AWS Compute & Storage Services

Topics Covered

AWS Compute Services(AWS VPC with server;Private & Public Subnet; IG & Routing;0.0.0.0/0)
Amazon EC2 (Elastic Compute Cloud)
EC2 Instance Types and Pricing Models
Auto Scaling and Elastic Load Balancing
AWS Storage Services (Amazon S3, EBS, Glacier, EFS)
A short study note on Amazon EC2 and Related Services
  1. Definition:
    • AWS VPC allows you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network you’d operate in your data center but with the benefits of using the scalable infrastructure of AWS.
  2. Components of VPC:
    • Subnets: Sub-sections of the VPC that allow you to group resources based on security and operational needs.
    • Route Tables: Determines where network traffic from your subnets is directed.
    • Internet Gateway: A scalable, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet.
    • Elastic IPs: Static IP addresses designed for dynamic cloud computing.
    • Network Access Control Lists (NACLs): Act as a firewall for controlling traffic in and out of one or more subnets.
    • Security Groups: Act as a virtual firewall for your instance to control inbound and outbound traffic.
    • VPC Peering: Allows you to connect one VPC with another via a direct network route using private IP addresses.
  3. VPC Limits:
    • Number of VPCs per Region: By default, you can create up to 5 VPCs per AWS account per region. This limit can be increased by contacting AWS support.
    • Number of Subnets per VPC: You can create up to 200 subnets per VPC. This limit can also be increased upon request.
  4. Internet Gateway:
    • An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It provides a target in your VPC route tables for internet-routable traffic and performs network address translation (NAT) for instances that have been assigned public IP addresses.
  5. Private and Public Subnets:
    • Public Subnets: Subnets with a route to the internet gateway.
    • Private Subnets: Subnets without a route to the internet gateway.
  6. Additional Features:
    • NAT Gateway: Enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances.
    • VPC Endpoints: Allow you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Private Cloud

  1. Definition:
    • A private cloud is a computing environment that is dedicated to a single organization. It can be physically located on the company’s on-site data center or hosted by a third-party service provider.
  2. Characteristics:
    • Exclusive Use: Resources are not shared with other organizations.
    • Enhanced Security: Provides high levels of security due to its isolated nature.
    • Customization: Highly customizable to meet the specific needs and requirements of the organization.
  3. Benefits:
    • Control: Complete control over the hardware and software configurations.
    • Security: Enhanced security protocols specific to the organization’s needs.
    • Compliance: Easier to achieve and maintain compliance with industry regulations.

AWS VPC Use Cases

  1. Host a Simple, Public-Facing Website:
    • Use public subnets for web servers and private subnets for databases.
  2. Multi-Tier Applications:
    • Use public subnets for front-end servers and private subnets for back-end servers.
  3. Backup and Storage:
    • Store backups in private subnets with restricted access.
  4. Disaster Recovery:
    • Set up disaster recovery environments in different regions for high availability.
  5. Big Data Analytics:
    • Use VPC to run big data workloads with secure and scalable infrastructure.

Key Points on AWS VPC Security

  1. Security Groups:
    • Acts as a virtual firewall for your instance to control inbound and outbound traffic.
  2. Network ACLs:
    • Provides an additional layer of security that acts as a firewall for controlling traffic in and out of subnets.
  3. VPC Flow Logs:
    • Capture information about the IP traffic going to and from network interfaces in your VPC.
  4. IAM Policies:
    • Use AWS Identity and Access Management (IAM) policies to control access to VPC resources.
  5. Encryption:
    • Use encryption to protect data at rest and in transit.

Conclusion

AWS VPC is a powerful and flexible service that allows users to create isolated networks within the AWS cloud, providing the ability to manage and control network configurations, enhance security, and improve resource allocation. Understanding the differences between private and public clouds, along with the benefits of hybrid cloud models, enables organizations to optimize their cloud strategies, ensuring efficient and secure operations.

