EC2（Elastic Compute Cloud）是一种弹性云计算服务，可为用户提供弹性可变的计算容量，通常用户可以创建和管理多个虚拟机，在虚拟机上部署自己的业务，虚拟机的计算能力（CPU、内存等）可以根据业务需求随时调整。
Elastic IP Addresses（弹性IP地址）– 弹性IP地址是为动态云计算设计的静态IP地址。一个弹性IP地址是和你的账户相关，而不是和你的一个特定实例相关。不像传统的静态IP地址，弹性IP地址可以通过重新匹配你的共有IP地址到你账户任意的实例，从而让你可以忽略实例或者可用区域的错误。连接本质上是通过NAT1:1的匹配每个Elastic IP和Private IP。
AWS DevOps Engineer Professional:这是专家级别的DevOps工程师考试，结合了助理级别的开发者考试和系统管理员考试的内容之外，还深入考察了一些实施和管理持续交付方法的能力。这门着重考察诸如CloudFormation,AutoScaling, Security, Elastic Beanstalk, OpsWork等组件。
AWS SysOps Administrator Associate：这门考试主要针对对象是那些AWS平台的系统管理员/运维人员，主要考察如何在AWS上部署、管理和运营高可用的系统。这门考试基本上涵盖了AWS Certified Solutions Architect –Associate的考试内容，再加上一些实际场景中的问题，而且个人感觉内容深度也要比前者要多一些。考题题干比较长，而且很多是多选题，答案选项都比较相似，经常需要用排除法才能选出正确的答案。
2019年10月22日AWS SAP-C01 大捷战报2019-10-23 11:37:32关注公众号：AWS爱好者 ... 标题用了大捷，900+分，算么？哈哈 经过自己的持续学习、不懈的努力于2019年10月22日北京拿下AWS SAP-C01 认证，在完成考试后看到屏幕上PASS的那一刻，在辛苦感觉也值得。...
经过自己的持续学习、不懈的努力于2019年10月22日北京拿下AWS SAP-C01 认证，在完成考试后看到屏幕上PASS的那一刻，在辛苦感觉也值得。哭泣
5、小茶的群 和 AWS爱好者 公众号，前者群里有非常热心的同学解答各种问题，后者公众号里有很多梳理后的知识点虽然不是完全针对考试，但是很多知识点有助于通过考试。
考试遇到的太多太多的题是关于 AWS Organizations 、迁移相关、怎么节省aws使用成本等等的题目了，比如：
1、提出了一个场景，让你规划账号体系，怎么安全并方便管理。涉及到的只是点就是 AWS Organizations，STS，角色，IAM等等
AWS认证题库202001042020-01-08 18:02:50关注云计算狂魔微信公众号，获取更多云计算认证题库 A call center application consists of a three-tierapplication using Auto Scaling groups to automatically scale resources asneeded. Users report that ...
A call center application consists of a three-tierapplication using Auto Scaling groups to automatically scale resources asneeded. Users report that every morning at 9:00 AM the system becomes very slowfor about 15 minutes. A Solution Architect determines that a large percentageof the call center staff starts work at
9:00 AM, so Auto Scaling does not have enough time to scaleout to meet demand.
How can the Architect fix the problem?
A. Change the Auto Scaling group’s scale out event to scalebased on network utilization.
B. Create an Auto Scaling scheduled action to scale out thenecessary resources at 8:30 AM every morning.
C. Use Reserved Instances to ensure the system has reservedthe right amount of capacity for the scale- up events.
D. Permanently keep a steady state of instances that isneeded at 9:00 AM to guarantee available resources, but leverage SpotInstances.
AWS学习笔记——Chapter4 Introduction to Amazon Elastic Compute Cloud2019-11-11 17:10:35Introduction to Amazon Elastic Compute Cloud 1. Benefits of Amazon EC2 Time to market Scalability Control Reliable Secure Multiple instance type Integration ...&n...
- Introduction to Amazon Elastic Compute Cloud
- 1. Benefits of Amazon EC2
- 2. Amazon EC2 Instance Types and Features
- 3. Steps for Using Amazon EC2
- 4. Pricing for Amazon EC2
- 5. Shared Tenancy, Dedicated Hosts, and Dedicated instances
- 6. Instance and AMIs
- 7. Instance Life Cycle
- 8. Connecting to an Instance
- 9. Security Group
- 10.Amazon Elastic Container Service (ECS)
Time to market
Multiple instance type
Instance Type: determines the hardware of the host computer used for your instance.
