AWS Solutions Architect Professional Week-4

Topics to be covered
Week Broader Topic Topics Tools to
be
covered
1. Introduction to Datacentre:
1.1 About Servers:
2. Introduction to Cloud Computing
3. Amazon EC2
3.1 Features of Amazon EC2
3.2 Operating Systems and Software
4. Amazon Machine Images (AMI)
4.1 Uses of AMIs
4.2 AMI types
4.2.1 Storage for the root device
4.3 Virtualization types
AWS Compute 4.4 Creating Amazon EBS-backed
2 Service Amazon
AMIs
EC2
4.5 Creating an instance store-backed
Linux AMI
5. Amazon EC2 instances
5.1 Instance types
5.2 Storage for your instance
5.3 Security best practices
5.4 Stop and terminate instances
5.5 Instance purchasing options
6. Instance lifecycle
7. EC2 Fleet and Spot Fleet
8. Monitor Amazon EC2
9. Networking in Amazon EC2
9.1 Amazon EC2 instance IP
addressing
10. Security in Amazon EC2
11. Amazon EC2 key pairs
12. Amazon EC2 security groups
13. Storage in EC2 instances
14. LAB: Get started with Amazon EC2
Windows instances

1
AWS Solutions Architect Professional Week-4

1. Introduction to Datacentre:
An organization uses a data center, also known as a data center or data center, to assemble,
process, store, and distribute massive quantities of data. A data center is a building made up
of networked computers, storage systems, and computing equipment. The applications,
services, and data that are housed in a data center are usually highly relied upon by
businesses, making it an essential tool for daily operations.
Facilities for safeguarding and defending internal, on-site resources as well as cloud
computing resources are being incorporated into enterprise data centers more frequently.
The distinction between corporate data centers and those of cloud companies are blurring
as more businesses adopt cloud computing.

1.1About Servers:
The purpose of servers is to make data, tools, or services available to other machines or
devices on a network. They are designed for constant use and reliability, are usually more
powerful, and have more storage space than conventional PCs.
Network resources are managed by servers. A user might install a server, for instance, to
handle print jobs, transmit and receive an email, or host a website. They are also adept at
making complex computations. Some servers—often referred to as dedicated servers—are
devoted to a single project or website. However, a lot of servers in use today are shared
servers that manage numerous web pages, DNS, FTP, and email in the case of a web server.

2. Introduction to Cloud Computing:

Cloud computing refers to the delivery of computing services, including servers, storage,
databases, software, analytics, and more, over the Internet, or "the cloud." Rather than
having to invest in and maintain physical infrastructure, cloud computing enables
organizations to access computing resources on an as-needed basis and pay only for what
they use.
There are three main types of cloud computing services:
Infrastructure as a Service (IaaS): This provides virtualized computing resources such as
servers, storage, and networking, allowing users to create and run their own software and
applications.
Platform as a Service (PaaS): This provides a platform for users to develop, run, and manage
their own applications without having to worry about the underlying infrastructure.
Software as a Service (SaaS): This provides software applications that are delivered over the
Internet, typically through a web browser or mobile app.
Some of the key benefits of cloud computing include increased scalability, flexibility, and
cost-effectiveness, as well as improved accessibility, reliability, and security. Cloud

2
AWS Solutions Architect Professional Week-4

computing is used by a wide range of organizations, from small businesses to large

enterprises, across a variety of industries.

3. Amazon EC2:
Amazon Elastic Compute Cloud (Amazon EC2) is a web service provided by Amazon Web
Services (AWS) that offers scalable computing capacity in the cloud. With Amazon EC2, you
can provision virtual machines (known as "instances") and run your applications on them.
Amazon EC2 offers a variety of instance types optimized for different use cases, such as
compute-optimized, memory-optimized, and storage-optimized instances. You can choose
the instance type that best fits your workload and pay only for the resources you use.
Amazon EC2 also allows you to scale your infrastructure up or down as needed. You can
easily launch new instances or terminate existing ones, depending on the demand for your
application. Additionally, Amazon EC2 provides features like load balancing, auto-scaling,
and monitoring to help you manage your infrastructure and maintain high availability for
your applications.
Overall, Amazon EC2 is a powerful and flexible tool for running your applications in the
cloud, providing you with the resources you need to scale your infrastructure and meet the
demands of your users.

3.1 Features of Amazon EC2:

Amazon Elastic Compute Cloud (EC2) is a web service that provides scalable computing capacity in
the cloud. EC2 allows you to easily launch and manage virtual servers, known as instances, in Amazon
Web Services (AWS) data centers. With EC2, you can quickly scale up or down your computing resources
based on demand, paying only for the capacity that you use.

Some of the key features of EC2 include:

● Elasticity and scalability: EC2 allows users to scale computing resources up or down
as needed, based on demand.
● Multiple instance types: EC2 provides a wide range of instance types with different
configurations of CPU, memory, storage, and networking capacity to suit various
workloads.
● Flexible pricing models: EC2 offers various pricing models, including On-Demand,
Reserved Instances, and Spot Instances, to help users optimize their costs.
● Security: EC2 provides several security features, including Virtual Private Cloud (VPC),
Security Groups, and Network Access Control Lists (ACLs), to ensure secure
communication and access control.

3
AWS Solutions Architect Professional Week-4

● Easy management: EC2 instances can be easily managed using the AWS
Management Console, AWS CLI, or AWS SDKs.

● Integration with other AWS services: EC2 integrates with other AWS services, such as
Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), and Amazon
Relational Database Service (RDS), to provide a complete cloud infrastructure
solution.
● High availability: EC2 provides high availability by automatically replacing instances
in the event of hardware failure or software issues.
● Customization: EC2 provides users with the flexibility to customize their instances
with different operating systems, software, and configurations, making it suitable for
a wide range of workloads.

3.2 Operating Systems and Software:

An increasing number of operating systems, including Microsoft Windows and Linux
versions like Amazon Linux 2, Ubuntu, Red Hat Enterprise Linux, CentOS, SUSE, and
Debian, are preconfigured in Amazon Machine Images (AMIs). To give you as many options
as feasible, we collaborate with the community and our collaborators. For use with your EC2
instances, the AWS Marketplace offers a huge assortment of paid and unpaid software from
reputable sellers.

