§ EC2 provides secure, resizable compute capacity.

§ Gives you complete control of your computing resources

including choice of storage, processor, networking and
operating system.
§ Allows you to increase/decrease capacity in minutes
§ You need to create a key pair — public & private for
asymmetric encryption.
§ The EC2 Root volume is a virtual disk where the OS is
installed, it can only be launched on SSD or Magnetic.
§ Termination protection is turned off by default (turn on to
make sure user doesn’t accidentally terminate instances)
§ On an EBS backed instance, the root EBS volume is
deleted when the instance is terminated
§ Bootstrap scripts are code that gets ran as soon as your
EC2 instance first boots up.
§ Infrastructure as a Service (IaaS) - virtual machine on the cloud
§ You must provision nitro-based EC2 instance to achieve 64000
EBS IOPS. Max 32000 EBS IOPS with Non-Nitro EC2.
§ When you restart an EC2 instance, its public IP can change. Use
Elastic IP to assign a fixed public IPv4 to your EC2 instance. By
default, all AWS accounts are limited to five (5) Elastic IP
addresses per Region.
§ Get EC2 instance metadata such as private & public IP from
http://169.254.169.254/latest/meta-data and user-defined data
from http://169.254.169.254/latest/user-data
§ Place all the EC2 instances in same AZ to reduce the data transfer
cost
§ EC2 Hibernate saves the contents of instance memory (RAM) to
the Amazon EBS root volume. When the instance restarts, the
RAM contents are reloaded, brings it to last running state, also
known as pre-warm the instance. You can hibernate an instance
only if it’s enabled for hibernation and it meets the hibernation
prerequisites
§ Use VM Import/Export to import virtual machine image and
convert to Amazon EC2 AMI to launch EC2 instances
§ Elastic Compute Cloud – EC2 provides s calable
computing capacity in AWS
§ eliminates the need to invest in hardware upfront, so
applications can be developed and deployed faster.
§ can be used to launch as many or as few virtual servers as
you need, configure security and networking, and manage
storage.
§ enables you to scale up or down to handle changes in
requirements or spikes in popularity, reducing the need to
forecast traffic.
§ Even the user can dismantle the virtual device once its
task is completed and it is no more required. For
providing, all these scalable resources AWS charges some
bill amount at the end of every month, the bill amount is
entirely dependent on your usage.
§ EC2 provides you to rent virtual computers.
§ The provision of servers on AWS Cloud is one of the
easiest ways in EC2. EC2 has resizable capacity. EC2
offers security, reliability, high performance, and cost-
effective infrastructure so as to meet the demanding
business needs.
§ Amazon EC2 provides the developers with the tools to build
resilient applications that isolate themselves from some
common scenarios.
§ EC2 is an on-demand computing service on the AWS cloud
platform. Under computing, it includes all the services a
computing device can offer to you along with the flexibility
of a virtual environment.
§ It also allows the user to configure their instances as per their
requirements i.e. allocate the RAM, ROM, and storage
according to the need of the current task.
§ Amazon EC2 is a web service that provides resizable
compute capacity in the cloud.
§ Amazon EC2 reduces the time required to obtain and boot
new user instances to minutes rather than in older days, if
you need a server then you had to put a purchase order, and
cabling is done to get a new server which is a very time-
consuming process. Now, Amazon has provided an EC2
which is a virtual machine in the cloud that completely
changes the industry.
§ You can scale the compute capacity up and down as per the
computing requirement changes.
§ Deploying Application: In the AWS EC2 instance, you can
deploy your application like .jar,.war, or .ear application
without maintaining the underlying infrastructure.
§ Scaling Application: Once you deployed your web
application in the EC2 instance know you can scale your
application based upon the demand you are having by
scaling the AWS EC2-Instance.
§ Deploying The ML Models: You can train and deploy your
ML models in the EC2-instance because it offers up to 400
Gbps), and storage services purpose-built to optimize the
price performance for ML projects.
§ Hybrid Cloud Environment: You can deploy your web
application in EC2-Instance and you can connect to the
database which is deployed in the on-premises servers.
§ Cost-Effective: Amazon EC2-instance is cost-effective so
you can deploy your gaming application in the Amazon
EC2-Instances
§ Amazon EC2 is a web service that provides resizable
compute capacity in the cloud.
§ Amazon EC2 reduces the time required to obtain and boot
new user instances to minutes rather than in older days, if
you need a server then you had to put a purchase order,
and cabling is done to get a new server which is a very
time-consuming process. Now, Amazon has provided an
EC2 which is a virtual machine in the cloud that
completely changes the industry.
