4.25 EC2 - Summary & Exam Tips

Previous4.24 Use Polly to Pass Your Exam - Lab of a Serverless Application Next5. Route53

Last updated 5 years ago

Was this helpful?

Exam Tips EC2

Know the differences between:

On demand
Spot
Reserved
Dedicated Hosts

Remember with Spot instances:

If you terminate the instance, you pay for the hour
If AWS terminates the Spot instance, you get the hour it was terminated in for free.

EC2 Instance Types:

DR MC GIFT PX

EBS:

SSD, General Purpose - GP2 - (Up to 10,000 IOPS)
SSD, Provisioned IOPS - IO1 - (More than 10,000 IOPS)
HDD, Throughput Optimized - ST1 - Frequently accessed workloads
HDD, Cold - SC1 - Less frequently accessed data
HDD, Magnetic - Standard - Cheap, infrequently accessed storage
An EBS volume can be attached to only one instance at a time within the same AZ (guarantee that the volume appears as a native block device similar to a local hard drive). However, multiple volumes can be attached to a single instance. EBS volumes are automatically replicated within that AZ to prevent data loss due to failure of any single hardware component.
You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS

EC2 Lab Exam Tips

Termination Protection is turned off by default, you must turn it on.
On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.
Root Volumes cannot be encrypted by default, you need a third party tool (such as bit locker etc) to encrypt the root volume.
Additional volumes can be encrypted.

Volumes vs. Snapshots

Volumes exist on EBS
- Virtual Hard Disk
Snapshots exist on S3
You can take a snapshot of a volume, this will store that volume on S3
Snapshots are point-in-time copies of Volumes.
Snapshots are incremental, this means that only the blocks that have changed since your last snapshot are moved to S3 (only the blocks on the device that have changed after your last snapshot are saved in the new snapshot).
If this is your first snapshot, it may take some time to create.

Volumes vs. Snapshots - Security

Snapshots of encrypted volumes are encrypted automatically
Volumes restored from encrypted snapshots are encrypted automatically.
The encryption of EBS volume are supported on all EBS volume types (has nothing to do with instance types).
For encrypting an EBS volume: take an unencrypted snapshot of an unencrypted volume -> create an encrypted snapshot based on the unencrypted snapshot -> create an encrypted EBS volume based on the encrypted snapshot.
You can share snapshots, but only if they are unencrypted
- These snapshots can be shared with other AWS accounts or made public in marketplace.

Snapshots of Root Device Volumes

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

EBS vs. Instance Store - Exam Tips

Instance Store Volumes are sometimes called Ephemeral Storage.
Instance Store volumes cannot be stopped. If the underlying host fails, you will lose your data.
EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped.
You can reboot both, you will not lose your data.
By default, both ROOT volumes will be deleted on termination, however, with EBS volumes, you can tell AWS to keep the root device volume.

EBS Backed vs. Instance Store (cont.)

You just imagine a volume is a virtual hard disk, so you can either have an EBS backed virtual hard disk or you can have instance store hard disk.
EBS backed volumes are persistent. They continue independently to the life of EC2 instance.
Instance store backed volumes are not persistent (ephemeral). You cannot detach instance store volume and attach it to another EC2 instance. Instance store volume is only going to be valid for the life of that EC2 instance.
EBS volumes can be detached and reattached to other EC2 instances. So you can have additional volumes like a "D drive". For example, you can mount and unmount that and then you can attach it to another EC2 instance.
Instance store volume cannot be detached and reattached to other instances - they exist only for the life of that instance.
EBS volumes can be stopped, data will persist
Instance store volumes cannot be stopped - if you do this, the data will be wiped. So if you have a instance which has a EBS backed volume as root volume, and also has an instance store volume attached, when you terminate the instance, the data in the attached instance store volume will be lost. This is why it is called ephemeral storage.
EBS backed == store data long term.
Instance store == shouldn't be used for long-term data storage.

How can I take a Snapshot of a RAID Array?

