WHAT IS EC2 INSTANCE

Elastic Cloud Compute or EC2 instance or simply EC2 is an AWS Service that provides secure and resizable compute capacity in the cloud. It is a device (powerful computer) designed to make web-scale cloud computing easier for developers. You can create an EC2 instance through AWS console, command-line interface or the AWS SDK with the least amount of friction. By default EC2 instance is created with a root user, and also a default sudo privileged user giving you total control of you compute infrastructure. That means you have the capacity to increase the size, stop, restart, reboot, or terminate your instance.

The AWS EC2 server is not only cloud base as you can also provision your your server on shared or dedicated hosts which are physical servers. And if you prefer the traditional on-prem resources, the AWS EC2 instance can be one of the components of the AWS Outposts There is also a 20 EC2 instances soft limit per newly created account, however, you can submit a request to AWS to increase it.

The AWS EC2 instance is capable of allowing traffic into and out of it. An EC2 is accessible when deployed in a public subnet where it has a public IP address attached to it. However, it may not be open to all internet connections when deployed in a private subnets.

Moreso, EC2 uses two types of IP address to facilitate communication. The public IP address that receives request from public internet, and the Private IP address used to communicate between EC2 instance.

Let’s move on to learn about some of the features of this service. I recommend you bookmark this post especially if you are preparing for any AWS Associate program.

PROS

Elastic Web-Scale Computing: The EC2 instance enables you to increase or decrease you compute capacity based on your work load. You can increase or decrease your resources within minutes. AutoScaling group can maintain a number of compute availability per time, and also automatically increase or reduce the number of running instances based on your workload.

Flexible Cloud Hosting Services: The AWS EC2 instance gives you the choice of Operating System, instance class, and software packages just to meet your use cases. In addition, you can select you preferred memory capacity, CPU, and boot partition.

Highly Secure: The EC2 enjoys the security that comes with the AWS datacenter infrastructure. Be rest assured that you instance is protected from effect of natural disasters in addition to the regular backup of the regular backups of the AWS facilities. Also, there is an immunity the instance enjoys from the security configured at the VPC level. There is also the firewall rules that can be configured to deny or allow traffic through ports in the instance.

Easy Integration With Most AWS Solutions: If there is one singular reason you should be using the EC2 instance, this will be it. The isntance is more like a key that opens the door to use the other AWS services. It integrates seemlessly with the many AWS popular services including the AWS RDS, VPC, Kinesis, SageMaker, and especially the S3.

The EC2 is Very Reliable: In addition to the security it provides, the AWS EC2 boost of a 99.99% availability.

cons

Can Be Expensive: This can be the case if you choose the wrong type of instance pricing for your application. However, the Spot instance pricing is the cheapest pricing and it supports low priority workload.

Performance Can Vary: Placing your instance in the region not closer to your customers can be a big problems to how your instance perform especially the latency. Therefore, it is advisable to always deploy the instance to the nearest region to your customers.

Now, let’s discuss some of the properties of the AWS EC2 instance. Some of what you will learn includes:

Instance family
EC2 billing
Root/Boot volume
The AWS EBS
Amazon Machine Image
Networking and Elastic Network Interface
Placement groups
Status checks
Monitoring
Stopping and Terminating instance
Meta data and User data
Bastion host
Purchase Options
Secondary IP address
Elastic IP address

Let’s us delve into each of the above topic for AWS EC2.

EC2 INSTANCE FAMILY

These are the types of EC2 instance that AWS provides to fit into each individual used cases which help to improve the performance of your application. Also, you have the flexibility of combining CPU, memory, storage, and networking capacity such that suites your application performance.

General Purpose
– Balanced memory and CPU
– Suitable for most applications
– Ex. M3, M4, T2

Compute Optimized
– More CPU than memory
– Compute & HPC intensive use
– Ex. C2, C4

Memory Optimized
– More RAM/memory
– Memory intensive apps, DB, and caching
– Ex. R3, R4

GPU compute instances
– Graphics Optimized
– High performance and parallel computing
– Ex. G2

Storage Optimized
– Very high, low latency, I/O
– I/O intensive apps, data warehousing, Hadoop
– Ex. I2, D2

High Performance Compute (PHC) Optimized
– Good for high performance workloads at scale on AWS
– Up to 3.5 GHz all-core turbo frequency.

how is EC2 billed?

Like we discussed earlier, AWS uses the per hour or per second pricing for its instances. And that depends on which Instance you launch and which AMI (OS or Image) you use. Be aware that a reboot of an EC2 instance is considered as the instance is still running. However, a terminated or stopped instance does not incur any bill. In addition, AWS charges you for data transfer in and out of EC2 instance outside of the AWS region.

