Amazon Elastic Compute Cloud (EC2)
Amazon Elastic Compute Cloud (EC2)
Amazon EC2 is service which provide compute capacity to AWS instances in cloud. There are two key concepts while launching instances on AWS.
- The amount of virtual hardware dedicated to the instance
- Software installed on the instance.
- C4: Compute Optimized – For workloads requiring significant processing
- R3: Memory Optimized – For memory intensive Workloads
- I2: Storage Optimized – For workloads requiring high amount of fast SSD storage.
- G2: GPU based instances: Intended for graphics and general – purpose GPU compute workloads.
Amazon Machine Images (AMIs):
It defines initial software that will be on instance when it is launched. Which includes following:
- The OS and its configuration
- Initial state of any patches
- Application or system software.
All AMI are based on x86 OS either on Linux or windows. There are four Sources of AMI.
- AWS Published: the AMI which is published by AWS, with many versions of different OS like Ubuntu, Red Hat, Windows 2008, and Windows 2012.
- AWS Marketplace: It is the online store that customer can search, buy, and independently start using software and services that run on Amazon EC2. Instance launched from AWS market place incur standard hourly cost and additional per-hour charge for additional software.
- Generated from Existing Instance: An AMI can be created from an existing EC2 instance.
- Uploaded Virtual Servers: Customer can create image from various virtualization formats including VHD, VMDK, and OVA. From VM import/export service.
There are some methods which helps to use instance securely.
- DNS Name: When instance is launched, AWS create the DNS name to access it, this DNS name is generated automatically. This DNS name persists only while instance is running and cannot be transferred to another instance.
- Public IP: As soon as Instance is launched, a public ip address is assigned form AWS reserved address pool. This IP address is unique on internet and persists only while instance is running and cannot be transferred to another instances.
- Elastic IP: This is unique IP address on internet that you reserve independently and associate with an EC2 instance.This IP address persists until the customer releases it and is not tied to the lifetime or state of an individual instance.
Amazon EC2 used key pair for login information. Public Key to encrypt and its associated private key to decrypt. These two keys are called Key pair. It is created through AWS management Console, CLI or API or Customer can upload their own key pairs.
When launching windows instance, Amazon EC2 generates a random password and encrypts password using public keys. Initial access to instance is obtained by decrypting password with private keys.
Virtual Firewall Protection:
You can control traffic going in and out from Instance from a service called security groups which allow to control the traffic based on port, protocol, and source/destination.
Following are the security groups AWS provide:
- EC2-Classic Security groups: For controlling outgoing traffic from instance
- VPC Security groups: Controls incoming / outgoing traffic from instance.
As soon as instance is launched, security group is associated to it. By default there is implicit deny for security groups. When an instance is associated to more than one security groups, rules defines in each security groups are than aggregated and all traffic allowed by each of individual groups is allowed. Security groups also acts as a stateful firewall, as in connection from inside to outside state is maintained and its reverse traffic is allowed based on that connection.
Following are instance lifecycle which any instances uses that features for proper running and provide services.
When Instance is launched some additional services runs, which are discussed below:
Bootstrapping: It is process to provide code which is necessary to run any instance. In this when instance is launched, a user data called string is passed to OS which is a scripts has to perform following task.
- Applying patches and updates to the OS.
- Enrolling in a directory service.
- Installing application software.
- Copying a Scripts or program from storage to run on the instance
VM Import/Export: This features helps to import VM from your existing environment as an EC2 instance and export them back to your on-premises environment. Instance launched within AWS from AMI cannot be exported.
Instance Metadata: It is the information about the instance used to run and configure that instance. These metadata has following attributes:
- Associated Security groups
- Instance ID
- Instance Type
- AMI used to launch instance
Tags are used to manage instance when instance are large in numbers. Tags are Key/value pairs that are associated with your instance. Tags are used to identify attributes like project environment (DEV, TEST, and DR), billing etc. approx. 10 tags can be applied per instance.
Amazon Cloud watch is a service which is used to monitoring and alerting for Amazon EC2 instances and other AWS infrastructure.
There are three pricing options which is used by AWS to charge when instance are in running state per hour.
- On-demand Instance: It is charged on hourly basis when instance is launched and when instance is terminated.
- Reserved Instances: In this resources are reserved, when purchasing a reservation the customer specifies instance type, Availability Zones. There are three payment option in Reserved Instances:
- All Upfront: Pay for entire reservation upfront.
- Partial Upfront: pay the partial amount as up front and rest in monthly installments for duration of term.
- No upfront: Pay the entire reservation charge monthly installment for the duration of terms.
If while on course of time, your compute need changes, you can modify reserved instance and continue to benefit from your capacity reservation. You can modify your whole reservation or just a subnet in following ways
- Switch Availability Zones within Same region
- Changes between EC2-VPC and Ec2-Classic
- Change the instance type within the same instance family .
- Spot Instances: In this a bid is done by customer, if the bid price is above spot price , the customer will receive the requested instance(s). These instances will operate like all other Amazon EC2 instances, and the customer will only pay the Spot price for the hours that instance(s) run. The instances will run until:
- The customer terminates them.
- The Spot price goes above the customer’s bid price.
- There is not enough unused capacity to meet the demand for Spot Instances.