Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Introduction on Amazon EC2

Amazon Web Services
Amazon Web Services

Amazon EC2 changes the economics of computing and provides you with complete control of your computing resources. It is designed to make web-scale cloud computing easier for developers. In this session, we will take you on a journey, starting with the basics of key management and security groups and ending with an explanation of Auto Scaling and how you can use it to match capacity and costs to demand using dynamic policies. We will also discuss tools and best practices that will help you build failure resilient applications that take advantage of the scale and robustness of AWS regions.

1 of 65
Amazon EC2 Foundations Nico Vautier, Solutions Architect Manager, NYC 24, 2017
What to expect from this short talk  AWS concepts: AWS Regions, Availability Zones  Understanding EC2 instance options and how to choose the right one/mix for your workload  Understanding Storage options and how to choose the right one/mix for your workload  The basics of VPC networking and setting up a load balancer  Monitoring, Metrics & Logs  Security and Access Control  Deployment  (EC2 Cost Optimization)
AWS global infrastructure 16 regions (a separate geographic area) Each region has multiple, isolated locations known as Availability Zones. Resources aren't replicated across regions unless you do so specifically. 42 Availability Zones *Throughout the next year, the AWS global infrastructure will expand with at least five new Availability Zones in new geographic regions: Ningxia in China, Paris in France.
Amazon EC2
Amazon Elastic Compute Cloud (EC2) - Elastic virtual servers in the cloud Physical Servers in AWS Global Regions Host server Hypervisor Guest 1 Guest 2 Guest n
Amazon EC2 10+ years ago… • First generation, single instance family and size • m1.small (1 vCPU, 1.7 GiB RAM, 160 GB storage) • Linux only • On-Demand pricing only
EC2 instances today c4.large Instance family Instance generation Instance size
Choosing the Right Amazon EC2 Instance EC2 Instance types are optimized for different use cases & come in multiple sizes. This allows you to optimally scale resources to your workload requirements. AWS utilizes Intel® Xeon® processors for EC2 Instances providing customers with high performance and value. Consider the following when choosing your instances: Core count, Memory size, Storage size & type, Network performance, & CPU technologies. Hurry Up & Go Idle - A larger compute instance can save you time and money, therefore paying more per hour for a shorter amount of time can be less expensive.
Get the Intel® Advantage Intel’s latest 22nm Haswell microarchitecture on new C4 instances, with custom Intel® Xeon® v3 processors, provides new features: Haswell microarchitecture has better branch prediction; greater efficiency at prefetching instructions and data; along with other improvements that can boost existing applications’ performance by 30% or more. P state and C state control provides the ability to individually tune each cores performance and sleep states to improve application performance. Intel® AVX2.0 instructions can double the floating-point performance for compute-intensive workloads over Intel® AVX, and provide additional instructions useful for compression and encryption.
