Continuing with the Guildline Settings series of basic function modules on Amazon Web Service, I would like to introduce Settings EC2 (Elastic Compute Cloud) on AWS
And before going into the specific sections, I will generalize some concepts and definitions of EC2
1. Overview of EC2
1.1 What is EC2
Simple definition: EC2 can be considered as a common computer that we can meet anywhere
Definition of AWS: Amazon Elastic Compute Cloud (Amazon EC2) provides customized virtual desktops on Amazon Web Services (AWS). Amazon EC2 will eliminate the need to invest in hardware first, instead users can embark on faster dev and deploy applications. We can use Amazon EC2 to run the number of virtual servers according to system needs, implement config security and networkin, and manage memory traffic. Amazon EC2 allows users to scale up and down for customization based on application popularity as well as reducing service usage based on system traffic.
1.2 Components of EC2
Basic components of the common computer
Basic components of EC2
- AMIs (Linux or Windows)
- Instance Type (Processing Power)
- EBS (Local Storage)
- IP Addressing (Internet Access)
- Security Groups (Security)
- RAM (Memory)
1.3 Most Popular Purchaseing Options for EC2 Instance
On-Demand: Allows the user to select any instance type and to renew / remove these instances at any time.
- This is the most expensive purchasing option
- But this is also the most flexible purchasing option
- User will only be charged while the instance is running (and prices are calculated by the hour)
- User can perform instance renewal / removal at any time
– Reserved: This is an option that allows the user to pay the instance for a fixed period of time such as one (1) or three (3) years.
- This Purchasing option will save a large amount of money for the user
- Users can choose either prepay, partial or no prepayment
- When a user has purchased a reserved instance, they will own it for a period of time and pay the full fee whether or not they use that instance.
** – Spot: Spot pricing is how the user pays the instance type, and only pays for the instance when the spot price is equal to or lower than the amount paid by the user **
- Option allows Amazon to sell unused instances, for a short period of time
- Spot price is based on the source and requirements of the spot marketplace
- User must pay by minute
- When the user is active the bid amount, the instance will issue a new one to the user based on the spot price that is equal to or lower than the bid amount.
- The newly granted instance will automatically be removed if the spot price is greater than the amount paid by the user.
2. Amazon Machine Image (AMIs)
2.1 What is AMI?
AMI is the preconfig package required to run the EC2 instance including the operating system, software package and other required settings. It is possible to use only one common AMIs for multiple EC2 Instances
AMI can be considered as a template used to deploy EC2 Instance including the following components:
1. Root volume template:
- Operating System (Linax, Windows)
- Application Software (Apache, …)
2. Launch Permissions
3. Block Device Mapping: EBS (Hard drive mapping)
We can build a generic API template (configure and setting) to deploy for many EC2 Instances:
2.2 Selection of AMI
AMI has 3 main categories as follows:
1. Community AMIs:
- Free to use
- For basic AMIs, users only choose OS
- On Community AMIs, the OS often do not have bundled software that users have to install themselves when deploying to EC2
2. AWS Marketplace AMIs:
- There is a fee to use
- There are additional packaged packages, and licenses of the software are available
3. My AMIs:
- AMIs that are created by the user
3. Instance Type
3.1 What is Instance Type?
Understand simply: Instance Type is the CPU of EC2 Instance. When creating an instance, the Instace type the user specifies will be the hardware of the host computer used for the instance of the user. Each instance type offers different compute, memory, and storage offers. The selection of Instance type is based on the requirements of the application or software that is expected to run on Instance
3.2 Components of Instance Type
- This is the method to category the Instance type based on the Instace type optimization
- Subcategory of each Family type
- Number of virtual CPUs that the Instance type uses
4. Memory (GiB)
- The RAM that Instance type uses
5. Instance Storage (GB):
- Local storage of the instance (hard drive)
6. EBS-Optimized Available:
- Indicates whether EBS is an option optimized for Instance Type or not
7. Network Performance:
- Network performance rate is based on data transfer rate
4. Elastic Block Storage (EBS)
4.1 What is Elastic Block Store?
EBS is a storage volume of EC2 Instance (EBS can be considered as a hard drive) Amazone Elastic Block Store provides block level storage volume for EC2 to use. These EBS volumes are highly compatible and rely on storage volumns that can be attached to any running instance in the same Availability Zone.
Before diving any further, we will need to know about IOPS
4.2 So what is IOPS?
IOPS = Input / Output Operations Per Second. Put simply, IOPS is the amount of data that can be written to or received from EBS per second. More IOPS means better EBS volume (faster read and write speeds).
What determines the volume of IOPS? Based on EBS volume size. The larger the storage size (in GiB), the more IOPS the volume will have
4.3 Comparison between Root and Additional EBS Volume:
- All EC2 Instances MUST have a root volume, which may or may not be EBS.
- Default: EBS root volume is set to be deleted when the instance is deleted. However, the user can choose the EBS volume
- During EC2 Instance initialization (or at any time thereafter), user can add EBS volume to the instance.
- By adding EBS volumes, these volumes can be attached and detachable from Instance at any time. And these volumes are NOT deleted (by default) when Instance is deleted
4.4 Config Instance Details and Add Storage
In this setting, for now I will leave the default setting as per AWS Suggest and switch to step Add Storage
- Note that when coming to this Add Storage step, the default already has a Root volume attached to EC2.
