Module 6 - Compute.pdf
Document Details
Uploaded by Deleted User
2024
Tags
Full Transcript
AWS Academy Cloud Foundations Module 06 Student Guide Version 2.0.14 100-ACCLFO-20-EN-SG © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon W...
AWS Academy Cloud Foundations Module 06 Student Guide Version 2.0.14 100-ACCLFO-20-EN-SG © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. All trademarks are the property of their owners. AWS Training and Certification AWS Academy Cloud Foundations Contents Module 6: Compute 4 © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3 AWS Training and Certification Module 6: Compute Module 6: Compute AWS Academy Cloud Foundations © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Welcome to Module 6: Compute © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4 AWS Training and Certification Module 6: Compute Module overview Topics Activities Compute services overview Amazon EC2 versus Managed Service Amazon EC2 Hands-on with AWS Lambda Hands-on with AWS Elastic Beanstalk Amazon EC2 cost optimization Container services Demo Introduction to AWS Lambda Recorded demonstration of Amazon EC2 Introduction to AWS Elastic Beanstalk Lab Introduction to Amazon EC2 Knowledge check © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2 This module will address the following topics: Compute services overview Amazon EC2 Amazon EC2 cost optimization Container services Introduction to AWS Lambda Introduction to AWS Elastic Beanstalk Section 2 includes a recorded Amazon EC2 demonstration. The end of this same section includes a hands-on lab, where you will practice launching an EC2 instance by using the AWS Management Console. There is also an activity in this section that has you compare the advantages and disadvantages of running a database deployment on Amazon EC2, versus running it on Amazon Relational Database Service (RDS). Section 5 includes a hands-on AWS Lambda activity and section 6 includes a hands-on Elastic Beanstalk activity. Finally, you will be asked to complete a knowledge check that will test your understanding of the key concepts that are covered in this module. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5 AWS Training and Certification Module 6: Compute Module objectives After completing this module, you should be able to: Provide an overview of different AWS compute services in the cloud Demonstrate why to use Amazon Elastic Compute Cloud (Amazon EC2) Identify the functionality in the EC2 console Perform basic functions in Amazon EC2 to build a virtual computing environment Identify Amazon EC2 cost optimization elements Demonstrate when to use AWS Elastic Beanstalk Demonstrate when to use AWS Lambda Identify how to run containerized applications in a cluster of managed servers © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3 After completing this module, you should be able to: Provide an overview of different AWS compute services in the cloud Demonstrate why to use Amazon Elastic Compute Cloud (Amazon EC2) Identify the functionality in the EC2 console Perform basic functions in EC2 to build a virtual computing environment Identify EC2 cost optimization elements Demonstrate when to use AWS Elastic Beanstalk Demonstrate when to use AWS Lambda Identify how to run containerized applications in a cluster of managed servers © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6 AWS Training and Certification Module 6: Compute Section 1: Compute services overview Module 6: Compute © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing Section 1: Compute services overview. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7 AWS Training and Certification Module 6: Compute AWS compute services Amazon Web Services (AWS) offers many compute services. This module will discuss the highlighted services. Amazon EC2 Amazon EC2 Amazon Elastic Amazon Elastic VMware Cloud Auto Scaling Container Registry Container Service on AWS (Amazon ECR) (Amazon ECS) AWS Elastic AWS Lambda Amazon Elastic Amazon Lightsail AWS Batch Beanstalk Kubernetes Service (Amazon EKS) AWS Fargate AWS Outposts AWS Serverless Application Repository © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 5 Amazon Web Services (AWS) offers many compute services. Here is a brief summary of what each compute service offers: Amazon Elastic Compute Cloud (Amazon EC2) provides resizable virtual machines. Amazon EC2 Auto Scaling supports application availability by allowing you to define conditions that will automatically launch or terminate EC2 instances. Amazon Elastic Container Registry (Amazon ECR) is used to store and retrieve Docker images. Amazon Elastic Container Service (Amazon ECS) is a container orchestration service that supports Docker. VMware Cloud on AWS enables you to provision a hybrid cloud without custom hardware. AWS Elastic Beanstalk provides a simple way to run and manage web applications. AWS Lambda is a serverless compute solution. You pay only for the compute time that you use. Amazon Elastic Kubernetes Service (Amazon EKS) enables you to run managed Kubernetes on AWS. Amazon Lightsail provides a simple-to-use service for building an application or website. AWS Batch provides a tool for running batch jobs at any scale. AWS Fargate provides a way to run containers that reduce the need for you to manage servers or clusters. AWS Outposts provides a way to run select AWS services in your on-premises data center. AWS Serverless Application Repository provides a way to discover, deploy, and publish serverless applications. This module will discuss details of the services that are highlighted on the slide. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8 AWS Training and Certification Module 6: Compute Categorizing compute services Services Key Concepts Characteristics Ease of Use Amazon EC2 Infrastructure as a service Provision virtual machines that A familiar concept to many (IaaS) you can manage as you choose IT professionals. Instance-based Virtual machines AWS Lambda Serverless computing Write and deploy code that runs A relatively new concept for Function-based on a schedule or that can be many IT staff members, but Low-cost triggered by events easy to use after you learn Use when possible (architect for how. the cloud) Amazon ECS Container-based computing Spin up and run jobs more AWS Fargate reduces Amazon EKS Instance-based quickly administrative overhead, but AWS Fargate you can use options that give Amazon ECR you more control. AWS Elastic Platform as a service (PaaS) Focus on your code (building Fast and easy to get started. Beanstalk For web applications your application) Can easily tie into other services—databases, Domain Name System (DNS), etc. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6 You can think of each AWS compute service as belonging to one of four broad categories: virtual machines (VMs) that provide infrastructure as a service (IaaS), serverless, container-based, and platform as a service (PaaS). Amazon EC2 provides virtual machines, and you can think of it as infrastructure as a service (IaaS). IaaS services provide flexibility and leave many of the server management responsibilities to you. You choose the operating system, and you also choose the size and resource capabilities of the servers that you launch. For IT professionals who have experience using on-premises computing, virtual machines are a familiar concept. Amazon EC2 was one of the first AWS services, and it remains one of the most popular services. AWS Lambda is a zero-administration compute platform. AWS Lambda enables you to run code without provisioning or managing servers. You pay only for the compute time that is consumed. This serverless technology concept is relatively new to many IT professionals. However, it is becoming more popular because it supports cloud-native architectures, which enable massive scalability at a lower cost than running servers 24/7 to support the same workloads. Container-based services—including Amazon Elastic Container Service, Amazon Elastic Kubernetes Service, AWS Fargate, and Amazon Elastic Container Registry—enable you to run multiple workloads on a single operating system (OS). Containers spin up more quickly than virtual machines, thus offering responsiveness. Container-based solutions continue to grow in popularity. Finally, AWS Elastic Beanstalk provides a platform as a service (PaaS). It facilitates the quick deployment of applications that you create by providing all the application services that you need. AWS manages the OS, the application server, and the other infrastructure components so © 2024, Amazon thatWeb youServices, Inc. oron can focus its affiliates. developing All rights reserved. your application code. 9 AWS Training and Certification Module 6: Compute Choosing the optimal compute service The optimal compute service or services that you use will depend on your use case Some aspects to consider – What is your application design? What are your usage patterns? Which configuration settings will you want to manage? Selecting the wrong compute solution for an architecture can lead to lower performance efficiency A good starting place—Understand the available compute options © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7 AWS offers many compute services because different use cases benefit from different compute environments. The optimal compute service or services that you use will depend on your use case. Often, the compute architecture that you use is determined by legacy code. However, that does not mean that you cannot evolve the architecture to take advantage of proven cloud-native designs. Best practices include: Evaluate the available compute options Understand the available compute configuration options Collect computer-related metrics Use the available elasticity of resources Re-evaluate compute needs based on metrics Sometimes, a customer will start with one compute solution and decide to change the design based on their analysis of metrics. If you are interested in seeing an example of how a customer modified their choice of compute services for a particular use case, view this Inventory Tracking solution video at https://www.youtube.com/watch?v=zr3Kib0i- OQ&feature=youtu.be&did=ta_card&trk=ta_card. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10 AWS Training and Certification Module 6: Compute Section 2: Amazon EC2 Module 6: Compute © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing Section 2: Amazon EC2. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11 AWS Training and Certification Module 6: Compute Amazon Elastic Compute Cloud (Amazon EC2) Example uses of Amazon EC2 instances ✓ Application server ✓ Web server ✓ Database server ✓ Game server ✓ Mail server ✓ Media server ✓ Catalog server Photo by Taylor Vick on Unsplash ✓ File server ✓ Computing server ✓ Proxy server Photo by panumas nikhomkhai from Pexels © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9 Running servers on-premises is an expensive undertaking. Hardware must be procured, and this procurement can be based on project plans instead of the reality of how the servers are used. Data centers are expensive to build, staff, and maintain. Organizations also need to permanently provision a sufficient amount of hardware to handle traffic spikes and peak workloads. After traditional on-premises deployments are built, server capacity might be unused and idle for a significant portion of the time that the servers are running, which is wasteful. Amazon Elastic Compute Cloud (Amazon EC2) provides virtual machines where you can host the same kinds of applications that you might run on a traditional on-premises server. It provides secure, resizable compute capacity in the cloud. EC2 instances can support a variety of workloads. Common uses for EC2 instances include, but are not limited to: Application servers Web servers Database servers Game servers Mail servers Media servers Catalog servers File servers Computing servers Proxy servers © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12 AWS Training and Certification Module 6: Compute Amazon EC2 overview Amazon Elastic Compute Cloud (Amazon EC2) Provides virtual machines—referred to as EC2 instances—in the cloud. Gives you full control over the guest operating system (Windows or Linux) on each instance. You can launch instances of any size into an Availability Zone anywhere in the world. Launch instances from Amazon Machine Images (AMIs). Amazon EC2 Launch instances with a few clicks or a line of code, and they are ready in minutes. You can control traffic to and from instances. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10 The EC2 in Amazon EC2 stands for Elastic Compute Cloud: Elastic refers to the fact that you can easily increase or decrease the number of servers you run to support an application automatically, and you can also increase or decrease the size of existing servers. Compute refers to reason why most users run servers in the first place, which is to host running applications or process data—actions that require compute resources, including processing power (CPU) and memory (RAM). Cloud refers to the fact that the EC2 instances that you run are hosted in the cloud. Amazon EC2 provides virtual machines in the cloud and gives you full administrative control over the Windows or Linux operating system that runs on the instance. Most server operating systems are supported, including: Windows 2008, 2012, 2016, and 2019, Red Hat, SuSE, Ubuntu, and Amazon Linux. An operating system that runs on a virtual machine is often called a guest operating system to distinguish it from the host operating system. The host operating system is directly installed on any server hardware that hosts one or more virtual machines. With Amazon EC2, you can launch any number of instances of any size into any Availability Zone anywhere in the world in a matter of minutes. Instances launch from Amazon Machine Images (AMIs), which are effectively virtual machine templates. AMIs are discussed in more detail later in this module. You can control traffic to and from instances by using security groups. Also, because the servers run in the AWS Cloud, you can build solutions that take use multiple AWS services. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13 AWS Training and Certification Module 6: Compute Launching an Amazon EC2 instance This section of the module walks through nine key decisions to make when you create an EC2 instance by using the AWS Management Console Launch Instance Wizard. Along the way, essential Amazon EC2 concepts will be explored. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11 The first time you launch an Amazon EC2 instance, you will likely use the AWS Management Console Launch Instance Wizard. You will have the opportunity to experience using the Launch Wizard in the lab that is in this module. The Launch Instance Wizard makes it easy to launch an instance. For example, if you choose to accept all the default settings, you can skip most of the steps that are provided by the wizard and launch an EC2 instance in as few as six clicks. An example of this process is shown in the demonstration at the end of this section. However, for most deployments you will want to modify the default settings so that the servers you launch are deployed in a way that matches your specific needs. The next series of slides introduce you to the essential choices that you must make when you launch an instance. The slides cover essential concepts that are good to know when you make these choices. These concepts are described to help you understand the options that are available, and the effects of the decisions that you will make. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14 AWS Training and Certification Module 6: Compute 1. Select an AMI Choices made using the Launch instance Launch Instance Wizard: AMI Instance 1. AMI 2. Instance Type Amazon Machine Image (AMI) 3. Network settings Is a template that is used to create an EC2 instance (which is a virtual 4. IAM role machine, or VM, that runs in the AWS Cloud) 5. User data Contains a Windows or Linux operating system 6. Storage options Often also has some software pre-installed 7. Tags 8. Security group AMI choices: 9. Key pair Quick Start – Linux and Windows AMIs that are provided by AWS My AMIs – Any AMIs that you created AWS Marketplace – Pre-configured templates from third parties Community AMIs – AMIs shared by others; use at your own risk © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12 An Amazon Machine Image (AMI) provides information that is required to launch an EC2 instance. You must specify a source AMI when you launch an instance. You can use different AMIs to launch different types of instances. For example, you can choose one AMI to launch an instance that will become a web server and another AMI to deploy an instance that will host an application server. You can also launch multiple instances from a single AMI. An AMI includes the following components: A template for the root volume of the instance. A root volume typically contains an operating system (OS) and everything that was installed in that OS (applications, libraries, etc.). Amazon EC2 copies the template to the root volume of a new EC2 instance, and then starts it. Launch permissions that control which AWS accounts can use the AMI. A block device mapping that specifies the volumes to attach to the instance (if any) when it is launched. You can choose many AMIs: Quick Start – AWS offers a number of pre-built AMIs for launching your instances. These AMIs include many Linux and Windows options. My AMIs – These AMIs are AMIs that you created. AWS Marketplace – The AWS Marketplace offers a digital catalog that lists thousands of software solutions. These AMIs can offer specific use cases to help you get started quickly. Community AMIs – These AMIs are created by people all around the world. These AMIs are not checked by AWS, so use them at your own risk. Community AMIs can offer many different solutions to various problems, but use them with care. Avoid using them in any production or corporate environment. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15 AWS Training and Certification Module 6: Compute Creating a new AMI: Example AWS Cloud AMI details Region A Connect to the instance and manually modify it Quick or run a script that modifies the instance Start or Capture as Launch an (for example, upgrade other Starter instance installed software) a new AMI existing AMI AMI 1 2 3 Unmodified Modified New Instance Instance AMI (Optional) Import MyAMI a virtual machine Region B Copy the AMI to any other Regions where you want to use it New 4 AMI © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13 An AMI is created from an EC2 instance. You can import a virtual machine so that it becomes an EC2 instance, and then save the EC2 instance as an AMI. You can then launch an EC2 instance from that AMI. Alternatively, you can start with an existing AMI—such as of the Quick Start AMIs provided by AWS—and create an EC2 instance from it. Regardless of which options you chose (step 1), you will have what the diagram refers to as an unmodified instance. From that instance, you might then create a golden instance—that is, a virtual machine that you configured with the specific OS and application settings that you want (step 2)—and then capture that as a new AMI (step 3). When you create an AMI, Amazon EC2 stops the instance, creates a snapshot of its root volume, and finally registers the snapshot as an AMI. After an AMI is registered, the AMI can be used to launch new instances in the same AWS Region. The new AMI can now be thought of as a new starter AMI. You might want to also copy the AMI to other Regions (step 4), so that EC2 instances can also be launched in those locations. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 16 AWS Training and Certification Module 6: Compute 2. Select an instance type Consider your use case Choices made using the How will the EC2 instance you create be used? Launch Instance Wizard: The instance type that you choose determines – 1. AMI Memory (RAM) 2. Instance Type Processing power (CPU) 3. Network settings Disk space and disk type (Storage) 4. IAM role Network performance 5. User data 6. Storage options Instance type categories – 7. Tags General purpose 8. Security group Compute optimized 9. Key pair Memory optimized Storage optimized Accelerated computing Instance types offer family, generation, and size © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14 After you choose the AMI for launching the instance, you must choose on an instance type. Amazon EC2 provides a selection of instance types that optimized to fit different use cases. Instance types comprise varying combinations of CPU, memory, storage, and networking capacity. The different instance types give you the flexibility to choose the appropriate mix of resources for your applications. Each instance type includes one or more instance sizes, which enable you to scale your resources to the requirements of your target workload. Instance type categories include general purpose, compute optimized, memory optimized, storage optimized, and accelerated computing instances. Each instance type category offers many instance types to choose from. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 17 AWS Training and Certification Module 6: Compute EC2 instance type naming and sizes Example instance sizes Instance Instance type naming Name vCPU Memory (GB) Storage t3.nano 2 0.5 EBS-Only Example: t3.large t3.micro 2 1 EBS-Only T is the family name 3 is the generation number t3.small 2 2 EBS-Only Large is the size t3.medium 2 4 EBS-Only t3.large 2 8 EBS-Only t3.xlarge 4 16 EBS-Only t3.2xlarge 8 32 EBS-Only © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15 When you look at an EC2 instance type, you will see that its name has several parts. For example, consider the T type. T is the family name, which is then followed by a number. Here, that number is 3. The number is the generation number of that type. So, a t3 instance is the third generation of the T family. In general, instance types that are of a higher generation are more powerful and provide a better value for the price. The next part of the name is the size portion of the instance. When you compare sizes, it is important to look at the coefficient portion of the size category. For example, a t3.2xlarge has twice the vCPU and memory of a t3.xlarge. The t3.xlarge has, in turn, twice the vCPU and memory of a t3.large. It is also important to note that network bandwidth is also tied to the size of the Amazon EC2 instance. If you will run jobs that will be very network-intensive, you might be required to increase the instance specifications to meet your needs. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 18 AWS Training and Certification Module 6: Compute Select instance type: Based on use case General Compute Memory Accelerated Storage Purpose Optimized Optimized Computing Optimized a1, m4, m5, r4, r5, f1, g3, g4, Instance Types c4, c5 d2, h1, i3 t2, t3 x1, z1 p2, p3 High In-memory Machine Distributed file Use Case Broad performance databases learning systems © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 16 Instance types vary in several ways, including: CPU type, CPU or core count, storage type, storage amount, memory amount, and network performance. The chart provides a high-level view of the different instance categories, and which instance type families and generation numbers fit into each category type. Consider a few of the instance types in more detail: T3 instances provide burstable performance general purpose instances that provide a baseline level of CPU performance with the ability to burst above the baseline. Use cases for this type of instance include websites and web applications, development environments, build servers, code repositories, microservices, test and staging environments, and line-of-business applications. C5 instances are optimized for compute-intensive workloads, and deliver cost-effective high performance at a low price per compute ratio. Use cases include scientific modeling, batch processing, ad serving, highly scalable multiplayer gaming, and video encoding. R5 instances are optimized for memory-intensive applications. Use cases include high- performance databases, data mining and analysis, in-memory databases, distributed web-scale in-memory caches, applications that perform real-time processing of unstructured big data, Apache Hadoop or Apache Spark clusters, and other enterprise applications. To learn more about each instance type, see the Amazon EC2 Instance Types documentation at https://aws.amazon.com/ec2/instance-types/. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19 AWS Training and Certification Module 6: Compute Instance types: Networking features The network bandwidth (Gbps) varies by instance type. See Amazon EC2 Instance Types to compare. To maximize networking and bandwidth performance of your instance type: If you have interdependent instances, launch them into a cluster placement group. Enable enhanced networking. Enhanced networking types are supported on most instance types. See the Networking and Storage Features documentation for details. Enhanced networking types – Elastic Network Adapter (ENA): Supports network speeds of up to 100 Gbps. Intel 82599 Virtual Function interface: Supports network speeds of up to 10 Gbps. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 17 In addition to considering the CPU, RAM, and storage needs of your workloads, it is also important to consider your network bandwidth requirements. Each instance type provides a documented network performance level. For example, an a1.medium instance will provide up to 10 Gbps, but a p3dn.24xlarge instance provides up to 100 Gbps. Choose an instance type that meets your requirements. When you launch multiple new EC2 instances, Amazon EC2 attempts to place the instances so that they are spread out across the underlying hardware by default. It does this to minimize correlated failures. However, if you want to specify specific placement criteria, you can use placement groups to influence the placement of a group of interdependent instances to meet the needs of your workload. For example, you might specify that three instances should all be deployed in the same Availability Zone to ensure lower network latency and higher network throughput between instances. See the Placement Group documentation at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html for details. Many instance types also enable you to configure enhanced networking to get significantly higher packet per second (PPS) performance, lower delay variation in the arrival of packets over the network (network jitter), and lower latencies. See the Elastic Network Adapter (ENA) documentation at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/enhanced- networking-ena.htmlfor details. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20 AWS Training and Certification Module 6: Compute 3. Specify network settings Where should the instance be deployed? Choices made by using the Identify the VPC and optionally the subnet Launch Instance Wizard: Should a public IP address be automatically assigned? 1. AMI To make it internet-accessible 2. Instance Type 3. Network settings AWS Cloud 4. IAM role Region 5. User data Availability Zone 1 Availability Zone 2 6. Storage options VPC 7. Tags Public subnet 8. Security group Example: specify 9. Key pair to deploy the instance here Instance Private subnet © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 18 After you have choose an AMI and an instance type, you must specify the network location where the EC2 instance will be deployed. The choice of Region must be made before you start the Launch Instance Wizard. Verify that you are in the correct Region page of the Amazon EC2 console before you choose Launch Instance. When you launch an instance in a default VPC, AWS will assign it a public IP address by default. When you launch an instance into a nondefault VPC, the subnet has an attribute that determines whether instances launched into that subnet receive a public IP address from the public IPv4 address pool. By default, AWS will not assign a public IP address to instances that are launched in a nondefault subnet. You can control whether your instance receives a public IP address by either modifying the public IP addressing attribute of your subnet, or by enabling or disabling the public IP addressing feature during launch (which overrides the subnet's public IP addressing attribute). © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21 AWS Training and Certification Module 6: Compute 4. Attach IAM role (optional) Will software on the EC2 instance need to interact with other Choices made by using the AWS services? Launch Instance Wizard: If yes, attach an appropriate IAM Role. 1. AMI An AWS Identity and Access Management (IAM) role that is 2. Instance Type attached to an EC2 instance is kept in an instance profile. 3. Network settings You are not restricted to attaching a role only at instance 4. IAM role launch. 5. User data 6. Storage options You can also attach a role to an instance that already exists. 7. Tags 8. Security group Example: Application on 9. Key pair attached to instance can access Role that grants Amazon S3 bucket Simple Storage Service Instance with objects (Amazon S3) bucket access permissions © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 19 It is common to use EC2 instances to run an application that must make secure API calls to other AWS services. To support these use cases, AWS enables you to attach an AWS Identity and Access Management (IAM) role to an EC2 instance. Without this feature, you might be tempted to place AWS credentials on an EC2 instance so an application that runs on that instance to use. However, you should never store AWS credentials on an EC2 instance. It is highly insecure. Instead, attach an IAM role to the EC2 instance. The IAM role then grants permission to make application programming interface (API) requests to the applications that run on the EC2 instance. An instance profile is a container for an IAM role. If you use the AWS Management Console to create a role for Amazon EC2, the console automatically creates an instance profile and gives it the same name as the role. When you then use the Amazon EC2 console to launch an instance with an IAM role, you can select a role to associate with the instance. In the console, the list that displays is actually a list of instance profile names. In the example, you see that an IAM role is used to grant permissions to an application that runs on an EC2 instance. The application must access a bucket in Amazon S3. You can attach an IAM role when you launch the instance, but you can also attach a role to an already running EC2 instance. When you define a role that can be used by an EC2 instance, you define which accounts or AWS services can assume the role. You also define which API actions © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22 AWS Training and Certification Module 6: Compute and resources the application can use after it assumes the role. If you change a role, the change is propagated to all instances that have the role attached to them. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23 19 AWS Training and Certification Module 6: Compute 5. User data script (optional) Choices made by using the User data Launch Instance Wizard: #!/bin/bash 1. AMI yum update –y 2. Instance Type yum install -y wget 3. Network settings AMI Running 4. IAM role EC2 instance 5. User data Optionally specify a user data script at instance launch 6. Storage options 7. Tags Use user data scripts to customize the runtime environment of 8. Security group your instance 9. Key pair Script runs the first time the instance starts Can be used strategically For example, reduce the number of custom AMIs that you build and maintain © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 20 When you create your EC2 instances, you have the option of passing user data to the instance. User data can automate the completion of installations and configurations at instance launch. For example, a user data script might patch and update the instance's operating system, fetch and install software license keys, or install additional software. In the example user data script, you see a simple three-line Linux Bash shell script. The first line indicates that the script should be run by the Bash shell. The second line invokes the Yellowdog Updater, Modified (YUM) utility, which is commonly used in many Linux distributions—such as Amazon Linux, CentOS, and Red Hat Linux—to retrieve software from an online repository and install it. In line two of the example, that command tells YUM to update all installed packages to the latest versions that are known to the software repository that it is configured to access. Line three of the script indicates that the Wget utility should be installed. Wget is a common utility for downloading files from the web. For a Windows instance, the user data script should be written in a format that is compatible with a Command Prompt window (batch commands) or with Windows PowerShell. See the Windows User Data Scripts documentation for details at https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-windows-user-data.html. When the EC2 instance is created, the user data script will run with root privileges during the final phases of the boot process. On Linux instances, it is run by the cloud-init service. On Windows instances, it is run by the EC2Config or EC2Launch utility. By default, user data only runs the first time that the instance starts up. However, if you would like your user data script to run every time the instance is booted, you can create a Multipurpose Internet Mail Extensions (MIME) multipart file user data script (this process is not commonly done). See https://aws.amazon.com/premiumsupport/knowledge-center/execute-user-data-ec2/ for more © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 AWS Training and Certification Module 6: Compute information. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 25 20 AWS Training and Certification Module 6: Compute 6. Specify storage Configure the root volume Choices made by using the Launch Instance Wizard: Where the guest operating system is installed 1. AMI Attach additional storage volumes (optional) 2. Instance Type AMI might already include more than one volume 3. Network settings 4. IAM role For each volume, specify: 5. User data The size of the disk (in GB) 6. Storage options 7. Tags The volume type 8. Security group Different types of solid state drives (SSDs) and hard 9. Key pair disk drives (HDDs) are available If the volume will be deleted when the instance is terminated If encryption should be used © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21 When you launch an EC2 instance, you can configure storage options. For example, you can configure the size of the root volume where the guest operating system is installed. You can also attach additional storage volumes when you launch the instance. Some AMIs are also configured to launch more than one storage volume by default to provide storage that is separate from the root volume. For each volume that your instance will have, you can specify the size of the disks, the volume types, and whether the storage will be retained if the instance is terminated. You can also specify if encryption should be used. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26 AWS Training and Certification Module 6: Compute Amazon EC2 storage options Amazon Elastic Block Store (Amazon EBS) – Durable, block-level storage volumes. You can stop the instance and start it again, and the data will still be there. Amazon EC2 Instance Store – Ephemeral storage is provided on disks that are attached to the host computer where the EC2 instance is running. If the instance stops, data stored here is deleted. Other options for storage (not for the root volume) – Mount an Amazon Elastic File System (Amazon EFS) file system. Connect to Amazon Simple Storage Service (Amazon S3). © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22 Amazon Elastic Block Store (Amazon EBS) is an easy-to-use, high-performance durable block storage service that is designed to be used with Amazon EC2 for both throughput- and transaction-intensive workloads. With Amazon EBS, you can choose from four different volume types to balance the optimal price and performance. You can change volume types or increase volume size without disrupting your critical applications, so you can have cost-effective storage when you need it. Amazon EC2 Instance Store provides ephemeral, or temporary, block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance Store works well when you must temporarily store information that changes frequently, such as buffers, caches, scratch data, and other temporary content. You can also use Instance Store for data that is replicated across a fleet of instances, such as a load balanced pool of web servers. If the instances are stopped—either because of user error or a malfunction—the data on the instance store will be deleted. Amazon Elastic File System (Amazon EFS) provides a simple, scalable, fully managed elastic Network File System (NFS) file system for use with AWS Cloud services and on-premises resources. It is built to scale on-demand to petabytes without disrupting applications. It grows and shrinks automatically as you add and remove files, which reduces the need to provision and manage capacity to accommodate growth. Amazon Simple Storage Service (Amazon S3) is an object storage service that offers scalability, data availability, security, and performance. You can store and protect any amount of data for a variety of use cases, such as websites, mobile apps, backup and restore, archive, enterprise applications, Internet of Things (IoT) devices, and big data analytics. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 27 AWS Training and Certification Module 6: Compute Example storage options Instance 1 characteristics – Amazon Elastic Host computer It has an Amazon EBS root volume Block Store type for the operating system. (Amazon EBS) Instance Store What will happen if the instance is Attached as Attached as stopped and then started again? Root volume Storage volume 20-GB volume Instance 1 Ephemeral volume 1 Instance 2 characteristics – Attached as Storage volume It has an Instance Store root Attached as volume type for the operating 500-GB volume Root volume system. Instance 2 Ephemeral volume 2 What will happen if the instance stops (because of user error or a system malfunction)? © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23 Here, you see two examples of how storage options could be configured for EC2 instances. The Instance 1 example shows that the root volume—which contains the OS and possibly other data—is stored on Amazon EBS. This instance also has two attached volumes. One volume is a 500-GB Amazon EBS storage volume, and the other volume is an Instance Store volume. If this instance was stopped and then started again, the OS would survive and any data that was stored on either the 20-GB Amazon EBS volume or the 500-GB Amazon EBS volume would remain intact. However, any data that was stored on Ephemeral volume 1 would be permanently lost. Instance Store works well for temporarily storing information that changes frequently, such as buffers, caches, scratch data, and other temporary content. The Instance 2 example shows that the root volume is on an instance store (Ephemeral volume 2). An instance with an Instance Store root volume cannot be stopped by an Amazon EC2 API call. It can only be terminated. However, it could be stopped from within the instance's OS (for example, by issuing a shutdown command)—or it could stop because of OS or disk failure—which would cause the instance to be terminated. If the instance was terminated, all the data that was stored on Ephemeral volume 2 would be lost, including the OS. You would not be able to start the instance again. Therefore, do not rely on Instance Store for valuable, long-term data. Instead, use more durable data storage, such as Amazon EBS, Amazon EFS, or Amazon S3. If an instance reboots (intentionally or unintentionally), data on the instance store root volume does persist. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28 AWS Training and Certification Module 6: Compute 7. Add tags A tag is a label that you can assign to an AWS Choices made by using the resource. Launch Instance Wizard: Consists of a key and an optional value. 1. AMI 2. Instance Type Tagging is how you can attach metadata to an EC2 3. Network settings instance. 4. IAM role 5. User data Potential benefits of tagging—Filtering, automation, 6. Storage options cost allocation, and access control. 7. Tags 8. Security group 9. Key pair Example: © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24 A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize AWS resources, such as EC2 instances, in different ways. For example, you might tag instances by purpose, owner, or environment. Tagging is how you can attach metadata to an EC2 instance. Tag keys and tag values are case-sensitive. For example, a commonly used tag for EC2 instances is a tag key that is called Name and a tag value that describes the instance, such as My Web Server. The Name tag is exposed by default in the Amazon EC2 console Instances page. However, if you create a key that is called name (with lower-case n), it will not appear in the Name column for the list of instances (though it will still appear in the instance details panel in the Tags tab). It is a best practice to develop tagging strategies. Using a consistent set of tag keys makes it easier for you to manage your resources. You can also search and filter the resources based on the tags that you add. See https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf for more information. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29 AWS Training and Certification Module 6: Compute 8. Security group settings A security group is a set of firewall rules that control Choices made by using the traffic to the instance. Launch Instance Wizard: It exists outside of the instance's guest OS. 1. AMI Create rules that specify the source and which ports 2. Instance Type that network communications can use. 3. Network settings 4. IAM role Specify the port number and the protocol, such as 5. User data Transmission Control Protocol (TCP), User Datagram Protocol 6. Storage options (UDP), or Internet Control Message Protocol (ICMP). 7. Tags 8. Security group Specify the source (for example, an IP address or another 9. Key pair security group) that is allowed to use the rule. Example rule: © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 25 A security group acts as a virtual firewall that controls network traffic for one or more instances. When you launch an instance, you can specify one or more security groups; otherwise, the default security group is used. You can add rules to each security group. Rules allow traffic to or from its associated instances. You can modify the rules for a security group at any time, and the new rules will be automatically applied to all instances that are associated with the security group. When AWS decides whether to allow traffic to reach an instance, all the rules from all the security groups that are associated with the instance are evaluated. When you launch an instance in a virtual private cloud (VPC), you must either create a new security group or use one that already exists in that VPC. After you launch an instance, you can change its security groups. When you define a rule, you can specify the allowable source of the network communication (inbound rules) or destination (outbound rules). The source can be an IP address, an IP address range, another security group, a gateway VPC endpoint, or anywhere (which means that all sources will be allowed). By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that only allow specific outbound traffic. If your security group has no outbound rules, no outbound traffic that originates from your instance is allowed. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 30 AWS Training and Certification Module 6: Compute In the example rule, the rule allows Secure Shell (SSH) traffic over Transmission Control Protocol (TCP) port 22 if the source of the request is My IP. The My IP IP address is calculated by determining what IP address you are currently connected to the AWS Cloud from when you define the rule. Network access control lists (network ACLs) can also be used are firewalls to protect subnets in a VPC. For accessibility: Screenshot of the EC2 console screen where you can define a security group rule. It shows a rule with type SSH, protocol TCP, port range 22, source My IP, and a CIDR block that shows an example My IP address. End of accessibility description. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31 25 AWS Training and Certification Module 6: Compute 9. Identify or create the key pair At instance launch, you specify an existing key Choices made by using the pair or create a new key pair. Launch Instance Wizard: A key pair consists of – 1. AMI mykey.pem A public key that AWS stores. 2. Instance Type 3. Network settings A private key file that you store. 4. IAM role 5. User data It enables secure connections to the instance. 6. Storage options For Windows AMIs – 7. Tags 8. Security group Use the private key to obtain the administrator 9. Key pair password that you need to log in to your instance. For Linux AMIs – Use the private key to use SSH to securely connect to your instance. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26 After you specify all the required configurations to launch an EC2 instance, and after you customize any optional EC2 launch wizard configuration settings, you are presented with a Review Instance Launch window. If you then choose Launch, a dialog asks you to choose an existing key pair, proceed without a key pair, or create a new key pair before you can choose Launch Instances and create the EC2 instance. Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. The technology uses a public key to encrypt a piece of data, and then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair. Public-key cryptography enables you to securely access your instances by using a private key instead of a password. When you launch an instance, you specify a key pair. You can specify an existing key pair or a new key pair that you create at launch. If you create a new key pair, download it and save it in a safe location. This opportunity is the only chance you get to save the private key file. To connect to a Windows instance, use the private key to obtain the administrator password, and then log in to the EC2 instance's Windows Desktop by using Remote Desktop Protocol (RDP). To establish an SSH connection from a Windows machine to an Amazon EC2 instance, you can use a tool such as PuTTY, which will require the same private key. With Linux instances, at boot time, the public key content is placed on the instance. An entry is created in within ~/.ssh/authorized_keys. To log in to your Linux instance (for example, by using SSH), you must provide the private key when you establish the connection. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 32 AWS Training and Certification Module 6: Compute Amazon EC2 console view of a running EC2 instance © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 27 After you choose Launch Instances and then choose View Instances, you will be presented with a screen that looks similar to the example. Many of the settings that you specified during launch are visible in the Description panel. Information about the available instance includes IP address and DNS address information, the instance type, the unique instance ID that was assigned to the instance, the AMI ID of the AMI that you used to launch the instance, the VPC ID, the subnet ID, and more. Many of these details provide hyperlinks that you can choose to learn more information about the resources that are relevant to the EC2 instance you launched. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 33 AWS Training and Certification Module 6: Compute Another option: Launch an EC2 instance with the AWS Command Line Interface EC2 instances can also be created programmatically. AWS Command Line Interface (AWS CLI) This example shows how simple the Example command: command can be. aws ec2 run-instances \ This command assumes that the key pair and --image-id ami-1a2b3c4d \ security group already exist. --count 1 \ --instance-type c3.large \ More options could be specified. See the AWS --key-name MyKeyPair \ CLI Command Reference for details. --security-groups MySecurityGroup \ --region us-east-1 © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28 You can also launch EC2 instances programmatically, either by using the AWS Command Line Interface (AWS CLI) or one of the AWS software development kits (SDKs). In the example AWS CLI command, you see a single command that specifies the minimal information that is needed to launch an instance. The command includes the following information: aws – Specifies an invocation of the aws command line utility. ec2 – Specifies an invocation of the ec2 service command. run-instances – Is the subcommand that is being invoked. The rest of the command specifies several parameters, including: image-id – This parameter is followed by an AMI ID. All AMIs have a unique AMI ID. count – You can specify more than one. instance-type – You can specify the instance type to create (for example) a c3.large instance key-name – In the example, assume that MyKeyPair already exists. security-groups - In this example, assume that MySecurityGroup already exists. region - AMIs exist in an AWS Region, so you must specify the Region where the AWS CLI will find the AMI and launch the EC2 instance. The command should successfully create an EC2 instance if: The command is properly formed The resources that the command needs already exist You have sufficient permissions to run the command You have sufficient capacity in the AWS account If the command is successful, the API responds to the command with the instance ID and other relevant data for your application to use in subsequent API requests. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 34 AWS Training and Certification Module 6: Compute Amazon EC2 instance lifecycle Only instances backed by Amazon EBS Launch Start pending AMI Reboot Stop rebooting running stopping stopped Stop- Hibernate Terminat e shutting- down Terminate terminated © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29 Here, you see the lifecycle of an instance. The arrows show actions that you can take and the boxes show the state the instance will enter after that action. An instance can be in one of the following states: Pending – When an instance is first launched from an AMI, or when you start a stopped instance, it enters the pending state when the instance is booted and deployed to a host computer. The instance type that you specified at launch determines the hardware of the host computer for your instance. Running – When the instance is fully booted and ready, it exits the pending state and enters the running state. You can connect over the internet to your running instance. Rebooting – AWS recommends you reboot an instance by using the Amazon EC2 console, AWS CLI, or AWS SDKs instead of invoking a reboot from within the guest operating system (OS). A rebooted instance stays on the same physical host, maintains the same public DNS name and public IP address, and if it has instance store volumes, it retains the data on those volumes. Shutting down – This state is an intermediary state between running and terminated. Terminated – A terminated instance remains visible in the Amazon EC2 console for a while before the virtual machine is deleted. However, you can’t connect to or recover a terminated instance. Stopping – Instances that are backed by Amazon EBS can be stopped. They enter the stopping state before they attain the fully stopped state. Stopped – A stopped instance will not incur the same cost as a running instance. Starting a stopped instance puts it back into the pending state, which moves the instance to a new host © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 35 AWS Training and Certification Module 6: Compute machine. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 36 29 AWS Training and Certification Module 6: Compute Consider using an Elastic IP address Rebooting an instance will not If you require a persistent public IP change any IP addresses or DNS address – hostnames. Associate an Elastic IP address with the instance. When an instance is stopped and then started again – Elastic IP address characteristics – The public IPv4 address and external DNS Can be associated with instances in the hostname will change. Region as needed. The private IPv4 address and internal DNS Remains allocated to your account until hostname do not change. you choose to release it. Elastic IP Address © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31 A public IP address is an IPv4 address that is reachable from the internet. Each instance that receives a public IP address is also given an external DNS hostname. For example, if the public IP address assigned to the instance is 203.0.113.25, then the external DNS hostname might be ec2-203-0-113-25.compute-1.amazonaws.com. If you specify that a public IP address should be assigned to your instance, it is assigned from the AWS pool of public IPv4 addresses. The public IP address is not associated with your AWS account. When a public IP address is disassociated from your instance, it is released back into the public IPv4 address pool, and you will not be able to specify that you want to reuse it. AWS releases your instance's public IP address when the instance is stopped or terminated. Your stopped instance receives a new public IP address when it is restarted. If you require a persistent public IP address, you might want to associate an Elastic IP address with the instance. To associate an Elastic IP address, you must first allocate a new Elastic IP address in the Region where the instance exists. After the Elastic IP address is allocated, you can associate the Elastic IP address with an EC2 instance. By default, all AWS accounts are limited to five (5) Elastic IP addresses per Region because public (IPv4) internet addresses are a scarce public resource. However, this is a soft limit, and you can request a limit increase (which might be approved). © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 37 AWS Training and Certification Module 6: Compute EC2 instance metadata Instance metadata is data about your instance. While you are connected to the instance, you can view it – In a browser: http://169.254.169.254/latest/meta-data/ In a terminal window: curl http://169.254.169.254/latest/meta-data/ Example retrievable values – Public IP address, private IP address, public hostname, instance ID, security groups, Region, Availability Zone. Any user data specified at instance launch can also be accessed at: http://169.254.169.254/latest/user-data/ It can be used to configure or manage a running instance. For example, author a configuration script that reads the metadata and uses it to configure applications or OS settings. © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 32 Instance metadata is data about your instance. You can view it while you are connected to the instance. To access it in a browser, go to the following URL: http://169.254.169.254/latest/meta-data/. The data can also be read programmatically, such as from a terminal window that has the cURL utility. In the terminal window, run curl http://169.254.169.254/latest/meta-data/ to retrieve it. The IP address 169.254.169.254 is a link-local address and it is valid only from the instance. Instance metadata provides much of the same information about the running instance that you can find in the AWS Management Console. For example, you can discover the public IP address, private IP address, public hostname, instance ID, security groups, Region, Availability Zone, and more. Any user data that is specified at instance launch can also be accessed at the following URL: http://169.254.169.254/latest/user-data. EC2 instance metadata can be used to configure or manage a running instance. For example, you can author a configuration script that accesses the metadata information and uses it to configure applications or OS settings. © 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved. 38 AWS Training and Certification Module 6: Compute Amazon CloudWatch for monitoring Use Amazon CloudWatch to monitor EC2 instances Provides near-real-time metrics Amazon CloudWatch Instance with CloudWatch Provides charts in the Amazon EC2 console Monitoring tab that you can view Maintains 15 months of historical data Basic monitoring Default, no additional cost Metric data sent to CloudWatch every 5 minutes Detailed monitoring Fixed monthly rate for seven pre-selected metrics Metric data delivered every 1 minute © 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 33 You can monitor your ins