Amazon EC2

What is EC2

• Amazon Elastic Compute Cloud
• Deployment of servers
• Amazon EC2 is a web service that provides resizable compute capacity in the cloud.
• Highly scalable & pay-as-you-go model
• EC2 is not a Global service, it is specific to a Region

Amazon Machine Image (AMI)

• An AMI is a template that contains the software configuration (OS, application server, and applications) required to launch your instance
• Select any OS you want
  • Windows 10, Ububtu 16, Mac etc
• Preconfigured AMIs
  • You can select it from AWS marketplace

Amazon EC2 Instance Types

• Instance Types are based on CPU, RAM, Storage, Networking capacity
• General purpose
  • Provide a balance of compute, memory and networking resources
  • Series: T(t2, t3), A(a1), M(m4, m5)
• Compute optimized
  • Provides high performance processors
  • Series: C(c4, c5)
• Memory optimized
  • Memory optimized instances to process large data sets in memory
  • Series: R, X
• Accelerated Computing
  • Used for high performance computing(Machine learning, speech recognition)
  • series: P, G, F
• Storage optimized
  • Used for high sequential read and write access to very large data sets on local storage
  • Series: I, D, H

AWS Nitro System

• AWS own virtualization system
• Traditionally hypervisors is used but now Nitro system is used.
• Its a next generation of EC2 instances that enables AWS to innovate faster, further reduce cost for our customers, and deliver added benefits like increased security and new instance types.

Launch a EC2 Instance

1. Add Name & Tags
2. Select AMI
3. Select Instance Type
4. Select old key-pair or create new
   • Download the key-value pair(name.pem)
   • NOTE: It’s only way to get into the EC2 machine
5. Network Setting
6. Configure storage
7. Advanced detail

Connect to EC2 instance

• Select EC2 > Action > Connect
• Can connect in two ways
  1. EC2 Instance Connect
     • Directly connect from browser
  2. SSH Client
     • Use this name.pem to connect the instance
     • chmod 400 name.pem
       • For macOS or Linux, set the permissions of your private key file.
       • Gives the user read permission, and removes all other permission.
     • sudo ssh -i "name.pem" ubuntu@Public-IPv4-DNS or
     • sudo ssh -i "name.pem" ubuntu@Public-IPv4-address
  • Connected by CLI, ready to start configuration

Update Security Group

• EC2 > Instance > Instance ID > Security > Security groups
• Currently only SSH(port-22) is inbound rules
• Now need to Enable web-trafic to come
  • Inbound rules > Edit inbound rules > Add rule HTTP TCP 80 Anywhere (Can enable for both IPv4 and IPv6)

Configure/Launch an AWS webserver

Create a small webserber(website) to test EC2 connection

1. Enable HTTP 80(shown above)

2. Install webserver

• httpd is used for Amazon Linux machine

# Install httpd

sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd
systemctl status httpd

# httpd restarts after system restarts
systemctl enable httpd

• Use Apache for Ubuntu machine

# Install Apache2
sudo apt update -y
sudo apt install apache2 -y

sudo systemctl status apache2

3. Create html file

cd /var/www/html/

# Get root permision
sudo su

# Add some html
vim index.html

4. Visit

* public_ip
* public_ip:80
* public dns

Delete EC2

• Select EC2 > Instance state > Terminate instance
• Terminate the instance
  • All the volume will be delete
• Status will be updated to ‘terminated’
• In some time instance will be removed

Copy data from remote to local and vice-versa

• Copy from remote to local
  • scp -i "name.pem" [email protected]:~/file1 ~/Downloads/
  • Download file1 from EC2 to local Downloads folder
• Copy from local to remote
  • scp -i "name.pem" ~/Downloads/random.json [email protected]:~/
  • Copy ramdon.json from local to EC2

