Are you preparing for AWS Certified Solutions Architect – Associate [SAA-C03] exam? In this AWS SAA-C03 Exam Preparation Series, we are going to cover AWS CSAA exam topics that will help you to get prepared for the exam.
First in this series is, AWS EC2 (Elastic Compute Cloud), and we have brought study notes for you. These EC2 study notes will help you to prepare and revise the topic during your AWS SAA-C03 exam preparation.
Let’s start with some general points about EC2.
Elastic Compute Cloud (EC2)
An Amazon EC2 instance is a virtual server that exists in Amazon’s Elastic Compute Cloud(EC2) and is used for running applications on the Amazon Web Services(AWS) infrastructure.
- AWS Elastic Compute Cloud is a computing web service which provides resizable, secure, and reliable capacity in the cloud
- You have complete control of your EC2 computing resources.
- You can scale up or scale down the capacity of your EC2 resources as your technical requirements change
- You must pay only for EC2 resources that you use
- You can build and boot new computing instances in only some little minutes
What is EC2?
Amazon Elastic Compute Cloud(Amazon EC2) is a web service that provides you with resizable compute capacity in the cloud.
It has been designed to enable easy web-scale computing for developers. Its compute platform offers more than 500 instances that support your workload.
Just like Amazon S3 is used for storage in the cloud, Amazon EC2 enables the compute function in the cloud. Amazon EC2 is used along with S3 for root devices that are backed by local instance storage. When using S3, developers gain access to the same fast, dependable, scalable, and cost-effective storage infrastructure that Amazon uses to power its global network of websites.
Amazon EC2’s easy-to-interact with Web Service Interface enables you to get and configure capacity with the least amount of difficulty. At present, EC2 supports multiple operating systems, including Windows Server, Amazon Linux, Gentoo Linux, Debian, Oracle Linux, CentOS, Ubuntu, and many more.
Best Practices on EC2
EC2 best practices include three domains:
1 Security: The best practices for security include:
- Implementing the least permissive rules possible for your security group
- Updating, patching, and securing your instance’s applications and operating system on a regular basis
2 Storage: Best practices include
- Using separate EBS volumes for OS and data
- Ensuring that the EBS volume persists even after the termination of the EC2 instance
- Using the Instance Store for storing temporary data is not recommended since the data stored in the instance store gets deleted with EC2 instance state changes, which include stopping, hibernating, and terminating the instance.
Local Instance Store: A local instance store exists only during the lifetime of an instance. It is quite cost-effective to store data this way, as the data does not get stored on the root device. It is generally used when you are running large websites and each instance is used as a clone for handling web traffic.
Amazon Elastic Block Store(Amazon EBS): In EBS, the data remains stored on the root device irrespective of the lifetime of the instance. This allows you to stop and restart the instance at any point of time, similar to shutting and restarting a laptop when required.
3 Backup and Recovery:
- Regularly backing the EBS Volumes using EBS Snapshots and creating an AMI from the instance to save the configuration as a template for creating future instances.
This eliminates the possibility of snowflakes (snowflakes have different structures) in the environment, i.e., the instances will be exactly identical.
- Basically, an instance type determines the hardware’s characteristics of the host computer that is used for your EC2 instance
- An EC2 instance, it is like a virtual server located in the AWS cloud
- From an Amazon Machines Image (AMI), you can launch a single or multiple EC2 instances
- All EC2 instances maintain running while you don’t terminate or stop them. Maybe an EC2 instance could fail, in this case, you could launch a new EC2 instance from an AMI image
- There are several instance types, each instance type represents a different computing, storage, and memory resource capability, those are grouped in instance families based on these characteristics
- Depending on the computing and memory power that you expect to use for your technology solution you must select a specific instance type to run on the Elastic Compute Cloud instance
- Amazon EC2 instances are grouped into 5 families: General Purpose, Compute Optimized, Memory Optimized, Storage Optimized and Accelerated Computing instances:
(The following table is a summary of the AWS EC2 Instance Types Reference Guide given by Amazon. For more information please visit the AWS official website.)