4. Amazon Machine Images (AMI):

An Amazon Machine Image (AMI) is a pre-configured virtual machine image used to create
an instance on Amazon Web Services (AWS). An AMI contains a template for the root file
system, launch permissions, and other information required to launch an instance.
AMIs are used to launch new instances of EC2 (Elastic Compute Cloud) which is a scalable
cloud computing service provided by AWS. With AMIs, users can quickly and easily launch
instances with the software and configurations that they need, rather than having to
manually install everything on a new instance each time.
Features of Amazon Machine Images (AMIs):

● Pre-installed software and configuration: AMIs are pre-configured with operating

systems, applications, and other software components. This makes it easy to launch
instances with the desired configuration without having to manually install and
configure each component.

4
AWS Solutions Architect Professional Week-4

● Multiple AMI types: Amazon offers a variety of AMI types, including those optimized
for specific workloads such as machine learning, database, and web servers.
● Customizable: AMIs can be customized to include additional software or
configuration changes as per the specific requirements.
● Public and private AMIs: AMIs can be publicly available or private, depending on the
owner’s preference. Public AMIs are shared by other Amazon Web Services (AWS)
users while private AMIs are only accessible to the owner.
● Versions: AMIs can have multiple versions, each with different configurations or
software components.
● EBS-backed and Instance-store backed: AMIs can be backed by either Elastic Block
Store (EBS) or instance store. EBS-backed AMIs store their data on Amazon EBS
volumes while Instance-store backed AMIs store their data on instance-store
volumes, which are temporary storage volumes that are attached to an instance
when it is launched.
● Fast and easy to launch: AMIs can be launched quickly and easily using the Amazon
EC2 console, command line interface, or APIs. This makes it possible to rapidly
deploy applications or scale up resources as required.

4.1 Uses of AMIs:

Some of the use cases of AMI are:

5
AWS Solutions Architect Professional Week-4

● Replication and distribution of software: AMI can be used to replicate and distribute
software across multiple instances. By creating a custom AMI with your pre-installed
software and configurations, you can ensure that all instances launched from that
AMI will have the same software stack.
● Disaster recovery: AMI can be used to create a backup of your entire application
stack. In the event of a disaster, you can use this AMI to launch a new instance in a
different availability zone or region to restore your application.
● Scalability: AMI can be used to quickly launch multiple instances with the same
configuration. This is useful when you need to scale your application to meet
increasing demand.
● Testing and Development: AMI can be used to create a development or testing
environment that is identical to the production environment. This allows developers
to test their code in a realistic environment and identify issues before they are
deployed to production.

4.2 AMI types:

You can select an AMI to use based on the following characteristics:

● Region

● Operating system

● Architecture (32-bit or 64-bit)

● Launch Permissions

● Storage for root device

4.2.1 Storage for the root device:

When you launch an EC2 instance from an AMI, you have the option to specify the type of
storage volume to use for the root device of the instance. The root device is the storage
device that contains the operating system and other essential files for the instance.
Amazon EC2 provides two types of storage for the root device of an instance:

● Instance store: Instance store volumes are physically attached to the host computer
that is running the EC2 instance. They provide high-speed local storage that is ideal
for temporary data or data that can be recreated. However, data stored on instance
store volumes is lost when the instance is terminated, stopped, or fails.
● Amazon Elastic Block Store (EBS): EBS provides persistent block-level storage that
can be attached to an EC2 instance. EBS volumes can be detached from one instance

6
AWS Solutions Architect Professional Week-4

and attached to another, making them a better choice for long-term data storage.
Additionally, you can take snapshots of EBS volumes, which can be used to create
new volumes or recover data in case of a failure.

4.3 Virtualization types

Linux AMI virtualization types:
When you launch an instance from an Amazon Linux AMI, you can choose from several
virtualization types. Here are the three virtualization types supported by Amazon EC2:

● Paravirtual (PV): This is the original virtualization type, which is based on a

specialized kernel that provides a lightweight, efficient virtualization
environment. PV instances are not as flexible as HVM instances, as they
require PV-compatible operating systems, such as Amazon Linux AMI, to run.
● Hardware-assisted virtual machine (HVM): This virtualization type uses
hardware virtualization extensions such as Intel VT-x and AMD-V to provide a
more powerful, flexible virtualization environment. HVM instances can run
any operating system that is supported by EC2, including Windows, Linux,
and other Unix-like operating systems.
● Nitro-based virtualization: This is the latest virtualization type, which uses a
combination of hardware and software to provide a high-performance,
isolated virtualization environment. Nitro-based instances have access to
local NVMe storage, enhanced networking, and higher network bandwidth
compared to PV and HVM instances.

4.4 Creating Amazon EBS-backed AMIs:

Start an instance of a current AMI, modify it, use that modified AMI to build a new AMI, and
then start an instance of your new AMI. The diagram's values correspond to those in the
following explanation.

Step 1: Start with an existing AMI

Find a current AMI that is comparable to the AMI you want to make. This could be an AMI
you made or one you bought from the AWS Marketplace.

7
AWS Solutions Architect Professional Week-4

Step 2: Launch instance from existing AMI

Launching an instance from the AMI you want to use as the foundation for your new AMI,
then configuring it, is how you set up an AMI.
Step 3: EC2 instance- Customize the instance
Connect to your instance and make the necessary modifications. These modifications will be
a part of your updated AMI.

● Installation of Software

● Maintenance of data

● Attaching additional EBS volumes

Step 4: Create an image

To make sure that everything on the instance is halted and in a consistent state throughout
the creation process, Amazon EC2 shuts down the instance before generating the AMI when
you generate an AMI from an instance. You can instruct Amazon EC2 not to shut down and
reboot your server if you are certain that it is in a constant state suitable for AMI
generation. It is safe to make the snapshot without restarting the instance with some file
systems, such as XFS, because they have the ability to stop and unfreeze activity.

Step 5: New AMI

You will have a new AMI and copy (snapshot #2) generated from the instance's root disc
once the procedure is finished. The block device mapping for the new AMI includes details
for any instance-store volumes or EBS volumes that you added in addition to the root device
volume to the instance.
Step 6: Launch instance from new AMI
You can use the new AMI to launch an instance.
Step 7: EC2 instance- the new instance
Amazon EC2 uses the snapshot to build a new EBS volume for the instance's base volume
when you start an instance using the new AMI. The block device mapping for the new AMI
includes information for these volumes if you added instance-store volumes or EBS volumes
when you customized the instance, and the block device mappings for instances that you
launch from the new AMI naturally contain information for these volumes.

