Hey this is pretty awesome to write in new WordPress editor mode. Really good. They call the new editor Gutenberg. Alright, I planned to write this post a few months ago, but, didn’t get enough time to work on it. Anyway this is the right time to start, I think. Let’s start.
Nothing serious in this article – just saying / listing some commonly using things related with AWS EC2. EC2 which means, Elastic Compute Cloud. It is a virtual computing environment, that enables customers to use Web service interfaces to launch instances with a variety of operating systems. You can add your own image and can configure network etc.. A lot of things are there related with AWS EC2 stuff.
Amazon is one of the big cloud provider now a days. They offer a lot of technologies in cloud computing. Okay – here we are only talking about AWS EC2 technologies. Using this [EC2] services, we are creating VMs, managing them, creating it’s backups [called AMIs], automating backup creation, deletions all kind of things..
Here we go…
Just listing the items which we are going to familiarise:
- Creating EC2 instances.
- Key pairs.
- Security Groups.
- Instance types.
- Regions and Availability Zones.
- Network / VPC.
- EIP – Elastic IP Address.
- AMI – Machine Image
- Automate AMI creation.
- Copy AMI to other region.
- Start / Stop / Terminate EC2 instances.
- AWS CLI
- Volume & Snapshot
I. Creating EC2 instances.
It is simple to create an instance from AWS console. Just few clicks – you will get real machine. Select, select, select and launch a machine 🙂
Here I am adding some of the things that we need to keep in mind while launching a machine. Launching a machine [EC2 instance] is a 7 click step. I will explain those in a short format. Also adding some screenshots here for reference.
To launch a machine do the following things:
Step 1. Log into AWS console and click on EC2 under Compute Service.
Step 2. Click on “Launch Instance” from the EC2 management console page.
Step 3. Choosing an Image for machine.
A lot of images are available in AWS market place and also community AMIs are available. Select any of the AMI and go to next step.
Step 4. Choose your instance type
Instance type means – basically the power of your machine. You can select it as per your requirement. If your applications require a high performance machine go with higher types otherwise choose small size. You can see the RAM and vCPU associated with each type.
Step 5. Configure instance details
Here you can see few options that need to select carefully. The default options are enough for normal purpose.
Here you can select many things. While launching EC2 instance you can mention the total number of instance with same AMI and the configuration. Networking options are available here. If you have your own VPC, you can select the VPC from this steps. Same ways you are able to select the subnet and assignment of public IP address from here.
If you do not want a public IP address to your machine, you can disable from here even though the selected subnet in VPC have automatic public IP address enabled. Also you can assign any IAM roles to this EC2 instances.
Shutdown behaviour, that’s an important thing. Please go ahead with the default behaviour, stop. If you select the option “terminate” from the drop down list, once you shutdown your machine, it will automatically terminated. You can also enable termination protection from here.
Enabling monitoring will help you to watch instance health with the help of amazon service CloudWatch. Tenancy – You can choose to run your instances on physical servers fully dedicated for your use. The use of host tenancy will request to launch instances onto Dedicated hosts (https://aws.amazon.com/ec2/dedicated-hosts/), while the use of dedicated tenancy will launch instances as Dedicated instances (https://aws.amazon.com/dedicated-instances/). You can launch an instance with a tenancy of host or dedicated into a Dedicated VPC.
Then one of the lovely feature is “user data.” You can specify user data to configure an instance or run a configuration script during launch. If you launch more than one instance at a time, the user data is available to all the instances in that reservation. Which means, if you want to start some custom things while machine is launching / starting, you can add those things here. Something similar to adding scripts in /etc/rc.d/….
Step 6. Add storage.
By default, it will come with 8GB SSD. You can increase the disk space from here also select / change disk type – SSD/Magnetic.. You can also add new volumes to your instance from this step. For example, you want a separate disk for your MySQL application which you are planning to install on this instance, you can add that drive from here. Once the machine is launched, you need to format and mount from the terminal. Normal Linux commands – mount & fdisk.
Step 7. Adding TAG to instance.