- Your applications could benefit if the EC2 instance type uses Enhanced Networking, it provides higher bandwidth, high networking performance, low latency, and scalability
- EC2 instance types likeC4, C3, D2, I2, I3, H1, C5, M4, X1, M5, and R3 instances support Enhanced Networking
- You don’t have to pay an additional charge for using enhanced networking
- Also, you could launch EC2 in a placement group. In a placement group, you can locate High I/O EC2 instances for high bandwidth networking
- AWS uses Elastic Compute Cloud Compute Units. It is a measure that provides per each instance with a predictable and consistent amount of computing capacity (CPU)
- Resources such as the disk and network of the host computer are shared among multiple EC2 instances
- There are several limits for running EC2 instances: 20 On-Demand instances across an instance family and purchasing 20 Reserved Instances (RIs), and requesting Spot Instances (SIs) per your dynamic Spot limit per region
- For a list of all instances and regional availability, you need to visit AWS website.
- An instance lifecycle starts when it is launched and ends when it is finally terminated
- Initially, when you launch a new EC2 instance from an AMI image, it enters in the pending state. The instance type that you specified at launching time, determines the hardware characteristics of the host computer for your EC2 instance
- When you start your EC2 instance, it enters in the pending state, and in most cases, AWS move the EC2 instance into a new host computer
- When an EC2 instance is stopped, the EC2 instance performs a normal shutdown and then transitions to a stopped state
- While your instance is in the stopped state, you could modify some instance’s attributes like the instance type
- Finally, when an EC2 instance is terminated, the instance performs a normal shutdown. All host resources are liberated, and the root device volume is deleted by default
- You can stop and start your instance as troubleshooting if your instance fails a status check and if the EC2 instance is an EBS backed instance
- After stopping your EC2 instance, AWS doesn’t charge users for your instance, but AWS do charge for any Amazon EBS volumes related usage
- The instance lifecycle is affected by the purchasing option that you select
(The following table is a summary of key differences between rebooting, stopping, and terminating your instance. For more information please visit the AWS Website.)
The Systems Manager: The systems manager has a session manager that runs within it and allows you to access your EC2 instances from the console or AWS Command Line Interface (CLI).
Instance Purchasing Options
- Amazon AWS provides several options to purchase EC2 instances for optimizing costs, based on your expectations and requirements:
- On-Demand Instances: You pay by the second, for EC2 instances launched
- Scheduled Instances: You purchase EC2 instances, that are available always on the specified schedule, for a period of one-year
- Reserved Instances (RI): You purchase EC2 instances that are available always at an important discount, for a period of one to three years.
- Spot Instances (SI): You request not-used EC2 instances, lowering significantly your AWS EC2 instance costs
- Dedicated Instances: You pay by the hour, to runningyourEC2 instances on single-tenant hardware
- Dedicated Hosts: You pay for a dedicated physical host that to running your EC2 instances. You can bring your existing software licenses for reducing costs
- When you want to reserve a computing capacity, acquire Scheduled Instances or Reserved Instances (RIs) for a determined Availability Zone (AZ).
- The most cost-effective choice is Spot Instances if your applications can be interrupted and you’re flexible to choose when your applications can be executed
- You can reduce costs and address compliance requirements using Dedicated Hosts and your existing software licenses
- You obtain a significant discount on AWS EC2 instance usage using Standard Reserved Instances offer when you commit to an instance family during a time
- If you need change your instance configuration during the term, Convertible Reserved Instances offer you that option and you still receive an interesting discount on your instance usage
EC2 Dashboard for launching an EC2 Instance
The steps include
- Choosing an Amazon Machine Image(AMI): The specified Amazon Machine Image(AMI) specified at launch is used to boot the instance.
An Amazon Machine Image(AMI) is a package environment that includes all the bits required for the setup and boot up of any instance. It is your unit of deployment. If you do not wish to set up your own AMI from scratch, you are free to choose from numerous global AMIs providing useful instances.
Choosing an Instance Type:
Configuring an Instance:
Configuring a Security Group:
Examining the Instance Launch:
The new instance created will look like this,
Here you can check the properties of the instance and its capabilities.