4.5 Creating an instance store-backed Linux AMI:

8
AWS Solutions Architect Professional Week-4

The method of generating an AMI from an instance store-backed instance is depicted in the
diagram below.

Step 1: Launch an instance

Start by launching a new EC2 instance and selecting an instance type that supports
instance store volumes. During the instance launch process, you can choose the Linux
AMI you want to use as a basis for your new AMI.

Step 2: Customize the instance

Once the instance is launched, customize it by installing any additional software,
updates, or configurations that you want to include in the new AMI.
Step 3: Create a bundle
Use the "ec2-bundle-vol" command to create a bundle of the root file system and any
other instance store volumes you want to include in the new AMI.
Step 4: Upload the bundle
Uses the "ec2-upload-bundle" command to upload the bundle to an Amazon S3 bucket.
Step 5: Register the AMI
Use the "ec2-register" command to register the new AMI, specifying the location of the
bundle in S3, the architecture, and any other details required.

9
AWS Solutions Architect Professional Week-4

Step 5: Test the new AMI

Launch a new instance using the new AMI to test that everything is working as
expected.
Step 6: Share the new AMI
If you want to make the new AMI available to others, you can share it either publicly or
with specific AWS accounts.

5. Amazon EC2 instances:

Amazon EC2 uses the snapshot to build a new EBS volume for the instance's base volume
when you start an instance using the new AMI. The block device mapping for the new AMI
includes information for these volumes if you added instance-store volumes or EBS volumes
when you customized the instance, and the block device mappings for instances that you
launch from the new AMI naturally contain information for these volumes.

5.1 Instance types:

Amazon Elastic Compute Cloud (EC2) offers various types of instances that cater to different
computing needs. The instance types differ in terms of their CPU, memory, storage, and
networking capabilities. Here are the different types of EC2 instances:
Every instance class offers a different minimum level of efficiency from a shared resource.
For instance, instance classes that execute I/O operations quickly are allotted more shared
resources. The variance of I/O speed is also decreased by allocating a greater portion of
common resources. The majority of apps can get by with moderate I/O speed. Consider an
instance type with increased I/O performance, though, for apps that need more or more
consistent I/O performance.

10
AWS Solutions Architect Professional Week-4

The extra capabilities denoted by the instance type names are as follows:
● a – AMD processors

● g – AWS Graviton processors

● i – Intel processors
● d – Instance store volumes
● n – Network optimization
● b – Block storage optimization
● e – Extra storage or memory
● z – High-frequency

Available instance types

A wide range of instance types optimized for various use cases are available through
Amazon EC2. You have the freedom to select the ideal combination of resources for your
applications thanks to the flexibility provided by instance types, which include various
combinations of CPU, memory, storage, and networking capability. To scale your resources
to the demands of your desired workload, each instance type offers one or more instance
sizes.

Sixth and seventh-generation instances include:

● General purpose: M6a, M6g, M6gd, M6i, M6id, M6idn, M6in, M7g, T4g
● Computer-optimized: C6a, C6g, C6gd, C6gn, C6i, C6id, C6in, C7g, Hpc6a
● Memory-optimized: Hpc6id, R6a, R6g, R6gd, R6i, R6id, R6idn, R6in, R7g, X2gd, X2idn,
X2iedn
● Storage optimized: I4i, Im4gn, Is4gen

● Accelerated computing: G5g, Trn1

Instances

● General purpose

11
AWS Solutions Architect Professional Week-4

● Compute optimized

● Memory optimized

● Storage optimized

● Accelerated computing

5.2 Storage for your instance:

Amazon Elastic Block Store (EBS) provides persistent block-level storage volumes for Amazon EC2
instances. With EBS, you can create, attach, and detach storage volumes to EC2 instances on the fly.
EBS volumes are network-attached and can be used to store data that needs to persist beyond the
life of an EC2 instance.

Here are some key features of EBS:

1 Performance: EBS provides high-performance storage for EC2 instances, with the ability
to achieve up to tens of thousands of IOPS per volume.
2 Durability: EBS volumes are designed for 99.999% durability and can withstand the
failure of a single disk in a storage cluster.
3 Elasticity: You can easily increase or decrease the size of an EBS volume without any
downtime. You can also take snapshots of an EBS volume, which can be used to create
new EBS volumes or to restore a volume to a previous state.
4 Encryption: EBS volumes can be encrypted to protect your data at rest. You can use the
AWS Key Management Service (KMS) to manage your encryption keys.
Types of EBS volumes: EBS provides several types of volumes optimized for different use
cases, including

● General Purpose SSD (gp2): A good choice for most workloads, with a balance of
price and performance.
● Provisioned IOPS SSD (io1): Provides high performance for mission-critical
applications that require sustained IOPS performance.
● Throughput Optimized HDD (st1): Provides low-cost, high-throughput storage for
frequently accessed, throughput-intensive workloads.
● Cold HDD (sc1): Provides low-cost, infrequently accessed, throughput-intensive
storage for data that is accessed less frequently.
Overall, EBS is a highly scalable and durable storage solution that can provide high-
performance block-level storage for EC2 instances.

5.3 Security best practices

12
AWS Solutions Architect Professional Week-4

1 Keep your instances up-to-date: Regularly apply security patches and updates to your
instances to address vulnerabilities and ensure that your software is running on the
latest versions.
2 Use strong passwords: Ensure that you use strong passwords for all user accounts on
your instances, including the root account. You can also use multi-factor authentication
(MFA) to add an extra layer of security.
3 Limit access to your instances: Use security groups to control inbound and outbound
traffic to your instances. Also, limit access to your instances by allowing only specific IP
addresses or IP ranges to connect to your instances.
4 Use encryption: Use encryption to protect sensitive data at rest and in transit. For
example, you can encrypt data using Amazon S3 server-side encryption or encrypt data
in transit using SSL/TLS.
5 Monitor your instances: Monitor your instances for any suspicious activity or
unauthorized access attempts. You can use Amazon CloudWatch to monitor your
instances and set up alerts for specific events.
6 Implement least privilege: Use the principle of least privilege to grant access only to the
resources and actions that are necessary for your instances to function. Also, regularly
review permissions to ensure that they are still required and appropriate.

