aws re:invent 2016: amazon ec2 foundations (cmp203)
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Sebastian Dreisch, AWS Business Development
November 2016
Amazon EC2 Foundations
CMP203
What to expect from this short talk
AWS concepts: AWS Regions, Availability Zones
Understanding EC2 instance options and how to choose the right one/mix for your
workload
Understanding Storage options and how to choose the right one/mix for your workload
The basics of VPC networking and setting up a load balancer
Monitoring, Metrics & Logs
Security and Access Control
Deployment
EC2 Cost Optimization
AWS global infrastructure
14 regions
(a separate geographic area) Each region has multiple, isolated locations known as Availability Zones. Resources aren't replicated across regions unless you do so specifically.
38 Availability Zones
*Throughout the next year, the AWS global infrastructure will expand with at least
nine new Availability Zones in new geographic regions: Montreal in Canada,
Ningxia in China, Paris in France, and the United Kingdom.
AVAILABLILITY ZONES
Distinct locations that are engineered to be insulated
from failures in other Availability Zones
Provide inexpensive, low latency network connectivity
to other Availability Zones in the same region
Regions contain between 2 & 5 EC2 Availability Zones
Amazon EC2
Amazon Elastic Compute Cloud (EC2) -
Elastic virtual servers in the cloud
Physical Servers in AWS Global Regions
Host server
Hypervisor
Guest 1 Guest 2 Guest n
Amazon EC2 10+ years ago…
• First generation, single
instance family and size
• m1.small (1 vCPU, 1.7 GiB
RAM, 160 GB storage)
• Linux only
• On-Demand pricing only
EC2 instances today
c4.largeInstance family
Instance generation
Instance size
1 2 4 8 16 321
2
4
8
16
32
64
128
256
Me
mo
ry (
GB
)
vCPU
g2.2xlarge8 vCPU, 15 GB1 x 60 SSDNVIDIA GPU (1,536 CUDA cores, 4GB Mem)
4 vCPU, 30.5 GBi2.xlarge (High IO) - 1 x 800 SSDd2.xlarge (Dense) - 3 x 2000 HDD
8 vCPU, 61 GBi2.2xlarge (High IO) - 2x800 SSDd2.2xlarge (Dense) - 6 x 2000 HDD
16 vCPU, 122 GBi2.4xlarge (High IO) - 4x800 SSDd2.4xlarge (Dense) - 12x2000 HDD
32 vCPU, 244 GBi2.8xlarge (High IO) - 8x800 SSD
36 vCPU, 244 GBd2.8xlarge (Dense) - 24x2000 HDD
m3.xlarge4 vCPU, 15 GB2 x 40 SSD
m3.2xlarge8 vCPU, 30 GB2 x 80 SSD
m3.large2 vCPU, 7.5 GB1 x 32 SSDm3.medium
1 vCPU, 3.75 GB, 1 x 4 SSD
t2.micro1 vCPU, 1GBEBS Only
t2.small1 vCPU, 2GBEBS Only
t2.medium2 vCPU, 4GBEBS Only
r3.large2 vCPU, 15.25 GB1 x 32 SSD
r3.xlarge4 vCPU, 30.5 GB1 x 80 SSD
r3.4xlarge16 vCPU, 122 GB1 x 320 SSD
r3.8xlarge2 vCPU, 244 GB2 x 320 SSD
2 vCPU, 3.75 GBc4.large - EBS Onlyc3.large - 2 x 16 SSD
4 vCPU, 7.5 GBc4.xlarge - EBS Onlyc3.xlarge - 2 x 40 SSD
8 vCPU, 15 GBc4.2xlarge - EBS Onlyc3.2xlarge - 2 x 80 SSD
32 vCPU, 60 GBc4.8xlarge - EBS Onlyc3.8xlarge - 2 x 320 SSD
m4.large2 vCPU, 8 GBEBS Only
m4.xlarge4 vCPU, 16 GBEBS Only
m4.2xlarge8 vCPU, 32 GBEBS Only
m4.4xlarge16 vCPU, 64 GBEBS Only
m4.10xlarge40 vCPU, 160GBEBS Only
t2.large2 vCPU, 8 GBEBS Only
Storage Optimized
GPU Instances
General Purpose
Memory Optimized
Compute Optimized
New M4’s/T2 Large
t2.nano1 vCPU, 512MBEBS Only
g2.8xlarge32vCPU, 60 GB2 x 120 SSD4 NVIDIA GPUs (1,536 CUDA cores, 4GB Mem)
