AWS Cheat Sheet – EC2

Amazon EC2 is the main compute service of AWS, make sure you know as much as you can about it with this cheat sheet.

Instance Types:

The instance type defines the virtual hardware supporting an Amazon EC2 instance.
here are dozens of instance types available, varying in the following dimensions: Virtual CPUs (vCPUs), Memory, Storage (size and type), Network performance. Instance types are grouped into families based on the ratio of these values to each other
the table below lists some of the families available:

C4	Compute optimized (For workloads requiring significant processing).
T2	Lowest Cost General Purpose (Web/Small DBs)
R3	Memory optimized (For memory-intensive workloads).
G2	GPU-based instances (Intended for graphics and general-purpose GPU compute workloads).
I2	Storage optimized (For workloads requiring high amounts of fast SSD storage).
D2	Dense Storage (Fileservers/Data Warehousing/Hadoop).

The network performance increases within a family as the instance type grows.

Amazon Machine Images (AMIs):

The Amazon Machine Image (AMI) defines the initial software that will be on an instance when it is launched.
An AMI defines every aspect of the software state at instance launch:
- The Operating System (OS) and its configuration.
- The initial state of any patches.
- Application or system software.
There are four sources of AMIs:
- Published by AWS.
- The AWS Marketplace (online store for AMI).
- Generated from Existing Instances.
- Uploaded Virtual Servers (Using AWS VM Import/Export service).
AMI’s are regional. You can only launch an AMI from the region in which it was stored.
When you create an AMI, by default its marked private. You have to manually change the permissions to make the image public or share images with individual accounts

Instance Lifecycle:

When you launch an instance, it enters the pending state and it uses the specified AMI to launch.
it enters the running stat where you can start connecting to it and use it.
you can stop and start your instance to try to fix a problem. When you stop your instance, it enters the stopping state and then the stopped state.
if you no longer need an instance, you can terminate it. As soon as the status of an instance changes to shutting-down or terminated, you stop incurring charges for that instance.
If you enable termination protection, you can’t terminate the instance using the console, CLI, or API.
Termination protection does not work for instances that are part of the auto-scaling group, launched as Spot instance or when terminated by initiating shutdown command.
Data on an instance store is lost when the instance is stopped or terminated. Instance store data survives an OS reboot.
An instance is scheduled to be retired when AWS detects an irreparable failure of the underlying hardware hosting the instance

Below is a list of all instance states:

Instance state	Description	Billed?
pending	An instance enters the pending state when it launches for the first time, or when it is started after being in the stopped state.	NO
running	The instance is running and ready for use.	YES
stopping	The instance is preparing to be stopped or stop-hibernated.	NO if preparing to stop YES if preparing to hibernate
stopped	The instance is shut down and cannot be used.	NO
shutting-down	The instance is preparing to be terminated.	NO
terminated	The instance has been permanently deleted	NO

Root device volumes:

Root Volumes cannot be encrypted by default, you need a 3rd party utility. Other volumes added to an instance can be encrypted.
Non-root EBS volumes attached to the instance are preserved if you delete the instance.
Amazon EC2 supports two types of block devices:

Instance Store (Ephemeral):

not persistent storage.
instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data…
Instances using instance store storage cannot be stopped.
Instance store volumes cannot be detached and reattached to other instances; They exist only for the life of that instance.
If you change the instance type, an instance store will not be attached to the new instance type.

Amazon Elastic Block Store (EBS):

For workloads requiring more durable block storage, Amazon EBS is the right choice.
Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.
Multiple Amazon EBS volumes can be attached to a single Amazon EC2 instance, although a volume can only be attached to a single instance at a time.

Types of EBS Volumes:

General-Purpose SSD:

ideal for a broad range of workloads.
volume can range in size from 1 GB to 16 TB, up to 16,000 IOPS per volume.
some of the use cases:
- System boot volumes.
- Virtual desktops.
- Small-to-medium sized databases.
- Development and test environments.
General-purpose SSD volumes are billed based on the amount of data space provisioned.