EC2– Root/Boot Volume

AWS EC2 instance root/boot volumes is the device that is provisioned when an AWS instance is launched. That is what boots the instance. The boot volume can be an AWS EBS or Instance Store volumes. Therefore, an EC2 is said to be EBS backed volume if it is uses the EBS storage as its root volume, and it is Instance-Store Backed if it uses the instance-store as its root volume. AWS recommend to use the EBS as root volume because it boots faster and are persistence.

Elastic Block Storage (ebs) TYPES

The EBS is a persistent storage and serves as the hard drive of the EC2 instance. Persistent storage means whatever data is stored on the EBS is independent of the state of the EC2 instance. Therefore, if an instance is terminated, the EBS can be configure to still exists and be attached to another instance. You can mount or unmount EBS as devices on your instances. In addition, you can use the storage to take snapshots of your instance and restore in the same region or in a different region. More interestingly, you can resize an already launched EBS storage.

The EBS like the EC2 also have different types that can be selected to meet your used cases. Meet the EBS types:

General Purpose (gp2)
– SSD-Backed (Solid State Drives)
– Are better for transactional workloads and Dev/Test environments where performance is highly dependent on IOPS
– Use cases include, System boot volumes, Virtual desktops, Low-latency interactive apps, and Development and test environments

Provisioned IOPS (io1)
– SSD-backed
– Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads (Critical business application or Production DBs)
– Provides sustainable IOPS performance & Low latency
– Max IOPS/Volume , 64,000 IOPS

Throughput Optimized HDD (not SSD) (st1)
– Ideal for streaming, big data, log processing, and data warehousing
– Can NOT be used as a boot volume
– Use for frequently accessed, throughput intensive workloads

• Cold HDD (sc1)
– Ideal for less frequently accessed workloads
– Throughput-oriented storage for large volumes of data that is infrequently accessed
– Scenarios where the lowest storage cost is important
– Cannot be a boot volume

EC2 EBS OPTIMIZED INSTANCES

EBS optimized EC2 instances enable the full use of an EBS volume’s provisioned IOPS, and they deliver dedicated performance between EC2 instances and their attached EBS volumes. They are designed to work with all EBS volume types to give a high performance  with options between 500 Megabits per second (Mbps) and 80 Gigabits per second (Gbps).

amazon machine image

An Amazon Machine Image (AMI) is a master image for the creation of virtual servers i.e EC2 instances in the Amazon Web Services (AWS) environment. The machine images are like templates that are configured with an operating system and other software, which determine the user’s operating environment.

EC2 ENHANCED NETWORKING

The EC2 enhanced networking can be enabled on EBS-backed or Instance Store-backed instances at no extra cost. So, you can takes advantage of SR-I/OV on supported EC2 Instance types to provide for a higher inter-instance PPS rates & Low latency. Also, it can function across Multi-AZ.

To use enhanced networking, the EC2 Instance needs to:
– Support SR-I/OV
– Should be created from HVM(Hardware Virtual Machine) AMI
– Be launched in a VPC

EC2 PLACEMENT GROUP TYPES

This service allow you to select how your EC2 instance is spread across AWS physical infrastructure. You can choose to place them on the same rack, or on different racks to minimize the effect of a failure. Each instance can be independent of the other using placement groups. So, you can create a maximum of 500 placement groups per account in each Region. Also, the names you used must be unique across AWS account for the region.

The following are strategies that can be used to deployed your EC2 in a placement group.

Cluster Placement groups
– Clustering of EC2 instances in a single availability zone
– EC2 instances in the cluster can use the full 10Gbps speeds, and 100Gbps aggregate speed without any oversubscription
– Use for application that require low latency and/or high throughput and low latency between nodes
– It can be used with SR-I/OV (Single Root I/O Virtualization) based enhanced networking instances for placement groups

• It can also be created across a VPC peering connections

Partition Placement Groups:
– AWS tries to launch your group instances into different logical entities called partitions
– Partition is launched in a separate rack to minimize the impact of a failure
– You can also have it in a single or multiple availability zones in the same region
– Maximum of 7 partitions per AZ
– Ideal for Hbase, HDFS, and Cassandra
– You get visibility into which Instances are in which partitions
– If the request fails because of insufficient capacity, try again later

Spread Placement Groups:
– Launched each instance in the group in a different rack.
– Can be in a single or multiple Availability zones in the same region
– Maximum of 7 running instances per AZ per group
– If the request fails because of insufficient capacity, try again later

EC2 STATUS CHECKS

By default, AWS EC2 service performs automated status checks each minute. This is done on every running EC2 instance to identify any hardware or software issues. Each status check returns either a pass or a fail status. If one or more status checks return a “fail”, the overall EC2 instance status is changed to “impaired”. In addition, you can configure CloudWatch to initiate Reboot or Recovery actions on impaired EC2 instance.

