목차
7 Steps to launching an EC2 Instance
1. Instance name and tags
Tag
- Tag is a label that you can assign to an AWS resource
- key - value(optional), Name of the instance is the default tag
- tag limit per EC2 resource is 50 tags
- can search resources by key or by value or by combination of keys and values
Benefits of Using Tags
- Resource organization: search & filter by tag, create groups of resources
- Cost management: AWS Cost Explorer
- Automation: automation activity script
- Access control: IAM - attribute-based-control, IAM policies
2. Choosing an Amazon Machine Image (AMI)
Amazone Machine Image(AMI)
- Templates for the root volume of the instance contain: OS, application servers, applications
- Can use the same AMI to launch multiple instances that should have the same configuration
- After an instace is created, you cannot change the AMI
Where Do You Get an AMI?
- Pre-built
- AWS Marketplace: digital catalog
- Create your own
- Community AMIs: not vetted by AWS
Benefits of AMI
- Repeatability: Instances from same AMI are exact replicas of one another
- Reusability: AMI packages the full configuration and content of an EC2 instance
- Recoverability: replacing failed machines
- Marketplace Solutions: probably an AMI that you need exists on the marketplace
- Backups: great way to back up a complete EC2 instance configuration
3. Instance type
Instance Types
- Instance type determines:
- Processing power(CPU), Memory(RAM), Disk space and disk type, Network performance
Instance Families -> details on Lec 03
- Prefix
- Suffix
- Levels (size of the instance)
Scailing Instances Vertically
- Instance type can be changed after the instance is launched -> Vertically scaling is possible.
- Vertical scailing
- Scale up or down for CPU
- Swtich to any instance type in any instance family.
4. Key pair
Key pair
- At instance launch, you can specify existing key pair, create a new key pair, or not to use a key pair
- Key pair cannot be added to the instance after it is launched
- Key pair consists of a public key that AWS stores and the private key file that user stores.
Connecting to Your Instance with Key pair
- Windows AMIs: Remote Desktop Protocol (RDP)
- Linux AMIs: Secure Shell(SSH), PuTTY - need to convert .em to .ppk using PuTTYgen
- You should never expose your private key to public
5. Network settings
- You can choose VPC, subnet, and security group and must decide whether you will enable or disable a public IP address for the instance
Regions
- Region is assumed based on the region that you are working in on your AWS Management Console.
VPCs and Subnets
- When start using Amazon VPC, you have a default VPC in each AWS Region
- default VPC comes with a public subnet in each Availability Zone of the Region
- therefore, you can immediately start launching EC2 into a default VPC
- You can create more public subnets in your default VPC
- You can create and customize additional VPCs in any Region
Public IP address
- Used to communicate btw your instances and the Internet.
- Default VPC - Default subnet
- By default, auto-assign public IP setting is set to enabled when you launch an instance
- Default VPC - Custom public subnet, Custom VPC - Custom subnet
- By default, auto-assign public IP setting is set to disabled
Security Groups
- Virtual firewall for you instances
- Controls network access
- Exists outside the instance's guest OS
- Specifies allow rules but not deny rules
- Can be modified at any time and updates affect in real time
Security Groups Rule Components
- Type (ex. SSH, HTTP, HTTPS)
- Protocol (ex. TCP, UDP, ICMP)
- Port range: verify the ports that are allowed to pass traffic for each protocol type
- Source: the traffic can reach your instance based on a range of IP addresses
Inbound Rules and Outbound Rules
- Inbound Rule: control traffics coming into your instance
- it has no inbound rules by default
- Outbound Rule: control traffics going out from your instance
- allows all outbound traffic by default
- Stateful Attributes
- For every inbound rule, an outboud response is allowed by vice versa
- If there is only one inboud rule that allows HTTP protocol from a IP 0.0.0.0/0, then a response from the instance is automatically allowed. However, since no outbound rules are specified in the security group, the instance cannot initiate an outbound call.
Managing Security Groups
- Security groups act at the instance level, not the subnet level.
- Can attach more than one security group to an instance
6. Configure storage
Amazon Elastic Block Store(EBS)
- EBS can be used to run a database, host applications, and handle storage operations
EBS Volume Types
- General purpose (SSD-based)
- Provisioned IOPS (SSD-based)
- highest-performance SSD volumes for low-latency or high-throughput workloads
- Throughput Optimized (HDD-based)
- low-cost HDD volume, cannot be a boot(root) volume (= cannot install OS)
- Cold (HDD-vased)
- lowest cost HDD volume designed for less frequently accessed workloads, cannot be a boot volume.
Speed : SSD > HDD / Cost: SSD < HDD (low)
Amazon EBS Storage Configuration Options
- Volume types
- HDD-based type cannot be the root volume
- Can add additional volumes (non-root volumes) to your instance and different type is okay.
- Volume Size : the size of the volume is chosen in GB
- Delete on termination
- whether the volume should be automatically deleted when the instance is terminated
- Encryption
- Using AWS Key Management Service keys to encrypt volumes
Adding a File System - Amazon Elastic File System(EFS)
- EFS is a file system that you can use to share files among multiple EC2 instances.