5.4 Stop and terminate instances

You can stop or terminate a running instance at any time.
Stop an instance
An instance in Amazon Elastic Compute Cloud (EC2) is a cloud-based virtual server. An EC2
instance is effectively ended when you stop it, meaning it is no longer active and is not
consuming any resources. However, the Amazon EBS (Elastic Block Store) volumes
associated to the instance still contain the instance setup and data.
Terminating an instance is not the same as stopping it. An instance is entirely shut down and
all data is permanently erased when it is terminated. On the other hand, if you stop an
instance and then restart it later, the data and configurations will still be there and it will
pick up where it left off.
While you wish to save money by not paying for the instance's resources while you are not
using them, stopping an instance might be advantageous. Stopping an instance can also aid
in resource conservation and help you lower your overall carbon impact.
Terminate an instance
An instance is a cloud-based virtual server in Amazon Web Services (AWS). In EC2 (Elastic
Compute Cloud), terminating an instance implies permanently destroying the instance and
all of the data it contains. Before terminating an instance, ensure sure you no longer require
it as this action cannot be reversed.
When an EC2 instance is terminated, its associated Elastic IP (if any) is released, and its EBS
(Elastic Block Store) volumes—which house its operating system, programs, and data—are

13
AWS Solutions Architect Professional Week-4

deleted. A terminated instance cannot be restarted, and all data kept on its EBS volumes is
lost.
Take a backup of any crucial data housed on an instance before shutting it down, or move
the data to another instance. To prevent any disturbance to your business activities, you
should also make sure that any services or apps that are currently executing on the instance
are terminated or migrated to another instance.

5.5 Instance purchasing options

Amazon Elastic Compute Cloud (EC2) instances can be purchased using several different
pricing models in AWS. The purchasing options available for EC2 instances are

1. On-Demand Instances: This is the default purchasing option for EC2 instances, which
allows you to pay for compute capacity by the hour or second, with no long-term
commitments or upfront payments.
2. Reserved Instances: Reserved Instances provide you with a significant discount (up
to 75%) compared to On-Demand pricing, in exchange for a one-time upfront
payment and a commitment to use the instance for a minimum of one or three
years.
3. Spot Instances: Spot Instances enable you to bid on unused EC2 capacity and
potentially run your instances at a significantly lower cost than On-Demand pricing.
However, the pricing can be highly variable and there is a risk of interruption if the
spot price exceeds your bid.
4. Dedicated Hosts: With Dedicated Hosts, you have full control over the EC2 instances
that run on a dedicated physical server, which can help you meet compliance
requirements and reduce the risk of noisy neighbor issues.
5. Savings Plans: Savings Plans offer savings of up to 72% on On-Demand pricing by
committing to a certain amount of usage (measured in dollars per hour) for a one- or
three-year term.
6. Capacity Reservations: Capacity Reservations allow you to reserve capacity for your
EC2 instances in a specific Availability Zone for any duration, up to three years. This
provides you with the assurance that you will be able to launch instances when you
need them.
7. Outposts Instances: Outposts Instances are EC2 instances that run on-premises on
AWS Outposts, which is a fully managed service that extends AWS infrastructure,
AWS services, APIs, and tools to virtually any datacentre, co-location space, or on-
premises facility for a consistent hybrid experience.
Note that not all of these purchasing options may be available in all AWS regions, and some
may not be available for all instance types or sizes.

14
AWS Solutions Architect Professional Week-4

6. Instance lifecycle:
The many phases that an instance goes through from creation to termination are referred to
as the lifespan of an Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instance.

Here are the typical stages in an EC2 instance's lifecycle:

● Provisioning: This is the initial stage where an EC2 instance is created and launched.

● Running: This is the stage when the instance is up and running, and users can
connect to it to perform various tasks.
● Stopped: This is the stage when an EC2 instance is temporarily halted but not
terminated. The instance's data remains intact, but it cannot perform any tasks until
it's started again.
● Terminated: This is the final stage where an EC2 instance is permanently shut down
and all data associated with it is deleted.

Instance launch:
An instance is in the pending state when it is launched. The hardware of the host computer
for your instance is determined by the instance type that you choose at launch. We launch
the instance using the Amazon Machine Image (AMI) you selected. The instance enters the
operating state once it is prepared for you. You may connect to your instance while it is
running and utilize it just as you would a desktop PC in front of you.
As soon as your instance enters the operating state, you're charged for every second you
keep it running, with a one-minute minimum, even if it stays unattended and you don't
connect to it.
Instance stop and start: Amazon Web Services (AWS) offers EC2 (Elastic Cloud Computing),
a web service that offers resizable computing power in the cloud. EC2 instances are virtual
machines that run on physical servers in AWS data centers.

15
AWS Solutions Architect Professional Week-4

Starting and stopping an EC2 instance refers to the process of launching and shutting down
the virtual machine that is associated with the instance. When you start an EC2 instance,
AWS provisions the resources needed to run the instance, such as CPU, memory, storage,
and network connectivity. Once the resources are available, the instance boots up and
becomes ready to use.
On the other hand, when you stop an EC2 instance, AWS shuts down the virtual machine
and releases the resources associated with it. Stopping an instance is different from
terminating an instance, which permanently deletes the instance and all its associated data.
Stopping an EC2 instance can be useful to save costs when you don't need the instance to
be running continuously, such as during off-hours or weekends. By stopping the instance,
you can avoid paying for the compute resources that the instance would use when it is idle.
Starting and stopping an EC2 instance can be done through the AWS Management Console,
AWS CLI (Command Line Interface), or AWS SDKs (Software Development Kits).

Instance hibernate:
EC2 instances hibernate state in AWS is a feature that allows you to pause an EC2 instance
in a way that preserves its in-memory state and network connections. When you hibernate
an instance, its state is written to disk in an Amazon EBS volume, and then the instance is
stopped. When you later start the instance again, it restores its state from the disk and
continues from where it left off, including any network connections that were established
before hibernation.
The hibernate state is useful for applications that need to be restarted quickly and retain
their in-memory states, such as databases, in-memory caches, and other long-running
applications. It can also help you save on EC2 costs since you can hibernate an instance
when it's not needed and resume it later, rather than running it continuously.
Note that not all instance types support hibernation, and you must have an Amazon EBS
volume that is large enough to store the instance's RAM contents. Additionally, hibernation
is only available for instances running Amazon Linux, Ubuntu, or Windows Server.

Instance reboot:
In AWS, an EC2 (Elastic Compute Cloud) instance reboot state refers to the process of
restarting the virtual server that hosts the EC2 instance. When an EC2 instance is rebooted,
it is shut down and then immediately started again.
During the reboot process, the operating system and all running applications are gracefully
shut down, and any temporary data that has not been saved is lost. Once the instance has
been restarted, it will regain its previous state, and any data stored on its attached storage
volumes will still be available.
Rebooting an EC2 instance can be useful in situations where the instance is experiencing
performance issues, or if a software update or configuration change requires a restart of the

16
AWS Solutions Architect Professional Week-4

operating system or other applications running on the instance. It can also be used to
troubleshoot issues related to the instance's network or storage connectivity.

Instance retirement:
When an EC2 instance is retired, it is permanently removed from the service, and any data
stored on its local instance store is lost. However, any data stored on EBS (Elastic Block
Store) volumes attached to the instance can be preserved by taking a snapshot of the
volume.
The retirement of an EC2 instance is typically initiated by Amazon as part of its normal
maintenance and upgrade procedures. Amazon provides customers with a retirement notice
several weeks in advance of the instance's scheduled retirement date. The notice contains
information about the instance's retirement date, the reason for its retirement, and
guidance on how to migrate any data and services running on the instance to a new
instance.
To avoid disruption to your applications and services, it is important to monitor your EC2
instances and ensure that they are migrated to new instances before their retirement date.
You can use tools like AWS CloudWatch or third-party monitoring solutions to keep track of
your EC2 instances and receive alerts when an instance is scheduled for retirement.

Instance termination:
In AWS (Amazon Web Services), EC2 (Elastic Compute Cloud) instances are virtual machines
that provide scalable computing capacity in the cloud. When an EC2 instance is terminated,
it means that the instance is permanently shut down and its resources are released, such as
the memory, CPU, and storage.
EC2 instance termination can occur due to various reasons such as manual termination by
the user, hardware failure, or due to automatic termination by AWS. For example, if an EC2
instance is part of an auto-scaling group, AWS may terminate the instance if it's no longer
needed to maintain the desired capacity.
It's important to note that terminating an EC2 instance will result in the loss of all data
stored on the instance's local storage. Therefore, it's essential to back up important data
before terminating an instance or using other AWS services such as EBS (Elastic Block Store)
to store data persistently.

17
AWS Solutions Architect Professional Week-4

7. EC2 Fleet and Spot Fleet:

In Amazon Web Services (AWS), a fleet refers to a collection of Amazon Elastic Compute
Cloud (EC2) instances that are grouped together based on common criteria, such as a
specific instance type, operating system, or purpose.
Fleets enable you to manage multiple EC2 instances simultaneously, which can be useful for
tasks such as deploying applications, performing batch processing, or handling high-traffic
web applications. You can also use fleets to balance the load across multiple instances, to
ensure that your applications can handle traffic spikes and provide high availability.
EC2 Fleet:
Amazon EC2 Fleet is a feature of Amazon Web Services (AWS) that allows users to create a
virtual server fleet that can be made up of a combination of On-Demand, Reserved, and
Spot EC2 instances. EC2 Fleet provides a simplified way to manage and provision large-scale
compute resources for your applications and workloads.
With EC2 Fleet, you can specify the capacity and instance types that you need for your
application, and EC2 Fleet will automatically provision the instances for you, using a
combination of On-Demand, Reserved, and Spot instances based on your defined priorities.
This allows you to optimize your costs and performance by using the most cost-effective
instance types available at any given time.

EC2 Fleet also provides features such as the ability to specify target capacity, maximum
price, and fleet diversification, which allows you to ensure that your application has the
resources it needs while also ensuring that your costs stay within budget.

18
AWS Solutions Architect Professional Week-4

Overall, EC2 Fleet simplifies the management of large-scale compute resources in AWS by
providing a flexible and cost-effective way to provision and manage virtual server fleets.

Spot Fleet:
In AWS EC2, a Spot Fleet is a collection of Amazon EC2 Spot Instances, which are spare
compute capacities available for short-term use at a discounted price. Spot Instances are
ideal for workloads that can be interrupted, such as batch jobs, background processing, and
testing, as they offer up to 90% savings compared to on-demand pricing.

Spot Fleet allows you to request a specific amount of compute capacity, in terms of vCPUs
or instances, and the Spot Fleet will automatically launch Spot Instances on your behalf to
meet that capacity target. Spot Fleet continuously monitors the status of Spot Instances and
automatically replenishes any interrupted instances to maintain the target capacity.
You can create a Spot Fleet with a mix of instance types and Availability Zones to optimize
for performance, availability, and cost. Spot Fleet also supports the launch of Spot Instances
with different pricing models, including Spot Block and Spot Instance types, to provide
further flexibility and cost optimization.

8. Monitor Amazon EC2

Monitoring in EC2 instances refers to the process of collecting and analyzing metrics related
to the performance and health of the instances. AWS provides multiple tools to monitor the
EC2 instances, such as Amazon CloudWatch, AWS Config, and AWS CloudTrail.
Monitoring EC2 instances in AWS involves tracking various performance metrics and logs to
ensure that the instances are running smoothly and efficiently. Here are some of the key
areas that require monitoring:
1. CPU utilization: Monitoring CPU utilization can help you understand if the instance
has enough resources to handle the workload.
19
AWS Solutions Architect Professional Week-4

2. Memory usage: Monitoring memory usage can help you understand if the instance
has enough memory to handle the workload.
3. Disk I/O: Monitoring disk I/O can help you understand if the instance has enough I/O
capacity to handle the workload.
4. Network traffic: Monitoring network traffic can help you understand if the instance is
receiving and sending data at the expected rate.
5. Application logs: Monitoring application logs can help you identify errors and issues
with the applications running on the instance.
6. System logs: Monitoring system logs can help you identify errors and issues with the
operating system and the instance itself.
7. Security logs: Monitoring security logs can help you identify any security-related
issues or breaches on the instance.
By monitoring these key areas, you can identify issues before they become critical and take
steps to resolve them, ensuring that your EC2 instances are running efficiently and reliably.
You may use a variety of AWS tools to keep an eye on Amazon EC2. Some of these
technologies may be configured to perform the monitoring for you, while others need
manual involvement.
Automated monitoring tools

● System status checks - keep track of the performance of the AWS systems needed to
utilize your instance. These tests identify issues with your instance that needs to be
fixed by AWS. You have the option of waiting for AWS to rectify a system status
check failure or handling it on your own (by, for instance, pausing, restarting, or
terminating and replacing an instance).
● Instance status checks - Check the software and network setup of your specific
instance using instance status checks. These tests identify issues that need your
assistance to fix. Usually, if an instance status check fails, you'll have to fix it on your
own (by restarting the instance or changing your operating system, for example).
● Amazon CloudWatch alarms - A single metric is monitored by Amazon CloudWatch
alerts throughout a time period you select, and one or more actions are taken based
on the metric's value in relation to a specified threshold across a number of time
periods. An alert is sent to an Amazon Simple Notification Service (Amazon SNS)
subject or an Amazon EC2 Auto Scaling policy as the action. Actions are only
triggered by alarms for long-lasting state changes. The condition of a CloudWatch
alert must have changed and been sustained for a predetermined number of periods
before actions will be triggered.
● Amazon EventBridge - Automate your AWS services to respond to system events
automatically. Near real-time delivery of events from AWS services to EventBridge allows
you to specify automatic actions to be performed when an event satisfies a rule you've
written.

20
AWS Solutions Architect Professional Week-4

Manual monitoring tools

Here are some manual monitoring tools for EC2 instances that you can use:

● Amazon CloudWatch - It is a monitoring service that provides metrics, logs, and

alarms for AWS resources, including EC2 instances.
● AWS CloudTrail - It is a service that records API calls made on your AWS account and
provides detailed information about them. You can use it to monitor changes to your
EC2 instances.
● AWS Systems Manager - It is a management service that provides a unified user
interface so that you can view operational data from multiple AWS services and
automate operational tasks.
● AWS Config - It is a service that tracks changes to your AWS resources over time and
records configuration details for the resources. You can use it to monitor changes to
your EC2 instances.
● Nagios - It is an open-source monitoring tool that allows you to monitor your EC2
instances and other resources. You can use it to set up alerts and notifications based
on metrics.

9. Networking in Amazon EC2:

Networking in Amazon EC2 instances refers to the ability of the instances to communicate
with other resources both within and outside of the Amazon Web Services (AWS)
infrastructure.
EC2 instances are created within a Virtual Private Cloud (VPC), which provides a logically
isolated section of the AWS Cloud where you can launch Amazon EC2 instances and enables
you to define and control network configurations such as IP addresses, routing tables, and
network gateways.
EC2 instances can be assigned a private IP address within the VPC, which allows them to
communicate with other instances within the same VPC using internal IP addresses.
Additionally, instances can be assigned public IP addresses, which allows them to
communicate with the internet and other resources outside the VPC.
EC2 instances can also be configured with security groups, which act as virtual firewalls to
control inbound and outbound traffic to the instance. Security groups allow you to specify
rules that allow or deny traffic based on the type of traffic, the protocol used, and the
source or destination of the traffic.
Overall, networking in EC2 instances is a critical aspect of their functionality and enables
them to communicate with other resources to perform a variety of tasks and services within
the AWS infrastructure.

21
AWS Solutions Architect Professional Week-4

Regions and Zones:

A web service called Amazon Elastic Computation Cloud (EC2) offers resizable computation
capacity in the cloud. EC2 instances are virtual servers that can be launched in different
regions and availability zones.
A region is a geographic location where Amazon has one or more data centers. Each region
is completely independent and has its own set of resources, such as EC2 instances, storage,
and databases. Regions are identified by a name, such as us-east-1, us-west-2, eu-west-1,
etc.

An availability zone is an isolated location within a region that is designed to be highly

available and fault-tolerant. Each availability zone is composed of one or more data centers,
and they are connected to each other through low-latency links. Availability zones are
identified by a letter, such as us-east-1a, us-west-2c, eu-west-1b, etc.
By launching EC2 instances in different regions and availability zones, customers can achieve
high availability, fault tolerance, and low latency for their applications. They can also use
EC2 instances in multiple regions to comply with data residency and compliance
requirements.

9.1 Amazon EC2 instance IP addressing

22
AWS Solutions Architect Professional Week-4

Both the IPv4 and IPv6 addressing protocols are supported by Amazon EC2 and Amazon
VPC. There is no way to stop Amazon VPC from using the IPv4 addressing protocol by
default. A set of private IPv4 addresses known as an IPv4 CIDR block must be specified when
creating a VPC. Your VPC can potentially get an IPv6 CIDR block, and instances in your
subnets can receive IPv6 addresses from that block

Public IP Address in EC2:

Every EC2 instance running in a Virtual Private Cloud (VPC) has both a private IP address and
a public IP address. The private IP address is assigned by AWS to the instance at launch time
and is used for communication within the VPC. The public IP address is assigned by AWS at
launch time and is used for communication with the Internet.
The public IP address is associated with the instance's network interface, and it can change
every time the instance is stopped and started again. If you must ensure that your EC2
instance always has a consistent public IP address, you can allocate an Elastic IP address and
associate it with your instance. This way, the public IP address will remain the same even if
the instance is stopped and started again. However, keep in mind that there may be a small
charge for using Elastic IP addresses, and you should release them when they are no longer
needed to avoid unnecessary charges.

Private IP Address in EC2:

Private IP addresses are IP addresses that are used for communication within a private
network. In the case of Amazon Elastic Compute Cloud (EC2) instances, private IP addresses
are used for communication within the Virtual Private Cloud (VPC) that the instances are
running in.
EC2 instances are assigned private IP addresses when they are launched in a VPC. These
addresses are used to identify the instances within the VPC and to allow them to
communicate with other instances and services within the same VPC. Private IP addresses
are not routable over the internet, so they cannot be used for communication outside of the
VPC.
The range of private IP addresses that can be assigned to EC2 instances in a VPC is
determined by the CIDR block that is assigned to the VPC. By default, Amazon assigns a /16
CIDR block to a VPC, which allows for up to 65,536 IP addresses. However, you can
customize the size of the CIDR block when you create a VPC, which will determine the range
of private IP addresses that can be assigned to instances in the VPC.

Elastic IP addresses in EC2:

23
AWS Solutions Architect Professional Week-4

An Amazon Elastic Compute Cloud (EC2) instance's static, public IPv4 address is known as an
elastic IP address (EIP). EIPs may be dynamically remapped to instances in a VPC, which
enables them to be reassigned to other instances as necessary.
A private IP address and a public IP address are automatically allocated to an EC2 instance
when you activate it in a VPC. However, the public IP address is dynamic, so when you stop
and start the instance, it could vary. If you require a static IP address that does not change
even if you stop and restart the instance, this might be an issue.
An Elastic IP address can help in this situation. An EC2 instance in a VPC can have an EIP
allocated to it. Until you expressly remove an EIP from an instance, it is always connected
with that instance. The instance may therefore be stopped and started whenever necessary
without losing its public IP address.
As long as they are connected to an active EC2 instance, EIPs are available for usage without
a charge. However, you will be paid for an EIP even if it is not connected to an instance.
Additionally, you can be charged more if you frequently associate and unassociated an EIP
with instances.

10. Security in Amazon EC2:

Security in EC2 instances refers to the measures taken to protect the instances from
unauthorized access, data theft, and other security threats. Amazon Elastic Compute Cloud
(EC2) provides various security features that can help protect your instances and data,
including:
1. Security Groups: Security groups act as a virtual firewall for your instances, allowing
you to control inbound and outbound traffic to and from your instances.
2. Network Access Control Lists (NACLs): NACLs are another layer of security that can
help you control traffic to and from subnets.
3. Identity and Access Management (IAM): IAM allows you to manage users and their
access to AWS resources.
4. Encryption: EC2 instances support encryption for data at rest and in transit, allowing
you to protect sensitive data.
5. Instance Isolation: EC2 instances are isolated from each other by default, which
means that a security breach in one instance won't affect the others.
By implementing these security measures, you can help ensure that your EC2 instances are
secure and protected from potential security threats.

11. Amazon EC2 key pairs:

In Amazon Elastic Compute Cloud (EC2), a key pair is a set of security credentials that allows
you to securely connect to your EC2 instances. Key pairs consist of a public key and a private
key, which are generated together as a pair.
24
AWS Solutions Architect Professional Week-4

When you launch an EC2 instance, you can specify a key pair to use for SSH (Secure Shell)
access to the instance. You can create your own key pair, or use an existing one. When you
connect to the instance using SSH, you provide the private key, and the instance verifies
that you have the corresponding public key.
There are two types of key pairs in EC2 instances:
Amazon EC2 Key Pairs: These are key pairs that are created by Amazon EC2 and stored in
AWS. You can use these key pairs to securely connect to your instances.

User-Supplied Key Pairs: These are key pairs that you create and manage yourself. You can
upload your own public key to Amazon EC2 and use it to connect to your instances. You can
also use user-supplied key pairs for other AWS services, such as Amazon Simple Storage
Service (S3).

12. Amazon EC2 security groups:

Amazon EC2 Security Groups are virtual firewalls that act as a network access control
mechanism for EC2 instances. They control inbound and outbound traffic by allowing or
denying access to specific ports, protocols, and IP addresses.
A set of rules that control traffic to and from an EC2 instance makes up each security group.
You may designate one or more security groups to an instance when you launch it.
Additionally, you may always form a new security group or change the rules of an existing
one.
The working of Amazon EC2 Security Groups can be summarized as follows:
1. By default, all inbound traffic to an EC2 instance is blocked.
2. You create a security group and specify the inbound traffic rules that allow traffic to
your instance. For example, you might allow HTTP traffic on port 80 from any IP
address.
3. You assign the security group to your instance.
4. The security group rules are automatically applied to the instance.
5. If an inbound packet is allowed by the security group rules, it is forwarded to the
instance.
6. If an inbound packet is not allowed by the security group rules, it is dropped.
Outbound traffic from the instance is allowed by default, but you can specify outbound rules
in a security group to control outbound traffic as well.
Overall, Amazon EC2 Security Groups provide an easy and effective way to control access to
your EC2 instances, allowing you to create secure, isolated environments for your
applications and services.

25
AWS Solutions Architect Professional Week-4

13. Storage in EC2 instances:

In Amazon Elastic Compute Cloud (EC2) instances, storage refers to the amount of data that
can be stored on the instance's local disks or on Amazon Elastic Block Store (EBS) volumes
attached to the instance.
Local storage in EC2 instances is provided by one or more instance store volumes, which are
physical disks that are directly attached to the instance. These volumes provide high-
performance storage for applications that require fast access to data, but they have a
limited size and are not persistent. When an instance is terminated or stopped, the data on
the instance store volumes is lost.
EBS volumes, on the other hand, are network-attached block storage devices that can be
attached to EC2 instances. EBS volumes provide persistent storage that can be detached
from one instance and attached to another, making it easier to move data between
instances. EBS volumes can also be backed up and replicated for durability and availability.
The amount of storage available on an EC2 instance depends on the instance type and the
type of storage used (instance store volumes or EBS volumes). It's important to choose the
appropriate storage type and size for your application's needs to ensure optimal
performance and reliability.

Amazon EBS

Amazon Elastic Block Store (EBS) is a block-level storage solution offered by Amazon Web
Services (AWS) for use with Elastic Compute Cloud (EC2) instances. It allows users to create
persistent block-level storage volumes that can be attached to EC2 instances, providing
durable and highly available storage for data and applications.
EBS volumes can be created and sized on the fly, and they can be attached to and detached
from EC2 instances without any disruption to the running instances. Additionally, EBS
volumes can be backed up and restored, and they can be replicated to other availability
zones within the same region for disaster recovery purposes.

26
AWS Solutions Architect Professional Week-4

EBS volumes are optimized for transactional workloads such as databases, and they provide
consistent and low-latency performance. They can also be used as boot volumes for EC2
instances, allowing users to launch instances with their desired configuration and software
stack.

