WAY TO ENTERPRISE

AWS

VTI ACADEMY
Author: [email protected]
EC2 Service

⮚ Stands for Elastic Compute Cloud

⮚ Is a service to provide hardware (Ram, CPU, Storage), Network, OS System (Windows, Linux, Mac
OS, ...), Software (SQL Server, ...), Firewall (Security Groups, ...), Bootstrap script, ...

⮚ Scaling

⮚ Computing Service

⮚ Regional service

⮚ Infrastructure as a Service

Copyright © VTI Academy All Right Reserved

EC2 Service

⮚ Demo

o Create key pair

o Launch a Instance

o Test website

o Start / Stop / Reboot Instance

o Turn on Termination Protection

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html

o Connect to Instance

o Create Snapshot

Copyright © VTI Academy All Right Reserved

EC2 Service

o Create key pair

Create Key Pair

Save Private Key Result

Copyright © VTI Academy All Right Reserved
EC2 Service

o Launch a Instance

Choose AMI

Choose Instance Type

Config Instance
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html

Copyright © VTI Academy All Right Reserved

EC2 Service

Add Storage Add Tag

Config Security Group

Choose Key Pair

Copyright © VTI Academy All Right Reserved

EC2 Service

Result

Copyright © VTI Academy All Right Reserved

EC2 Service

o Test Website

o Start / Stop / Reboot / Hibernate / Terminate Instance

o Turn on Termination Protection

Copyright © VTI Academy All Right Reserved

EC2 Service

o Connect to Instance

SSH for Mac/Linux

Putty for Windows
EC2 Instance Connect for Console UI

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Windows

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
Download Putty

Copyright © VTI Academy All Right Reserved

EC2 Service

Convert private key to Putty software format

Copyright © VTI Academy All Right Reserved

EC2 Service

Connect to EC2

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Linux/Mac

https://www.youtube.com/watch?v=8UqtMcX_kg0

▪ EC2 Instance Connect

No Need Private Key

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Create Snapshot

Create Snapshot

Copyright © VTI Academy All Right Reserved

Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service

⮚ Component

o AMI

o Instance

o Fleet

Copyright © VTI Academy All Right Reserved

EC2 Service

o AMI (Amazon Machine Image)

▪ Provide a template to launch instances (Similar to computer ghost with both operating system, data,
configuration, other software, ...)

▪ Regional resource

▪ Include

▪ Root Volume Template

▪ Launch permissions

▪ Block Device Mapping: EBS/Instance Store

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ 3 types:

• Community AMIs: free

• AWS Marketplace AMIs: pay to use

• My AMIs

▪ AMI is launched from EBS snapshots

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Demo

• Create AMI

• Launch new Instance from that AMI

• Test

Create AMI

Copyright © VTI Academy All Right Reserved

EC2 Service

Launch new Instance from that AMI

Test

Copyright © VTI Academy All Right Reserved

Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service
o Instance

▪ Is a virtual server in cloud, launched from the AMI template

▪ Instances will be run on resources independent of physical host resources (Similar

to virtual machines on your computer)

• CPU, Ram, Virtual storage

• Network (VPC)

▪ Zone resource

▪ Components: Instance type, Storage, Network, Security group, Lifecycle,

User Data, ...
Can launch 1 or more instances
▪ Available user: ec2-user from 1 AMI template

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Instance type

• Specific hardware (RAM, CPU, Storage, Networking) for instance

Console

Copyright © VTI Academy All Right Reserved

EC2 Service

• Types:

o General Purpose

o Compute Optimized

o Accelerated Computing

o Memory Optimized

o Storage Optimized

https://aws.amazon.com/ec2/instance-types/

Copyright © VTI Academy All Right Reserved

EC2 Service

Structure

Can resize instance type (must stop instance)

Copyright © VTI Academy All Right Reserved

EC2 Service

• Instance purchasing options:

o On-demand instances

o Spot instances

o Savings plan instances

o Reserved instances

o Dedicated hosts

o Dedicated Instances

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html

Copyright © VTI Academy All Right Reserved

 EC2 Service
o On-demand instances o Spot instances

▪ Expensive, cannot be interrupted ▪ Reducing the cost up to 90%, can be interrupted anytime