Two types of instances in EC2 ecosystem: current-generation instances, previous-generation instances.
Current-generation: contain the latest of everything (eg. the latest version of chipsets, memory, processor…)
Previous-generation: consist of the machines that are one or two generations older than the current one.
Instance types can be broadly divided into the following categories: general purpose, compute optimized, memory optimized, storage optimized, advanced computing.
Provide a balance of computer memory and network resources and are a pretty good choice for many applications.
T2: provide burst performance, suitable for workloads that do not use full CPU utilization, such as web server, development environments …
M5, M4 and M3: don’t provide burstable performance, can be used for building websites, development environments, build servers, code repositories, microservices, test and staging environments and so on.
Used for the application or workload that is heavy on compute, such as media transcoding, applications supporting a large number of concurrent users, long-running batch jobs, high-performance computing, gaming servers and so on.
Used for the workload that has a lot of memory requirements like memory databased, such as a SAP HANA or Oracle database in-memory, NoSQL databases like MongoDB and Cassandra, big data processing engines like Presto or Apache Spark, high-performance computing (HPC) and Electronic Design Automation (EDA) applications, Genome assembly and analysis, and so on.
Used for the workloads that require high sequential read and write access to very large data sets on local storage, such as running a relational database that is I/O bound, running an I/O-bound application, NoSQL databases, data warehouse applications, MapReduce and Hadoop distributed caches for in-memory databased like Redis and so on.
Used for high-processing computing requirements, such as machine learning algorithms, molecular modeling, genomics, computation of fluid dynamics, computational finance and so on.
EC2 instances use an Intel processor, so they use all the processor features that
EC2-Classic: the original release of EC2, instances run in a single, flat network that is shared with other customers.
Now all accounts are automatically enabled with the default Amazon VPC.
A placement group / cluster networking: a logical grouping of instances within a single AZ, can provide the benefit of low-latency or high-network throughput.
R4, X1, M5, M4, C5, C4, C3, I2, P3, P2, G3 and D2 instances support cluster networking.
A placement group cannot span multiple AZs.
· Use the same type of instance in a placement group.
· To get the maximum benefit for the placement group, should choose an instance type that supports “enhanced networking”.
The block storage that you attach along with the EC2 instance is known as Elastic Block Storage (EBS).
Some EC2 instances include a local disk in the physical hardware, which is known as an instance store.
Three types of volumes:
A general-purpose EBS volume: backed up by solid-state drives.
A provisioned IOPS-based EBS volume: maximize the I/O throughput.
A magnetic hard drive: provide the lowest cost per gigabyte.
(1) Select a preconfigured Amazon Machine Image. You can also create your custom AMI and later use that to launch an instance.
(2) Configure the networking and security (VPC, public/private subnet …)
(3) Choose the instance type
(4) Choose the AZ, attach EBS and optionally choose static EIP
(5) Start the instance and you are all set
The instances are divided into three categories from a pricing perspective: On-demand instance, Reserved instance, Spot instance.
The most popular pricing model.
Pay just for the usage on a flat hourly rate or per-second billing.
No up-front costs or hidden costs or anything else.
A reserved instance is ideal when you know your application has a pretty steady state or is predictable in terms of performance. (how many resources your workload is going to take and for how long)
Compared to an on-demand instance, a reserved instance provides up to a 75 percent discount.
Time options: either one-year or three-year commitment.
Payment options: all up-front costs, partial up-front costs, no up-front costs.
Two subcategories: standard reserved instance, convertible reserved instance.
The convertible reserved instance provides better flexibility if your compute requirement changes over the given period of time. It is only for three-year commitment.
Standard and convertible reserved instances can be purchased to apply to instances in a specific availability zone or to instances in a region.
Bid for the unused capacity and create the instance.
The spot price fluctuates based on supply and demand, and if someone overbids, you then lose the instance at a very short notice.
Spot instances are great for running non-mission-critical projects. Often customers add a few spot instances along with on-demand instances to provide additional horsepower.
EC2 runs on a virtualized environment, therefore, it is possible that on the same physical machine another customer might be running a different EC2 instance.
Sometimes, because of some compliance requirement, you may have to segregate your instances even at the physical level. Dedicated hosts and dedicated instances solve this problem.
Default behavior when you launch an EC2 instance. You run the EC2 instances on multitenant hardware.
