Amazon EC2 is the main compute service of AWS, make sure you know as much as you can about it with this cheat sheet.
- The instance type defines the virtual hardware supporting an Amazon EC2 instance.
- here are dozens of instance types available, varying in the following dimensions: Virtual CPUs (vCPUs), Memory, Storage (size and type), Network performance. Instance types are grouped into families based on the ratio of these values to each other
- the table below lists some of the families available:
|Compute optimized (For workloads requiring significant processing).
|Lowest Cost General Purpose (Web/Small DBs)
|Memory optimized (For memory-intensive workloads).
|GPU-based instances (Intended for graphics and general-purpose GPU compute workloads).
|Storage optimized (For workloads requiring high amounts of fast SSD storage).
|Dense Storage (Fileservers/Data Warehousing/Hadoop).
- The network performance increases within a family as the instance type grows.
Amazon Machine Images (AMIs):
- The Amazon Machine Image (AMI) defines the initial software that will be on an instance when it is launched.
- An AMI defines every aspect of the software state at instance launch:
- The Operating System (OS) and its configuration.
- The initial state of any patches.
- Application or system software.
- There are four sources of AMIs:
- Published by AWS.
- The AWS Marketplace (online store for AMI).
- Generated from Existing Instances.
- Uploaded Virtual Servers (Using AWS VM Import/Export service).
- AMI’s are regional. You can only launch an AMI from the region in which it was stored.
- When you create an AMI, by default its marked private. You have to manually change the permissions to make the image public or share images with individual accounts
- When you launch an instance, it enters the pending state and it uses the specified AMI to launch.
- it enters the running stat where you can start connecting to it and use it.
- you can stop and start your instance to try to fix a problem. When you stop your instance, it enters the stopping state and then the stopped state.
- if you no longer need an instance, you can terminate it. As soon as the status of an instance changes to shutting-down or terminated, you stop incurring charges for that instance.
- If you enable termination protection, you can’t terminate the instance using the console, CLI, or API.
- Termination protection does not work for instances that are part of the auto-scaling group, launched as Spot instance or when terminated by initiating shutdown command.
- Data on an instance store is lost when the instance is stopped or terminated. Instance store data survives an OS reboot.
- An instance is scheduled to be retired when AWS detects an irreparable failure of the underlying hardware hosting the instance
Below is a list of all instance states:
|An instance enters the pending state when it launches for the first time, or when it is started after being in the stopped state.
|The instance is running and ready for use.
|The instance is preparing to be stopped or stop-hibernated.
|NO if preparing to stop
YES if preparing to hibernate
|The instance is shut down and cannot be used.
|The instance is preparing to be terminated.
|The instance has been permanently deleted
Root device volumes:
- Root Volumes cannot be encrypted by default, you need a 3rd party utility. Other volumes added to an instance can be encrypted.
- Non-root EBS volumes attached to the instance are preserved if you delete the instance.
- Amazon EC2 supports two types of block devices:
Instance Store (Ephemeral):
- not persistent storage.
- instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data…
- Instances using instance store storage cannot be stopped.
- Instance store volumes cannot be detached and reattached to other instances; They exist only for the life of that instance.
- If you change the instance type, an instance store will not be attached to the new instance type.
Amazon Elastic Block Store (EBS):
- For workloads requiring more durable block storage, Amazon EBS is the right choice.
- Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.
- Multiple Amazon EBS volumes can be attached to a single Amazon EC2 instance, although a volume can only be attached to a single instance at a time.
Types of EBS Volumes:
- ideal for a broad range of workloads.
- volume can range in size from 1 GB to 16 TB, up to 16,000 IOPS per volume.
- some of the use cases:
- System boot volumes.
- Virtual desktops.
- Small-to-medium sized databases.
- Development and test environments.
- General-purpose SSD volumes are billed based on the amount of data space provisioned.
Provisioned IOPS SSD:
- designed to meet the needs of I/O-intensive workloads, particularly database workloads.
- provide the highest performance of any Amazon EBS.
- volume can range in size from 4 GB to 16 TB, Consistently performs at provisioned level, up to 64,000 IOPS maximum per volume.
