Posted on by Amirali

EC2 Exam Summary

These notes were written while preparing for my AWS solution architect exam and are collected from different sources and AWS documentation. Primarily, they’re notes for me, but you might find them useful too.

Since the AWS is changing quickly, it’s possible that some of these notes may be out of date, so please take that into consideration if you are reading them.

Please let me know in the comments if you have any updates which you’d like me to add.

EC2 (Elastic Compute Cloud)

  • AMI (Amazon Machine Image) is a template that contains software configuration such as OS, initial patches of the OS, initial software and etc. From an AMI you can launch one or more instances.
  • You can launch different types of instances from a single AMI.
  • The root device of the instance contains the image used to boot the instance.
  • By default, Delete on termination is set to True which means all the EBSs attached to the instance will be deleted upon termination of the instance.
  • Termination Protection can be used to prevent human errors. If you enable termination protection, the instance won’t terminate unless termination protection is disabled. (Off by default)
  • To resize an EBS volume, you need to create a snapshot of the existing EBS and then create a new volume with your desired size from that snapshot.
  • Enhanced networking enables you to get higher PPS performance, lower jitters, and lower latencies.
  • Data on an instances store is ephemeral and lost when the instance is stopped or terminated but it persists on system reboot.
  • When an instance is a member of multiple security groups, the effect is a union of all the rules in all those security groups.
  • You can launch instances in a placement group, which determine how instances are placed on underlying host hardware.  You can choose one of the following strategies for placement group. ( no additional fee for creating placement group)
    1. Cluster: cluster instances into a low-latency group in an AZ
    2. Spread: spread instances across multiple hosts in different hardware.
    3. Partition: spread instances across logical partitions,  ensuring instances in one partition do not share underlying hardware with instances in other partitions.

Pricing for EC2 instances:

You pay for EC2 instances for each hour that they are in running state, however, the amount that you pay vary based on three pricing options.

  1. On-demand:  Pay for the instances by second, with no long-term commitments or upfront for the amount of time you need. Least cost-effective of all the options per compute hour, but more flexible.
  2. Reserved Instances:  This method allows customers to ake capacity reservations for predictable workloads. Customers can save up to 75% compared to on-demand if they choose this pricing option. An additional benefit is that AWS provides a capacity reservation in the data centers for reserved instances.
    • You can modify the AZ, scope, network platform, or instance size (within the same type) of your reserved instance. You can specify the reserved instance you want to modify and then alter one or more target configs.
  3. Spot instances: For workloads that are not time critical and interruption can be tolerated.  In this option, customers specify the price they are willing to pay for an instance type. When the customer’s bid is more than the current price of that instance type the customer will receive the instance.  This model offers the greatest discount.

EBS (Elastic Block Storage)

  • For workloads that require more durable storage use EBS.
  • EBS data will automatically be replicated within its AZ to protect failure and offer better HA and durability.
  • Multiple volumes can be attached to one instance, however, one volume can be attached to one instance at a time.
  • Different types of EBS:
    1. Magnetic Volumes:
      • Lowest performance characteristics of all EBS volumes.
      • Lowest cost per GB.
      • Size from 1 GB to 1 TB and will average 100 IOPS.
      • Best suited for workloads where data is accessed infrequently.  Sequential reads and situations where low-cost storage is a requirement.
      • Billed based on the amount of data provisioned, regardless of how much of the data you used.
    2. General Purpose SSD (gp2):
      • They deliver strong performance at a moderate price.
      • Size from 1GB to 16 TB
      • Provide 3 IOPS per GB with max of  10,000 IOPS.
      • Billed based on the amount of data provisioned, regardless of how much of the data you used.
      • Best suited for workloads where highest disk performance is not critical, like system boot volumes, small to mid-size DBs, and dev/test environment.
    3. Provisioned IOPS SSD (io1):
      • Designed to meet the need of I/O intensive applications.
      • The most expensive EBS volume type per GB with the highest performance in a predictable manner.
      • Size from 4GB to 16TB
      • You also need to specify IOPS between 100 to 64000.
      • Pricing is based on the chosen number of IOPS and provisioned size.
      • Best suited for critical business application with sustained IOPS required.
      • Large DBs.
    4. Throughput Optimized HDD (st1):
      • Low-cost HDD volumes designed for frequent access, throughput-intensive workloads such as big data and data warehouse.
      • Size 500 GB to 16 TB.
      • A throughput of 40 MB/s per TB
    5. Cold HDD (sc1)
      • Designed for less frequently accessed workloads.
      • Size 500GB to 16TB
      • A throughput of 12 MB/s per TB

EBS Snapshot:

  • Data for snapshots are stored using S3 (Managed by AWS and not your account)
  • Snapshots are constrained to the region in which they are created, hence you can use them to create new volumes only in the same region. You need to copy the snapshot to another region if you need to.

Security Groups:

  • Virtual Firewall controlling traffic in and out from EC2.
  • Security groups are stateful. It means that an outgoing rule will allow the response without the need of inbound modification.
  • All the inbound rules are denied by default.
  • You can allow the traffic by traffic direction, port, protocol, and destination address via CIDR block range.
  • Security groups applied at the instance level, meaning that traffic between instances in the same security group must adhere to the rules of that security group.