EC2 Pricing Models

An In-Depth Look at Amazon EC2 Pricing Models

Amazon EC2 provides a variety of pricing models to suit diverse application needs and budgetary constraints. Here’s a detailed look at each model:

On-Demand Instances

  • Billing: Charges are by the hour or second (with a minimum of 60 seconds).
  • Commitment: No long-term commitments are required.
  • Free Tier: Eligible for AWS Free Tier.
  • Advantages:
    • Flexibility to increase or decrease capacity based on demand.
    • No upfront costs or long-term commitments.
    • Suitable for development, testing, and unpredictable workloads.
  • Ideal For: Short-term, spiky, or unpredictable workloads.

Dedicated Hosts

  • Description: A physical server exclusively allocated for your use.
  • Advantages:
    • Complete control over the server.
    • Compliance with specific licensing requirements (e.g., Microsoft Windows, SQL Server).
    • Address corporate compliance and regulatory requirements.
  • Use Cases: Workloads requiring dedicated hardware, compliance needs, and specific licensing conditions.

Dedicated Instances

  • Description: Instances that run in a VPC on hardware dedicated to a single customer.
  • Isolation: Physically separated from instances in other AWS accounts at the hardware level.
  • Advantages:
    • Enhanced security and isolation.
    • Meets compliance requirements for dedicated hardware.
  • Ideal For: Applications requiring isolation and compliance.

Reserved Instances

  • Payment Options: Pay upfront, partially upfront, or nothing upfront.
  • Discount: Enjoy lower hourly rates.
  • Term: Available for 1-year or 3-year terms.
  • Advantages:
    • Significant cost savings over On-Demand pricing.
    • Capacity reservation ensures availability.
  • Use Cases: Steady-state, predictable workloads.
  • Ideal For: Predictable, long-term workloads.

Scheduled Reserved Instances

  • Description: Capacity reservations available on a recurring schedule (daily, weekly, or monthly).
  • Term: 1-year.
  • Advantages:
    • Ensures capacity availability during scheduled times.
    • Predictable pricing for scheduled workloads.
  • Ideal For: Predictable workloads that require reserved capacity at specific times.

Spot Instances

  • Pricing: Bid on spare EC2 capacity, often at reduced rates.
  • Availability: Instances run as long as the bid price exceeds the Spot price.
  • Interruption: AWS can interrupt with a 2-minute warning (termination, stopping, or hibernation options available).
  • Advantages:
    • Potential for significant cost savings.
    • Suitable for fault-tolerant, flexible workloads.
  • Use Cases: Batch processing, big data jobs, stateless web applications.
  • Ideal For: Applications that can handle interruptions.

Billing Specifics

  • Per Second Billing: Available for On-Demand, Reserved, and Spot Instances running Amazon Linux or Ubuntu.
  • Flexibility: Allows for precise billing based on actual usage.

Usage Scenarios and Cost Optimization

On-Demand Instances

  • Usage Scenarios: Best for applications with unpredictable workloads or for testing and development environments.
  • Advantages:
    • Flexibility to scale up or down quickly.
    • No upfront costs.
  • Examples: Development environments, short-term projects, startups testing new ideas.

Spot Instances

  • Usage Scenarios: Ideal for applications that can tolerate interruptions. Suitable for tasks like web servers, API backends, and big data processing.
  • Interruption Handling: Design applications to handle interruptions with a 2-minute warning.
  • Advantages:
    • Cost-effective for large-scale workloads.
    • Ideal for non-critical, flexible applications.
  • Examples: Data analysis, scientific research, image rendering.

Reserved Instances

  • Usage Scenarios: Perfect for consistent, long-term workloads with predictable usage patterns.
  • Advantages:
    • Lower costs for predictable workloads.
    • Capacity reservation ensures availability.
  • Examples: Web hosting, database servers, enterprise applications.

Dedicated Hosts

  • Usage Scenarios: Necessary for compliance with specific regulatory requirements or when using existing software licenses.
  • Advantages:
    • Full control over physical servers.
    • Compliance with licensing and regulatory requirements.
  • Examples: Enterprise applications, financial services, healthcare applications.

