Elastic Compute Cloud (EC2)

1. Overview

Amazon Elastic Compute Cloud (EC2) is a part of Amazon.com's cloud-computing platform, Amazon Web Services (AWS), that allows users to rent virtual computers on which to run their own computer applications. EC2 encourages scalable deployment of applications by providing a web service through which a user can boot an Amazon Machine Image (AMI) to configure a virtual machine, which Amazon calls an "instance", containing any software desired. A user can create, launch, and terminate server-instances as needed, paying by the second for active servers – hence the term "elastic". EC2 provides users with control over the geographical location of instances that allows for latency optimization and high levels of redundancy.

In November 2010, Amazon switched its own retail website to use EC2 and AWS.

It mainly consists of the capability of:

• Renting virtual machines (EC2)
• Storing data on virtual drives (EBS)
• Distributing load across machines (ELB)
• Scaling the services using an auto-scaling group(ASG)

2. Security Group

Security Groups are the fundamental of network security in AWS. They control how traffic is allowed into or out of our EC2 Machines. Security Groups are acting as a "firewall" on EC2 instances

They regulate:

• Access to Ports
• Authorized IP ranges - IPv4 and IPv6
• Control of inbound network (from other to the instance)
• Control of outbound network (from the instance to other)

2.1 Features

• Can be attached to multiple instances
• Locked down to a region/VPC combination
• It's good to maintain one separate security group for SSH access
• All inbound traffic is blocked by default
• All outbound traffic is authorized by default
• If your application is not accessible(time out), then it's a security group issue
• If your application gives a "connection refused" error, then it's an application error or it's not launched

3. Elastic IPs

• When you stop and then start an EC2 instance, it can change its public IP.
• If you need to have a fixed public IP for your instance, you need an Elastic IP.
• An Elastic IP is a public IPv4 IP you own as long as you don't delete it.
• You can attach it to one instance at a time.
• With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account
• You can only have 5 Elastic IP in your account (you can ask AWS to increase that)
• Overall, try to avoid using Elastic IP:
  • They often reflect poor architectural decisions
  • Instead, use a random public UP and register a DNS name to it
  • Or, use a Load Balancer and don't use a public IP

4. EC2 User Data

• It is possible to bootstrap our instances using an EC2 User data script
• bootstrapping means launching commands when a machine starts
• That script is only run once at the instance first start
• EC2 user data is used to automate boot tasks such as:
  • installing updates
  • Installing software
  • Downloading common files from the internet
  • Anything you can think of
• The EC2 User Data Script runs with the root user

5. EC2 Instance Launch Types

5.1 On-Demand Instance: short workload, predictable pricing

• Pay for what you use (billing per second, after the first minute)
• Has the highest code but no upfront payment
• No long term commitment
• Recommended for short-term and un-interrupted workload, where you can't predict how the application will behave

5.2 Reserved Instances

• long workloads (Minimum 1 year)
• Up to 75% discount compared to On-demand
• Pay upfront for what you use with a long term commitment
• Reservation period can be 1 or 3 years
• Recommended for steady-state usage applications (think database)

5.2.1 Convertible Reserved Instance

• long workloads with flexible instances
• Can change the EC2 instance type
• Up to 54% discount

5.2.2 Scheduled Reserved Instances

• launch within the time window you reserve
• when you require a fraction of day / week / month

5.3 EC2 Spot Instance

• Can get a discount of up to 90% compared to On-demand
• Instances that you can "lose" at any point of time if your max price is less than the current spot price (less reliable)
• The MOST cost-efficient instances in AWS
• Useful for workloads that are resilient to failure
  • Batch jobs
  • Data analysis
  • Image processing
  • etc
• Not great for critical jobs or databases
• Creat combo: Reserved Instances for baseline + On-Demand & Spot for peaks

5.4 Dedicated Hosts 

• Physical dedicated EC2 server for your use
• Full control of EC2 Instance placement
• Visibility into the underlying sockets / physical cores of the hardware
• Allocated for your account for a 3 year period reservation
• More expensive
• Useful for software that have complicated licensing model (BYOL - Bring Your Own License)
• Or for companies that have strong regulatory or compliance needs

5.5 Dedicated Instances

• Instances running on hardware that's dedicated to you
• May share hardware with other instances in the same account
• No control over instance payment(can move hardware after stop /start)

6. Spot Instance Requests

• Can get a discount of up to 90% compared to On-demand
• Define max spot price and get the instance while current spot price < max
  • The hourly spot price varies based on offer and capacity
  • If the current spot price > your max price you can choose to stop or terminate your instance with a 2 minutes grace period
• Another strategy: Spot Block
  • "block" spot instance during a specified time frame ( 1 to 6 hours) without interruptions 
  • In rare situations, the instance may be reclaimed
• Used for batch jobs, data analysis, or workloads that are resilient to failures
• Not great for critical jobs or databases

6.1 Spot Fleets

• Spot Fleets = set of Spot Instances + (optional) On-Demand Instances
• The Spot Fleet will try to meet the target capacity with price constraints
  • Define possible launch pools: instance type (m5.large), OS, Available Zone
  • Can have multiple launch pools, so that the fleet can choose
  • Spot Fleet stops launching instances when reaching capacity or max cost
• Strategies to allocate Spot Instances:
  • lowerPrice: from the pool with the lowest price (cost optimization, short workload)
  • diversified: distributed across all pools (great for available, long workloads)
  • capacityOptimized: pool with the optimal capacity for the number of instances
• Spot Fleets allow us to automatically request Spot Instances with the lowest price

