5 minutes
- EC2 is one of the most popular AWS Service Offerings
EC2 == Elastic Cloud Compute, it is a Infrastructure as as Service
It mainly consists in the capablity of: Renting Virtual Machine (EC2), Storing Data on Virtual Drive (EBS), Distributing Load across machines (ELB), and Scaling the services using Auto Scaling Group(ASG)
Knowing EC2 is fundamental to understand how the cloud works!!
| Configuration Item | Options |
|---|---|
| Operating System | Linux, Windows, MacOS |
| How much compute power (cores) | 1,2,4,8,16 cores |
| How much random-access memory (RAM) | 4GB, 8GB, 16GB |
| Which type of storage | |
| Persistent Network Storage (EBS) | |
| Persistent Network Storage with File System (EFS) | |
| Non-Persistent Hardware Storage (EC2 Instance Store) | |
| Network Card | Speed of Card, Public IP Address (AWS Elastic IP) |
| Security Group | EC2 Security Group |
| Bootstrap/Startup Script | EC2 User Data |
It is possible to bootstrap our instances using an EC2 User Data Script, or simply known as Startup Script. Bootstrap means launching commands when the machine starts up. Note: EC2 user data is used to automate boot tasks such as:
- Install Updates
- Install Softwares
- Download common files from the internet
- other things…
Note: EC2 UserData script with root user privilages.
Specialized EC2 instance can be used for different requirements. It follows the following naming convensions.
Following is the list of popular instance type:
- General Purpse
- Compute Optimized
- Memory Optmized
- Acclerated Computing
- Storage Optimized
- Instance Feature
- Measuring Instance
Great for diversity of workload such as web servers or code repositories. It is a balance between: Compute, Memory, Network. E.g. “t2.micro”.
It is great for compute-intensive tasks that require high peformance processors. Some common tasks done using compute instance are as follows:
- Batch Processing Workload
- Media Transcoding
- High Peformance Web Servers
- High Peformance Computing (HPC)
- Scientific Modeling & Machine Learning
- Dedicated Gaming Servers
Fast peformance for workload that process large datasets in memory.
- High Peformance for relational/non-relational DB
- Distributed Web Scale Cache Store
- In-memory database optimized for BI (business intelligence)
- Application peformance real-time processing of big unstructured data.
Great for storage intensive tasks, that require high, sequential read & write access to large datasets on local storage.
- High Frequency Online Transaction Processing (OLTP) Systems
- Relational & No-SQL DB
- Cache for In-Memory Databases like “Redis”
- Data Warehousing
- Distributed file system
They are fundamental of network and security in AWS. They control how traffic is allowed into or out of our EC2 Instance (only!).
Security group contains ONLY ALLOW rules
- Security group can reference IP or other Security Groups
- Security groups act as a simple firewall on EC2 instances.
| They Regulate the following items: |
|---|
| 1. Access to Port |
| 2. Authorised IP ranges - IPv4 & IPv6 |
| 3. Control of inbound network (from other to the instances) |
| 4. Control of outbound network (from the instance to others) |
| Notes: |
|---|
| 1. SG can be attached to multiple instances |
| 2. SGs are locked down to a region/VPC combination |
| 3. Does “live outside” the EC2 - if traffic is blocked by an SG, then EC2 will not see/log it |
| 4. It’s good to maintain one seperate security group for SSH access. |
| 5. If your application is not accessible (timeout), then its might be a security group issue |
| 6. If your application gives a “connection refused” error, then its an Application issue or it hasn’t started up. |
| 7. All INBOUND traffic is BLOCKED by default |
| 8. All OUTBOUND traffic is AUTHORISED by default |