Elastic Block Storage: Types and Snapshots in AWS

Elastic Block Storage is one of the important features of AWS. You can consider Elastic Block Storage as Hard Disk of your laptop. Below are some basic points to remember about Elastic Block Storage:

1. Elastic Block Storage (is just like Hard Disk of your laptop) and can only be used by mounting on an EC2 instance unlike S3.

2. EBS is persistent storage system. Instance storage is non-persistent.

3. EBS provide 1G to 1TB data storage capacity. If you want more storage, attach multiple EBS volumes to your EC2 instance.

4. Relationship between EBS and EC2: Multiple EBS can be attached to an EC2 instance but one EBS cannot be attached to multiple EC2 instances simultaneously. On the other hand, one EFS can be attached to multiple EC2 instances. 

5. Root EBS: Root EBS can be only one. Root EBS can’t be encrypted and “Delete on Termination” is checked by default.

6. Available only in single AZ: Multiple Availability Zone is NOT supported. EC2 and EBS should be in same AZ.

7. Backup to S3: Backup of EBS volumes is called Snapshot and is done in incremental fashion. You can also take point-in-time snapshots of your EBS volumes. Snapshots are stored in S3. 

8. As EBS is only AZ specific, so if you want to make it available in multiple zones, take a snapshot of it, save it to S3 and re-create EBS volume from this snapshot in another AZ.

9. Snapshot Sharing: Snapshots can also be shared to multiple regions and across multiple AWS accounts by backing them up to S3. To share snapshots between AWS accounts, make sure snapshots MUST NOT be encrypted.

10. You can also increase the size of EBS volume while restoring it from snapshot.

11. To take backup of Root EBS (where OS is running), you must stop it first for data integrity. For other EBS volumes you should also stop the instance otherwise it may impact the performance and data integrity.

12. RAID0, RAID1 and RAID10 (combination of both) are preferred. RAID5 is discouraged.

13. EBS is automatically replicated within the same AZ.

14. EBS Volume Types

• General Purpose (SSD) (gp2) volumes can burst to 3000 IOPS, and deliver a consistent baseline of 3 IOPS/GiB. 
• Provisioned IOPs (SSD) (io1) volumes can deliver up to 64000 IOPS, and are best for EBS-optimized instances. 
• Max Throughput Optimized HDD (ST1) – For frequent accessed data
• Max Cold HDD (SC1) – For IA (in-frequent accessed data)
• Magnetic volumes, previously called standard volumes, deliver 100 IOPS on average, and can burst to hundreds of IOPS. Lowest cost.

For detailed comparison of above mentioned EBS Volume Types, you can go through the official documentation.

Difference between Dedicated Host and Dedicated Instance in AWS (Dedicated Host vs Dedicated Instance)

Following are the basic differences between Dedicated Hosts and Dedicated Instances:

Dedicated Instances run on dedicated host. When you restart your dedicated instance, there is a possibility that it run on different dedicated host. So, physical parameters may not remain the same. 

Dedicated Host is a dedicated physical host where you can launch your dedicated instances. All the physical parameters remain the same when the instances over this host are restarted. You have visibility over how your dedicated hosts are utilized and you can determine how many sockets and cores are installed on the server. These features allow you to minimize licensing costs in a bring-your-own-license (BYOL) scenario and help you address corporate compliance and regulatory requirements. BYOL (Bring Your Own License) are tied to physical host. It reduce costs by allowing you to use your existing server-bound software licenses. 

To summarize, following are the advantages of dedicated hosts:

1. Save Money on Licensing Costs (BYOL)
2. Visibility of Sockets and Physical Cores
3. Help Meet Compliance and Regulatory Requirements
4. Affinity
5. Instance Placement Controls

Difference between Fixed Performance and Burstable Performance in EC2 Instances (Fixed Performance vs Burstable Performance)

Following are the basic differences between Fixed Performance and Burstable Performance:

1. Performance Instances provide a consistent CPU performance whereas Burstable Performance Instances provide a baseline CPU performance under normal workload. But when the workload increases, Burstable Performance Instances have the ability to burst, i.e. increase the CPU performance.

