Placement Groups

EC2 Placement Groups allow to influence the physical placement of EC2 instances within the AWS infrastructure. There are 3 types of placement groups: Cluster,Partition, and Spread.

1. Cluster:
   1. All instances in a single rack within one Availability Zone (AZ).
   2. Best for: Applications requiring high network throughput and low latency (e.g., HPC, ML).
   3. Risk: A rack failure affects all instances in the group.
2. Partition:
   1. Instances are divided into partitions, with each partition placed on separate racks.
   2. Can span multiple AZs.
   3. Limits: Up to 7 partitions per AZ; many instances per partition.
   4. Best for: Distributed and replicated workloads (e.g., Cassandra, HDFS).
3. Spread:
   1. Each instance is placed on a separate racks.
   2. Can span multiple AZs.
   3. Limits: Up to 7 running instances per AZ.
   4. Best for: Small, critical workloads requiring maximum isolation and high availability (e.g., DNS servers, control plane nodes).

Storage Options

1. Object Storage >> Amazon S3
   • Not EC2-attached directly; used for storing unstructured data like backups, logs, images, etc.
   • Highly durable (99.999999999%), scalable, and supports lifecycle management.
2. File storage >> EFS (Linux instances only), FSx
   1. Amazon EFS:
      • Scalable, fully managed file system for Linux-based EC2 instances.
      • Can be mounted on multiple instances simultaneously across AZs.
   2. Amazon FSx:
      • Fully managed file systems for Windows (FSx for Windows File Server) or Lustre (FSx for Lustre).
      • Supports Windows and Linux depending on the option.
3. File caching >> Amazon File Cache
   • Delivers temporary, high-speed cache for file-based workloads accessing data from S3, NFS, etc.
   • Used for low-latency access to remote datasets.
4. Block Storage >> Instance Store and EBS
   1. Instance Store Volumes:
      • Temporary (ephemeral) storage physically attached to the host.
      • Data is lost on stop, hibernate, or terminate.
      • High-performance, low-latency, and suitable for caches, buffers, and replicated data.
      • Cannot use Multi-Attach
      • Not all EC2 instance types support instance store.
   2. EBS(Elastic Block Store) Volumes:
      • Durable and persistent storage, survives instance stop/terminate.
      • Can take snapshots and restore data.
      • Multi-Attach is supported only for io1/io2 volumes, and only with certain instance types, within the same AZ.
      • Provisioned IOPS (io1/io2) offers high performance and low latency, but at higher cost.

Types of EBS Volumes

Amazon EBS provides persistent block storage volumes that can be attached to EC2 instances. Below are the EBS Volumes:

1. I → io1/io2 (Provisioned IOPS SSD):
   1. High-performance SSD for workloads that require high IOPS (up to 64,000 IOPS).
   2. Best for databases, big data analytics, and low-latency applications.
2. S → gp2/gp3 (General Purpose SSD):
   1. Balanced performance SSD suitable for balanced performance..
   2. Provides burstable performance with automatic scaling up to 3,000 IOPS.
3. S → st1 (Throughput Optimized HDD)(Previous-generation):
   1. HDD designed for throughput-intensive workloads like data warehousing.
   2. High sequential read/write performance at lower cost.
   3. AWS recommends avoiding using it for new workloads.
4. S → sc1 (Cold HDD):
   1. Low-cost HDD suitable for infrequent access data like backup and archival.
   2. High durability, but low IOPS and latency.
5. S → standard (Magnetic HDD)(Depreciated):
   1. Older magnetic HDD used for non-performance-critical workloads.
   2. Suitable for cost-effective, warm data storage.

Trick to memorize the types of EBS volumes: "I Got Some Smart Storage".

EC2 Purchasing Options

1. On-Demand Instances: Pay per second (Linux) or per hour (Windows) with no long-term commitment. Best for short-term, spiky, or unpredictable workloads.
2. Savings Plans: Offer significant discounts in exchange for committing to a consistent hourly spend for 1 or 3 years. Best for flexible and dynamic workloads.
3. Reserved Instances (RIs): Provide high discounts (up to ~72–75%) by committing to specific instance types for 1 or 3 years. Available as Standard (highest discount) or Convertible (more flexibility, lower discount). Best for steady, predictable EC2 usage.
4. Scheduled Instances (Discontinued in July 2023): Previously allowed reservations for recurring schedules. Recommended alternative: On-Demand + automation (e.g., EventBridge, Auto Scaling).
5. Spot Instances: Use spare EC2 capacity at up to 90% discount. Instances can be interrupted with short notice. Best for batch jobs, fault-tolerant workloads, CI/CD, big data, and containers.
6. Dedicated Hosts: Rent an entire physical server for exclusive use. Ideal for bring-your-own-license (BYOL) scenarios (e.g., Windows Server, SQL Server). Provides host-level visibility and control.
7. Dedicated Instances: Instances run(billed hourly) on single-tenant hardware, but without host-level visibility. Less commonly used than Dedicated Hosts.
8. Capacity Reservations: Reserve EC2 capacity in a specific Availability Zone for any duration. Ensures capacity availability but charges apply whether used or not. Can be combined with Savings Plans or RIs to reduce cost.

