Amazon Elastic Compute Cloud (EC2) Fundamentals
Key Points:
- EC2 Instance Types: Users can choose from various instance types based on their specific needs, considering factors like CPU, RAM, storage, and network performance.
- Operating Systems: EC2 instances can run Linux, Windows, or macOS.
- Storage Options: Users can choose between Elastic Block Store (EBS) for network-attached storage or instance store for hardware-attached storage.
- Networking: EC2 instances can be configured with different network settings, including network performance and security groups (firewalls).
- EC2 User Data: This script allows for automation of tasks at instance boot (bootstrap) time, such as installing software or configuring settings.
- AWS Free Tier: The t2 micro instance type is included in the AWS Free Tier, making it a suitable option for learning and experimentation.
Instance Naming Convention
- The first letter indicates the class (e.g., M for general purpose).
- The number represents the generation (e.g., M5 is newer than M4).
- The size suffix (e.g., .large) indicates the instance's processing power and memory.
Common Instance Classes:
- General Purpose (M, T): Balanced compute, memory, and network for web servers, code repositories, etc. (e.g., T2.micro - free tier option)
- Compute Optimized (C): Ideal for CPU-intensive tasks like data processing, media transcoding, high-performance web servers, etc.
- Memory Optimized (R, X1, Z1): Excellent for in-memory databases, caching, real-time big data processing, etc. (focuses on RAM)
- Storage Optimized (I, G, H): Designed for workloads requiring frequent access to local storage (e.g., databases, caching)
Resource Comparison: Different instance types offer varying amounts of CPU (vCPUs), memory (GiB), and other resources. The lecture compared t2.micro (low memory, 1 vCPU), r5.16xlarge (high memory, 16 vCPUs), and c5d.4xlarge (more CPU, less memory).
AWS EC2 Security Groups
Security groups are fundamental to network security in AWS EC2. They act as firewalls, controlling inbound and outbound traffic to and from your EC2 instances.
Key Points:
- Simple Rule-Based System: Security groups only allow traffic. You define rules based on IP addresses or other security groups.
- Inbound and Outbound Rules: You can control traffic coming into your instance (inbound) and traffic going out (outbound).
- Port-Based Control: Security groups allow you to specify which ports can be accessed.
- Default Behavior: By default, all inbound traffic is blocked, and all outbound traffic is allowed.
- Security Group Referencing: You can reference other security groups in your rules, enabling complex network configurations.
Common Ports to Know:
- SSH (22): For Linux instances
- FTP (21): For file transfer
- SFTP (22): For secure file transfer
- HTTP (80): For unsecured websites
- HTTPS (443): For secure websites
- RDP (3389): For Windows instances
Remember, security groups are a critical component of EC2 security. Misconfiguration of security groups can expose your instances to potential threats.
EC2 Instance Purchasing Options
On-Demand Instances: Pay-per-second billing after the first minute. No upfront costs or long-term commitments. Best for short-term, unpredictable workloads. Highest cost.
Reserved Instances: Significant discounts (up to 72%) compared to on-demand. Commit to a specific instance type, region, tenancy, and OS. 1-year or 3-year terms with options for upfront payments. Ideal for steady-state, long-term workloads like databases. Convertible reserved instances offer flexibility to change instance attributes but with slightly lower discounts (up to 66%).
Savings Plans: Similar discounts to reserved instances (up to 70%). Commit to a specific dollar amount of usage per hour. Flexible across instance sizes, OS, and tenancy within a specific instance family and region. Suitable for long-term workloads with predictable usage patterns.
Spot Instances: Significant discounts (up to 90%) compared to on-demand. Instances can be interrupted at any time if the spot price exceeds your maximum bid. Best for fault-tolerant workloads like batch jobs, data analysis, and image processing. Not suitable for critical workloads or databases.
Dedicated Hosts: Physical server dedicated to your use. Ideal for compliance requirements or specific software licensing needs. Most expensive option. Available on-demand or reserved for 1 or 3 years.
Dedicated Instances: Instances run on dedicated hardware shared with other instances in the same account. No control over instance placement. Less expensive than dedicated hosts.
Capacity Reservations: Reserve on-demand capacity in a specific AZ for any duration. No time commitment, can be canceled at any time. No billing discounts, charged at on-demand rates. Suitable for short-term, uninterrupted workloads that need specific AZ capacity.
Choosing the Right Option:
- Workload type: Short-term, long-term, steady-state, or fault-tolerant.
- Budget: How much are you willing to spend?
- Flexibility: Do you need the ability to change instance types or regions?
- Reliability: How critical is it that your instances are always available?
- Compliance: Do you have any specific compliance requirements?
Spot Instance
Amazon EC2 Spot Instances area cost-effective way to use unused EC2 capacity in the AWS cloud:
- Cost: Spot Instances can be up to 90% cheaper than On-Demand instances.
- Flexibility: Spot Instances are ideal for applications that can handle interruptions and restarts, such as batch processing, data analysis, and web servers.
- Integration: Spot Instances integrate with AWS services like Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline, and AWS Batch.
- Scalability: Spot Instances can be used to run hyperscale workloads or accelerate workloads by running parallel tasks.
AWS may interrupt a Spot Instance if the Spot Price exceeds the maximum price set by the user, if demand for Spot Instances increases, or if supply decreases. Before interrupting a Spot Instance, AWS will send a two-minute warning notice. To optimize workload costs and performance, Spot Instances can be combined with On-Demand, RI, and Savings Plans instances.
Spot Fleets
Spot fleets offer a cost-effective way to utilize spare EC2 capacity by defining multiple launch pools with various instance types, OS, and availability zones. The fleet strategically selects the most suitable pool based on price and capacity constraints to meet target capacity.
Key strategies for allocating spot instances within a fleet include:
- Lowest Price: Prioritizes the cheapest pool, ideal for short workloads.
- Diversified: Distributes instances across all pools for enhanced availability and longer workloads.
- Capacity Optimized: Selects the pool with optimal capacity for the desired instance count.
- Price Capacity Optimized: Prioritizes capacity and then selects the cheapest option within that pool, suitable for most workloads.
[1]: Stephane Maarek, AWS Certified Solutions Architect Associate Certification SAA-C03