A physical server exclusively assigned to you.
Dedicated hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server.
The EC2 instances run on single-tenant hardware.
Dedicated instances are Amazon EC2 instances that run in a virtual private cloud on hardware that’s dedicated to a single customer.
An AMI is a blueprint that has all the details of the software configuration of the server that you are going to launch in the Amazon Cloud.
The AMI contains a blueprint about the root volume for the instance, and the root volume contains information about the operating system and various other software running on top of the operating system.
Launch permission information that controls what AWS account can use the AMI to launch the instance.
Public: grant launch permissions to all AWS accounts.
Explicit: grant launch permissions to specific AWS accounts.
Implicit: have implicit launch permission for an AMI.
When EC2 is launched initially, all the root devices used to get launched from S3 since the instance root used to be backed up at S3.
If you launch an instance that is backed up by instance store, then when the instance is launched, the image that is used to boot the instance is copied to the root volume.
As long as the instance is running, all the data in the instance store volume persists, but whenever the instance is terminated, all the data is gone. The instance store-backed instances do not support the stop action, so you can’t stop the instance. The only exception is when the instance is rebooted, data in the instance store persists.
It is important that you should back up your data to a persistent storage regularly and/or on your instance stores across multiple AZs.
Also, you can’t detach an instance store volume from one instance and re-attach it to a different instance.
When the instance is launched, the root device for the instance is launched from the EBS volume, which is created from an EBS snapshot.
If you launch an instance that is backed up any Amazon EBS-backed instance, the =data always persists. Even if the instance terminates or fails, you don’t lose data. These instances also support the stop action.
Since the instance root volume runs out of an EBS volume, you can even attach the root volume of your instance to a different running instance for debugging or any other purpose, such as changing the size of instance or modifying the properties of the instance.
From AWS publisher, community, AWS Marketplace …
An AMI is a regional resource. If you want to share an AMI to a different region, you need to copy the AMI to a different region and then share it.
Linux AMI use one of two types of virtualization: Hardware Virtual Machine (HVM), Paravirtual (PV) (半虚拟化).
The difference between them is how they boot and how they take advantage of the hardware extensions in the context of CPU, memory and storage to provide better performance.
HVM AMI executes the master boot records of the root block device and then presents a fully virtualized set of hardware to the operating system. As a result, the operating system runs directly on top of the VM as it is without any modification similar to the way it runs on a bare-metal hardware.
The performance becomes really fast since HVM guests can take full advantage of all the hardware extensions that provide fast access to the underlying hardware on the host system.
All current-generation instance types support HVM AMIs. The CC2, CR1, HI1, and HS1 previous-generation instance types support HVM AMIs.
PV AMIs boot with a boot loaded called PV-GRUB. It starts the boot cycle and loads the kernel specified in the menu.lst file on your image. Paravirtual guests can run on host hardware that does not have explicit support for virtualization. But unfortunately, they can’t really take advantage of special hardware extensions that HVM can take such as enhanced networking or GPU processing and so on.
The C3 and M3 current-generation instance types support PV AMIs. The C1, HI1, HS1, M1, M2, and T1 previous-generation instance types support PV AMIs.
Amazon recommends you use an HMV image to get the maximum performance when you launch
When you launch an instance, immediately it enters into the “pending” state.
Before starting the instance, a few health checks are performed to make sure that there are no issues with the hardware and the instance can come online without any issues.
Once the instance is up and running and is ready for you, it enters into the “running” state.
As soon as it is in the running state, the instance is ready for all practical purposes, and you can connect to it and start using it. At this moment, the billing starts.
If health check fails, the instance does not get started. → You can either start a new instance or try to fix the issue.
If there are no issues with the health check, the instance starts normally. → You can start using it thereafter.
You can stop an instance only if it is backed up by an EBS-backup instance. You can’t stop an instance backed by an instance store.
When you stop your instance, it enters the “stopping” state and then the “stopped” state.
You can reboot an instance that is either backed up by instance store or backed by EBS.
All the data is saved after the reboot. The IP address, machine type, and DNS name all remain the same after the reboot.
You can reboot the instance either via the Amazon console or via CLI and API calls.
If you do not need the instance anymore, you can terminate it.
As soon as you terminate the instance, you will see that the status changes to “shutting down” or “terminated”.
If the instance has termination protection enabled, you may have to perform an additional step, or you may have to disable termination protection to terminate the environment.