Problem: Take a snapshot, the snapshot excludes data held in the cache by applications and the OS. This tends not to matter on a single volume, however, using multiple volumes in a RAID array, this can be a problem due to inter-dependencies of the array.
Solution: Take an application consistent snapshot.
Procedure:
- Stop the application from writing to disk
- Flush all caches to the disk
- How can we do this? There are 3 ways (same goal is to stop the IO):
  - Freeze the file system
  - Unmount the RAID Array
  - Shutting down the associate EC2 instance (easiest way)

Amazon Machine Images

AMI's are regional. You can only launch an AMI from the region in which it is stored. However you can copy AMI's to other regions using the console, command line or the Amazon EC2 API.

CloudWatch

Standard monitoring = 5 minutes
Detailed monitoring = 1 minutes
CloudWatch is for performance monitoring
CloudTrail is for auditing
What can I do with CloudWatch?
- Dashboards - Creates awesome dashboards to see what is happening with your AWS environment
- Alarms - Allows you to set Alarms that notify you when particular thresholds are hit.
- Events - CloudWatch Events helps you to respond to state changes in your AWS resources.
- Logs - CloudWatch Logs helps you to aggregate, monitor, and store logs.

Roles

Roles are more secure than storing your access key and secret access key on individual EC2 instances
Roles are easier to manage
Roles can be assigned to an EC2 instance AFTER it has been provisioned using both the command line and the AWS console. You can assign a new role or change roles for EC2 AFTER they have been provisioned. You could also update the roles policies at any given time so you can add policy documents to a role and that effect will take place immediately.
Roles are universal, you can use them in any region.

Instance Meta-data (e.g. Get Public IP Address)

Used to get information about an instance (such as public IP)
Query the instances metadata:
- curl
- get
Key thing to remember is that it is an instances META DATA, not USER DATA.
Query the instances public IP and private IP using get or curl:
- get
- get

EFS Features

Supports the Network File System version 4 (NFSv4) protocol.
You only pay for the storage you use (no pre-provisioning required)
Can scale up to the petabytes
Can support thousands of concurrent NFS connections
Data is stored across multiple AZ's within a region
Read After Write Consistency. (similar as S3). So as soon as you put a new object onto EFS, you immediately be able to read from it.

Lambda

Use Lambda in following ways:
- As an event-driven compute service, and change data in S3 bucket or DynamoDB table.
- Response to HTTP requests using Amazon API Gateway

Exam Tips EC2

Know the differences between:

On demand
Spot
Reserved
Dedicated Hosts

Remember with Spot instances:

If you terminate the instance, you pay for the hour
If AWS terminates the Spot instance, you get the hour it was terminated in for free.

EC2 Instance Types:

DR MC GIFT PX

EBS:

SSD, General Purpose - GP2 - (Up to 10,000 IOPS)
SSD, Provisioned IOPS - IO1 - (More than 10,000 IOPS)
HDD, Throughput Optimized - ST1 - Frequently accessed workloads
HDD, Cold - SC1 - Less frequently accessed data
HDD, Magnetic - Standard - Cheap, infrequently accessed storage
An EBS volume can be attached to only one instance at a time within the same AZ (guarantee that the volume appears as a native block device similar to a local hard drive). However, multiple volumes can be attached to a single instance. EBS volumes are automatically replicated within that AZ to prevent data loss due to failure of any single hardware component.
You cannot mount 1 EBS volume to multiple EC2 instances, instead use EFS

EC2 Lab Exam Tips

Termination Protection is turned off by default, you must turn it on.
On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.
Root Volumes cannot be encrypted by default, you need a third party tool (such as bit locker etc) to encrypt the root volume.
Additional volumes can be encrypted.

Volumes vs. Snapshots

Volumes exist on EBS
- Virtual Hard Disk
Snapshots exist on S3
You can take a snapshot of a volume, this will store that volume on S3
Snapshots are point-in-time copies of Volumes.
Snapshots are incremental, this means that only the blocks that have changed since your last snapshot are moved to S3 (only the blocks on the device that have changed after your last snapshot are saved in the new snapshot).
If this is your first snapshot, it may take some time to create.

Volumes vs. Snapshots - Security

Snapshots of encrypted volumes are encrypted automatically
Volumes restored from encrypted snapshots are encrypted automatically.
The encryption of EBS volume are supported on all EBS volume types (has nothing to do with instance types).
For encrypting an EBS volume: take an unencrypted snapshot of an unencrypted volume -> create an encrypted snapshot based on the unencrypted snapshot -> create an encrypted EBS volume based on the encrypted snapshot.
You can share snapshots, but only if they are unencrypted
- These snapshots can be shared with other AWS accounts or made public in marketplace.

