Types of Compute Services
EC2: Dedicated to serving virtual machines
ECS & EKS: Designed for Docker and/or Windows containers
Lambda: Serverless Functions
Batch: Batch processes in containers
Beanstalk & LightSail: Dedicated for website service
EC2
AZ scoped with regional endpoints that serves as a virtual machine that is launched in a single subnet
Basics
Processors
EC2 offers AMD, Intel, Gravitron, Apple M1 chips.
The compute power is defined by vCPUs, which are roughly equivalent to a thread on a processor core.
Storage
Instance Storage
Instance storage is attached directly to the hardware that is running the hypervisor.
It is volatile but free and quick. This is usually for temporary data.
EBS (Elastic Block Storage)
EBS is attached over the network but it's not a NAS (Network Attached Storage) because these volumes are presented to the gues operating system as if they were directly attached.
These are persistent, durable, and usually holds the primary OS volume and data storage.
AMI (Amazon Machine Image)
Region scoped image that is used for OS volume
Sources
- Community
- Marketplace
- Your Own
- Shared AMIs across organization or accounts
Create an AMI
- Use console
- CLI
- SDK
- Backup
Customizing can be done with an EC2 Image Builder or Packer.
Key Pairs
Region scoped resource that allows connection and login to the OS
Creating Key Pairs in All Regions (CLI)
Scenario: We need the same key pair for every single region in that account
- Create a key pair in a single region
$ aws ec2 create-key-pair --key-name YOUR_KEY_NAME
> --query "KeyMaterial" --output text --region YOUR_REGION > key-pair.pem- Check the key pair.
$ vi key-pair.pem - Change permission
$ chmod 400 key-pair.pem - Since we've only created the private key, also have to create a public key through plain Linux command
$ ssh-keygen -y -f ./key-pair.pem > key-pair.pub - Check public key
$ vi key-pair.pub - Create a script file,
import_key_pair.sh
#!/bin/bash
MAINREGION=$1
REGIONS=`aws ec2 describe-regions --output text --query Regions[].RegionName |ts -s '\t' '\n'`
for i in $REGIONS; do
if [[ $i == $MAINREGION]]; then
echo "Ignoring main region $i"
else
echo "Importing key pair to $i"
aws ec2 import-key-pair --region $i --key-name YOUR_KEY_NAME --public-key-material file://key-pair.pub
fi
done- Run the script
$ bash ./import_key_pair.sh YOUR_MAIN_REGION - If an error pops up, try to find context from
$ aws ec2 import-key-pair help
EC2 Metadata and User Data
It is possible to bootstrap your EC2 instances with configurations that might not normally be available to the guest OS (AMIs)
Metadata
Metadata is actually available from the service itself and it is hosted at every EC2 client OS at 169.254.169.254
It is possible to retrieve instance ID, Security Group, etc.
With a command like
# View metadata categories
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v
https://169.254.169.254/latest/meta-data/
# View Instance-id
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v
https://169.254.169.254/latest/meta-data/instance-id
# View security-group
curl -H "X-aws-ec2-metadata-token: $TOKEN" -v
https://169.254.169.254/latest/meta-data/security-groupsV1 does not require a token whereas, V2 does.
Hence, V2 is a more secure option.
User Data Script
Make a script that is executed once with the initial launch of an instance
It's almost like __init__.py
Launching EC2 Instance
Launch an instance running Linux that allows connection from local IP
Console
- Click Launch Instance
- Choose an AMI, in our case,
Amazon Linux - Select any of the free ones
- Select a Key pair
- By default, it'll place the instance in the default VPC
- Click on Edit, pick your desired VPC and subnet, private subnet for this case
- No need to assign public IP since we want to connect from Local IP
- Create a security group for this instance, modify the name and description
- Apply inbound rules,
Type: ssh, Source type: My IP - Bump up the storage to 15GB
- Click Launch Instance
- When an EC2 instance is launched, AWS is looking for a hyperviser and placing the root volume
CLI
- Retrieve the latest Amazon Linux AMI ID
$ aws ssm get-parameters
--name /aws/service/ami-amazon-linux-latest/aman2-ami-hvm-x86_64-gp2
--query 'Parameters[0].[Value]'
--output text --region YOUR_REGION- Use the AMI from #1 to launch an instance through CLI
$ aws ec2 run-instance --image-id AMI_ID --region YOUR_REGIONNote that this command will launch the instance with ALL DEFAULT settings.
So it's not that useful in a sense..
EC2 Operations
Console
Scenario: JVM is deployed on the instance and it keeps running out of memory and crashing. So I'd like to upsize the instance
- Select the instance and stop instance
- Note that the act of upsizing an instance will require AWS to re-assign your EC2 instance to a other hardware.
- Hence, when you stop the instance, data in your instance store volume is gone forever.
- This is the equivalent as a Power-off
- Click on actions -> instance settings -> change instance type
- Select your desired instance type
- However, we cannot change the CPU architecture
- Apply changes and click start instance
Disclaimer
This summary is made possible by Oreilly's AWS, 3rd Edition - Chad Smith.
If the above post violates any copyright permissions, please let me know!
