AWS EC2 is a web service that provides secure and resizable computing capacity. It allows users to develop and deploy applications faster by eliminating the need for upfront hardware costs. EC2 provides instances of varying configurations that can be launched from AMIs. Instances exist within regions and availability zones for high availability and reliability. Security groups act as virtual firewalls, while key pairs and tags help manage access and resources. Pricing options include on-demand, reserved, spot and dedicated host instances. Troubleshooting guidance covers connection issues, authentication errors and instance failures.
2. Agenda
• EC2 Features and Fundamentals
• Key Terms and Components
a. Instances and AMIs
b. Regions and Availability zones
c. Root device volumes/storage
d. Networking & Security
• Amazon EC2 Pricing
• Benefits of using VPC
• AWS Resource Locations
• Use cases and Troubleshooting
• Resources
3. Amazon EC2 Fundamentals
• A web service that provides secure and resizable computing capacity
in AWS cloud, which
• eliminates any need of up front hardware
• allows to develop and deploy applications faster
• Is completely controlled and secure
• enables you to scale up or down to handle changes in requirements or spikes
in popularity, reducing your need to forecast traffic
• Allows to be global in minutes
• Stops spending money on running and maintaining data centers
4. Key Terms and Components
• Instances:
• Virtual computing environments
• Instance Type:
• Various configurations of CPU, memory, storage, and networking capacity for your
instances
• Amazon Machine Images (AMIs):
• Preconfigured templates for your instances, that package the bits you need for
your server (including the operating system and additional software)
• key pairs:
• Secure login information for your instances
• Instance store volumes:
• for temporary data that's deleted when you stop or terminate your instance
5. Key Terms and Components
• EBS volumes:
• Persistent storage volumes for your data using Amazon Elastic Block Store
• Regions and Availability Zones:
• Multiple physical locations for your resources
• security groups:
• A firewall that enables you to specify the protocols, ports, and source IP ranges
that can reach your instances
• Elastic IP addresses (EIP):
• Static IPv4 addresses for dynamic cloud computing
• Tags:
• Metadata, that you can create and assign to your Amazon EC2 resources
6. Amazon Machine Image (AMI)
• A template that contains a software
configuration (for example, an operating
system, an application server, and
applications)
• From an AMI, you launch an instance, which
is a copy of the AMI running as a virtual
server in the cloud
• You can launch multiple instances of an AMI
7. EC2 Instances Types
• An instance type essentially determines the hardware of the host computer
• Instance types comprise varying combinations of CPU, memory, storage, and
networking capacity and give you the flexibility to choose the appropriate mix of
resources for your applications
• Each instance type includes one or more instance sizes
General Purpose
Compute Optimized
Memory Optimized
Accelerated Computing
Storage Optimized
8. Regions and Availability Zones
• Amazon EC2 is hosted in multiple locations
world-wide and these locations are
composed of regions and Availability Zones
• Each Region is a separate geographic area
• Each region has multiple, isolated locations
known as Availability Zone
• Availability Zones in a region are connected
through low-latency links
9. EC2 Root Device Volume
• When you launch an instance, the root device volume contains the image used
to boot the instance
• You can launch an instance from either an instance store-backed AMI or an
Amazon EBS-backed AMI
• Any data on the instance store volumes persists as long as the instance is
running, but this data is deleted when the instance is terminated (instance
store-backed instances do not support the Stop action) or if it fails (such as if
an underlying drive has issues).
• An Amazon EBS-backed instance can be stopped and later restarted without
affecting data stored in the attached volumes.
10. EC2 Tagging
• A metadata, which help you to manage your
instances, images, and other Amazon EC2
resources
• Enable you to categorize your AWS
resources based on purpose, owner, or
environment
• Each tag consists of a key and an optional value
• A consistent set of tag keys makes it easier for you
to manage your resources. You can search and
filter the resources based on the tags you add.
11. EC2 Network and Security
• Amazon EC2 provides the following network and security features:
• Amazon EC2 Key Pairs
• Combination of a public/private keys which is used for encrypt/decrypt the login info
• Create it while provisioning the instance, download it and keep it safe
• Necessarily required to do first SSH login
• Its one time downloadable and non recoverable
• Same key can be used to connect multiple instances
• Security Groups
• A virtual firewall that controls the traffic for one or more instances
• By default, security groups allow all outbound traffic
• Security group rules are always permissive; you can't create rules that deny access
• Can add/remove rules at any time, changes are automatically applied to the instances
associated
12. EC2 Network and Security
• Elastic IP Addresses
• An static IPv4 address, plug and play with it
• AN public IPv4 address, replaced with an EIP on instances primary network interface, can
not be reused
• You can disassociate an Elastic IP address from a resource, and reassociate it with a
different resource.
• A disassociated Elastic IP address remains allocated to your account until you explicitly
release it.
• An EIP will be charged, if not associated with a running instance, or if it is associated with
a stopped instance or an unattached network interface
• An EIP will not be charged, if associated with a running instance
• Not charged for one EIP address associated with the running instance, but you are charged
for any additional Elastic IP addresses associated with the instance.
