Amazon Elastic Compute Cloud, EC2 is one of the most important Exam topics on the AWS Certified Solutions Architect – Associate Exam. These exam tips are a must read before you enter the exam room and it is vital that you also get hands-on experience in designing, configuring and supporting EC2 instances on the AWS platform. EC2 stands for Elastic Compute Cloud and is a web service that enables you to launch Compute Cloud instances (servers) in a matter of minutes. It enables you to scale your compute capacity without worrying about the availability of underlying hardware or resources.
EC2 gives you complete control over your computing resources from the OS level up. You get to manage all OS-level functions too like installing updates and patches. With EC2 you don’t need to worry about investing in hardware up front. You are charged on a utility model based on hourly usage. As such Amazon’s EC2 can enable your organisation to swiftly migrate from a CAPEX model to an OPEX model of investment in IT Infrastructure.
Core features of Elastic Compute Cloud, EC2 include:
- Virtual Machine computing environments known as instances
- Create images of virtual machines comprising of OS and any third party software, known as Amazon Machine Images (AMIs). AMIs can then be launched as instances
- You have varying configurations of virtual machines that give you different levels of CPU, Memory and Storage levels
- You can increase of decrease Storage volume sizes for any instance
- Virtual Machines comes with networking capabilities and the ability to add network interfaces
- Secure login information to your instances is carried out using key pairs (AWS stores the public key and you store the private key)
- Store volumes known as instance store volumes are deleted when you stop or terminate an instance
- Persistent storage is offered in the form of Amazon Elastic Block Store (EBS) which is can be used to load OS or applications
- You can launch EC2 virtual machines (instances) in any of AWS’s regions and availability zones
- Firewall solutions offered to restrict access via IP ranges, ports and protocols are offered through the Security Groups and Network Access Control Lists services
- Static IP Address can be assigned to EC2 instances known as Elastic IP Addresses. Instances when launched also receive a unique DNS name that is generated automatically. You can assign a Public IP Address which is not static. Unlike EIPs, you don’t reserve this address and cannot hold on it beyond the lifetime of the instance it is associated to. In other words, with Elastic IP Address, you can reserve the IP for as long as you need and re-associate it with other instances in your AWS account.
- Metadata, known as tags can be assigned to Amazon EC2 resources
- Virtual Networks can be used to logically isolate your Amazon EC2 resources from the rest of the AWS cloud and mimics your virtual datacenter. These are known as Virtual Private Clouds (VPCs)
- When you first launch an EC2 instance, a method of accessing the instance securely is made available. Amazon EC2 uses public-key cryptography to encrypt and decrypt login information. A Key pair is required to access your instance for the first time. If you don’t have a key pair when you launch an instance, you can create one at the time of launch. You must remember to download the private key which is made available to you only at the time of creating it. To access your instances:
- For Linux instances, you would use the private key (.ppk) file to connect to your instance either via the command line or putty using SSH
- For Windows Instances, you would use the (.pem) file to decrypt your Windows Administrator Password that is made available to you which you need to make a note of and use in order to login into your windows machine.
- While launching new instances you have the option run a script at boot time. When launching the instance, you have a configuration option called UserData which is where you would write out either a shell script for a Linux or batch script/power-shell script for Windows instance. This feature is known as bootstrapping and enables you to run commands, install software or download updates to your instance at first launch.
- Tagging an instance is another feature that you can use when you launch new instances. You can also update these later on as well. Tags work on the principle of applying a key/value pair. You create a key and assign a value to it. For example, an instance could have a key of ‘Department’ and value of ‘Finance’. This way you can better manage your instances for administrative and billing analysis
- Instances can be modified after launch. Types of changes include resizing the instance or adding and removing volumes. To resize an instance, you must first stop the instance, resize it and then restart.
- Termination Protection is a feature that you set at the launch of a new instance when configuring the instance. Termination Protection ensures that no one can terminate an instance by accident as it requires disabling the feature first before a termination request will be successful.
- On-Demand Instances – pay a fixed rate by the hour based on instance size. This is for users who want low cost and yet the flexibility to turn on/off instances on demand. These instances do not have any long-term commitment requirements and are ideal for hosting applications with short-term unpredictable workloads but which cannot be interrupted. You can use it for test and development environments. You can also use it to supplement your reserved instances when you expect high traffic from time to time.
