Elastic Compute Cloud (EC2)
EC2
Region-scoped/Regional service
EC2 (Elastic Compute Cloud) is an Infrastructure as a Service (IaaS)
Stopping & Starting an instance may change its public IP but not its private IP
AWS Compute Optimizer recommends optimal AWS Compute resources for your workloads
It mainly consists in the capability of:
Renting Virtual Machines (EC2)
Storing data on virtual drives (EBS)
Distributing load across machine (ELB)
Scaling the services using an auto-scaling group (ASG)
EC2 sizing & configuration options
OS: Linux, Windows & MacOS
How much compute power and cores (CPU)
How much random-access memory (RAM)
How much storage space:
Hardware (EC2 instance store)
Network-attached (EBS & EFS)
Public IP address
Firewall rules: Security Groups
Bootstrap script (configure at first launch only): EC2 User Data
User Data
It is possible to bootstrap the instances using an EC2 User Data Script
Bootstrapping means launching or running command when a machine starts
This script is only run once at the instance first start (doesn't execute for subsequent runs)
Used to automate dynamic boot tasks (that cannot be done using AMIs)
Installing updates
Installing software
Downloading common files from the internet
Runs with the root user privilege
EC2 Instance Types
AWS has the following naming convention:
m5.2xlarge
m: instance class
5: generation (AWS improves them over time)
2xlarge: size within the instance class (CPU, Memory, etc.)
Below mentioned some of the most used instance types.
General Purpose
Great for a diversity of workloads such as web servers or code repositories
Balance between compute, memory & networking
Compute Optimized
Great for compute intensive tasks that require high performance processors.
Batch processing workloads
Media transcoding
High performance web severs
High performance computing (HPC)
Scientific modeling & machine learning
Dedicated gaming servers
Memory Optimized
Fast performance of workloads that process large data sets in memory (RAM).
High performance, relational/non-relational databases
Distributed web scale cache stores
In-memory databases optimized for BI (Business Intelligence)
Applications performing real-time processing of big unstructured data
Storage Optimized
Great for storage intensive tasks (accessing local databases) that require high, sequential read and write access to large data sets on local storage
High frequency online transaction processing (OLTP) systems
Relational and NoSQL databases
Cache for in-memory databases (ex. Redis)
Data warehousing applications
Distributed file systems
Security Groups
They control how traffic is allowed into or out of EC2 instances.
Only contain Allow Rules
Act as a external firewall for EC2 instances (if a request is blocked by SG, instance will never know)
Security groups rules can reference a resource by IP or another Security Group
Default SG
inbound traffic from the same SG is allowed
all outbound traffic is allowed
New SG
all inbound traffic is blocked
all outbound traffic is allowed
A security group can be attached to multiple instances and vice versa
Bound to a VPC (and hence to a region) (if you switch a region or create a new VPC, you have to create new SG)
Recommended to maintain a separate security group for SSH access
Blocked requests will give a Time Out or Connection Refused error
Classic Ports to Know
22 = SSH (Secure Shell) - log into Linux instance
21 = FTP (File Transfer Protocol) - upload files into a file share
22 = SFTP (Secure File Transfer Protocol) - upload files using SSH
80 = HTTP - access unsecured websites
443 = HTTPS - access secured websites
3389 = RDP (Remote Desktop Protocol) - log into a Windows instance
EC2 Purchasing Options
On-Demand Instances: short workload, predictable pricing, pay by second
Reserved (1 & 3 years):
Reserved Instance: long workloads
Convertible Reserved Instance: long workloads with flexible instances
Saving Plans (1 & 3 years): commitment to an amount of usage, long workload
Spot Instance: short workloads, non-crtitical, cheap, can lose instances anytime (less reliable)
Dedicated Hosts: book an entire physical server, control instance placement
Dedicated Instances: no other customer will share your hardware
Capacity Reservations: reserve capacity in a specific AZ for any duration
On-demand Instances
Pay per use (no upfront payment):
Linux or Windows - billing per second, after the first minute.
All other operating systems - billing per hour.
Highest cost
No long-term commitment
Recommended for short-term, uninterrupted and unpredictable workloads, where you can't predict how the application will behave.
