본문 바로가기
AWS Solutions Architect Associate 자격증

Section 5 : EC2 Fundamentals_part 1

by Jackykim 2023. 7. 23.

AWS Budget setup :
For IAM user -> Giver permission to accept bills and payments for access
Can setup your own budget ranging from free ~ to customized amount

 

Amazon EC2 Basics
EC2 = Elastic Compute Cloud = Infrastructure as a Service
Consists in the capability of :
- Renting virtual machines (EC2)
- Storing data on virtual drives (EBS)
- Distributing load across machines (ELB)
- Scaling the services using an auto-scaling group (ASG)

 

EC2 sizing @ configuration options :
- operating (OS)
- How much compute power and cores
- How much random access memory (Ram)
- How much Storage space (Network EBS & EFS / Hardware EC2 Instance store)
- Network card : speed of the card. Public IP address
- Firewall rules
- bootstrap script : EC2 User data

 

EC2 User Data
Bootstrapping : Launching commands when a machine starts
Script is only run once at the instance first start
EC2 user data is used to automate boot task such as
- Installing updates
- installing software
- ETC
- Runs on root user

 

EC2 instances types : examples

EC2 Instance Types
- AWS has the following naming convention : eg m5.2xlarge
- m : Instance class
- 5 : generation (AWS improves over time)
- 2xlarge : size within the instance class

 

EC2 Instance Types – General purpose (What to know for Exams)
- Great for a diversity of workloads such as web servers or code repositories
- Balance between :
- compute
- memory
- Networking

 

EC2 Instance types – Compute Optimized (C name)
Great for compute-intensive tasks that require high performance processors :
- Batch processing workloads
- Media transcoding
- High performance web servers / computing
- Scientific modeling & machine learning
- Dedicated gaming servers

 

EC2 Instance types – Memory Optimized (R name)
Fast Performance for workloads that process large data sets in memory
- High performance, relation/non relational databases
- Distributed web scale cache stores
- In-Memory databases optimized for BI (business intelligence)
- Applications performing real time processing of big unstructured data

 

EC2 Instance types – Storage Optimized (D or I name)
Great for storage-intensive tasks that require high, sequential read and write access to large data sets on local storage
- High frequency online transaction processing systems
- Relational & NosQL databases
- Cache for in-memory Databases
- Data warehousing applications
- Distributed file systems

 

Introduction to Security Groups
- They control how traffic is allowed into or out of our EC2 instances
- Security groups only contain allow rules
- Security groups rules can reference by IP or by security group
- Security groups are acting as a “firewall” on EC2 instances
They regulate :
- Access to ports
- Authorized IP ranges
- Control of inbound network
- Control of outbound network

 

Security Groups : Good to know
- Can be attached to multiple instances
- Locked down to a region / VPC combination
- Its good to maintain one separate security group for SSH access
- if application is not accessible, (time out) it’s a security group issue
- connection refused -< application error its not launched
- All inbound traffic is blocked by default / outbound is authorized by default

 

Classic Ports to Know
- 22 = SSH – log into a Linux instance
- 21 = FTP (File Transfer Protocol) – Upload files into a file share
- 22 = SFTP (secure File Transfer Protocol) – upload files using SSH
- 80 = HHTP – access unsecured websites
- 443 = HTTPS – access secured websites
- 3389 = RDP (Remote Desktop Protocol) – Log into a Windows Instance

 

SSH Summary Table

 

How to SSH into your EC2 Instance : Windows 10
SSH is one of the most important function. It allows you to control a remote machine, all using the command line.
Powershell / Prompt CMD -> ssh -I EC2 Tutorial.pem ec2-user@”public IP” -> Select file you want to run -> properties -> remove all properties and add your properties with full control -> ssh -I again without permissions

 

EC2 Instance Connect
Have the instance running -> Connect -> Connects to AWS Command
If SSH is disabled in Inbound settings, EC2 Instance would not launch

 

EC2 Instance Roles
Do not use aws configure when trying to use aws iam list-users since other people will get access of your personal information. Never enter your access / IAM key into ec2 instance. Instead use IAM roles to do this, have a role ready and then select your ec2 instance -> actions -> security -> modify IAM roles. Once you selected the role, click save to attach the role to the ec2 Instance.