Designing Compute Solutions in AWS – EC2

Compute resources are the brains and processing power required by applications and systems to carry out computational tasks via a series of instructions. So the physical servers within a data center would be considered as a compute resource.

There are a number of different services that have compute power that offer different functions in AWS.

EC2 instances may be used continuously for months or years, processing billions of instructions. Also, a few milliseconds of these compute resources may be utilized within a serverless AWS Lambda function before relinquishing that compute power.

Amazon EC2 (Elastic Compute Cloud) is a core service provided by AWS that enables users to rent and manage virtual servers, known as instances, in the cloud. It offers scalable computing capacity, allowing users to launch and terminate instances as needed. EC2 supports various instance types, operating systems, and configurations, providing flexibility for different application needs. Additionally, it integrates with other AWS services for networking, storage, and security, making it a powerful tool for deploying and managing scalable web applications and services. EC2 services can be broking down to the following components:

  • Amazon Machine Images (AMIs)
  • Instance Types
  • Instance Purchasing Options
  • Tenancy
  • User Data
  • Storage Options
  • Security

AMI: Amazon Machine Images

AMIs are templates of the pre-configured EC2 instances, which allow you to quickly launch a new EC2 instance based on the configuration defined within the AMI. It’s an image baseline that includes an operating system and applications, along with any custom configuration. After you launch one or more instances using AMI, you can install your custom apps into your EC2 instances. After that, you can create a custom AMI from those customized EC2 instances. You can also purchase AMIs from AWS Marketplace which is an online store.

Security

You can restrict communication by source ports and protocols for inbound and outbound communication using security groups.

EC2 Instance Types

An instance type simply defines the size of the instance based on a number of different parameters.

  • General Purpose (t): Balance between compute, memory, and networking resources. Suitable for a wide variety of applications.
  • Compute Optimized (c): Ideal for compute-intensive tasks such as high-performance web servers, scientific modelling, and dedicated gaming servers.
  • Memory Optimized (m): Designed for applications that require large amounts of RAM, such as in-memory databases, large-scale data processing, and real-time big data analytics.
  • Accelerated Computing (p, g, f): Uses hardware accelerators, or co-processors, to perform functions such as floating-point number calculations, graphics processing, or data pattern matching more efficiently than software running on general-purpose CPUs. Examples include machine learning, high-performance computing (HPC), and video processing.
  • Storage Optimized (i, d, h): Optimized for storage-intensive tasks, such as online transaction processing (OLTP) systems, relational and NoSQL databases, data warehousing, and distributed file systems.
  • HPC Optimized (hpc): High-performance computing applications that need high levels of processing power, such as scientific simulations, seismic analysis, and engineering simulations.
  • For example, m5.2xlarge meaning is as follows: m=instance class; 5=generation; 2xlarge=size

EC2 instances purchasing options

  • On-Demand: Short workload, predictable pricing, pay by second.
  • Reserved: Cheaper (up to 72%) with upfront payment, and long-term commitment.
  • Savings Plans: Cheaper, but lock in for 1–3 years.
  • Spot Instances: Cheaper, use spare capacity.
  • Dedicated Hosts: Book the entire physical server.
  • Dedicated Instances: Don’t share with other customers.
  • Capacity Reservations: Reserve in a specific AZ for any duration.

Tenancy

  • Shared Tenancy: Default option where instances run on shared hardware.
  • Dedicated Instances: Instances run on isolated hardware dedicated to a single customer, but may share the physical host with other instances from the same account. They incur additional charges because no other customers’ EC2 instances are on the same hardware.
  • Dedicated Hosts: Physical servers fully dedicated to one customer, providing more control over instance placement and allowing the use of existing server-bound software licenses.

User data

User data allows you to enter commands that will run during the first boot cycle of that instance.

Storage options

Selecting the storage for your EC2 instance will depend on the type of instance selected, how you intend to use the instance, and how critical the data is.

  • Persistent storage is available by attaching EBS volumes.
  • Ephemeral storage is created by EC2 instances using local storage.