Snapshots of Root Device Volumes

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot.

EBS vs. Instance Store - Exam Tips

Instance Store Volumes are sometimes called Ephemeral Storage.
Instance Store volumes cannot be stopped. If the underlying host fails, you will lose your data.
EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped.
You can reboot both, you will not lose your data.
By default, both ROOT volumes will be deleted on termination, however, with EBS volumes, you can tell AWS to keep the root device volume.

EBS Backed vs. Instance Store (cont.)

You just imagine a volume is a virtual hard disk, so you can either have an EBS backed virtual hard disk or you can have instance store hard disk.
EBS backed volumes are persistent. They continue independently to the life of EC2 instance.
Instance store backed volumes are not persistent (ephemeral). You cannot detach instance store volume and attach it to another EC2 instance. Instance store volume is only going to be valid for the life of that EC2 instance.
EBS volumes can be detached and reattached to other EC2 instances. So you can have additional volumes like a "D drive". For example, you can mount and unmount that and then you can attach it to another EC2 instance.
Instance store volume cannot be detached and reattached to other instances - they exist only for the life of that instance.
EBS volumes can be stopped, data will persist
Instance store volumes cannot be stopped - if you do this, the data will be wiped. So if you have a instance which has a EBS backed volume as root volume, and also has an instance store volume attached, when you terminate the instance, the data in the attached instance store volume will be lost. This is why it is called ephemeral storage.
EBS backed == store data long term.
Instance store == shouldn't be used for long-term data storage.

How can I take a Snapshot of a RAID Array?

Problem: Take a snapshot, the snapshot excludes data held in the cache by applications and the OS. This tends not to matter on a single volume, however, using multiple volumes in a RAID array, this can be a problem due to inter-dependencies of the array.
Solution: Take an application consistent snapshot.
Procedure:
- Stop the application from writing to disk
- Flush all caches to the disk
- How can we do this? There are 3 ways (same goal is to stop the IO):
  - Freeze the file system
  - Unmount the RAID Array
  - Shutting down the associate EC2 instance (easiest way)

Amazon Machine Images

AMI's are regional. You can only launch an AMI from the region in which it is stored. However you can copy AMI's to other regions using the console, command line or the Amazon EC2 API.

CloudWatch

Standard monitoring = 5 minutes
Detailed monitoring = 1 minutes
CloudWatch is for performance monitoring
CloudTrail is for auditing
What can I do with CloudWatch?
- Dashboards - Creates awesome dashboards to see what is happening with your AWS environment
- Alarms - Allows you to set Alarms that notify you when particular thresholds are hit.
- Events - CloudWatch Events helps you to respond to state changes in your AWS resources.
- Logs - CloudWatch Logs helps you to aggregate, monitor, and store logs.

Roles

Roles are more secure than storing your access key and secret access key on individual EC2 instances
Roles are easier to manage
Roles can be assigned to an EC2 instance AFTER it has been provisioned using both the command line and the AWS console. You can assign a new role or change roles for EC2 AFTER they have been provisioned. You could also update the roles policies at any given time so you can add policy documents to a role and that effect will take place immediately.
Roles are universal, you can use them in any region.

Instance Meta-data (e.g. Get Public IP Address)

Used to get information about an instance (such as public IP)
Query the instances metadata:
- curl
- get
Key thing to remember is that it is an instances META DATA, not USER DATA.
Query the instances public IP and private IP using get or curl:
- get
- get

EFS Features

Supports the Network File System version 4 (NFSv4) protocol.
You only pay for the storage you use (no pre-provisioning required)
Can scale up to the petabytes
Can support thousands of concurrent NFS connections
Data is stored across multiple AZ's within a region
Read After Write Consistency. (similar as S3). So as soon as you put a new object onto EFS, you immediately be able to read from it.

Lambda

Use Lambda in following ways:
- As an event-driven compute service, and change data in S3 bucket or DynamoDB table.
- Response to HTTP requests using Amazon API Gateway