Strategies for Cost Optimization

  1. Right-Sizing Instances
    • Approach: Evaluate deployed resources to identify opportunities for downsizing without impacting performance.
    • Tools: Utilize Amazon CloudWatch to monitor metrics like CPU, RAM, storage, and network usage.
    • Actions:
      • Select the least expensive instance that meets performance needs.
      • Regularly review and adjust instance types based on utilization data.
  2. Enhancing Elasticity
    • Methods: Stop or hibernate Amazon EBS-backed instances when not in use; implement auto-scaling to adjust capacity based on demand.
    • Advantages:
      • Reduced costs by only paying for what you use.
      • Improved resource utilization.
    • Examples: Non-production environments, development and testing workloads.
  3. Selecting the Optimal Pricing Model
    • Strategy: Mix and match pricing models based on usage patterns (e.g., use On-Demand for variable workloads and Reserved for steady workloads).
    • Alternatives: Consider serverless options like AWS Lambda for certain applications.
    • Examples:
      • Use Spot Instances for flexible workloads.
      • Combine Reserved Instances for predictable needs and On-Demand Instances for unexpected spikes.
  4. Optimizing Storage Costs
    • Actions: Resize or switch EBS volumes to more cost-effective options; remove unneeded EBS snapshots.
    • Advantages:
      • Reduced storage costs.
      • Improved storage utilization.
    • Storage Solutions: Use Amazon S3 with lifecycle policies for cost-effective storage of infrequently accessed data.
    • Examples:
      • Archive data to Amazon S3 Glacier for long-term storage.
      • Use lifecycle policies to transition data between storage classes.

By strategically choosing the right EC2 pricing models and implementing these cost-saving techniques, you can efficiently manage your AWS costs while ensuring your applications remain performant and reliable. This approach allows for flexibility, scalability, and cost-efficiency tailored to your specific workload requirements.

AMAZON EC2 Life Cycle

AWS Storage Services

AWS S3(Simple Storage Device)

Amazon Elastic Block Store(EBS)

Comparison of Block Storage and Object Storage

  1. Key Differences:
    • Block Storage: When modifying data, such as altering a character in a 1-GB file, only the specific block where the change occurs needs to be updated. This approach generally offers higher speed and requires less bandwidth.
    • Object Storage: Any change requires the entire file to be updated, which can be less efficient.
  2. Impact on Performance and Costs:
    • Throughput and Latency: Block storage typically delivers better performance in terms of throughput and latency but may come with higher costs.
    • Cost Considerations: While object storage might be more cost-effective, especially for infrequently accessed data, it may not offer the same level of performance as block storage.
  3. Amazon EBS (Elastic Block Store):
    • Overview: Amazon EBS provides block-level storage volumes that can be attached to Amazon EC2 instances.
    • Features:
      • Replication: Volumes are automatically replicated within their Availability Zone.
      • Snapshots: Automated backups to Amazon S3 are available via snapshots.
      • Encryption: Encrypted volumes are available at no additional cost.
      • Elasticity: Users can increase capacity and switch between different volume types as needed.
    • Use Cases:
      • Boot volumes and file system storage.
      • Database storage and enterprise applications.
    • Volume Types:
      • Provisioned IOPS SSD: Best for high-performance needs.
      • General Purpose SSD: Suitable for most workloads, including boot volumes.
      • Magnetic Storage: Lower-cost option, charged by the number of requests.
  4. Amazon EBS Pricing:
    • Volumes: Charges are based on the amount of storage provisioned each month.
    • IOPS: Costs vary by storage type; for example, Provisioned IOPS SSD charges depend on the provisioned IOPS.
    • Snapshots: Additional costs are incurred for storing EBS snapshots in Amazon S3.
    • Data Transfer:
      • Inbound transfers are free.
      • Outbound transfers across regions incur additional charges.

AWS Glacier

Amazon S3 Glacier offers specialized storage classes designed for data archiving, providing unparalleled performance, retrieval flexibility, and cost-efficiency. These classes ensure 99.999999999% (11 nines) data durability and are scalable across AWS’s global cloud infrastructure.

There are three S3 Glacier storage classes to choose from:

  1. S3 Glacier Instant Retrieval: Ideal for archives needing immediate access, like medical images, with millisecond retrieval times.
  2. S3 Glacier Flexible Retrieval: Suitable for data that doesn’t require instant access but offers flexible retrieval options from minutes to hours.
  3. S3 Glacier Deep Archive: The most cost-effective option for long-term storage, with data retrieval within 12-48 hours.

These classes are integrated with AWS security, compliance standards, and support for encryption, making them a robust choice for archiving data at minimal costs. They are compatible with other AWS services and partner solutions, and their consistency across all AWS regions ensures seamless management of data throughout its lifecycle

Elastic File System(EFS)

Amazon Elastic File System (EFS) offers serverless, fully elastic file storage, allowing you to share file data effortlessly without the need to provision or manage storage capacity and performance.

Advantages :

Quick and Easy Creation : Create and configure shared file systems simply and quickly for AWS compute services—no provisioning, deploying, patching, or maintenance required.

Elastic and scalable : Scale workloads on-demand to petabytes of storage and gigabytes per second of throughput out of the box.

Pay as you go : Reduce TCO with automatic lifecycle management to cost-optimized Infrequent Access and Archive storage classes designed to lower costs up to 97%.

Security and Reliability : Securely and reliably access your files with a fully managed file system designed for 99.999999999 percent (11 9s) durability and up to 99.99 percent (4 9s) of availability.

Use cases :

  • Simplify DevOps
  • Modernize Application Development
  • Accelerate Data Science
  • Enhance content management system

Final Short Study Notes on Amazon EC2 and Related Services

1. Amazon EC2 Instance Naming and Structure

  • Instance Naming: Amazon EC2 instances follow a standardized naming pattern where the instance type name indicates its family, generation, and size. For example, in “t3.large”:
    • ‘t’: Represents the family, which groups instances by their common characteristics or use cases.
    • ‘3’: Denotes the generation, indicating advancements or updates in the technology used.
    • ‘large’: Specifies the size, which correlates with the amount of computing resources like CPU and memory.
  • Instance Sizes:
    • t3.nano: 2 virtual CPUs (vCPUs), 0.5 GB of memory, designed to use only Elastic Block Store (EBS) for storage.
    • t3.micro: 2 vCPUs, 1 GB of memory, EBS-only storage.
    • t3.small: 2 vCPUs, 2 GB of memory, EBS-only storage.
    • t3.medium: 2 vCPUs, 4 GB of memory, EBS-only storage.
    • t3.large: 2 vCPUs, 8 GB of memory, EBS-only storage.
    • t3.xlarge: 4 vCPUs, 16 GB of memory, EBS-only storage.
    • t3.2xlarge: 8 vCPUs, 32 GB of memory, EBS-only storage.

2. Networking Features of Instance Types

  • Variable Network Performance: Network bandwidth, measured in gigabits per second (Gbps), can differ significantly between different instance types.
  • Performance Optimization Strategies:
    • Cluster Placement Groups: For workloads that require low latency and high throughput between instances, placing interdependent instances within a cluster placement group can improve performance.
    • Enhanced Networking: Activating enhanced networking can significantly boost network performance.
  • Enhanced Networking Options:
    • Elastic Network Adapter (ENA): Supports high-speed networking up to 100 Gbps, suitable for applications demanding high throughput.
    • Intel 82599 Virtual Function: An older interface supporting network speeds up to 10 Gbps, used for less demanding applications.

3. Infrastructure as a Service (IaaS)

  • Instance-Based Virtual Machines: IaaS in AWS allows the creation and management of virtual machines, offering users complete control over their virtual infrastructure, similar to on-premises servers.
  • Familiarity for IT Professionals: This service model is familiar to IT professionals as it closely mirrors traditional data center management, with the added benefit of cloud scalability and flexibility.

4. AWS Lambda: Serverless Computing

  • Function-Based Computing: AWS Lambda allows users to execute code in response to events without the need to manage servers. This model is particularly cost-effective and ideal for applications that can operate within short, event-driven executions.
  • Ease of Adoption: While serverless computing is relatively new, it becomes intuitive once the user is accustomed to its framework. It’s designed to simplify the deployment of applications by abstracting server management.

5. Container-Based Computing

  • Amazon ECS, Amazon EKS, AWS Fargate, and Amazon ECR: These services support containerized applications, enabling rapid deployment and scaling.
  • Administrative Overhead: AWS Fargate reduces the complexity of managing infrastructure by abstracting the underlying servers, while other services like ECS and EKS provide more control for users who need it.

