AWS EC2

  • EC2 stands for elastic compute cloud.
    • It is infrastructure as a service.
  • We can rent virtual machines.
  • Store data on virtual drives.
  • Distribute load across machines.
  • Scale services using an auto skilling group(ASG).
  • We can choose machines with operating systems, windows, Linux, or macOS.
  • We can customise power and cpu cores on our virtual machine.
  • We can customise on random access memory(RAM) As per our requirement.
  • We can customise storage space
    • Network attached(EBS and EFS)
    • Hardware attached(EC2 Instance Stores)
  • We can customise the speed of our network card, public IP address.
  • We can add firewall rules in our security group.
  • We can add a boot strap script, which is the configuration script run at First launch.
    • We can boot App using an EC2 user data script.
    • Boot strapping means launching commands when a machine starts.
    • The script is only run once Add the instance of First start.
  • EC2 userdata is used To automate boot tasks, such as
    • Installing updates
    • Installing software
    • Downloading common files from the internet.
    • Any other security scripts, et cetera, needed to be a part of initial setup.
  • The EC2 user data scripts runs with root user privilege.
AWS Budget Setup
  • From root account enable IAM user and roll access to billing information.
    • This helps IM users with admin access to access billing information.
  • Go to your account information and click on billing and payments. It will show our current billing and billing forecast.
    • You can find this in billing and cost management under your account information.
  • We get following information
    • Cost breakdown
    • Current active services and related cost.
    • We can get our bills
    • Information regarding free tier
  • Create a zero spend budget so that we can get alert for any additional spends.
Launching EC2 instance
  • In EC2 service click on instances. Click on launch instance.
    • Add name and additional tags.
    • Select operating system.
    • Select architecture.
    • Select instance type based on your hardware requirements
    • To use SSH to login to instance Create key pair
      • Give it a name and type
      • If we are using Mac or Linux all Windows 10 and above, we should use .PEM Format which is open SSH supported.
      • If we have previous version of Windows use .PPK Format, which is Putty supported.
    • Configure network settings
    • To create web server, allow HTTP traffic from Internet.
    • Configure storage.
    • To execute boot script, add to the user data section.
    • Click on launch, instance, it will take 15 seconds to boot up.
    • Once booted, our running, instance, will show in the instances.
    • Copy public IP address and we will be able to access our instance from Internet.
    • Stop the instance by clicking instance and selecting from instance state.
    • Delete the instance by terminating instance from instance state.
    • When we restart instance, the public IP changes.
AWS EC2 Image Builder
  • Allows you to create AWS EC2 images. These are virtual images and container images.
  • It’s really simple to use with a graphical interface.
  • We can use EC2 image builder to test and validate our images. We may need to test and validate the images for security, compliance and functionality, using AWS provided tests or your own custom tests.
  • EC to image builder automates the process of creating and maintaining your images.
    • When software updates are available, image builder can automatically create a new image, run validation tests on the new image, and make it available to the AWS regions of your choice.
    • Image builder allows you to share your AMI with other AWS accounts that you own.
  • Steps to create an image
    • Provide a base OS image. Example Amazon Linux 2 AMI.
    • Define software to install, example .Net, Node JS, python, latest security, updates, latest Kernel, security settings.
    • Run test on the new image for example, does it boot correctly etc.
    • Distribute the image to the regions of your choice. (By default, the region you are operating in).
  • EC2 image builder terminology
    • Image pipeline
      • Defines the configuration and end to end process of building images, including the image recipe, distribution and test settings.
    • Image recipe
      • Image builder creates a recipe for each image, which can be shared, version controlled, and re-used.
    • Source image 
      • Example Amazon Linux 2 AMI.
    • Build components
      • Example Apache tomcat.
EC2 Instance Types
  • There are different types of EC2 instances that are optimised for different use cases.
  • There are seven different types of EC2 instances.
  • AWS follows following naming convention.
    • m5.2xlarge
      • M is the instance class
      • 5 is the generation Of instance, which AWS improves overtime.
      • 2X large is the size within the instance class. The more size, the more memory and CPU, we have.
  • Types of Instances
    • https://aws.amazon.com/ec2/instance-types/
    • General purpose type
      • Great for Diversity of workload such as web servers on code repositories.
      • Have a good balance between compute, memory, and networking.
      • T2.micro is a general purpose EC2 instance.
    • Compute optimised instance, types
      • Great for Compute intensive tasks that require high-performance Processors
      • For example, batch processing workloads, media transcoding, high performance, web servers, high-performance computing(HPC),Scientific modelings and machine learning,Dedicated gaming servers.
      • All compute optimise instances start with C for, example C5, C6, et cetera.
    • Memory optimised
      • Fast for work performance, loads that processes large data sets in memory.
      • Used for high-performance relational/Non-relational databases, distributed web scale cache store, In memory databases optimised for BI(Business intelligence), Applications performing real time, processing of big unstructured data.
      • Name starts with R or X Example are R5, X1 et cetera.
    • Storage optimised instance types
      • Great for Storage intensive tasks that require high, sequential read and write access to large data sets on local storage.
      • Use cases
        • High frequency online transaction processing (OLTP) systems.
        • Relational and No SQL databases.
        • Cache for in-memory Databases, for example, Redis.
        • Database warehousing applications.
        • Distributed File systems
        • Instances start with I,G,H
Security Groups
  • Security groups are the fundamental of network security in AWS.
  • They control how traffic is allowed into or out of our EC2 instances.
  • Security groups only contain allow rules.
  • Security group rules can be referenced by IP or by security group.
  • Security groups are acting as a firewall on EC2 instances.
  • They regulate
    • Access to ports.
    • Authorised IP ranges - IPv4 and Ipv6
    • Control of inbound network from other instances
    • Control of outbound network to other instances
  • Security groups can be attached to multiple instances.
  • They a locked down to a region/VPC combination.
  • They will live outside the EC2 instance if traffic is blocked. The EC2 instances will not see it.
  • For SSH access, we should maintain a separate security group.
  • If our application is not accessible, it is a security group issue.
  • If our application gives a connection refused error then it is an application error or it's not launched.
  • By default, all the inbound traffic is blocked.
  • All outbound traffic is authorised by default.
  • If a security group S1 allows access to another security group S2 then the instance attached to S1 can communicate, with instance, attached to S2.
  • Ports used
    • 22=SSH(Secure Shell) - log into a linux instance.
    • 21=FTP(File Transfer Protocol) - upload files into a file share
    • 22=SFTP(Secure File Transfer Protocol) - upload files using SSH
    • 80=HTTP- access to unsecured websites.
    • 443=HTTPS - access secured websites.
    • 3389=RDP(Remote Desktop Protocol) - login to windows instance.