Intel® Processor Technologies Intel® AVX – Get dramatically better performance for highly parallel HPC workloads such as life science engineering, data mining, financial analysis, or other technical computing applications. AVX also enhances image, video, and audio processing. Intel® AES-NI – Enhance your security with these new encryption instructions that reduce the performance penalty associated with encrypting/decrypting data. Intel® Turbo Boost Technology – Get more computing power when you need it with performance that adapts to spikes in your workload with Intel® Turbo Boost Technology 2.0
EC2 Instances with Intel® Technologies
Performance factor: CPU
Performance factor: Memory
Performance factor: Memory
Performance factor: GPUs
aws.amazon.com/ec2/faqs/ Extensive list of supported operating systems & software RedHat Linux, Windows Server, SuSE Linux, Ubuntu, Fedora, Debian, Cent OS, Gentoo Linux, Oracle Linux, and FreeBSD
STORAGE
File Amazon EFS Block Amazon EBS Amazon EC2 Instance Store Object Amazon S3 Amazon Glacier
Block Storage Options
NETWORKING
Virtual Private Cloud aws.amazon.com/vpc/
A virtual network in your own logically isolated area within the AWS cloud populated by infrastructure, platform, and application services that share common security and interconnection Amazon VPC aws.amazon.com/vpc/
▶ Elastic network interface (ENI) ▶ Subnet ▶ Network access control list (ACL) ▶ Route table ▶ Internet gateway ▶ Virtual private gateway ▶ Route 53 private hosted zone VPC Networking
Availability Zone 1a Availability Zone 1b Internet 10.0.0.5 10.0.0.6 10.0.3.17 10.0.3.5 10.0.1.5 10.0.1.25 10.0.1.8 10.0.1.6 VPC Subnet VPC Subnet VPC Subnet Virtual Private Gateway Customer Gateway VPN Connection Internet Gateway Customer Data Center
VPC Creation with the VPC Wizard
Example: enterprise application architecture
Elastic Load Balancing aws.amazon.com/elasticloadbalancing/
▶ Timeout Configuration ▶ Connection Draining ▶ Cross-zone Load Balancing aws.amazon.com/elasticloadbalancing/
Example: 3-tier web application architecture
MONITORING, METRICS & LOGS
A monitoring service for AWS cloud resources and the applications that you run on AWS. Use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch aws.amazon.com/cloudwatch/
Amazon CloudWatch
CloudWatch Metrics in the EC2 Console
Monitoring Scripts for EC2 Instances docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts.html
Monitor applications and systems using log data Store in a highly durable storage and set retention Access your log files via Web, CLI, or SDK Amazon EC2 (Linux & Windows) AWS Lambda … Amazon CloudWatch Logs docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html
CloudWatch Metrics & Alarms AWS Resource Your Custom Data Metric Alarm Action CloudWatch
CloudWatch Logs + Filter AWS Resource Your Custom Data Metric Alarm Action CloudWatch FilterLogs
Alarm Actions Action Notification (SNS) Auto Scaling action EC2 action Recover Stop Terminate Amazon EC2 Auto Recovery Use this action together with status checks to automate instance recovery
SECURITY & ACCESS CONTROL
Consistent, regular, exhaustive 3rd party evaluations • Secured premises • Secured access • Built-in firewalls • Unique users • Multi-factor authentication • Private subnets • Encrypted data storage • Dedicated connection Architected for Enterprise Security
Access a deep set of cloud security tools Encryption Key Management Service CloudHSM Server-side Encryption Networking Virtual Private Cloud Web Application Firewall Compliance ConfigCloudTrailService Catalog Identity IAM Active Directory Integration SAML Federation
Access credentials Access key and secret key used to authenticate when accessing AWS APIs Key pairs Public key and private key used to authenticate when accessing an Amazon EC2 instance Security and Access Foundations
USE IAM ROLES TO PASS ACCESS CREDENTIALS TO AN INSTANCE
Amazon Lightsail
DEPLOYMENT
AMAZON MACHINE IMAGES
Amazon maintained Set of Linux and Windows images Kept up to date by Amazon in each region Community maintained Images published by other AWS users Managed and maintained by Marketplace partners Your machine images AMIs you have created from EC2 instances Can be kept private or shared with other accounts
Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI
Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI Configure dynamically Launch an instance Use metadata service and cloud-init to perform actions on instance when it launches
Bake an AMI Build your base images and set up custom initialization scripts Maintain your ‘golden’ base Configure dynamically Use bootstrapping to pass custom information in and perform post launch tasks like pulling code from SVN +
Time consuming configuration startup time Static configurations less change management Bake an AMI Configure dynamically
Continuous deployment latest code Environment specific dev-test-prod Bake an AMI Configure dynamically
AUTO SCALING
Maintain EC2 instance availability Detects impaired EC2 instances Replaces the instances automatically Automatically Scale Your Amazon EC2 Fleet Follow the demand curve for your applications Reduce the need to manually provision Amazon EC2 capacity Run at optimal utilisation
Reusable Instance Templates Provision instances based on a reusable template you define, called a launch configuration. Automated Provisioning Keep your Auto Scaling group healthy and balanced, whether you need one instance or 1,000. Adjustable Capacity Maintain a fixed group size or adjust dynamically based on Amazon CloudWatch metrics.