Provisioned IOPS SSD:

designed to meet the needs of I/O-intensive workloads, particularly database workloads.
provide the highest performance of any Amazon EBS.
volume can range in size from 4 GB to 16 TB, Consistently performs at provisioned level, up to 64,000 IOPS maximum per volume.
The most expensive Amazon EBS volume type per gigabyte.

Throughput Optimized HDD:

designed for frequently accessed, throughput-intensive workloads.
Low-cost HDD volume.
volume can range in size from 500 GiB to 16 TiB, max IOPS per volume is 500.
use cases:
- Streaming workloads requiring consistent, fast throughput at a low price.
- Big data, Data warehouses, Log processing.
Cannot be a boot volume.

Cold HDD:

Lowest cost HDD volume designed for less frequently accessed workloads.
volume can range in size from 500 GiB to 16 TiB, max IOPS per volume is 250.
Scenarios where the lowest storage cost is important.
Cannot be a boot volume.

Instance Metadata and User Data:

Metadata is data about an EC2 instance: AMI ID, hostname, instance ID, instance type, private IP address, public IP address, and so on are metadata of the instance.
User data is limited to 16 KB,
If you stop an instance, modify its user data, and start the instance, the updated user data is not executed when you start the instance.
You can specify user data when you launch an instance.
You can poll an instances meta-data by using curl http://169.254.169.254/latest/meta-data/
You can get an instance’s IP address by using curl http://169.254.169.254/latest/meta-data/public-ipv4
You can poll an instances user-data by using curl http://169.254.169.254/latest/user-data/
To pass the user-defined script to EC2 Linux instances running behind Autoscaling group we need to use Userdata.

Security:

Virtual Firewall Protection (Security groups):

AWS allows you to control traffic in and out of your instances through virtual firewalls called security groups.
Security groups allow you to control traffic based on port, protocol, and source/destination.
Security groups are associated with instances when they are launched. Every instance must have at least one security group but can have more.
When an instance is associated with multiple security groups, the rules are aggregated and all traffic allowed by each of the individual groups is allowed.
Security groups are applied at the instance level.

IAM:

An IAM policy must grant or deny permissions to use one or more Amazon EC2 actions.
you can use IAM roles to grant permissions to applications running on your instances.
You cannot attach multiple IAM roles to a single instance, but you can attach a single IAM role to multiple instances.

Networking:

Addressing an Instance:

an instance can be addressed upon creation in several ways:
- Public Domain Name System (DNS) Name.
- Public IP: unique address on the Internet that you reserve independently and associate with an Amazon EC2 instance.
- Private IP addresses and Elastic Network Interfaces (ENIs) are additional methods of addressing instances that are available in the context of an Amazon VPC.
An Elastic IP address is a public IPv4 address, which is reachable from the internet.
To use an Elastic IP address, you first allocate one to your account, and then associate it with your instance or a network interface.
You can disassociate an Elastic IP address from a resource, and reassociate it with a different resource.

Placement Groups:

A placement group is a logical grouping of instances within a single Availability Zone.
Placement groups enable applications to participate in a low-latency, 10 Gbps network.
Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.
To fully use this network performance for your placement group, choose an instance type that supports enhanced networking and 10 Gbps network performance.

Elastic Network Interfaces:

An elastic network interface is a logical networking component in a VPC that represents a virtual network card.
You can create and configure network interfaces in your account and attach them to instances in your VPC.
ENI can have one public IP address and multiple private IP addresses.
You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance.
You cannot detach a primary network interface from an instance.
When you create a network interface, it inherits the public IPv4 addressing attribute from the subnet.
An ENI created independently of a particular instance persists regardless of the lifetime of any instance to which it is attached.

Monitoring:

You can monitor the status of your instances by viewing status checks and scheduled events for your instances.
You can monitor your instances using Amazon CloudWatch, which collects and processes raw data from Amazon EC2 into readable, near real-time metrics.
By default, Amazon EC2 sends metric data to CloudWatch in 5-minute periods.
You can use the CloudWatch agent to collect both system metrics and log files from Amazon EC2 instances.
CloudTrail captures all API calls for Amazon EC2 and Amazon EBS as events, including calls from the console and from code calls to the APIs.