AMI in Amazon EC2

An AMI is like a full backup of your entire computer, including the operating system, installed programs, and settings. It allows you to create new computers (EC2 instances) that are exact copies of the one you backed up.

AMI Specifies

1. Region: AWS Region where they are created. You can copy AMIs to other Regions if needed.
2. Operating System: Defines the OS (e.g., Amazon Linux, Ubuntu, Windows Server)
3. Processor Architecture: Specifies the CPU architecture (e.g., x86-64 or ARM64 ).
4. Virtualization Type: Defines the virtualization mode: HVM (Hardware Virtual Machine) or, PV (Paravirtual)
5. Launch Permissions: Controls who can use the AMI to launch instances
6. Root Device Type: Determines where the root file system is stored: EBS-backed or, Instance store-backed
7. Storage Details:
   1. Includes snapshots of volumes (e.g., root and additional volumes).
   2. Specifies block device mappings for storage configuration.
8. Other Metadata:
   1. AMI ID (unique identifier in the Region).
   2. Name and description.

AMI vs SNAPSHOT

1. Snapshot: Saves a point-in-time copy of the data on a specific volume(like your photos or documents). It only includes the data on the disk, not the operating system or configurations.
2. AMI: Saves a complete copy of the entire system setup, including:
   1. Operating System (OS)
   2. Software installed
   3. Data on the root volume
   4. Additional attached volumes (if specified)

Example - When a new AMI is copied from Region A into Region B. It automatically creates -

1. a snapshot in Region B because AMIs are based on the underlying snapshots.
2. an instance is created from this AMI in Region B. Hence, we have 1 Amazon EC2 instance, 1 AMI and 1 snapshot in Region B.

AMI(Amazon Machine Image) Types

An AMI is a master template or blueprint used to launch identical EC2 virtual servers.

1. AWS-Provided AMI: AMIs maintained by AWS (e.g., Amazon Linux, Windows Server). Often used as a starting point for deployments.
2. Custom AMI(Important for exam): An AMI created by users that includes custom software, configurations, and settings. Used to launch identical EC2 instances quickly.
3. Public AMI: An AMI shared publicly by AWS or other users. Anyone can launch instances from it. Examples include official Ubuntu or Amazon Linux AMIs.
4. Private AMI: An AMI accessible only within your AWS account or shared with specific accounts. Commonly used for internal applications and secure environments.

Golden AMI (Conceptual / DevOps Term)

1. A pre-hardened, standardized Custom AMI containing OS, patches, security agents, and baseline software.
2. Used to ensure consistency, security, and compliance across environments.
3. Exams may describe the concept, but won’t test the term directly.environments.

Instance Metadata Service(IMDS)

Instance Metadata Service (IMDS) provided by AWS EC2 allows an instance to retrieve dynamic data about itself and its environment.This information is typically accessed via a specific URL within the instance. ip is always fixed - 169.254.169.254

http://169.254.169.254/latest/meta-data/

Question: A company needs to look up configuration details about how a Linux-based Amazon EC2 instance was launched. Which command should a solutions architect run on the EC2 instance to gather the system metadata?

Answer: The only way to retrieve instance metadata is to use link with ip 169.254.169.254

When EC2 instance terminates immediately after launch?

Possible Reasons for EC2 instance terminating immediately after launch are -

1. Maximum volume limit reached: If reached the maximum volume limit, the instance may fail to allocate the required storage and terminate.
2. Missing AMI: An EC2 instance cannot launch without a valid AMI, as it is required to create the root volume.
3. Corrupt snapshot: If a snapshot used to create the instance is corrupt, the instance will fail to initialize and may terminate.
4. Maximum EC2 instance limit reached: If the limit is reached, the instance launch will fail altogether, but it will not result in the instance being terminated—it simply will not be created.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

In AWS, IDS/IPS implementation is achieved using native services or third-party tools: The below are the Native AWS Services for IDS/IPS

• AWS Network Firewall: Traffic inspection and rule-based filtering.
• Amazon GuardDuty: Threat detection and anomaly monitoring.
• AWS WAF: Protects against web application attacks like SQL injection and XSS.