2. CPU credit regulates the amount CPU burst of an instance. You can spend this CPU credit to increase the CPU performance during the burst period. 

Suppose you are operating the instance at 100% of CPU performance for 5 minutes, you will spend 5 (i.e. 5*1.0) CPU credits. Similarly if you run an instance at 50% CPU performance for 5 minutes you will spend 2.5 (i.e. 5*0.5) CPU credits.

3. When you create an instance, you will get an initial CPU credit. In every hour, you will get certain amount of CPU credits automatically (this amount depends on the type of instance). If you don't burst the CPU performance, the CPU credit will be added to your CPU Credit Balance of your account. 

4. CPU credit keeps carrying forward till 24 hours, after that it re-initializes. If you are out of CPU Credit (i.e. CPU Credit Balance turns into 0) your instance will work on baseline performance.

5. Baseline performance is just 30% for t2.large.

6. Not all EC2 instances support Burstable Performance.

7. Mainly used for micro-services, low-latency interactive applications, small and medium databases, virtual desktops, development, build, and stage environments, code repositories, and product prototypes.

AWS EC2 Instance Classes and Types

There are different types of EC2 instances which you can choose for your application. There are varying combinations of CPU, memory, storage (EBS or Instance storage), and networking capacity. Broadly, we can classify EC2 instances as:

1. General Purpose
2. Compute Optimized
3. Memory Optimized
4. Storage Optimized
5. Accelerated Computing / GPU Optimized

1. General Purpose

Classes: T2 (T stands for Tiny) - Burstable Performance, M5 (M stands for Medium) - Fixed Performance

Suited for: Development environments, Small and mid-sized databases, Low-traffic web applications, Build servers, Code repositories, Testing and staging environments, Early product experiments etc.

Instance sizes: nano, micro, small, medium, large, xlarge, 2xlarge, 4xlarge, 8xlarge, 10xlarge

CPU Credits: T2 instances accrue CPU credits when they are idle, and use CPU credits when they are active. T2 instances are a good choice for workloads that don’t use the full CPU often or consistently, but occasionally need to burst (e.g. web servers, developer environments and small databases).

2. Compute Optimized

Classes: C5 (C stands for Compute)

3. Memory Optimized

Classes: X1, R4 (R stands for RAM)

Charged Per GB of RAM

4. Storage Optimized

Classes: I3 (I stands for I/O), D2 (D stands for Dense)

Suited for: Data Warehouse, intended for workloads that need greater sequential write and read access to larger data sets

5. Accelerated Computing / GPU Optimized

Classes: P3, G3 (G stands for Graphics), F1

Uses NVIDIA GPU

Suited for: Low Latency, High Throughput, High IOPS, Machine Learning, Deep Learning, Big Data Analytics, In-memory Analytics, Reporting, Graphics, Gaming, Video Encoding, High Performance Databases, Batch Processing, Streaming, Speech Recognition, Ad Serving, 3D Visualization, Distributed Analytics, Computational Finance, Financial Analytics, Computational Fluid Dynamics, Genomics Research, Drug Discovery, Scientific Modelling, Molecular Modeling, Media Transcoding etc.

Difference between EC2 and Lightsail in AWS (EC2 vs Lightsail)

EC2 and Lightsail are compute services offered by AWS. Broadly, you can say Lightsail is the lighter version of EC2 where you don't need to manually configure underlying infrastructure like EBS, EFS, VPC, Subnets, Storage Groups, ACL etc. Following are the basic points about Lightsail to consider:

1. With EC2, you have to manually configure Storage and Networking. But if you don't want to take headache of underlying infrastructure such as Storage and Networking, you can go with Lightsail.

2. Lightsail is a VPS (Virtual Private Server) service in which the above mentioned infrastructure is in-built.

3. Lightsail provides: 

• VPS (Virtual Private Server with Autoscaling)
• Storage (like EBS, EFS for EC2)
• Networking (like VPC, Subnet, SG, NACL for EC2)
• Load Balancing (like ELB)
• API (Application Program Interface)
• Integration with other AWS services via VPC peering

4. Backup: You can easily create snapshot of you Lightsail VPS.

5. In short, Lightsail is the simpler and lighter version of EC2 with limited functionalities. The target market for Lightsail appears to be those who just want a simple VPS without going into the complexities of EC2. Later on, you can easily switch from Lightsail VPS to EC2.

