0018.EC2 Solution Architect Associate Level

 

EC2 Solution Architect Associate Level

Private vs Public vs Elastic IP

ü   Networking has two type of IPs 1. IPV4 2. IPV6

o    IPV4: 1.160.10.240

o    IPV6: 3ffe:1900:4545:3:200:f8ff:fe21:67cf

ü   In this course, only going to use IPV4

ü   IPV4 is still the most common format used online

ü   Ipv6 is newer and solve problems for the Internet of Things(IoT)

ü   IPV4 allows for 3.7 billion different address in the public space

ü   IPV4: [0-255].[0-255].[0-255].[0-255]

Private vs Public IP (IPV4) Fundamental Difference

Public IP:

ü  Public IP means the machine can be identified on the internet (wwww)

ü  Must be unique access the whole web (not two machines can have the same public IP)

ü  Can be geo-located easily.

Private IP:

ü  Private IP means the machine can only be identified on a private network only

ü  The IP must be unique across the private network

ü  But two different private networks (two companies) can have the same IPs.

ü  Machine connect to www using an internet gateway (a proxy)

ü  Only a specified range of IPs can be used as private IP.

 

Elastic IPs:

ü  When you stop and start an EC2 instance, it can change its public IP. (This is a big problem because every time public IP going to be change for solution of this problem using the Elastic IP).

ü  If you need to have a fixed public IP for your instance, you need an Elastic IP.

ü  An Elastic IP is a public IPv4 IP you own as long as you don’t delete it.

ü  You can attach it to one instance at a time.

ü  With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.

ü  By default only 5 Elastic IPs are allowed (You can ask to AWS to increase the Elastic IP)

ü  Overall try to avoid using Elastic IPs

o   They often reflect poor architecture design.

o   Instead, use a random public IP and register a DNS name to it.

 

 

Private vs Public IP (IPv4) In AWS EC2 – Hands On

ü  By Default, your EC2 machine comes with

o   A private IP for internal AWS network

o   A public IP for the www.

ü  When we are doing SSH into our EC2 machines:

o   We can’t use a private IP, because we are not in the same network.

o   We can only use the public IP.

ü  If your machine is stopped and then started the public IP can change.

0018.Quiz

 

Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases?

ü  Spot Instance

What should you use to control traffic in and out of EC2 instances?

ü  Security Group

 

How long can you reserve an EC2 Reserved Instance?

ü  1 OR 3 Year

 

You would like to deploy a High-Performance Computing (HPC) application on EC2 instances. Which EC2 instance type should you choose?

ü  Compute Optimize

 

Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year?

ü  Reserved Instance

You are preparing to launch an application that will be hosted on a set of EC2 instances. This application needs some software installation and some OS packages need to be updated during the first launch. What is the best way to achieve this when you launch the EC2 instances?

ü  Write a bash script that installs the required software and updates to your OS, then use this script in EC2 User Data when you launch your EC2 instances.

Which EC2 Instance Type should you choose for a critical application that uses an in-memory database?

Memory Optimized

ü  You have an e-commerce application with an OLTP database hosted on-premises. This application has popularity which results in its database has thousands of requests per second. You want to migrate the database to an EC2 instance. Which EC2 Instance Type should you choose to handle this high-frequency OLTP database?

Storage Optimized

Security Groups can be attached to only one EC2 instance.

 

You're planning to migrate on-premises applications to AWS. Your company has strict compliance requirements that require your applications to run on dedicated servers. You also need to use your own server-bound software license to reduce costs. Which EC2 Purchasing Option is suitable for you?

ü  Dedicated Host

You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility. Which EC2 Purchasing Option allows you to get visibility into them?

ü  Dedicated_Host

 

 

0017.AWS EC2 Spot Instance Request

 EC2 Spot Instance Request

•      Can be discount up to 90% compared to On-Demand.
•      Define max instance price and get the instance while current spot instance < max

o    the hourly spot instance varies based on offer and capacity.

o    If the current spot instance price > your max price, you can choose to stop or terminate the instance your instance with 2 minute of grace period.

