Accessing the Amazon Elastic Compute Cloud (EC2) Angadh Singh Jerome Braun.
Amazon Elastic Compute Cloud - Computer Science7/12/17 3 Amazon Elastic Compute Cloud l Virtual Fire...
Transcript of Amazon Elastic Compute Cloud - Computer Science7/12/17 3 Amazon Elastic Compute Cloud l Virtual Fire...
-
7/12/17
1
Amazon Elastic Compute Cloud
l Compute - The amount of computational power required to fulfill
your workload
l Instance - Virtual machines - Charged per hour while running - Virtual Hardware - AMI - Software (applications, OS, etc.)
Amazon Elastic Compute Cloud
l Instance Types - Parameters of an instance
l VCPUs (how many cores) l Memory l Storage l Network Performance
- Type, a related set of instance configurations l General Purpose (m) l Compute Optimized (c) l Memory Optimized (r) l Storage Optimized (i) l GPU Compute (g)
- Members, instances in a type vary linearly in ability, as do costs
Amazon Elastic Compute Cloud
l Enhanced Networking - Single Root I/O Virtualization (SR-IOV) - Greater Packets Per Second (PPS) - Lower latency - Less Jitter - Requires Amazon VPC
l Amazon Machine Image (AMI) - OS, with configuration - Initial State of patches - Application and System Software
-
7/12/17
2
Amazon Elastic Compute Cloud
l AMI Sources - Published by AWS
l Maintained by AWS l Standard ISO OS image installs l Unpatched
- AWS Marketplace l Partner driven web store for AMI’s l Bundled software, charged hourly + hourly licensing
- Generated from instance l User created from existing EC2 instance.
- Uploaded Virtual Server l Imported from virtualization formats (VHD, VMDK, OVA) l Customer maintains AWS compliance for licensing
Amazon Elastic Compute Cloud
l Secure Use Of An Instance - Addressing
l Public Domain Name - Automatic, can not be specified
l Public IP - Automatic, can not be specified
l Elastic IP - Reserved independently - Associated with Instance - Persists until released - Shared externally without coupling to a particular instance - Charged when NOT in use on an instance
Amazon Elastic Compute Cloud
l Secure Use (cont) - Initial Access
l Public key cryptography, key pair - Generated via AWS Managment Console, CLI, API or uploaded - AWS stores public key - Customer stores private key
l SSH (Linux) - Use private key to open secure shell, no password required
l RDP (Windows) - Decrypt admin password with key pair - Access via RDP, using user and decrypted password
-
7/12/17
3
Amazon Elastic Compute Cloud
l Virtual Fire Wall – Security Groups - EC2-Classic, outgoing only - VPC, incoming and outgoing - Security groups default is deny access - Multiple sec-groups allowed, effect is aggregated - Applied at instance level, not VPC level - Stateful firewall, outgoing message is remembered
so response is allowed.
Amazon Elastic Compute Cloud
l Instance Lifecycle - Launching
l Bootstrap, code to be run on instance at launch - Apply patches - Enroll in directory service - Install application software - Copy longer script from storage and run - Install configuration management software, e.g. Chef or Puppet
l VM Import/Export - Import your own VM - Export only VMs you’ve imported
Amazon Elastic Compute Cloud
l Instance Lifecycle (cont) - Managing Instances
l Tagging, key/value pairs associated with instance
- Monitoring Instances l CloudWatch
- Modifying l Resizing
- Stop the instance - Change Instance Type - Restart the instance
l Security Group - VPC, change at any time - EC2-Classic, immutable after launch
-
7/12/17
4
Amazon Elastic Compute Cloud
l Options - Pricing
l Charged per hour runninng l On-Demand
- No commitment - Customer controls launch and termination - Least cost effective
l Reserved - Reservations for predictable workloads - Save up to 75% on-demand hourly rate - Term commitment, 1 -3 years - Payment options
l All upfront, best discount, no monthly charge l Partial upfront, remainder monthly charged l No upfront, all monthly charge, least discount
Amazon Elastic Compute Cloud
l Options - Pricing
l Reserved (cont) - Changes
l don’t effect term l Switch Availability Zone in same region l Change VPC and EC2-Classic l Change instance type, within same family (Linux Only)
l Spot Instances - Access based on bidding price for lower demand compute time - Instances acquired and run so long as bid exceeds demand price - Use only on interruption tolerate jobs
Amazon Elastic Compute Cloud
l Tenancy - Shared Tenancy (default)
l Single physical host machine, multiple costumers l Fully isolated, secure
- Dedicated Instances l Single physical host machinie, dedicated to one customer l Other non-dedicated isolated by hardware
- Dedicated Host l Single physical host, fully dedicated to one customer l Useful for licensing l Complete customer control over what host launches
instances
-
7/12/17
5
Amazon Elastic Compute Cloud
l Placement Groups - Logical grouping of instances with single Availiablity
Zone - Enable low latency, 10Gbps networking - Full optimization requires “enhanced networking”
l Instance Stores, the instance root drive. Lost if... - Underlying disk fails - Instance stops (restored on restart) - Instance terminates (lost, irrevocably) - Not for valuable, long term data.
Amazon Elastic Compute Cloud
l Amazon Elastic Block Store (EBS) - Persistent Block Level Storage - Automatically replicated in Availability Zone - High Availability, High Durability - Attached to instances (one instance at a time)
l Types of EBS Volumes - Magnetic, 1GB to 1TB, 100 IOPS average
l Infrequent access l Sequential Reads l Low-Cost
Amazon Elastic Compute Cloud
l Types of EBS Volumes (cont) - General Purpose SSD, 1GB to 16TB
l Baseline IOPS, 3/GB, capped at 10000 IOPS l
-
7/12/17
6
Amazon Elastic Compute Cloud
l EBS-Optimized Instances - Optimzed configuration stack - Best performance on non-magnetic EBS volumes
l Protecting Data - Snapshots
l Point in time l Incremental backup l Created immediately, no downtime on volume l Constrained to region, copy to other region if required l Create Volume from Snapshot, lazy restore
Amazon Elastic Compute Cloud
l Recovering Volumes (EBS) - Detachable from volume in case of failure - Delete On Terminate Flag, double check it - Attach to new instance to access data
l Encryption - AWS Key Management Service - New key, or master created with service - AES-256 - Transparent, minimal impact on performance