16 vCPU, 30 GBc4.4xlarge - EBS Onlyc3.4xlarge - 2 x 160 SSD
41 (latest generations) EC2 Instance Types
64
m4.16xlarge64 vCPU, 256GBEBS Only
P2.xlarge4 vCPU, 61 GiBNVIDIA K80 (2,496 CUDA cores, 12GiB Mem)
r3.2xlarge8 vCPU, 61 GB1 x 160 SSD
Performance factor: Memory
Performance factor: GPUs
aws.amazon.com/ec2/faqs/
Extensive list of
supported operating
systems & software
RedHat Linux, Windows Server, SuSE Linux, Ubuntu,
Fedora, Debian, Cent OS, Gentoo Linux, Oracle Linux, and
FreeBSD
STORAGE
File
Amazon EFS
Block
Amazon EBS Amazon EC2
Instance Store
Object
Amazon S3 Amazon Glacier
Block Storage Options
Instance Store
Physically attached
to the host computer
Type and amount differs
by instance type
Data dependent upon
instance lifecycle
Amazon EBS
Persistent block level storage
volumes
Magnetic – Throughput (st1)
Magnetic – “Cold” (sc1)
General Purpose (SSD)
Provisioned IOPS (SSD)
Data independent of
instance lifecycle
EBS Volumes
EBS volumes automatically
replicated within the Availability
Zone in which they are created
Use EBS-optimized instances to
deliver dedicated throughput
between Amazon EC2 and Amazon
EBS, with options between 500 and
10,000 Mbps, depending on the
instance type
Amazon EBS
Persistent block level storage
volumes
Magnetic – Throughput (st1)
Magnetic – “Cold” (sc1)
General Purpose (SSD)
Provisioned IOPS (SSD)
Data independent of
instance lifecycle
EBS Snapshots
An EBS snapshot is a point-in-time
backup copy of an EBS volume that
is stored in Amazon S3
Snapshots are incremental, only the
blocks that have changed after your
most recent snapshot are saved
Amazon EBS
Persistent block level storage
volumes
Magnetic – Throughput (st1)
Magnetic – “Cold” (sc1)
General Purpose (SSD)
Provisioned IOPS (SSD)
Data independent of
instance lifecycle
NETWORKING
A virtual network in your own logically isolated
area within the AWS cloud populated by
infrastructure, platform, and application services
that share common security and interconnection
Amazon VPC
aws.amazon.com/vpc/
▶ Elastic network interface (ENI)
▶ Subnet
▶ Network access control list (ACL)
▶ Route table
▶ Internet gateway
▶ Virtual private gateway
▶ Route 53 private hosted zone
VPC Networking
VPC Network Topology
A VPC can span multiple AZs, but each
subnet must reside entirely within one AZ
Use at least 2 subnets in different AZs for
each layer of your network
VPC Creation with the VPC Wizard
Availability Zone 1a Availability Zone 1b
Internet
10.0.0.5
10.0.0.6
10.0.3.17
10.0.3.5
10.0.1.5
10.0.1.25
10.0.1.8
10.0.1.6
VPC Subnet
VPC Subnet
VPC Subnet
Virtual Private Gateway
Customer Gateway
VPN Connection
Internet Gateway
Customer Data Center
Example: enterprise application architecture
VPC PeeringA networking connection between two VPCs
docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
Elastic Load Balancing
aws.amazon.com/elasticloadbalancing/
▶ Timeout Configuration
▶ Connection Draining
▶ Cross-zone Load Balancing
aws.amazon.com/elasticloadbalancing/
Example: 3-tier web application architecture
MONITORING, METRICS & LOGS
A monitoring service for AWS cloud resources and
the applications that you run on AWS.
