Amazon EC2

• Amazon EC2 - Introduction

• Amazon EC2 - Instance Types
Agenda • Amazon EC2 - Instance Connect
• Amazon EC2 - Purchasing Options
• Amazon EBS
• Amazon EFS
• Shared Responsibility Model for EC2

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EC2
• EC2 - The most popular service of AWS.
• EC2 stands for Elastic Compute Cloud
• EC2 is an example of Infrastructure as a Service

EC2 mainly consists of:

• Renting virtual machines (EC2)

• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group (ASG)

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 User Data
• When you launch an instance in Amazon EC2, you have the option of
passing user data to the instance.
• User Data can be used to perform common automated
configuration tasks and even run scripts after the instance starts.
What is Bootstrapping?
• Bootstrapping means launching commands when a machine starts
• The script is only run once at the instance’s first start.
• EC2 user data is used to automate boot tasks such as Installing
updates, Installing software, Downloading files from the internet.
• The EC2 User Data Script runs with the root user.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Types – An Overview
• Amazon EC2 provides a wide selection of instance types optimized to fit
different use cases.
• Instance types comprise varying combinations of CPU, memory, storage,
and networking capacity and give you the flexibility to choose the
appropriate resources for your applications.
AWS has the following naming convention:
• t3.2xlarge: t: instance class , 3: generation , 2xlarge: size within the
instance class

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Types – General Purpose
• Great for a diversity of workloads such as web servers or code
repositories
• General purpose instances provide a balance of compute, memory
and networking resources, and can be used for a variety of diverse
workloads.
Best used when we need:
• Compute
• Memory
• Networking

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Types – Compute Optimized
• Compute Optimized instances are ideal for compute bound
applications that benefit from high performance processors.
• Great for compute-intensive tasks that require:
• High performance processors
• Batch processing workloads
• High performance web servers
• High performance computing
• Machine learning

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Types – Memory Optimized
Fast performance for workloads that process large data sets in
memory.

Use cases:
• High performance, relational/non-relational databases
• Distributed web scale cache stores
• In-memory databases optimized for BI (business intelligence)
• Applications performing real-time processing of big unstructured data

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Types – Storage Optimized
Great for storage-intensive tasks that require high, sequential read
and write access to large data sets on local storage.
Use cases:
• High frequency online transaction processing (OLTP) systems
• Relational and NoSQL databases
• Cache for in-memory databases
• Data warehousing applications
• Distributed file systems

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EC2 – Security Groups
• Security groups are acting as a firewall on EC2 instances
• Security Groups are the fundamental of network security in AWS
• They control how traffic is allowed into or out of our EC2 Instances.
• Security groups only contain rules
• Security groups rules can reference by IP or by security group
Security Group provides:
• Access to Ports
• Authorized IP ranges – IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 Security Groups – Things to Remember
• Security Groups can be attached to multiple instances at the same time.
• If your application is not accessible (time out), then it’s a security group
issue .
• If your application gives a “connection refused“ error, then it’s an
application error or it’s not launched.
• All inbound traffic is blocked by default
• All outbound traffic is authorised by default
• Security Group is locked at Region / VPC level.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Connect
• EC2 Instance Connect is used to connect to your EC2 instance within your
browser.
• No need to use your key pair file that was downloaded.
• Thetemporary key is uploaded onto EC2 by AWS.
• Works only out-of-the-box with Amazon Linux 2.
Note: Need to make sure the port 22 is still opened!