6. AWS Elastic Beanstalk: Platform as a Service (PaaS)

  • Web Application Deployment: AWS Elastic Beanstalk is a PaaS offering that simplifies the deployment and management of web applications. Developers can focus on writing code, while Beanstalk handles scaling, load balancing, and health monitoring.
  • Integration: Elastic Beanstalk can easily integrate with other AWS services, such as databases and DNS, making it an excellent choice for full-stack web development.

7. Choosing the Optimal Compute Service

  • Use Case Considerations: Selecting the right compute service involves understanding the specific needs of your application, including its design and usage patterns.
  • Potential Pitfalls: Using an inappropriate compute service can lead to inefficiencies and degraded performance, so a thorough understanding of available options is crucial.

8. Amazon EC2 Core Use Cases

  • Versatile Applications: EC2 instances are suitable for a variety of server roles, including web servers, application servers, database servers, and more. This versatility makes EC2 a central component of many cloud architectures.
  • Full Control: EC2 provides users with full administrative control over their instances, including the operating system and installed software, ensuring a high degree of customization and flexibility.

9. Creating an EC2 Instance Using the AWS Management Console

  • Launch Instance Wizard: The AWS Management Console offers a wizard to guide users through the process of launching an EC2 instance. Key decisions include selecting an Amazon Machine Image (AMI), choosing an instance type, configuring network settings, and more.
  • Nine Key Decisions: These include choosing an AMI, instance type, network settings, IAM role, user data scripts, storage options, tagging, security groups, and key pairs. Each step is critical to the proper setup and operation of the instance.

10. Amazon Machine Image (AMI)

  • Template for EC2 Instances: An AMI is essentially a blueprint used to create EC2 instances. It includes the operating system and may include additional pre-configured software.
  • AMI Options:
    • Quick Start AMIs: Ready-to-use AMIs provided by AWS, including popular Linux and Windows configurations.
    • Custom AMIs: Users can create their own AMIs for repeated use.
    • AWS Marketplace AMIs: Third-party vendors offer pre-configured AMIs tailored for specific applications.
    • Community AMIs: AMIs shared by other users, which can be used at one’s own risk.

11. Specifying Network Settings

When launching an EC2 instance, you need to carefully configure its network settings to ensure proper deployment and accessibility:

  • Deployment Location: Choose the appropriate region where the instance will be deployed. This decision often depends on factors such as latency, data residency requirements, and availability of specific AWS services.
  • VPC and Subnet Selection: Identify the Virtual Private Cloud (VPC) where the instance will reside. You can also specify a subnet, which determines the availability zone within the selected region.
  • Public IP Assignment: Decide whether a public IP address should be automatically assigned to the instance. Assigning a public IP is essential if you want the instance to be accessible over the internet.

Example: When setting up a web server, it’s common to deploy the instance in a public subnet and assign a public IP address to make it accessible from the internet.

12. Attaching an IAM Role (Optional)

An EC2 instance may need to interact with other AWS services, which requires appropriate permissions. These permissions are granted through an IAM role:

  • Attaching IAM Role: If your EC2 instance needs to interact with AWS services (e.g., accessing S3 buckets), attach an IAM role that provides the necessary permissions.
  • Instance Profile: The attached IAM role is stored within an instance profile, which is then associated with the EC2 instance.
  • Role Attachment Flexibility: You can attach an IAM role at instance launch or to an already running instance.

Example: If the instance needs to access an S3 bucket, an IAM role with permissions to interact with S3 should be attached.

13. User Data Script (Optional)

To further customize the instance, you can specify a user data script at the time of instance launch:

  • Customization via Script: User data scripts can be used to automate the configuration of the instance during its initial boot. This script runs only once, the first time the instance starts.
  • Strategic Use: Utilize user data scripts to reduce the need for creating multiple custom Amazon Machine Images (AMIs) by automating tasks that would otherwise require different AMIs.

Example: A script can be used to install specific software or updates on the instance automatically at launch.

14. Specifying Storage

Configuring storage for your EC2 instance is critical, particularly when deciding on the root volume where the operating system is installed:

  • Root Volume Configuration: The root volume contains the guest operating system. You can choose its size and volume type (e.g., SSD, HDD).
  • Additional Volumes: You may also attach additional storage volumes, each with configurable attributes like size, volume type, and encryption settings.
  • Persistence and Deletion: Decide whether the volumes should persist after the instance is terminated or be deleted automatically.

