Docs > AWS Certified SAA > EC2

EC2

EC2 Instances
- Security Groups
EBS Volumes
- 5 Types of EBS Storage
AMI’s
CloudWatch
AWS CLI
IAM Roles
Instance Metadata
EFS (Elastic File System)
FAQ Notes

Amazon EC2 is a web service that provides resizable compute capacity in the cloud. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.

EC2 Pricing Models

On Demand
Allows you to pay a fixed rate by the hour with no commitment.
no up-front payment required
applications with short term, spiky or unpredictable workloads that cannot be interrupted
applications being developed or tested on Amazon EC2 for the first time
Reserved
Provides you with a capacity reservation and offer a significant discount on the hourly charge for an instance. Contract Terms are 1 Year or 3 Year Terms.
- applications with steady state or predictable usage
- applications that require reserved capacity
- users able to make upfront payments to reduce their total computing costs even further
- Types of Reserved Pricing
  - Standard Reserved Instances
    Up to 75% off on-demand instances. The more you pay up front and the longer the contract, the great the discount.
  - Convertible Reserved Instances
    These offer up to 54% off on demand capability to change the attributes of the Reserved Instance as long as the exchange results in the creation of Reserved Instances of equal or greater value.
  - Scheduled Reserved Instances
Spot
Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times.
- Applications that have flexible start and end times
- Applications that are only feasible at very low compute prices
- Users with urgent computing needs for large amounts of additional capacity
- If the Spot instance is terminated by EC2 you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for any hour in which instance ran.
Dedicated Hosts Pricing
- Regulatory requirements that may not support multi-tenant virtualization
- Great for licensing which does not support multi-tenancy or cloud deployments
- Can be purchased On-Demand (hourly.)

EC2 Instance Types

F1 - FPGA, Field Programmable Gate Array
I3 - IOPS, High Speed Storage
G3 - Graphics, Graphics Intensive
H1 - High Disk Throughput
T3 - Cheap general purpose (think T2 Micro)
D2 - Density, Dense Storage
R5 - RAM, Memory Optimized
M5 - Main choice for general purpose apps
C5 - Compute, Compute optimized
P3 - Graphics (think Pics), Graphics / General Purpose GPU
X1 - Extreme Memory, Memory Optimized
Z1D - Extreme Memory and CPU, High compute capacity and a high memory footprint
A1 - Arm-based workloads
U-6tb1 - Bare Metal

EC2 Instances

Termination protection is turned off by default
On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated
EBS Root Volumes of the default AMI’s cannot be encrypted. You can only use a third-party tool to encrypt the root volume.
Additional volumes can be encrypted upon launching an instance.

Security Groups

All Inbound traffic is blocked by default
All Outbound traffic is allowed
If you add / remove a security group to EC2 instance or modify the rules in security group, this change will take place immediately.
You can have any number of EC2 instances within a security group
You can have multiple security groups attached to EC2 Instances
Security Groups are STATEFUL
If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again
You cannot block specific IP addresses using Security Groups, instead, use Network Access Control Lists
You can specifically allow rules, but not deny rules.
Status Checks
- System Status Checks
- Instance Status Checks
Detailed Monitoring