Getting the metadata for the Instance using the CLI(Command Line Interface)
Accessing the Instance via Browser: Copy the IPv4 DNS name and run it in the browser by putting the DNS name as the URL, or you can also access it by putting the public IPv4 address as the URL.
With this, we have explained EC2 instances and the process of managing the EC2 instances.
Note: Remember to terminate the instance and clean up the environment to avoid additional charges.
Amazon Machine Image – AMI
- Amazon Machine Images (AMIs) are pre-configured templates for your EC2 instances, that package a software configuration required for running your computing instances
- You can use AMIs from the AWS community published for public use, or create your own personalized AMIs
- All AMIs are categorized as either Instance store-backed, which means that the Elastic Compute Cloud root device is an instance store volume created from a template stored in AWS S3 or EBS-backed, which means that EC2 root device is an EBS volume
- An AWS AMI includes:
- A pre-configured template for the root volume of the EC2 instance
- Launch access-control permissions that specify which AWS accounts could launch instances from AMIs
- A block device mapping that specifies all volumes for attaching to the EC2 instance during their launching time
- You can keep your custom AMI private so only you can use it, or if you desire you can share it with a list of AWS accounts that you have specified
- You can use the Run Instances command to start your custom AMI on any number of AWS EC2 instances
- If you want that the AWS developer community can use your custom AMI, you should make it public
Types of Virtualization
- AMIs use any of the virtualization types: Hardware Virtual Machine (HVM) or Paravirtual (PV)
- For the best performance, AWS recommends that you use HVM AMIs and the last generation of Elastic Compute Cloud family instance types when you’re launching your instances because those ones can take advantage of HW extensions that provide rapid access to the basic hardware on the host machine
The AMI Lifecycle
- You can create, register or deregister, launch and copy an Amazon Machine Image (AMI)
- For sharing purposes and re-use, you can copy an AMI to different regions or to the same region giving access-control privileges to whom requires
- An AMI has the following lifecycle:
- You can search for AMIs provided by the AWS community or directly from Amazon AWS, specifying your search criteria for your instance.
- You can launch an EC2 instance from a found AMI, personalize that EC2 instance, and then create a custom AMI with this new configuration
- You can’t use an AWS AMI after you deregister it, you can’t launch new instances from it. Obviously, all instances already launched from that AMI are not being affected
Sharing your AMIs
- An AMI that people create and make available for other persons to use is called a shared AMI
- An AWS AMI can be shared with a list of AWS accounts using their AWS account IDs or just keep it private for personal use
- You can also make it public so that the AWS developer community can use it
- You can also create and sell your custom AMI to other AWS accounts
- You can acquire Amazon AMIs from 3rd parties, some of them could come with a service contract
- Because AMI is a regional Elastic Compute Cloud resource, sharing it only makes it available in that region
- You need to copy the AMI in a different region and share it to make available to other AWS accounts in that region
- Please use the modify-image-attribute AWS command for sharing an AMI in a region
- CloudWatch is the monitoring service for AWS resources (including EC2 instances) that are running into AWS.
- With Amazon CloudWatch you can collect and monitor log information, you can collect and track data, and establish alarms for troubleshooting issues related to AWS resources
- AWS CloudWatch provides and receives metrics for all Amazon EC2 instances and works with any operating system supported by AWS
- EC2 instances have enabled basic monitoring by default. You can review basic metrics in the Monitoring tab of AWS EC2 console
- In basic monitoring, the data every 5 minutes is captured by free
- In detailed monitoring, the data every minute is captured at the additional cost
- You can obtain metrics data points for any EC2 instance up to 2 weeks from the initial time you started to monitor it. If monitoring was disabled for that EC2 instance, after 2 weeks, metrics data will not be available
- To automate your duties, you can set alarms on any of your metrics to receive notifications or take other automated actions when your metric crosses one specified threshold. You can use alarms to detect and shut down Amazon EC2 instances that are unused or underutilized to contribute to the cost reduction.
- You can configure alarm actions to stop, start, or terminate your AWS EC2 instances when certain criteria are met like CPU Utilization has a lower/higher utilization of the expected performance.