Amazon EC2 Storage Options:

  • Amazon Elastic Block Store (EBS): Durable block-level storage that persists even if the instance is stopped and restarted.
  • Amazon EC2 Instance Store: Ephemeral storage that is tied to the life of the instance; data is lost if the instance stops.

Example:

  • Instance with EBS Root Volume: The instance retains its data when stopped and restarted.
  • Instance with Instance Store Root Volume: Data is lost if the instance is stopped due to a system failure or user action.

15. Adding Tags

Tagging is a powerful way to organize and manage your AWS resources:

  • Tag Structure: A tag consists of a key-value pair. Tags can be attached to an EC2 instance to store metadata.
  • Benefits of Tagging: Tags enable you to filter resources, automate tasks, allocate costs, and control access.

Example: Assign tags like Environment=Production or Department=Finance to easily identify and manage resources.

16. Security Group Settings

Security groups are vital in controlling network traffic to your instance:

  • Firewall Rules: A security group acts as a virtual firewall, with rules that define which traffic is allowed to reach the instance.
  • Specifying Rules: Set rules for inbound and outbound traffic, including the protocol (TCP, UDP, ICMP), port number, and source (e.g., IP address or another security group).

Example: For a web server, you might allow incoming TCP traffic on port 80 (HTTP) from any IP address.

17. Identifying or Creating a Key Pair

A key pair is essential for securely connecting to your EC2 instance:

  • Key Pair Structure: It consists of a public key (stored by AWS) and a private key file (kept by the user). The key pair is used for securely logging into the instance.
  • Key Pair for Windows AMIs: The private key is used to decrypt the administrator password.
  • Key Pair for Linux AMIs: The private key is used for SSH to connect securely to the instance.

Example: When launching an instance, you can either specify an existing key pair or create a new one for secure access.

18. Launching an EC2 Instance with the AWS Command Line Interface (CLI)

In addition to using the AWS Management Console, you can launch EC2 instances programmatically via the AWS CLI:

  • Simplicity and Flexibility: The AWS CLI provides a simple yet powerful way to launch instances, especially when automation is needed.
  • Command Example: A basic command can launch an instance, assuming the necessary key pair and security group are already set up.

Example: A CLI command could look like this: aws ec2 run-instances --image-id ami-0123456789abcdef0 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-0123456789abcdef0.

19. Amazon EC2 Instance Lifecycle: Elastic IP Addresses and Metadata

Elastic IP Addresses:

  • Restarting an instance does not alter its IP addresses or DNS hostnames.
  • When an instance is stopped and restarted, its public IPv4 address and external DNS hostname will change, while its private IPv4 address and internal DNS hostname remain the same.
  • If a constant public IP address is required, an Elastic IP address should be linked to the instance.
  • Elastic IP addresses can be reassigned to instances within the same Region as needed and will stay associated with your account until you release them.

Instance Metadata:

  • Instance metadata provides information about the instance, which can be accessed while connected to the instance.
  • Metadata can be viewed in a browser by navigating to http://169.254.169.254/latest/meta-data/, or in a terminal using the command curl http://169.254.169.254/latest/meta-data/.
  • Examples of metadata include the public and private IP addresses, public hostname, instance ID, security groups, Region, and Availability Zone.
  • Any user data specified during the instance launch can be retrieved from http://169.254.169.254/latest/user-data/.
  • This metadata can be useful for configuring or managing the instance, such as running a configuration script that reads the metadata to set up applications or OS settings.

Monitoring with Amazon CloudWatch:

  • Amazon CloudWatch is used to monitor the performance and health of EC2 instances.
  • It provides near real-time metrics and charts available in the Monitoring tab of the Amazon EC2 console.
  • CloudWatch retains 15 months of historical data, offering both basic and detailed monitoring options.
  • Basic monitoring is included by default at no extra cost, with metric data sent to CloudWatch every five minutes.
  • Detailed monitoring, available for a fixed monthly fee, sends metric data every minute for seven selected metrics.


Scroll to Top