Skip to main content

EC2 Fundamentals

caution

Before Starting EC2, create a budget plan from Bill and Cost management

  • Regional Service
  • EC2 (Elastic Compute Cloud) is an Infrastructure as a Service (IaaS)
  • Stopping & Starting an instance may change its public IP but not its private IP
  • AWS Compute Optimizer recommends optimal AWS Compute resources for your workloads
  • There is a vCPU-based On-Demand Instance soft limit per region

User Data​

  • Some commands that run when the instance is launched for the first time (doesn't execute for subsequent runs)
  • Used to automate dynamic boot tasks (that cannot be done using AMIs)
    • Installing updates
    • Installing software
    • Downloading common files from the internet
  • Runs with the root user privilege

Instance Classes​

  • General Purpose
    • Great for a diversity of workloads such as web servers or code repositories
    • Balance between compute, memory & networking
  • Compute Optimized
    • Great for compute intensive tasks
      • Batch Processing
      • Media Transcoding
      • HPC
      • Gaming Servers
  • Memory Optimized
    • Great for in-memory databases or distributed web caches
  • Storage Optimized
    • Great for storage intensive tasks (accessing local databases)
      • OLTP systems
      • Distributed File System (DFS)
note

Other type of instances may exist buth only the most important once have been discussed here

EC2 Types

Security Groups​

  • Only contain Allow rules
  • External firewall for EC2 instances (if a request is blocked by SG, instance will never know)
  • Security groups rules can reference a resource by IP or Security Group
  • Default SG
    • inbound traffic from the same SG is allowed
    • all outbound traffic is allowed
  • New SG
    • all inbound traffic is blocked
    • all outbound traffic is allowed
  • A security group can be attached to multiple instances and vice versa

EC2 Types

note

Using this we can communicate with new instances without mapping with IPs (in Load Balancing)

  • Bound to a VPC (and hence to a region)
  • Recommended to maintain a separate security group for SSH access
  • Blocked requests will give a Time Out error

SSH​

Using SSH we can connect out ec2 instance.

Steps to connect:​

  1. Create a key pair.
    • you can create key pair while creating instance or later create it from Network & Security section and download it.
  2. Check security group has rule for SSH. It not then add a new rule for SSH source should 0.0.0.0/0.
  3. locate .pem file give to permission using sudo chmod 400 <your_file_name>.pem
  4. Run this to connect EC2: ssh -i "<your_file_name>.pem" <user>@<public_ip>

IAM Roles for EC2 instances​

caution

Never enter AWS credentials into the EC2 instance, instead attach IAM Roles to the instances

tip

Create a AWS role (SSMRole) which use existing policy AmazonSSMManagedInstanceCore

Purchasing Options​

On-demand Instances​

  • Pay per use (no upfront payment)
  • Highest cost
  • No long-term commitment
  • Recommended for short-term, uninterrupted and unpredictable workloads

Standard Reserved Instances​

  • Reservation Period: 1 year or 3 years
  • Recommended for steady-state applications (like database)
  • Sell unused instances on the Reserved Instance Marketplace

Convertible Reserved Instances​

  • Can change the instance type
  • Lower discount
  • Cannot sell unused instances on the Reserved Instance Marketplace

Scheduled Reserved Instances​

  • reserved for a time window (ex. everyday from 9AM to 5PM)

Spot Instances​

  • Work on a bidding basis where you are willing to pay a specific max hourly rate for the instance. Your instance can terminate if the spot price increases.
  • Spot blocks are designed not to be interrupted
  • Good for workloads that are resilient to failure
  • Distributed jobs (resilient if some nodes go down)
  • Batch jobs

Dedicated Hosts​

  • Server hardware is allocated to a specific company (not shared with other companies)
  • 3 year reservation period
  • Billed per host
  • Useful for software that have BYOL (Bring Your Own License) or for companies that have strong regulatory or compliance needs

Dedicated Instances​

  • Dedicated hardware
  • Billed per instance
  • No control over instance placement

On-Demand Capacity Reservations​

  • Ensure you have the available capacity in an AZ to launch EC2 instances when needed
  • Can reserve for a recurring schedule (ex. everyday from 9AM to 5PM)
  • No need for 1 or 3-year commitment (independent of billing discounts)
  • Need to specify the following to create capacity reservation: - AZ - Number of instances - Instance attributes

Examples​

Connect to EC2 using ssh key​

  • generate ssh key
ssh-keygen -t rsa -f ec2_connect

this will create a ec2_connect file

  • Check aws instance
aws ec2 describe-instances --region ap-south-1
  • Send ssh key to instance
aws ec2-instance-connect send-ssh-public-key \
    --instance-id i-012637e47ba8c98d7 \
    --instance-os-user ec2-user \
    --availability-zone ap-south-1a \
    --ssh-public-key file://ec2_connect.pub \
    --region ap-south-1
  • Give permission to ec2connect file
chmod 400 ec2_connect
  • Connect with ssh
ssh -i ec2_connect ec2-user@<ip>