EC2

EC2

EC2 is a service in AWS, allows you to create and manage EC2 instances. EC2 instances are basically virtual machine, highly recommend you to read (https://www.learn-aws.com/2024/11/server-virtualization.html). So long story short, EC2 allows you create/manage EC2 instances based on your resource needs. 


How EC2 instances works ?

There are powerfull servers on AWS datacenters and hypervisor software used to manage those EC2 instances (virtual machines) on these servers. A lot of variying CPU,RAM,networking combination of EC2 options available.

There are 3 types of IP addresses for EC2 instances:

Public:

  • You are not charged for public IP assignment
  • Lost when instance is stopped (When you stop and start instance new public address will be assigned)
  • Associated with private IP address 
  • Cannot be moved between instances

Private:

  • Retained when instance is stopped (Start and stop instance same private address will be assigned)
  • Used in association with public address

Elastic:

  • You are charged for elastic IP address assignment
  • Static public address (doesn't change)
  • Associated with private IP address on the instance
  • Can be moved between EC2 instances and Elastic network adapters.


EC2 instance types 

There is naming convention we must be familiar with:

nano,micro,large, xlarge etc.- Indicates how big,powerfull (vCPU,RAM etc.) EC2 instance really is.

t,c,r,d,g - These letters indicate purpose of instance. For which purpose our instance will be suitable. 

For example :

t2.micro - General purpose (t), 2nd series (2), small server (micro - 1GB RAM, 1 vCPU).

g2.2xlarge - GPU instance (g), 2nd series (2), extra large server (2xlarge -  8vCPU, 15GB RAM)

More information is here : https://docs.aws.amazon.com/ec2/latest/instancetypes/instance-type-names.html


What is AMI ?

AMI - Amazon Machine Image,machine images are like templates that are configured with an operating system and other software that determine the user's operating environment. 


Why is it important ?

For example let's suppose you want to create 20 EC2 instance for project but you want to be sure all of the instaces have same software, updated OS, same version of specific library and sends request to server right after initialization stage. That is why it is  important it's handy tool, also widely used. By the way you can create your own custom AMI or use already available ones.


Let's create EC2 instance and look at AMI's and create one our own.

  1.  Select EC2 from main dashboard by typing "EC2" to the searchbar





  2. Let's launch an instance 

  3. We should select one AMI from the list, let's use choose ubuntu 




  4. And we will need SSH keypair to connect this instance. So let's create one and download private key. Let me remind you that keep private key in secure place, otherwise anyone will be able to connect your instance.





  5. Let the service create security group from scratch. We can create security group and attach policies later on. And use it for other instances. But let's keep everything simple. To connect instance we need ssh protocol's port open to anywhere. Otherwise it wouldn't be possible to connect unless 0.0.0.0/0 allow security rule added. 




  6. When status change to "Running" then we can connect it.


  7. Click to instance, you will face with the properties of it. Important information can be found. Such as our public/private IP address of our instance and public IP's DNS.



  8. Click to "Security". You will see all the firewall rules applied to this particular instance. And as you can see by default 22nd port (SSH) is open.


  9. Let's connect using SSH client command is like below but add your own public IP address or public IP's DNS record like I did. And you will probably face with error like below. Reason for that is quite simple for the security reason SSH wants your private key only accessible by the root (admin) users. That is why we must change the permission of the private-key file.



  10. Use the command below to change the permission. And you will able to connect to your instance.



  11. Okay, I will create a directory and a file. Add some message to this file and save it.




  12. Finish and disconnect from the instance. Let's create AMI.



  13. In the AMI's section of the dashboard you will see the entry you just created. Just be sure that its status is green, I mean created/completed rather pending. So after that we will able to create our instance by this AMI.


  14. Okay, create an EC2 instance again!, Now you will see in the AMI's section your own AMI listed!!!




  15. Okay, select and finish creating instance. And connect it, navigate to the directory you created and examine the content of the file. It is just like the we created in the previous instance right !!!
    Now you understand why we need AMI's !




  16. Okay let's terminate the instances, otherwise at the end of the month hefty bill would be waiting for us !




 


  

Comments

Post a Comment

Popular posts from this blog

Identity Access Management - How to create user in IAM ?!

Image
Introduction IAM stands for Identity and Access Management. IAM is essential component of AWS allows you to create and manage access of user, role, application and control authentication/authorization. There are 4 essential components of IAM :  Users - are individuals or applications want to access to your AWS resources. Groups - are collection of users. By this you can assign permissions to group instead individual users. Roles - are special access type in IAM that allows user/resource to access another resource via temporary credentials. For example EC2 instance can access to DynamoDB or S3 bucket resources without using permanent credentials. This is possible only via Role which is great security point of view. Policies - are JSON documents that define permissions. In policies we define what actions are allowed or should be denied. This can be attached to users, groups, roles. Hands on IAM exercises :  Login to your AWS account and search for IAM :  After clicking IAM icon, you wil
Read more

AWS pricing fundamentals

Image
When using Amazon Web Services (AWS), there are three primary factors that determine your costs: Compute : This includes the amount of resources such as CPU and RAM you use, as well as the duration for which you use them. Data Storage : The quantity of data stored or allocated. Outbound Data Transfer : The amount of data transferred out from all services. It's important to be cautious and monitor your usage to avoid unexpected costs. AWS Pricing Models On Demand (Pay as you Go) The On Demand model allows you to: Easily adapt to changing business needs. Adjust based on your requirements. Reduce the risk of paying for unused capacity. Reserved Instance (Save When You Reserve) By investing in reserved capacity, such as with EC2 or RDS, you can: Ensure you have resources available for unexpected scenarios like web traffic spikes. Reserve resources for 1-3 years, which can lead to significant discounts. Save up to 75% compared to the Pay-as-you-Go model. The more you pay upfront, the gr
Read more

IAM - Roles

Image
IAM Roles Roles in AWS has special meaning. With this functionality you can define different variety of roles and assign it users or your application/service can use them. Roles are specifically important for AWS security. Because roles use temporary credentials with services. So that we don't need to use own permanent credentials to do some operations. If somehow hackers got access to AWS infrastructure they won't able to access our cached permanent  credentials. Here are some of advantages of using roles : Reduced Risk of Credential Exposure Least Privilege Principle Cross-Account Access  Let's create a role and assign it to the user  Click to "IAM" , "Roles" and then "Create role" button.  We need ARN (we talked about this in the previous post) of the user. Copy 12 digit unique ID. During role creation select "AWS account" since we are planning to add this role to user. Enter the ID we got from previous step. This ID defines our us
Read more