Tag: private key

Elastic Cloud Compute is a virtual server based on Windows /Linux Platform in AWS.

• Amazon Elastic Compute Cloud has reduced the time to get the server instance up and boot in minutes. This allows us to quickly scale up/down the capacity as per the computing requirements.

EC2 Types

• On Demand – This allows you to pay fixed rate by hours/Seconds with no upfront commitments. This not available in seconds for windows servers.
  • This is perfect for users that want low cost and flexibility of EC2. Without any upfront payments or commitments.
  • Applications with short term, spiky or unpredictable loads that cannot be interrupted.
  • Application developed and tested on EC2 for the first time.
    
• Reserved – Provides with capacity reservations and offers discount on the hourly charge for an instance,  1to 3-year terms
  • Application with steady state or predictable usage.
  • Application that requires reserve capacity.
  • User can pay upfront to reduce the total computing cost further down.

• Types of RI
  
  • Standard RIs – Up to 75% off on-demand RI.
  • Convertible RIs – Up to 54% off on-demand RI. It allows you to change the attributes of the RI if the exchange results in creation of Reserved Instance of equal or greater value.
  • Scheduled RIs – These are time bound RIs, it will be available during the reserve time window. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month.
    
• Spot – Enables you to Bid whatever price you want for instance capacity, providing for even greater saving if the applications have flexible start and end time (No Peak Hour).
  • Application having flexible end and start time.
  • Applications those are only feasible at very low computing price.
  • Users with an urgent need for large amount of additional computing capacity.
  • If spot instance is terminated by Amazon, you will not be charged for the partial hour. But if you terminate the instance, you will be charged for that complete hour.
    
• Dedicated Host – Physical EC2 server dedicated for your use. Dedicated Hosts can help you to save the cost by allowing using the existing server bound software.
  • Useful for regulatory requirement that doesn’t support multi-tenant or cloud deployments
  • Great for licensing which doesn’t support multi-tenant or cloud deployments.
  • Can be purchased on-Demand (Hourly)
  • Can be purchased as reservation for up to 70% off the On-Demand.
    
• Amazon EBS allows you to create storage volume and attach them to Amazon EC2 Instance. Once attach you can create file system on top of these volumes, you can run them as database or use them in any other way you would use a block device.
• Amazon EBS is placed in a specific AZ, where they are automatically replicated to protect you from failure of a single component.
  
• EBS volume types
  
  • General Purpose SSD (GP2)
    • General purpose balances both price and performance.
    • Ratio of 3 IOPS per 3 GB with up to 10000 IOPS and the ability to burst up to 3000 IOPS for extended period for volumes at 3334 Gib and above.
      
  • Provisioned IOPS SSD (101)
    • Designed for I/O Intensive applications such as large relational or NoSQL database.
    • Use if you need more than 10,000 IOPS
    • Can provision up to 20000 IOPS per Volume.
      
  • Throughput optimized HDD (ST1)
    • These cannot be a boot volume, these are additional volumes attached to the root volume.
    • Big data, data warehousing, log processing
      
  • Cold HDD (SC1)
    • Lowest cost storage for infrequent access workload.
    • File server.
      
  • Magnetic (Standard)
    • Lowest cost per GB of all EBS volume Type that is a bootable.
    • Magnetic volume is ideal where the work load were data are accessed infrequently and application where the lowest cost is important.

• Each subnet is assigned to one AZ, you cannot have more than 1 subnets per AZ.
  One Subnet = One AZ
• AMI (Amazon Machine Images) – are snapshots of different flavor virtual machines.
• On EC2 Create page, advance section we can add boot strap scripts. It may contain the Unix Bash commands.
• On Add Storage page, we can add the root EBS volume as well as the additional volumes. In root Volume we can add only General Purpose (GP2), Provisioned IOPS SSD (IO1) and Magnetic.
• These root volumes are used to load the OS.
• Volumes are nothing but virtual HDD.
• Delete on termination if checked will delete the volume assigned upon termination of the EC2 Instance.
• Security Groups are Virtual files. It defines the traffic allowed from your web servers, like which port/protocol is allowed or denied for the instance.
• 0.0.0.0/0 will allow access to all.
• Public key and private key pair will be shared upon creation of EC2 Instance. Public key is your Padlock and private key is the key to Pad Lock.
• These key pair needs to be downloaded and saved, as it will not be shown later. You can regenerate the keys.
• Encryption can be done only for the attached volume, we cannot encrypt the Root volume device.
• The EBS root volume can be encrypted using the third-party tool like Bit Locker. This can be achieved while creating the Amazon AMI or through the API.
  
• Login through SSH terminal for EC2 Instance,

• To connect through the Windows system to AWS EC2 instance, we need to use Putty and Putty keygen.
• The Private and Public key generated by AWS EC2 are in pem extension format, and for putty we need ppk, here we use putty keygen tool to convert the. pem file to. ppk file.
• To connect to putty, use IP address (Public IP address) of your instance as hostname
• Windows 10 provides SSH access through CMD, you can directly run the below command to SSH your EC2 instance using Pem file.
• ssh -i <path to your .pem file> ec2-user@<your EC2 Public IP address>
• In case of ubuntu as OS, replace ec2-user with ubuntu@<your EC2 Public IP address>
  
• Upgrading EBS volume Type
  • You cannot have the EC2 instance in one availability zone and the EBS Volume in another availability zone. Both should be in the same AZ.
  • We cannot modify the volume for Standard Volume Type, standard is pure magnetic volume. All other volume type can be modified.
  • To change the AZ for any volume, we will need to create a snapshot first for that EC2 instance and then create a volume for the snapshot. While creating volume for the snapshot, you can change the volume type as well as the AZ for the new volume.
  • Snapshot also allows the EC2 instance to move from one region to another one. Create a snapshot and then move the snapshot to the new region.
  • Through snapshot we can create images. These images are stored under AMI.
  • To delete the AMI, select the images and click on deregister.
    
• Volume vs Snapshot – Security
  • Snapshots of Encrypted volumes are Encrypted automatically.
  • Volumes restored from encrypted snapshots are encrypted automatically.
  • You can share snapshots but only when they are un-encrypted.
  • These snapshots can be shared with other AWS account or can be made public.
    
• Additional Details
  • Volumes Exist on EBS
  • Volumes are nothing but Virtual HDD
  • Snapshot exists on S3, they are point in time copy of the volumes.
  • Snapshots are incremental – That means only those blocks that have changed since your last snapshot are moved to S3.
  • First snapshot takes time to load, as it will capture all data.
  • To create a snapshot for the EBS volumes that serve as a root device, you should stop the instance before taking the snapshot.
  • However, you can take snaps while instance is running.   
  • You can create AMIs from the EBS-backed instance and snapshots.
  • You can change the EBS volume sizes on the fly, including changing the size and volume type.
  • To move an EC2 Volume from one AZ/Region to another, take a snap or an image of it, then copy it to the new AZ/Region.