-
7/12/17
1
Amazon Elastic Compute Cloud
l Compute - The amount of computational power required to
fulfill
your workload
l Instance - Virtual machines - Charged per hour while
running - Virtual Hardware - AMI - Software (applications, OS,
etc.)
Amazon Elastic Compute Cloud
l Instance Types - Parameters of an instance
l VCPUs (how many cores) l Memory l Storage l Network
Performance
- Type, a related set of instance configurations l General
Purpose (m) l Compute Optimized (c) l Memory Optimized (r) l
Storage Optimized (i) l GPU Compute (g)
- Members, instances in a type vary linearly in ability, as do
costs
Amazon Elastic Compute Cloud
l Enhanced Networking - Single Root I/O Virtualization
(SR-IOV) - Greater Packets Per Second (PPS) - Lower latency -
Less Jitter - Requires Amazon VPC
l Amazon Machine Image (AMI) - OS, with configuration -
Initial State of patches - Application and System Software
-
7/12/17
2
Amazon Elastic Compute Cloud
l AMI Sources - Published by AWS
l Maintained by AWS l Standard ISO OS image installs l
Unpatched
- AWS Marketplace l Partner driven web store for AMI’s l
Bundled software, charged hourly + hourly licensing
- Generated from instance l User created from existing EC2
instance.
- Uploaded Virtual Server l Imported from virtualization
formats (VHD, VMDK, OVA) l Customer maintains AWS compliance for
licensing
Amazon Elastic Compute Cloud
l Secure Use Of An Instance - Addressing
l Public Domain Name - Automatic, can not be specified
l Public IP - Automatic, can not be specified
l Elastic IP - Reserved independently - Associated with
Instance - Persists until released - Shared externally without
coupling to a particular instance - Charged when NOT in use on an
instance
Amazon Elastic Compute Cloud
l Secure Use (cont) - Initial Access
l Public key cryptography, key pair - Generated via AWS
Managment Console, CLI, API or uploaded - AWS stores public key -
Customer stores private key
l SSH (Linux) - Use private key to open secure shell, no
password required
l RDP (Windows) - Decrypt admin password with key pair -
Access via RDP, using user and decrypted password
-
7/12/17
3
Amazon Elastic Compute Cloud
l Virtual Fire Wall – Security Groups - EC2-Classic, outgoing
only - VPC, incoming and outgoing - Security groups default is
deny access - Multiple sec-groups allowed, effect is aggregated -
Applied at instance level, not VPC level - Stateful firewall,
outgoing message is remembered
so response is allowed.
Amazon Elastic Compute Cloud
l Instance Lifecycle - Launching
l Bootstrap, code to be run on instance at launch - Apply
patches - Enroll in directory service - Install application
software - Copy longer script from storage and run - Install
configuration management software, e.g. Chef or Puppet
l VM Import/Export - Import your own VM - Export only VMs
you’ve imported
Amazon Elastic Compute Cloud
l Instance Lifecycle (cont) - Managing Instances
l Tagging, key/value pairs associated with instance
- Monitoring Instances l CloudWatch
- Modifying l Resizing
- Stop the instance - Change Instance Type - Restart the
instance
l Security Group - VPC, change at any time - EC2-Classic,
immutable after launch
-
7/12/17
4
Amazon Elastic Compute Cloud
l Options - Pricing
l Charged per hour runninng l On-Demand
- No commitment - Customer controls launch and termination -
Least cost effective
l Reserved - Reservations for predictable workloads - Save up
to 75% on-demand hourly rate - Term commitment, 1 -3 years -
Payment options
l All upfront, best discount, no monthly charge l Partial
upfront, remainder monthly charged l No upfront, all monthly
charge, least discount
Amazon Elastic Compute Cloud
l Options - Pricing
l Reserved (cont) - Changes
l don’t effect term l Switch Availability Zone in same region
l Change VPC and EC2-Classic l Change instance type, within same
family (Linux Only)
l Spot Instances - Access based on bidding price for lower
demand compute time - Instances acquired and run so long as bid
exceeds demand price - Use only on interruption tolerate jobs
Amazon Elastic Compute Cloud
l Tenancy - Shared Tenancy (default)
l Single physical host machine, multiple costumers l Fully
isolated, secure
- Dedicated Instances l Single physical host machinie,
dedicated to one customer l Other non-dedicated isolated by
hardware
- Dedicated Host l Single physical host, fully dedicated to
one customer l Useful for licensing l Complete customer control
over what host launches
instances
-
7/12/17
5
Amazon Elastic Compute Cloud
l Placement Groups - Logical grouping of instances with single
Availiablity
Zone - Enable low latency, 10Gbps networking - Full
optimization requires “enhanced networking”
l Instance Stores, the instance root drive. Lost if... -
Underlying disk fails - Instance stops (restored on restart) -
Instance terminates (lost, irrevocably) - Not for valuable, long
term data.
Amazon Elastic Compute Cloud
l Amazon Elastic Block Store (EBS) - Persistent Block Level
Storage - Automatically replicated in Availability Zone - High
Availability, High Durability - Attached to instances (one
instance at a time)
l Types of EBS Volumes - Magnetic, 1GB to 1TB, 100 IOPS
average
l Infrequent access l Sequential Reads l Low-Cost
Amazon Elastic Compute Cloud
l Types of EBS Volumes (cont) - General Purpose SSD, 1GB to
16TB
l Baseline IOPS, 3/GB, capped at 10000 IOPS l
-
7/12/17
6
Amazon Elastic Compute Cloud
l EBS-Optimized Instances - Optimzed configuration stack -
Best performance on non-magnetic EBS volumes
l Protecting Data - Snapshots
l Point in time l Incremental backup l Created immediately,
no downtime on volume l Constrained to region, copy to other
region if required l Create Volume from Snapshot, lazy restore
Amazon Elastic Compute Cloud
l Recovering Volumes (EBS) - Detachable from volume in case of
failure - Delete On Terminate Flag, double check it - Attach to
new instance to access data
l Encryption - AWS Key Management Service - New key, or
master created with service - AES-256 - Transparent, minimal
impact on performance