ü Other Strategy (Spot Block)

o ‘Spot Block’ strategy is work for specific duration like 1 hour, 6 hours etc.

o In rare situation, the instance may be reclaimed.

Major Use of Spot Instance:

• ü   Batch Jobs
• ü   Data Analysis
• ü   Workload that are resilience to failure
• ü   Not great for critical job or databases

 

Ø   How can you terminate the Spot Instances?

    Answer: You have to first cancel the spot instance and then you can only terminate                       the associated spot instances.

Ø   What is SPOT FLEET?

     Answer:

•       Spot Fleet is combination of

       Set of Spot instance + (optional) On-Demand Instances

ü   the spot fleet will try to meet target capacity with pricing constraint

o    Define possible launch pool: instance type (m5.large), OS, Availability Zone

o    Can have multiple launch pool, so that the fleet can choose

o    Spot fleet stops launching instance when reaching max capacity or max cost

ü   Strategy to allocate Spot Instance

o    Lowest Price: from the pool with the lowest price (cost optimized and short workloads)

o    Diversified: Distributed across all pools (great for availability, long workloads)

o    Capacity Optimized: pool with the capacity for the number of instances

Note:

Spot Fleets allow us to automatically request spot instance with minimum price.

 

 

0016.AWS EC2 Instance Purchasing Option

 AWS EC2 Instance Purchasing Option

1.       On-Demand Instance – On Demand instance is used for short workload, predictable pricing, pay by second

2.  Reserved ( 1 & 3 years)

a.       Reserved Instances – Used for long workloads

b.       Convertible Reserved Instances – Used for long workload with flexible instances

3.  Saving Plan        – Used for short workloads, cheap, can lose instances (less reliable)

4.  Dedicated Hosts – Used for book an entire physical server, control instance placement

5.  Dedicated Instance – No other customer will share your hardware.

6.  Capacity Reservations – Reserve capacity in a specific AZ for any duration.

 

EC2 on Demand:

ü   Pay for as per use:

o   Linus or windows – billing per second, after the first minute

o   All other operating systems – billing per hours

ü   Has a highest cost but no upfront payment.

ü   No longterm commitment

ü   Recommended for short term and un-interrupted workloads, where you can’t predict how the application will behave.

 

EC2 Reserved Instance:

ü   Up to 72% discount compared to On-demand

ü   You reserve a specific instance attribute (Instance Type, Region, Tenancy, OS)

ü   Reservation Period – 1 Year (+ discount) or 3 years (+++ discount)

ü   Payment Options – No upfront (+), partial upfront (++), All upfront (+++)

ü   Reserved Instance’s Scope – Regional or Zonal (reserve capacity in an AZ)

ü  Recommended for study-state uses application (think database)

ü  You can buy and sell reserved instance in Marketplace

ü  Convertible Reserved Instance

o   Can change the EC2 instance type, instance family, OS, Scope and tenancy

 

EC2 Saving Plan:

ü  Get a discount based on long-term usage (up to 72% - same as RIs)

ü  Commit to a certain type of usage ($ 10/hours for 1 or 3 years)

ü  Usage beyond EC2 saving plan is billed at the On-Demand price

ü  Locked to a specific instance family & AWS region (e.g, M5 in us-east-I)

ü  Flexible across:

o   Instance Size (e.g. m5.xlarge, m5.2xlarge)

o   OS (eg, Linux, Windows)

o   Tenancy (Host, Dedicated, Default)

 

EC2 Spot Instance:

ü  Can get a discount of up to 90% compared to On-demand.

ü  Instance that you can “lose” at any point of time if your max price is less than the current spot price.