- Treat this Root volume as an internal component of EC2. And if the user removes this EC2 Instance, then this Root Volume is also deleted unless we uncheck the ” Delete on Termination ” checkbox. By this action, even when the EC2 Instance is deleted, we still retain the Root. this volume. And this Root Volume will be in the state of not attaching to any EC2 Instance.
4.5 Create Volume
Instead of creating a volume in the Add Storage step, a user can actively create a separate Volume as follows:
During the Create Volume process, we can set:
- Volume Type, Size of Volumn
- Availability Zone: Note if creating Volumn in any Availability Zone, only EC2 Instance in that Availability Zone can attach Volume with EC2 Instance.
- In addition, the user can also perform the creation of volumes based on Snapshot. I will introduce about Snapshop below.
- Unlike the Volume Root, the Volume user created can be swapped to attach and detach between EC2 Instances in the same Avalability Zone.
- A snapshot is considered an image of the EBS volume that can be saved as a backup of the volume or used to create a duplicate volume.
- A snapshot is NOT an active EBS volume , user cannot perform attach or detach a snapshot to EC2 Instance
- To restore a snapshot, we need to create a new EBS Volume using the snapshot as a template
5. Security Groups
5.1 The concept of Security Groups
Security Groups are very similar to NACLs, both allow or deny traffic. However, security groups are used on the instance level (on the opposite side of the subnet Level). Additionally, the allow / deny rule works differently than the NACLs
- NACLs (Network Access Control List) have a numbered rule.
- Security Groups do not assign numbers to the rules.
- NACLs can create re denied rules, but we cannot create DENY rules on Security Groups. That is, if we don’t set any rules on Security Groups, then default Security will deny all connected traffic.
- In the model above, we have access to a module we have not seen before, which is ELB (Elastic Load Balancer). The task of the ELB is to distribute traffic from Internet Gateway to multiple EC2 Instances.
- The ELB is the module that determines whether to transfer traffic to subnet 1 or to EC2 Instance subnet 2. In this model example, it is important to understand that both Instance EC2 subnet 1 and 2 must share the same ALLOW Rule. . If not, then EC2 Instance Subnet 1 allow traffic to connect to but Subnet 2 equivalent block the same connection.
5.2 Inbound / Outbound rules
When creating a new Security Group, all inbound traffic is defaulted as deny, and all outbound traffic will be Allow
One thing to note:
Any traffic that is allowed access to the security group will automatically be allow return back to its source even without the matching Outbound rule.
6. IP Addressing
6.1 Definition of IP Addressing
IP Addressing provides EC2 Instance a public IP Address.
A simple example:
- Treat network traffic like a postal mail.
- The IP address is our home address
- If anyone wants to send mail to our house, they need to know the address to locate and send the mail.
- Without the address, no one can find our home and send mail.
Public and Private IP Address:
1. Private IP Address:
- By default, all first EC2 Instances have a private IP Address
- Private IP Address allows Instances to communicate with each other, as long as they are in the same VPC
2. Public IP Address:
- EC2 Instance can be run with or without a public IP Address, depending on the VPC / subnet settings.
- Public IP Address will be required for Instances that need to connect to the Internet.
Specifically in Step3 when Launch Instance:
Note: Default VPC and subnets are configured so any newly granted instance will have a public IP Address.
3. Setting Instance Details When selecting the default VPC, the default settings of the Subnet and the respective Auto-assign Public IP will be:
- Subnet: No preference
- Auto-assign Public: Use subnet setting (Enable)
However, if you choose a VPC other than the corresponding Integrated Subnet for this VPC, the default setting of Subnet and Auto-assign Public IP will be:
- Subnet: take the corresponding integrated subnet for VPC
- Auto-assign Public IP: Use subnet setting (Disable)
4. How to set EC2 so that EC2 Instance can communicate with the internet
- EC2 must have a Public IP Address.
- Security Group must have a allow rule setting that specifies the type of traffic that can be passed through NACLs (Network Access Control List).
- NACLs must have a allow traffic pass setting from NACLs to reach the Route Table.
- Route Table has a Route connect to the Internet Gateway.
- Internet Gateway needs to be attached to VPC.
- Traffic goes through the Internet Gateway and will connect to the Internet.
- And vice versa, when there is traffic signal from the Internet, it will go in reverse flow to reach EC2 with corresponding settings
The EC2 Instance setting can connect to the internet through many of the steps above, which shows that the security layers of AWS are very tight.
It is imperative that a user has knowledge of all of these parts in order to be able to install and maintain the Cloud Service.
7. Launch and use EC2 Instance
Basic steps to Launch EC2 Instace and connect to an EC2 Instance (Linux / SSH)
Step 3: Configure Instance Detail
Step 5: Add Tag
Step 6: Configure Security Group
Step 7: Review Instance Launch This step we need to create a new key pair with the Name setting option, then AWS will ask us to donwload the Key Pair file to track the key later.
After the steps above, we have successfully completed the EC2 Instance setting. See you in the following articles about the S3 settings.