• An Elastic IP address is for use in a specific region only
• By default, all AWS accounts are limited to five (5) Elastic IP addresses per region
13. Amazon EC2 Pricing
• There are four ways to pay for Amazon EC2 instances:
• On-Demand:
• pay for compute capacity by per hour or per second
• No longer-term commitments or upfront payments needed
• increase or decrease your compute capacity depending on the demands
• Recommended for unpredictable workloads
• Reserved Instances
• provides a significant discount (up to 75%) compared to On-Demand instance pricing
• flexibility to change families, OS types, and tenancies while benefitting from RI pricing when
you use Convertible RIs.
• provide a capacity reservation when used in a specific Availability Zone
• Recommended for the applications that have steady state or predictable usage
14. Amazon EC2 Pricing
• There are four ways to pay for Amazon EC2 instances:
• Spot Instances
• allows you to request spare Amazon EC2 computing capacity for up to 90% off the On-
Demand price
• can be interrupted by EC2 with two minutes of notification when EC2 needs the capacity back
• Configure the interruption behavior carefully and ensure to keep the backups frequently
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html#interruption-behavior
• Recommended for the applications that have flexible start and end times
• Dedicated Hosts
• a physical EC2 server dedicated for your use
• Dedicated hardware that's dedicated to a single customer
• Helps to address corporate compliance and regulatory requirements
• allow you to use your software licenses that are bound to VMs, sockets, or physical cores,
subject to your license terms.
15. Benefits of Using a VPC
• By launching your instances into a VPC instead of EC2-Classic, you gain
the ability to:
• Attach one or more network interfaces to the instances and hence assign
multiple IPv4 addresses to your instances
• Assign static private IPv4 addresses to your instances that persist across
starts and stops
• Change security group membership for your instances while they're
running
• Control the inbound/outbound traffic from your instances
• Add an additional layer of access control to your instances in the form of
network access control lists (ACL)
• Run your instances on single-tenant hardware
16. AWS Resource Locations
Scope of AWS EC2 resources:
Resource Scope Type Description
AWS account Global You can use the same AWS account in all regions.
Key pairs Global or Regional The key pairs that you create using Amazon EC2 are tied to the region where you created them.
AMIs Regional An AMI is tied to the region where its files are located within Amazon S3. You can copy an AMI from one region to another.
EIP Regional An Elastic IP address is tied to a region and can be associated only with an instance in the same region.
Security groups Regional A security group is tied to a region and can be assigned only to instances in the same region.
EBS snapshots Regional An EBS snapshot is tied to its region and can only be used to create volumes in the same region. You can copy a snapshot from one region to another
EBS volumes Availability Zone An Amazon EBS volume is tied to its Availability Zone and can be attached only to instances in the same Availability Zone.
Instances Availability Zone An instance is tied to the Availability Zones in which you launched it
17. Use Cases and Troubleshooting
• The following are possible problems you may have and error messages
you may see while trying to connect to your instance
• Error connecting to your instance: Connection timed out
• Check your security group rules. You need a security group rule that allows inbound
traffic from your public IPv4 address on the proper port.
• Check the route table for the subnet. You need a route that sends all traffic destined
outside the VPC to the internet gateway for the VPC
• Check the network access control list (ACL) for the subnet. The network ACLs must
allow inbound and outbound traffic from your local IP address on the proper port.
• If you have a firewall on your computer, verify that it allows inbound and outbound
traffic from your computer
• Check that your instance has a public IPv4 address
• Check the CPU load on your instance; the server may be overloaded
18. Use Cases and Troubleshooting
• The following are possible problems you may have and error messages
you may see while trying to connect to your instance
• Error: User key not recognized by server
• Verify that you are using correct key and check its extension
• Verify that you are connecting with the appropriate user name for your AMI
• Error: Host key not found, Permission denied (public-key), or Authentication
failed, permission denied
• verify that you are connecting with the appropriate user name for the AMI
• the permissions on the home directory of your instance may have been changed
• Error: Unprotected Private Key File
• our private key file must be protected from read and write operations from any other
users.
19. Use Cases and Troubleshooting
• What to Do If an Instance Immediately Terminates
• Troubleshooting Stopping Your Instance
• Troubleshooting Terminating (Shutting Down) Your Instance
• Troubleshooting Instance Recovery Failures
• Troubleshooting Instances with Failed Status Checks
• Troubleshooting Instance Capacity
• Getting Console Output and Rebooting Instances
• Booting from the Wrong Volume
20. Resources
• Web Book
• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-ug.pdf
• FAQs
• https://aws.amazon.com/ec2/faqs/
• Videos:
• https://www.youtube.com/watch?v=A4V_QFLZgv4
• https://www.youtube.com/watch?v=2KcZgdsuMto
• https://www.youtube.com/watch?v=fpxDGU2KdkA&t=15s