Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)

1,211 views

Published on

Amazon EC2 changes the economics of computing and provides you with complete control of your computing resources. It is designed to make web-scale cloud computing easier for developers. In this session, we will take you on a journey, starting with the basics of key management and security groups and ending with an explanation of Auto Scaling and how you can use it to match capacity and costs to demand using dynamic policies. We will also discuss tools and best practices that will help you build failure resilient applications that take advantage of the scale and robustness of AWS regions.

Published in: Technology

AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sebastian Dreisch, AWS Business Development November 2016 Amazon EC2 Foundations CMP203
  2. 2. What to expect from this short talk  AWS concepts: AWS Regions, Availability Zones  Understanding EC2 instance options and how to choose the right one/mix for your workload  Understanding Storage options and how to choose the right one/mix for your workload  The basics of VPC networking and setting up a load balancer  Monitoring, Metrics & Logs  Security and Access Control  Deployment  EC2 Cost Optimization
  3. 3. AWS global infrastructure 14 regions (a separate geographic area) Each region has multiple, isolated locations known as Availability Zones. Resources aren't replicated across regions unless you do so specifically. 38 Availability Zones *Throughout the next year, the AWS global infrastructure will expand with at least nine new Availability Zones in new geographic regions: Montreal in Canada, Ningxia in China, Paris in France, and the United Kingdom.
  4. 4. AVAILABLILITY ZONES Distinct locations that are engineered to be insulated from failures in other Availability Zones Provide inexpensive, low latency network connectivity to other Availability Zones in the same region Regions contain between 2 & 5 EC2 Availability Zones
  5. 5. Amazon EC2
  6. 6. Amazon Elastic Compute Cloud (EC2) - Elastic virtual servers in the cloud Physical Servers in AWS Global Regions Host server Hypervisor Guest 1 Guest 2 Guest n
  7. 7. Amazon EC2 10+ years ago… • First generation, single instance family and size • m1.small (1 vCPU, 1.7 GiB RAM, 160 GB storage) • Linux only • On-Demand pricing only
  8. 8. EC2 instances today c4.large Instance family Instance generation Instance size
  9. 9. 1 2 4 8 16 32 1 2 4 8 16 32 64 128 256 Memory(GB) vCPU g2.2xlarge 8 vCPU, 15 GB 1 x 60 SSD NVIDIA GPU (1,536 CUDA cores, 4GB Mem) 4 vCPU, 30.5 GB i2.xlarge (High IO) - 1 x 800 SSD d2.xlarge (Dense) - 3 x 2000 HDD 8 vCPU, 61 GB i2.2xlarge (High IO) - 2x800 SSD d2.2xlarge (Dense) - 6 x 2000 HDD 16 vCPU, 122 GB i2.4xlarge (High IO) - 4x800 SSD d2.4xlarge (Dense) - 12x2000 HDD 32 vCPU, 244 GB i2.8xlarge (High IO) - 8x800 SSD 36 vCPU, 244 GB d2.8xlarge (Dense) - 24x2000 HDD m3.xlarge 4 vCPU, 15 GB 2 x 40 SSD m3.2xlarge 8 vCPU, 30 GB 2 x 80 SSD m3.large 2 vCPU, 7.5 GB 1 x 32 SSDm3.medium 1 vCPU, 3.75 GB, 1 x 4 SSD t2.micro 1 vCPU, 1GB EBS Only t2.small 1 vCPU, 2GB EBS Only t2.medium 2 vCPU, 4GB EBS Only r3.large 2 vCPU, 15.25 GB 1 x 32 SSD r3.xlarge 4 vCPU, 30.5 GB 1 x 80 SSD r3.4xlarge 16 vCPU, 122 GB 1 x 320 SSD r3.8xlarge 2 vCPU, 244 GB 2 x 320 SSD 2 vCPU, 3.75 GB c4.large - EBS Only c3.large - 2 x 16 SSD 4 vCPU, 7.5 GB c4.xlarge - EBS Only c3.xlarge - 2 x 40 SSD 8 vCPU, 15 GB c4.2xlarge - EBS Only c3.2xlarge - 2 x 80 SSD 32 vCPU, 60 GB c4.8xlarge - EBS Only c3.8xlarge - 2 x 320 SSD m4.large 2 vCPU, 8 GB EBS Only m4.xlarge 4 vCPU, 16 GB EBS Only m4.2xlarge 8 vCPU, 32 GB EBS Only m4.4xlarge 16 vCPU, 64 GB EBS Only m4.10xlarge 40 vCPU, 160GB EBS Only t2.large 2 vCPU, 8 GB EBS Only Storage Optimized GPU Instances General Purpose Memory Optimized Compute Optimized New M4’s/T2 Large t2.nano 1 vCPU, 512MB EBS Only g2.8xlarge 32vCPU, 60 GB 2 x 120 SSD 4 NVIDIA GPUs (1,536 CUDA cores, 4GB Mem) 16 vCPU, 30 GB c4.4xlarge - EBS Only c3.4xlarge - 2 x 160 SSD 41 (latest generations) EC2 Instance Types 64 m4.16xlarge 64 vCPU, 256GB EBS Only P2.xlarge 4 vCPU, 61 GiB NVIDIA K80 (2,496 CUDA cores, 12GiB Mem) r3.2xlarge 8 vCPU, 61 GB 1 x 160 SSD
