EC2 = Elastic Compute Cloud = Infrastructure as a Service
Capability: - Renting VM(EC2) - Storing data on virtual drive (EBS) - Distributing load across machines (ELB) - Scaling the services using an auto-scaling group (ASG)
Knowing EC2 is fundamental to understand how the Cloud works
Network card: speed of the card, Public IP address
Firewall ruels: security group
Bootstrap script (configure at first launch): EC2 User data
EC2 User Data
It is possible to bootstrap our instances using an EC2 User data script
Bootstrapping means launching commands when a machine starts
That script is only run once at the instance first start
EC2 user data is used to automate boot tasks such as: - Installing updates - Installing software - Downloading common files from the internet - Anything you can think of
The EC2 User Data Script runs with the root user = sudo right
EC2 instance types: example
t2 micro is for free tier
#!/bin/bash # Use this for your user data (script from top to bottom) # install httpd (Linux 2 version) yum update -y yum install -y httpd systemctl start httpd systemctl enable httpd echo "<h1>Hello Word from $(hostname -f)</h1>"> /var/www/html/index.html
Hands on EC2
It is common to terminate instances, everything is disposable in cloud.
Every time stop and start instances, public IPv4 address will have changed
* When you’re on-premises, you have to order servers, get it delivered, you plug it into your infrastructure. And you use them for the next three to five years. But in Cloud, we’re talking about seconds. You can get rid of it at any time whenever you want. And this huge change, thanks to the Cloud, is making IT so flexible that it allows people to run companies with a very little IT department.
EC2 Instance Types — Overview
more size = more memory, more cpu
2. Compute Optimized
Great for compute-intensive tasks that require high performance processors: - Batch processing workloads - Media transcoding - High performance web server - High performance computing (HPC) - Scientific modeling & machine learning - Dedicated gaming servers
3. Memory Optimized
Fast performance for workloads that process large data sets in memory
Use cases: - High performance, relational/non-relational databases - Distributed web scale cache stores - In-memory databases optimized for BI(Business Interligence) - Applications performing real-time processing of big unstructured data
4. Storage Optimized
Great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage
Use cases: - High frequency online transaction processing (OLTP) systems - Relational & NoSQL databases - Cache for in-memory databases (ex. Redis) - Data warehousing applications - Distributed file systems
Introduction to Security Groups
Security Groups are fundamental of network security in AWS
They control how traffic is allowerd into or out of our EC2 Instances
Security groups only contain allow rules
Security groups rules can reference by IP or by security group
Security Groups Good to Know
Can b e attached to multiple instances
Locked down to a region / VPC combination
Does live “outside” the EC2 — if traffic is blocked the EC2 instance won’t see it
It’s good to maintain one separate security group for SSH access
If your application is not accessible (time out), then it’s a security group issue
If your application gives a “connection refused” error, then it’s an application error or it’s not launched
All inbound traffic is blocked by default
All outbound traffic is authorized by default
Referencing other security diagram
Classic Ports to Know
22 = SSH (Secure Shell) — log into a Linux instance
21 = FTP (File Transfer Protocol) — upload files into a file share
22 = SFTP (Secure File Transfer Protocol) — upload files using SSH
80 = HTTP — access unsecured websites
443 = HTTPS — access secured websites
3389 = RDP (Remote Desktop Protocol) — log into a Windows instance
