Working with AWS EC2
Amazon Elastic Cloud Compute (EC2) is a virtual environment allowing you to create and control on-demand virtual servers or instances as well as controlling the security of and directing network traffic to those instances.
This article will cover EC2 basics including a general overview of EC2, how instances are created, how costs are determined and methods of managing your instances within AWS.
EC2 Overview, Instance Types and Pricing
Amazon has many different types and sizes of instances depending on your use case and workload. The instance size will determine the number of CPUs and amount of memory available, as well as some storage and networking options. The most commonly used instance types are General Purpose, Compute Optimized and Memory Optimized instances. Compute Optimized instances generally have faster processors, Memory Optimized instances have greater amounts of memory, General Purpose instances are well balanced and less expensive. Other specialized instance types exist for specific purposes, such as high input/output storage operations or graphically intense workloads.
Generally, EC2 instances prices are determined by the number of hours the instance is running, there are no upfront charges or contracts needed to spin up a new instance. This on-demand pricing is best for applications with unknown usage. If you know how long or how many instances you will need, you are able to save money by committing to a Savings Plan or by purchasing Reserved Instances. A Savings Plan is a monthly commitment to spend a certain amount on Amazon Compute resources, while Reserved Instances are commitments to run a specific instance type for a one- or three-year period. Finally, if you have a flexible workload such as a non-critical data processing job, you may purchase a Spot Instance. A Spot Instance is an instance that will only be available when Amazon has excess capacity. This unpredictability in availability is offset by an extreme reduction in cost over an on-demand instance.
Configuring Linux and Windows instances
When you create a new instance, you will be required to select an operating system (OS) running on the instance. The most common OSes available are AWS Linux, Windows, CentOS and Debian, although other more specialized options are available.
Once you have created your instance, you will need to log onto the instance using a secure shell or remote desktop protocol and configure the operating system just as you would any new installation. You will want to update the OS to the newest version, apply security updates and configure security rules, or enable services that you wish to use. Some of this time can be saved using a preconfigured image available from Amazon or which you setup yourself, see Working with AMIs below.
Dedicated Hosts and Instances
In addition to the options above, Amazon also offers Dedicated Hosts and Dedicated Instances. Dedicated Instances ensure that all of the Instances running in your Virtual Private Cloud will be created on a single physical server. This is best for low latency operations, allowing quicker communications between your instances. While all of your instances will be guaranteed to run on a single server, other Amazon customers may also have instances running on that server as well. A Dedicated Host is a physical server completely dedicated to your use; no other Amazon customers will be allowed to use the capacity of the server. While NACLs and Security Groups will stop other users from accessing your instances even on shared hosts, Dedicated Hosts are sometimes required for compliance or other highly secure purposes.
Working with AMIs
When creating a new instance, you must choose an Amazon Machine Image, or AMI. An AMI is a template to launch any number of EC2 instance including the necessary operating system and other software, as well as EBS storage drives associated with the final instance.
You may use a base AMI created by Amazon, create your own AMIs with custom software and settings preinstalled, or use a Shared AMI created by another user or company. Instances created with Shared AMIs may cost more than instances created with base AMIs as they may have software licensing costs associated with them (such as ERP software JD Edwards or logging application Splunk).
Managing EC2 Instances
EC2 instances can be managed graphically through the AWS Console or programmatically the Command Line Interface (CLI). From either the console or CLI, new EC2 instances may be created, started, stopped or deleted. Additionally, you may back up your instances or modify their security groups.
Instances may also be monitored using Amazon CloudFront to watch CPU percentage, network utilization and disk performance among other metrics. These monitors can be used to trigger alerts sending messages to users when an instances CPU reaches a certain percentage, or to trigger actions such as launching more instances when network utilization rises to a pre-set limit.
Working with Security Groups
Access to your EC2 instances is controlled through Security Groups and Network Access Control Lists (See NACLs here: https://resources.infosecinstitute.com/category/certifications-training/aws-essentials/configuring-dns-in-aws/). NACLs will apply to entire subnets within your VPC while Security Groups may be applied to individual amazon resources such as EC2 instances. Another key difference from NACLs is that Security Groups are stateful, meaning that if you create an inbound rule allowing communication on a certain port, the instance will also be allowed to communicate out in response with no specific outbound rule necessary.
Amazon EC2 is a powerful tool allowing you to create and manage virtual instances for your computing needs, and to only pay for exactly what you use, allowing you to scale up and down to meet demand. Combining EC2 instances with other AWS resources such as RDS databases and S3 storage allows for scalable, reliable and cost effective systems.