EBS Volumes

5 Types of EBS Storage

General Purpose (SSD)
- API Name: gp2
- Up to 16000 IOPS
- Applications: Most Workloads
- Storage: 1GB - 16TB
Provisioned IOPS (SSD)
- API Name: io1
- Up to 64000 IOPS
- Highest performance SSD volume designed for mission-critical applications
- Applications: Databases
- Storage: 4GB-16TB
Throughput Optimized (HDD)
- API Name: st1
- Up to 500 IOPS
- Low-cost HDD volume for frequently accessed throughput intensive workloads
- Applications: Big Data & Data Warehouses
- Storage: 500GB - 16TB
Cold Hard Disk Drive (HDD)
- API Name: sc1
- Up to 250 IOPS
- Lowest cost HDD volume designed for less frequently accessed workloads
- Applications: File Servers
- Storage: 500GB - 16TB
Magnetic (HDD)
- API Name: Standard
- 40-200 IOPS
- Previous generation HDD
- Applications: Workloads where data is infrequently accessed
- Storage: 1GB - 1TB
By default, upon EC2 instance termination:
- root EBS volume will be automatically terminated
- additional volumes attached to the instance will continue to persist
SSD is good for random access, HDD is better for sequential access
EBS Encryption
- Root device cannot be encrypted on the first launch
  - To encrypt the root volume:
    - Launch the instance with the root volume
    - Create a snapshot of unencrypted root device volume
    - Create a copy of the Snapshot and select the encrypt option
    - Create an AMI from the encrypted Snapshot
    - Use AMI to launch new encrypted instances
      (only specific instance types will be supported)
- Secondary volumes can be encrypted
- Snapshots of encrypted volumes are encrypted automatically
- Volume restored from encrypted snapshots are encrypted automatically
- You can share snapshots, but only if they are unencrypted
- These snapshots can be shared with other AWS accounts or made public
Volumes exist on EBS
Snapshots exist on S3
Snapshots are a point in time copies of Volumes
Snapshots are incremental - this means that only the locks that have changed since your last snapshot are moved to S3
If you take snapshot for the first time it may take some time
You can take a snapshot while instance is running, however it’s better to stop the instance when taking snapshot from the root Volume to assure consistency
You can create AMI’s from both Volumes and Snapshots
EBS volume sizes can be changed on the fly
Volumes will ALWAYS be in the same availability zone as the EC2 instance
Moving EC2 volume from one AZ to another
- take snapshot of the volume
- create AMI from the snapshot
- launch EC2 instance in a new AZ using the AMI
Moving EC2 volume from one region to another
- take a snapshot of the volume
- create AMI from the snapshot
- copy AMI from one region to another
- use AMI to launch the new EC2 instance in the new region

AMI’s

AMI can be selected based on:

Region
Operating System
Architecture (32-bit / 64-bit)
Launch Permissions
Storage for the Root Device (Root Device Volume)
- Instance Store (Ephemeral Storage)
  - The root device for an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3
  - Instance store volumes will not be shown in volumes section
  - Instance store instances cannot be stopped: they can only be terminated or rebooted
  - If the underlying host fails, you will loose your data
  - Cannot keep root volume upon instance termination
  - Data is lost when the instance is restarted
  - These instances are free, you will get charged for the instance usage
  - Instance size is determined by the instance type
  - Temporary block-type storage
  - Disks are physically attached to the hardware (SSD / HDD)
  - These volumes are available to specific instance types
- EBS Backed Volumes
  - Persistent block storage volume
  - The root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot
  - Can be attached to any EC2 instance type
  - Can be scaled up and down based on your requirements

CloudWatch

CloudWatch monitors performance
CloudWatch monitors most of AWS as well as your applications that run on AWS
CloudWatch with EC2 will monitor events every 5 minutes by default
You can have 1-minute intervals by turning on Detailed Monitoring
You can create CloudWatch alarms with trigger notifications
Host Level Metrics
- CPU
- Network
- Disk
- Status Check
Alarms
Allows you to set Alarms that notify you when particular thresholds are hit
Dashboards
Creates awesome dashboards to see what is happening in your AWS environment
Logs
Helps you aggregate, monitor and store your log data
Events
Help you to respond to state changes in your AWS resources

AWS CloudTrail increases visibility into your user and resource activity by recording AWS Management Console actions and API calls.

AWS CLI

You can interact with AWS from anywhere in the world just by using the command line (CLI)
You will need to set up access in IAM

IAM Roles

Roles are more secure than storing your access key and secret access key on individual EC2 instances
Roles are easier to manage
Roles can be assigned to an EC2 instance after it is created using both the console & command line
Roles are universal - you can use them in any region

Instance Metadata

Metadata is used to get information about an instance (such as public ip)
Examples
- Show the bootstrap script
  curl http://169.254.169.254/latest/user-data
- Show the options available
  curl http://169.254.169.254/latest/meta-data
- Show the private and public v4 IPs
  curl http://169.254.169.254/latest/meta-data/local-ipv4
  curl http://169.254.169.254/latest/meta-data/public-ipv4

EFS (Elastic File System)

File storage service for Amazon EC2 instances
Storage capacity is elastic, growing and shrinking automatically as you add and remove files
It’s a great way to share files among EC2 instances
Can be mounted to thousands of instances at the same time
Supports the Network File System version 4 (NFSv4) protocol
EFS can be mounted using
- EFS mount helper
- EFS mount helper with TLS
- NFS
You only pay for the storage used
Can scale up to petabytes
Can support thousands of concurrent NFS connections
Data is stored across multiple AZ’s within a region
Read After Write Consistency

