IAM and EC2 are two of the most basic services you need to know to control and use AWS technologies.
First of all, it is important to understand Regions and Availability!
Regions and Availability Zones
All services in AWS, except IAM and S3, are separated per region, which is a physical location around the world that is a cluster of Availability Zone(Data Center). One important thing to know is that Regions and Availability Zones(AZ) are identified by numbers and letters. Regions are finished by numbers and AZ is finished by letters.
IAM - Identity & Access Management
When we start to talk about IAM, one of the most important things to know is about Policy, which defines what is allowed and what is not allowed.
Policies can be associated with Users, Groups, or specific roles. AWS provides a lot of predefined policies but is possible to create a new one with specific assignments.
For companies that already have a set of credentials, it is possible to use the IAM Federation that connects the Active Directory with IAM.
EC2 - Elastic Compute Cloud
EC2 allows the user to create an instance allocated in one AZ. Through EC2 you don't need to worry about hardware anymore. In each instance, the user can configure the CPU, Memory, Regions, and AZ. There are a few functionalities very interesting, such as:
EC2: Rent of virtual machines
EBS: Storage of data in virtual disks
ELB: Distribution of traffic between virtual machines
ASG: Autoscaling
AWS provides some pre-configured instances, known as Amazon Machine Images(AMIs).
EC2::Security Group
To launch an instance you need to configure the security group that defines if the data can reach the instance or not.
Security groups work as a firewall, any data attended to the instance is intercepted by the security group and inf the source is allowed, the data can continue the route to the instance.
Important to know:
- Can be associated with many instances
- All the data is intercepted before reaches the instance
- For standard: All input data is blocked
- For standard: All output data is allowed
EC2::Elastic IP
When we stop an EC2 instance the public IP can change. This can cause problems. To have a static public IP is necessary to use Elastic IP.
Important to know:
- It is not indicated to use Elastic IP for production. Indicates a low-quality architecture solution.
- Indicated use of Load Balance
- Can be associated with one instance at a time
EC2::User Data
When you launch an instance for the first time, you may want to prepare a basic environment by updating packages, downloading files from the internet, or installing some applications. This is possible by using User Data in a specific area where you can write the command and when the instance is launched for the first time, the commands will be executed.
Important to know:
- The commands are executed as admin
- The commands are executed only one time(When you launch for the first time)
EC2::Types of Intances
On Demand:
- Short-time projects
- Pays only for what is used
- High Cost
- Without contract, you can finish in any moment
- Indicated only for development
Reserved:
- Long-time project
- Payment in advance
- Reservation for 1 to 3 years
- Stable applications
Spot:
- Short-time projects
- Very cheap
- Work as a public sale, if you win, you will have the right to use the instance until someone pay more
- If someone pay more, aws only gives 2 minutes and them the instance will be finished
- Indicated for projects that accept interruptions
Dedicated:
- A dedicated hardware
- Can share instances with other that own the same account
- No placehold control ( If you shutdown the instance the hardware can change)
Dedicated Host:
- Dedicated Hardware
- Control of placement
- Access to hardware configuration
- Very expesinve
Thank you for reading. Happy Cloud Computing!
Top comments (0)