§ You can scale the compute capacity up and down as per
the computing requirement changes.
§ Amazon EC2 changes the economics of computing by
allowing you to pay only for the resources that you
actually use. Rather than you previously buy physical
servers, you would look for a server that has more CPU
capacity, RAM capacity and you buy a server over 5 year
term, so you have to plan for 5 years in advance. People
spend a lot of capital in such investments. EC2 allows you
to pay for the capacity that you actually use.
Amazon EC2 console
§ Amazon EC2 console is the web-based user interface that
can be accessed from the AWS management console
AWS Command line Interface (CLI)
§ Provides commands for a broad set of AWS products, and
is supported on Windows, Mac, and Linux.
Amazon EC2 Command Line Interface (CLI) tools
§ Provides commands for Amazon EC2, Amazon EBS, and
Amazon VPC, and is supported on Windows, Mac, and
Linux
AWS Tools for Windows Powershell
§ Provides commands for a broad set of AWS products for
those who script in the PowerShell environment
AWS Query API
§ Query API allows for requests are HTTP or HTTPS requests that
use the HTTP verbs GET or POST and a Query parameter named
Action
AWS SDK libraries
§ AWS provides libraries in various languages which provide basic
functions that automate tasks such as cryptographically signing
your requests, retrying requests, and handling error responses
§ ON DEMAND
§ RESERVED
§ SPOT INSTANCE
§ DEDICATED HOST
§ It allows you to pay a fixed rate by the hour or even by the
second with no commitment.
§ Linux instance is by the second and windows instance is
by the hour.
§ On Demand is perfect for the users who want low cost
and flexibility of Amazon EC2 without any up-front
investment or long-term commitment.
§ It is suitable for the applications with short term, spiky or
unpredictable workloads that cannot be interrupted.
§ It is useful for the applications that have been developed
or tested on Amazon EC2 for the first time.
§ On Demand instance is recommended when you are not
sure which instance type is required for your performance
needs.
§ The On-Demand instance is like a pay-as-you-go model where
you have to pay only for the time you are going to use if the
instance is stopped then the billing for that instance will be
stopped when it was in the running state then you are going to be
charged. The billing will be done based on the time EC2-
Instance is running.
§ With On-Demand Instances, you pay for compute capacity by
the second with no long-term commitments. You have full
control over the instance's lifecycle—you decide when to launch,
stop, hibernate, start, reboot, or terminate it.
§ There is no long-term commitment required when you purchase
On-Demand Instances. You pay only for the seconds that your
On-Demand Instances are in the running state, with a 60-second
minimum. The price per second for a running On-Demand
Instance is fixed, and is listed on the Amazon EC2 Pricing
§ We recommend that you use On-Demand Instances for
applications with short-term, irregular workloads that cannot be
interrupted.
• Pay for the instances and the compute capacity used by
the hour or the second, depending on which instances you
run
• No long-term commitments or up-front payments
• Instances can be scaled accordingly as per the demand
• Although AWS makes effort to have the capacity to
launch On-Demand instances, there might be instances
during peak demand where the instance cannot be
launched
• Users that want the low cost and flexibility of EC2
without any up-front payment or long-term commitment
• Applications with short term, spiky, or unpredictable
workloads that cannot be interrupted
• Applications being developed or tested on EC2 for the
first time
§ It is a way of making a reservation with Amazon or we
can say that we make a contract with Amazon. The
contract can be for 1 or 3 years in length.
§ In a Reserved instance, you are making a contract means
you are paying some upfront, so it gives you a significant
discount on the hourly charge for an instance.
§ It is useful for applications with steady state or predictable
usage.
§ It is used for those applications that require reserved
capacity.
§ Users can make up-front payments to reduce their total
computing costs. For example, if you pay all your
upfronts and you do 3 years contract, then only you can
get a maximum discount, and if you do not pay all
upfronts and do one year contract then you will not be
able to get as much discount as you can get If you do 3
year contract and pay all the upfronts.
§ Reserved Instances provides lower hourly running costs by
providing a billing discount (up to 75%) as well as capacity
reservation that is applied to instances and there would never be
a case of insufficient capacity
§ Discounted usage price is fixed as long as you own the Reserved
Instance, allowing compute costs prediction over the term of the
reservation
§ Reserved instances are best suited if consistent, heavy, use is
expected and they can provide savings over owning the
hardware or running only On-Demand instances.
