AWS EC2 and VPC Hands-on Workshop Agenda

1© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Hands-on Workshop
Amazon EC2 and Amazon VPC
Kwun-Hok Chan, Solutions Architect

Welcome to the Workshop!
Wi-Fi: Guest
PWD: Echo@@179
1. Make sure you can connect to Internet
2. Download
• Lab guide: http://bit.ly/2gYMUF4
3. Sign in or create an AWS Account
• How to create: http://bit.ly/create-aws-account
• IAM Best Practices:
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-
practices.html#create-iam-users

Agenda
9:00am - 9:30am Registration
9:30am - 10:30pm Amazon EC2, Amazon S3 and Amazon EBS
10:30am - 10:45am Break
10:45am - 11:15am Amazon VPC
11:15am - 12:15pm Lab: Build a VPC and Deploy a Web Server
12:15pm - 12:30pm Workshop Wrap Up

Introductions and Logistics
Welcome!
Lab Guide
Logistics, Bathrooms, Breaks
Please limit your network usage to work &
classroom-related activities
Questions Welcome!

Who am I?
Kwun-Hok Chan
SA - Solutions Architect

AWS Overview

* As of 1 January 2017
2010
61
516
1,017
159
2012 2014 2016
AWS has been continually expanding its services to support virtually any cloud workload,
and it now has more than 90 services that range from compute, storage, networking,
database, analytics, application services, deployment, management, developer, mobile,
Internet of Things (IoT), Artificial Intelligence (AI), security, hybrid and enterprise
applications. AWS has launched a total of 1,017 new features and/or services year to
date* - for a total of 2,913 new features and/or services since inception in 2006.
AWS Pace of Innovation

Technical
& Business
Support
Hybrid
Architecture
Application Marketplace
Analytics
Application
Services
Mobile
Services
Development
& Operations
Internet of
Things
Enterprise
Applications
Security & Compliance
Core Services
Infrastructure

ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security &
Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management &
Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics

16 Regions – 42 Availability Zones – 74 Edge Locations
Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio (3) Sydney (3), Tokyo (3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
Announced Regions
Paris, Ningxia, Stockholm, Hong Kong
AWS Global Infrastructure

AWS Global Infrastructure
Regions
Geographic locations
Consists of at least two Availability Zones (AZs)
Availability Zones
Clusters of data centers
Isolated from failures in other Availability Zones

Availability Zones (AZs)
At least 2 AZs per region.
Examples:
 US East (N. Virginia)
• us-east-1a
• us-east-1b
• us-east-1c
• us-east-1d
• us-east-1e
 Asia Pacific (Tokyo)
• ap-northeast-1a
• ap-northeast-1b
• ap-northeast-1c
Note: Conceptual drawing only. The number of Availability Zones (AZ) may vary.
US East (VA)
AZ - A AZ - B
AZ - C AZ - D
AZ - E
Asia Pacific
(Tokyo)
AZ - A AZ - B
AZ - C

AZ – Availability Zone
Single
digit
ms
Network
multiple tier‐1 transit providers
Power
isolated electrical grids, UPS, onsite backup generator
Geo
isolated fault lines flood plains
Network
Power
Geo

AZ – Availability Zone
Network
Power
Geo
Network
Power
Geo
Web
DB Master
Load
Balancer
DB Slave
Web
Storage StorageSingle
digit
ms

Edge Locations
70+ AWS Edge Locations:
Local points-of-presence commonly supporting AWS
services including:
 Amazon Route 53
 Amazon CloudFront

Any questions?

Amazon Elastic Compute
Cloud (EC2)

Amazon Elastic Compute Cloud (EC2)
Resizable compute capacity
Complete control of your computing resources
Reduces the time required to obtain and boot
new server instances to minutesAmazon
EC2

Amazon EC2 Facts
Scale capacity as your computing requirements change
Pay only for capacity that you actually use
Choose Linux or Windows
Deploy across AWS Regions and Availability Zones for reliability

Launching an Amazon EC2 Instance via the Web
Console
1. Determine the AWS Region in which you want to launch
the Amazon EC2 instance.
2. Launch an Amazon EC2 instance from a pre-configured
Amazon Machine Image (AMI).
3. Choose an instance type based on CPU, memory,
storage, and network requirements.
4. Configure network, IP address, security groups, storage
volume, tags, and key pair.