The Amazon EBS volume supports the “DeleteOnTermination” attribute, which controls whether the volume is deleted or preserved when you terminate the instance. The default behavior is to delete the root device volume and preserve any other EBS volumes.
When AWS determines there is an irreparable hardware failure that is hosting the instance, then the instance is either retired or scheduled to be retired.
If the instance is a backed EBS volume, you have all the data stored in the EBS volume.
If the instance’s root volume is backed up by the instance store, you must take the backup of all the files stored in the instance store before it gets terminated or you will lose all the data.
It will be assigned a public IP address and public DNS name via which you can reach the instance from the Internet and a private IP address and private DNS. If you choose the IPv6 address, it will be allocated a public IPv6 IP address as well.
Public DNS Name: automatically create; stay with the instance for its tenure; cannot change.
Public IP Address: automatically create; unique; cannot modify; persist for the life span of the instance; cannot associate the same public IP address in any other server even if you terminate an instance; if you want to associate an IP address from one server to another, you can do it via an elastic IP address.
It will be allocated a private IP address and a private DNS.
To connect to an instance, the console prompts you to download a private key in your local machine and then change the permission in it.
Amazon EC2 uses the public-private key concept used in cryptography to encrypt and decrypt the login information.
A security group acts as a virtual firewall that controls the traffic for one or more instances.
By default, security groups allow all outbound traffic;
Can’t change the outbound rules for an EC2-Classic security group;
Security group rules are always permissive, can’t create deny access rules;
Security group are stateful. (If you send a request from your instance, the response traffic for that request is allowed to flow in regardless of the inbound security group rules.)
Can add and remove rules at any time, the changes are automatically applied.
When you associate multiple security groups with an instance, the rules from each security group are effectively aggregated to create one set of rules.
Protocol: the most common protocols are 6 (TCP), 17 (UDP) and 1 (ICMP).
Port range: For TCP, UDP or a custom protocol, you can specify a single port number or a range of port numbers.
ICMP type and code
Source or destination: the source(inbound rules) or destination (outbound rules) for the traffic. Specify one of these options: an individual IPv4 address, (VPC only) an individual IPv6 address, a range of IPv4 addresses, (VPC only) a range of IPv6 addressed, another security group, the current security group.
Amazon Elastic Container Service (ECS) is a container management service that allows you to manage Docker containers on a cluster of Amazon EC2.
Containers are similar to hardware virtualization (like EC2), but instead of partitioning a machine, containers isolate the processes running on a single operating system. (容器类似于硬件虚拟化（如EC2），但是容器不对计算机进行分区，而是隔离在单个操作系统上运行的进程。)
You can use the OS kernel to create multiple isolated user space processes that can have constraints on them like CPU and memory. (可以使用OS内核创建多个隔离的用户空间进程，这些进程可能会对它们产生约束，如CPU和内存。)
These isolated user space processes are called containers.
Containers enable the concept of microservices.
Benefits of running containers on Amazon ECS:
· Eliminates cluster management software. (No need to install any cluster management software).
· Easily manage clusters for any scale.
· Can design fault-tolerant cluster architecture.
· Can manage cluster state using Amazon ECS.
· Can easily control and monitor the containers seamlessly.
· Can scale from one to tens of thousands of containers almost instantly.
· ECS gives you the ability to make good placement decisions about where to place your containers.
· ECS gives you the intel about the availability of resources (CPU, memory).
· At any time, you can add new resources to the cluster with EC2 Auto Scaling.
· It is integrated with other services such as Amazon Elastic Container Registry, ELB, EBS, Elastic Network Interfaces, VPC, IAM and CloudTrail.
使用VPC终端节点策略控制对服务的访问2021-04-02 12:54:48关注公众号：AWS爱好者（iloveaws） 文 | 沉默恶魔（禁止转载，转载请先经过作者同意） ... Hello大家好，欢迎来到《AWS解决方案架构师认证 Professional(SAP)中文视频培训课程》，我们今天的课程内容为：使用VPC 终端...
AWS中负载均衡器类型2020-06-30 10:18:27关注公众号：AWS爱好者（iloveaws） 文 | 沉默恶魔（禁止转载，转载请先经过作者同意） ... Hello大家好，欢迎来到《AWS解决方案架构师认证 Professional(SAP)中文视频培训课程》，我们从今天开始介绍AWS的负载均衡器...