7. EC2 Instance Types Detail

• R: application that needs a lot of RAM - in-memory caches
• C: application that needs good CPU - compute/databases
• M: application that are balanced (think "medium") - general / web app
• I: application that need good local I/O (instance storage) - database
• G: application that need a GPU - video rendering/machine learning
• T2/T3: burstable instances (up to a capacity)
• T2/T3 - Unlimited: unlimited burst

7.1 Burstable Instance (T2/T3)

• AWS has the concept of burstable instances (T2/T3 machines)
• Burst means that overall, the instance has OK CPU performance
• When the machine needs to process something unexpected (a spike in load for example), it can burst, and CPU can be VERY good
• If the machine bursts, it utilizes "burst credits"
• If all the credits are gone, the CPU becomes BAD
• If the machine stops bursting, credits are accumulated over time
• Burstable instances can be amazing to handle unexpected traffic and getting the insurance that it will be handled correctly
• If your instance consistently runs low on credit, you need to move to a different kind of non-burstable instance

7.2 T2/T3 Unlimited

• Unlimited burst credit balance
• You pay extra money if you go over your credit balance, but you don't lose in performance

8. Amazon Machine Image (AMI)

• AWS with base images such as:
  • Ubuntu
  • Fedora
  • RedHat
  • Windows
  • etc.
• These images can be customized at runtime using EC2 User data
• But what if we could create our own image, read to go
• That's an AMI - an image to use to create our instances
• AMIs can be built for Linux or Windows machines
• You can leverage AMIs from other people
• You can also pay for other people's AMI by the hour
• AMI can be found and published on the Amazon Marketplace
• Your AMI take space and they live in Amazon S3
• by default, your AMIs are private and locked for your account/region

8.1 Advantages of AMI

• Using a custom-built AMI can provide the following advantages:
  • Pre-installed package needed
  • Faster boot time (no need for ce2 user data at boot time)
  • The machine comes configured with monitoring/enterprise software
  • Security concerns - control over the machines in the network
  • Control of maintenance and updates of AMIs over time
  • Installing your app ahead of time (for faster deploys when auto-scaling)
  • Using someone else's AMI that is optimized for running an app, DB, etc.
• AMIs are built for a specific AWS region

9. Placement Groups

• Sometimes you want control over the EC2 Instance placement strategy
• That strategy can be defined using placement groups
• When you create a placement group, you specify one of the following strategies for the group
  • Cluster: clusters instances into a low-latency group in a single Availability Zone
  • Spread: spreads instances across underlying hardware (max 7 instances per group per AZ) - critical applications
  • Partition: spreads instances across many different partitions (which rely on different sets of racks) within an AZ. Scales to 100s of EC2 instances per group (Hadoop, Cassandra, Kafka)

9.1 Cluster

9.1.1 Pros

Great network (10 Gbps bandwidth between instances)

9.1.2 Cons

If the rack fails, all instances fail at the same time

9.1.3 Use case

Big Data job that needs to complete fast
An application that needs extremely low latency and high network throughput

9.2 Spread

9.2.1 Pros

• Can span across Availability Zones (AZ)
• Reduced risk is a simultaneous failure
• EC2 Instances are on different physical hardware

9.2.2 Cons

• Limited to 7 instances per AZ per placement group

9.2.3 Use Case

• An application that needs to maximize high availability
• Critical Applications where each instance must be isolated from failure from each other

9.3 Partition

• Up to 7 partitions per AZ
• Up to 100s of EC2 instances
• The instances in a partition do not share racks with the instances in the other partitions
• A partition failure can affect many EC2 but won't affect other partitions
• EC2 instances get access to the partition information as metadata
• Use cases: HDFS, HBase, Cassandra, Kafka

10. Elastic Network Interfaces (ENI)

• Logical component in a VPC that represents a virtual network card
• The ENI can have the following attributes:
  • Primary private IPv4, one or more secondary IPv4
  • One Elastic IP (IPv4) per private IPv4
  • One Public IPv4
  • One or more security groups
  • A MAC address
• You can create ENI independently and attach them on the fly (move them) on EC2 instances for failover
• Bound to a specific availability zone (AZ)

11. EC2 Hibernate

• The in-memory (RAM) state is preserved
• The instance boot is much faster (the OS is not stopped/restarted)
• Under the hood: the RAM state is written to a file in the root EBS volume
• The root EBS volume must be encrypted
• Support instance families: C3, C4, C5, M3, M4, M5, R3, R4, and R5
• Instance RAM size: must be less than 150GB
• Instance size: not supported for bare metal instances
• AMI: Amazon Linux 2, Linux AMI, Ubuntu, Windows, and etc.
• RootVolume: must be EBS, encrypted, not instance store, and large
• Available for On-Demand and Reserved Instances
• An instance cannot be hibernated more than 60 days

11.1 Use case

• long-running processing
• saving the RAM state
• services that take time to initialize

12. Reference

https://en.wikipedia.org/wiki/Amazon_Elastic_Compute_Cloud

https://medium.com/@stephane.maarek

https://docs.aws.amazon.com/

https://aws.amazon.com/blogs/aws/new-elastic-network-interfaces-in-the-virtual-private-cloud/