ü  The MOST cost-efficient instance in AWS

ü  Usedul for workloads that are resilient to failure

o    Batch jobs

o    Data Analyis

o    Image Processing

o    Any distributed workloads

o    Workloads with a flexible start and end time

ü   Not suitable for critical jobs or databases

EC2 Dedicated Hosts:

ü   A physical server with EC2 instance capacity fully dedicated to your use.

ü  Allow you address compliance requirements and use your existing server-bound software licenses (per-socket, per-core, pe-VM software licenses)

ü  Purchasing Options:

o   On-DEMAND – PAY PER SECOND FOR ACTIVE Dedicated Host

o   Reserved – 1 or 3 years (No upfront, Partial Upfront, All Upfront)

ü  The most expensive options

ü  Useful for software that have complicated licensing model (BYOL – Bring Your Own License)

ü  Or for companies that have strong regulatory or compliance needs

 

EC2 Capacity Reservation:

ü Reserve on-Demand instances capacity in a specific AZ for any duration.

ü You always have access to EC2 capacity when you need it

ü No time commitment (create/cancel anytime), no billing discounts

ü Combine with Regional Reserved Instances and Saving Plans to benefit from billing discounts

ü You’re charged at On-Demand rate whether you run instances or not

ü Suitable for short term, uninterrupted that needs to be a specific workload.

 

0015.AWS EC2 Instance Role Demo

 

Ec2 Instance Role Demo

Question: Why it’s important to connect IAM Role?

Answer:

·       Because it’s secure and help to avoid any security violation.

·       Other user cannot connect if he knows your all credential.

·       Using IAM Role you can save all the security violation.

·       aws configuration

·       Connect EC2 instance.

·       Go to Action à Security à Modify IAM Rules

·       Then, re-connect EC2 instance

·       Use commands : aws iam list-users

 

0014.EC2 Instance Connect Via AWS Managment Console

 

Login - AWS Management Console

ü   Go to Instances

ü   Click on connect

Finally, click on Connect

Error   :  If your Security Group Inbound Rule does not have proper permission.

 Solution:

ü   Go back to your EC2 instance & connect

ü   Setup proper Inbound Rule using SSH |Anywhere |Port 22

ü   Try again

ü   Problem will resolve.

0013.SSH Troubleshoting

 

SSH Troubleshooting

1) There's a connection timeout

This is a security group issue. Any timeout (not just for SSH) is related to security groups or a firewall. Ensure your security group looks like this and correctly assigned to your EC2 instance.

2) There's still a connection timeout issue

If your security group is properly configured as above, and you still have connection timeout issues, then that means a corporate firewall or a personal firewall is blocking the connection. Please use EC2 Instance Connect as described in the next lecture.

 

3) SSH does not work on Windows

·       If it says: ssh command not found, that means you have to use Putty

·       Follow again the video. If things don't work, please use EC2 Instance Connect as described inthe next lecture

4) There's a connection refused

This means the instance is reachable, but no SSH utility is running on the instance

·       Try to restart the instance

·       If it doesn't work, terminate the instance and create a new one. Make sure you're using Amazon Linux 2

5)  Permission denied (publickey,gssapi-keyex,gssapi-with-mic)

This means either two things:

·       You are using the wrong security key or not using a security key. Please look at your EC2 instance configuration to make sure you have assigned the correct key to it.

·       You are using the wrong user. Make sure you have started an Amazon Linux 2 EC2 instance, and make sure you're using the user ec2-user. This is something you specify when doing ec2-user@<public-ip> (ex: ec2-user@35.180.242.162) in your SSH command or your Putty configuration

 

6) Nothing is working - "aaaahhhhhh"

Don't panic. Use EC2 Instance Connect from the next lecture. Make sure you started an Amazon Linux 2 and you will be able to follow along with the tutorial :)

 

7) I was able to connect yesterday, but today I can't

This is probably because you have stopped your EC2 instance and then started it again today. When you do so, the public IP of your EC2 instance will change. Therefore, in your command, or Putty configuration, please make sure to edit and save the new public IP.