Day3 C Aws Ec2 Day1 26feb2022

Beginner / Foundations / Fundamentals AWS, Products, services…etc

Install / configure / modify / implement bp, sysops administrator / assocaite

Design / solutions architect
EC2 Elastic Cloud Compute

11th consecutive year - AWS is the leader in the market for IaaS and PaaS workloads

Ec2 - IaaS
Customer - Deploy the OS, patching, backup, monitoring, integration - ITSM (CMDB…etc)
Operating system

Priced per hour

Amazon Linux 2
Instances = VM's or VS's 400+ instance types avaialble for your workload (busines
Secure and resizable compute capacity
Infrastructure - Managed by AWS Virtual Machine, Virtual Servers in the AWS cloud
up, monitoring, integration - ITSM (CMDB…etc) Install the apps, middleware.. Upgrade the OS & Apps
Windows, Linux (Amazon Linux, RHEL, SLES, Ubuntu..etc), MAC OS
x86 and ARM processor
Billed per minute
Only 64-bit OS
AWS Management console -

Amzon Linux 1 - around in Dec 2020

Free tier only -

AWS Nitro (Amzon's proprietary virtualuzation tech) Hypervisor

Xen, KVM, Vmware..etc
Upgrade the OS & Apps
AMI Amazon Machine Image Create instance
Templates, Images Images will help you to reduce the manual effort of redoi
Single deployment, mass deployment
Hardening - Best practices, legal /compliance requirements

Amazon Marketplace
Hardened in accordance with the associated CIS Benchmark that has been developed by consens
Reduce cost, time, and risk by building your AWS solution with CIS AMIs.

My AMI's How to create your own AMI's

Community AMI's
Combination of OS + Apps + Tools / Services + configuration
An AMI is a template that contains the software configuration (operating system, application server, and applicatio
Gold disk / Golden image - Windows Monthly
HIPAA, ISO, CIS…etc Linux Quarterly Nonprod QA

as been developed by consensus to be the industry best practice for secure configuration.
lication server, and applications) required to launch your instance

EC2 provides you a comobination of resources (CPU, Memory, Network, Storage…etc)
Optimized instance types
They have varying combinations of CPU, memory, storage, and networking capacity, and give you th
General purpose Balanced CPU, Memory and Storage
Web servers
code repositories

Compute optimized © starts with c Application servers, small gaming servers

CPU ratio is higher Mid size web servers
Batch jobs, processing
network appliances
Memory optimized ® RAM Relational DB servers
Memory ratio is higher starts with r SAP HANA, Netweaver, Hekaton
r3 (3 - Technology / Vesion)
.large, .2x, .4x - T-shirt size r3.large
Storage (iops) starts with i metrics - iops
starts with d - disk / dense storage Bigdata
Data warehousing

Graphics optimized starts with g Visualization

3D application requirements
ML workoads
Accelerated computing Weather patterns, chemical labs
APACHE Spark, MPI Applications

F - FPGA (Field Programmable Gate ArraHardware acceleration

Micro instances are eligible for the AWS free usage tier. For the first 12 months following your AWS
t2.micro Free Tier eligible
750 hours per month of Linux, RHEL, or SLES t2.micro or t3.micro instance dependent on region

750 hours per month of Windows t2.micro or t3.micro instance dependent on region
r5.large to r5.xlarge downtime is required
Current generation is recommended
ing capacity, and give you the flexibility to choose the appropriate mix of resources for your applications
Baseline Burstable
test, POC dev Intel AVX, AVXx, Intel turbo
small db servers Intel broadwell
small app

Intel Skylake


X Intel broadwell
IN Memory analytics, caching…etc

latency R/W 2x NVMe SSD -

Redis Caching EFA Elastic Fiber Adapter

Video streaming Live streaming GPU NVIDIA A100 Tensor Core GPU's
Video Rendering
BitCoin mining..etc
Genomic research

months following your AWS sign-up date, you get up to 750 hours of micro instances each month. When your free usage tier expires or if
your usage exceeds the free tier restrictions, you pay standard, pay-as-you-go service rates.
On Demand Pricing Pay as you go pricing Pay as per usage / consumption model
No long term commitment Short term workloads

Long term workloads

Compute Savings plan

Savings Plan
EC2 Savings plan
offering savings up to 72%
Reserved Instances Standard RI
Commitment Convertible RI Flexibility

Scheduled instances based on the particular workload Particular day, particular time of aday
particular month

Spot instances unused capacity free capacity

Bidding option
NO SLA, No Commitment, NO contract
Testing, POC…
Tenancy Tenants - You can choose to run your instances on physical servers fully dedicated for your use. The u
Dedicated Host (Hardware) Legal / compliancy requirements
Licensing requirements
Physical server hardware is dedicated
Shared instances

Dedicated instance Dedicated VM's VPC on a haridware - Dedicated

They are physical isolated ; phys
99.99 SLA EDP

Capacity reservations
1 year 3 year term Tied to commitment
Upfront investment Monthly / yearly costs Tied to a region
Payment option - All Upfront, Partial upfront, monthly
1 year term 3 year term Early deletion / termination charges
Pro-rata charges

free capacity 6 web server 4 web servers

Market price - Fair value 0.5$ to 0.8$ 2 web servers in spot
Supply / Demand / Fluctuation
Spot instance runs as long as capacity is available and your maximum prrice is higher than the spot price (AWS Market price)
ully dedicated for your use. The use of host tenancy will request to launch instances onto Dedicated hosts
Business apps Pay for a physical host - dedicated fully to a customer for runnign their own multiple EC2 instance
You have visibility over physical host usage
VPC on a haridware - Dedicated to a single customer