Use Amazon CloudWatch to collect and track
metrics, collect and monitor log files,
and set alarms.
Amazon CloudWatch
aws.amazon.com/cloudwatch/
Amazon CloudWatch
CloudWatch Metrics in the EC2 Console
Monitoring Scripts for EC2 Instances
docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts.html
Monitor applications and systems using log data
Store in a highly durable storage and set retention
Access your log files via Web, CLI, or SDK
Amazon EC2 (Linux & Windows)
AWS Lambda
…
Amazon CloudWatch Logs
docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html
CloudWatch Metrics & Alarms
AWS
Resource
Your
Custom
Data
Metric Alarm Action
CloudWatch
CloudWatch Logs + Filter
AWS
Resource
Your
Custom
Data
Metric Alarm Action
CloudWatch
FilterLogs
Alarm Actions
Action
Notification
(SNS)
Auto Scaling
action
EC2 action
Recover
Stop
Terminate
Amazon EC2
Auto Recovery
Use this action
together with
status checks
to automate
instance recovery
SECURITY & ACCESS CONTROL
Consistent, regular, exhaustive 3rd party evaluations
• Secured premises
• Secured access
• Built-in firewalls
• Unique users
• Multi-factor authentication
• Private subnets
• Encrypted data storage
• Dedicated connection
Architected for Enterprise Security
Access a deep set of cloud security tools
Encryption
Key
Management
Service
CloudHSM Server-side
Encryption
Networking
Virtual
Private
Cloud
Web
Application
Firewall
Compliance
ConfigCloudTrailService
Catalog
Identity
AWS Identity &
Access Management ( IAM)
Active
Directory
Integration
SAML
Federation
Access credentials
Access key and secret key used to
authenticate when accessing
AWS APIs
Key pairs
Public key and private key used
to authenticate when accessing
an Amazon EC2 instance
Security and Access Foundations
USE IAM ROLES TO PASS ACCESS
CREDENTIALS TO AN INSTANCE
DEPLOYMENT
AMAZON MACHINE IMAGES
Amazon
maintained
Set of Linux and
Windows images
Kept up to date by
Amazon in each
region
Community
maintained
Images published by
other AWS users
Managed and
maintained by
Marketplace
partners
Your machine
images
AMIs you have
created from EC2
instances
Can be kept private
or shared with other
accounts
Bake an
AMI
Start an instance
Configure the instance
Create an AMI from your instance
Start new ones from the AMI
Bake an
AMI
Start an instance
Configure the instance
Create an AMI from your instance
Start new ones from the AMI
Configure
dynamically
Launch an instance
Use metadata service and
cloud-init to perform actions
on instance when it launches
Bake an
AMI
Build your base images and
set up custom initialization
scripts
Maintain your ‘golden’ base
Configure
dynamically
Use bootstrapping to pass
custom information in and
perform post launch tasks like
pulling code from SVN
+
Time consuming configuration
startup time
Static configurations
less change management
Bake an
AMI
Configure
dynamically
Continuous deployment
latest code
Environment specific
dev-test-prod
Bake an
AMI
Configure
dynamically
AUTO SCALING
Maintain EC2 instance
availability
Detects impaired EC2 instances
Replaces the instances automatically
Automatically Scale
Your Amazon EC2
Fleet
Follow the demand curve for
your applications
Reduce the need to manually
provision Amazon EC2 capacity
Run at optimal utilisation
Reusable Instance Templates
Provision instances based on a reusable template you
define, called a launch configuration.
