Here are my notes from my AWS Solutions Architect Exam preparation. Before we get into the details of the AWS Certified Solutions Architect content, let’s get a brief introduction of AWS itself.
What is AWS?
AWS (Amazon Web Services) is a Cloud Provider, much like Google Cloud. AWS helps organizations large and small to quickly scale up and scale down their resources for storage, computing, and networking based on their demand with minimal upfront costs. The popular streaming company, Netflix, uses AWS to manage video streams for their global customer base.
What is AWS Management Console?
AWS Management Console is the interface in your AWS account where you can find and locate all the AWS services in one place. For convenience, there is a search bar at the top where you can type and look for a service, product or feature.
AWS Regions and Availability Zones
What is an AWS Region?
AWS has their products and services divided by regions. A region is simply a geographical area where AWS has infrastructure such as a cluster of data centers. A region IDs are used to identify those regions. Region IDs look like this: US West (N. California) with a code us-west-1.
You can choose a region from the menu bar on top, on the right hand side, in the AWS console.
While some AWS services are global (i.e. independent of region), most AWS services are region scoped. In general, depending on the AWS service you want to use, choosing a region closest to you (or your customers) will result in lower latency and lower costs.
What is an AWS Availability Zone (AZ)?
An AWS Availability Zone (or AZ) is a sub-division of an AWS Region. In other words, multiple Availability Zones make up a region. There are generally anywhere between 2 and 6 AZ per region. The Availability Zones are connected to each other with ultra-low latency networking. However, they are isolated from each other from a disaster management perspective, i.e. if one AZ goes down, the other AZ’s in the region are not directly impacted.
In the region US East (N. Virginia) us-east-1 there are 6 Availability Zones.
The AZs are named similar to regions, with a letter attached to the end of the region name. Hence, the 6 AZs on us-east-1 are name us-east-1a, us-east-1b, us-east-1c, us-east-1d, us-east-1e, and us-east-1f.
What is the difference between an AWS Region and AWS Availability Zone?
An AWS Availability Zone is a smaller ‘building block’ of the AWS region. It takes 2-6 AZ’s to make up an AWS region. From a nomenclature perspective, an AWS region name ends in a number (for example, us-east-1) while and AWS AZ name ends in a letter (for example, us-east-1a, us-east-1b etc.)
AWS EC2 (Elastic Compute Cloud) – Virtual Servers in the Cloud
AWS Architect should know about the popular products and services available in the world of AWS to create optimal architectural solutions. One of the most important product is the AWS EC2.
What is EC2 on AWS?
Elastic Compute Cloud (hence, ECC -> EC2) is a very popular AWS service. With EC2, you can rent a virtual machine, store data, install a server, and perform computations on it. All within a matter of a few minutes.
EC2 is region scoped, so to create an EC2 instance, you will have to choose a region in which you want the EC2 instance. Many EC2 resources are Free Tier eligible. AWS makes it easy for the user to identify them. For example, in screenshot below, while creating and EC2 instance, in the first step the Amazon Linux 2 AMI is marked as ‘Free Tier Eligible’.
How do I connect to my AWS EC2 instance?
There are multiple ways of accessing the EC2 instance.
- If using Mac, you can use SSH (Secure Shell) to get into your instance.
- If using Windows, you can either SSH (Windows 10) or use Putty to access your EC2 instance.
- You can use the ‘Instance Connect’ on AWS Management Console irrespective of operating system.
Remember that SSH access requires a ‘key pair’ and SSH access (PORT 22) allowed in the security group of the EC2 instance.
Instance Connect works without any additional set up on Amazon Linux 2, using a temporary key pair that AWS generates for you automatically, i.e. you don’t need to download and upload the key pair.
What are Security Groups?
The Security Groups are a mechanism to control access to ports on EC2 instances. Security Groups can be leveraged to control access to EC2 for only a select range of IP addresses. A security group can be attached to multiple EC2 instances and one security group can reference other security groups for setting permissions.
By default, all inbound traffic coming into the EC2 is blocked, and all outbound traffic from EC2 is allowed.
What is timeout error?
If the security group settings of the EC2 do not allow the user to access the EC2 instance, the user gets ‘timeout error’
What is chmod0400?
While doing SSH into the EC2 instance, there is an error ‘bad permissions’, ‘permission 0644: permissions too open’ error that stops the access. chmod 0400 is used to override it and access the machine.
What is AMI on AWS?
An Amazon Machine Image or AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance.
Some of the AMIs eligible for Free Tier are the following: Amazon Linux 2 AMI, Red Hat Enterprise Linux 8, Ubuntu Server 20.04 LTS etc.
Can AMI be shared?
Yes, AMI can be shared with another account.
To copy an AMI with an associated billingproduct code, the user needs to use the shared AMI to first launch an EC2 instance in new account, then from that EC2 instance create an AMI.
What is EC2 User Data?
When an instance first starts, there are some commands that can be given to it. These commands run from the ‘root user’ account. EC2 user data can be used to trigger some tasks, such as installing software applications or updating them, during the machine boot when the machine starts for the FIRST time.
The EC2 User Data can be entered while configuring the EC2 Instance (see below).
What are the types of EC2 instances?
There are many instance families, the important ones are listed below with good use cases.
- T family– T2/T3 are burst-able instances i.e. their compute power can be increased for short durations of time.
- C family– good for use cases that need high computing power and databases
- G family– good for use cases that need high graphics processing, such as video editing and machine learning.
- M family- good for a balanced use case of compute and RAM requirements. It’s a middle-of-the-road solution.
- R family- good for use cases that required high RAM capacities for caching.
Can I Set up a Dedicated EC2 Instance?
EC2 instances can be set up in multiple ways – dedicated, reserved, spot, or on-demand.
On Demand EC2 Instance
This is a pay-as-you-go pricing model, with no upfront payments or commitments.
Spot EC2 Instance
Spot instances are much like On-demand instances with no commitments, the difference being that prices are variable and someone can out-bid you for the same spot instance (even while you are using it). Understandably, even though it brings cost savings, this is not a good solution for critical jobs.
Reserved EC2 Instance
Reserved instances require a time commitment of at least 1 year. Due to the long-term commitment, there are cost savings on reserved instances as compared to ‘on-demand’ instances. There is also an option to create scheduled reserved instances if you anticipate the instance will be used during a particular time of the day, week, or month.
Dedicated EC2 Instance
An EC2 instance is dedicated to you, but the hardware server on which the instance is running can be shared with other EC2 instances.
Dedicated EC2 Host
A dedicated physical EC2 server, reserved for you for a period of 3 years. Your hardware will not be shared with other instances (that you do not want). A good use case is when you have strong compliance needs and need super visibility into the sockets and cores of the server. Understandably this is a very expensive option.
Should I Set up a Reserve, Dedicated, On Demand or Spot Instance?
Let’s understand the difference with an analogy. Say, you want to go to a gym and run on a treadmill. The gym has multiple membership options and some options for non-members as well.
On demand booking treadmill
You do not pay a fixed monthly or annual membership fee. You go to the gym as and when desired, use it for a couple of hours, pay per hour charge, and come back without any further commitments of using the gym again. The gym charges you $20 per hour.
Effective Cost $20/hour.
This is similar to On-Demand Instance.
Spot booking treadmill
You do not pay a fixed membership fee, but you are not too keen on using the treadmill at a particular hour. On a tight budget, you are willing to wait for any treadmill to be available so that you can use it at a heavily discounted rate (say $4 per hour instead of $20 as in option 1 above). You are ALSO okay to leave the treadmill as and when someone else outbids you to use the treadmill.
Effective Cost $4/hour.
This is similar to Spot Instance.
You are disciplined with your cardio, and you know that you will be using the treadmill very regularly (say, 4 hours every week, 6-8 pm on Wednesdays and Fridays). You can buy the annual subscription, and that will bring your cost down to effectively about $8 per hour of treadmill usage.
Effective Cost $8/hour.
This is similar to Reserved Instance.
Treadmill in a dedicated area
For some reason, you like a particular treadmill section, closest to the glass windows and near the largest screen gym television. You always want a treadmill in that area. Other people can also use treadmills in the area, but when you come, you want to make sure you always a treadmill in that area.
Effective Cost $30/hour.
This is similar to Dedicated Instance.
Dedicated treadmill in dedicated area
You are a VIP and have to take your security issues seriously. You want to be sure that your treadmill is in a secure area that is NOT used by anyone else. Maybe in a private room dedicated just to your treadmill. You ask the gym to operate the treadmill for you, but they cannot let anyone else use the area or put other treadmills that you do not want.
Effective Cost $50/hour.
This is similar to Dedicated Host.
What is a Spot Fleet?
As the name suggests, a spot fleet is a collection (fleet) of spot instances. This can be a good strategy to meet the computation power requirements within a given budget.
What is a burst-able instance?
A burst-able instance can increase its processing power to handle spikes in processing requirement. T2 and T3 machines are burst-able. A user gets ‘burst credits’ to use when required, and when the credits are gone then the instance will not increase its processing power to handle another spike.
Is EC2 region locked?
Yes, EC2 is region locked.
Is EC2 free to use?
Yes, there is a free tier available on EC2.
What are EC2 Placement Groups?
EC2 placement groups determine how your EC2 instances are organized within the AWS infrastructure. There are three placement groups available.
- Cluster: EC2 instances are in the same rack, in the same Availability Zone. Benefits – Low latency, high speed.
- Partition: EC2 instances can be placed into a partition groups, up to max 7 partitions per AZ. Each partition comprises multiple instances. One rack may have multiple EC2 instances in the same partition, but one rack will not have EC2 instances from another partition. A hardware failure is contained within the partition.
- Spread: A small number of critical EC2 instances can be spread across multiple AZ, with a limit of max 7 instances per AZ. Benefits – More resilient to failure.
What is an Elastic Network Interface (ENI)?
An Elastic Network Interface is often referred to as simply ‘Network Interface’ in the world of AWS. An elastic network interface is a logical networking component in a Virtual Private Cloud (VPC) that represents a virtual network card. It can include the following attributes:
- A primary private IPv4 address from the IPv4 address range of your VPC
- One or more secondary private IPv4 addresses from the IPv4 address range of your VPC
- One Elastic IP address (IPv4) per private IPv4 address
- One public IPv4 address
- One or more IPv6 addresses
- One or more security groups
- A MAC address
- A source/destination check flag
- A description
You can create and configure ENI’s in your account in a specific Availability Zone and attach them to instances.
Public IP vs Private IP vs Elastic IP
Public IP is used to identify a machine on the internet, hence a public IP must be unique on the entire web.
Private IP must be unique across its private network. Machines on two different private networks CAN have the same private IP. A private IP can be used to identify a machine only within the private network.
Elastic IP is a public IP that can be attached to an EC2 instance. Generally, when you stop and restart an EC2 instance, its public IP changes. An elastic IP can be attached to EC2 and can be used to identify the same EC2 instance even if it stopped and restarted.