- The most expensive Amazon EBS volume type per gigabyte.
Throughput Optimized HDD:
- designed for frequently accessed, throughput-intensive workloads.
- Low-cost HDD volume.
- volume can range in size from 500 GiB to 16 TiB, max IOPS per volume is 500.
- use cases:
- Streaming workloads requiring consistent, fast throughput at a low price.
- Big data, Data warehouses, Log processing.
- Cannot be a boot volume.
- Lowest cost HDD volume designed for less frequently accessed workloads.
- volume can range in size from 500 GiB to 16 TiB, max IOPS per volume is 250.
- Scenarios where the lowest storage cost is important.
- Cannot be a boot volume.
Instance Metadata and User Data:
- Metadata is data about an EC2 instance: AMI ID, hostname, instance ID, instance type, private IP address, public IP address, and so on are metadata of the instance.
- User data is limited to 16 KB,
- If you stop an instance, modify its user data, and start the instance, the updated user data is not executed when you start the instance.
- You can specify user data when you launch an instance.
- You can poll an instances meta-data by using curl http://169.254.169.254/latest/meta-data/
- You can get an instance’s IP address by using curl http://169.254.169.254/latest/meta-data/public-ipv4
- You can poll an instances user-data by using curl http://169.254.169.254/latest/user-data/
- To pass the user-defined script to EC2 Linux instances running behind Autoscaling group we need to use Userdata.
Virtual Firewall Protection (Security groups):
- AWS allows you to control traffic in and out of your instances through virtual firewalls called security groups.
- Security groups allow you to control traffic based on port, protocol, and source/destination.
- Security groups are associated with instances when they are launched. Every instance must have at least one security group but can have more.
- When an instance is associated with multiple security groups, the rules are aggregated and all traffic allowed by each of the individual groups is allowed.
- Security groups are applied at the instance level.
- An IAM policy must grant or deny permissions to use one or more Amazon EC2 actions.
- you can use IAM roles to grant permissions to applications running on your instances.
- You cannot attach multiple IAM roles to a single instance, but you can attach a single IAM role to multiple instances.
Addressing an Instance:
- an instance can be addressed upon creation in several ways:
- Public Domain Name System (DNS) Name.
- Public IP: unique address on the Internet that you reserve independently and associate with an Amazon EC2 instance.
- Private IP addresses and Elastic Network Interfaces (ENIs) are additional methods of addressing instances that are available in the context of an Amazon VPC.
- An Elastic IP address is a public IPv4 address, which is reachable from the internet.
- To use an Elastic IP address, you first allocate one to your account, and then associate it with your instance or a network interface.
- You can disassociate an Elastic IP address from a resource, and reassociate it with a different resource.
- A placement group is a logical grouping of instances within a single Availability Zone.
- Placement groups enable applications to participate in a low-latency, 10 Gbps network.
- Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.
- To fully use this network performance for your placement group, choose an instance type that supports enhanced networking and 10 Gbps network performance.
Elastic Network Interfaces:
- An elastic network interface is a logical networking component in a VPC that represents a virtual network card.
- You can create and configure network interfaces in your account and attach them to instances in your VPC.
- ENI can have one public IP address and multiple private IP addresses.
- You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance.
- You cannot detach a primary network interface from an instance.
- When you create a network interface, it inherits the public IPv4 addressing attribute from the subnet.
- An ENI created independently of a particular instance persists regardless of the lifetime of any instance to which it is attached.
- You can monitor the status of your instances by viewing status checks and scheduled events for your instances.
- You can monitor your instances using Amazon CloudWatch, which collects and processes raw data from Amazon EC2 into readable, near real-time metrics.
- By default, Amazon EC2 sends metric data to CloudWatch in 5-minute periods.
- You can use the CloudWatch agent to collect both system metrics and log files from Amazon EC2 instances.
- CloudTrail captures all API calls for Amazon EC2 and Amazon EBS as events, including calls from the console and from code calls to the APIs.
EC2 video from AWS:
EC2 practice questions:
Notice: we keep updating this material.
AWSBOY Cheat sheets:
You can report a mistake or suggest new points to add to this EC2 cheat sheet…let us know in the comment section.