouping of instances within a single AZ. Using placement groups enables apps to participate in a low latency, 10 GBps network, recommended for apps that benefit from low latency, high network throughput or both • A placement group can't span multiple Azs • The name you specify for a placement group can be unique to your AZ • Certain types of instances can be landed in a placement group (CPU optimized, GPU, Memory optimized, storage optimized. • AWS recommends having instances with placement groups • You cannot merge placement groups • You cannot move any existing instances into a placement group
What are EC2 placement groups?
Bootstrap scripts are placed in the Advanced Settings in Step 3 of your EC2 launch console. For example, a Bootstrap scripts allow you to configure a web server upon startup of an EC2 instance Attach the following script to the instance: • #!/bin/bash • yum update -y • yum install httpd - y • service httpd start • chkconfig httpd on • cd /var/www/html • aws s3 cp s3://<bucket>/html.indx /var/www/html
What are bootstrap scripts?
Exam Tips • Standard Monitoring - 5 min • Detailed Monitoring - 1 min • Dashboards - create awesome dashboards to see what is happening with your AWS environment • Alarms - Allows you to set alarms that notify you when thresholds are not met • Events - Respond to state changes in AWS resources • Logs - aggregate, monitor and store login information • Cloud Trail - monitors your entire account via logs - Cloud watch - monitors your environment
What are key exam tips for cloudwatch EC2?
Root Volume sizes • Root device volumes can either be EBS volumes or instance store volumes • An instance store root device volumes max size is 10GB • EBS root device volume can be up to 1 or 2 TB depending on the OS.
What are key points about EBS and Instance store root volume sizes?
Snapshots exist on s3 Snapshots are point in time copies of volumes Snapshots are incremental, this means that only the blocks that have changed since the last snapshot are moved to s3 If this is your first snapshot, it may take some time to create
What are key points about EBS snapshots?
Below is a list of things to look for if your instances are not launching in to an autoscaling group: • Associated key pair does not exist • Security group does not exist • Autoscaling config is not working correctly • Autoscaling group not found • Instance type specified is not supported in the AZ • AZ is no longer supported • Invalid EBS device mapping • Autoscaling service is not enabled on your account Attempting to attach an EBS block device to an instance store AMI.
What are some troubleshooting and autoscaling issue tips?
Dedicated Host - Useful for regulatory requirements that may not support multi-tenant virtualization. - Great for licensing which does not support multi-tenancy cloud deployments - Can be purchased on-demand - Reservations can be up to 70% of the on demand prices
What are use cases for Dedicated Hosts?
On Demand - Users that want the low cost and flexibility of EC2 without any up-front payments or long term commitments. - Applications with short terms, spiky or unpredictable workloads that cannot be interrupted. - Applications being developed or tested on EC2 for the 1st time
What are use cases for On-demand instances?
Reserved - Applications with Steady State or predictable usage - Applications that require reserved capacity - Users able to make upfront payments to reduce their total capacity costs even further
What are use cases for Reserved instances?
Spot - Applications that have flexible start or end times - Applications that are only feasible at very low compute prices - Users with urgent CPU needs for large amount of additional capacity -If the spot is terminated by EC2, you will not be charged for a partial hour. However if you terminate the instance yourself, you will be charged.
What are use cases for Spot instances?
Terminating an Instance - EBS: • EBS root device volumes are terminated by Default when the EC2 instance is terminated. You can stop this by unselecting the "Delete on termination" option when creating the instance or by setting the deleteontermination flag to falls using the CLI • Other EBS volumes attached to the instance are preserved however, if you delete the instance.
What happens when you terminate an EBS backed instance?
Terminating an instance - instance store • Instance store device root volumes are terminated by default when the EC2 instance is terminated. You cannot stop this. • Other instance store volumes will be deleted on termination automatically Other EBS volumes attached to the EC2 instance will persist automatically.
What happens when you terminate an instance store volume?
Elastic Block Storage (EBS) Allows you to create storage volumes and attach them to EC2 instances. Once attached, you can create a file system on top of these volumes, run a database, use them in any other way you would use a block device. Placed in a specific AZ, automatically replicated to protect you from failure of a single component.
What is EBS?
Amazon Elastic Compute Cloud (AWS EC2) is a web service that provides resizable compute capacity in the cloud. EC2 reduces the time required to obtain and boot new server instances to minutes allowing you to scale capacity both up and down as your computing requirements change.
What is EC2?
Elastic File System (EFS) is a file storage for EC2 instances. EFS is easy to use and provides a simple interface that allows you to create and configure file systems quickly and easily. Storage capacity is elastic growing and shrinking automatically as you add and remove files. So, your applications have the storage they need, when they need it. • Support to the NFS protocol • Pay for the storage you use • Can scale up to Petabytes • Can support thousands of concurrent NFS connections • Data is stored across multiple Azs in a region • Read after Write Consistency - EFS is block based storage not object based storage
What is EFS?
