2. it
  3. AWS Certified Solution Architect Official Study Guide, Study Notes - EC2

AWS Certified Solution Architect Official Study Guide, Study Notes - EC2

mac2022-06-30  24

EC2

instance typesAMIsources of AMI Securely Using an Instanceaddressing an instanceinitial accessvirtual firewall protection lifecycle of instances.Optionspricing optionstenancy optionsPlacement GroupInstances Stores Elastic Block Store (EBS)EBSTypes of EBS VolumesProtecting databackup/recoverytaking snapshotscreating a volume from a snapshotrecovering EBS when instance failed.Encryption some of the exerciesget instances meta-data

instance types

instance types are classified basing on 4 dimensions:

vCPUmemorystorage(size and type)network performance FamilystrengthCommentsC4vCPUr3memoryi2storagehuge amount of fast ssdg2GPU

Enhanced Networking It reduce the impact of virtualization on network by Single Root I/O Virtualization (SR-IOV) this result in more Packets Per Second (PPS), lower latency and less jitter.

AMI

Amazon Machine Image AMI are x86 OS, for linux or windows

sources of AMI

AWS: almost just like install OS from official IOS filesAWS Market PlaceGenerate from existing Instances: make a AMI from an existing EC2 instance.Uploaded Virtual Machines

Securely Using an Instance

addressing an instance

use DNS generated by AWS automatically. this persists only when the instance is running.use public IP. this persists only when the instance is running.use elastic Public IP and Elastic IP are different. Public IP is bind to an instance, used as a feature or part of that instance. when the instance is died, public IP is removed. Elastic IP is a kind of resource bind to the customer, or user, not to an instance, like VPC. a customer always gives it to an instance, but that map can change anytime, manually or automatically or even triggered by events. Elasti

initial access

linux:key-pairwindows: encrypted by password, encrypted by key-pair

virtual firewall protection

security group, security is instance level, meaning, firewall for each instance is independent.

lifecycle of instances.

launchingbootstrapping userdata is attached to the instance and not encrypted. so no password should be in UserDataVM Import/Export :import vm from pn-premises or export vm to on-premises.read instance metadata: instance OS access http://169.254.169.254/latest/meta-data to get metadata. Security groupinstance IDinstance typeAMI used to launch the instance.other info… taggingmonitoring:Amazon CloudWatchmodifying and instance instance type:restart instance is needed.security group: termination Protection

Options

pricing options

on-demand instancesreserved instances all upfrontpartial upfrontno upfront Spot instances customer terminate spot instancesspot price goes above the customers bid pricenot enough unused capacity to run the spot instances. there will be a two-minute warning before AWS terminate the spot instance.

tenancy options

shared tenancy. default model.dedicated Instances: hardware dedicated for a single customer.dedicated host: a physical server with EC2 fully dedicated to a single customer.

Placement Group

a placement group is a logical grouping of instances within a single AZ. instances within a placement group will be placed with low latency, 10Gbps network.

Instances Stores

block level storagelocated on disks that are physically attached to the host computer.ideal for temporary content that changes frequently, like a cache or a buffer, queue.instance stores are included in the cost of an EC2.temporary

Elastic Block Store (EBS)

EBS

block levelautomatically replicated within AZ.has many types for different proformance.

Types of EBS Volumes

magnetic volumes: lowest performance. lowest price, 1G to 1TB. data infrequent accessedsequential readslow cost is neededbilled basing on amount of data space provisioned, not used. general-purpose SSD: 1GB to 16TB. performance 3 IOPS per gigabyte provisioned.under 1T, you can burst to 3,000 IOPSbilled basing on space provisioned.good for system boot volumessmall - to - medium sized databasesDevelopment and test environments Provisioned IOPS SSD: 4G to 16Tmost expensive.highest proformance.provisioned IOPS/Billed basing on Size of volumes and IOPS reserved.good for critical business application need high IOPSlarge database workloads

EBS Volume Type Comparison this need update with new HDD types. throughput-optimized HDD and cold HDD

characteristicgeneral-purpose SSDProvisioned SSDmagneticuser case- system boot volumes - virtual desktop - small-to-medium DB - development and test environemnts- critial business need high IOPS (like 10,000 IOPS or 160MB throughput per volume) - large DB- cold workloads, infrequently accessed - low storage cost is neededvolume size1GB - 16TB4GB - 16TB1GB - 1TBmaximum throughput160MB320MB40-90MBIPOS3 IOPS/GB(upto 10,000IOPS)consistently performs at provisioned level, up to 20,000 IOPS maximumaverage 100 IOPS, burst to hundereds of IOPS EBS-Optimized Instances need additional hourly chargewhen you not use SSD and need I/O.use an optimized configuration stack and provides additional, dedicated capacity for EBS I/O.this is achieved by minimizing contention between EBS I/O and other traffic from your instance.

Protecting data

backup/recovery

incremental backups

taking snapshots

AWS web consoleCLIAPIschedule of regular snapshots taking snaptshot is free, only need to pay for the storage of the snapshots. and the snapshots in S3 are not common S3 objects ownerd by users. they can only be manipulated by snapshot tools. snapshots are in one region only automatically. you can copy them to other regions manually.

creating a volume from a snapshot

to use a snapshot, create a new EBS volume from the snapshot.volume is accessible immeidately, but data is restored lazily.best practice is to access all data after restored from a snapshot.you can create a volume of any size from the snapshot. in this way, you can extend the size of the a EBS, by creating a new volume from the snapshot and replace the old one.

recovering EBS when instance failed.

Encryption

EBS offers a native encryption on all volume types. key is managed by KMS encryption is transparent

some of the exercies

get instances meta-data

[root@ip-172-31-17-48 ~]# for i in curl http://169.254.169.254/latest/meta-data/; do echo '#' i i s ; c u r l h t t p : / / 169.254.169.254 / l a t e s t / m e t a − d a t a / i is; curl http://169.254.169.254/latest/meta-data/ iis;curlhttp://169.254.169.254/latest/metadata/i/;echo; done % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 293 100 293 0 0 58600 0 --:–:-- --:–:-- --:–:-- 58600 #ami-id is ami-0fcb508ec48b146df #ami-launch-index is 0 #ami-manifest-path is (unknown) #block-device-mapping/ is ami root #events/ is maintenance/ #hostname is ip-172-31-17-48.cn-northwest-1.compute.internal #identity-credentials/ is ec2/ #instance-action is none #instance-id is i-0a4b82d33b2567159 #instance-type is t2.micro #local-hostname is ip-172-31-17-48.cn-northwest-1.compute.internal #local-ipv4 is 172.31.17.48 #mac is 06:e0:60:0b:9d:fc #metrics/ is vhostmd #network/ is interfaces/ #placement/ is availability-zone #profile is default-hvm #public-hostname is ec2-52-83-65-133.cn-northwest-1.compute.amazonaws.com.cn #public-ipv4 is 52.83.65.133 #public-keys/ is 0=aws-test-keys #reservation-id is r-013028430511ea4b0 #security-groups is launch-wizard-1 #services/ is domain partition

最新回复(0)