EC2 user data

EC2 user data allows you to provide configuration or initialization scripts when launching an EC2 instance. These scripts run automatically when the instance is first booted, enabling you to customize and configure your instances on startup.

Use Cases:

1. Automated Configuration: Automate the installation of software packages, updates, or security patches when the instance is launched.
2. Application Deployment: Deploy custom applications by downloading code or running deployment scripts.
3. System Configuration: Configure system settings like network configurations, storage, or environment variables on instance boot.

#!/bin/bash
yum update -y
yum install httpd -y
service httpd start

Security Group(SG)

Security groups are designed to control network traffic to and from resources within a VPC. They act as virtual firewalls to protect EC2 instances, RDS instances, Elastic Load Balancers, Lambda functions, Redshift clusters, ElastiCache, and more.

Key Features of Security Groups

1. During instance launch, one or more security groups can be specified. Default security group is used if not specified one.
2. Rules within a security group allow or deny traffic to/from associated instances. Rules can be modified at any time.
3. New rules are automatically applied to all instances associated with the security group.
4. When deciding to allow traffic to an instance, all rules from all security groups associated with the instance are evaluated.
5. By default, security groups allow all outbound traffic.
6. Security group rules are always permissive; you cannot create rules that deny access.
7. Security groups are stateful, meaning return traffic is automatically allowed based on existing connections.

Memorisation tips

1. Security Groups(Layer 3/4) as the gatekeepers to your building, letting in only people who knock on the right door and speak the right language (IP, port, protocol).
2. AWS WAF(Layer 7) as the security scanner at the front desk, checking for dangerous items or suspicious behavior after someone is allowed inside.

Auto Scaling groups(ASG)

Auto Scaling group helps ensure high availability by automatically managing and scaling instances to handle changes in demand or failure. Here's how it functions:

1. Health Monitoring: Continuously monitors the health of instances using Amazon EC2 health checks.
2. Instance Replacement: Automatically terminates the faulty instance and launches a new one to replace it.
3. Size Configuration: Auto Scaling groups allow you to define minimum, maximum, and desired capacity settings, which determine the limits and target size for the scaling actions.
4. Maintaining Desired Capacity: Configured with a desired capacity — the number of instances the group should maintain at any given time.
5. Scaling Policies: Automatically increase or decrease the number of instances based on specific metrics like CPU usage, network traffic, etc.
6. Multi-AZ Support: Auto Scaling supports deploying instances across multiple Availability Zones (AZs) within a single AWS region, ensuring high availability and fault tolerance.
7. Region Isolation: ASG cannot span multiple AWS regions. They are confined to a single region to ensure resources and scaling activities remain within that region.

Elastic IPs (EIP)

1. Static, public IPv4 address you allocate to your AWS account.
2. Remains yours until you release it.
3. Free only when associated with a running instance (charges if unused or associated with stopped instance).
4. Use for consistent IP across instance restarts.

ENI vs ENA

1. ENI (Elastic Network Interface) – Virtual network card, can attach/detach from instances, primary & secondary IPs.
2. ENA (Elastic Network Adapter) – High-performance networking up to 100 Gbps (Nitro instances).

EC2 Instance Lifecycle

1. Pending → Running → Stopping/Stopped → Terminated
2. Pending = booting; Stopped = billed for storage only; Terminated = gone forever (root volume deleted if default).
3. Hibernate pauses RAM to disk, skip boot.

Spot Instance Interruptions

1. AWS can reclaim with 2-minute warning.
2. Interruption options: Stop, Hibernate, or Terminate (choose at request).
3. Best for fault-tolerant, flexible workloads.

Launch Templates vs Launch Configurations

1. Launch Template – Newer, supports versioning, mixed purchase options, tagging, T2/T3 Unlimited, etc.
2. Launch Configuration – Legacy, no versioning, must recreate to change settings.

Auto Scaling Groups now recommend to use Launch Templates.

EC2 Hibernate

1. Saves RAM contents to EBS root volume when stopping.
2. On start, reloads state instantly (faster than boot).
3. Requires encrypted EBS root, supported instance families only.
4. Useful for long-running processes needing quick resume.

Nitro System

1. Modern AWS virtualization stack using dedicated hardware.
2. Benefits: better performance, higher networking/storage speeds, better security isolation.
3. Required for ENA/EFA, NVMe EBS.

Elastic Load Balancing with EC2

ELB distributes traffic across EC2s in multiple AZs. Health checks ensure traffic goes only to healthy instances. Types of ELB.

1. ALB – Layer 7 (HTTP/HTTPS, path/host-based routing).
2. NLB – Layer 4 (TCP/UDP, ultra-low latency, static IP).
3. GLB – Gateway Load Balancer (for appliance routing).