Reserved Instances
Standard Reserved Instances
Up to 72% discount compared to on-demand.
You reserve a specific instance attributes (Instance type, Region, Tenancy, OS).
Reservation Period - 1 year (+ discount) or 3 years (+++ discount).
Payment options - No upfront (+), Partial upfront (++), All upfront (+++).
Reserved Instances scope - Regional or Zonal (reserve capacity in an AZ).
Recommended for steady-state applications (like database)
Buy or sell unused instances on the Reserved Instance Marketplace
Convertible Reserved Instances
Can change the EC2 instance type, instance family, scope, OS and Tenancy
Up to 66% discount
Cannot buy or sell unused instances on the Reserved Instance Marketplace
Scheduled Reserved Instances
- Reserved for a time window (ex. everyday from 9AM to 5PM)
Savings Plans
Get a discount based on long-term usage (up to 72% - same as RIs).
Commit to a certain type of usage ($10/hour for 1 or 3 years).
Usage beyond EC2 Savings Plans is billed at the On-Demand price.
Locked to a specific instance family and AWS region (ex: M5 in us-east-1).
Flexible across:
Instance size (ex: m5.xlarge, m5,2xlarge).
OS (ex: Linux, Windows).
Tenancy (Host, Dedicated, Default).
Spot Instances
Can get a discount of up to 90% compared to On-Demand.
Instances that you can lose at any point of time if your max price is less than the current spot price.
Define max-spot price and get the instance while current spot price < max.
The hourly spot price varies based on offer and capacity
If the current spot price > your max price, you can choose to stop or terminate your instance with a 2 minutes grace period.
The most cost-efficient instances in AWS.
Spot blocks are designed not to be interrupted
Useful for workloads that are resilient to failure:
Batch jobs
Data analysis
Image processing
Any distributed workloads
Workloads with a flexible start and end time
Not suitable for critical jobs or databases.
Dedicated Hosts
Server hardware is allocated to a specific company (not shared with other companies)
Allows you address compliance requirements and use your existing server-bound software licenses (per-socket, per-core, per-VM software licenses).
Purchasing options:
On-Demand - pay per second for active Dedicated Host
Reserved - 1 or 3 years (No upfront, Partial upfront, All upfront)
The most expensive options in AWS
Useful for software that have BYOL (Bring Your Own License) or for companies that have strong regulatory or compliance needs
Billed per host
Dedicated Instances
Dedicated hardware
May share hardware with other instances in same account.
Billed per instance
No control over instance placement
On-Demand Capacity Reservations
Reserved On-Demand instances capacity in a specific AZ for any duration.
You always have access to EC2 capacity when you need it.
No time commitment (create/cancel anytime), no billing discounts.
Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts.
You're charged at On-Demand rate whether you run instances or not.
Suitable for short-time, un-interrupted workloads that need to be in a specific AZ.
Spot Instances
Spot Requests
One-time: Request once opened, spins up the spot instances and the request closes.
Persistent:
Request will stay disabled while the spot instances are up and running.
It becomes active after the spot instance is interrupted.
If you stop the spot instance, the request will become active only after you start the spot instance.
You can only cancel spot instance requests that are open, active, or disabled.
Cancelling a Spot Request does not terminate instances. You must first cancel a Spot Request, and then terminate the associated Spot Instances.
Spot Fleets
Spot Fleets = set of Spot Instances + (optional) On-Demand Instances.
Launch Templates must be used to have on-demand instances in the fleet
The Spot Fleet will try to meet the target capacity with price constraints.
Define possible launch pools: instance type (m5.large), OS, availability zone.
Can have multiple launch pools, so that the fleet can choose.
Spot Fleet stops launching instances when reaching capacity or max cost.
Strategies to allocate Spot Instances:
lowestPrice: from the pool with the lowest price (cost optimization, short workload)
diversified: distributed across all pools (great for availability, long workloads)
capacityOptimized: pool with the optimal capacity for the number of instances
priceCapacityOptimized (recommended): pools with highest capacity available, then select the pool with the lowest price (best choice for most workloads)
Spot Fleet allow us to automatically request Spot Instances with the lowest price.