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instances – Purchasing Options
• On-Demand Instances
• Reserved Instances
• Convertible Reserved Instances
• Scheduled Reserved Instances
• Spot Instances
• Dedicated Hosts
• Dedicated Instances

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 – On Demand
• Follows “Pay for what you use” strategy.
• Pricing:
• It has the highest cost, but no upfront payment
• In Linux or Windows - billing per second, after the first minute
• All other operating systems - billing per hour
• No long-term commitment
Exam Tip: Mainly used when the scenario is for short-term and un-
interrupted workloads.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Reserved Instances
• Reserved Instances provide you with significant savings on your Amazon
EC2 costs compared to On-Demand Instance pricing.
• Recommended for steady-state usage applications.
Types of Reserved Instances:
• Convertible Reserved Instance - can change the EC2 instance type
• Scheduled Reserved Instances - you can reserve capacity that is scheduled to
recur daily, weekly, or monthly, with a specified start time and duration, for a
one-year term.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Spot Instances
• A Spot Instance is an instance that uses spare EC2 capacity that is available
for less than the On-Demand price.
• Spot Instances are a cost-effective choice if you can be flexible about when
your applications run and if your applications can be interrupted.
• Provides a discount of up to 90% compared to On-demand Instances.
• Amazon EC2 Spot service can interrupt an individual Spot Instance if
capacity is no longer available, the Spot price exceeds your maximum price,
or demand for Spot Instances increases.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Dedicated Hosts
• An Amazon EC2 Dedicated Host is a physical server with EC2 instance
capacity fully dedicated to your use.
• Dedicated Hosts can help you reduce costs by allowing you to use your
existing BYOL (Bring your own license).
Use cases:
• Allocated for your account for a 3-year period reservation
• More expensive.
• Useful when companies have strong regulatory & compliance needs.
• Have visibility and control over how instances are placed on the server.
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 EC2 Dedicated Instances
• Dedicated Instances are Amazon EC2 instances that run in a virtual private
cloud (VPC) on hardware that's dedicated to a single customer.
• However, Dedicated Instances might share hardware with other instances
from the same AWS account.
• There is no control over instance placement.
• Per-instance billing.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EC2 – Summary
• Security groups acts as a firewall on EC2 instances
• EC2 User Data is where we can include a script that gets launched at the
first start of an instance
EC2 Purchasing Options:
• On-Demand
• Spot
• Reserved (Convertible + Scheduled)
• Dedicated Host
• Dedicated Instances

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Lab:
Creating an EC2 Instance

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EBS
• An EBS (Elastic Block Store) Volume is a network drive
• You can attach to your instances while they run
• Allows instances to retain our data, even after instance termination
• They can only be mounted to one instance at a time but now we can also
perform EBS multi-attach too.
• EBS bounds to a specific availability zone not regional.
• You can dynamically change the configuration of a volume attached to an
instance.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EBS – Overview
• EBS volume can be detached from one EC2 instance and can be attached to
another one quickly.
• Uses the network to communicate the instance, which results in a bit of
latency
• EBS volume can be created in a specific Availability Zone, and then attach it
to an instance in that same Availability Zone.
• To make an EBS volume available outside of the Availability Zone, you can
create a snapshot and restore that snapshot to a new volume anywhere in
that Region.
• You get billed for all the provisioned capacity
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 Preserve EBS Volume
• By default, when an instance gets terminated, the root EBS volume is
deleted.
• To prevent this you can enable, “Delete on Termination” attribute in the AWS
console.
• By enabling the deletion on termination it controls the EBS behaviour when
an EC2 instance terminates.
• Any other attached EBS volume is not deleted.
Use cases:
• Requires when you want to preserve the root volume when instance is
terminated.
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 Amazon EBS Snapshots
• You can back up the data on your Amazon EBS volumes to Amazon S3 by
taking point-in-time snapshots.
• Make a backup (snapshot) of your EBS volume at a point in time
• A snapshot is constrained to the AWS Region where it was created.
• After you create a snapshot of an EBS volume, you can use it to create new
volumes in the same Region.
• You can track the status of your EBS snapshots through CloudWatch Events.
• Snapshots of encrypted volumes are automatically encrypted.
• Volumes that you createfrom encrypted snapshots are
automatically encrypted.
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 Amazon Machine Image (AMI)
• An Amazon Machine Image (AMI) provides the information required to
launch an instance.
• You must specify an AMI when you launch an instance.
• AMI are a customization of an EC2 instance
• Instances launched from this new custom AMI include the customizations
that you made when you created the AMI.
• Public AMI: Provided by AWS
• Your own AMI: You create and maintain them yourselves.
• AWS Marketplace AMI: an AMI made by someone else.
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 EC2 Image Builder
• Ensure all images are complies with security policy and standard.
• Ensure all images are consistently built.
• Spend so much time to make sure that images are up to date.
• Simplifies building, testing,deployment of VM and container images.
• Automate the creation, maintain,validate,test EC2 AMIs schedule to run
automated builds.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Image Builder