§ Reserved Instances do not renew automatically, and the
EC2 instances can be continued to be used but charged
On-Demand rates
§ Auto Scaling or other AWS services can be used to launch
the On-Demand instances that use the Reserved Instance
benefits
§ You pay for the entire term, regardless of the usage
§ Once purchased, the reservation cannot be canceled but
can be sold in the Reserved Instance Marketplace

§ Applications with steady state or predictable usage § Reserved Instance pricing tier discounts only apply to
purchases made from AWS, and not to the third party
§ Applications that require reserved capacity Reserved instances
§ Users are able to make upfront payments to reduce their total
computing costs even further
§ Reserved instance is not a physical instance that is launched, but
rather a billing discount applied to the use of On-Demand
Instances
§ On-Demand Instances must match certain attributes, such as
instance type and Region, in order to benefit from the billing
discount.
§ Reversed Instance is like you are going to give the
commitment to the AWS by buying the instance for one
year or more than one year by the requirement to your
organization. Because you are giving one year of
Commitment to the AWS they will discount the price on
that instance.
§ Reserved Instances provide you with significant savings
on your Amazon EC2 costs compared to On-Demand
Instance pricing. Reserved Instances are not physical
instances, but rather a billing discount applied to the use
of On-Demand Instances in your account. These On-
Demand Instances must match certain attributes, such as
instance type and Region, in order to benefit from the
billing discount.
Standard Reserved Instances
§ It provides a discount of up to 75% off on demand. For
example, you are paying all up-fronts for 3 year contract.
§ It is useful when your Application is at the steady-state.
Convertible Reserved Instances
§ It provides a discount of up to 54% off on demand.
§ It provides the feature that has the capability to change the
attributes of RI as long as the exchange results in the
creation of Reserved Instances of equal or greater value.
§ Like Standard Reserved Instances, it is also useful for the
steady state applications.
Scheduled Reserved Instances
§ Scheduled Reserved Instances are available to launch
within the specified time window you reserve.
§ It allows you to match your capacity reservation to a
predictable recurring schedule that only requires a fraction
of a day, a week, or a month.
§ AWS does not have any capacity available for Scheduled
Reserved Instances or any plans to make it available in the
future. To reserve capacity, use On-Demand Capacity
Reservations instead
§ Charges are incurred for the time that the instances are
scheduled, even if they are not used
§ Scheduled Reserved Instances (Scheduled Instances) enable § after purchase cannot be modified, canceled, or resold
capacity reservations purchase that recurs on a daily, weekly, or
monthly basis, with a specified start time and duration, for a § only supported instance types: C3, C4, M4, and R3
one-year term. § the required term is 365 days (one year).
§ Capacity is reserved in advance and is always available when § minimum required utilization is 1,200 hours per year
needed
§ purchase up to three months in advance
§ Scheduled Instances are a good choice for workloads that do
not run continuously, but do run on a regular schedule for e.g.
weekly or monthly batch jobs
§ EC2 launches the instances, based on the launch specification
during their scheduled time periods
§ EC2 terminates the EC2 instances three minutes before the end
of the current scheduled time period to ensure the capacity is
available for any other Scheduled Instances it is reserved for.
§ Scheduled Reserved instances cannot be stopped or rebooted,
however, they can be terminated and relaunched within
minutes of termination
§ It allows you to bid for a price whatever price that you
want for instance capacity, and providing better savings if
your applications have flexible start and end times.
§ Spot Instances are useful for those applications that have
flexible start and end times.
§ It is useful for those applications that are feasible at very
low compute prices.
§ It is useful for those users who have an urgent need for
large amounts of additional computing capacity.
§ EC2 Spot Instances provide less discounts as compared to
On Demand prices.
§ Spot Instances are used to optimize your costs on the
AWS cloud and scale your application's throughput up to
10X.
§ EC2 Spot Instances will continue to exist until you
terminate these instances.
§ A Spot Instance is an instance that uses spare EC2
capacity that is available for less than the On-Demand
price. Because Spot Instances enable you to request
unused EC2 instances at steep discounts, you can lower
your Amazon EC2 costs significantly. The hourly price for
a Spot Instance is called a Spot price. The Spot price of
each instance type in each Availability Zone is set by
Amazon EC2, and is adjusted gradually based on the
long-term supply of and demand for Spot Instances. Your
Spot Instance runs whenever capacity is available
§ Spot Instances are a cost-effective choice if you can be
flexible about when your applications run and if your
applications can be interrupted. For example, Spot
Instances are well-suited for data analysis, batch jobs,
background processing, and optional tasks
§ Spot capacity pool – A set of unused EC2 instances with
the same instance type (for example, m5.large) and
Availability Zone.