- Can attach instances to the EFS as you launch your instance or afterwards
- Can remove instaces from EFS without losing any files stored on EFS
- Cannot act as a root volume - each instance must have its own root volume
Amazon EC2 Instance Store
- Instance store provides temporary block-level storage for your instance
- Storage is located on disks that are physically attached to the host computer
- ideal for buffers, caches, scratch data, and other temporary content
- Instance store cannot be a root volume
- Limitations
- You will lose all of your data when instance is stopped, hibernated, or terminated
- After instance launching, you cannot add instance store volumes
- AWS does not offer you the option to detach the volume
- Instace store volumes are not configuratble (SSD or HDD, size, encryption)
7. Advanced details
IAM Role
- IAM Role is an IAM identity that has specific permission policies
- Roles can be used to give instances permissions to access other AWS services
- Storing AWS credentials on EC2 instance to give it permission is highly insecure
Managing Roles
- To attach a role to an instance, select a role from the instance profile to associate with the instance
- An instance profile is a container for an IAM Role
- Flexibility
- Include the role when launching, Add a role after launching, Remove the role, Update a role's policy immediately.
User Data
- When launching EC2 instance, you have the option of passing user data to the instance
- User data scripts to customize the runtime environment of your instance
- script runs the first time the instance starts by default
- script can be configured to run every time the instance starts
- Patch and update the instance AMI, Fetch and install software lisence keys, Istall additional software ..
Additional Advanced Setting options
- Request Spot Instances
- Shutdown behavior: Instance can be either terminated or stopped when OS-level shutdown is performed
- Termination protection
- Detailed monitoring
- Tenancy
Configuration Considerations
Have no default setting
- Key pair
Affect costs
- AMI, Instance type, Configure storage, Advanced details, Regions
Cannot be modified after launching
- AMI, Key pair, Region, Network settings: VPC, subnet, instance store
Can be modified after launching
- Name and tags, Instance type, storage, Network settings: IP address, security groups, Advanced details: adding a role, user data scripts, EFS
'CS > 클라우드컴퓨팅' 카테고리의 다른 글
| Lec 05-1: Intro to Amazon S3 (0) | 2023.10.16 |
|---|---|
| Lec 04-3: Managing Amazon EC2 (0) | 2023.10.15 |
| Lec 04-1: Intro to Amazon EC2 (0) | 2023.10.13 |
| Lec 03: Cloud Platforms, AWS Intro (1) | 2023.10.13 |
| Lec 2: Cloud Infrastructure (1) | 2023.10.13 |
7 Steps to launching an EC2 Instance
1. Instance name and tags
Tag
- Tag is a label that you can assign to an AWS resource
- key - value(optional), Name of the instance is the default tag
- tag limit per EC2 resource is 50 tags
- can search resources by key or by value or by combination of keys and values
Benefits of Using Tags
- Resource organization: search & filter by tag, create groups of resources
- Cost management: AWS Cost Explorer
- Automation: automation activity script
- Access control: IAM - attribute-based-control, IAM policies
2. Choosing an Amazon Machine Image (AMI)
Amazone Machine Image(AMI)
- Templates for the root volume of the instance contain: OS, application servers, applications
- Can use the same AMI to launch multiple instances that should have the same configuration
- After an instace is created, you cannot change the AMI
Where Do You Get an AMI?
- Pre-built
- AWS Marketplace: digital catalog
- Create your own
- Community AMIs: not vetted by AWS
Benefits of AMI
- Repeatability: Instances from same AMI are exact replicas of one another
- Reusability: AMI packages the full configuration and content of an EC2 instance
- Recoverability: replacing failed machines
- Marketplace Solutions: probably an AMI that you need exists on the marketplace
- Backups: great way to back up a complete EC2 instance configuration
3. Instance type
Instance Types
- Instance type determines:
- Processing power(CPU), Memory(RAM), Disk space and disk type, Network performance
Instance Families -> details on Lec 03
- Prefix
- Suffix
- Levels (size of the instance)
Scailing Instances Vertically
- Instance type can be changed after the instance is launched -> Vertically scaling is possible.
- Vertical scailing
- Scale up or down for CPU
- Swtich to any instance type in any instance family.
4. Key pair
Key pair
- At instance launch, you can specify existing key pair, create a new key pair, or not to use a key pair
- Key pair cannot be added to the instance after it is launched
- Key pair consists of a public key that AWS stores and the private key file that user stores.
Connecting to Your Instance with Key pair
- Windows AMIs: Remote Desktop Protocol (RDP)
- Linux AMIs: Secure Shell(SSH), PuTTY - need to convert .em to .ppk using PuTTYgen
- You should never expose your private key to public
5. Network settings
- You can choose VPC, subnet, and security group and must decide whether you will enable or disable a public IP address for the instance
Regions
- Region is assumed based on the region that you are working in on your AWS Management Console.
VPCs and Subnets
- When start using Amazon VPC, you have a default VPC in each AWS Region
- default VPC comes with a public subnet in each Availability Zone of the Region
- therefore, you can immediately start launching EC2 into a default VPC
- You can create more public subnets in your default VPC
- You can create and customize additional VPCs in any Region
Public IP address
- Used to communicate btw your instances and the Internet.