  10. 10. Performance factor: Memory
  11. 11. Performance factor: GPUs
  12. 12. aws.amazon.com/ec2/faqs/ Extensive list of supported operating systems & software RedHat Linux, Windows Server, SuSE Linux, Ubuntu, Fedora, Debian, Cent OS, Gentoo Linux, Oracle Linux, and FreeBSD
  13. 13. STORAGE
  14. 14. File Amazon EFS Block Amazon EBS Amazon EC2 Instance Store Object Amazon S3 Amazon Glacier
  15. 15. Block Storage Options
  16. 16. Instance Store Physically attached to the host computer Type and amount differs by instance type Data dependent upon instance lifecycle Amazon EBS Persistent block level storage volumes Magnetic – Throughput (st1) Magnetic – “Cold” (sc1) General Purpose (SSD) Provisioned IOPS (SSD) Data independent of instance lifecycle
  17. 17. EBS Volumes EBS volumes automatically replicated within the Availability Zone in which they are created Use EBS-optimized instances to deliver dedicated throughput between Amazon EC2 and Amazon EBS, with options between 500 and 10,000 Mbps, depending on the instance type Amazon EBS Persistent block level storage volumes Magnetic – Throughput (st1) Magnetic – “Cold” (sc1) General Purpose (SSD) Provisioned IOPS (SSD) Data independent of instance lifecycle
  18. 18. EBS Snapshots An EBS snapshot is a point-in-time backup copy of an EBS volume that is stored in Amazon S3 Snapshots are incremental, only the blocks that have changed after your most recent snapshot are saved Amazon EBS Persistent block level storage volumes Magnetic – Throughput (st1) Magnetic – “Cold” (sc1) General Purpose (SSD) Provisioned IOPS (SSD) Data independent of instance lifecycle
  19. 19. NETWORKING
  20. 20. Virtual Private Cloud aws.amazon.com/vpc/
  21. 21. A virtual network in your own logically isolated area within the AWS cloud populated by infrastructure, platform, and application services that share common security and interconnection Amazon VPC aws.amazon.com/vpc/
  22. 22. ▶ Elastic network interface (ENI) ▶ Subnet ▶ Network access control list (ACL) ▶ Route table ▶ Internet gateway ▶ Virtual private gateway ▶ Route 53 private hosted zone VPC Networking
  23. 23. VPC Network Topology A VPC can span multiple AZs, but each subnet must reside entirely within one AZ Use at least 2 subnets in different AZs for each layer of your network
  24. 24. VPC Creation with the VPC Wizard
  25. 25. Availability Zone 1a Availability Zone 1b Internet 10.0.0.5 10.0.0.6 10.0.3.17 10.0.3.5 10.0.1.5 10.0.1.25 10.0.1.8 10.0.1.6 VPC Subnet VPC Subnet VPC Subnet Virtual Private Gateway Customer Gateway VPN Connection Internet Gateway Customer Data Center
  26. 26. Example: enterprise application architecture
  27. 27. VPC Peering A networking connection between two VPCs docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html
  28. 28. Elastic Load Balancing aws.amazon.com/elasticloadbalancing/
  29. 29. ▶ Timeout Configuration ▶ Connection Draining ▶ Cross-zone Load Balancing aws.amazon.com/elasticloadbalancing/
  30. 30. Example: 3-tier web application architecture
  31. 31. MONITORING, METRICS & LOGS