- You can simulate any alarm using the AWS Command Line Interface (AWS CLI)
Monitor Status Check
- You can quickly determine whether AWS Elastic Compute Cloud has detected any problems with your EC2 instances with instance status monitoring
- AWS Elastic Compute Cloud performs automated status checks on every running AWS EC2 instance to identify software and hardware issues
- The System Status Check verifies the underlined physical host, checking the AWS system required to use in the EC2 instance
- The Instance Status Check verifies the virtual machine (VM) itself, checking the network configuration and software for the EC2 instance
- For troubleshooting any issue related to status checks you should restart your EC2 instance or make modifications to their operating system.
- Problems related to loss of system power, loss of network connectivity, software or hardware issues on the physical host could be reflected by the System Status Checks
- Problems related to an incompatible kernel, corrupted file system, misconfigured networking or exhausted memory or startup configuration could be reflected by the Instance Status Checks
- You can create alarms for an existing EC2 instance to monitor System status checks or Instance status checks flags
EC2 Available Metrics
- You can monitor the CPU usage, network utilization, and disk I/O for each one of your AWS EC2 instances
- CloudWatch collects basic metrics data like CPU Utilization, Network In/Out data and packet counting, Disk Read/Writes data and operations, Status Checks and CPU Credit Usage and Balance.
- If you want to measure other items like Memory usage (RAM utilization), you need to develop a custom metric using CloudWatch API
Backup and Recovery
- Regularly create an AMI from your EC2 instance, saving the new configuration as a template for launching similar EC2 instances in the future
- Regularly back up your AWS EBS volumes using snapshots in Amazon S3. It can be used for data backup or as a baseline for creating new EBS volumes from scratch. If it is needed you could share your snapshots with other AWS accounts, or you can share them with the AWS Developer community by making them public
- Replicate your data appropriately and deploy critical components of your technical solutions across multiple Availability Zones (AZs)
- You can attach manually an Elastic IP address or network interface to an alternate EC2 instance for recovery purposes
- Regularly test the process of recovering your instances and Amazon EBS volumes if they fail
- Snapshots are incremental backups, only the blocks on the device that have changed after your last snapshot are saved. It reduces the time required for snapshot’s creation and saving storage costs
- Only the data unique to that snapshot is removed when you delete a snapshot
- Active snapshots contain all the information required to restore your data into a new EBS volume
- You should stop the EC2 instance, to create a snapshot for EBS volumes that serve as root devices
- All Snapshots that are taken from encrypted volumes are encrypted automatically
- EBS volumes created from encrypted snapshots are also automatically encrypted
- All EBS snapshots can be managed by the AWS Command Line Interface (AWS CLI)
AWS Certified Solutions Architect Associate [SAA-C03] Exam Practice Questions
The following questions are created from scratch based at the above study notes. Go through these questions and try out how many of these you can answer correctly.
Q1. You have created a custom AMI. Another AWS account wants to use it, for launching new EC2 instances. What do you need to do?
- Deregister your custom AMI
- Copy it to a new region
- Make it public
- Share it with the AWS community ID
Q2. If you have an EC2 instance backed with an EBS volume, what happens with the data if you stop it?
- All data is erased
- Some data is erased
- All data is copied into a new volume
- All data is preserved
Q3. A company is running applications for development, and those applications could be interrupted at any time. They are looking for an option to purchase EC2 instances for optimizing costs. What will you recommend?
- On-demand instances
- Spot Instances
- Reserved instances
- Dedicated host
Q4. Where are the EBS snapshots stored?
- In other EC2 instances
- In other EBS volumes
- In the same EBS volume
- In Amazon S3
Q5. If you want to measure the RAM usage of an EC2 instance, what do you need to do?
- Use basic monitoring
- Develop a custom CloudWatch metric
- Develop a custom operating system script
- Use advanced monitoring
Q6. What could you do as the first action, with a public custom AMI developed by the AWS community?
- Deregister it
- Sell it
- Copy it
- Share it
Q7. Which is NOT a status of the EC2 instance lifecycle?
