EC2 (Security Group, SSH connectivity, Turn as webserver)

What is EC2?

Its a webservice that provides resizable compute capacity in the cloud. We can scale up or down within a minute

In early days infra team takes more time to provisioning a server but thanks to EC2 it happens in a minutes now

What are the different pricing method in EC2?

On demand

- Pay for used hours. best for development

Reserved

- 1-3 years predictable usage. reserved capacity

Standard reserved instances

- Can get 70% offer if you go for longer contract, greater instances Convertible Reserved instances

- 54% off if you change

Spot

- Bid like stock market whatever price you want
- It is useful for applications that have flexible start and end times
- Useful for applications that are only feasible with low compute prices
- Urgent computer needs for large amounts of additional capacity
- if its stop by EC2 then you won't be charged otherwise charged for any hour in which the instance ran

Dedicated Hosts
- On demand also possible
- Its a dedicated bare metal PC
- It may need when you want to run OS based license like Oracle

What are all the EC2 instances types available?

Based on the usage types the EC2 instances are classified as below and priced them accordingly

F1(Field programmable gate array) - Genomics(DNA) research, financial analysis, real time video processing, big data etc...

I3(High speed storage) - NoSQL DBs, data warehousing etc.,

Graphics intensive - Video encoding/3D application streaming

H1(high disk throughput) - Map reduce-based workloads, distributed file system such as HDFS and MaoR-FS

T3 (Low cost/general purpose) - Web server/small DBs

Dense Storage - Fileservers/Data warehousing/Hadoop

Memory Optimized - Memory intensive apps/DB

General Purpose - Application servers

C5 (compute optimized) - CPU intensive apps/DB

P3 (graphics/general purpose GPU) -Machine learning, bit coin mining etc

X1 (memory optimized) - SAP HANA/Apache spark

Z10 (high compute capacity and high memory foot print) - Ideal for electronic design automation & certain RDBMS workloads with high per-core licensing costs

A1 (arm-based workloads) - Scale-out workloads such as webservers

U-6tb1 (bare metal) - Its a dedicated physical server rented by a customer bare metal capabilities that eliminate virtualization overhead

How to remember the various types EC2 instances ?

You no need to memorize these instance types and instead review the requirement and go to AWS site (https://aws.amazon.com/ec2/instance-types/) and select the instance type which meets the current requirement

Below mnemonics for those who interested to keep the instance types in their memory

FIT CPU & RAM in 'DX' GHZ clock speed

F - FPGA (field programmable gate array)

I - IOPS

T - cheap general purpose (T2 micro)

C - for compute

P - Pictures (Graphics)

U - bare metal

R - RAM

A - Arm based workloads

M - Main choice for general purpose

X - eXtreme memory

D - Density

G -Graphics

H - High disk throughput

Z - eXtreme memory and CPU

Can you show steps to create EC2 instance?

Step 1: Choose AMI (Amazon Machine Image)
- Amazon Linux 2 AMI

Step 2: Choose Instance Type
- Micro Instance/General/Storage...
- t2.micro (free tier eligible)

Step 3: Configure Instance
- No of instances
- Purchasing option
- Network (VPC)
- Subnet (1a-af)..default subnet in any availability zone and it differs in each account
- Public IP
- Shut down behavior
- Enable termination protection
- Monitoring (default by every 5 min by cloud watch)
- Tenancy (shared, dedicated, dedicated host)
- Advanced details (boot strap scripts while booting)

Step 4: Add Storage (this is where OS installed)

- Root : EBS (General Purpose SSD)
- Additional volume: Cold HDD, Throughput Optimized HDD

Step 5: Add Tags
- Key value pair
- Name : WebServer
- Dept : Developer

Step 6: Configure Security Group
- Its a virtual firewall
- Enable traffic on various ports
- To be give individually and not assign range
- Control source IP to allow access

Step 7: Review & Launch
- While launch it asks for public key (use existing or create new key pair)
- Private key is the key to open the padlock and public key you can share it anywhere
- Create new one and save it in safe location (myEC2Key.pem)
- View launch...
- Instance status 'pending' initially and once provisioned it become 'running'

How to connect EC2 through SSH ?

To launch SSH in Mac and Linux are 2 different approach

Mac:

$ ls (go into the directory where "myEC2Key.pem" created in step 7 in above question)
$ CHMOD 400 myEC2key.pem
$ ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -i myEC2Key.pem.pem (user & public IP)
$ sudo su (assign super user)

Windows:

1) By turning chrome as SSH client by installing extension

$ open Chrome and install "SSH" extension and turn it as SSH client (search chrome ssh extension)
$ chrome://apps and choose SSH client
$ fill the details (user, ip). In identify browse "myEC2key.pem"
$ ssh-keygen -y -f myEC2key.pem > myEC2key.pub (public key)
$ ren myEC2key.pem myEC2key (without extension)
$ now import "myEC2key" in SSH client in chrome extension
$ press ENTER and it will connect to EC2 instance under SSH
$ sudo su (assign super user)

2) install bash utility in windows then follow same as like in Mac

$ ssh This email address is being protected from spambots. You need JavaScript enabled to view it. -i myEC2Key.pem.pem (user & public IP)
$ sudo su (assign super user)

How to make an instance as WebServer?

By running a web application using a container turns EC2 instance as a web server

ex: Install Apache server and run client & server side script in both windows & Linux instance

Install IIS server and run ASP.NET applications

How to setup a webserver, deploy a simple client side script app (.html) and invoke it in EC2 ?

Once connected to EC2 thru SSH command

Install webserver (apache)

$ yum update -y (update OS packages.. or)
$ yum install httpd -y (it will install apache. which turns EC2 to web server)
$ cd var/www/html (files at this places are accessible through http over 80 port)

Create client side script (html file)
$ nano index.html (hello world)

Start the apache server
$ service httpd start (to start the httpd service)
$ chkconfig on (it will restart httpd service at the next reboot)

Test client app by invoke it

$ open browser and type "http:xx.xx.xx.xx" and it render "hello world"

How to attach storage while creating an instance?

Choose AMI => Choose Instance Type => Configure Instance => Add Storage(*) => Add Tags => Configure Security Group => Review => Launch

> Default storage is added as "root device volume" by ASWS and can't be encrypted by default but note that there are way (refer below)

What are all the ways to encrypt the root volume?

Following are the way to encrypt the root volume

- using 3rd party tool

- while creating AMI instance in AWS console (enable encrypt option)

- using API

Note: Additional volumes can be encrypted i.e., other than root volume

How to see EC2 instance details?

In AWS Console, Go to => EC2 Dashboard => select instance you want to see its details and in below panel you see below info

Description => all name, IP,....

Status checks => sys admin, u can check its physical machine and instance check

Monitoring => Disk, CPU,...utilization, cloud watch metrics and dashboard

Tags => key value given

How to stop, terminate EC2 instance?

In AWS Console

1) To stop an instance, select EC2 instance => Action => Instance State => Stop

2) To terminate an instance, select EC2 instance => Action => Instance State => Terminate

Note :

2.1) if you enabled termination protection then the termination button disabled. So you need to first disable termination protection as below select EC2 instance => Action => Instance settings => Change Termination Protection => Disable and then delete

2.2) By default the termination protection is not enabled

2.3) on EBS-backend the instance's default volume is also get deleted when terminate the instance if you want to retain then disable it in EC2 instance settings