Amazon Machine Image (AMI) Details
An AMI includes the following:
A template for the root volume for the instance (for
example, an operating system, an application server,
and applications).
Launch permissions that control which AWS accounts
can use the AMI to launch instances.
A block device mapping that specifies the volumes to
attach to the instance when it's launched.

Instances and AMIs
Select an AMI based on:
Region
Operating system
Architecture (32-bit or 64-bit)
Launch permissions
Storage for the root device
AMI
Instances
Instance
Launch
instances of any
type
Host computer
Host computer

Amazon EC2 Instances
OS, Applications,
& Configuration
AMI
Running or
Stopped VM
Instances
AZ
VPC
Region
EBS
S3
EBS
Snapshots
S3 Buckets
EBS EBS EBS EBS EBS
AZ
Instances Instances

Amazon EBS vs. Amazon EC2 Instance Store
Amazon EBS
 Data stored on an Amazon EBS volume can persist
independently of the life of the instance.
 Storage is persistent.
Amazon EC2 Instance Store
 Data stored on a local instance store persists only as long as the
instance is alive.
 Storage is ephemeral.

Amazon EBS vs. Amazon EC2 Instance Store
Amazon EC2 Instance StoreAmazon EBS

AMI Types - Storage for the Root Device
Characteristic Amazon EBS-Backed Amazon Instance Store-Backed
Boot time Usually < 1 minute Usually < 5 minutes
Size limit 16 TiB 10 GiB
Data
persistence
The root volume is deleted when the instance
terminates. Data on any other Amazon EBS volumes
persists after instance termination.
Data on any instance store volumes persists
only during the life of the instance.
Charges
Instance usage, Amazon EBS volume usage, and
storing your AMI as an Amazon EBS snapshot.
Instance usage and storing your AMI in
Amazon S3.
Stopped state Can be stopped. Cannot be stopped.

Instance Lifecycle
AMI
pending
Launch
runningrebooting
Reboot
Start
terminated
shutting-down
Terminate
Terminate
EBS-backed instances only
Stop
stopping stopped

AWS Marketplace – IT Software Optimized for the Cloud
An online store to discover,
purchase, and deploy IT software
on top of the AWS infrastructure.
 Catalog of 2300+ IT software solutions
• Including Paid, BYOL, Open Source,
SaaS, & free to try options
 Pre-configured to operate on AWS
• Software checked by AWS for security and
operability
 Deploys to AWS environment in minutes
 Flexible, usage-based billing models
 Software charges billed to AWS account
Includes AWS Test Drive

Choosing the Right Amazon EC2 Instance
EC2 instance types are optimized for different use cases and come
in multiple sizes. This allows you to optimally scale resources to
your workload requirements.
AWS uses Intel® Xeon® processors for EC2 instances, providing
customers with high performance and value.
Consider the following when choosing your instances: Core count,
memory size, storage size and type, network performance, and
CPU technologies.
Hurry Up and Go Idle - A larger compute instance can save you time
and money, therefore paying more per hour for a shorter amount of
time can be less expensive.

M4
General
purpose
Compute
optimized
C3
C1 CC2
Storage and IO
optimized
D2I2 G2
GPU
enabled
CG1
Memory
optimized
R3
M2 CR1
C4
M3T1 HS1
INSTANCE TYPES

C4.xlarge (Compute-Optimized)
FamilyGeneration
TypeFamily

r3.large
2
15
m3.large
2
7.5
c3.large
2
3.7
c3.xlarge
4
7.5
c4.xlarge
4
7.5
Instance Type
vCPU
Mem (GiB)
General Purpose Compute Optimized
Memory Optimized
1 - 40
0.5 - 244

2006 2008 2010 2012 2014 2016
m1.small
m1.large
m1.xlarge
c1.medium
c1.xlarge
m2.xlarge
m2.4xlarge
m2.2xlarge
cc1.4xlarge
t1.micro
cg1.4xlarge
cc2.8xlarge
m1.medium
hi1.4xlarge
m3.xlarge
m3.2xlarge
hs1.8xlarge
cr1.8xlarge
c3.large
c3.xlarge
c3.2xlarge
c3.4xlarge
c3.8xlarge
g2.2xlarge
i2.xlarge
i2.2xlarge
i2.4xlarge
i2.4xlarge
m3.medium
m3.large
r3.large
r3.xlarge
r3.2xlarge
r3.4xlarge
r3.8xlarge
t2.micro
t2.small
t2.med
c4.large
c4.xlarge
c4.2xlarge
c4.4xlarge
c4.8xlarge
d2.xlarge
d2.2xlarge
d2.4xlarge
d2.8xlarge
g2.8xlarge
t2.large
m4.large
m4.xlarge
m4.2xlarge
m4.4xlarge
m4.10xlarge
History