Launch Configuration Describes what Auto Scaling creates when adding Instances Only one active launch configuration at a time aws autoscaling create-launch-configuration --launch-configuration-name launch-config --image-id ami-54cf5c3d --instance-type m3.medium --key-name mykey --security-groups webservers Auto Scaling group Auto Scaling managed grouping of EC2 instances Automatically scale the number of instances by policy aws autoscaling create-auto-scaling-group --auto-scaling-group-name autoscaling-group --availability-zones eu-west-1a eu-west-1b --launch-configuration launch-config --load-balancer-names myELB --min-size 1 --max-size 5 Auto Scaling policy Parameters for performing an Auto Scaling action Scale in/out and by how much aws autoscaling put-scaling-policy --auto-scaling-group-name autoscaling-group --policy-name autoscaling-policy --min-adjustment-magnitude=2 --adjustment-type ChangeInCapacity --cooldown 300
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 41 Instance Hours m4.large @ $0.133/hr = $5.453/day
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 70 Instance Hours t2.small @ $0.026/hr = $1.82/day
OTHER DEPLOYMENT OPTIONS
AWS CodeDeploy • Scale from 1 instance to thousands • Deploy without downtime • Centralize deployment control and monitoring • On-premises support Staging CodeDeployv1, v2, v3 Production Dev Coordinate automated deployments, just like Amazon Application Revisions Deployment Groups aws.amazon.com/codedeploy/
Amazon EC2 Container Service A highly scalable, high performance container management service aws.amazon.com/ecs/ Launch and terminate Docker containers Across a cluster of EC2 instances Mount persistent volumes at launch Private Docker repositories
Getting Started with Amazon EC2: http://aws.amazon.com/ec2/getting-started/ Auto Scaling Getting Started Tutorial http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/GettingStartedTutorial.html Additional Resources and further Learning
Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/ self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS AWS Training & Certification
Email me at dreischs@amazon.com with any questions! Thank you!

More Related Content

Introduction on Amazon EC2

  • 1. Amazon EC2 Foundations Nico Vautier, Solutions Architect Manager, NYC 24, 2017
  • 2. What to expect from this short talk  AWS concepts: AWS Regions, Availability Zones  Understanding EC2 instance options and how to choose the right one/mix for your workload  Understanding Storage options and how to choose the right one/mix for your workload  The basics of VPC networking and setting up a load balancer  Monitoring, Metrics & Logs  Security and Access Control  Deployment  (EC2 Cost Optimization)
  • 3. AWS global infrastructure 16 regions (a separate geographic area) Each region has multiple, isolated locations known as Availability Zones. Resources aren't replicated across regions unless you do so specifically. 42 Availability Zones *Throughout the next year, the AWS global infrastructure will expand with at least five new Availability Zones in new geographic regions: Ningxia in China, Paris in France.
  • 5. Amazon Elastic Compute Cloud (EC2) - Elastic virtual servers in the cloud Physical Servers in AWS Global Regions Host server Hypervisor Guest 1 Guest 2 Guest n
  • 6. Amazon EC2 10+ years ago… • First generation, single instance family and size • m1.small (1 vCPU, 1.7 GiB RAM, 160 GB storage) • Linux only • On-Demand pricing only
  • 7. EC2 instances today c4.large Instance family Instance generation Instance size
  • 8. Choosing the Right Amazon EC2 Instance EC2 Instance types are optimized for different use cases & come in multiple sizes. This allows you to optimally scale resources to your workload requirements. AWS utilizes Intel® Xeon® processors for EC2 Instances providing customers with high performance and value. Consider the following when choosing your instances: Core count, Memory size, Storage size & type, Network performance, & CPU technologies. Hurry Up & Go Idle - A larger compute instance can save you time and money, therefore paying more per hour for a shorter amount of time can be less expensive.