Amazon EC2 instance store

Amazon Elastic Compute Cloud (EC2) Instance Store is a temporary block-level storage
volume that is directly attached to an EC2 instance. This storage is located on disks that are
physically attached to the host computer that runs the instance, as opposed to being on a
network-attached storage device.
For information that has to be accessed often, such as buffers, caches, and temporary files,
the instance store offers temporary storage. Applications that demand high input/output
operations per second (IOPS) and high speed, low latency storage, such as databases, can
benefit the most from it.
It's important to note that instance store volumes are ephemeral, meaning that their data is
lost if the EC2 instance is stopped or terminated. Additionally, the size of an instance store
volume depends on the instance type, and cannot be changed after the instance is
launched. Therefore, it's recommended that data that needs to persist beyond the life of an
instance be stored in Amazon Elastic Block Store (EBS) volumes, which provide durable and
persistent block-level storage.
Amazon EFS file system

Amazon Elastic File System (EFS) is a fully-managed, highly scalable, and highly available
cloud-based file storage service provided by Amazon Web Services (AWS). It is designed to
provide scalable, shared access to a fully-managed file system, accessible from multiple
Amazon Elastic Compute Cloud (EC2) instances at the same time.
EFS is a fully-managed file storage service that provides a simple, scalable, and reliable file
system for use with EC2 instances. It is designed to be highly available and durable, with the
ability to automatically scale up and down to meet the needs of your applications. With EFS,
you can easily create and configure file systems, mount them on your EC2 instances, and
start using them to store and share data across your applications.

Amazon EFS can be mounted on multiple EC2 instances simultaneously, which means that
multiple instances can access the same file system at the same time, making it ideal for use
cases where multiple instances need to share data or access the same file system. This can
help to simplify the management of your file storage, as you don't need to worry about

27
AWS Solutions Architect Professional Week-4

manually synchronizing data between instances or managing the storage infrastructure

yourself.
Amazon S3

Amazon Web Services (AWS) offers Amazon S3 (Simple Storage Service) a dependable and
highly scalable object storage solution. Any quantity of data may be stored and retrieved
using it from any location on the internet.
Elastic Compute Cloud instances running on Amazon EC2 may store data using Amazon S3. A
web service called EC2 offers scalable processing power in the cloud. When running on
Amazon's cloud architecture, EC2 instances are virtual computers that need storage to
house their data and programs.
By using S3 as storage for EC2 instances, you can take advantage of S3's scalability,
durability, and availability to store and retrieve data. You can use S3 to store data that your
EC2 instances need to access frequently, as well as data that you want to keep for long-term
archiving or backup purposes.
In addition, Amazon S3 provides a number of features that can be useful when working with
EC2 instances, such as versioning, access control, and lifecycle policies. S3 also integrates
well with other AWS services, such as Amazon Elastic Block Store (EBS) and Amazon Glacier,
which can be used for more specific storage needs.

14. LAB: Get started with Amazon EC2 Windows instances

Step 1: Launch an instance

Open the Amazon EC2 console. Select Launch instance from the options that display after selecting
Launch instance in the Launch instance box on the EC2 console dashboard.

28
AWS Solutions Architect Professional Week-4

Step 2: Under Name and tags, enter a name for your instance that is descriptive for instance

Step 3: Do the following under Application and OS Images (Amazon Machine Image):
a) After selecting Browse More AMIs, pick Windows. This is your instance's
operating system (OS).
b) Choose an HVM variant of Windows from Amazon Machine Image (AMI).
These AMIs are designated as Free tier eligible, as you can see. A simple
setup called an Amazon Machine Image (AMI) acts as a model for your
instance.

29
AWS Solutions Architect Professional Week-4

Step 4: You may choose the hardware setup for your instance under the Instance type from
the list of instances. Choose the t2.micro instance type, which is selected by default. The
t2.micro instance type is eligible for the free tier. In Regions where t2.micro is unavailable,
you can use a t3.micro instance under the free tier.

30
AWS Solutions Architect Professional Week-4

Step 5: Select the key pair you made while setting up under Key pair (login) for the Key pair
name. Click on Create new key Pair

Step 6: Select Edit next to Network options. You can see that the wizard formed and chose a
security group for you under the Security group name. Alternatively, you may choose the
security group you created while setting up using the procedures below and utilize that
instead of this security group:
a) Choose to Select the existing security group.
b) Select your security group from the list of existing security groups under

Common security groups.

Step 7: Maintain the default choices for your instance's other setup settings.

31
AWS Solutions Architect Professional Week-4

Step
8:
When
you're
ready,

choose Launch instance after seeing a summary of your instance setup in the Summary
window.
Step 9: Your instance launches and a confirmation screen appears. To exit the confirmation
screen and return to the console, choose View all occurrences.

32
AWS Solutions Architect Professional Week-4

Step 10: You can see the launch's status on the Instances screen. The launch of an instance
happens quickly. An instance's initial state is Pending when you launch it. The instance
obtains a public DNS name and its status is changed to running when it starts. Choose the
settings icon (Settings symbol) in the top-right corner, turn on Public IPv4 DNS, and then
select Confirm if the Public IPv4 DNS column is hidden.
The instance might not be ready for you to join for a few minutes. You may inspect this
information in the Status check column to make sure your instance has passed its status
checks.

Step 11: Connect to your instance

33
AWS Solutions Architect Professional Week-4

Step 12: Select RDS client and click on Download remote desktop file and then click on Get
Password

34
AWS Solutions Architect Professional Week-4

Step 13: Now in order to generate the credentials click on Upload Private Key file and
Decrypt password

Step 14: Now open the windowsmachine1.rdp file in order to connect into the machine

and copy the password.

35
AWS Solutions Architect Professional Week-4

Step 15: Establish the Remote Desktop Connection by using the windowsmachine1.rdp file.
Now click on
Connect

Step 16: Now enter the password here and click ok

36
AWS Solutions Architect Professional Week-4

Step 17: Here is the Ec2 machine in which we have connected successfully

Step 18: Clean up your instance

After using the instance, you built for this tutorial, you should terminate it to complete
cleaning up.
In order to end your instance, Instances can be selected from the navigation pane.
a) Choose the instance from the list of instances.
b) Select Terminate instance under Instance status.
c) When requested for confirmation, choose Terminate.
Your instance is terminated by Amazon EC2. Following the termination of your instance, the
entry is immediately erased from the console after a brief period of time. The terminated
instance cannot be manually removed from the console display.

37
AWS Solutions Architect Professional Week-4

38