Once EC2 instance(s) status changes to impaired because of a Host Hardware or Software problem, AWS will schedule a stop/start for the EBS backed Instances to relocate them to a different host. This can also be done manually. The AWS EC2 Service Status checks are very important for Auto Scaling Groups too, to determine EC2 Instance status

EC2 MONITORING

EC2 service can send its metric data to AWS Cloudwatch every 5 minutes. This is enabled by default. The Basic monitoring is free of charge. However, you can choose to enable detailed monitoring while launching the instance (or later). This way, the EC2 service will send its metric data to AWS Cloudwatch every 1 minute. The Detail monitoring is a billable service.

In addition, you can set CloudWatch alarm actions on EC2 instance(s) to Stop, Restart, Terminate, or Recover your EC2 instance. The Stop or Terminate actions can save cost, however, you may loss your data if they are not backup on a persistent storage like EBS. In another case, you can use the reboot and recover to move your EC2 instance to another host

EC2 INSTANCE STOPPING AN EC2 INSTANCE

When you stop an EC2 instance, any data in any Instance-store volumes is lost. Even though the instance can be re-started, any stored or cached data will be gone. So, to avoid this kind of incident from happening, it is recommended to use a EBS backed instance.

For an EBS backed EC2 instance, the storage remains attached to the instance, however, the data in it is not wiped away, while you also choose to reattach it to another instance.

Except explicitly stated during the configuration, AWS will only shutdown and not Terminate an instance. Therefore, to Terminate an instance, you must select the Terminate Instance under the Shutdown Behaviour settings while creating the instance.

An EC2 Instance retains its private IPv4 address, and any IPv6 address when stopped. However, it losses the IP address when it is terminated where the public IPv4 address is released back to AWS pool. Only EC2 with Elastic IP address attached to it retains its public IP address after it is terminated.

It is important to know that you will start to be charged for un-used Elastic IP. Therefore, always release an unused EIP address.

EC2 INSTANCE TERMINATION

By default, EBS root device volumes (created automatically when the instance is launched) are deleted automatically when the EC2 instance is terminated. And any additional (non boot/root) volumes attached to the instance (those you attach to the instance during launch or later), by default, persist after the instance is terminated. Also, you can modify both behaviors by modifying the “DeleteOnTermination” attribute of any EBS volume during instance launch or while running.

EC2 INSTANCE TERMINATION PROTECTION

This is a feature you can enable such that an EC2 instance is protected against accidental termination through API, Console, or CLI. Enable it for Instance-store backed or EBS-Backed Instances. Also, CloudWatch can ONLY automatically terminate EC2 instances if they do not have the termination protection enabled.

EC2 INSTANCE META DATA

The instance meta data is instance data that you can use to configure or manage the instance. Examples includes IPv4 address, IPv6 address, DNS Hostnames, AMI-ID, Instance-ID, Instance-Type, Local-hostname, Public Keys, Security groups and so on. It contains the important information of the EC2 instance deployed. An instance Meta data can be only viewed from within the instance itself either from the AWS Console, or using the AWS CLI.

Also, meta data is not protected by encryption (cryptography), therefore anyone that has access to the instance can view this data.

To view an EC2 Instance Meta Data (from the EC2 instance console): You can use the API
GET http://169.254.169.254/latest/meta-data/
OR
Curl http://169.254.169.254/latest/meta-data/
You can also view a specific metadata parameter. For example to view local hostname
GET http://169.254.169.254/latest/meta-data/host-name/

EC2 INSTANCE USER DATA

AWS EC2 Instance user data is data supplied by the user at instance launch in the form of a script to be executed during the instance boot. Atimes when you want to configure an application in the server at runtime, or you will will want to install, or start a service after the instance is launch without SSHing into the instance, you can use the user data feature.
AWS provides a small box where you can input these data or scripts before launching your instance.
Some important facts about user data includes:
– User data is limited to 16KB
– User data can only be viewed from within the instance itself (logon to it)
– You can change user data. However, to do so, you need to stop the instance first.
Instance -> actions -> Instance-settings -> View/Change user data
– User data is not protected by encryption, therefore, do not include passwords
or sensitive data in your user data (scripts).
– You are not charged for requests to read user data or metadata, so, feel free to use them.

EC2 IAM ROLES

In General, for an AWS services to have permission to read or write to another service, an IAM role is required to be attached to the first AWS Service with rights/permissions on the second AWS service.

Drawing on that, for an EC2 instance to have access to other AWS services (example S3) you need to configure an IAM Role, which will have an IAM policy attached, under the EC2 instance. Applications on the EC2 instance will get this role permission from the EC2 instance metadata. You can also add an IAM to an EC2 instance during or after it is launched. I made a comprehensive walk through on how to configure an IAM role here.

