• Auto scaling based on SQS size
  • CloudWatch Metrics + CloudWatch Alarm is required to keep track of the size of SQS

Section5: EC2 Fundamentals

• User Data

• EC2 On-demand for development and Reserved Instance for Production (running 24*7)

• Reserved Instances

  • for cost-saving purpose
  • Standard RI
  • Convertible RI (can change OS, ..)
  • e.g. for high availability and cost saving, reserve two instances in two AZs

• EC2 Spot Instances

  • cost-effective
    • spot instances are cheaper than reserved instances
  • not reliable to use Spot Instance for Dev environment
  • used for the workflow can withstand disruptions and can be started and stopped multiple times. (not highly available)
    • e.g. it is possible to run this kind of workflow using lambdas, but more costly
  • spot instance concepts:
    • spot fleet
      • a fleet of spot instances + on-demand instances(optional)
      • maintain a target capacity automatically. If a spot instance is terminated, starts a new one
    • spot instance interruption
    • spot instance request
    • spot instance pool
  • spot blocks
    • not interrupted for the duration you select
    • in rare situations, it can be interrupted

• Dedicated Host vs Dedicated Instance

  • they both run an application on single-tenant hardware(single physical server, and you have control over how your application is placed on the physical server. Hardware isolation)
  • Bring your own license(BYOL) is supported on Dedicated Host
  • BYOL is not supported on Dedicated Instance
  • Dedicated Instance is cheaper
  • you can change between dedicated instance ↔ dedicated host, after launch
    • you cannot go back to default, or vice versa

• how to copy an ec2 instance in region A to region B

  • copy AMI of ec2 instance in region A to region B, and create an instance in region B using the copied AMI
    • at this point, there are a snapshot, AMI, and an instance in region B(snapshot is copied as well because AMI is based on a snapshot)

• Security Groups

  • cannot restrict requests based on geo location
  • stateful
  • for an instance
  • allows all outbound traffic by default
  • you can set outbound rule to only allow traffic to another security group port 1433(Microsoft SQL server, only listening to port 1433)
  • you can set inbound rule to only allow traffic from another security group port 1433

• Network Access Control List(NACL)

  • stateless
  • for a subnet
  • by default, allows all inbound and outbound traffic

• EC2 Hibernate

  • saves the content of RAM to EBS
  • can resume where you left off
  • can reboot the instance quickly (help speed up the instance start time)

• IAM policy

  "Condition": {
          "StringEquals": {
            "aws:RequestedRegion": "eu-west-1"
          }
  

  Only allowed to launch instances in eu-west-1, but API calls can be anywhere

  • aws:RequestedRegion represents the target of the API call