Not to mention, Elastic Compute Cloud is one of the important topics you need to cover while preparing for AWS SAA-C03 exam. In these EC2 study notes, I’ve covered the basic and advanced concepts of Elastic Compute Cloud. Also, these AWS SAA-C03 exam practice questions will make you confident about your study and you will be ready for the exam.
You can give your AWS Certified Solutions Architect (AWS CSAA) exam preparation a new edge with Whizlabs AWS CSAA Online Training and Practice Tests. The online course is based on exam blueprint and covers all the objectives of the exam. You can try the free test to check your current level of preparation. It will help you to find out and thus work on your weak areas.
AWS EC2 Glossary
|Instances||Virtual computing environments|
|Instances types||Various configurations of CPU, memory, storage, and networking capacity for your instances|
|Instance storage types||Storage volumes for temporary data that is deleted when you stop or terminate your instance|
|Amazon Machine Images (AMIs)||Preconfigured templates for your instances, that package the bits you need for your server|
|Amazon EBS volumes||Persistent storage volumes for your data using Amazon Elastic Block Store|
|Security groups||A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances|
|Elastic IP addresses||Static IPv4 addresses for dynamic cloud computing|
|Virtual Private Cloud (VPC)||Virtual networks you can create that are logically isolated from the rest of the AWS cloud and that you can optionally connect to your own network|
|Availability Zones||Multiple physical locations for your resources|
|Amazon EC2 Compute Unit||The amount of CPU that is allocated to an instance is expressed in terms of these Elastic Compute Units. The Elastic Compute Unit (ECU) provides the relative measure of the integer processing power of an Amazon EC2 instance|
|Enhanced networking||Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types.|
|Placement group||It determines how instances are placed on the underlying hardware. When you create a placement group, you specify one of the following strategies for the group:
|Basic Monitoring||Data is available automatically in 5-minute periods at no charge.|
|Detailed Monitoring||Data is available in 1-minute periods for an additional cost. To get this level of data, you must specifically enable it for the instance. For the instances where you’ve enabled detailed monitoring, you can also get aggregated data across groups of similar instances.|
|Metric||A metric represents a time-ordered set of data points that are published to CloudWatch|
|Custom metric||Your own metrics published to CloudWatch using the AWS CLI or an API. CloudWatch stores data about a metric as a series of data points.|
|Alarm||An alarm watches a single metric over a specified time period and performs one or more specified actions, based on the value of the metric relative to a threshold over time|
|Timestamp||Timestamps are date Time objects, with the complete date plus hours, minutes, and seconds|
|System Status checks||It checks the underlined physical host|
|Instance Status checks||It checks the virtual machine (VM) itself|
|EBS snapshot||A backup of your volumes that is stored in Amazon S3. You can use these snapshots as the starting point for new Amazon EBS volumes or protect your data for long-term durability|
 AWS EC2. https://aws.amazon.com/ec2
 EC2 FAQs. https://aws.amazon.com/ec2/faqs/
 EC2 Documentation. https://aws.amazon.com/documentation/ec2/
AWS Certified Solutions Architect Associate Exam Practice Simulator. Whizlabs. http://www.whizlabs.com/aws-solutions-architect-associate/
 AWS Certified Solution Architect – Associate Certification. Amazon AWS. https://aws.amazon.com/certification/certified-solutions-architect-associate/
Wish you the best in your preparation!
Stay tuned to get more study notes for AWS CSAA exam..
- Updates to the AWS Certified Cloud Practitioner Exam - September 28, 2023
- MD-102 Preparation Guide : Microsoft Endpoint Administrator - September 20, 2023
- MS-102 Preparation Guide : Microsoft 365 Administrator - September 13, 2023
- Prove Your Skills As a Cybersecurity Architect - September 11, 2023
- Overview of Azure Blueprints | AZ-900 Certification - September 5, 2023
- What is Data Modeling in Power BI?: An Ultimate Guide - August 31, 2023
- What is Privileged Access Management (PAM)? - August 2, 2023
- Sap on AWS vs Sap Workloads on Azure – Which Service is Best for Use? - July 24, 2023