  • 9. Get the Intel® Advantage Intel’s latest 22nm Haswell microarchitecture on new C4 instances, with custom Intel® Xeon® v3 processors, provides new features: Haswell microarchitecture has better branch prediction; greater efficiency at prefetching instructions and data; along with other improvements that can boost existing applications’ performance by 30% or more. P state and C state control provides the ability to individually tune each cores performance and sleep states to improve application performance. Intel® AVX2.0 instructions can double the floating-point performance for compute-intensive workloads over Intel® AVX, and provide additional instructions useful for compression and encryption.
  • 10. Intel® Processor Technologies Intel® AVX – Get dramatically better performance for highly parallel HPC workloads such as life science engineering, data mining, financial analysis, or other technical computing applications. AVX also enhances image, video, and audio processing. Intel® AES-NI – Enhance your security with these new encryption instructions that reduce the performance penalty associated with encrypting/decrypting data. Intel® Turbo Boost Technology – Get more computing power when you need it with performance that adapts to spikes in your workload with Intel® Turbo Boost Technology 2.0
  • 11. EC2 Instances with Intel® Technologies
  • 16. aws.amazon.com/ec2/faqs/ Extensive list of supported operating systems & software RedHat Linux, Windows Server, SuSE Linux, Ubuntu, Fedora, Debian, Cent OS, Gentoo Linux, Oracle Linux, and FreeBSD
  • 18. File Amazon EFS Block Amazon EBS Amazon EC2 Instance Store Object Amazon S3 Amazon Glacier
  • 22. A virtual network in your own logically isolated area within the AWS cloud populated by infrastructure, platform, and application services that share common security and interconnection Amazon VPC aws.amazon.com/vpc/
  • 23. ▶ Elastic network interface (ENI) ▶ Subnet ▶ Network access control list (ACL) ▶ Route table ▶ Internet gateway ▶ Virtual private gateway ▶ Route 53 private hosted zone VPC Networking
  • 24. Availability Zone 1a Availability Zone 1b Internet 10.0.0.5 10.0.0.6 10.0.3.17 10.0.3.5 10.0.1.5 10.0.1.25 10.0.1.8 10.0.1.6 VPC Subnet VPC Subnet VPC Subnet Virtual Private Gateway Customer Gateway VPN Connection Internet Gateway Customer Data Center
  • 25. VPC Creation with the VPC Wizard
  • 28. ▶ Timeout Configuration ▶ Connection Draining ▶ Cross-zone Load Balancing aws.amazon.com/elasticloadbalancing/
  • 29. Example: 3-tier web application architecture
  • 31. A monitoring service for AWS cloud resources and the applications that you run on AWS. Use Amazon CloudWatch to collect and track metrics, collect and monitor log files, and set alarms. Amazon CloudWatch aws.amazon.com/cloudwatch/
  • 33. CloudWatch Metrics in the EC2 Console
  • 34. Monitoring Scripts for EC2 Instances docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/mon-scripts.html
  • 35. Monitor applications and systems using log data Store in a highly durable storage and set retention Access your log files via Web, CLI, or SDK Amazon EC2 (Linux & Windows) AWS Lambda … Amazon CloudWatch Logs docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/WhatIsCloudWatchLogs.html
  • 36. CloudWatch Metrics & Alarms AWS Resource Your Custom Data Metric Alarm Action CloudWatch
  • 37. CloudWatch Logs + Filter AWS Resource Your Custom Data Metric Alarm Action CloudWatch FilterLogs
  • 38. Alarm Actions Action Notification (SNS) Auto Scaling action EC2 action Recover Stop Terminate Amazon EC2 Auto Recovery Use this action together with status checks to automate instance recovery
  • 39. SECURITY & ACCESS CONTROL
  • 40. Consistent, regular, exhaustive 3rd party evaluations • Secured premises • Secured access • Built-in firewalls • Unique users • Multi-factor authentication • Private subnets • Encrypted data storage • Dedicated connection Architected for Enterprise Security
  • 41. Access a deep set of cloud security tools Encryption Key Management Service CloudHSM Server-side Encryption Networking Virtual Private Cloud Web Application Firewall Compliance ConfigCloudTrailService Catalog Identity IAM Active Directory Integration SAML Federation