Automated Provisioning
Keep your Auto Scaling group healthy and balanced,
whether you need one instance or 1,000.
Adjustable Capacity
Maintain a fixed group size or adjust dynamically based on
Amazon CloudWatch metrics.
Launch
Configuration
Describes what Auto Scaling
creates when adding Instances
Only one active launch
configuration at a time
aws autoscaling create-launch-configuration--launch-configuration-name launch-config--image-id ami-54cf5c3d--instance-type m3.medium--key-name mykey--security-groups webservers
Auto Scaling
group
Auto Scaling managed grouping
of EC2 instances
Automatically scale the number
of instances by policy
aws autoscaling create-auto-scaling-group--auto-scaling-group-name autoscaling-group--availability-zones eu-west-1a eu-west-1b--launch-configuration launch-config--load-balancer-names myELB--min-size 1--max-size 5
Auto Scaling
policy
Parameters for performing an
Auto Scaling action
Scale in/out and by how much
aws autoscaling put-scaling-policy--auto-scaling-group-name autoscaling-group--policy-name autoscaling-policy--min-adjustment-magnitude=2--adjustment-type ChangeInCapacity--cooldown 300
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00
Utilisation & Auto Scaling Granularity
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00
Utilisation & Auto Scaling Granularity
41 Instance Hours
m4.large @ $0.133/hr
= $5.453/day
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00
Utilisation & Auto Scaling Granularity
70 Instance Hours
t2.small @ $0.026/hr
= $1.82/day
New Scaling Policies for More
Responsive Scaling
aws.amazon.com/blogs/aws/auto-scaling-update-new-scaling-policies-for-more-responsive-scaling
OTHER DEPLOYMENT OPTIONS
AWS CodeDeploy
• Scale from 1 instance to thousands
• Deploy without downtime
• Centralize deployment control and monitoring
• On-premises support
Staging
CodeDeployv1, v2, v3
Production
Dev
Coordinate automated deployments, just like Amazon
Application
Revisions
Deployment Groups
aws.amazon.com/codedeploy/
Amazon EC2 Container ServiceA highly scalable, high performance container management service
aws.amazon.com/ecs/
Launch and
terminate
Docker containers
Across a cluster
of EC2 instances
Mount persistent
volumes at launch
Private Docker
repositories
COST OPTIMIZATION
On-Demand
Pay for compute
capacity by the
hour with no long-
term commitments
For spiky
workloads, or to
define needs
Reserved
Make a low, one-
time payment and
receive a
significant discount
on the hourly
charge
For committed
utilization
Spot
Bid for unused
capacity, charged at
a Spot Price which
fluctuates based on
supply and demand
For time-insensitive
or transient
workloads
Dedicated
Launch instances
within Amazon VPC
that run on hardware
dedicated to a single
customer
For BYOL and highly
sensitive/regulated
workloads
Use a purchasing option (mix) that best fits your workload
Spot Instances
Spot Instances are spare Amazon EC2 instances that you can bid on.
The Spot price fluctuates in real-time based on supply and demand.
When your bid exceeds the Spot Price and Spot capacity is available,
your Spot instance is launched and will run until the Spot market price
exceeds your bid (a Spot interruption – 2 minute warning!).
aws.amazon.com/ec2/purchasing-options/spot-instances/
Getting Started with Amazon EC2:
http://aws.amazon.com/ec2/getting-started/
Auto Scaling Getting Started Tutorial
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/GettingStartedTutorial.html
Additional Resources and further Learning
Certification
aws.amazon.com/certification
Self-Paced Labs
aws.amazon.com/training/
self-paced-labs
Try products, gain new skills,
and get hands-on practice
working with AWS technologies
aws.amazon.com/training
Training
Validate your proven skills and
expertise with the AWS platform
Build technical expertise to
design and operate scalable,
efficient applications on AWS
AWS Training & Certification
Remember to complete
your evaluations!
Remember to complete
your evaluations!