§ EC2 provides secure, resizable compute capacity.
§ Gives you complete control of your computing resources
  including choice of storage, processor, networking and
  operating system.
§ Allows you to increase/decrease capacity in minutes
§ You need to create a key pair — public & private for
  asymmetric encryption.
§ The EC2 Root volume is a virtual disk where the OS is
  installed, it can only be launched on SSD or Magnetic.
§ Termination protection is turned off by default (turn on to
  make sure user doesn’t accidentally terminate instances)
§ On an EBS backed instance, the root EBS volume is
  deleted when the instance is terminated
§ Bootstrap scripts are code that gets ran as soon as your
  EC2 instance first boots up.
§ Infrastructure as a Service (IaaS) - virtual machine on the cloud    § Elastic Compute Cloud – EC2 provides s calable
                                                                         computing capacity in AWS
§ You must provision nitro-based EC2 instance to achieve 64000
  EBS IOPS. Max 32000 EBS IOPS with Non-Nitro EC2.                     § eliminates the need to invest in hardware upfront, so
                                                                         applications can be developed and deployed faster.
§ When you restart an EC2 instance, its public IP can change. Use
  Elastic IP to assign a fixed public IPv4 to your EC2 instance. By    § can be used to launch as many or as few virtual servers as
  default, all AWS accounts are limited to five (5) Elastic IP           you need, configure security and networking, and manage
  addresses per Region.                                                  storage.
§ Get EC2 instance metadata such as private & public IP from           § enables you to scale up or down to handle changes in
  http://169.254.169.254/latest/meta-data and user-defined data          requirements or spikes in popularity, reducing the need to
  from http://169.254.169.254/latest/user-data                           forecast traffic.
§ Place all the EC2 instances in same AZ to reduce the data transfer   § Even the user can dismantle the virtual device once its
  cost                                                                   task is completed and it is no more required. For
                                                                         providing, all these scalable resources AWS charges some
§ EC2 Hibernate saves the contents of instance memory (RAM) to           bill amount at the end of every month, the bill amount is
  the Amazon EBS root volume. When the instance restarts, the            entirely dependent on your usage.
  RAM contents are reloaded, brings it to last running state, also
  known as pre-warm the instance. You can hibernate an instance        § EC2 provides you to rent virtual computers.
  only if it’s enabled for hibernation and it meets the hibernation
  prerequisites                                                        § The provision of servers on AWS Cloud is one of the
                                                                         easiest ways in EC2. EC2 has resizable capacity. EC2
§ Use VM Import/Export to import virtual machine image and               offers security, reliability, high performance, and cost-
  convert to Amazon EC2 AMI to launch EC2 instances                      effective infrastructure so as to meet the demanding
                                                                         business needs.
§ Amazon EC2 provides the developers with the tools to build          § Deploying Application: In the AWS EC2 instance, you can
  resilient applications that isolate themselves from some              deploy your application like .jar,.war, or .ear application
  common scenarios.                                                     without maintaining the underlying infrastructure.
§ EC2 is an on-demand computing service on the AWS cloud              § Scaling Application: Once you deployed your web
  platform. Under computing, it includes all the services a             application in the EC2 instance know you can scale your
  computing device can offer to you along with the flexibility          application based upon the demand you are having by
  of a virtual environment.                                             scaling the AWS EC2-Instance.
§ It also allows the user to configure their instances as per their   § Deploying The ML Models: You can train and deploy your
  requirements i.e. allocate the RAM, ROM, and storage                  ML models in the EC2-instance because it offers up to 400
  according to the need of the current task.                            Gbps), and storage services purpose-built to optimize the
§ Amazon EC2 is a web service that provides resizable                   price performance for ML projects.
  compute capacity in the cloud.                                      § Hybrid Cloud Environment: You can deploy your web
§ Amazon EC2 reduces the time required to obtain and boot               application in EC2-Instance and you can connect to the
  new user instances to minutes rather than in older days, if           database which is deployed in the on-premises servers.
  you need a server then you had to put a purchase order, and         § Cost-Effective: Amazon EC2-instance is cost-effective so
  cabling is done to get a new server which is a very time-             you can deploy your gaming application in the Amazon
  consuming process. Now, Amazon has provided an EC2                    EC2-Instances
  which is a virtual machine in the cloud that completely
  changes the industry.
§ You can scale the compute capacity up and down as per the
  computing requirement changes.
§ Amazon EC2 is a web service that provides resizable
  compute capacity in the cloud.
§ Amazon EC2 reduces the time required to obtain and boot
  new user instances to minutes rather than in older days, if
  you need a server then you had to put a purchase order,
  and cabling is done to get a new server which is a very
  time-consuming process. Now, Amazon has provided an
  EC2 which is a virtual machine in the cloud that
  completely changes the industry.
§ You can scale the compute capacity up and down as per
  the computing requirement changes.
§ Amazon EC2 changes the economics of computing by
  allowing you to pay only for the resources that you
  actually use. Rather than you previously buy physical
  servers, you would look for a server that has more CPU
  capacity, RAM capacity and you buy a server over 5 year
  term, so you have to plan for 5 years in advance. People
  spend a lot of capital in such investments. EC2 allows you
  to pay for the capacity that you actually use.
Amazon EC2 console
§ Amazon EC2 console is the web-based user interface that
  can be accessed from the AWS management console
AWS Command line Interface (CLI)
§ Provides commands for a broad set of AWS products, and
  is supported on Windows, Mac, and Linux.