  32. 32. A monitoring service for AWS cloud resources and the applications that you run on AWS. Use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch aws.amazon.com/cloudwatch/
  33. 33. Amazon CloudWatch
  34. 34. CloudWatch Metrics in the EC2 Console
  35. 35. Monitoring Scripts for EC2 Instances docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts.html
  36. 36. Monitor applications and systems using log data Store in a highly durable storage and set retention Access your log files via Web, CLI, or SDK Amazon EC2 (Linux & Windows) AWS Lambda … Amazon CloudWatch Logs docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html
  37. 37. CloudWatch Metrics & Alarms AWS Resource Your Custom Data Metric Alarm Action CloudWatch
  38. 38. CloudWatch Logs + Filter AWS Resource Your Custom Data Metric Alarm Action CloudWatch FilterLogs
  39. 39. Alarm Actions Action Notification (SNS) Auto Scaling action EC2 action Recover Stop Terminate Amazon EC2 Auto Recovery Use this action together with status checks to automate instance recovery
  40. 40. SECURITY & ACCESS CONTROL
  41. 41. Consistent, regular, exhaustive 3rd party evaluations • Secured premises • Secured access • Built-in firewalls • Unique users • Multi-factor authentication • Private subnets • Encrypted data storage • Dedicated connection Architected for Enterprise Security
  42. 42. Access a deep set of cloud security tools Encryption Key Management Service CloudHSM Server-side Encryption Networking Virtual Private Cloud Web Application Firewall Compliance ConfigCloudTrailService Catalog Identity AWS Identity & Access Management (IAM) Active Directory Integration SAML Federation
  43. 43. Access credentials Access key and secret key used to authenticate when accessing AWS APIs Key pairs Public key and private key used to authenticate when accessing an Amazon EC2 instance Security and Access Foundations
  44. 44. USE IAM ROLES TO PASS ACCESS CREDENTIALS TO AN INSTANCE
  45. 45. DEPLOYMENT
  46. 46. AMAZON MACHINE IMAGES
  47. 47. Amazon maintained Set of Linux and Windows images Kept up to date by Amazon in each region Community maintained Images published by other AWS users Managed and maintained by Marketplace partners Your machine images AMIs you have created from EC2 instances Can be kept private or shared with other accounts
  48. 48. Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI
  49. 49. Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI Configure dynamically Launch an instance Use metadata service and cloud-init to perform actions on instance when it launches
  50. 50. Bake an AMI Build your base images and set up custom initialization scripts Maintain your ‘golden’ base Configure dynamically Use bootstrapping to pass custom information in and perform post launch tasks like pulling code from SVN +
  51. 51. Time consuming configuration startup time Static configurations less change management Bake an AMI Configure dynamically
  52. 52. Continuous deployment latest code Environment specific dev-test-prod Bake an AMI Configure dynamically
  53. 53. AUTO SCALING
  54. 54. Maintain EC2 instance availability Detects impaired EC2 instances Replaces the instances automatically Automatically Scale Your Amazon EC2 Fleet Follow the demand curve for your applications Reduce the need to manually provision Amazon EC2 capacity Run at optimal utilisation
  55. 55. Reusable Instance Templates Provision instances based on a reusable template you define, called a launch configuration. Automated Provisioning Keep your Auto Scaling group healthy and balanced, whether you need one instance or 1,000. Adjustable Capacity Maintain a fixed group size or adjust dynamically based on Amazon CloudWatch metrics.
