Professional Documents
Culture Documents
Day3 C Aws Ec2 Day1 26feb2022
Day3 C Aws Ec2 Day1 26feb2022
Day3 C Aws Ec2 Day1 26feb2022
11th consecutive year - AWS is the leader in the market for IaaS and PaaS workloads
Ec2 - IaaS
Customer - Deploy the OS, patching, backup, monitoring, integration - ITSM (CMDB…etc)
Operating system
https://console.aws.amazon.com/ec2
Amazon Linux 2
Instances = VM's or VS's 400+ instance types avaialble for your workload (busines
Secure and resizable compute capacity
in the market for IaaS and PaaS workloads
Infrastructure - Managed by AWS Virtual Machine, Virtual Servers in the AWS cloud
up, monitoring, integration - ITSM (CMDB…etc) Install the apps, middleware.. Upgrade the OS & Apps
Windows, Linux (Amazon Linux, RHEL, SLES, Ubuntu..etc), MAC OS
x86 and ARM processor
Billed per minute
Only 64-bit OS
AWS Management console - console.aws.amazon.com
Amazon Marketplace
Hardened in accordance with the associated CIS Benchmark that has been developed by consens
Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
Community AMI's
Combination of OS + Apps + Tools / Services + configuration
uce the manual effort of redoing the installation of tools, enabling services and making config changes
An AMI is a template that contains the software configuration (operating system, application server, and applicatio
Gold disk / Golden image - Windows Monthly
HIPAA, ISO, CIS…etc Linux Quarterly Nonprod QA
as been developed by consensus to be the industry best practice for secure configuration.
lication server, and applications) required to launch your instance
Prod
EC2 provides you a comobination of resources (CPU, Memory, Network, Storage…etc)
Optimized instance types
They have varying combinations of CPU, memory, storage, and networking capacity, and give you th
General purpose Balanced CPU, Memory and Storage
Web servers
code repositories
T-
Micro instances are eligible for the AWS free usage tier. For the first 12 months following your AWS
t2.micro Free Tier eligible
750 hours per month of Linux, RHEL, or SLES t2.micro or t3.micro instance dependent on region
750 hours per month of Windows t2.micro or t3.micro instance dependent on region
r5.large to r5.xlarge downtime is required
Current generation is recommended
ing capacity, and give you the flexibility to choose the appropriate mix of resources for your applications
Baseline Burstable
test, POC dev Intel AVX, AVXx, Intel turbo
small db servers Intel broadwell
small app
Intel Skylake
Video streaming Live streaming GPU NVIDIA A100 Tensor Core GPU's
Video Rendering
BitCoin mining..etc
Genomic research
X
months following your AWS sign-up date, you get up to 750 hours of micro instances each month. When your free usage tier expires or if
ce dependent on region
ent on region
e is required
ur free usage tier expires or if your usage exceeds the free tier restrictions, you pay standard, pay-as-you-go service rates.
On Demand Pricing Pay as you go pricing Pay as per usage / consumption model
No long term commitment Short term workloads
Scheduled instances based on the particular workload Particular day, particular time of aday
particular month
time of aday
Hibernation Perform Hibernation (Suspend to the disk) Save the contents from Instance Mem
contents from Instance Memory (RAM) to your Amazon EBS disk / Root Volume
l cost - Enabling the service + storing additional data for the new metrics
ent role to the instance, and more
Placement strategy Affinity
Anti-Affinity
Cluster
Affinity
Same rack
same hardware
Same AZ
Low latency
High perf - Interactions
High network throughput
10 Gbps
Keep the systems that are related together Web/App/DB
Separate the systems that are identical in purpose 2 domain controllers
Partition Spread
Anti-Affinity Span across multiple AZ (DC's)
Different Rack
Different Hardware
Up to 7 Partitions in an AZ (Datacenter)
OS Volume
Always go for latest gen
Min: 1 GiB, Max: 16384 GiB Min: 4 GiB, Max: 16384 GiB
rsistent storage
Software, binaries..executables
SIEM
Rules with source of 0.0.0.0/0 allow all IP addresses to access your instance. We reco
There can be multiple SG attached to the same EC2 instance - Union of rules from different SG
One SG can be attached to muliple EC2 instances
SG are stateful Allowing inbound, automatically allows outbound traffic on the specific port/protoco
net traffic to reach your instance, add rules that allow unrestricted access to the HTTP and HTTPS ports.
n existing one below
o access your instance. We recommend setting security group rules to allow access from known IP addresses only.
For Identification
KEY VALUE Key:Value store
Name xyzindweb001
Department M&S
Environment Prod Dev Test
Business Owner
Application owner
Purpose Web - XYZ
Better identification
Patching write a query Add the systems - Tag for env : Prod; role:web
Monitoring
Backup
Billing
indexing