Compute

Elastic Compute Cloud

The EC2 service is used to provision virtual machines in the cloud.

There are many instance types available based on the compute, memory or storage needs.

The full list of instance types can be referred in the AWS Documentation.

Instances are named using the below convention:
m5.2xlarge
m - instance class
5 - generation
2xlarge - size of the instance

Security Groups are firewalls attached to EC2 instances. Security Groups have rules that determine the permitted inbound and outbound traffic.

Commands to SSH into an EC2 instance

chmod 0400 <pem file>
ssh -i <pem file> ec2-user@<public ip>

EC2 User Data is used to bootstrap an instance during startup.

By default, scripts entered as user data are executed with root user privileges.
By default, user data runs only during the boot cycle when you first launch an instance.
Amazon EC2 user data is used to customize dynamic installation parts at boot time.

EC2 instances can be attached IAMRoles to give them permissions.

Never enter access key / secret access key information inside an EC2 instance session.

Instance purchasing options

On-Demand: Pay, by the second, for the instances that you launch.
Reserved Instances: Reduce costs by making a commitment to a consistent instance configuration, including instance type and Region, for a term of 1 or 3 years.
Savings Plan: Reduce costs by making a commitment to a consistent amount of usage, in USD per hour, for a term of 1 or 3 years.
Spot: Request unused EC2 instances, which can reduce costs significantly. Spot request can be one-time or persistent.
Spot fleet: set of spot instances + optional on-demand instances
Dedicated Hosts: Pay for a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
Dedicated Instances: Pay, by the hour, for instances that run on single-tenant hardware.
Capacity Reservations: allow you to reserve compute capacity for Amazon EC2 instances in a specific Availability Zone.

Difference between Savings Plan and Reserved Instances:

Savings plan: committing to spend certain amount of money
Reserved instances: committing to spend certain amount of compute power

Private IP

Accessible only within the AWS network

Public IP

Accessible over the public internet

Elastic IP

Static public IP address that persists over restarts

Placement Groups

Define how your instances should be placed. There is no charge for creating a placement group.

Cluster: Packs instances close together inside an Availability Zone. Used to achieve low latency for workloads such as HPC applications.
Spread: Strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.
Partition: Spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions.

A spread placement group can span multiple Availability Zones in the same Region. You can have a maximum of seven running instances per Availability Zone per group.

EC2 Hibernate is a feature that allows you to save the state of your instance. Hibernating EC2 instances save the contents of instance memory to an Amazon Elastic Block Store (Amazon EBS) root volume. When the instances restart, the instance memory contents are reloaded.

Res Amazon EC2 AMI 48 Amazon Machine Image (AMI) is a supported and maintained image provided by AWS that provides the information required to launch an instance. It can be public or private or shared.

Launch configuration is an instance configuration template that an Auto Scaling group uses to launch EC2 instances.

You can’t modify a launch configuration after you’ve created it.

Launch template is similar to a launch configuration, in that it specifies instance configuration information. However, defining a launch template instead of a launch configuration allows you to have multiple versions of a launch template.

Launch Configuration v/s Launch Template

You can use a launch template to provision capacity across multiple instance types using both On-Demand Instances and Spot Instances to achieve the desired scale, performance, and cost.
Launch Configuration cannot be spread across multiple instance types.

Arch Amazon EC2 Image Builder 48 EC2 Image Builder helps automate the image build process.

Instance metadata is available from your running instance. You can run the following commands to fetch it:

IPv4

http://169.254.169.254/latest/meta-data/

IPv6

http://[fd00:ec2::254]/latest/meta-data/

Elastic Network Interface

Elastic Network Interface is a virtual network card. It provides a primary private IPv4 address and additional secondary IPv4 addresses can be added.

The primary ENI cannot be detached from the EC2 instance.

Secondary ENIs can be detached and attached to another EC2 instance.

Secondary ENIs persist even if the EC2 instance is stopped.

Elastic Beanstalk

Elastic Beanstalk helps to automate the creation of services and resources for application deployment.

Some of the features provided by Elastic Beanstalk are:

Managed Platform Updates
Autoscaling and Load Balancing
Monitoring and Health

Elastic Beanstalk comes with some pre-configured stacks for popular languages.

LightSail

Amazon Lightsail is a virtual private server (VPS) provider and is the easiest way to get started with AWS for developers, small businesses, students, and other users who need a solution to build and host their applications on cloud.

It provides a subset of AWS services and resources that give customers the core functionality needed to get started with their cloud journey.

Lightsail can support containerized workloads as well.

Elastic Container Service (ECS)

ECS is the container orchestration service of AWS.

Launch types

EC2: EC2 servers have to be provisioned by the customer. EC2 instance needs the ECS agent installed on them to register to the ECS cluster
Fargate: Serverless offering

ECS EC2 launch type can be used to leverage reserved instances and savings plans for long-term cost savings.

Amazon ECS with EC2 launch type is charged based on EC2 instances and EBS volumes used.
Amazon ECS with Fargate launch type is charged based on vCPU and memory resources that the containerized application requests.

Role types

EC2 Instance Profile: used by the ECS Agent to make API calls to ECS service
ECS Task Role: allows each task to have a specific role

ECS Task Definition is a blueprint that describes how containers should launch.

Task Definitions create Tasks. A Task is analogous to a container.

ECS Service ensures that a certain number of Tasks are running at all times.

You cannot map different ports with ECS.

Containers within one specific task can communicate through localhost.

Anything in a docker-compose file can be translated to a task definition.

EFS can be used as a file system for ECS over NFS protocol.

S3 cannot be used as a file system for ECS.

Number of ECS tasks can be auto-scaled using the ECS Service Auto Scaling.

Two types of autoscaling:

Auto Scaling Group Scaling
ECS Cluster Capacity Provider

Elastic Kubernetes Service (EKS)

EKS is the managed Kubernetes service of AWS. Through EKS, AWS manages the control plane, whereas worker nodes have to be managed by customers.

Types of worker nodes

Self-managed nodes: customer provisions the EC2 instances
Managed node group: use AWS/EKS API calls to automate provisioning of the EC2 instances
Fargate: serverless

For Data Volumes, you need to specify a StorageClass manifest on the EKS cluster.
It leverages a Container Storage Interface (CSI) driver.
Supports EBS, EFS (Fargate), FSx for Lustre and NetApp ONTAP.

Elastic Container Registry (ECR)

ECR is a container registry provided by AWS.

Types of repositories

Public ECR - for open source projects
Private ECR - for specific accounts

ECR works well with AWS CodeCommit and AWS CodeBuild.

Amazon Inspector can be used to scan the images.

Behind the scenes the images are stored in S3.

AWS App Runner

AWS App Runner is a fully managed service that makes it easy to deploy web applications and APIs at scale.

AWS Batch

AWS Batch is used to schedule batch jobs that don’t need any human intervention.

The state moves from Submitted → Pending → Runnable → Starting → Running → (Succeeded / Failed)

Core components include Job Definition, Job Queues, Job Scheduler

Supports EC2 on-demand, EC2 SPOT, Fargate.

AWS Lambda

AWS Lambda is the Serverless offering from AWS. It helps customers run workloads without the need to provision virtual machines on the cloud.

Lambda functions are limited by time, so they should be short running.

Pay per calls, Pay per duration.

Memory allocation 128 MB - 10 GB
Max execution time 900 sec / 15 min
Env variables 4 KB

Lambda functions can be triggered by many AWS services. Some of them are listed below.

API Gateway
Kinesis
DynamoDB
S3
CloudFront
CloudWatch Events
EventBridge
CloudWatch Logs
SNS
SQS
Cognito

Layers can be created to manage dependencies.

Destination is the next step to pass the flow like SNS, SQS.

The main features of Lambda apart from its serverless support are event-driven programming, multi-language support, fault tolerance and automatic scaling.

If a Lambda function needs to access a database, it is advised to do it through RDS Proxy.The Lambda function must be in your VPC, as RDS Proxy is never public.

Lambda SnapStart for Java 11 is known to increase performance by 10x.

Lambda does not have an out-of-the-box caching feature.

Since AWS Lambda functions can scale extremely quickly, it’s a good idea to deploy a Amazon CloudWatch Alarm that notifies your team when function metrics such as ConcurrentExecutions or Invocations exceeds the expected threshold.

By default, AWS Lambda functions always operate from an AWS-owned VPC and hence have access to any public internet address or public AWS APIs. Once an AWS Lambda function is VPC-enabled, it will need a route through a Network Address Translation gateway (NAT gateway) in a public subnet to access public resources

If you intend to reuse code in more than one AWS Lambda function, you should consider creating an AWS Lambda Layer for the reusable code

Concurrency in Lambda, is the number of in-flight requests that your function is handling at the same time.

Concurrency = (average requests per second) * (average request duration in seconds)

Concurrency = (200 requests/second) * (0.05 second/request) = 10

By default, your account has a concurrency limit of 1,000 concurrent executions across all functions in a Region.

Reserved Concurrency: Use reserved concurrency to reserve a portion of your account’s concurrency for a function. This is useful if you don’t want other functions taking up all the available unreserved concurrency.
Provisioned Concurrency: Use provisioned concurrency to pre-initialize a number of environment instances for a function. This is useful for reducing cold start latencies.

Pre-warming is a strategy used for Lambda functions to deal with expected incoming load. e.g. a significant surge in website traffic during holiday sales.

Step Functions

Step Functions build a serverless visual workflow to orchestrate Lambda functions.

One use-case is to create state machines.

Workflow can be parallelized with support for Error Handling and Retry Logic.

Serverless Application Model

Serverless Application Model is a toolkit that improves the developer experience of building and running serverless applications on AWS.

SAM can be considered as a template or a blueprint for a serverless application.

Serverless Application Repository

Serverless Application Repository is a managed repository for serverless applications that allows developers to share and deploy their serverless applications and components with other teams, developers, companies or the community.

AWS Amplify

AWS Amplify is a complete solution for building web and mobile applications. With Amplify, features such as authentication, APIs, storage, continuous deployment and analytics can be easily enabled for an application.

It facilitates rapid development for full-stack applications.

AWS Amplify Studio is a visual interface that allows developers to easily build and ship complete web and mobile apps in hours.

AWS Outposts

AWS Outposts is a family of fully managed solutions delivering AWS infrastructure and services to virtually any on-premise or edge location for a truly consistent hybrid experience.

It enables you to run AWS services locally with a AWS rack on your on-premise hardware.

ECS/EKS Anywhere

Enables you to run ECS or EKS on your on-premise hardware.

Users can use the EKS Dashboard or ECS Anywhere Dashboard to view the cluster.

It is useful for hybrid deployments.

It is good if a customer has a legal requirement to keep all their data on-premise.

VMware Cloud on AWS

In hybrid cloud architectures, many customers use VMWare products like vSphere, vSAN and NSX-T to create virtual environments on their on-premise hardware and the EC2 instances on cloud.

VMware Cloud on AWS allows customers a uniform way of managing virtual environments on-premise and in the cloud.

SNOW Family for Compute

Snowball Edge Arch AWS Snowball Edge 16 and Snowcone Arch AWS Snowcone 16 have in-built compute capabilities.