  56. 56. Launch Configuration Describes what Auto Scaling creates when adding Instances Only one active launch configuration at a time aws autoscaling create-launch-configuration --launch-configuration-name launch-config --image-id ami-54cf5c3d --instance-type m3.medium --key-name mykey --security-groups webservers Auto Scaling group Auto Scaling managed grouping of EC2 instances Automatically scale the number of instances by policy aws autoscaling create-auto-scaling-group --auto-scaling-group-name autoscaling-group --availability-zones eu-west-1a eu-west-1b --launch-configuration launch-config --load-balancer-names myELB --min-size 1 --max-size 5 Auto Scaling policy Parameters for performing an Auto Scaling action Scale in/out and by how much aws autoscaling put-scaling-policy --auto-scaling-group-name autoscaling-group --policy-name autoscaling-policy --min-adjustment-magnitude=2 --adjustment-type ChangeInCapacity --cooldown 300
  57. 57. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity
  58. 58. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 41 Instance Hours m4.large @ $0.133/hr = $5.453/day
  59. 59. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 70 Instance Hours t2.small @ $0.026/hr = $1.82/day
  60. 60. New Scaling Policies for More Responsive Scaling aws.amazon.com/blogs/aws/auto-scaling-update-new-scaling-policies-for-more-responsive-scaling
  61. 61. OTHER DEPLOYMENT OPTIONS
  62. 62. AWS CodeDeploy • Scale from 1 instance to thousands • Deploy without downtime • Centralize deployment control and monitoring • On-premises support Staging CodeDeployv1, v2, v3 Production Dev Coordinate automated deployments, just like Amazon Application Revisions Deployment Groups aws.amazon.com/codedeploy/
  63. 63. Amazon EC2 Container Service A highly scalable, high performance container management service aws.amazon.com/ecs/ Launch and terminate Docker containers Across a cluster of EC2 instances Mount persistent volumes at launch Private Docker repositories
  64. 64. COST OPTIMIZATION
  65. 65. On-Demand Pay for compute capacity by the hour with no long- term commitments For spiky workloads, or to define needs Reserved Make a low, one- time payment and receive a significant discount on the hourly charge For committed utilization Spot Bid for unused capacity, charged at a Spot Price which fluctuates based on supply and demand For time-insensitive or transient workloads Dedicated Launch instances within Amazon VPC that run on hardware dedicated to a single customer For BYOL and highly sensitive/regulated workloads Use a purchasing option (mix) that best fits your workload
  66. 66. Spot Instances Spot Instances are spare Amazon EC2 instances that you can bid on. The Spot price fluctuates in real-time based on supply and demand. When your bid exceeds the Spot Price and Spot capacity is available, your Spot instance is launched and will run until the Spot market price exceeds your bid (a Spot interruption – 2 minute warning!). aws.amazon.com/ec2/purchasing-options/spot-instances/
  67. 67. Getting Started with Amazon EC2: http://aws.amazon.com/ec2/getting-started/ Auto Scaling Getting Started Tutorial http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/GettingStartedTutorial.html Additional Resources and further Learning
  68. 68. Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/ self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS AWS Training & Certification
  69. 69. Thank you! Email me at dreischs@amazon.com with any questions!
  70. 70. Remember to complete your evaluations! Remember to complete your evaluations!

×