Training AWS - Module 2 - Computing in AWS
Training AWS - Module 2 - Computing in AWS
Computing in AWS
Instance Types
Instance Types
Create An Instance
• Instance
• AMI
• Storage
• Network placement
and addressing
• User data
• Key pairs
• Security groups
Create An Instance
Internet Protocol
• Private IPs
• Public IPs
• Elastic IPs
Create An Instance
Amazon Elastic Block Store (EBS)
Create An Instance
Instance Store (Ephemeral)
Create An Instance
User Data
• User data scripts supplied to initialize instances automatically
Linux script
Window batch or PowerShell scripts
• User data scripts can install any software package
Web server
Database server
Configuration management tools
• User data scripts are executed by
Cloud-init on Linux
EC2 config service on Window
• User data scripts run once per instance-id default
Create An Instance
User Data
Create An Instance
User Data
Create An Instance
Meta Data
Create An Instance
Security Groups
Create An Instance
Security Groups
Create An Instance
Key Pairs
Remote Access
Linux – Use SSH to log into an instance since password-only authentication is
disabled on Linux by default
Windows – Use RDP to log in to instances using an encrypted random password
that can only be decrypted using a private secret access key
Public key cryptographic keys
Only the Public Access key ID needs to be uploaded to server (in
~/.ssh/authorized_keys on Linux)
Private secret access keys can be generated locally and must be saved when
created
Create An Instance
IAM Roles
Create An Instance
IAM Roles
Create An Instance
Access Keys
An instance enters the Pending state when it is first started. As soon as it is started,
we will be charged for that instance’s first hour
• Vertical scaling:
• Scaling up/down
• Increase/decrease size of
the instance
• Horizontal scaling:
• Scaling out/in
• Increase/decrease
number of instances
Should:
Use IAM roles when launching instances
Use least privilege access policies
Guard and manage access/secret keys
Keep security patches up to date
Use a NAT and Bastion host or similar solutions
Shoud Not:
Use root level access/secret keys
Embed access/secret keys in code or commit to Git
Knowledge Check 1
What disk device would be best for storing virtual memory paging/swap files?
Boot volume
Additional EBS data drive
Instance store
Amazon S3
Knowledge Check 1
What disk device would be best for storing virtual memory paging/swap files?
Boot volume
Additional EBS data drive
Instance store
Amazon S3
Answer: Instance store. Instance storage is fast, temporary storage perfect for
storing temporary data such as memory paging and swap file data.
Knowledge Check 2
You want to deploy a new version of your web application. How do you trigger the
user data to run again and update your app?
Knowledge Check 2
You want to deploy a new version of your web application. How do you trigger the
user data to run again and update your app?
Answer: You don’t. Be default, user data is run once, when the instance first
boots.