Stress Testing & Monitoring

• Tools for generating stress
  • Chaos Monkey
  • EPEL repository

Create EC2 instance Alarm

• Select EC2 > Action > Monitor and troubleshoot > Manage CloudWatch alarms
• Can add alarm notification or take action on
  • CPU utilization
  • Status check etc…
• Can install stress package to test above

AWS Cloudwatch Alarm Setup

Enable the EPEL repository

# Installation
sudo amazon-linux-extras install epel -y
sudo yum install stress -y

# Test - Apply stress
stress --help
stress --cpu 7

User data

• When you launch a Windows instance in Amazon EC2, you can pass user data to the instance
• It can be used to perform automated configuration tasks or to run scripts after the instance starts.
• It runs only once as root when the instance is created

#!/bin/bash

yum update -y
yum install httpd -y
systemctl start httpd
systemctl enable httpd

cd /var/www/html

echo "<h1> This is Machine-1</h1>" > index.html

• Visit Public IPv4 address:80

Instance metadata

• Instance metadata is data about your instance that you can use to configure or manage the running instance.
• These are sensetive-data and can only access within the instance itself.

# Retrieve instance metadata
curl http://169.254.169.254/latest/meta-data

curl http://169.254.169.254/latest/meta-data/hostname
curl http://169.254.169.254/latest/meta-data/public-ipv4

Elastic IP

• An Elastic IP address is static, it does not change over time
  • Generally when we restart an instance IP get automatically changed.
• Designed for dynamic cloud computing and is yours until you release it.
• Elastic IP is allocated based on region
• Create Elastic IP

  • EC2 Dashboard > Network & Security > Elastic IPs > Allocate Elastic IP address > Select region > Allocate

• Assing IP to EC2

  • Select Elastic IP > Action > Associate Elastic IP address > Select instance > Slect private ip(not req) > Associate

• Associate and Delete

  • Select Elastic IP > Action > Deassociate Elastic IP address
  • Select Elastic IP > Action > Release Elastic IP address

Elastic IP address pricing

• Small hourly charge if an Elastic IP address is
  • not associated with a running instance,
  • associated with a stopped instance or
  • associated with an unattached network interface.
• No charged if associated running instance.

Network Interface

• An elastic network interface is a logical networking component in a VPC that represents a virtual network card
• Create network interface

  • EC2 Dashboard > Network & Security > Network Interfaces > Create network interface
  • Select subnet –> specific your EC2
  • IPV4 –> Auto-assign

• Flow log
  • Flow logs can capture IP traffic(In and Out traffic) flow information for the network interfaces associated with your resources
  • Will not get this info in Cloudwatch

Create Custom AMI

• Amazon Machine Images (AMIs)
• A custom AMI can bu useful when you need to install a lot of software that isn’t included in the standard AMIs.
• We can create custom AMI and can launch AMI instantly with all the software configuration.
• Create custom AMIs

  • Select EC2 > Action > Image and templates > Create image

• Get the custom AMI and Launch instance

  • EC2 Dashboard > Images > AMIs > Select AMI > Launch instance from AMI
  • Alt --> EC2 Dashboard > Launch Instance > My AMIs > Select AMI > Launch instance

• Create Templates
  • Same a custom AMI as above but it also copies configuration
  • Like users data, security groups, permissions etc
• Delete Custom AMIs

  • EC2 Dashboard > Images > AMIs > Select AMI > Deregister AMI
  • Also delete Snapshot
    • Elastic Block Store > Select > Action Delete Snapshot

Placement groups

• The EC2 service attempts to place the instance in such a way that all of your instances are spread out across underlying hardware to minimize correlated failures.
• You can create a placement group using one of the following placement strategies:
  • Cluster – packs instances close together inside an Availability Zone.
  • Partition – spreads your instances across logical partitions
  • Spread – strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.

• Network & Security > Placement groups

• It can be selected while launching large instance(say c5.2xlarge)

Reference

• Creating-an-instance
• Netflix Chaos Monkey