Storage that is physically attached to the host on which the EC2 instance resides. You can not detach an ephemeral instance store volume from an instance. All saved data on an instance store volume is lost as soon as the instance hibernates, is stopped, or is terminated.


The following components are part of each EC2 configuration:

  • Amazon Machine Images (AMIs)
  • Authentication using a unique public/private key pair
  • Amazon Elastic Block Storage (EBS) and/or temporary storage volumes
  • A mandatory firewall called a security group that protects each basic or elastic network interface
  • Basic or elastic network interfaces (ENI)
  • Multi-tenant, single-tenant, dedicated, or bare-metal instance deployment.

Each AMI includes the following components, described by an associated XML manifest:

  • Boot volume: The root boot volume for an EC2 instance can be either an EBSA boot volume created from a snapshot or a local instance storage volume copied from an Amazon S3 bucket.
  • Launch permissions: Launch permissions define the AWS account permitted to use the AMI to launch instances. Default launch permissions are set to private, which means that only the AWS account where the AMI was created can use that AMI. Launch permissions can also define a select list of AWS accounts. Switching AMI launch permissions from private to public means any organization in the overall AWS cloud has access.
  • Volumes to attach: Volumes attached to the EC2 instance at launch are contained in a block device mapping document. Local instance temporary volumes are listed as ephemeral0 to ephemeral23, depending on the number of instance store volumes created. Instance ephemeral volumes are SSD or NVMe drives.
  • Default region: AMIs are stored in the local AWS region where they are created. After creation, AMIs can be manually copied or backed up to other AWS regions as necessary.
  • Operating system: Choices are Linux, Windows, or macOS.
  • Root device storage: Amazon EBS or an EC2 instance storage volume.

During the creation of the AMI, snapshots of the EC2 instance’s root volume and any other attached EBS volumes are created. After the AMI build process has been completed, the EC2 instance is rebooted to check the file system integrity of the snapshots and AMI that were just created. Once a custom AMI is created, tested, and finalized for production, it should be considered a golden AMI; the image should be as perfect as possible; customizations or changes should not be allowed to a finalized production AMI.

You can deploy Windows or Linux AMIs using any of the following options:

  • EC2 dashboard: Create an EBS-backed AMI from an EBS-backed instance.
  • AWS CLI: Use the create-image command to create an EBS-backed AMI from an EBS-backed instance.
  • Amazon Marketplace: Many commercial Windows and Linux operating system images and third-party virtual software appliance images are available for deployment.
  • My AMIs: This EC2 dashboard location stores custom AMIs created in your AWS account.
  • AWS Application Migration Service (AMS): This service enables you to automate the migration of physical, virtual, and cloud-based servers to Amazon EC2. The AWS Application Migration Service creates AMIs of your on-premises servers.
  • AWS Database Migration Service (DMS): This service enables you to migrate databases to and from Amazon RDS and Amazon Redshift, and migrate on-premises database engines into AWS.

EC2 Placement Groups

Launching EC2 instances in a placement group influences how they are placed in underlying AWS hardware.
Depending on your type of workload, you can create a placement group using one of the following placement
strategies:

  • Cluster – your instances are placed close together inside an Availability Zone. A cluster placement group can span peered VPCs that belong in the same AWS Region. This strategy enables workloads to achieve low-latency, high network throughput network performance.
  • Partition – spreads your instances across logical partitions, called partitions, such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. A partition placement group can have partitions in multiple Availability Zones in the same Region, with a maximum of seven partitions per AZ. This strategy reduces the likelihood of correlated hardware failures for your application.
  • Spread – strictly places each of your instances across distinct underlying hardware racks to reduce correlated failures. Each rack has its own network and power source. A spread placement group can have partitions in multiple Availability Zones in the same Region, with a maximum of seven running EC2 instances per AZ per group.

Resources:
CloudAcademy – Designing Compute solutions in AWS
Mark Wilkins – AWS Certified Solutions Architect – Associate (SAA-C03) Cert Guide (Certification Guide)
Jon Bonso – AWS Certified Solutions Architect Associate SAA-C03-Tutorials Dojo

Tags: