Advanced EC2

Question 1

What is Bootstrapping?

Answer 1

When scripts or other predefined bits of information can be automatically run and applied when an instance is first launched.

REPEAT –> ONLY HAPPENS AT LAUNCH

The instance is brought into service in a certain, pre-defined state.

Question 2

How is Bootstrapping applied?

Answer 2

EC2 User Data

This is user metadata that can be queried by EC2 when bootstrapping.

Question 3

What is the universal IP/URL used to retrieve the User metadata needed for bootstrapping an instance?

Answer 3

169.254.169.254/latest/user-data

REVIEW: Instance Metadata is 169.254.169.254/latest/meta-data

Question 4

Does EC2 check the User Data before passing it to the instance OS?

Answer 4

NO.

EC2 simply takes the data and passes it without interpretation. The data is passed to the OS which runs it in full privilege mode.

Question 5

What is “post-launch time” ?

Answer 5

When you launch an instance based on an AMI, and then you need to add additional SW features, the added time it takes to get the instance up and running makes up this “post launch time”

Automating that post-launch process is what Bootstrapping is all about.

Question 6

What combination of features accelerates the launch time of an EC2?

Answer 6

AMI Baking + Bootstrapping (90% : 10%)

Baking does some of the post-launch config ahead of time, so it’s “baked” into the AMI (like parameters around hosting a Word Press website). Then anything small/additional can be done via Bootstrapping.

Question 7

What is CFN-INIT?

Answer 7

Cloudformation Init

Method for passing complex bootstrapping instructions to an EC2.

Question 8

What does CFN-INIT do?

Answer 8

It outlines the “Desired State” of what we want that instance to be, and then EC2 will perform whatever is required to move that instance into that desired state.

EC2 get’s these instructions from a CFN template.

Question 9

What is a main benefit of CFN-INIT versus regular Bootstrapping with User Data?

Answer 9

CFN-Init also works with ongoing stack updates, where User Data only works once @ the time of instance launch.

CFN-Init can be set to watch for any changes in the metadata on an object within an CFN template, and if there are changes, update the config of that instance to the newly desired state specific in the template.

You CAN’T do this with User Data/Bootstrapping

Question 10

What is a Creation Policy?

Answer 10

Something added to a logical resource within a CFN template which acts like a post-configuration check to tell CFN if the resource was actually stood up successfully.

By default, CFN just passed information and has no way of actually knowing whether or not the resource (with added/customized config parameters) was stood up successfully.

CFN will wait for a signal from the resource itself; even though EC2 tells CFN it’s good to go and the 2 x system checks are passed, it won’t be listed as complete until it get’s the OK signal from the resource.

Question 11

What is an EC2 Instance Role?

Answer 11

IAM Role that an instance can assume, where anything running on that instance has the set permissions that the Role grants.

Review - Roles are best for allowing Services access to other Services in AWS.

Question 12

What is an Instance Profile?

Answer 12

The aspect of an EC2 which allows the permissions granted by a Role to get into/be accessible by the EC2 i.e facilitates the short-term credentials to the EC2 to use for assuming the Role.

REVIEW: IAM Roles issue temporary/short-term credentials to users accessing them.

Question 13

Do you have to manually rotate access keys when using an Instance Role?

Answer 13

NO.

EC2 will automatically rotate/renew the keys/credentials before they are retired so they’re always valid.

As long as the Apps inside the EC2 keep checking the metadata (Instance Profile), they will always have the renewed credentials.

Question 14

What are the 3 types of Placement Groups?

Answer 14

Cluster
Spread
Partition

Question 15

EC2 Cluster Placement Groups:

Answer 15

• Used when you want the highest level of performance possible in EC2
• puts resources physically close together on the same HW or at least in the same rack of HW
• Best practice is to use instances of the same type and size, and then launch all instances at the same time
• All members in the cluster have direct connections to each other; up to 10 Gbps (single stream)

** Use Case: high performance applications **

Question 16

Spread Placement Groups:

Answer 16

• can spread across multiple AZ’s
• instances are places in their own isolated HW rack
• up to 7 x instances per AZ
• allocation is handled by AWS

** Use Case: small number of critical instances that need to be separated from each other; typically it’s when you have mirrors of a critical app **

Question 17

Which types of Placement Groups support Dedicated Hosts?

Answer 17

Cluster

NO support on Spread or Partition

Question 18

Partition Placement Groups:

Answer 18

• workaround for getting more than 7 x instances per AZ
• 7 x Partitions per AZ with no limit on instances other than the underlying physical HW
• each partition has it’s own Rack and isolated PSUs
• AWS or Cu allocates the instances to the Partitions - customer get’s autonomy here (in Spread, AWS does the allocation)
• NOT supported on Dedicated Hosts

** Use Case: designed for huge scale systems where you can some control where groups if instances go **

Question 19

When does Bootstrapping occur?

Answer 19

ONLY at the launch of an instance.

Even if the EC2 is stopped, the User Data is changed, and then started up again it doesn’t matter.

Question 20

What is an EC2 Dedicated Host?

Answer 20

Dedicated to you for your workload(s) only. No multi-tenancy.

Question 21

Do you pay for running instances when they are on Dedicated Hosts?

What are the provisioning/payment options?

Answer 21

No - you only pay for the instance.

The options are Reserved and On-Demand.

Question 22

Can multiple AWS Accounts run on a Dedicated Host?

Answer 22

Yes.

Multiple accounts within a single Org can run on an EC2 Dedicated Host - they just won’t be able to see each other.

Question 23

What is EC2 Enhanced Networking?

Answer 23

Feature that improves overall performance of EC2 networking via SR-IOV.

Question 24

What is SR-IOV?

Answer 24

Single Root I/O Virtualization.

This is where the single physical network interface card can be split into many “logical” cards to be used by the virtual machines/resources running on a host.

Question 25

What is EBS Optimized?

Answer 25

EBS Optimized is dedicated block storage capacity for an instance that is separate from the data traffic i.e only storage traffic.

An Amazon EBS–optimized instance uses an optimized configuration stack and provides additional, dedicated capacity for Amazon EBS I/O. This optimization provides the best performance for your EBS volumes by minimizing contention between Amazon EBS I/O and other traffic from your instance.

REVIEW:
EBS = Block Storage for EC2 that’s shared over the network.

Question 26

Can you change an EBS instance/volume size without any downtime in a prod environment?

Answer 26

Yes.

EBS volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions.