AWS Certification: ec2 Essentials, concepts and References
ec2 (elastic compute cloud) is one of the main services of AWS. It can be considered as the backbone of AWS. When it comes to the certification exam, this is one of the most important services that you should focus on.
ec2 provides instances (virtual servers) . You can provision an instance in a matter of minutes. You can start, stop and terminate a virtual server based on your needs.
ec2 Pricing Models
There are three pricing models for ec2,
- OnDemand Instances: In this model, you pay for the instance on per hour basis. There is no upfront amount or a commitment to be made for this model.
- Reserved instances: In this model, you can reserve a specific number instances for a period of time. This gives you a discount in pricing when compared to reserved instances.
- Spot instances: This allows you to bid a price of your choice for instances. When the price criteria match the spot instance prices, you can get it for your workloads. This is comparatively very cheap and it comes with a downside. AWS could terminate this instances without any notice when there is a requirement for more capacity.
The following image shows the instance types and its use cases.
EBS (Elastic Block Store) is a storage service which lets you create storage volumes that can be attached to an ec2 instance. Basically, your instance Operating System resides on EBS volumes. You can think of EBS as your computer hard disk and ec2 as your CPU and other associated processing components.
Following are the EBS volume types.
- General Purpose SSD (GP 2): Following are the GP2 characteristics
- Allows 3 IOPS/ GB
- Burst capacity up to 3000 IOPS for the available credit (ie 5.4 million I/O credits)
- Provisioned IOPS SSD (io1):- Following are the IO1 characteristics
- This EBS is for IO intensive applications like databases, NoSQL databases etc.
- Allows up to 20000 IOPS volumes
- Magnetic (Previous Generation): Low-cost EBS volume time specifically designed for normal workloads which have infrequent data access.
- Throughput Optimized HDD (
st1) : This is a low-cost storage which is optimized for throughput other than IOPS. This is best fit for sequential data access like log processing.
- Support 40 MB/s per TB throughput.
- Burst throughput up to 250 MB/s per TB.
- COLD HDD (sc1): This is also an inexpensive EBS storage that measures performance in terms of throughput other than IOPS.
- Supports 12 MB/s per TB
- Burst capacity of 80 MB/s per TB from the credit balance.
Volumes Vs Snapshots
- A snapshot is a point in time copy of an EBS volume.
- All snapshot are incremental. It means when every you are trying to take a new snapshot of an EBS volume, it will move only the changed blocks to s3 and not the entire data.
- Volumes exist on EBS and snapshots exists on S3.
- When a take a snapshot of a volume, automatically it gets stored in s3
- When creating a volume from the snapshot, you can change the storage type. For example from magnetic to gp2.
- Volumes created from an encrypted snapshots are encrypted automatically.
Root Device Volume
This is the volume which gets attached to your ec2 instance for boot.
- To take the snapshot of the root volume, you have to stop the instance first for snapshotting it. If you try to take the snapshot of the live volume, AWS will stop the instance first before snapshotting it.
Understanding EBS RAID
Raid stands for redundant array of independent disks. Following are the types of RAID
- RAID 0 -> Striped for good performance without redundancy.
- RAID 1 -> This model mirrors the data for redundancy.
- RAID 5 -> Not recommended by AWS for EBS volumes
- RAID 10 -> It is a combination of RAID 0 and RAID 1
RAID Use case: When you run workloads on ec2 instances with maximum IOPS and you still need more IOPS, you can create RAID using multiple EBS volumes for better performance.
RAID Snapshots: To take RAID array snapshots, you can do any of the following.
- Stop the instance and take the snapshots.
- Stop the IO, Freeze the file systems, unmount RAID and then take the snapshots.
AMI (Amazon Machine Image) are the image templates created from instances or root volume snapshots. You can then launch new instances from these AMI’s. There are two types of AMI’s.
- EBS backed:
- Instance Store (Ephemeral Storage): It has the following properties.
- You can add additional instance store volume during launch but not after launching the instance.
- You can add additional EBS volumes to instance-store instances after its launch.
- You cannot stop an instance store-backed instance. You can only reboot and terminate. Any underlying host failure would delete all your data on instance store.
A security group is a virtual firewall that acts as a secure layer on top of your instance. It allows you to manage traffic flow using port numbers. You can set rules to allow specific port traffic from specific IP or another security group ID ad source.
- By default, everything is denied at security group end. You need to add rules for accessing your instances.
- You cannot add any rules for denying the traffic. You can only add rules for allowing traffic. Same for outbound rules.
- Security groups are stateful by default. By default, every traffic is allowed for outbound traffic . So you don’t have to create an outbound rule for every inbound rule you specify.
- Multiple EBS volumes can be attached to an instance and one EBS volume cannot be attached to multiple instances.
- If the spot instance is terminated by AWS, you will not get charged for the partial hour.
- EBS volumes are replicated with the availability zone by AWS for reliability.
- You can encrypt EBS volumes for data at rest and in transit between ec2 and EBS.
- Root EBS volumes cannot be encrypted by default. You have to use services like BitLocker to do that. All the additional volumes can be encrypted by default.
- If you edit a security group, it takes effect immediately without any delay.
- Snapshots can be shared only if they are not encrypted.
- You can share snapshots across accounts or make it accessible for public.
- AMI’s created from instances or snapshots are region specific. But you can copy those to other regions using CLI or API.