M2
2nd Generation
Compute
M4
4th Generation
Compute
Upgrade

Current Generation Instances
Instance Family Some Use Cases
General purpose (t2, m4, m3)
• Low-traffic websites and web applications
• Small databases and mid-size databases
Compute optimized (c4, c3)
• High performance front-end fleets
• Video-encoding
Memory optimized (x1, r4, r3)
• High performance databases
• Distributed memory caches
Storage optimized (i2, d2)
• Data warehousing
• Log or data-processing applications
GPU instances (p2, g2)
• 3D application streaming
• Machine learning

Instance Metadata & User Data
Instance Metadata:
Is data about your instance.
Can be used to configure or manage a running
instance.
Instance User Data:
Can be passed to the instance at launch.
Can be used to perform common automated
configuration tasks.
Runs scripts after the instance starts.

Retrieving Instance Metadata
To view all categories of instance
metadata from within a running
instance, use the following URI:
http://169.254.169.254/latest/meta-
data/
On a Linux instance, you can use:
 $ curl http://169.254.169.254/latest/meta-data/
 $ GET http://169.254.169.254/latest/meta-data/
All metadata is returned as text
(content type text/plain).

Adding User Data
You can specify user data when launching an
instance.
User data can be:
 Linux script – executed by cloud-init
 Windows batch or PowerShell scripts – executed by
EC2Config service
User data scripts run once per instance-id by
default.

User Data Example Linux
User data shell scripts must start with the #!
characters and the path to the interpreter you
want to read the script.
Install Apache web server
Enable the web server
Start the web server
#!/bin/sh
yum -y install httpd
chkconfig httpd on
/etc/init.d/httpd start

User Data Example Windows
<powershell>
Import-Module ServerManager
Install-WindowsFeature web-server, web-webserver
Install-WindowsFeature web-mgmt-tools
</powershell>
Import the Server Manager module
for Windows PowerShell.
Install IIS
Install Web Management Tools

Retrieving User Data
To retrieve user data,
use the following URI:
http://169.254.169.254/
latest/user-data
On a Linux instance,
you can use:
 $ curl
http://169.254.169.254
/latest/user-data/
 $ GET
http://169.254.169.254
/latest/user-data/

Amazon EC2 Purchasing Options
On-Demand
Instances
Pay by the hour.
Reserved
Instances
Purchase at
significant
discount.
Instances are
always available.
1-year to 3-year
terms.
Scheduled
Instances
Purchase a 1-
year RI for a
recurring period of
time.
Spot Instances
Highest bidder
uses instance at a
significant
discount.
Spot blocks
supported.
Dedicated
Hosts
Physical host is
fully dedicated to
run your
instances. Bring
your per-socket,
per-core, or per-
VM software
licenses to reduce
cost.

Any questions about
Amazon EC2?

Amazon Simple Storage Service (S3)
Amazon S3
Storage for the Internet
Natively online, HTTP access
Store and retrieve any amount of data, any
time, from anywhere on the web
Highly scalable, reliable, fast and durable

Common Use Scenarios
Storage and Backup
Application File Hosting
Media Hosting
Software Delivery
Store AMIs and Snapshots

Amazon S3 Pricing
Pay only for what you use
No minimum fee
Prices based on location of your Amazon S3 bucket
Estimate monthly bill using the AWS Simple Monthly Calculator
Pricing is available as:
 Storage Pricing
 Request Pricing
 Data Transfer Pricing: data transferred out of Amazon S3

Amazon S3 Concepts
Amazon S3 stores data as objects
within buckets
An object is composed of a file and
optionally any metadata that
describes that file
You can have up to 100 buckets in
each account
You can control access to the
bucket and its objects
Amazon
S3
Bucket
with
Objects
Bucket
Object

Object Keys
An object key is the unique identifier for an object in a
bucket.
http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.html
Bucket Object/Key

Amazon S3 Security
You can control access to buckets and objects with:
 Access Control Lists (ACLs)
 Bucket policies
 Identity and Access Management (IAM) policies
You can upload or download data to Amazon S3 via SSL
encrypted endpoints.
You can encrypt data using AWS SDKs.