§ Spot price – The current price of a Spot Instance per hour.
§ Spot Instance request – Requests a Spot Instance. When
capacity is available, Amazon EC2 fulfills your request. A
Spot Instance request is either one-time or persistent.
Amazon EC2 automatically resubmits a persistent Spot
Instance request after the Spot Instance associated with
the request is interrupted
§ EC2 instance rebalance recommendation – Amazon
EC2 emits an instance rebalance recommendation signal
to notify you that a Spot Instance is at an elevated risk of
interruption. This signal provides an opportunity to
proactively rebalance your workloads across existing or
new Spot Instances without having to wait for the two-
minute Spot Instance interruption notice.
§ Spot Instance interruption – Amazon EC2 terminates,
stops, or hibernates your Spot Instance when Amazon
EC2 needs the capacity back. Amazon EC2 provides a
Spot Instance interruption notice, which gives the instance
a two-minute warning before it is interrupted.
§ A dedicated host is a physical server with EC2 instance
capacity which is fully dedicated to your use.
§ The physical EC2 server is the dedicated host that can
help you to reduce costs by allowing you to use your
existing server-bound software licenses. For example,
Vmware, Oracle, SQL Server depending on the licenses
that you can bring over to AWS and then they can use the
Dedicated host.
§ Dedicated hos ts are us ed to a d d r e s s c o m p l i a n c e
requirements and reduces host by allowing to use your
existing server-bound server licenses.
§ It can be purchased as a Reservation for up to 70% off
On-Demand price.
• General Purpose Instances
• Compute Optimized Instances
• Memory-Optimized Instances
• Storage Optimized Instances
• Accelerated Computing
Instances
§ General purpose instances provide a balance of compute,
memory and networking resources, and can be used for a
variety of diverse workloads. These instances are ideal for
applications that use these resources in equal proportions
such as web servers and code repositories.
§ The most basic and all rounder AWS EC2 instances are
the General Purpose Instances. They provide a perfect
balance of computing, memory and networking resource.
The below image shows the important points of both the
sub class of the General Purpose Instance.
§ General-purpose instances offer a good mix of compute,
memory, and networking resources and can be used for a
wide range of workloads. These instances are ideal for
applications like web servers and code repositories that
use these resources in equal parts.
General Purpose - T3/T4g Instance
§ The T3/T4g have a baseline CPU performance of 2.5 GHz.
These instance can burst to higher performance for shorter
duration. The T3/T4g are burstable instance for this reason.
§ This burst is paid with CPU credits. When the instance is idle it
leads to accumulation of CPU Credits.
§ The T4g is the AWS Graviton2 Processor.
§ The ideal use case for these instances are micro-service, low-
latency application, development environment.
§ Yo u s h o u l d b e s a f e t o n o t r e l y o n t h e b u r s t a b l e C P U
performance.
General Purpose - M5 Instance
§ These are, the more stable instance, in comparison to the
T2/T4a Instance. They use a 3.1 GHz Intel Processor. These
should be the first choice for anyone starting out on AWS.
These instances provide a better baseline performance.
§ The best use case for M5 Instance are small and midsize
databases, data processing tasks.
General Purpose - Mac Instance
§ AWS EC2 now provides macOS as an option for
development. These are based on the Apple Mac Mini
computer. It uses the Intel core I7 processor with 3.2 GHz
(4.6 GHz Turbo) performance. There is only the
mac1.metal option.
§ macOS products can use these instance for development,
testing.
General Purpose - Arm Instance (A1)
§ The ARM based processor for AWS EC2 instance. It fully
supports the ARM based development environment.
§ Web server, micro-services, are some of the workload
example for these instance.
§ If you have to pick one instance, then pick the M5
instance in this general category.
§ Use a T3/T4g only if you want to use the free tier service.
§ The other ARM and Mac instance, are very specific. You
should use them till you do not have a specific need for
these instance
§ The AWS Compute Optimizer service analyzes the
resources used in the AWS environment and provides
suggestions to rightsize user applications. The service can
help organizations reduce costs by up to 25% through its
optimization recommendations for existing EC2 servers.