EC2 INSTANCE BASTION HOSTS FOR LINUX, REMOTE DESKTOP FOR WINDOWS

For inbound, secure, connectivity to your VPC to manage and administer public and/or private EC2 instances, you can use a bastion host (or a jump box/stone).
The Bastion host is an EC2 instance, whose interfaces will have a security group allowing inbound SSH access for Linux EC2 instances or inbound RDP access for windows instances. A Bastion hosts can have auto-assigned public IP addresses or Elastic IP addresses. Althoug, Elastic IPs are better for security reasons and to fix the IP address. Also using Security groups you can further limit which IP CIDRs can access the Bastion Host which further increases the security of the host. Once logged to the Bastion host, you can connect via RDP (Windows) or SSH (Linux) to the EC2 instance(s) you desire to managed instance.

EC2 INSTANCE PURCHASE OPTIONS

Reserved Instances – It requires a 1 or 3 years commitments, with a high savings, which can be zonal (per AZ) or Regional scoped.

Scheduled instances – It requires an upfront purchase instance capacity for a recurring schedule.

Spot Instances – This option request AWS unused EC2 instances. So far, it has the highest savings on cost. However, the availability is not guaranteed when you need it. And also, the instance can be shutdown and reassigned to another customer. This could cause downtime for you application. So, this option is not suitable for high priority application.

Dedicated hosts – This options requires you pay for a fully dedicated physical host.

On-Demand – Pay by the seconds for instances that you launch. This has been the go to for most customers as it is suitable for many application used cases. And when down right can give an exceptional value for a little lower bill.

Dedicated Instances – This should not be mistaken for the Dedicated host mentioned earlier. In this option, you pay by the hour for instances that run on single-tenant hardware.

Savings plans – This option allow you to pay for 1 or 3 years usage commitment for a consistent amount of usage, in USD per hour.

EC2 SPOT INSTANCE USE CASES

The AWS EC2 spot is recommended if you are flexible regarding the time you want to run your applications. Use if your applications can be interrupted just in case AWS terminates the instances.
It is especially suitable for
– Data analysis
– Batch jobs
– Background processing
– Optional tasks

EC2 STRATEGIES FOR USING SPOT INSTANCES

Since Spot Instances’ availability is not guaranteed, it is recommended to it to augment your reserved and on-demand compute capacity. Also, the I/O optimized I series Instance(s) are not available as a spot instance, so it cannot be used for application that requires high input and output.
Lastly, always use RIs and On-demand to guarantee the minimum level of compute while you add spot to add compute capacity and save costs.

ELASTIC NETWORK INTERFACES (ENI)

AWS Elastic Network Interface (ENI) is a logical networking component in a VPC that represents a virtual network card. It carries the primary network (IP address) of the instance usually referred to as Eth0 in the server. It is important to state that you can’t move/detach the primary (eth0) interface from an instance. And by default, Eth0 is the only ENI created with an EC2 instance when launched. However, you can add more interfaces to your AWS EC2 instance. The number of additional interfaces is determined by the instance family/type. Moreso, an ENI is bound to an Availability Zone. And you can specify which subnet/AZ you want the additional ENI be added in. To attach a network interface (ENI) in a subnet to EC2 instance in another subnet, they both “MUST” be in the same AWS Region and same AZ.

ELASTIC NETWORK INTERFACES ATTRIBUTES

Each Elastic Network Interface can have:
– A description
– One Primary IPv4 addresses
– One or more secondary IPv4 addresses. Although the Secondary IPv4 addresses can be re-assigned to another instance incase of failures if you allow it.
– One Elastic IP address corresponding to each IPv4 address (via NAT).
– One Public IPv4 address which is automatically assigned.
– One of more IPv6 addresses.
– Up to 5 Security groups.
– A MAC address.
– A source/destination check flag.

SECONDARY IP ADDRESSES

You can configure secondary IPv4 addresses to your EC2 instance’s Interfaces and ENIs. It can be useful to assign multiple IP addresses to an EC2 instance in your VPC to do the following:
– Hosting multiple websites on a single server (multiple SSL certificates each associated with one IP address).
– Security and network appliances use in your VPC.
– Redirecting internal traffic to a standby EC2 instance in case your primary EC2 instance fails. This can be achieved by moving (reassigning) the secondary IPv4 address from the failed instance to the standby one.

Elastic IP (eip) Address

An Elastic IP address is a dynamic IPv4 address that can be assigned to your instance.  By using an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account. You can request for an EIP from AWS, and although, AWS does not charge for an EIP address that is atached, you will be billed for an EIP that is not attached to a running instance and not released. Read more on EIP billing here.

let’s bring it all home

In this post, we have covered some core of the EC2 instance. Once again, I recommend you bookmark this page and redigest all the information especially if you are preparing for any of the AWS Associate certifications.

One hack to digest the information above faster is to lauch an instance, therefore, check out the post on how to deploy and connect into EC2 instance.