AWS IAM: Identity and Access Management in AWS

Identity and Access Management is a very useful service offering from AWS. IAM is used to authenticate and authorize the users and AWS services to use AWS resources. Below are the basic points to not about AWS IAM:

1. Authentication and Authorization: Control access to AWS resources for your users. For example, developer should only be able to access compute and storage resources, DBA should only be able to access database resources etc.

2. Components: Users, Groups, Policies, Roles

3. Root User/Account: User/Account with which you have created your AWS account. It has all the access. It is advisable not to use root account. Instead, create an Admin account and provide all the access. Keep it for emergency purpose. 

4. User Access Type: You can provide two types of access to user: Programmatic Access (Access Key ID and Secret Access Key), Console Access (Password).

5. Access Key ID and Secret Access Key: You have to note down the Secret Access Key, once lost, you need to regenerate it.

6. User Login URL: https://your_account_name.signin.aws.amazon.com/console

7. Groups and Policies: Instead of assigning policies to individual users, it is recommended to create a group and assign the policies to that group. Now keep adding/removing users to that group. For example, if you want to create 5 developer accounts and want to assign same policies to them, instead of assigning those policies to individual accounts 5 times, better create a group say “Developer_Group”, assign those policies to this group and add all those 5 users to this group. Later, you can add/remove users to/from this group.

8. Roles: Set of permissions. Assigned to AWS services. For example: Create a role of type “Amazon EC2”, assign permission “AmazonS3FullAccess”. Now assign this role to any EC2 instance (Actions -> Instance Settings -> Attach/Replace IAM Role). Now any application deployed on this EC2 instance will be able to communicate with S3. 

Example: Suppose you have created a web application which uploads a file to S3. If you run this web application on the EC2 instance which has above role assigned, your file will be uploaded to S3 successfully. But if you run the same web application to any other EC2 instance which does not have above roles assigned to it, you will get access denied error. 

Now there are two ways to run this web application successfully on this server. Either assign the above role to this EC2 instance or mention Access Key ID and Secret Access Key (of the user who has S3 access) in your web application code.

9. User vs Role: User and Roles are similar components. We need to attach permission to them. “User” is created for people while “Role” is created for AWS resources.

10. Policies: Policies are permissions. You can also create your own policies using “Policy Generator” or using JSON code. If you assign both “Allow” and “Deny” policy to a user, “Deny” will be given priority. 

11. MFA (Multi Factor Authentication): Multi-layer of security. Just like OTP. You need to manage a Virtual MFA Device. To do this, click on to activate a virtual MFA device, a bar code will be displayed, download Google Authenticator App, scan the bar code shown in console, now two authentication codes will be generated, write them to the console and that’s it. Now if the user with MFA logs in to the console, he/she has to provide MFA code also. 

12. Global Service: IAM is not region specific, it is global service.

13. Eventual Consistency: There is eventual consistency when you change any settings like policy/roles/permissions

14. Free to use

Elastic Beanstalk: PaaS offering from Amazon

Elastic Beanstalk is a simple way to deploy your application on AWS. No need to take headache of managing the infrastructure. Below are some basic point to remember about Elastic Beanstalk:

1. PaaS offering from Amazon.

2. Platforms supported: PHP, Java, Python, Ruby, Node.js, .NET, Go and Docker

3. Application Deployment: Just upload your application code (packaged code and libraries) and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring.

4. Resources used by Elastic Beanstalk: Elastic Beanstalk uses core AWS services such as Amazon EC2, Amazon Elastic Container Service (Amazon ECS), Auto Scaling, and Elastic Load Balancing to support your applications.

5. Monitoring and Logging: You can easily monitor and manage the health of your applications. Logs are created and saved in S3.

6. Application Versioning: You can maintain multiple versions of your application. Application versions are saved in S3.

7. Default EBL URL: Once you deploy your application, a default EBL URL will be created (for example: your_application_name.elasticbeanstalk.com). If ELB is not used, URL will point to your EC2 instance directly.

8. Free of cost: You will be charged only for the resources it launches.