▪ Pay as you go, pay by hour (second) ▪ Auction EC2 instance which is free

▪ No commitment, without any up-front payment ▪ Notice 2 minutes in advance and revoke the instance

▪ Can resize instance type ▪ Suitable for: data analysis, batch jobs, background processing, optional tasks

▪ Suitable for app with unpredictable workloads, short time, during dev or test ▪ Strategies

• capacityOptimized

• Diversified

• lowestPrice

• instancePoolsToUseCount

Copyright © VTI Academy All Right Reserved

 EC2 Service
o Reserved instances o Savings plan instances

▪ Reducing the cost up to 70%, cannot be interrupted ▪ Reducing the cost up to 72%, cannot be interrupted

▪ Commitment with instance type & region for one or three years (receive discounted ▪ Commitment for one or three years (receive discounted pricing across your
pricing across your resources) resources)

▪ Suitable for app with predictable workloads, long time, apps during production ▪ Can resize instance type

▪ Types ▪ Suitable for app with predictable workloads, long time, apps during production

• Standard reserved: Can not resize instance type ▪ 2 types

• Convertible reserved: Can resize instance type • Compute Savings Plans: More flexible, less discount (up to 66%)

• Schedule reserved: After purchase, you can configure the time to turn on the • EC2 Instance Savings Plans: More discount (up to 72%)
instance

▪ Payment options: All Upfront, Partial Upfront, No Upfront

Copyright © VTI Academy All Right Reserved

 EC2 Service
o Dedicated Hosts o Dedicated Instances

▪ Expensive, cannot be interrupted ▪ Similar to Dedicated Hosts but run in VPC

▪ Physical EC2 server dedicated for your use (EC2-server)

▪ Order configuration hardware, software licenses on request

▪ Suitable for app that do not support virtual machines

▪ 3 types

• On-Demand Dedicated Hosts

• Dedicated Host Reservations

• Savings Plans

Copyright © VTI Academy All Right Reserved

EC2 Service

Price

Copyright © VTI Academy All Right Reserved

EC2 Service

• Best Practices:

o Should run the app with minimal configuration with on-demand instances or stable instances and add additional spot instances

o Can resize instance type when instance stop (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html)

o Can move instance to another zone, another region (Create AMI from running instance 🡺 Launch new Instance from that AMI in other region,
other zone)

o Checking the instance is suitable: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recommendations.html

• Price: https://aws.amazon.com/ec2/pricing

Copyright © VTI Academy All Right Reserved

Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Storage

• Types:

o Amazon EC2 Instance Storage

o Amazon Elastic Block Store (EBS)

o File storage: Amazon EFS, Amazon FSx, S3 (Next Lesson)

Copyright © VTI Academy All Right Reserved

EC2 Service

• Block Device Mapping

Mapping volume to folder into instance

• Can add more storages into instance

Copyright © VTI Academy All Right Reserved

EC2 Service

o Amazon EC2 Instance Storage

▪ Local storage

▪ Is the physical device in the host computer

▪ When instance stop, restart, hibernate, terminated, data will be lost (reboot
will still save data)

▪ Cannot detach volume and attach to other instance

▪ Cannot add more instance storage when the device is starting

▪ Usecases: OS, temporary data (buffers, caches, ...)

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Very high IOPS (input/output operations per second)

▪ 2 types: HDD, NVMe SSD

Very high IOPS Some instance types only support EBS volumes

Copyright © VTI Academy All Right Reserved

EC2 Service

o Amazon Elastic Block Store (EBS)

▪ Is a hard drive in the cloud (Similar to USB device)

▪ When instance stop, restart, hibernate, terminated, data will still available

▪ Network drive 🡺 a bit of latency

▪ Can attach multiple EBS to 1 instance, but EBS only attaches to 1 instance at a time

▪ Have a provisioned capacity (size in GBs, and IOPS)

▪ Zone resource

▪ Usecases: long-term data, important data (Ex: image, ...)