§ This machine learning-driven service makes
recommendations based on analysis of CloudWatch
metrics of EC2 instances and AWS Auto Scaling groups,
as well as identifying patterns and optimal resources for a
given workload. These recommendations reflect optimal
usage of resources—since over-provisioning leads to
additional costs, and under-provisioning leads to
performance degradation. AWS Compute Optimizer
provides greater functionality than other AWS tools, such
as AWS Trusted Advisor and AWS Cost Explorer.
• The server you need to use for higher compute power.
They support 3.6 GHz to 3.9 GHz compute power.
• The cost of a C5.large is cheaper than then General
Purpose M instance. You need little higher compute power
than use the C5 instance.
• Compute optimized instances are ideal for compute-bound
applications that benefit from high-performance
processors.
• Memory optimized instances are designed to deliver fast
performance for workloads that process large data sets in
memory.
• RAM has a direct impact on any compute operation. If
you need higher RAM, then these are the instance you
should use. They support 4.0 GHz compute frequency.
The baseline instance, has 16 GiB RAM in them. This is
more than the Compute Optimized and General Purpose
Instance.
There are 3 types of sub classification in these memory
optimized instances.
§ Memory Optimized - R instance

§ Memory Optimized - X instance

§ Memory Optimized - Z instance

• Memory-optimized instances offer a large memory size
designed for memory intensive applications including in-
memory applications, in-memory databases (such as SAP
HANA), in-memory analytics solutions, High Performance
Computing, Electronic Design Automation, scientific computing
and enterprise applications.
• Storage optimized instances are designed for workloads
that require high, sequential read and write access to very
large data sets on local storage. They are optimized to
deliver tens of thousands of low-latency, random I/O
operations per second (IOPS) to applications. For more
information, including the technology used
• These instance provides the variety in the Hard Disk or
local storage option.
There are 3 sub classification of these instances.
• Storage Optimized - D Instance
• Storage Optimized - I Instance
• Storage Optimized - H Instance
• The Storage Optimized instances are optimized for companies
who seek to launch workloads in need of high, sequential read
and write access to extremely huge data sets on that are found on
local storage. These instances are designed for the sake of
delivering thousands of low-latencies random IOPS to apps.
• Accelerated computing instances use hardware
accelerators, or co-processors, to perform some functions,
such as floating point number calculations, graphics
processing, or data pattern matching, more efficiently than
is possible in software running on CPUs. These instances
enable more parallelism for higher throughput on
compute-intensive workloads.
• If you require high processing capability, you'll benefit
from using accelerated computing instances, which
provide access to hardware-based compute accelerators
such as Graphics Processing Units (GPUs), Field
Programmable Gate Arrays (FPGAs), or AWS Inferentia.
• Till now all the instance type was using similar hardware.
Ther e w a s n o s p e c i a l h a r d w a r e u s e d t o i m p r o v e
performance. The Accelerated Computing instance
changes that. It uses specific hardware for specific tasks.
Like a GPU for both GPU intensive work or parallel
processing.
• It even uses hardware accelerators for FPGA and AWS
Inferentia for AWS AI/ML work load.
There is four sub classification of the Accelerated Computing
Instance.
• Accelerated Computing - P Instance
• Accelerated Computing - G Instance
• Accelerated Computing - F Instance
• Accelerated Computing - Inf1 Instance
§ An Amazon Machine Image (AMI) is a supported and
maintained image provided by AWS that provides the
information required to launch an instance. You must
specify an AMI when you launch an instance. You can
launch multiple instances from a single AMI when you
require multiple instances with the same configuration.
You can use different AMIs to launch instances when you
require instances with different configurations.
§ One or more Amazon Elastic Block Store (Amazon EBS)
snapshots, or, for instance-store-backed AMIs, a template
for the root volume of the instance (for example, an
operating system, an application server, and applications).
§ Launch permissions that control which AWS accounts can
use the AMI to launch instances.
§ A block device mapping that specifies the volumes to
attach to the instance when it's launched.
§ An Amazon Machine Image (AMI) is a master image for
the creation of virtual servers -- known as EC2 instances -
- in the Amazon Web Services (AWS) environment.
§ The machine images are like templates that are configured with § Hardware virtual machines - HVM guests are fully
an operating system and other software that determine the user's virtualized, and the underlying hardware has to be emulated
operating environment. AMI types are categorized according to for the guests to use. With PV, the guest OS is modified to run
region, operating system, system architecture -- 32- or 64-bit -- without requiring that emulation. HVM requires that the host
launch permissions and whether they are backed by Amazon machine have a specific feature available on its hardware,
Elastic Block Store (EBS) or backed by the instance store. whereas PV requires that the guest OS have a specific feature
present in the software.