They are physical isolated ; physical host hardware…
Capacity reservations

Configure the instance to suit your requirements. You can launch multiple instances from the same AMI, request Sp
Number of instances

Request spot option Bidding option

Default network - VPC, Subnet , Public IP

create hostname Dynamic A (DNS Record) record

Stop instance Reduce compute costs

Shutdown behavior
Terminate instance delete instance

Domain join directory Join to AD domain AD directory

IAM role Service account / Managed identity

Hibernation Perform Hibernation (Suspend to the disk) Save the contents from Instance Mem

Avoid accidential deletion Protect against accidental termination

Monitoring Cloudwatch Basic Free of Cost

Detailed Additional cost - Enabling the service +

Tenancy Dedicated host

Dedicated instance
Shared instance
om the same AMI, request Spot instances to take advantage of the lower pricing, assign an access management role to the instance, and more

contents from Instance Memory (RAM) to your Amazon EBS disk / Root Volume

Additional cost - Enabling the service + storing additional data for the new metrics
ent role to the instance, and more
Placement strategy Affinity

Same rack
same hardware
Same AZ
Low latency
High perf - Interactions
High network throughput

Tightly coupled apps

3 Tier apps - Web/App/DB

10 Gbps
Keep the systems that are related together Web/App/DB
Separate the systems that are identical in purpose 2 domain controllers

Partition Spread
Anti-Affinity Span across multiple AZ (DC's)
Different Rack
Different Hardware

Up to 7 Partitions in an AZ (Datacenter)

Not supported for dedicated hosts

Not supported for dedicated Instances
3 Web servers
Availabilty set
Operating system

EC2 Elastic Block Store (EBS) Permanent / Persistent storage

Instance Store Temporary store

SSD - Solid state drive - Flash drive

General Purpose Provisioned IOPS
Web servers Business critical
code repositories
test, POC Video rendering
small db servers Memory instensive
small app

OS Volume
Always go for latest gen

Latest generations are cheaper

and perform well

Min: 1 GiB, Max: 16384 GiB Min: 4 GiB, Max: 16384 GiB

25% cheaper than GP2

Delete on Termination By default Linux
Your instance will be launched with the following storage device settings. You can attach additional EBS volumes and instance
Instance OS, Page file (Virtual Memory)

Software, binaries..executables

ive Hard disk drive - Magnetic drive -

Provisioned IOPS Throuput Optimized Cold Storage
Mission critical
Frequently accessed Archived data
Live streaming Long term retention
Cassandra, Vertica, Hbase..etc Data warehousing Auditing data
Apache spark, Hadoop Cluters Bigdata historical data
MYSQL, MS SQL Audit log - SIEM
Oracle Event hub Rarely used data
SAP HANA… Infrequently used data
125 GiB to 16 TiB

Provisioned IOPS SSD (io2)

volumes with a size greater than
16 TiB, IOPS greater than 64,000,
or IOPS:GiB ratio greater than
500:1 are supported with R5b
instances only.
Min: 125 GiB, Max:
Min: 125 GiB, Max: 16384 GiB. The value
Min: 4 GiB, Max: 65536 GiB 16384 GiB must be an integer.
Min - 8 GiB
Min - 30 GiB
You can attach additional EBS volumes and instance store volumes to your instance, or edit the settings of the root volume. You can also a
Temp files


- Magnetic drive - Decimal Binary

Less critical workloads 1000 KB 1024 KiBi
Backup 1000 sq MB 1024 sq MeBi

Min: 1 GiB, Max: 1024 GiB.

the root volume. You can also attach additional EBS volumes after launching an instance, but not instance store volumes.
A security group is a set of firewall rules that control the traffic for your instance.
On this page, you can add rules to allow specific traffic to reach your instance.
For example, if you want to set up a web server and allow Internet traffic to reach your instance
You can create a new security group or select from an existing one below

Security Group Virtual Firewall Instance Level First Line of Defense

Operating system Windows Firewall

Linux IPTables

Rules with source of allow all IP addresses to access your instance. We reco

There can be multiple SG attached to the same EC2 instance - Union of rules from different SG
One SG can be attached to muliple EC2 instances

SG are stateful Allowing inbound, automatically allows outbound traffic on the specific port/protoco
net traffic to reach your instance, add rules that allow unrestricted access to the HTTP and HTTPS ports.
Rule - Inbound /Outbound Specific port

Security Rules Access from a specific range of IP - Jump server on RDP; Client Range of IP - Web si

Any rule you create or edit will have immediate effect

Allow traffic using SG There is no DENy By default, all traffic is denied

Permissive rules

We recommend setting security group rules to allow access from known IP addresses only.

DP; Client Range of IP - Web sites
A tag consists of a case-sensitive key-value pair. For example, you could define a tag with key = Name and value = Webserver.
A copy of a tag can be applied to volumes, instances or both.
Tags will be applied to all instances and volumes. Learn more about tagging your Amazon EC2 resources.

For Identification
KEY VALUE Key:Value store
Name xyzindweb001
Department M&S
Environment Prod Dev Test
Business Owner
Application owner
Purpose Web - XYZ

50 Tags per resource

Tag - Instances, Volumes & Network interfaces

Better Goverannce
Better Categorization
Better Administration

Better identification

Patching write a query Add the systems - Tag for env : Prod; role:web