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Types:

o Provisioned IOPS SSD

o General Purpose SSD

o Throughput Optimized HDD

o Cold HDD

o Magnetic

https://aws.amazon.com/ebs/pricing/
▪ You can increase the capacity of the drive over time
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-typ
es.html

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Burst IOPS

o In a short time, EBS can burst IOPS up (Ex: 100 🡪 3000 in 30 minutes)

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html#EBSVolumeTypes_gp2

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Encrypt volume (at-rest)

o You must be set up Encrypt Volume when Instance creating

o Encryption and decryption are handled transparently (you have nothing to do)

o Encryption has a minimal impact on latency

o Convert unencrypted volume 🡺 encrypt volume: Create an snapshot of the volume 🡪 Encrypt the snapshot 🡪 Create new encrypt volume from the snapshot 🡪 attach
the encrypted volume to the original instance

▪ Delete on Termination

o Delete EBS when deleting instance (Default: Root: enabled, additional EBS: disabled)

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ EBS-optimized (Optional)

o Improved performance for EBS volumes and enables instances to use provisioned IOPs fully, automatically enable

▪ Lifecycle

EBS-optimized Lifecycle
▪ Detach volume

o Must unmount & stop instance before detaching root volume

o Can unmount & detach the additional volume without stopping the instance

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Snapshot

o Similar to backup of EBS volume

o Can copy, share snapshot, public snapshot, encrypt snapshot

o Store in S3
AMI is launched from EBS snapshots
o Make snapshot at a point in time (Real-time creating), Data into
snapshot is lazy loading

o Should (not must) stop instance before creating snapshot

o Snapshots of encrypted volumes are encrypted

o Usecases: Copy EBS to new zone or new region, backup EBS for accident, create Copy EBS to new zone, region
AMI

Copyright © VTI Academy All Right Reserved

EC2 Service
▪ Incremental

Total 12GB
Copyright © VTI Academy All Right Reserved
EC2 Service
▪ Creating snapshot types

o Manual

o Using Amazon Data Lifecycle Manager to automatic create, delete snapshot

Using Lifecycle Manager

Manual

Copyright © VTI Academy All Right Reserved

EC2 Service

• Root storage (root device)

o When bootstrapping EC2 from AMI, a root storage is created for the instance

o 2 types: EBS, Instance store

Copyright © VTI Academy All Right Reserved

EC2 Service

• Demo

o Create EBS volume

o Attach volume to Instance & Mount volume to instance

o Create Snapshot manually 🡪 restore instance, create AMI from snapshot

o Create Snapshot using Lifecycle Manager

Copyright © VTI Academy All Right Reserved

EC2 Service

Create EBS Volume Attach volume to instance

Copyright © VTI Academy All Right Reserved
EC2 Service

Result

Mount volume to instance

Copyright © VTI Academy All Right Reserved

EC2 Service

Create Snapshot manually

Copyright © VTI Academy All Right Reserved

EC2 Service

Run new instance 🡺 Mount volume to instance

Restore instance

Copyright © VTI Academy All Right Reserved

EC2 Service

Create AMI from snapshot

Copyright © VTI Academy All Right Reserved

EC2 Service

Create Snapshot using Lifecycle Manager

Copyright © VTI Academy All Right Reserved

Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Network

• The instance will be run in a VPC (virtual network) to separate infrastructure from workload

• Traffic in the region with bandwidth up to 100Gbps, out of region maximum up to 5Gbps

• Ipv4 & Ipv6

o IPv4 is still the most common format used online.

o IPv6 is newer and solves problems for the Internet of Things (IoT)

Copyright © VTI Academy All Right Reserved

EC2 Service

Public Ipv4 & Private Ipv4

https://whatismyipaddress.com

Copyright © VTI Academy All Right Reserved

EC2 Service

• Network card

o Is a virtual network card

o Can attach, detach from instance, assign to many other instances

o Each instance can attach multiple Network Cards

o Types: VF, ENI, ENA, EFA

Copyright © VTI Academy All Right Reserved

EC2 Service

o VF (Virtual Function)