Elastic IP
When you stop and then start the EC2 instance, it can change its public IP.
If you need to have a fixed public IP for your instance, you need an Elastic IP.
Static Public IP that you own as long as you don't delete it
Can be attached to an EC2 instance (even when it is stopped)
Soft limit of 5 elastic IPs per account (you can ask AWS to increase that)
Doesn’t incur charges as long as the following conditions are met (EIP behaving like any other public IP randomly assigned to an EC2 instance):
The Elastic IP is associated with an Amazon EC2 instance
The instance associated with the Elastic IP is running
The instance has only one Elastic IP attached to it
Overall, try to avoid using Elastic IP:
They often reflect poor architectural decisions.
Instead, use a random public IP and register a DNS name to it.
Or use a Load Balancer and don't use a public IP.
EC2 Placement Groups
Sometimes you want control over the EC2 instance placement strategy, that strategy can be defined using placements groups.
When you create a placement group, you specify one of the following strategies for the group:
Clusters - clusters instances into a low-latency group in a single AZ.
Spread - spreads instances across underlying hardware (max 7 instances per group per AZ) - critical applications
Partition - spreads instances across many different partitions (which rely on different sets of racks) within an AZ. Scales to 100s of EC2 instances per group (Hadoop, Cassandra, Kafka).
Cluster Placement Group (optimize for network)
All the instances are placed on the same hardware (same rack)
Pros: Great network (10 Gbps bandwidth between instances)
Cons: If the rack fails (AZ fails), all instances will fail at the same time
Used in HPC (minimize inter-node latency & maximize throughput)
Spread Placement Group (maximize availability)
Each instance is in a separate rack (physical hardware) inside an AZ
Supports Multi AZ
Up to 7 instances per AZ per placement group (ex. for 15 instances, need 3 AZ)
Used for critical applications where each instance must be isolated from failure from each other.
Partition Placement Group (balance of performance and availability)
Instances in a partition share rack with each other
If the rack goes down, the entire partition goes down
Up to 7 partitions per AZ
Up to 100s of EC2 instances per partition
Used in big data applications (Hadoop, HDFS, HBase, Cassandra, Kafka)
Note
- If you receive a capacity error when launching an instance in a placement group that already has running instances, stop and start all of the instances in the placement group, and try the launch again. Restarting the instances may migrate them to hardware that has capacity for all the requested instances.
Elastic Network Interfaces (ENI)
ENI is a virtual network card that gives a private IP to an EC2 instance
A primary ENI is created and attached to the instance upon creation and will be deleted automatically upon instance termination.
We can create additional ENIs and attach them to an EC2 instance to access it via multiple private IPs.
We can detach & attach ENIs across instances
ENIs are tied to the subnet (and hence to the AZ)
The ENI can have the following attributes:
Primary private IPv4, one or more secondary IPv4
One Elastic IP (IPv4) per private IPv4
One public IPv4
One or more security groups
A MAC address
EC2 Instance States
Stop
- EBS root volume is preserved
Terminate
- EBS root volume gets destroyed
Hibernate
Hibernation saves the contents from the instance memory (RAM) to the EBS root volume
EBS root volume is preserved
The instance boots much faster as the OS is not stopped and restarted
When you start your instance:
EBS root volume is restored to its previous state
RAM contents are reloaded
Processes that were previously running on the instance are resumed
Previously attached data volumes are reattached and the instance retains its instance ID
Should be used for applications that take a long time to start
Not supported for Spot Instances
Max hibernation duration = 60 days
Standby
Instance remains attached to the ASG but is temporarily put out of service (the ASG doesn't replace this instance)
Used to install updates or troubleshoot a running instance
EC2 Nitro
Newer virtualization technology for EC2 instances
Better networking options (enhanced networking, HPC, IPv6)
Higher Speed EBS (64,000 EBS IOPS max on Nitro instances whereas 32,000 on non-Nitro)
Better underlying security
vCPU & Threads
vCPU is the total number of concurrent threads that can be run on an EC2 instance
Usually 2 threads per CPU core (eg. 4 CPU cores ⇒ 8 vCPU)