FAQ Notes

Overview

Longer EC2, EBS and Storage Gateway resource IDs allow uninterrupted creation of new resources
The speed of launching an instance depends on the number of factors, including the size of your AMI, the number of instances you are launching, and how recently you have launched that AMI. Images launched for the first time may take slightly longer to boot.
Instance Limits: you are limited to running a total of 20 On-Demand instances across the instance family, purchasing 20 Reserved Instances and requesting spot instances based on your dynamic Spot limit per region.
There are limitations of the number of emails that can be sent out from EC2. These limits can be removed when filling the request.
EC2 supports a variety of operating systems including Amazon Linux, Ubuntu, Windows Server, Red Hat Enterprise Linux, SUSE Linux Enterprise Server, Fedora, Debian, CentOS, Gentoo Linux, Oracle Linux, and FreeBSD.
All AWS underlying hardware in EC2 uses ECC memory (Error-correcting code memory)
Service Level Agreement (SLA)
- Guarantees a Monthly Uptime Percentage of at least 99.99% for EC2 and EBS within a Region
- SLA credit will be provided if the region you are operating in has a Monthly Uptime Percentage of less than 99.95% during any monthly billing cycle.
Accelerated Computing Instances
Use hardware accelerators or co-processors to perform some functions, such as floating point number calculation and graphics processing, more efficiently than is possible in software running on CPUs. EC2 provides 3 types of accelerated computing instances: GPU compute instances, GPU graphics instances, FPGA programmable hardware compute instances.
GPU Instances
- workloads with massive parallelism
- good for Graphics processing
- good for applications where the throughput of a pipeline is more important than the latency of the individual operations
G3 Instances
- G3 provided a high-performance platform for applications using DirectX or OpenGL
- G3 instances support DirectX 12, OpenGL 4.5, CUDA 8, and OpenCL 1.2
P3 Instances
- P3 are the next-generation of EC2 general-purpose GPU computing instances
- P3 instances support CUDA 9 and OpenCL
- P3 have new features like Streaming Multiprocessor (SM) architecture for machine learning (ML)/deep learning (DL) performance optimization, second-generation NVIDIA NVLink high-speed GPU interconnect and highly tuned HBM2 memory for higher-efficiency
- NVIDIA Tesla V100 accelerator adds features that improve programmability - advances will supercharge HPC, data center, supercomputer, and deep learning systems and applications.
- P3 Instances benefit Artificial Intelligence (AI), Machine Learning (ML), Deep Learning (DL) and High-Performance Computing (HPC) applications. Users includes data scientists, data architects, data analysts, scientific researchers, ML engineers, IT managers and software developers
- Use-cases for P3 instances: autonomous vehicle platforms, speech, image and text recognition systems, intelligent video analytics, molecular simulations, drug discovery, disease diagnosis, weather forecasting, big data analytics, financial modeling, robotics, factory automation, real-time language translation, online search optimizations, and personalized user recommendations
- P3 Instances will support VPC only.
P2 instances
- P2 instances support CUDA 8 and OpenCL 1.2
NVIDIA drivers for P3 and G3 instances
- Can be obtained from AWS Marketplace by using AMIs with the pre-installed drivers
- Alternatively, you can use HVM AMIs and install the drivers yourself
EC2 F1 Instance
- The instance with programmable hardware that can be used for application acceleration
- High performance, easy to access FPGA for developing and deploying custom hardware accelerations
Amazon FPGA Image (AFI) - the design that you create to program your FPGA

Compute-Optimized Instances

C5 Instances offer a 25% price/performance benefit over C4 instances

General-Purpose Instances

A1 Instances
- Using Graviton Processors
- ARM ecosystem
- Applications based on interpreted or run-time compiled languages should run without modifications. Other applications may require to be recompiled to run on ARM instead of x86.
- arm64 AMIs should be used
- x86 AMIs are not compatible
- EBS volumes are supported, through Non-Volatile Memory Express (NVMe) interface. Blkfront interface is not supported
- Supports ENA based Enhanced Networking - up to 10Gbps of network bandwidth
- Support AWS Nitro System - a combination of dedicated hardware and Nitro hypervisor
M5 Instances
- Good choice for running development and test environments, web, mobile and gaming applications, analytics applications
- Provides instances with a higher memory footprint
- Customers using M4 Instances should move to M5
- Delivers up to 14% improvement in price/performance compared to M4
- EBS Volumes is the only storage supported
- Supports ENA Enhanced Networking with up to 25 Gbps of network bandwidth when launched within a placement group
- Up to 27 EBS Volumes can be used
- Uses lightweight Nitro Hypervisor, based on core KVM technology
Fixed performance instances are C, M and R
Burstable performance instance (T2)
- Bursting CPU Credits
- CPU Credit Balance and other related metrics can be monitored from CloudWatch
- When running low on credits t2 instance provides a baseline CPU performance of 10% of a physical CPU core.
- The stopped instance does not retain the previously earned credit balance

