When we create ec2 instance, we can run some scripts initially, and that is under user-data section:

starting/stopping instance you may lose its public ip and get a new one.

Instance naming by aws →

Ports:

Security Groups (NSGs in azure, the commandos to safeguard ec2 VMs)

Security groups in aws can reference other security groups, which is unlike azure..
Otherwise, NSGs use IPs and ports to allow certain traffic..
Unlike azure, in AWS NSG’s only have “ALLOW” rules.

One NSG can be assigned to multiple ec2 instances.. One ec2 instance can attach multiple nsgs.
NSGs belong to a VPC (vnet) and are local to a region.

First time running aws cli “aws configure”.. Then asks for “access key”
But passing access keys like this on a vm is not a good idea.. Its better to attach IAM roles to the vm…
You first create an IAM role for this VM, say a role has permission to get-users. Then attach that role to the vm.
This iam role (SP/MI) will be able to run aws-cli commands without user logged into to use his own iam permissions.
Spot Instances
When we create an ec2 instance, we can say we need a spot instance based on current demand price. When demand
increases our price increases. We can set a fixed price and select to terminate our instance when price exceeds…

Then if price increases our instances will be terminated, but they will launch back by themselves when price drops…

Note: Ec2 reserved instance can either be chosen for 1 or 3 years… its not 1 to 3.. Either 1 or 3 years.

SPOT-FLEET Instances
To lower the costs for customers, spot fleet is a fleet of instances..
Some spot, optionally some on-demand… (fleet of cars are easily spotted and can be called on demand).
Spot Fleets: across different instance types, Availability Zones.

—-------------------------------------------------------------------------------------------------------------------------------------------------------
Hibernate a vm
hibernate saves ram. Actually ram data is written to root EBS disk and copied back when restarted.
Ensure EBS volume is larger than ram attached. Ram max is 150GB.
We need to enable hibernation when we create an instance. And ebs volume should be chosen to be encrypted.
Limit of hibernation is 60 days…. Only benefit is fast restart.

The instances that support hibernation use Amazon EBS (Elastic Block Store) for the root volume.

==========================================================================================

Availability Set or Placement Groups

🙂
This works within same availability zone and have 3 options:
1. Cluster: all ec2 on same rack.. Benefit: low latency, Risk: all going down together
2. Spread: all on different rasks. Benefit: HA, risk: high latency if they wanna talk to each other
3. Partition: some on same, some on another. Based on logic groupings, like same type of instances together. Up
to 7 partitions per availability zone.
NIC or ENI → Elastic Network Interface
We can attach one or more NSG to ENI. They can have one private ip, and 1 public ip.
We can attach more than one ENI to an instance.

We can move NIC/ENI from one vm to another. They belong to one Availability Zone and stay there..
—--------------------------------------------------------------------------------------------------------------------------------------------------------

Disks for EC2

1. EBS: elastic block storage can be attached as a drive for ec2. One can be attached to one ec2 instance. We
can enable to persist data even after instance is terminated.

EBS volume are bound to a zone..

🙂
We can take one vm’s ebs volume and attach to another, they are like a pen drive but available through n/w, so some
latency… so like wireless pendrive.
Sadly, they have to be in same region as ec2 to be attached to an ec2 instance.

Snapshot of EBS Volume

Pendrive main maal hai, copy nahi kar sakte.. Snapshot lelo…snapshots can be taken home, ie taken to different zone.
We can move a snapshot to archive tier.. But takes 24-72 hours to rehydrate.
We can setup rules to softdelete snapshots to recover within some period.. Yaar mummy se bachne ke liye snapshot
delete baadmein recover… retention is max 1 year..

We can create a new EBS volume from a snapshot by using “FSR”.. fast snapshot restore.

Goto ec2 > volume .. create snaphot.. Then goto ec2 > snapshot..
- if you wanna give it to a friend to take home..choose “copy snapshot” and choose a new region.
- To create new ebs volume from a snapshot…. ec2 > snapshot > actions > create volume…

Note: from a snapshot in us-east-1, we can only create new EBS volume in same region.. But us-east has 3
availability zones.. You can create ebs volume in any availability zone in same region as snapshot..

Remember: only way to copy an ebs volume in same region or another region is by making a snapshot of it..
Then using that snapshot copy it into a new volume…

preserve pondies from deletion…. Ec2 > snapshot > recycle bin.. create retention rules like no. of days etc..
To archive a snapshot for saving money… ec2 > snapshot > actions > archive…

Types of EBS volumes

GP2/GP3 io-1/io-2 St 1 SC 1

SSD SSD HDD HDD

General Purpose Highest throughput For frequently accessed For less accessed data
data

Cannot be attached to CAN be attached to max cant cant

multiples instances 16 instances

Can be boot/root vol Can be boot/root vol Can not be boot/root vol Can not be boot/root vol
Encryption at rest
When we create an ebs volume we can choose to encrypt it.. If we dont then it cant be encrypted later… if you create a
snapshot of unencrypted volume, it wont be encrypted also… but what u can do is copy that snapshot into another
snapshot or a new volume and at that time you can encrypt it..

Only EBS-io2 can be attached to max 16 instances..

2. Elastic File System

We can attach multiple (only linux) systems to same EFS… we put an EFS behind a security group.. And multiple
instances for different availability zone can attach to it..
EFS uses NSGs to secure access.
It can scale upto Peta-bytes by itself..

Since EFS is fucking expensive, we can set lifecycle policies on it to move files not used in 60 days to “INFREQUENT
ACCESSED” part. This saves money…

Question: We wanna have a great HA prod system but dont give a shit about dev env.. How to do and save money?
Answer: for prod use EFS in multi-availability zone.. But for dev use single zone EFS.

Note: EFS belongs to one region.. But in one region we can choose it for multi-availability zones.
EBS vs EFS
1. EBS for one instance, except io-2…. While EFS for many…
2. EBS are fixed to one availability zone.. While EFS are for all az’s in a regions
3. Root ebs volumes are deleted if instance is deleted.. This is default behavior we can override..

3. Attach Hard-Disk: EC2 INSTANCE STORE

Enough of wireless pendrives aka EBS volume… we need hard-disk… aka EC2 INSTANCE STORE.
If you terminate an instance, the instance store is gone too.. U cant do anything…
They are not for long term storage, except they are super fast.. Use case: any temporary data, cache…
You can yourself do backup/replication of ec2 instance store…
hard-disk or EC2 INSTANCE STORE, can be attached to just one instance..

Why instance store? =>> IOPS > 250k…. MAX IOPS WITH EBS io2 is 250k
Example indian ami not possible to use in pakistan