Amazon S3 Object Lifecycle
Lifecycle management defines how Amazon S3 manages
objects during their lifetime. Some objects that you store in an
Amazon S3 bucket might have a well-defined lifecycle:
Log files
Archive documents
Digital media archives
Financial and healthcare records
Raw genomics sequence data
Long-term database backups
Data that must be retained for regulatory compliance

Amazon S3 + Amazon Glacier
S3 Lifecycle policies allow you to delete or move
objects based on age and set rules per S3 bucket.
bucket with
objects
30 Days
Glacier
archive
365 Days

Amazon Elastic Block Store (EBS)
Persistent block level storage volumes
offering consistent and low-latency performance
Automatically replicated within its Availability
Zone
Snapshots stored durably in Amazon S3
Amazon
EBS

Amazon EBS Lifecycle
Vast amounts of
unused space Create
Call CreateVolume
1 GB to 16 TB
Attach
Call AttachVolume to affiliate with
one Amazon EC2 instance
Attached
and
In Use
• Format from Amazon EC2
instance OS
• Mount formatted drive
CreateSnapshot
Snapshot to
Amazon S3
Detach
Call DetachVolume
Deleted
Call DeleteVolume

Amazon EBS Facts
You can create:
 EBS Magnetic volumes from 1 GiB to 1 TiB in size.
 EBS General Purpose (SSD) and Provisioned IOPS (SSD)
volumes up to 16 TiB in size.
You can use encrypted EBS volumes to meet a wide
range of data at-rest encryption requirements for
regulated/audited data and applications.
You can create point-in-time snapshots of EBS
volumes, which are persisted to Amazon S3.

Amazon EBS Use Cases
OS – Use for boot/root volume, secondary volumes
Databases – Scales with your performance needs
Enterprise applications – Provides reliable block storage to run
mission-critical applications
Business continuity – Minimize data loss and recovery time by
regularly backing up using EBS Snapshots
Applications – Install and persist any application

Amazon EBS Pricing
* Check Amazon EBS Pricing page for current pricing for all regions.
Pay for what you provision:
Pricing based on region
AWS GovCloud (US) Pricing page
Review Pricing Calculator online
Pricing is available as:
Storage
IOPS

Amazon EBS and Amazon S3
Amazon EBS Amazon S3
Paradigm Block storage with file system Object store
Performance Very fast Fast
Redundancy Across multiple servers in an
Availability Zone
Across multiple facilities in a
Region
Security EBS Encryption – Data volumes
and Snapshots
Encryption
Access from the
Internet?
No (1) Yes (2)
Typical use case It is a disk drive Online storage
(1) Accessible from the Internet if mounted to server and set up as FTP, etc.
(2) Only with proper credentials, unless ACLs are world-readable

Any questions
about Amazon S3 and
Amazon EBS?

Networking
Amazon VPC

Amazon Virtual Private Cloud (VPC)
Provision a private, isolated virtual network
on the AWS cloud.
Have complete control over your virtual
networking environment.
Amazon
VPC

VPCs and Subnets
A subnet defines a range of IP addresses in your
VPC.
You can launch AWS resources into a subnet that you
select.
A private subnet should be used for resources that
won’t be accessible over the Internet.
A public subnet should be used for resources that will
be accessed over the Internet.
Each subnet must reside entirely within one Availability
Zone and cannot span zones.

Amazon VPC Example
Availability Zone A
Virtual Private Cloud
AWS Cloud
Public Subnet
Internet
Virtual Private Cloud
Availability Zone B
Private Subnet
Availability Zone C
VPN Only Subnet
DB Server DB Server
App Server
DB Server DB Server
DB Server
Web Server Web Server
NAT
Customer
Network
R

Security in Your VPC
Security groups
Network access
control lists (ACLs)
Subnet
10.0.0.0/24
Internet GatewayVPN Gateway
VPC Router
10.0.0.0/16
Security Group
Security
Group
Security
Group
Network ACL Network ACL
Routing Table Routing Table
Instance Instance Instance Instance
Subnet
10.0.1.0/24

VPN Connections
VPN Connectivity option Description
AWS Hardware VPN
You can create an IPsec, hardware VPN connection
between your VPC and your remote network.
AWS Direct Connect
AWS Direct Connect provides a dedicated private
connection from a remote network to your VPC.
AWS VPN CloudHub
You can create multiple AWS hardware VPN
connections via your VPC to enable communications
between various remote networks.
Software VPN
You can create a VPN connection to your remote
network by using an Amazon EC2 instance in your VPC
that’s running a software VPN appliance.

Any questions about
networking?