Add a TAG [Key Value pair] to your instance. Just to identify. You are able to change this later. Ignore it if you do not want!!
Step 8. Configure security group
In AWS, this is very important. We can call this is the firewall to your instance. We need to allow ports in security group to allow traffic to a service listening on that port. You can go ahead with any existing security group or can create a new one and assign it to your instance from this step. By default the new security group have port 22 enabled for any network.
Step 9. Review Instance Launch
Just review your configurations from this step and launch the instance/s.
That’s it about creating an EC2 instance from AWS console. It’s pretty simple and straight forward..
II. – Key Pairs
Key pairs – simply private – public key pair. When you click on launch instance, you need to mention a Key pair. You can also create a new key pair at that step then the public key will automatically download and the private key will be added to the authorized_keys files of default user. For example, if you are creating a CentOS machine, the key [private key] will add into /home/centos/.ssh/authorized_keys file, so you can access the machine using the public key which you have..
You can create new key pairs / import your own key pairs / delete key pairs from the AWS management console.
III. Security Groups
In AWS, security groups plays a major role in hardening and security part. We can simply call – this [security group] is the firewall on your machines. You can create a new security group while launching a new machine, or you can use any existing one. Bu default, a new security group open port 22 [ssh]. You can add new rules in a security group.
You can add many security groups to a EC2 instance, RDS instances etc. Make sure you are creating the security group in the same VPC.
You can see all the available security groups from the above image. You can also create a new security group from the same section. See the image added below:
To access any services listen on your server, you need to enable that port on security group. While adding a new port, some of them are added in the drop down list – like MySQL, httpd, DNS, POP3 etc. You can add any ports by selecting custom TCP / UDP from the drop down list. Also possible to allow all traffic by selecting All TCP or ALL UDP.
AWS security groups are the best option to protect your servers from attack. See this small scenario – You have a website running on your Linux machine on your AWS EC2 instance and you have a separate MySQL machine running on a separate EC2 instance. In this case you do not need to enable the MySQL port widely. You can simply enable MySQL port for the machine where you setup the web server. So the web server can communicate to MySQL server without any trouble and others can’t!!
So security groups can make a good role while setting up your infra. Plan the infra – create security groups with correct accesses – assign it to your machines / services. That’s it about security group in brief.
IV. Instance types
This is important if you are more concern about your instances cost. Select correct instance type while launching a machine / setting up your infra. The main parameters are vCPU and RAM. Based on your resource usage consumption select instance type correctly.
Other important features associated with EC2 instance types are Dedicated EBS Bandwidth (Mbps) and Network Performance (Gbps). You can check the AWS site for more details. A link to instance type in added below.
Before setting up your infrastructure – go through this link and select the instances types. This will help you to optimise your total infra costs. Also remember one thing, to stop unwanted instances. Unwanted instances means, your QA instances. You can stop your QA, stage instance if there is no tests or works happening. A good thing is you can automate this start and stop process using AWS CLI command. I wrote one article on this, if you have a plan you can refer the article below:
Alright – hope you got a good starting is idea about the type concept. Select instance types as per your requirement and deal your infra cost effectively.
V. Regions and Availability Zones
Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances, and data in multiple locations. Resources aren’t replicated across regions unless you do so specifically.
In case of EC2 instance, you can launch an instance in any available region and also you can specify the availability zone. There is also price difference between these regions. The speed is also a factor. If your application on your EC2 instances are specific for any region – launch your infra in that region. It will reduce latency also.
Please refer this AWS documentation for more details. This is very important to know about AWS region and availability zone. All the services are depends on it. Go through the aforementioned link and get a clear knowledge about amazon concept on region and availability. We can keep something across multiple regions for DR [Disaster Recovery] purpose. I will explain this with more examples / scenarios in next sessions in this article.
You can list all the available regions from the top right section of your AWS console. See the image added below:
That’s about AWS regions and availability zones in brief. Must be a base level interview question if you are looking for a job in AWS field. I strongly suggest you to go through that AWS documentation for better understanding. If you have any doubts about it, as your questions as comment on this article.
