Amazon Elastic Compute Cloud (Amazon EC2)

  1. Home
  2. Amazon Elastic Compute Cloud (Amazon EC2)

Introduction to AWS Compute Services

Amazon Elastic Compute Cloud (Amazon EC2) was third service introduced by AWS that followed Amazon Simple Queue Service (Amazon SQS) and Amazon Simple Storage Service (Amazon S3). In 2006, Amazon EC2 was launched, as a way to provide on-demand computing. Post the initial introduction, AWS has worked to expand Amazon EC2 and has incorporated a Graphical User Interface (GUI)-based management console, persistent storage in the form of both magnetic drives and Solid State Drives (SSDs), CPUs optimized for different types of compute loads, and enhanced networking capabilities.

AWS has expanded the meaning of compute. AWS compute includes the ability to spin up any number of instances in the cloud on a pay-as-we-go basis, and it also incorporates some of the following services –

  • AWS Lambda
  • AWS Elastic Beanstalk
  • Amazon EC2 Container Service (Amazon ECS)
  • Amazon Lightsail
  • AWS Batch

Amazon Elastic Compute Cloud (Amazon EC2)

The AWS Cloud scalable computing capacity is provided by Amazon EC2. Amazon EC2 eliminates requires to invest in hardware, so that we can develop and deploy applications faster. We launch instances in the AWS Region and Availability Zone that we specify.

Amazon EC2 offers the following features –

  • Virtual computing environments, known as instances
  • Pre-configured templates for instances, known as AMIs, that package the components we need for server (including the operating system and additional software)
  • Various configurations of CPU, memory, storage, and networking capacity for instances, known as instance types
  • Secure login information for instances using key pairs (AWS stores the public key, and store the private key in a secure place.)
  • Storage volumes for temporary data that’s deleted when stop or terminate instance, known as instance store volumes
  • Persistent storage volumes for data using Amazon Elastic Block Store (Amazon EBS), known as Amazon EBS volumes
  • Multiple physical locations for resources, such as instances and Amazon EBS volumes, known as regions and Availability Zones
  • A firewall that enables to specify the protocols, ports, and source IP ranges that can reach instances using security groups
  • Static IPv4 addresses for dynamic cloud computing that can be assigned to an individual instance, known as Elastic IP addresses
  • IPv6 addresses that can also be assigned to instances Virtual networks that can create that are logically isolated from the rest of the AWS Cloud and that can optionally connect to own network, known as Amazon Virtual Private Clouds (Amazon VPCs)

Implementing Amazon Instance

While implementing an Amazon EC2 instance, following steps must be undertaken –

  1. Decide on the AMI that should be used.
  2. Choose the instance type and size that need.
  3. Provide other needed configuration details.

These section goes through each of these steps.

  • Choosing an AMI
  • Choosing an Instance Type
  • Other Configuration Details

With reference to Amazon EBS-backed Amazon EC2 instances, we can stop and start the Amazon EC2 instance. With instance store-backed Amazon EC2 instances, we can only delete the instance. The figure below illustrates the differences between an instance store-backed Amazon EC2 instance and an Amazon EBS-backed Amazon EC2 instance.

Figure below illustrates the differences between an instance store-backed Amazon EC2 instance and an Amazon EBS-backed Amazon EC2 instance.

Amazon EFS provides scalable file storage for use with Amazon EC2. We can create an Amazon EFS file system and configure the instances to mount the file system. Also we can use an Amazon EFS file system as a common data source for workloads and applications running on multiple instances. Since Amazon EFS exists as a separate service, it is priced independently of the Amazon EC2 instance to which it is attached. It is also crucial to note that Amazon EFS can only be used with Linux-based Amazon EC2 instances.

Also tags enable to categorize Amazon EC2 instances in different ways (for instance, by purpose, owner, or environment). This is useful when have many resources of the same type—can quickly identify a specific resource based on the tags have assigned to it. A key and a value is consisted in each of the tag, both of which define.

Amazon EC2 Management

Now the decision to pick an instance store-backed EC2 instance or an Amazon EBS-backed Amazon EC2 instance holds implications with reference to both behavior and performance. The Table below illustrates some of these differences.

Amazon EC2 instances that use instance storage take longer to boot than Amazon EC2 instances that use Amazon EBS. Another impact to boot times is the use of user data when initially booting an instance. Having user data slows the boot process down. Using a fully configured AMI (which can create) speeds up the boot process.

Monitoring the Status of AWS Cloud Services

AWS provides two dashboards that show the status of AWS Cloud services. The first is the AWS Service Health Dashboard. The dashboard displays service health across the entire AWS infrastructure, and can personalize it to track AWS Cloud services.

Monitoring with Amazon CloudWatch

By default, Amazon CloudWatch monitoring is turned on for Amazon EC2 instances. Basic monitoring, which collects metrics every five minutes, is provided by default. We can enable detailed metrics that would collect metrics every minute. Note, Amazon CloudWatch monitors the following metrics for Amazon EC2 –

  • CPU utilization
  • Disk reads
  • Disk writes
  • Network in
  • Network out
  • Instance status check
  • System status check
  • CPU credit usage (T2 instances only)
  • CPU credit balance (T2 instances only)

Now, we can view Amazon CloudWatch metrics based on a particular instance, a particular image, membership in an Auto Scaling group, or as an aggregate. Amazon CloudWatch can be used to trigger an alarm that can stop, terminate, reboot, or recover an Amazon EC2 instance.

Using AWS CloudTrail

AWS CloudTrail can be used to get a history of AWS API calls and related events for account. This includes calls made using the AWS Management Console, AWS Software Development Kits (SDKs), command-line tools, and higher-level AWS Cloud services.

Amazon EC2 Security

Security in the EC2 environment is one of the responsibilies shared by both the end user and AWS. reason being, within this environment, there are specific parts that AWS controls and specific parts that are controlled by the end user. Also physical security and security of the Hypervisor is AWS responsibility. On the other hand, the end user is responsible for securing the operating systems running on their instances as well as the applications running on those operating systems.

Controlling Network Access – AWS offer a number of tools regarding network access: placement of the EC2 instance in an Amazon VPC and security groups to control access on a specific interface. With administrative access, we again can control access with placement of EC2 instances in an Amazon VPC, the use of security groups, and the use of public/private key pairs both to encrypt traffic and control access.

Controlling Administrative Access – AWS offers a number of tools to manage the security of instances. Some of these tools include – IAM, AWS Trusted Advisor, AWS Service Catalog and Amazon Inspector. IAM allows to create policies that control access to APIs and apply those policies to users, groups, and roles.

AWS Trusted Advisor –AWS Trusted Advisor comes as part of AWS Support, looks at things like open ports on security groups and level of access allowed to Amazon EC2 instances, and it makes recommendations to improve the security of AWS infrastructure.

AWS Service Catalog – AWS Service Catlog allows IT administrators to create, manage, and distribute portfolios of approved products to end users who can then access the products they need in a personalized portal.

Amazon Inspector – Amazon inspector is a security vulnerability assessment service helping to improve the security and compliance of AWS resources. Resources for vulnerabilities or deviations are assessed by Amazon Inspector from best practices and then produce a detailed list of security findings prioritized by level of severity.

Menu