Amazon EC2 Billing and Pricing Models

Study Notes

On-Demand Instances: Flexible billing; terminated at any time; billed per instance.
Dedicated Hosts: Physical server dedicated for a single customer; pay per host; ideal for server-bound software licensing.
Savings Plans: Commitment to consistent usage (EC2 + Fargate + Lambda); priced at $/hour with 1 or 3-year terms.
Billing Structure:
- Commercial Linux distros billed hourly; minimum 1 hour.
- Amazon Linux, Windows, and Ubuntu billed per second; minimum 1 minute.

Types of RIs:
- Standard RI: Fixed term of 1 or 3 years; payment options include All Upfront, Partial Upfront, and No Upfront.
- Convertible RI: Offers flexibility in terms of instance attributes and payment options.
Tenancy Options: Default or Dedicated; discounts applied if attributes match used instances.
Availability Zone: Reserves capacity in a specified AZ with discounts applicable across all AZs.

Reserve compute capacity in a specified Availability Zone.
Duration is flexible; no term commitments required.
Mitigates risk of not obtaining On-Demand capacity; can specify instance attributes.

Compute Savings Plan: 1 or 3-year commitment; usage across Fargate, Lambda, and EC2 regardless of region or instance size.
EC2 Savings Plan: Similar commitment but limited to specific regions and instance families.

Spot Instances: Allows use of unused EC2 capacity at significant discounts.
Spot Fleet: Automates management of Spot and On-Demand instances based on target capacity.
Spot Block: Reserved for 1-6 hours, at 30%-45% less than On-Demand pricing, ensuring uninterrupted service.

Dedicated Instances: Hardware isolation at the instance level with per-instance billing.
Dedicated Hosts: Per-host billing provides control over resources; visibility of sockets and cores.

On-Demand: Ideal for short, critical projects that cannot be interrupted.
Reserved: Best for steady workloads with predictable usage.
Spot Instances: Suited for cost-sensitive applications that can handle interruptions.
Dedicated Instances/Hosts: Required for security-sensitive applications and continuous demand.

States: Includes launching, pending, running, stopping, stopped, hibernating, rebooting, terminating, and retired.
Stopping: No charges during stop; EBS volumes still incur charges; retains private IP addresses.
Hibernating: Saves RAM contents; EBS volume is restored upon restart.
Rebooting: OS reboot; retains DNS and IP addresses; no billing impact.
Terminating: Permanently deletes instances with default EBS volume deletion.

Next-gen platform for EC2 instances, enhancing performance and security through dedicated hardware.
Provides specialized functionalities like Elastic Network Adapter and support for various instance types, including bare metal.

Isolated environments for processing sensitive data without external access.
Utilizes cryptographic attestation and integrates with AWS Key Management Service for enhanced security.### IAM Permissions Management
Permissions should be assigned based on job functions for effective access control.
Create IAM policies utilizing Condition elements to restrict access based on source IP addresses.
Developers can use access keys for programmatic API access via AWS CLI.
Full access for a group to all Amazon EC2 API actions is granted using wildcards in policy (e.g., ec2:*).

EC2 instances can run various operating systems including Windows, Linux, and MacOS.
An EC2 instance is a virtual server managed by AWS.
EC2 offers a variety of instance types, each with different CPU, memory, storage, and networking capabilities.

Public IP Address:
- Lost when the instance is stopped, used in public subnets, incurs no charge, and cannot be moved.
Private IP Address:
- Retained when the instance is stopped and used in both public and private subnets.
Elastic IP Address:
- Static public IP, charged if not associated, can be moved between instances and is tied to a private IP.

Public subnets allow direct access to the internet through an Internet Gateway (igw-id).
Private subnets connect to the internet through a NAT Gateway and maintain internal traffic routing.
Route tables define the paths for data packets in the VPC.

Instances launch using Amazon Machine Images (AMIs) that define configuration.
Amazon EC2 offers diverse instance families and types, accommodating various performance needs.

Instance metadata provides information about the EC2 instance accessible at a specific URL.
Two versions of Instance Metadata Service (IMDS):
- IMDSv1: Less secure, older version.
- IMDSv2: Newer, requires session tokens for enhanced security.

User data executes commands upon instance startup and can run scripts on various operating systems.
User data must be base64-encoded and is limited to 16 KB before encoding.
The provided command can specify user data at launch using AWS CLI.

Access keys associate with IAM accounts, enabling permission-based access to AWS services.
IAM roles can be assumed by EC2 instances without storing credentials on the instance, enhancing security.
Using IAM roles prevents the need for managing access keys directly on the instance.