▪ Old, Use for old instances

▪ Speed up to 10 Gbps

o ENI (Elastic Network interface) (Default)

▪ Is a virtual network card, provided by default for instance

▪ Each instance will have only a primary network interface and can have multiple second network interfaces

▪ Each network interface is assigned to a subnet (when attaching an instance to a network interface will assign IP for instance)

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Each network interface will be allocated to the instance:

o 1 primary private Ipv4 and 1 private DNS hostname (Using for instance in VPC communication)

o Multiple secondary private Ipv4

o 1 Elastic IP per private Ipv4 (optional)

o 1 public Ipv4 (optional) and 1 public DNS hostname (optional) (Using for internet communication)

o Multiple Ipv6 (optional)

o Mac address

o Multiple Security groups

▪ By default, IPv4 will be used

Copyright © VTI Academy All Right Reserved

EC2 Service

o ENA (Elastic Network Adapter)

▪ Performance is better than ENI

▪ High network requirements (download, upload high speed)

o EFA (Elastic Fabric Adapter)

▪ Is a physical device attached to EC2 that allows access to high performance computing (HPC) (Ex: machine learning)

▪ Speeds up to 100 Gbps

▪ Not support windows instances

Copyright © VTI Academy All Right Reserved

EC2 Service

o Demo

▪ Create ENI

▪ Attach ENI to Instance

Create ENI

Copyright © VTI Academy All Right Reserved

EC2 Service

Attach ENI to Instance

Result

Copyright © VTI Academy All Right Reserved

EC2 Service

• Features

o Enhanced networking

o Elastic IP

o Placement group

Copyright © VTI Academy All Right Reserved

EC2 Service

o Enhanced networking

▪ Is an instance function, supports faster network access

▪ Almost all instances support Enhanced networking

▪ Provide

• Higher bandwidth

• Higher packet per second (PPS) performance 🡺 less jiter

▪ Free

Copyright © VTI Academy All Right Reserved

EC2 Service

o Elastic IP

▪ When you stop and then start an EC2 instance, it can change its public IP 🡺 change code 🡺 Using Elastic IP to fixed public IP for instance

▪ Attach Elastic IP to one instance at a time

▪ Overall, try to avoid using Elastic IP:

• They often reflect poor architectural decisions

• Instead, use a random public IP and register a DNS name to it

▪ You can choose Ipv4 from AWS or your own IP

▪ Max: 5 Elastic IP per region

▪ Price: If you don't use it, you will lose money - https://aws.amazon.com/ec2/pricing/on-demand/

Copyright © VTI Academy All Right Reserved

EC2 Service

o Demo

▪ Restart Instance

▪ Attach Elastic IP to Instance

▪ Test

Copyright © VTI Academy All Right Reserved

EC2 Service
▪ Restart Instance

Stop 🡪 Start again instance

Copyright © VTI Academy All Right Reserved

EC2 Service
▪ Attach Elastic IP to Instance

Copyright © VTI Academy All Right Reserved

EC2 Service

o Placement group

▪ When running the instance, by default AWS will spread out to different hardware 🡺 network bandwidth will decrease 🡺 Using Placement group to increase
network performance

▪ Types:

• Cluster placement group

• Partition placement group

• Spread Placement Group

▪ Free

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Cluster placement group

• When starting multiple instances, AWS will launch on the same zone 🡺 Instances will connect to each other faster

• Usecases: Big Data job that needs to complete fast, Apps exchange with each other with high network performance

▪ Partition placement group

• Instance is initialized on multiple partitions and divided into different hardware (make sure each partition is not on the same hardware)

• Usecases: Big Data, Large distributed and replicated workloads (Ex: Hadoop, Cassandra, Kafka)

Cluster
Partition placement group
Copyright © VTI Academy All Right Reserved
EC2 Service

▪ Spread Placement Group

• Launch instances on separate hardware (network, power), AZ

• Usecases: Application that needs to maximize high availability, Critical Applications