- Reserved Instances – you reserve capacity and obtain a large discount for an instance. Reserved instances are signed up for 1 or 3 years. You use this where your applications have a steady state and predictable usage patterns. Generally used in production environments, users have to make upfront payments and commit to either 1-year or 3-year contract. By making upfront payments against the instance, hourly computing charges are discounted heavily. Essentially, if you are using instances that need to run consistently over the next 12 months, then it makes sense to use a reserved instance as your total cost will be less than opting for the on-demand instances.
- Spot Instances – enable you to bid on whatever price you want for instance capacity. The price of spot instances fluctuates based on demand and supply. If your bid price is equal to or greater than the spot price, you will purchase the instance. However, if the spot price goes above your bid price, Amazon will notify you that it will terminate the instance. You then have the option to re-bid a higher price. You pay the Spot price that’s in effect at the beginning of each instance-hour for your running instance. If Spot price changes after you launch the instance, the new price is charged against the instance used for the subsequent hour. Often used by large companies to do large grid computing work, they will seek out spot instances that offer the best value for money. Users with urgent computing needs and a requirement for large amounts of additional capacity make use of spot instances.
- Spot instances are the most commercially economical. If your Spot instance is terminated or stopped by Amazon EC2 in the first instance hour, you will not be charged for that usage. However, if you terminate the instance yourself, you will be charged to the nearest second. If the Spot instance is terminated or stopped by Amazon EC2 in any subsequent hour, you will be charged for your usage to the nearest second. If you are running on Windows and you terminate the instance yourself, you will be charged for an entire hour.
Instance Store is temporary storage, also known as ephemeral storage and is used as buffers, scratch data or to host other temporary content. The cost of instance store is included in the price of the price on an instance and can thus be used for certain workloads as appropriate. Depending on the instance you launch your instance store can either be on Hard Disk Drives (HDD) or Solid State Drives (SSD). Data on the instance store is lost when:
- Instance is stopped or terminated. Note this is not the case when restarting an instance; the store remains intact
- Underlying disk fails
Elastic Block Storage
Amazon Elastic Block Storage enables you to create storage volumes and attach them to your EC2 instances. EBS is block storage and can be used as a standard disk connected to your servers in the cloud. You cannot attach an EBS to more than one instance. However, once attached you can use the EBS volume as a standard hard drive on your cloud instance.
EBS Volume Types
- General Purpose SSD (GP2)
- 99.999% availability
- Ration of 3 IOPS per GB with up to 10,000 IOPS and the ability to burst to 3000 IOPS for short periods for volumes under 1GB
- Provisioned IOPS SSD (I01)
- Designed for high intensive I/O application such as large relational or NoSQL databases, where you need more than 10,000 IOPS
- Magnetic (Standard)
- Lowest cost per GB. Magnetic volumes are for standard workloads where data is not constantly accessed like file servers or AD Servers and can be used in use cases, where low storage cost if a key business requirement
Placement Groups are logical grouping of instances within a single Availability Zone. Placement Groups provide you with low network latency and high network throughput. You must ideally choose instances of the same type that you place in a placement group and ones that support enhanced networking with 10Gbps network performance. Some limitations of placement groups include:
- A placement group can’t span multiple Availability Zones
- The name you specify for a placement group must be unique within your AWS account
- You can’t merge placement groups. Instead, you must terminate the instances in one placement group, and then relaunch those instances into the other placement group
- You can’t move an existing instance into a placement group. You can create an AMI from your existing instance, and then launch a new instance from the AMI into a placement group
- To ensure that network traffic remains within the placement group, members of the placement group must address each other via their private IPv4 addresses or IPv6 addresses (if applicable). If members address each other using their public IPv4 addresses, throughput drops to 5 Gbps or less.
- Network traffic to and from resources outside the placement group is limited to 5 Gbps
180 Practice Exam Questions – Get Prepared for your Exam Day!
Our Exam simulator with 900 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year. Register Today and start preparing for your AWS Certified Solutions Architect – Associate Exam