- Default VPC - Default subnet
- By default, auto-assign public IP setting is set to enabled when you launch an instance
- Default VPC - Custom public subnet, Custom VPC - Custom subnet
- By default, auto-assign public IP setting is set to disabled
Security Groups
- Virtual firewall for you instances
- Controls network access
- Exists outside the instance's guest OS
- Specifies allow rules but not deny rules
- Can be modified at any time and updates affect in real time
Security Groups Rule Components
- Type (ex. SSH, HTTP, HTTPS)
- Protocol (ex. TCP, UDP, ICMP)
- Port range: verify the ports that are allowed to pass traffic for each protocol type
- Source: the traffic can reach your instance based on a range of IP addresses
Inbound Rules and Outbound Rules
- Inbound Rule: control traffics coming into your instance
- it has no inbound rules by default
- Outbound Rule: control traffics going out from your instance
- allows all outbound traffic by default
- Stateful Attributes
- For every inbound rule, an outboud response is allowed by vice versa
- If there is only one inboud rule that allows HTTP protocol from a IP 0.0.0.0/0, then a response from the instance is automatically allowed. However, since no outbound rules are specified in the security group, the instance cannot initiate an outbound call.
Managing Security Groups
- Security groups act at the instance level, not the subnet level.
- Can attach more than one security group to an instance
6. Configure storage
Amazon Elastic Block Store(EBS)
- EBS can be used to run a database, host applications, and handle storage operations
EBS Volume Types
- General purpose (SSD-based)
- Provisioned IOPS (SSD-based)
- highest-performance SSD volumes for low-latency or high-throughput workloads
- Throughput Optimized (HDD-based)
- low-cost HDD volume, cannot be a boot(root) volume (= cannot install OS)
- Cold (HDD-vased)
- lowest cost HDD volume designed for less frequently accessed workloads, cannot be a boot volume.
Speed : SSD > HDD / Cost: SSD < HDD (low)
Amazon EBS Storage Configuration Options
- Volume types
- HDD-based type cannot be the root volume
- Can add additional volumes (non-root volumes) to your instance and different type is okay.
- Volume Size : the size of the volume is chosen in GB
- Delete on termination
- whether the volume should be automatically deleted when the instance is terminated
- Encryption
- Using AWS Key Management Service keys to encrypt volumes
Adding a File System - Amazon Elastic File System(EFS)
- EFS is a file system that you can use to share files among multiple EC2 instances.
- Can attach instances to the EFS as you launch your instance or afterwards
- Can remove instaces from EFS without losing any files stored on EFS
- Cannot act as a root volume - each instance must have its own root volume
Amazon EC2 Instance Store
- Instance store provides temporary block-level storage for your instance
- Storage is located on disks that are physically attached to the host computer
- ideal for buffers, caches, scratch data, and other temporary content
- Instance store cannot be a root volume
- Limitations
- You will lose all of your data when instance is stopped, hibernated, or terminated
- After instance launching, you cannot add instance store volumes
- AWS does not offer you the option to detach the volume
- Instace store volumes are not configuratble (SSD or HDD, size, encryption)
7. Advanced details
IAM Role
- IAM Role is an IAM identity that has specific permission policies
- Roles can be used to give instances permissions to access other AWS services
- Storing AWS credentials on EC2 instance to give it permission is highly insecure
Managing Roles
- To attach a role to an instance, select a role from the instance profile to associate with the instance
- An instance profile is a container for an IAM Role
- Flexibility
- Include the role when launching, Add a role after launching, Remove the role, Update a role's policy immediately.
User Data
- When launching EC2 instance, you have the option of passing user data to the instance
- User data scripts to customize the runtime environment of your instance
- script runs the first time the instance starts by default
- script can be configured to run every time the instance starts
- Patch and update the instance AMI, Fetch and install software lisence keys, Istall additional software ..
Additional Advanced Setting options
- Request Spot Instances
- Shutdown behavior: Instance can be either terminated or stopped when OS-level shutdown is performed
- Termination protection
- Detailed monitoring
- Tenancy
Configuration Considerations
Have no default setting
- Key pair
Affect costs
- AMI, Instance type, Configure storage, Advanced details, Regions
Cannot be modified after launching
- AMI, Key pair, Region, Network settings: VPC, subnet, instance store
Can be modified after launching
- Name and tags, Instance type, storage, Network settings: IP address, security groups, Advanced details: adding a role, user data scripts, EFS
'CS > 클라우드컴퓨팅' 카테고리의 다른 글
| Lec 05-1: Intro to Amazon S3 (0) | 2023.10.16 |
|---|---|
| Lec 04-3: Managing Amazon EC2 (0) | 2023.10.15 |
| Lec 04-1: Intro to Amazon EC2 (0) | 2023.10.13 |
| Lec 03: Cloud Platforms, AWS Intro (1) | 2023.10.13 |
| Lec 2: Cloud Infrastructure (1) | 2023.10.13 |
