This blog would basically cover about understanding what is Amazon EC2 and keys points to get started with EC2
What is Amazon EC2 ?
An EC2 (Elastic Compute Cloud) is called as a web service that helps an user to configure and provision a server virtually on a specific region in AWS Cloud. Its also called as virtual server. The Compute cloud service provides broadest & deepest platform, high security, optimum network & storage capacity.
It provides better compute capacity within cloud & with this, an user can scale up or scale down the server resources whenever any upgrade or downgrade is required. AWS would charge you per hour for the services that you would use for your application.
We are going to discuss on below key points
- Amazon Machine Image (AMI)
- Instance Types
- Amazon VPC
- Amazon EBS
- Instance Store
- Security Groups
- EC2 Key Pairs
- Tags
Amazon Machine Image (AMI)
An Amazon Machine Image is a blueprint of software configuration through which you could launch N number of EC2 instances in AWS Cloud. Its also called as a master image for virtual servers creation.
AMI’s are also region, architecture & platform specific. Having said that, One region AMI can not be accessible directly to other regions. But you could achieve that with COPY AMI operations. Also one specific platform AMI could be used for the same platform only.
Instance Types
The Instance type specify the compute resources for an EC2 in AWS. Each instance type contains some specific resources and resource capacity varies from one instance type to an another instance type. The instance types are designed by AWS to support different business use cases.
The Ec2 instances are categorized below
General Purpose: This is the most popular ec2 instance category because of its balance compute resource capacity. The general type are mainly useful for development & web servers purposes. The M4,M5,T2,T3 & A1 families are undergoes this category.
Compute Optimized: These instances are best for compute-intensive work loads such as high performance web servers, batch processing workloads & machine learning interface. The C4 & C5 families are undergoes this category.
Memory Optimized: This is good for memory-intensive work loads & this delivers a better performance to process large data sets in memory. The R4, R5, X1, High Memory & Z1 family are undergoes in this category.
Accelerated Computing: This use different sets of parallel co-processor to deliver better statistics on graphical processing. The F1, G2, G3, P2 & P3 are undergoes in this category.
Storage Optimized: This is helpful for processing large data sets within a storage with sequential read-write access. These are optimized for very low latency and high IOPS. The D2, H1 & I3 family are undergoes in this category.
Amazon Virtual Private Cloud (VPC)
Amazon VPC offers to create an isolated section with a define class less inter domain routing (CIDR) within AWS, where you could provision your own infrastructure within that logical isolated section. Both IPv4 & IPv6 can be used in your VPC to secure your resources within it.
You can create subnets which is basically a range of IP addresses within your VPC & then you could create your resources within the subnets. The subnet are of two types 1. Public (Internet facing) 2. Private (Resources can’t connect with Internet). For security of your resources within your subnet, both security group and ACL’s could be used.
The VPC are of two types 1. Default 2. Non-Default. The default VPC comes by default with all advanced features as that of Non-Default VPC only if your account supports EC2-VPC type. You could start hosting your resources within the default VPC without doing any further network configuration. For Non-default VPC, you need to create a new VPC and configure it as per your application architecture diagram.
Amazon Elastic Block Storage (EBS)
The elastic block storage service is designed by Amazon for both throughput and transaction intensive workloads with Amazon EC2. Also RDS & Non RDS, other file systems uses EBS as storage device. The scalability of EBS storage works better within an Availability Zone.
EC2 instance can be launched from elastic block storage as root volume. The EBS volume can be used as a physical devices once its tagged to the instance. The EBS volume allow you to increase the size, volume type if needed. The EBS provides different types of volume such as general purpose (gp2), provisioned IOPS (io1), throughput optimized HDD (st1) and cold HDD (sc1)
The EBS volume provides better data availability, data persistent, data encryption & backup as compared to the traditional physical storage.
Instance Store
Instance store is mainly used as temporarily block level storage for an EC2 instance. This storage is useful for temporary storage such as buffers,temp spaces & caches.
The instance store volume devices are of ephemeral type & the ephemeral type range varies from 0 to 23. Having said that, the instance type for one instance store would be ephemeral0 & vice versa. Instance store is local to instance & its a non persistent data storage. No Snapshot is supported for this volume type.
Security Groups
AWS Ec2 security group act as a virtual firewall to your resources within subnet of your VPC in Cloud. The security group contains both inbound and outbound rule to allow to or from your instance. Ec2 security groups are VPC specific. Having said that, you can not launch an instance in your VPC with the security group from an another VPC. The few characteristics of security group are below
- All outbound traffics are allowed for a default security group
- The rules could be modified (add/remove) at anytime for a security group
- Security groups can not be created that deny access
- Multiple Security groups can be tagged to a single instance.
To specify each rule, we must define the values for Protocol, Port range, ICMP type, Source or Destination, Description (Optional)
EC2 Key Pairs
AWS EC2 uses both public and private key called as a key-pair. The public key cryptography is useful for encrypt and decrypt the login information. AWS public key cryptography allows you to privately login to your EC2 instance using a private key without using password.
The public key of an instance is located in .ssh/authorized_keys during boot time. In order to successfully login to the instance you need to connect with your private keys (The key that you downloaded during instance launch time). The EC2 key-par is very secure to your resources within AWS.
Tags
To manage the EC2 resources, AWS recommends to use the tag name to your resources in Cloud. tag Key and Values can be retrieved via different API call. A tag is also called as label to your resources within AWS. You could tag your instance based on application environment and application ID as well.
The above key points would help to start with launching an EC2 Instance in AWS Cloud.
I hope this article helps. Please do support me by liking this article & leave a comment for any questions or concerns related to this blog.