• General Purpose SSD (GP2) ○ General Purpose ○ Balance of price and performance ○ Ratio of 3 IOPS per GB with up to 10K and the ability to burst up to 3000 IOPS for extended periods of time for volumes under 1GB
What is GP2?
• Provisioned IOPS SSD (IO1) ○ Designed for Input / Output intensive applications such as large RDS or No SQL Databases ○ Use more than 10,000 IOPS ○ Can provision up over 20,000 IOPS per volume
What is Io1?
• AWS Lambda is a compute service where users can upload your code and create a Lambda function. • AWS Lambda takes care of provisioning. • You can use Lambda in the following ways ○ Event drive compute services where Lambda runs code in response to events ○ Compute service to run your code in response to HTTP requests using API Gateway or API calls via SDKs • Pricing ○ # of Receipts - 1st Million are Free • Duration is automatic from the time your code executes until it returns or otherwise terminates • No servers • Container orchestrator
What is Lambda?
• Magnetic Standard - Lowest cost per GB of all EBS volume types and is bootable. - Magnetic volumes are ideal for workloads where data is accessed infrequently and applications where the storage cost is important.
What is Magnetic Standard?
• Cold HDD (SC1) - Lowest cost storage for infrequently accessed workloads - File server - Cannot be a boot volume
What is SC1?
• Magnetic Throughput Optimized HDD (ST1) ○ Big Data ○ Data Warehousing ○ Log Processing - Cannot be a boot volume
What is ST1?
A snapshot done on a running instance excludes data held in cache by application and the OS. So, to the best practice is to shutdown the instance, umount the EBS volume. Take a snapshot of the EBS volume.
What is a best practice for EBS snapshots?
Instance store data is known as ephemeral storage, meaning that data will not persist after an instance is deleted. You cannot set this to false, data will always be deleted when that instance disappears. • The data in an instance store persists only during the lifetime of its associated instance. If an instance reboots (intentionally or unintentionally), data in the instance store persists. However, data on instance store volumes is lost under the following circumstances: ○ Failure of an underlying drive ○ Stopping an EBS backed instance ○ Terminating an instance. • Therefore, do not rely on instance store volumes for valuable, long term data. Instead, keep your data safe by using a replication strategy across multiple instances, storing data in S3, or using EBS volumes.
What is a key points about instance store data?
Creating an Encrypted Snapshot • To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot • Snapshot of encrypted volumes are encrypted automatically • Volumes restored from encrypted snapshots are encrypted automatically • You can share snapshots only if they are encrypted? (Keys are tied to your account) • These snapshots can be shared with other AWS accounts or made public
What is a way to create an encrypted snapshot?
An Auto Scaling group contains a collection of EC2 instances that share similar characteristics and are treated as a logical grouping for the purposes of instance scaling and management. For example, if a single application operates across multiple instances, you might want to increase the number of instances in that group to improve the performance of the application, or decrease the number of instances to reduce costs when demand is low.
What is an autoscaling group?
You can use scaling policies to increase or decrease the number of running EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale or scale on a schedule, you must adjust the desired capacity of the group in order for the changes to take effect.
What is an autoscaling policy?
• All inbound traffic on a security group is blocked by default • All outbound traffic is allowed by default • Changes to security groups take effect immediately • You can have any number of EC2 instances in any security group • You can have multiple security groups attached to EC2 instances • Security groups are stateful - If you can create an inbound URL allowing traffic in, that traffic allowed back out again - You cannot block a specific IP address using security groups, instead use NACLs - You can specify specific allow rules, but not deny rules.
What is key points about EC2 security groups?
EC2 - EBS vs Instance Store • EBS backed volumes are persistent • Instance store backed volumes are not persistent (ephemeral) • EBS volumes can be detached and reattached to other EC2 instances • Instance store volume cannot be detached and reattached to other instances . They exist only for the life of the instance • EBS can be stopped.
What is the key difference between EBS backed instances verses Instance Store backed Instances?
EBS = Store Data Long term; while Instance Store = should not be used for long term data storage. - You can reboot to recover an EBS backed EC2 instance but you cannot reboot with an Instance Store Volume EC2 instance
What is the key point for EBS vs Instance Store instances?
System Status Checks and Instance Status Check
What type of status check are available for your EC2 instance?
- On Demand - fixed rate by the hours. No commitment - Reserved - Provides you capacity reservation and offers significant discounts on the hourly charge for an instance. 1 or 3 year terms - Spot - Enables you to bid whatever price you want for instance capacity providing for even greater savings if your application has flexible start and stop times. - Dedicated Hosts - Physical EC2 servers dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server bound software licenses.
What types of EC2 purchases are available?
Exam Tips • IAM roles are more secure that storing your access key and secret access key on individual ec2 instance • Roles are easier to manage • Roles can be assigned to an ec2 instance after its created but currently only using the command line • Roles are universal, you can use them in any region
Why are IAM roles more secure on EC2 instances?