[AWS Cloud Fundamental Notes] EC2
Introduction to EC2 and its usage and operational mechanism
Allow users to rent cloud computers to run their applications.
EC2 allows users to flexibly run their Amazon machine images (AMIs) by providing web services, enabling users to run any software or application they desire on these virtual machines.
Solutions
On-Demand
- Pay for what you use
- Increase or decrease computing capacity as needed
- Applications cannot be interrupted
Savings Plans
- Long-term contract for one or three years
- Cheaper than On-Demand
Spot
- Cheapest computing power
- Priced through bidding; tasks may be interrupted if someone bids higher
Dedicated Hosts
- Physical EC2 servers, compliant with software licensing terms
Amazon Machine Image (AMI)
An image file to start instances, including the user’s operating system and software.
Available in official and third-party versions, as well as paid and free versions.
Cannot be transferred across regions (e.g., from Tokyo to Sydney).
To meet cross-region requirements, use the “Immutable Principle.”
What is created cannot be moved. To make changes, you must use the copy method.
- Create a snapshot of the AMI in the source region.
- Create a new AMI in the target region using the snapshot.
Snapshot
Used for data backup; can back up Elastic Block Store (EBS). After backup, it can be copied to create a new EBS or AMI.
Automate the creation, retention, and deletion of EBS snapshots and AMIs with the Lifecycle Manager .
Userdata
Running Commands on Your Linux Instance at Launch
Commands that are automatically executed when the machine starts.
Different operating systems have different writing methods.
For example, you can install the LAMP web server when the machine starts.
Disks
Divided into
- Instance Store
- Elastic Block Store (EBS)
Type | Location | Characteristics | Analogy |
---|---|---|---|
Instance Store | Inside the instance | Coexists with the instance Cannot be transferred |
Mobile memory |
EBS | External dedicated host | Does not disappear when EC2 is shut down Can be reattached |
Memory card |
Security Group
Prevents traffic based on different protocols, IP ranges, and ports.
Actions:
- Inbound: Flow from outside to inside
- Outbound: Flow from inside to outside
Contents to fill out:
- Protocol (HTTP, SSH)
- Port number for access
- Allowed segment and IP
In addition to allowing segments and IP access, you can also specify the Security Group’s Group ID (sg-xxxxxxxx) to allow access by specific Security Groups.
It is a stateful firewall.
Network traffic is designed as a Request-Response design. The packet must be responded to upon receipt.
If traffic has gone out from the instance, you do not need to consider the Inbound Rule for the return.
Similarly, if traffic has entered the instance through an Inbound Rule, you do not need to consider the Outbound Rule for the outbound traffic.
In short: “Pull in! Push out!”
Elastic Network Interface (ENI)
Each EC2 instance is configured with at least one ENI, allowing administrators to operate the instance over the network.
IP Address
Default State
Obtain a set of fixed IPs bound to the instance, returned after shutdown.
The public IP location changes after reboot.
Using Elastic IP
Obtain a set of fixed IPs bound to the instance, retained after shutdown.
Upon restart, the same IP group is linked to the instance again.
Key Pair
A combination of public and private keys used to connect to the instance.
Two directions:
- Allow users to enter: Users can log in and operate by inserting keys.
- Do not allow users to enter: Use Userdata for deployment and startup; restart if there are issues.
Monitoring
AWS monitors instances every five minutes by default. You can enable “detailed monitoring,” which checks every minute.