  • 42. Access credentials Access key and secret key used to authenticate when accessing AWS APIs Key pairs Public key and private key used to authenticate when accessing an Amazon EC2 instance Security and Access Foundations
  • 43. USE IAM ROLES TO PASS ACCESS CREDENTIALS TO AN INSTANCE
  • 47. Amazon maintained Set of Linux and Windows images Kept up to date by Amazon in each region Community maintained Images published by other AWS users Managed and maintained by Marketplace partners Your machine images AMIs you have created from EC2 instances Can be kept private or shared with other accounts
  • 48. Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI
  • 49. Bake an AMI Start an instance Configure the instance Create an AMI from your instance Start new ones from the AMI Configure dynamically Launch an instance Use metadata service and cloud-init to perform actions on instance when it launches
  • 50. Bake an AMI Build your base images and set up custom initialization scripts Maintain your ‘golden’ base Configure dynamically Use bootstrapping to pass custom information in and perform post launch tasks like pulling code from SVN +
  • 51. Time consuming configuration startup time Static configurations less change management Bake an AMI Configure dynamically
  • 52. Continuous deployment latest code Environment specific dev-test-prod Bake an AMI Configure dynamically
  • 54. Maintain EC2 instance availability Detects impaired EC2 instances Replaces the instances automatically Automatically Scale Your Amazon EC2 Fleet Follow the demand curve for your applications Reduce the need to manually provision Amazon EC2 capacity Run at optimal utilisation
  • 55. Reusable Instance Templates Provision instances based on a reusable template you define, called a launch configuration. Automated Provisioning Keep your Auto Scaling group healthy and balanced, whether you need one instance or 1,000. Adjustable Capacity Maintain a fixed group size or adjust dynamically based on Amazon CloudWatch metrics.
  • 56. Launch Configuration Describes what Auto Scaling creates when adding Instances Only one active launch configuration at a time aws autoscaling create-launch-configuration --launch-configuration-name launch-config --image-id ami-54cf5c3d --instance-type m3.medium --key-name mykey --security-groups webservers Auto Scaling group Auto Scaling managed grouping of EC2 instances Automatically scale the number of instances by policy aws autoscaling create-auto-scaling-group --auto-scaling-group-name autoscaling-group --availability-zones eu-west-1a eu-west-1b --launch-configuration launch-config --load-balancer-names myELB --min-size 1 --max-size 5 Auto Scaling policy Parameters for performing an Auto Scaling action Scale in/out and by how much aws autoscaling put-scaling-policy --auto-scaling-group-name autoscaling-group --policy-name autoscaling-policy --min-adjustment-magnitude=2 --adjustment-type ChangeInCapacity --cooldown 300
  • 57. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity
  • 58. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 41 Instance Hours m4.large @ $0.133/hr = $5.453/day
  • 59. 00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00 12:00 13:00 14:00 15:00 16:00 17:00 18:00 19:00 20:00 21:00 22:00 23:00 Utilisation & Auto Scaling Granularity 70 Instance Hours t2.small @ $0.026/hr = $1.82/day
  • 61. AWS CodeDeploy • Scale from 1 instance to thousands • Deploy without downtime • Centralize deployment control and monitoring • On-premises support Staging CodeDeployv1, v2, v3 Production Dev Coordinate automated deployments, just like Amazon Application Revisions Deployment Groups aws.amazon.com/codedeploy/
  • 62. Amazon EC2 Container Service A highly scalable, high performance container management service aws.amazon.com/ecs/ Launch and terminate Docker containers Across a cluster of EC2 instances Mount persistent volumes at launch Private Docker repositories
  • 63. Getting Started with Amazon EC2: http://aws.amazon.com/ec2/getting-started/ Auto Scaling Getting Started Tutorial http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/GettingStartedTutorial.html Additional Resources and further Learning
  • 64. Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/ self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS AWS Training & Certification
  • 65. Email me at dreischs@amazon.com with any questions! Thank you!