Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable computing capacity—literally, servers in Amazon’s data centers—that you use to build and host your software systems.



Instance Types

EC2 instances come with different configurations dedicated to different use cases. You can check out the list of the different configurations on: https://aws.amazon.com/ec2/instance-types/:

  • General Purpose
  • Compute Optimized
  • Memory Optimized
  • Accelarated Computing
  • Storage Optimized

Naming convention

Instances’ names follow a naming convention with pattern like:

<type><hardware-generation>.<instance-size>
Code

For example, the instance type t4g.medium represents:

  • Type t which is a general purpose instance,
  • Hardware generation 4g which is based on AWS Graviton 2 ARM processor for this specific type,
  • Instance size medium which stands for medium memory and CPU ressources, 2vCPU / 4Gio here.

Amazon Machine Image

An AMI is a template that contains the software configuration (Operating System, Application Server and application) required to launch your instance. You can select an AMI provided by AWS, the user community, the AWS Marketplace, or one of your own pre-built AMI.

User data

Script that will be launch at the first boot of the instance and will be run only once.

Security Group

It is fundamental in AWS network security:

  • It controls how traffic is allowed into and out of the EC2 instances.
  • It only contains ALLOW rules.

So it acts as a firewall in front of the EC2 instance. It filters access to:

  • Port number,
  • IPv4 and IPv6 range,
  • Inbound network traffic (into the instance),
  • Outbound network traffic (out of the instance).

That means when traffic is blocked, the EC2 instance won’t even see it:

  • If you end up with a time-out issue when accessing your application, it’s probably a Security Group issue.
  • If you encounter a connection error, then the traffic went through the Security Group and that’s an application error issue (the application did not launch, for example).

A Security Group can reference rules, but also others Security Groups:

Linking another Security Group (SG-DB) allow inbound traffic without knowing specific IP rule nor Port number
Linking another Security Group (SG-DB) allow inbound traffic without knowing specific IP rule nor Port number

The Security Group SG-DB attached to the Database allow traffic inbound to our EC2 instance because we also have attached the SG-DB Security Group to our EC2 instance.

Instance Purchasing options

AWS offers different kind of purchasing when it comes to instances and some of them can reduce cost:

  • On-Demand instances:
    For short workload, with a predictable price, you pay what you use (no cost saving)

  • Reserved and with a minimum of 1 or 3 years(up to 75% discount):

    • Reserved instances:
      For long workloads (a database for example)

    • Convertible Reserved instances:
      Long workloads, but you can change the instance type (from t2-2xlarge to c5-small for example)(up to 54% of discount)

    • Scheduled Reserved instances:
      When you don’t need continuously an instance (for example you need an instance every Sunday per week but during one year at least)

  • Spot instances:
    For short workloads with resilience but less reliable as you can lose your instance if the price you’re willing to pay for them is less than the current Spot price (provide the highest discount in AWS that can be up to 90%). Useful for batch jobs, distributed workloads, image processing, …

  • Dedicated Host (for a period of 3 years):
    Reserves an entire physical server fully dedicated to your use in AWS datacenter. When you have compliance requirements or use a Bring Your Own License model (BYOL)

Jean-Jerome Levy

Written by

Jean-Jerome Levy

DevOps Consultant

Seasoned professional in the field of information technology, I bring over 20 years of experience from working within major corporate IT departments. My diverse expertise has played a pivotal role in a myriad of projects, marked by the implementation of innovative DevOps practices.