{"id":7539,"date":"2018-06-04T09:11:35","date_gmt":"2018-06-04T01:11:35","guid":{"rendered":"http:\/\/rmohan.com\/?p=7539"},"modified":"2018-06-04T09:11:35","modified_gmt":"2018-06-04T01:11:35","slug":"ec2-instance-2","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7539","title":{"rendered":"EC2 instance"},"content":{"rendered":"
** \r\nvolume == hard disk\r\nsecurity groups == virtual firewalls\r\n--------------------------\r\nEC2 instances types:\r\n'Dr mc gift pix'\r\nD-desnsity\r\nR-ram\r\nm-main choice (general)\r\nc-compute\r\ng-graphics\r\ni-iops\r\nf-fpga (field-programmable gate array)\r\nt--cheap (t2 micro)\r\np-graphics(pics)\r\nx-extreme\r\n--------------------------\r\n\r\ntermination protection-off by default.\r\nEBS will be deleted when EC2 instance is terminated by default.\r\nEBS root volume of default AMI cann't be encrypted. but third party tools can be used to encrypt, or by making an image copy of the instance.\r\nadditinal volumes can be encrypted\r\n-------------------\r\n\r\nEBS: the block storage assiciated with an EC2 instance\r\n\r\npricing models:\r\n-on demand\r\n-spot\r\n-reserved\r\n-dedicated host\r\n\r\ninstances are charged by the hour-rounded up. unless aws terminated the instance, then it is rounded down.\r\n\r\nebs consists:\r\n ssd, general purpose - GP2 - (up to 10,000 iops)\r\n ssd, provisioned iops - IO1 - more then 10,000 iops\r\n hdd, thouroughput optimized ST1 - frequently accessed workloads\r\n hdd, cold SC1 - less frequenly accessed data\r\n hdd, magnectic - standard - cheap less frequenly accessed data\r\n\r\n*can't connect more then 1 EC2 instance to 1 EBS. use EFS for that\r\n\r\n----------------\r\ninstance termination protection is turned off by default.\r\nthe root(where OS is installed) EBS is deleted when the EC2 instance is terminated by default.\r\nroot volumes can't be encrypted unless using third party tools, but ither EBS volumes can be.\r\n----------------\r\nvolumes exist on EBS - they are virtual hard disk.\r\nsnapshots (point in time copies of volumes) exits on S3.\r\ntaking a snapshot of a volume will store that volume on S3.\r\nsnapshots are incremental - only data that changed since the last snapshot are moved to S3\r\nsnapshots are encrypted automatically\r\nvolumes restored from snapshots are ecnrypted automatically\r\nyou can share snapshot, but only if they are un-encrypted.\r\nyou should stop the instance bofore taking a snapshot of a root volume\r\n------------------\r\nsecurity rules:\r\nall inbound traffic is blocked by defualt\r\nall outbound traffic is allowed by default\r\ncan have any numbr or instances within a security group\r\ncan have multiple security groups attached to EC2 instances\r\nthere are no 'deny' rules. on allow\r\nsecurity groups are stateful - if you allow a rule for traffic in, that traffic is also allowed out. (access lists are not)\r\nyou can't block specific ip adresses from security groups.\r\n\r\n---------------------\r\nroles: are more secure then storing the access and secret keys on EC2. easier to manage.\r\ncan be assigned to instaces after they are provisions\r\nroles can be updated during usage.\r\n----------------------\r\nraid = redundant aray of indipendent disks. acting as one disk to the OS.\r\nraid 0 - good perfoamce. no data redundancy\r\nraid 1 - mirrored, data redundancy\r\nraid 5 - aws doesn't recommend this for EBS. good for reads, bad for writes\r\nraid 10 - good redundancy and performance.\r\n\r\nto increase IO - increase disk volumes as a raid\r\n-----------------\r\ntaking a snapshot of a Raid array: (application consistent snapshot)\r\nstop application from writing to disk by freezing the file system \/ unmount the raid array \/ shut down the EC2 instance\r\nflush all caches to the disk\r\n--------------------\r\nwhen taking a snapshot of a volume, the snapshot is encrypted by default\r\nvolumes restored from encrypted snapshots are also encrypted\r\ncan't share encrypted snapshots.\r\n------------------------\r\nAMI - amazon machine image.\r\nAMI's are available on the store.\r\nAMis are regional - can only be launched from the region it is stored in. but you can copy AMIs to other region. using the cli api or console.\r\n-------------------\r\nAMI type: EBS backed and Instance Store backed (also called ephemeral).\r\nInstance Stores can't attach additional Instnce Store Volumes after launching. \r\nEBS can be stopped and re-run on a different hypervisor in case of a problem. Instance Store can't.\r\nInstance Stores are less durable, if their host fails - the instance is lost. (ephemeral)\r\nEBS are created from a snapshot. Instance Store are created from a template stored on S3\r\nboth can be rebooted without losing data\r\n-------------\r\nelastic load balancer\r\nclassic \/ application\r\n*a subnet == avalability zone\r\nhas healthchecks\r\nno ip adress. only dns names.\r\n----------------------\r\ncloudwatch\r\nstandart monitoring - 5 mins, detaild monitoring - 1 min\r\ncreate dashboard, alarms, events, logs\r\ncloud watch is for logginng , monitoring. cloud trail is for auditing an entire aws env\/ accounts.\r\n-----------------------\r\ncredentials are normally stored on an instance under the .aws folder. this is a security breach..\r\nroles allow instances not to have the credentials written to a file on the instance. therfore safer\r\nroles are global. not by zone\r\n\r\n---------------------------------\r\nbash script example: \r\n#!\/bin\/bash\r\nyum update -y\r\nyum install httpd -y\r\nservice httpd start\r\nchkconfig httpd on\r\naws s3 cp s3:\/\/mywebsitebucket-acg2\/index.html \/var\/www\/html\r\n\r\n----------------\r\nmetadata:\r\ncurl http:\/\/169.254.169.254\/latest\/meta-data\/\r\n\r\n---------------------------\r\nAutoscaling  groups require launch configuration before launching.\r\n--------------\r\nplacement group - grouping of instances within a single availability zone. used for low network latency and high performace.\r\nonly certain types of instances can be part of  a placemnet group.\r\nrecommended to use homogenous instaces types (same size and family)\r\ncan't merge groups.\r\ncan't move existing instincaes into an existing group.\r\n------------------------\r\nefs - elastic file system.\r\npay for the storge you use.\r\nallows to use a single storage across multiple ec2 instances. could use as a central file storage.\r\ndata is stored across multiple AZ\r\nread after write consistency\r\n*not available in all zones yet\r\n----------------------\r\nlambda - no servers, auto scaling, very cheap\r\n-------------\r\nsummary<\/pre>\n","protected":false},"excerpt":{"rendered":"
** volume == hard disk security groups == virtual firewalls ————————– EC2 instances types: ‘Dr mc gift pix’ D-desnsity R-ram m-main choice (general) c-compute g-graphics i-iops f-fpga (field-programmable gate array) t–cheap (t2 micro) p-graphics(pics) x-extreme ————————– termination protection-off by default. EBS will be deleted when EC2 instance is terminated by default. EBS root volume of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7539"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7539"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7539\/revisions"}],"predecessor-version":[{"id":7540,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7539\/revisions\/7540"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}