Amazon EC2/AWS/etc. =================== https://wiki.debian.org/Amazon/EC2/FAQ Q: What is EC2? A: EC2 is an Infrastructure as a Service Cloud Computing Platform provided by Amazon Web Services, that allows users to instantiate various types of virtual machines. Q: What is an instance? A: An EC2 instance is a Virtual Machine running on Amazon's EC2 Cloud. Q: What is an AMI? A: An AMI (Amazon Machine Image) is a preconfigured bootable machine image, that allows one to instantiate an EC2 instance. (EC2 Virtual Machine) Q: What is EBS? A: EBS stands for Elastic Block Storage, and is a service that provides dynamically allocatable, persistent, block storage volumes that can be attached to EC2 instances. Most system operations that can be performed with an HDD can be performed with an EBS volume. e.g. - formatted with a filesystem and mounted. EBS also provides additional SAN-like features such as taking snapshots of volumes, and detaching and reattaching volumes dynamically. Q: What is the difference between an instance-store AMI/instance and an EBS AMI/instance? A: An instance-store instance boots off of an AMI that instantiates a non-persistent root volume that loses all data on poweroff, or hardware failure. EBS instances boot off an AMI that consists of an EBS volume that persists after powering off (stopping) an instance or in the event of a hardware failure a given instance is running on. EBS root volumes can be snap-shotted and cloned, like other EBS volumes. Q: What is the difference between terminating an instance and stopping an instance? A: Please note this difference is only applicable to EBS-root instances. When one stops an instance it basically virtually powers off the instance but it remains in the inventory to be powered on (started) again. Terminating an instance removes its records from the system inventory and usually also deletes its root volume. Q: How does IP addressing work in EC2? A: In "classic EC2" each instance is given a randomly assigned private IP address that maps via NAT to an also randomly assigned public IP address. VPC instances allow more control of the private (and public) IP address mappings and assignment, and as such let one assign custom private IP ranges and addresses, in addition to having the option to not assign public IP address mappings. Q: What is an Elastic IP Address (EIP)? A: An Elastic IP address is a Public IP addressed that is assigned to an individual AWS account. These IPs are assigned by region. This address can be assigned to any EC2 instance within a region and will replace the regularly assigned random public IP address. Q: What is an EC2 Region? A: An EC2 Region refers to a geographic region that is a completely autonomous set of compute resources, with their own management infrastructure. Regions do not share any resources, so they are considered completely separate for disaster recovery purposes. Q: What are the different methods supported to manage EC2? A: Either via the AWS Web Console, via the API, or via CLI tools. Q: How do I get to the AWS Web Console? A: https://console.aws.amazon.com/ Q: Where can I find the CLI tools to manage EC2? A: The original Amazon EC2 API Tools (http://aws.amazon.com/developertools/351) are not DFSG-compliant, but are officially supported by Amazon. There is an alternate set of DFSG-compliant tools, that are designed to be fully compatible called ?eucatools, which can be installed via apt-get install euca2ools. More recently, Amazon released the AWS Command Line Interface (http://aws.amazon.com/cli/) under a DFSG-compliant license. As of August 2014, this is available via apt-get install awscli in Debian Testing and Debian Unstable, but is not yet in a stable Debian version. ## Elastic IP ## - New instances get a public IP address, but it's ephemeral and will change when the instance restarts - An elastic IP is not ephemeral. It's tied to our AWS account. We can assign it to an instance. - Elastic IPs -> Allocate New Address, right-click Associate Address to associate with an instance ## AWS Storage ## - instance storage (ephemeral) - EBS (block) - Must be in the same zone as the EC2 instance - Network-attached, so latency may be an issue - Larger instances get more network, which means better EBS r/w - S3 - Need not be in the same zone as the EC2 instance - AMIs (Amazon Machine Images, i.e. templates) can have either - Instance-based (ephemeral) root partition - EBS-backed root partition - Even EBS-backed AMIs don't preserve their root partition by default - EBS-backed AMI can be set to persist the root partition by deselecting Delete On Termination on the Add Storage page in the web console ## Security Basics ## - Generate a key pair, and save the .pem. - The AWS Management Console provides firewall configuration for instances. - http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html - Create a Security Group - By default, no inbound traffic is allowed until you add inbound rules to the security group. - By default, an outbound rule allows all outbound traffic. - Operates at the instance level - Supports allow rules only - Is stateful: Return traffic is automatically allowed, regardless of any rules - We evaluate all rules before deciding whether to allow traffic - Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on Set permissions on key file: % chmod 400 aws.pem ssh using AWS .pem like: % ssh -i ~/path/to/aws.pem ec2-user@ec2-198-41-200-1.compute-1.amazonaws.com (The default user name for the Debian AMI images is "admin" rather than "ec2-user".) ## Initial Configuration of New Instances ## Make sure your instance has some swap. The Debian AMI does not, so we need to create it. $ sudo fallocate -l 2G /swapfile $ sudo dd if=/dev/zero of=/swapfile bs=1M count=2048 $ sudo chmod 600 /swapfile $ sudo mkswap /swapfile $ sudo swapon /swapfile Add to /etc/fstab: /swapfile none swap sw 0 0 ## Links ## - Official Debian AMIs: https://aws.amazon.com/marketplace/seller-profile/ref=srh_res_product_vendor?ie=UTF8&id=890be55d-32d8-4bc8-9042-2b4fd83064d5