EC2 Elastic Compute Cloud

Table of Contents

home

1. User data

It is an script that is run once in the whole life cycle of the EC2 instance, just in the first start.

2. AWS Naming convention

m5.2xlarge
m: instance class
5: generation (AWS improves them over time)
2xlarge: size within the instance class

3. EC2 Instances Types

3.1. General purpose

Great for a diversity of workloads such as web servers or code repositories

  • Balance between:
    • Compute
    • Memory
    • Networking

3.2. Computing Optimized (CPU)

Great for compute-intensive tasks that require high performance processors

  • They use C names
    c6g, c6gn, c5 … They are used in:
  • Batch processing workloads
  • Media transcoding
  • High Performance web servers
  • High performance computing (HPC)
  • Scientific modeling & machine learning
  • Dedicated gaming servers

3.3. Memory Optimized (RAM)

Fast performance for workloads that process large data sets in memory, they use R names, R5, R5a, R6 …

  • Application performing real-time processing of big unstructured data
  • High performace, relational-non-relational databases
  • In-memory databases optimized for BI

3.4. Storage Optimized (CACHE)

Great for storage-intensive tasks that require high, requential read and write access to large data sets on local storage (redis)

  • It will start with i, D or H (i3, D2, H1…)

4. Security groups

Security groups are the fundamental of network security in AWS, they control how traffoc is allowed into or out of our EC2 instances.

  • Security groups only contain allow rules

  • Security groups rules can reference by IP or by security group.

    • Inbound traffic
      From the outside into the EC2
    • Outbound traffic
      From EC2 to Internet

    Security groups are acting as a “firewall” on EC2 Instances.

    • They regulate:
      • Access to ports
      • Authorised IP ranges - IPv4 and IPv6
      • Control of inbound network (from other to the instance)
      • Control of outbound network (from the instance to other)

4.1. Good to know about security groups

  • Can be attached to multiple instances
  • Locked down to a region/VPC combination
    If you create your security group in one region and you want to use it in another region, you will have to recreate it.
  • Does live outside the EC2
    Security groups is like a firewall but it is not into the EC2, so the EC2 does not know anything about it.
  • It’s good to maintain one separete security group for SSH access
  • If your application is not accessible (Time out)
    Then it is a security group issue
  • If your application gives a “connection refused” error
    Then it is an application error or it is not launched
  • All inbound traffic is blocked by default
  • All outbound traffic is authorised by default

4.2. Classic ports to know (go in the exam)

4.2.1. 22 SSH

SSH (Security shell) - log into a linux instance

4.2.2. 21 FTP

(File transfer protocol) - upload files into a file share

4.2.3. 22 SFTP

(Secure File Transder Protocol) - upload files using SSH

4.2.4. 80 HTTP

Access unsecured websites

4.2.5. 443 HTTPS

Access secured websites

4.2.6. 3389 RDP

(Remote Desktop Protocol) - log into a windows instance

5. IAM Roles, EC2 instance

Never ever ever!!! use the aws configure because you have to entry your personal datas and it is really a bad idea!, so for this we are going to use AWS IAM roles, so we only have to attach the role with the instance and that’s it!

home

Author: Andres Amezquita

Created: 2023-05-02 mar 15:53