Ref:https://aws.amazon.com/blogs/security/quickly-build-stig-compliant-amazon-machine-images-using-ama
zon-ec2-image-builder/

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EC2 Instance Store
• Provides temporary block-level storage for your instance.
• For a high-performance hardware disk and better I/O performance.
• EC2 Instance Store lose their storage if they’re stopped (ephemeral)
• For buffers, caches, scratch data, & other temporary content.
• Backups and Replication are your responsibility
• Data is lost when:
• The underlying disk drive fails
• The instance stops
• The instance terminates

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EFS – Elastic File System
• Amazon EFS provides scalable file storage for use with Amazon EC2.
• Amazon EFS supports the Network File System version 4 (NFSv4.1 and
NFSv4.0) protocol.
• Amazon EFS enables you to create a file system that multiple instances can
mount and access at the same time.
• EFS works with Linux EC2 instances in multi-AZ
• Highly available, scalable, expensive, pay per use, no capacity planning.
Use cases:
• Share code and other files in a secure, organized way.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 EFS Infrequent Access
• Storage class that is cost-optimized for files not accessed every day
• When using EFS-IA provides up to 92% lower cost compared to EFS
Standard.
• Lifecycle management migrates files that have not been accessed for a
period of time to the EFS Standard–Infrequent Access (or) One
Zone–Infrequent Access storage class depending on your file system.
• You define that period of time by using the Transition into IA
• lifecycle policy.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon FSx for Lustre
• FSx for Lustre makes it easy and cost-effective to launch and run the
popular, high-performance Lustre file system.
• You use Lustre for workloads when you want your storage to keep up with
your compute.
• Provides submillisecond latencies, up to hundreds of GBps of
throughput, and up to millions of IOPS.
Use cases:
• Machine learning,
• High performance computing (HPC),
• Video processing and financial modeling
Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights
Reserved.
 Amazon FSx for Windows File Server
• Provides fully managed Microsoft Windows file servers, backed by a fully
native Windows file system.
• FSx for Windows File Server has the features, performance, and
compatibility to easily lift and shift enterprise applications to the AWS
Cloud.
• Amazon FSx has native support for the industry-standard Server Message
Block (SMB) protocol to access file storage over a network.
• Can be accessed from AWS or your on-premise infrastructure

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Amazon EC2 Storage – Summary
• EBS: A network drive can be attached to one EC2 instance at a time. EBS is
also mapped to an Availability Zone.
• AMI: Create ready-to-use EC2 instances with our customizations
• EC2 Image Builder: Used to automatically build, test and distribute AMIs
• EC2 Instance Store: High performance hardware disk & data is lost if our
instance is stopped / terminated
• Amazon EFS: Amazon EFS supports the NFS
• FSx for Windows: It is a NFS for Windows servers
• FSx for Lustre: High Performance Computing Linux file system

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Shared Responsibility Model for EC2
AWS Responsibility - AWS is responsible for:
• Infrastructure and global network security.
• The isolation on physical hosts and also in replacing faulty hardware.
• Validating compliance.
User Responsibility - You are responsible for:
• Security Groups rules which we create.
• Doing Operating-system patches and updates.
• Utilities and software installed on the EC2 instance.
• Data security on your instance.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.
 Shared Responsibility Model for EC2 Storage
AWS Responsibility - AWS is responsible for:
• The Infrastructure.
• Replication for data for EBS volumes.

User Responsibility - You are responsible for :

• Taking up backup / snapshots.
• Setting up data encryption.

Copyright Dot Net Tricks Innovation Pvt. Ltd. | All rights

Reserved.