Deep Dive on EC2 and S3
0 likes245 views
This document provides an overview of Amazon EC2 and S3 services. It describes EC2 regions, availability zones, VPC configuration, instance types (on-demand, reserved, spot), AMIs, EBS vs instance storage, security groups, auto scaling, and fleet management. For S3, it outlines buckets, objects, storage classes, versioning, lifecycle policies, encryption in transit and at rest, and demos enabling versioning and uploading to an encrypted bucket.
Ad
More Related Content
What's hot (10)
Similar to Deep Dive on EC2 and S3 (19)
Ad
Recently uploaded (20)
Ad
Deep Dive on EC2 and S3
- 1. Deep Dive on EC2 and S3 ARUN SIRIMALLA
- 3. Regions and Availability Zones • Amazon EC2 is hosted in multiple locations world-wide • Each region is a separate geographic area • Each region has multiple, isolated locations know as Availability zones VPC • Virtual datacenter in the cloud • You can create your own public-facing subnet for your webservers and place your backend systems such as databases or application servers in private subnet • You can create a hardware virtual private network connection b/w your corporate datacenter and AWS • Assign custom IP address range in each subnet • Create internet gateways • Leverage multiple layers of security
- 5. Amazon EC2 • Web service that provides secure, resizable compute capacity in the cloud • Pay only for capacity that you actually use • Choose Linux or Windows • Per second billing for existing and newly launched instance ü On-demand Instances Applications with spiky or unpredictable workloads or being developed or tested on AmazonEC2 ü Reserved Instances Steady state or predictable usage and able to make upfront payment ü Spot Instances Applications that have flexible start and end times
- 6. Amazon Machine Image (AMI) Provides the information required to launch an instance An AMI includes the following: ü A template for the root volume for the instance (for example, an operating system, an application server, and applications) ü Launch permissions that control which AWS accounts can use the AMI to launch instances ü A block device mapping that specifies the volumes to attach to the instance when it's launched
- 11. Amazon EBS vs Amazon EC2 Instance Store Amazon EBS • Data stored on Amazon EBS volume can persist independently of the life of the instance • Storage is persistent ü Magnetic ü General Purpose (SSD) ü Provisioned IOPS (SSD) Amazon EC2 Instance Store • Data stored on a local instance store persists only as long as the instance is alive • Physically attached to the host computer • Storage is ephemeral EBS Volumes: Larger and Faster General Purpose (SSD) Provisioned IOPS(SSD) Up to 16 TB up to 16 TB 10000 IOPS 20000 IOPS
- 13. Security Groups • Acts as a virtual firewall that controls the traffic for one or more instances • Add rules to each security group that allow traffic to or from its associated instances • By default, security groups allow all outbound traffic • You can specify allow rules, but not deny rules • You can specify separate rules for inbound and outbound traffic
- 14. Auto Scaling • Allows you to dynamically scale your Amazon EC2 capacity up or down automatically according to conditions you define • Helps you maintain application availability • Automatically replace impaired instances • Ability to Scale out, scale up or scale down
- 16. Fleet Management • Monitoring the health of running instances • Automatically replacing impaired instances • Balancing capacity across Availability Zones Dynamic scaling • Automatically scale your Amazon EC2 fleet • Add instances when CPU utilization is high • Remove instances based on request count
- 18. Demo • Creating AMI • Creating EC2 instance using custom AMI • Creating Security Groups • Increasing EC2 instance limits • Auto Scaling
- 19. Amazon Simple Storage Service (S3) The infinite Hard Drive in the Cloud
- 20. Amazon Simple Storage Service(S3) • Store and retrieve any amount of data, any time, from anywhere on the web • Highly Scalable, reliable, fast and durable • S3 object based allows you to upload files • Files can be 1 Byte to 5 TB • Buckets have unique namespace for each region • Amazon guarantees 99.99% availability • Guarantees durability of 99.999999999%
- 21. Amazon S3 concepts uAmazon S3 stores data as objects within buckets uAn object is composed of a file and optionally any metadata that describes that file uYou can have up to 100 buckets in each account uYou can control access to the bucket and its objects
- 22. • Write once, Read many • Eventually consistent • Secure by default • Use S3 Policies, ACLs or IAM to define rules • Cross-region replication Storage Classes Standard ü For frequently accessed data Standard – Infrequent access ü For long-lived, but less frequently accessed data Glacier ü For long-term archive
- 23. S3 Versioning • Stores all versions of an object • Works as a backup tool • Once enabled, versioning cannot be disabled, only suspended • If you enable versioning, you pay for the each version of the file S3 Lifecycle management • Can be used in conjunction with versioning • Can be applied to current versions and pervious versions • Actions allowed in conjunction with or without versioning ü Archive only ü Permanently delete only ü Archive and then permanently delete
- 24. S3 Encryption • Upload/Download your data to S3 via SSL encrypted endpoints • S3 automatically encrypt your data at rest In-transit encryption • You can protect data in transit by using SSL or by using client-side encryption At rest Use Server-Side Encryption – You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects. Use Client-Side Encryption – You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools
- 25. Demo Enabling Versioning on S3 bucket Create Encrypted S3 bucket Upload files to encrypted bucket through AWS CLI
- 26. Thank you!
- 27. Upcoming Sessions Oct 31 - Identity and Access Management (IAM)