Comments

Post a Comment

Popular posts from this blog

VPC,Cloud Front,EC2,RDS in AWS

 VPC allows you to provision a logically isolated section of AWS where we can launch AWS resources in a virtual network. Cloud Front is a Fast Highly Secure and Programmable Content Delivery Network EC2 provides compute resources  RDS is Amazon's Relationship Database System.
Read more

High Availability Architecture

Following points can be considered while creating a highly available architecture depending on scenarios  A spread Placement group Supports a maximum of seven running Instances per availability zone.for example, In A region with three Availability zones, you can run total of 21 instances in the group.If you try to start an eighth Instance in the same availability zone and in the same spread placement group, the Instance will not launch.If you need to have more than seven instances in an availability zone,Then the Recommendation is to use multiple spread Placement Groups. Using multiple spread Placement Groups does not provide guarantee about the spread of instance between groups, but it does ensure the spread for each group, thus limiting impact from certain classes of failures. Durability refers to the ongoing existence of the object or resource. Note that it does not mean you can access it, only that it continues to exist. Groups, Scaling options, configuration templates are comp...
Read more

High Level Diagrams(HLD's)

Image
High Level Diagram for Building a Serverless application using Step Functions, API Gateway, Lambda, and S3 in AWS HLD for Building and Troubleshooting a Serverless Web
Read more