VI. Network / VPC
This is very important and one of the core part in AWS. VPC – Virtual Private Cloud. Amazon VPC is the networking layer for Amazon EC2. You can create your own private network with subnet, route tables, gateway etc. It’s possible to create private and public subnets. Totally VPC improve your infrastructure privacy and protection.
AWS VPC is a wide area and we can not add all the details here. This is only a brief introduction. Please go through the following dockumentations for more details:
Understanding Amazon VPC is a great advantage for infrastructure architectures to setup / design the infra perfectly. By using VPC you can secure your applications from any kind of unwanted attacks. Consider this small scenario – You have an infrastructure which include your web application, MySQL cluster, Mongo cluster, Redis, Elastic search etc. Here you can create VPC with private and public subnets and launch those instances in private subnet and only launch instances like web app which need public access in public subnet. So nobody can access the MySQL / Mongo / Redis / Elastic Search cluster from our side. It does not have a public IP address, it only have a private IP address. As everything is in same VPC they can communicate using the private IP address internally. So communication between the instances is not a problem.
You can setup your infra with a high level of security by configuring your own VPC. Go ahead and try to setup an infra on Amazon Virtual Private Cloud.
VII. EBS – Elastic Block Store
Amazon EBS is simply a disk [volume] that you can attach to your EC2 instances. It ‘s very simple to provision EBS from Amazon console and attach it to existing EC2 instance. Once the EBS is attached to an instance – you need to mount it from the command line interface using Linux commands. Very simple. We already discussed about how we can attach an EBS to an EC2 instance and mount as LVM. You can check the details [including all the commands] from the link pasted below:
Attach new disk (EBS) to a running EC2 instance with LVM enabledWe are familiar with the technology LVM and we have hands on experience with LVM. Here I am explaining the steps that helps you to attach a disk (EBS) to an already running instance with LVM enabled.
You need to upgrade the disk space on your instance, once your business grows, data increases; so the better option is keeping the disk as logical volume.
If it’s LVM based, we can simply increase the disk without shutting down the machine, which means with zero down time. Read more…
One thing that is very important is, you need to create the EBS in the same availability zone. Then only you can attach that EBS to your existing EC2 instance in that same zone.
How to create an EBS volume?
Creating an EBS is a one click process. You can create it from the console –> Elastic Block Store –> Volumes –> Create volume.
After creating an EBS you need to attach that block storage to an instance. Then you can refer the aforementioned article to mount that disk to instance. Above article is adding the volume as LVM. If you want to mount it as normal volume, simply format the disk and mount it using mount command. That’s it!!
Cost is the main factor. Every service in AWS has different types and different pricing. Cost is a main factor while designing an infrastructure. We already discussed about the EC2 instance types and it’s cost range. Like EC2 instance, every service in Amazon has different types and price.
You can check the service pricing from this link.
IX. EIP – Elastic IP Address
Simply we can call dedicated IP address to your EC2 instance. By default, when you launch an instance with public IP enabled, an IP address [public] will bind automatically to your machine. This public IP address will change on every reboot. But the private IP should remains the same. So if you need a dedicated IP address to your instance, you need to allocate one to your AWS account and then need to assign it to your instance.
How to assign EIP to an EC2 instance?
It is simple to assign an EIP to your EC2 instance. Please follow the steps below for allocating an elastic IP address and assign it to your instance.
Go to EC2 console and click on Elastic IPs under network and security tab [you see those from the left side].
You can see all allocated / assigned elastic IP addresses from this session. Click on “Allocate new address” and then click on allocate. That’s it! Now you have a dedicated IP address in your AWS account. You completely own this IP address.
Now you need to assign this IP address to your existing EC2 instance. Go back to EIP section, select the IP address and click on actions. From the drop down list associate IP address to your instance. That’s it!! You can select your instances from that section.
If you don not want an IP address you can remove it from your AWS account. Just click on actions and select release addresses. Done!
How much do I need to pay for EIP? Cost of Amazon Elastic IP address..
Actually it does not cost you, if you attach only one elastic IP address to your running EC2 instance. So the conditions are:
- Only one EIP to an EC2 instance.