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Note

• Can't merge placement groups

• A instance only launches on a placement group at a time

• Can't launch dedicated host in placement group

▪ Demo

• Create Placement group

• Init new instances

Copyright © VTI Academy All Right Reserved

EC2 Service

Create Placement group

Result

Init new instances

Copyright © VTI Academy All Right Reserved
Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Security group

• Define rules for inbound traffic & outbound traffic entering the instance (Similar to firewall)

• Default: block all inbound traffic & allow all outbound traffic

• Support allow rules (whitelist), not support block rules (blacklist)

• Can be attached to multiple instances

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ They regulate:

• Access to Ports

• Authorised IP ranges – IPv4 and IPv6

• Control of inbound network (from other to the instance)

• Control of outbound network (from the instance to other)

Ipv4

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Port to know:

• 22 = SSH (Secure Shell) – log into a Linux instance

• 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance

• 21 = FTP (File Transfer Protocol) – upload files into a file share

• 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH

• 80 = HTTP – access unsecured websites

• 443 = HTTPS – access secured websites

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Stateful: return traffic is automatically allowed, regardless of any rules

▪ Detail Information

Copyright © VTI Academy All Right Reserved

EC2 Service

⮚ Demo

o Remove HTTP with port 80

Copyright © VTI Academy All Right Reserved

Assignment

⮚ Self-practice

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Lifecycle

o Start

o Stop

o Reboot

o Hibernate
Instances in Running state will be charged
o Terminate

Hibernate

Copyright © VTI Academy All Right Reserved

EC2 Service

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ EC2 User Data Script (Bootstrap script)

o The code to be run when instance launch (That script is only run once at the instance first start)

o Usecases: Installing updates OS, Installing software, Downloading common files from the internet, ...

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Other config for instance

o Insert, update, delete account in instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html)

o Config timezone in instance

o Set hostname & DNS for instance

o Monitoring instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring_ec2.html)

o Import/export between on-premises and EC2 (https://aws.amazon.com/ec2/vm-import)

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Connect to Instance

• SSH

• RDP

• AWS Systems Manager Session Manager (Self-study)

• AWS Systems Manager Run Command (Self-study)

Copyright © VTI Academy All Right Reserved

EC2 Service

o Fleet

▪ Used to run a group of instances

▪ Support instance purchasing options: On-Demand, Reserved and Spot Instance

▪ Only support CLI, API

Copyright © VTI Academy All Right Reserved

EC2 Service

▪ Demo

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-instance-weighting-walkthrough.html

Copyright © VTI Academy All Right Reserved

Summary

⮚ EC2 service provides hardwares (Ram, CPU, Storage), Network, OS System (Windows, Linux, Mac OS, ...),
Software (SQL Server, ...), Firewall (Security Groups, ...), Bootstrap script, ...

⮚ AMI provides a template to launch instances, launched from EBS snapshots

⮚ Instance

o Is a virtual server in cloud, independent of physical host resources

o Instance type: specific hardware (RAM, CPU, Storage, Networking) for instance

o Instance purchasing: On-demand, Spot, Savings plan, Reserved, Dedicated hosts, Dedicated Instances

o Storage: EC2 Instance Storage, EBS (Block Device Mapping, network drive), Snapshot (S3, Incremental)

Copyright © VTI Academy All Right Reserved

Summary

o Network: run in VPC, Network card (VF, ENI, ENA, EFA), Features (Enhanced networking, Elastic IP, Placement
group)

o Security group: stateful, define rules for inbound traffic & outbound traffic entering the instance

o Lifecycle: Start, Stop, Reboot, Hibernate, Terminate

o User Data: The code to be run when instance launch

o Available user: ec2-user

o Connect to instance: SSH, RDP, Session Manager

⮚ Fleet: launch group of instances, only support CLI, API

Copyright © VTI Academy All Right Reserved

Assignment

Copyright © VTI Academy All Right Reserved

Quiz

Copyright © VTI Academy All Right Reserved

Reference

⮚ https://docs.aws.amazon.com/

Copyright © VTI Academy All Right Reserved

 Q&A

Copyright © VTI Academy All Rights Reserved