EC2
instance types
instance types are classified basing on 4 dimensions:
- vCPU
- memory
- storage(size and type)
- network performance
Family | strength | Comments |
---|---|---|
C4 | vCPU | |
r3 | memory | |
i2 | storage | huge amount of fast ssd |
g2 | GPU |
Enhanced Networking
It reduce the impact of virtualization on network by Single Root I/O Virtualization (SR-IOV)
this result in more Packets Per Second (PPS), lower latency and less jitter.
AMI
Amazon Machine Image
AMI are x86 OS, for linux or windows
sources of AMI
- AWS: almost just like install OS from official IOS files
- AWS Market Place
- Generate from existing Instances: make a AMI from an existing EC2 instance.
- Uploaded Virtual Machines
Securely Using an Instance
addressing an instance
- use DNS generated by AWS automatically. this persists only when the instance is running.
- use public IP. this persists only when the instance is running.
- use elastic Public IP and Elastic IP are different. Public IP is bind to an instance, used as a feature or part of that instance. when the instance is died, public IP is removed. Elastic IP is a kind of resource bind to the customer, or user, not to an instance, like VPC. a customer always gives it to an instance, but that map can change anytime, manually or automatically or even triggered by events. Elasti
initial access
- linux:key-pair
- windows: encrypted by password, encrypted by key-pair
virtual firewall protection
security group, security is instance level, meaning, firewall for each instance is independent.
lifecycle of instances.
- launching
- bootstrapping
userdata is attached to the instance and not encrypted. so no password should be in UserData
- VM Import/Export :import vm from pn-premises or export vm to on-premises.
- read instance metadata: instance OS access http://169.254.169.254/latest/meta-data to get metadata.
- Security group
- instance ID
- instance type
- AMI used to launch the instance.
- other info…
- tagging
- monitoring:Amazon CloudWatch
- modifying and instance
- instance type:restart instance is needed.
- security group:
- termination Protection