- EC2 instance should be in running state.
If it’s not assigned to any EC2 instance and or the instance it’s attached is not running – it will cost. But the cost is very less, about 0.005 $ per hour. You can check the details from this documentation.
X. AMI – Machine Image
This is the backup of your Amazon EC2 instance. Very useful service related to Amazon EC2. AMI means – Amazon Machine Image. You can launch a new machine from your AMI. So a new machine will launch exactly same as the machine which you used to create that AMI. It’s not a simple service. A lot of things are there that we need to check or discussed about AMI service. Here we only discussing the basics.
You can schedule your EC2 instances AMI for disaster recovery. AMI means a complete backup of your instance. It will copy all the configurations / services / packages / files (data) from the instance. So if anything happens to your EC2 instance, you can roll back the machine state to its previous state, when the AMI is created.
How to automate AMI creation and deletion?
It simple to automate AMI management using Lambda functions. We already discussed this setup in one of our previous article. You can check the details from this link -> Automated backup job using AWS Lambda I got the original code from Github – I made some modifications and added in that article. You can refer either this one or the original one and modify code as per your requirement. All the details are added in that blog article. Also please add your suggestions / questions as comment on that article so that I can improve that code / function.
How to create AMI of your EC2 instance?
You can simply create an AMI manually from the AWS console. Please see the screenshot added below:
Step 1. Go to EC2 console.
Step 2. Select instance which you want to create AMI.
Step 3. Actions -> Image -> Create image.
Step 4. Add Image name and description – click on create image.
Don’t forget to tick “No Reboot”. Otherwise the machine will be rebooted while creating the AMI. That’s it.
You can see all the images from the AWS console by clicking AMI under IMAGES tab. Go through the AMI section and familiarise it.
XI. Automate AMI creation
That we discussed just above. Automated backup job using AWS Lambda
XII. Copy AMI to other region
Yes, you can copy your AMIs from one region to another region. This is very helpful if you are planning to migrate your infra from one region to another. For this you can plan the process like: Create AMIs of your instances –> Copy AMIs to another region –> Launch instance/s in that region using this AMI. That’s it.
You can also keep AMIs in different region as a disaster recovery purpose. Some peoples are doing like that, just for availability they are copying AMIs to different locations. You can automate this copy process using AWS Lambda function. Codes are available in Github. This is same like the Automated backup job using AWS Lambda which we discussed in point XI.
How to copy AMI to different location?
You can simply copy it from the AWS console. Please see the images attached here and check the explanations.
- Go to AMI section.
- Select the AMI / AMIs which you want to copy.
- Click on Actions –> Copy AMI
- Select the destination region from that drop down list.
- Add Name & Description.
- Click on Copy AMI button.
That’s it!! Done!! You can now see those AMIs in that destination region you selected.
XIII. Start / Stop / Terminate EC2 instances
That you already know. Just listing here to introduce the AWS CLI options. From the AWS console, you can do start/stop/restart from the EC2 console. Select instance/s –> Click on Actions –> Instance State –> Start/Stop/Restart/Terminate. See the screenshot added below:
You can do these operations from your laptop, using AWS cli commands. That we already discussed in one of our previous blog post. Here I am sharing that link to see more details –> Shutdown your test infra and reduce cost – AWS Commands and “how to” details are added in that article.Check the last section “What is the command to manage EC2 instances from command line?”
XIV. AWS CLI
This is the command line tool. You can see the installation details from this blog article –> How to install AWS command line interface (awscli) on Linux?
XV. Volume & Snapshot
Volumes: These are the disc associated to your EC2 instance. This is called EBS, Elastic Block Storage. We can add multiple EBS to your EC2 instance.
Snapshot: This is the backup of your EBS. You can create the snapshot from the EC2 console. Goto EC2 console –> Click on Volumes –> Actions –> Create snapshot.
Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for backups, to make copies of EBS volumes, and to save data before shutting down an instance. More details –> create-snapshot.
Alright – I’m winding up!! I hope this article will help newbies to get some ideas about the AWS EC2 features. Will add more details going forth. Please add your suggestions and questions as comment below.