§ Each AMI includes a template for the root volume required for
a particular type of instance. A typical example might contain
an operating system, an application server and applications.
Permissions are also controlled to ensure that AMI launches are
restricted to the appropriate AWS accounts. block device
mapping ensures that the correct volumes are attached to the
launched instance.
§ Paravirtualization - This is a virtualization technique that can
improve the performance of guest operating systems by
eliminating the overhead of emulating hardware and by using
knowledge of the guest operating system (OS). It is an approach
to virtualization that is effective for high-performance
computing (HPC) applications, such as those used in scientific
computing, transactional databases and other enterprise
computing that require rapid processing. PV requires close
cooperation between the virtual machine monitor and the guest
operating system, as well as a modified operating system kernel.
§ EBS-backed
§ Instance store-backed
§ EBS is nothing but a volume that provides you persistent
storage.
§ When you run an EC2 instance that provides you temporary
storage, if you delete an EC2 instance then the data stored in
the EC2 instance will also be deleted. To make a data
persistent, Amazon provides an EBS Volume. If you launch an
EC2 instance and want to make some data persistent, then you
need to attach an instance with the EBS Volume so that your
data would be available even on deleting an EC2 instance.
§ When you launch an EC2 instance, it will always have a root
device as an EBS Volume which makes the data persistent.
Therefore, we can say that when we delete an EC2 instance,
then the data is available in a root device.
§ In EBS - backed instances, you will be charged or billed for
the storage of static data such as operating systems files, etc.
§ The cost of adding the EBS Volume to an EC2 instance is
minimal.
§ EBS backed instances are the instances that are connected to the
storage drives over the network. Unlike instance store volumes,
these storage drives are not connected physically to the instances
but are accessed by the instances over the network. These drives
result in slow performance, but the data is persistent on the drives.
§ EBS (Elastic block storage) volumes are flexible, and the
characteristics of these volumes can be changed at any time. You
can change the volume size, volume type, and provisioned IOPS
of the volume connected to the production instance without
downtime. These volumes can also be used for data that is
frequently updated, like database storage or root drive of the
instance.
§ Multiple EBS volumes can be attached to the same instance, and
for this, the instance and the EBS volumes must be in the same
availability zone. You can also create an EBS volume without
connecting it to any instance. Similarly, an EBS volume can also
be connected to multiple instances depending upon the instance
and volume type.
§ It supports stopping as well as restarting of an instance by
saving the state to EBS volume.
§ Data persists in EBS volume. If an instance is terminated,
no data would be lost.
§ Boot time It takes less than 1 min.
§ Size limit 1 TB
§ AMI is very easily created by using a single command.
§ It is less expensive.
§ Can be selected as Root Volume and attached as
additional volumes
§ EBS backed Instances can be of maximum 64TiB volume
size depending upon the OS,
§ EBS volume can be attached as additional volumes when
the Instance is launched and even when the Instance is up
and running
§ When an EBS-backed instance is in a stopped state, various
instance– and volume-related tasks can be done for e.g. you can
modify the properties of the instance, you can change the size of
your instance or update the kernel it is using, or you can attach
your root volume to a different running instance for debugging
or any other purpose
§ EBS volumes are AZ scoped and tied to a single AZ where
created.
§ EBS volumes are automatically replicated within that zone to
prevent data loss due to the failure of any single hardware
component
§ AMI creation is easy using a Single command
§ EBS backed Instances can be upgraded for instance type, Kernel,
RAM disk, and user data
§ In Instance-Store, an instance consists of storage approx 1
TB or 2 TB which is temporary storage. As soon as the
instance is terminated, all the data will be lost. For
example, if you launch an instance, and deploy the
database in it. If you delete an instance, then all the data
will be lost and this becomes the challenge. In such a
scenario, you can add an additional EBS Volume that also
stores the data, so even if you delete an instance, your data
would not be lost.
§ An Instance store backed instance is an EC2 instance
using an Instance store as root device volume created
from a template stored in S3.
§ Instance store volumes access storage from disks that are
physically attached to the host computer.
§ When an Instance stored instance is launched, the image
that is used to boot the instance is copied to the root
volume (typically sda1)
§ Instance store provides temporary block-level storage for
instances.