Hands-on Lab
Build your VPC and launch a web server
(Use your AWS account)

Welcome to the Workshop!
Wi-Fi: Guest
PWD: Echo@@179
2. Download
3. Sign in or create an AWS Account
• How to create: http://bit.ly/create-aws-account

Lab Overview
1
• Create a VPC
• 2 Public Subnets
• 2 Private Subnets
• Across 2 Availability Zones
2
• Create an Application Server
• Create a Security Group for your
instance
• Launch your instance

Lab 1 – Build your VPC and launch a web server
Region
Availability Zone A
Web Server 1
Public Subnet 2 (10.0.2.0/24)
NAT Server
security group
10.0.0.0/16
security group
Availability Zone B
Private Subnet 2 (10.0.4.0/24)
Public Subnet 1 (10.0.1.0/24)
Private Subnet 1 (10.0.3.0/24)

Lab 1 FAQ
Step 1.1.7
 For Key pair name, select the No key pair.
Step 1.2.8
 Select Public Subnet 2, ensure all other subnets are cleared, and then
click Route Table in the lower pane. Scroll down and verify that the Target
for Destination 0.0.0.0/0 contains the prefix igw. If it does not, …
 Wi-Fi: Guest
 PWD: Echo@@179
2. Download

Course Wrap-Up

Learning Path
Cloud Computing
Concepts
• The AWS Cloud
• History
• Global
Infrastructure
• AWS
Management
Console
AWS Foundational
Services
• Compute:
• Amazon EC2
• Networking:
• Amazon VPC
• Storage:
• Amazon EBS
• Amazon S3
• Security
• IAM
• Databases:
• Amazon
DynamoDB
• Amazon RDS
AWS Management
Tools
• Trio of Services:
• Auto Scaling
• ELB
• Amazon
CloudWatch
• AWS Trusted
Advisor

Expand Your Cloud Skills with AWS
Certification
aws.amazon.com/certification
Validate your proven
technical expertise with the
AWS platform and gain
recognition for your skills
Online videos and
labs
aws.amazon.com/training/
self-paced-labs
Start working with an AWS
service in minutes with free
online instructional videos
and labs
aws.amazon.com/training
Instructor-led courses
Learn how to design, deploy,
and operate highly available,
cost-effective, and secure
applications on AWS

Self-Paced Labs
For more information, see aws.amazon.com/training/self-paced-labs/
Learn an individual AWS Service topic
Follow a Learning Quest by
AWS Service Area or Use Case
Practice working with AWS as
you prepare for an exam

AWS Training Courses
For more information about course description, see aws.amazon.com/training.
AWS Technical Essentials
Instructor-Led | 1 day
Architecting
on AWS
Instructor-led | 3 days
Developing
on AWS
Systems Operations
on AWS
Big Data Fundamentals
Online | 3 hours
Big Data on AWS
Advanced Architecting
on AWS
DevOps Engineering on AWS
Security Operations
on AWS

AWS Certification
AWS Certified Solutions
Architect - Associate
AWS Certified
Developer - Associate
AWS Certified SysOps
Administrator- Associate
AWS Certified Solutions
Architect - Professional
AWS Certified DevOps Engineer - Professional
For more information, see aws.amazon.com/certification

Business Development,
Solutions Architect,
Training Team
AWS
+
AWS Consulting
Partners
Architecture review
SA coaching
Office hour
Training
Consulting
Workshop
System integration
Managed service

What’s next
Terminate your AWS lab resources
Training
 Http://run.qwiklabs.com
 https://www.aws.training
Engage AWS team if you have any architecture enquiry

Remember to complete
your evaluations!

http://bit.ly/2uyXh7m
Email: khchan@amazon.com

© 2016 Amazon Web Services, Inc. or its affiliates. All rights reserved.
This work may not be reproduced or redistributed, in whole or in part, without
prior written permission from Amazon Web Services, Inc. Commercial
copying, lending, or selling is prohibited.
Errors or corrections? Email us at aws-course-feedback@amazon.com.
For all other questions, contact us at:
https://aws.amazon.com/contact-us/aws-training/.
All trademarks are the property of their owners.

AWS EC2 and VPC Hands-on Workshop Agenda

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS EC2 and VPC Hands-on Workshop Agenda

Similar to AWS EC2 and VPC Hands-on Workshop Agenda (20)

More from Amazon Web Services

More from Amazon Web Services (20)

AWS EC2 and VPC Hands-on Workshop Agenda