AWS Series — EC2 Cheat Sheet

AWS Series — EC2 Cheat Sheet

EC2 is like a VM, hosted in AWS instead of your own data center. Select the capacity you need and then Grow and Shrink when it is required. Pay for what you use and it takes only few minutes to provision new instance.

EC2 Instance Pricing Options

On-Demand — Pay by the hour or the second, depending on the type of instance you run. Great for flexibility

Spot — Purchase unused capacity at a discount of up to 90%. Prices fluctuate with supply and demand. Great for applications with flexible start and end times.

Reserved — Reserved capacity for 1 or 3 years. Up to 72% discount on the hourly charge. Great if you have known, fixed requirements.

Dedicated — A physical EC2 server dedicated for your use. Great if you have server-bound licenses to reuse or compliance requirements.

AWS Command Line Interface

Least Privilege — Always give your users the minimum amount of access required to do their job.

User Groups — Create IAM groups and assign your users to groups. Group permissions are assigned using IAM policy documents. Your users will automatically inherit the permissions of the group.

Points to Remember while using AWS CLI —

  1. Secret Access Key — You will only see this once. If you lose it, you can delete the access key ID and secret access key and regenerate them. You will need to run aws configure again
  2. Don’t share the Keys — Each developer should have their own access key ID and secret access key. Just like passwords, they should not be shared.
  3. Supports Linux, Windows and macOS — You can install the CLI on your Mac, Linux or Windows PC. You can also use it on EC2 Instances.

Points to Remember When using Roles —

  1. The Preferred Option — Roles are preferred from security Perspective
  2. Avoid Hard Coding your Credentials —Roles allow you to provide access without the use of access Key IDs and secret access keys.
  3. Policies — Policies control a role’s permissions
  4. Updates — You can update a policy attached to a role and it will take immediate effect.
  5. Attaching and Detaching — You can attach and detach roles to running EC2 instances without having to stop or terminate these instances

Points to Remember for Security Groups —

  1. Changes to security groups will take immediate effect.
  2. You can have any number of EC2 instances within a security group.
  3. You can have multiple security groups attached to EC2 instances
  4. All inbound traffic is blocked by default
  5. All outbound traffic is allowed.

Bootstrap Scripts —

A bootstrap script is a script that runs when the instance first runs. It passes user data to the EC2 instance and can be used to install applications( like web servers and databases), as well as do updates and more.

User Data Vs Metadata

  • User Data are simply the bootstrap scripts
  • Metadata is data about your EC2 instances
  • You can use bootstrap scripts (user data) to access metadata

Networking with EC2 —

ENI

For basic networking. Perhaps you need a separate management network from your production network or a separate logging network, and you need to do this at a low cost. In this scenario, use multiple ENIs for each network

Enhanced Networking

For when you need speeds between 10 Gbps and 100 Gbps. Anywhere you need reliable, high throughput.

EFA

For when you need to accelerate High Performance Computing (HPC) and machine learning applications or if you need to do an OS-bypass.

Placement Groups —

Cluster Placement Groups — Low network latency, high network throughput

Spread Placement Groups — Individual critical EC2 instances on their own dedicated hardware

Partition Placement Groups — Multiple EC2 instances; HDFS, HBase and Cassandra

  • A cluster placement group can’t span multiple Availability zones, whereas a spread placement group and partition plaement group can.
  • Only certain types of instances can be launched in a placement group (compute optimized, GPU, memory optimized, storage optimized)
  • AWS recommends homogeneous instances within cluster placement groups.
  • You can’t merge placement groups
  • You can move an existing instance into a placement group.Before you move the instance, the instance must be in stopped state. You can move or remove an instance using AWS CLI or AWS SDK, but can’t do it via console.

Dedicated Hosts —

An Amazon EC2 Dedicated Host is a physical server with EC2 instance capacity fully dedicated to your use. Dedicated Hosts allow you to user your existing per-socket, per-core or per-VM software licenses, including Windows Server, Microsoft SQL Server, and SUSE Linux Enterprise Server

Points to Remember for Spot Instances —

  • Spot Instances save up to 90% of the cost of On-Demand Instances
  • Useful for any type of computing where you don’t need persistent storage.
  • A Spot Fleet is a collection of Spot Instances and (Optionally) On — Demand Instances.

Deploying vCenter in AWS with VMware Cloud on AWS

Perfect solution for extending your private VMware cloud into AWS public cloud.

AWS Outposts

AWS Outposts is the scenario where you want to extend AWS to your data center.

AWS Outposts rack for large deployments and AWS Outposts servers for smaller deployments.

Shilpa ThotaS
WRITTEN BY

Shilpa Thota

Read more