High Memory Instances

6 TB, 9 TB, or 12 TB of memory in a single instance
Useful for running large in-memory databases
Uses ENA-based Enhanced Networking
Delivers high networking throughput and low-latency with 25 Gbps bandwidth
Certified by SAP for running Business Suite on HANA
Instance Types: u-6tb1.metal, u-9tb1.metal and u-12tb1.metal
448 logical processors, a total of 224 CPU cores
EBS Volumes supported, EBS-optimized instances by default
These instances are bare metal instances, they do not run on a hypervisorAva
Available on EC2 Dedicated Hosts on a 3-year Reservation
You can launch, stop/start, and terminate instances on your EC2 Dedicated Hosts using AWS CLI/SDK.

Previous Generation Instances

M1, C1, CC2 and HS1

Memory Optimized Instances

Large memory size for memory intensive applications
X1 instances are ideal for in-memory databases
X1e instances offer twice the memory per vCPU compared to the X1 instances
X1e instances - 32 GB of memory per vCPU, from 4 vCPUs to 128 vCPUs
X1 instances - 65 GB of memory per vCPU
Intel E7 processors
SSD based instance store and EBS (Instances are EBS-Optimized by default)

Storage Optimized instances

Dense-storage instance - for workloads with high sequential read and write access to very large data sets
HDD-storage instances
d2.8xlarge - up to 3.5 GBps read and 3.1 GBps write disk throughput with a 2MiB block size, h1.16xlarge - up to 1.15 GBps read and write.
H1 and D2 instances are EBS-optimized by default

Storage

Attaching multiple instances to one volume is not supported at this time
Though EBS snapshots reside in S3, they cannot be accessed using S3 API, and can be accessed using EC2 APIs
Snapshots can be done while volume is attached an in use
You can find the snapshots shared with you by using the “Private Snapshots”, while public using “Public Snapshots” from the viewing dropdown in the console

Networking and Security

Elastic Fabric Adapter (EFA) - uses a custom-built operating system bypass technique to enhance the performance of inter-instance communications which is critical to scaling HPC applications.
All accounts are limited to 5 Elastic IP addresses per region. You will be charged a small hourly rate for each unassigned IP address.
Enhanced networking provides significantly improved performance, consistency of performance and scalability.
- can be enabled when launching an HVM AMI with the appropriate drivers

Management

Amazon CloudWatch receives and aggregates data at 1-minute intervals
CloudWatch metrics for terminated resources are available for 2 weeks
Instance Hibernation
- useful when the instance takes a long time to bootstrap
- can be considered as pre-warmed instances
- RAM data is persisted to the root EBS volume during the hibernation
- You do not incur instance usage fees while an instance is hibernating
- Hibernation should be enabled when launching an instance
- Hibernated instances are in ‘Stopped’ state
- EBS volume data is persisted as in hibernate state as in stopped state
- RAM data is encrypted when moved to EBS
- Instances can be hibernated for a maximum of 60 days
- Hibernation is supported for specific instance types
VM Import/Export
- Enables Importing Virtual Machine (VM) images in order to create Amazon EC2 instances
- You can export EC2 instances as well to create Virtual Machines
- Import / Export commands are not available in the management console. You have to use EC2 CLI and API

Billing

Billing starts when the instance transitions to the Running state
Reserved instance is associated with a spefic region, which is fixed for the duration of the reservation’s term
EC2 Fleet lets you provision compute capacity across difference instance types, AZs and On-Demand, Reserved and Spot Instances with a single API call
Reserved Instance Marketplace - provides AWS customers the flexibility to sell their EC2 RIs to other businesses and organizations.
Spot Instances
- spare EC2 capacity
- can save you up to 90% off on-Demand prices
- AWS can interrupt them with a 2-minute notification

Platform

Amazon Time Sync Service - available on 169.254.169.123. NTP clients can be configured
Cluster Compute Instances - provide similar functionality to other Amazon EC2 instances but have been specifically engineered to provide high-performance networking
High Memory Cluster Instances provide customers with large amounts of memory and CPU capabilities per instance in addition to high network capabilities
EC2 Compute Unit
- represents CPU resource
- is used to provide a consistent amount of CPU capacity no matter what the actual underlying hardware