EC2

Elastic Compute Cloud

FAQs |

Overview

• A virutal server

• Can scale up and down within minutes

• SLA = 99.99%

Instance type

• T2, G is a general purpose instance type.

• X1e, R is memory optimized.

• H1 is storage optimized.

• P3 is for advanced computing and can include special hardware for graphics processing.

EBS Volume

EBS is a network disk that is attached to EC2.

EC2 Instance store

When you need very high IOPS storage for EC2, refer to EC2 Instance store.

---

Provision EC2

Steps to provision an EC2 instance

• Remember to create & download keypair.

• Capacity reservation (reserve capacity for EC2 instance in a specific AZ): None. Turn this to None to save cost.

---

Connect to EC2

through console, HTTP, SSH

Session Manager (easiest)

Session Manager Connection architecture

• Session are secured using AWS Key Management service key.

• Can log session commands in S3 bucket or CloudWatch Logs log group.

• No SSH, no Bastion host, No need to open inbound ports.

• 1-click access.

1 click access browser-based shell

SSM trouble shooting

# check system agent is enabled?
sudo systemctl status amazon-ssm-agent

# when creating EC2 instance, you should configure the IAM profile to use SSM. 
# if not, after attaching the IAM profile, you need to restart the SSM agent
sudo systemctl restart amazon-ssm-agent

Session manager URL

https://us-east-1.console.aws.amazon.com/systems-manager/session-manager/i-08d8812972af11492

EC2 instance connect

• Using IAM policies to control SSH access.

• No need of SSH Keys, but actually using SSH access to your instance.

SSH to EC2

ssh -i MyKeyPair.pem ec2-user@Public-ipaddress

---

Features

ASG: Auto Scaling Group

• Ensure that you have correct number of EC2 instances available to handle the load on your application.

• Automatically instance replacement -> If the health check fail, it will trigger the lauching of new healthy instance.

• Instance rebalancing -> When an AZ failed, it will shift the instances from that failed AZ to the remaining healthy AZ.

instance rebalance

• Provision new resources take minutes. Slow if compare to Lambda scaling ability.

EC2 Hibernate

• Hibernation saves the contents from the instance memory (RAM) to your EBS root volume.

• Allows applications to pick up exactly where they left off.

• Use cases

  • Services that take time to initialize

  • Saving RAM state

  • Long-running processing

  • eg: 2-weeks company shutdown

• To use hibernate

  • Root volume: must be encrypted EBS volume.

  • AMI: Linux or Windows

  • RAM size: must less than 150GB.

  • NOT hibernated > 60 days.

-> It is not possible to enable or disable hibernation for an instance after it has been launched.

Placement group

There are 3 types of Placement group

Cluster	Partition	Spread
high-performance low-latency	large distributed, replicated workloads	high-availability reduce failures
placing EC2 instnaces next to each other	Hadoop, Cassandra, Kafka	placing EC2 instances in different hardware cross-AZs.

---

Detailed monitoring

Send metric to Cloud Watch every 1-minute (instead of 5-minute period).

Troubleshooting

• Check inbound of Security group if it already allow the right protocol/port.

• Check NACLs associated with the subnets, to ensure they allow inbound and outbound traffic.

• ALB listener if the traffic is being directed to the correct protocol:port of the Target Group

• Check if the Target group includes the EC2 instances as registered targets.

• EC2 instance:

  • Check health status, and Status check 2/2?

  • Connect to the EC2 instance to check if the httpd server is running.

• Check logs

  • Check EC2 instance's system logs.

  • CloudWatch log: CPU, network traffic, disk I/O...

  • CloudTrail log.

Trivia

• Termination protection will not prevent an Autoscaling Group from terminating instances, instance scale-in protection will. Termination protection protect from manually termination.

• DefaultInstanceWarmup : determines how long your instances need to finish initializing to be InService state.

• The only way to retrieve instance metadata is to use the link-local address, which is 169.254.169.254.

• When you stop an instance, AWS may move the virtualized EC2 instance to another host computer; the instance may get a new public IP address, and the data in your attached instance store volumes will be deleted.

• When you provision an IAM to use with SSM, refer pre-installed ssm agent AMI list.

• You can combine Spot + On-Demand instance only. You cannot combine Spot and Reserved instances.