Saturday, July 26, 2014

Amazon cloud services - EC2

EC2  - elastic Compute - on demand, disposable.

Is a shared environment - physical machines shared by multiple customers.

these are the  tech layers

  1. customer instances
  2. vpn using Zen Hypervisor
  3. virtual interfaces
  4. Security groups
  5. firewall
  6. physical interfaces

AMI - amazon machine instance (virtual machine)

can be running or stopped
ECS is more public
VPC - Virtual private cloud - more control of network layers - better for high security companies -eg bank

Globally there are Regions - you pick one

then in each region there are AZ - Availability zones

SSS - S3 Simple Storage Service

S3 buckets (buckets of storage - logical term)
snapshots/backups are made to S3 - in a region

Instance - AMI

unit of control/ unit of scale / unit of resilience
you can bundle, spread for ha, add and remove, control cost
scale out multiples of this
large variety of instances.
easy to size up from small..

AMI can be Amazon maintained, community maintained, your own images for your company
e.g. Linux, Enterprise Linux, windows

this in an on demand service

Launching an Instance


set region, instance size, AMI. key pair, security Groups

Key pairs

Public key is auto inserted into new running instance
you get a private-
only you can access your instance due to this.
eg use RDP to get onto the instance.

Credentials - access key and secret key for API

used with all API usage provided by EC2
X.509
used to authenticate against some old API's

Security groups

set name, desc, protocol, port range , ip address, or another security group

How do I launch an ECS AMI instance ?

Windows- Can use powershell commands / script to launch an instance
Linux - from scripting language - commands available
also can use python libraries to run instances.

IAM roles and EC2 tools

After creating a an instance - assign a IAM role.
Create a role with plus instance with an automatic installation of all tools
Also ensures all secret keys automatically set up.
Can revoke roles.

Costing

price per hour
Reserved instance for x years - discounts
spot instances - bid for excess capacity - cheaper, but not reliable

ELB - elastic load balancer

EPH - epherial non persistent storage

CloudWatch -

monitoring tool,
with alarms -
thresholds - can triggers to scale up, scale down - eg cpu power
uses policies to enable.
Additional actions - eg fire to http, email, queue - so we can programmatically
take advantage of alerts
Write metrics
Can see billing details etc.

Route 53 - control of dns - eg rolling deployments


Beanstalk - autoscaling for popular tools eg ruby and python


OpsWorks - automate configuration


Cloud formation - make templates for everything


Need to stop thinking of resources as fixed.