§ Data on an instance store volume persists only during the life of
the associated instance; if an instance is stopped or terminated,
any data on instance store volumes is lost.
§ Boot time is slower than EBS backed volumes and usually less
than 5 min
§ Can be selected as Root Volume and attached as additional
volumes
§ Instance store backed Instances can be of a maximum 10GiB
volume size
§ Instance store volume can be attached as additional volumes only
when the instance is being launched and cannot be attached once
the Instance is up and running.
§ Instance store backed Instances cannot be stopped, as when
stopped and started AWS does not guarantee the instance would
be launched in the same host, and hence the data is lost.
§ AMI creation requires the usage of AMI tools and needs
to be executed from within the running instance.
§ Instance store backed Instances cannot be upgraded
§ In this case, an instance cannot be stopped. It can be either
in a running or terminated state.
§ Data does not persist so when instance is terminated, data
would be lost.
§ Boot time It usually takes less than 5 min.
§ Size limit 10 - 16 TB
§ To create an AMI, it requires installation and AMI tools.
§ It is more expensive as compared to Instance Store-
backed instance.
§ A security group is a virtual firewall which is controlling
the traffic to your EC2 instances.
§ When you first launch an EC2 instance, you can associate
it with one or more security groups.
§ A Security group is the first defence against hackers.
§ An AWS security group acts as a virtual firewall for your
EC2 instances to control incoming and outgoing traffic.
Both inbound and outbound rules control the flow of
traffic to and traffic from your instance, respectively.
§ AWS Security Groups help you secure your cloud
environment by controlling how traffic will be allowed
into your EC2 machines. With Security Groups, you can
ensure that all the traffic that flows at the instance level is
only through your established ports and protocols.
• When launching an instance on Amazon EC2, you need to assign
it to a particular security group. You can add rules to each security
group that allow traffic to or from designated services including
associated instances
• Like whitelists, security group rules are always permissive. It’s
not possible to create rules that deny access. For example, you
may have traffic coming from an Elastic Load Balancer (ELB) to
a subnet with web servers. You AWS Security Group can list that
ELB as their sole permitted source.
• Security groups are stateful, which means that if an inbound
request passes, then the outbound request will pass as well.
Multiple AWS Security Groups
§ You can specify one or more security groups for each EC2 instance, with a
maximum of five per network interface. Additionally, each instance in a
subnet in your VPC can be assigned to a different set of security groups. In
allowing traffic to reach an instance, Amazon EC2 evaluates all of the rules
from all of the security groups associated.
§ Once rules are added or modified, they will be automatically applied to all
instances that are associated with the security group
§ With tools like CloudGuard, you can visualize your cloud security posture
at the infrastructure level (VPCs, security groups, EC2 and RDS instances,
Amazon S3 buckets, Elastic Load Balancers, etc.) and interactively detect
configuration drift.
§ A Bastion Host is a special purpose computer on a host
designed and configured to withstand attacks.
§ The computer hosts a single application, for example, a
proxy server and all the other services are removed to
reduce the threat to the computer.
§ A Bastion host is hardened due to its location and purpose,
which is either on the outside of a firewall or
demilitarized zone, i.e., public subnet and it usually
accesses from untrusted networks or computers.
§ A Bastion host is a special-purpose server or an instance
that is used to configure to work against the attacks or
threats. It is also known as the ‘jump box’ that acts like a
proxy server and allows the client machines to connect to
the remote server. It is basically a gateway between the
private subnet and the internet. It allows the user to
connect private network from an external network and act
as proxy to other instances.
§ Security plays an important role in all sectors. When a user is
using any service its concern is that his/her data should be
secured while sharing their data in that service. There is always
a chance that some malicious attacks or threats take place when
the user is using some services. Although Amazon is capable of
providing excellent security to its service. Amazon suggested to
use SSH or RDP for more security to instances and services.
Bastion Host is one of the services provided by the AWS in
order to avoid unnecessarily exposing users’ data on the internet.
Bastion host tightens the access of the resources, gateways,
instances, etc. These hosts are accessed with the help of SSH or
RDP protocols.
§ Bastion Host is launched in Public subnets and acts as a proxy to
the instances in a private subnet.
§ It provides security by reducing the attacks on your
infrastructure.
§ A Bastion host is used to to administer EC2 instances using SSH
or RDP securely. Bastion hosts are also known as jump boxes in
Australia.
§ You cannot use NAT Gateway as a Bastion host. If you SSH or
RDP to an instance in a private subnet, you need to configure a
Bastion host. You cannot use NAT Gateway.
§ EBS Snapshots are point-in-time images or copies of your
EBS Volume. These are stored on S3, which can be
accessed through Elastic Cloud Computing APIs or AWS
Console. While EBS volumes are availability zone (AZ’s)
specific but, Snapshots are Region-specific.
§ Your Snapshot size must be either same or larger than the
size of the original volume from which the snapshot is
taken.
§ As per Amazon, each AWS account can have a maximum
of up to 5000 images or copies Volumes and up to 10,000
EBS Snapshots created.
§ A snapshot, when created, shows a ‘pending ‘ status,
which then converts into ‘complete’ once the snapshot
creation is successful.
§ Snapshot is a backup of root storage that is attached to the EC2-
Instance to know how to create AWS EC-instance refer to
Amazon EC2 – Creating an Elastic Cloud Compute Instance. The
snapshot which you are going to take at first it consist of all the
data which is present in the EBS eventually snapshots you are
going to take will consist only the data which is newly added and
this snapshots are also called incremental snapshots.
§ AWS will chanrge you based on the amount of data is going to be
backed up in single snapshot. Snapshot source volume will not
decide the cost will decide by the amount of data is being backed
up. For example if size of EBS volume is 100 GiB and the data
you have been backed up is 60 GiB using snapshot then amazon
will only charges you for the 60 GiB only.
§ Snapshots and the volumes which are created by using each them
will be in the state of encryption form.
§ The snapshots which is copied from the un-encrypted snapshots
can be un-encrypted while the process of coping.
§ If the snapshots is already encrypted before you copy you can re-
encrypted the snapshots with the different keys based on your
requirements.
§ The EBS volume created by using the encrypted snapshots then
the volume will also be in encrypted format.
§ Automation: The data stored in the AWS EBS will be
dynamical meas the data will continuously added to the
volume so instead of performing manually you can
automate the whole processes like you can set the timer in
the snapshots configuration while creating AWS snapshots
then snapshots will be automatically with in the certain
intervals of time.
§ Cost-effective: The design of AWS Snapshots will make
them effective for the cost wise. Because AWS snapshots
will follow the incremental type which the data added new
to the existing storage will only been taken as an
snapshots not the entire data. The pricing will only
depends on the amount of data have been backed up.
§ Secure: The data which is been backed up using AWS
snapshots will have an encryption and also you can re-
encrypt the snapshots depending on the requirement.
§ High Availability: The snapshots which we have taken
will directly stored to amazon S3 for long term purpose.
S3 is designed for 99.99999999% (11 nines) durability,
ensuring higher availability of your EBS Snapshots.
§ Backup and restore: Main purpose of amazon snapshot is to take
the backup of EBS volumes in the form of encryption by which
you can avoid the loss of data and also if any accidental deletion
will happen you will be in safer side.
§ Disaster Recovery: It is an rare case scenario in AWS but if any
disaster was occurred in the region where you configured the
data then you can recover it back by using AWS snapshots.
§ Testing and Development: Environments for testing and
development can be built using Amazon EBS snapshots. This is
a useful method for testing new setups or software without
disrupting your live environment.
§ In Amazon Web Services, an EC2 key pair consists of a
public key and a private key that is used to securely
communicate with EC2 instances.
§ The public key is stored on the EC2 instance and is used
to encrypt messages that can only be decrypted by the
corresponding private key, which is kept by the user who
generated the key pair. The private key is used to decrypt
messages that have been encrypted with the public key.
§ When launching an EC2 instance, you have the option to
specify a key pair that will be used to encrypt login
information and authenticate connections to the instance.
§ If you do not specify a key pair when launching an
instance, you will not be able to access it without
additional steps, such as creating a new key pair or using
an existing one.
We can create a Key Pair with two methods:
§ When we are launching an EC2 Instance
§ We can also create a only Key Pair separately.
§ A key pair, consisting of a public key and a private key, is a set of
security credentials that you use to prove your identity when
connecting to an Amazon EC2 instance.
§ Amazon EC2 stores the public key on your instance, and you
store the private key. For Linux instances, the private key allows
you to securely SSH into your instance.
§ As an alternative to key pairs, you can use AWS Systems
Manager Session Manager to connect to your instance with an
interactive one-click browser-based shell or the AWS Command
Line Interface (AWS CLI).
§ Anyone who possesses your private key can connect to your
instances, so it's important that you store your private key in a
secure place.