Amazon EC2 Command Line Interface (CLI) tools
§ Provides commands for Amazon EC2, Amazon EBS, and
  Amazon VPC, and is supported on Windows, Mac, and
  Linux
AWS Tools for Windows Powershell
§ Provides commands for a broad set of AWS products for
  those who script in the PowerShell environment
AWS Query API
§ Query API allows for requests are HTTP or HTTPS requests that
  use the HTTP verbs GET or POST and a Query parameter named
  Action
AWS SDK libraries
§ AWS provides libraries in various languages which provide basic
  functions that automate tasks such as cryptographically signing
  your requests, retrying requests, and handling error responses
§ ON DEMAND
§ RESERVED
§ SPOT INSTANCE
§ DEDICATED HOST
§ It allows you to pay a fixed rate by the hour or even by the
  second with no commitment.
§ Linux instance is by the second and windows instance is
  by the hour.
§ On Demand is perfect for the users who want low cost
  and flexibility of Amazon EC2 without any up-front
  investment or long-term commitment.
§ It is suitable for the applications with short term, spiky or
  unpredictable workloads that cannot be interrupted.
§ It is useful for the applications that have been developed
  or tested on Amazon EC2 for the first time.
§ On Demand instance is recommended when you are not
  sure which instance type is required for your performance
  needs.
§ The On-Demand instance is like a pay-as-you-go model where          • Pay for the instances and the compute capacity used by
  you have to pay only for the time you are going to use if the         the hour or the second, depending on which instances you
  instance is stopped then the billing for that instance will be        run
  stopped when it was in the running state then you are going to be
  charged. The billing will be done based on the time EC2-            • No long-term commitments or up-front payments
  Instance is running.                                                • Instances can be scaled accordingly as per the demand
§ With On-Demand Instances, you pay for compute capacity by           • Although AWS makes effort to have the capacity to
  the second with no long-term commitments. You have full               launch On-Demand instances, there might be instances
  control over the instance's lifecycle—you decide when to launch,      during peak demand where the instance cannot be
  stop, hibernate, start, reboot, or terminate it.                      launched
§ There is no long-term commitment required when you purchase         • Users that want the low cost and flexibility of EC2
  On-Demand Instances. You pay only for the seconds that your           without any up-front payment or long-term commitment
  On-Demand Instances are in the running state, with a 60-second
  minimum. The price per second for a running On-Demand               • Applications with short term, spiky, or unpredictable
  Instance is fixed, and is listed on the Amazon EC2 Pricing            workloads that cannot be interrupted
§ We recommend that you use On-Demand Instances for                   • Applications being developed or tested on EC2 for the
  applications with short-term, irregular workloads that cannot be      first time
  interrupted.
§ It is a way of making a reservation with Amazon or we
  can say that we make a contract with Amazon. The
  contract can be for 1 or 3 years in length.
§ In a Reserved instance, you are making a contract means
  you are paying some upfront, so it gives you a significant
  discount on the hourly charge for an instance.
§ It is useful for applications with steady state or predictable
  usage.
§ It is used for those applications that require reserved
  capacity.
§ Users can make up-front payments to reduce their total
  computing costs. For example, if you pay all your
  upfronts and you do 3 years contract, then only you can
  get a maximum discount, and if you do not pay all
  upfronts and do one year contract then you will not be
  able to get as much discount as you can get If you do 3
  year contract and pay all the upfronts.
§ Reserved Instances provides lower hourly running costs by            § Reserved Instances do not renew automatically, and the
  providing a billing discount (up to 75%) as well as capacity           EC2 instances can be continued to be used but charged
  reservation that is applied to instances and there would never be      On-Demand rates
  a case of insufficient capacity
                                                                       § Auto Scaling or other AWS services can be used to launch
§ Discounted usage price is fixed as long as you own the Reserved        the On-Demand instances that use the Reserved Instance
  Instance, allowing compute costs prediction over the term of the       benefits
  reservation
                                                                       § You pay for the entire term, regardless of the usage
§ Reserved instances are best suited if consistent, heavy, use is
  expected and they can provide savings over owning the                § Once purchased, the reservation cannot be canceled but
  hardware or running only On-Demand instances.                          can be sold in the Reserved Instance Marketplace
§ Applications with steady state or predictable usage                  § Reserved Instance pricing tier discounts only apply to
                                                                         purchases made from AWS, and not to the third party
§ Applications that require reserved capacity                            Reserved instances
§ Users are able to make upfront payments to reduce their total
  computing costs even further
§ Reserved instance is not a physical instance that is launched, but
  rather a billing discount applied to the use of On-Demand
  Instances
§ On-Demand Instances must match certain attributes, such as
  instance type and Region, in order to benefit from the billing
  discount.
§ Reversed Instance is like you are going to give the           Convertible Reserved Instances
  commitment to the AWS by buying the instance for one          § It provides a discount of up to 54% off on demand.
  year or more than one year by the requirement to your
                                                                § It provides the feature that has the capability to change the
  organization. Because you are giving one year of                attributes of RI as long as the exchange results in the
  Commitment to the AWS they will discount the price on           creation of Reserved Instances of equal or greater value.
  that instance.                                                § Like Standard Reserved Instances, it is also useful for the
§ Reserved Instances provide you with significant savings         steady state applications.
  on your Amazon EC2 costs compared to On-Demand                Scheduled Reserved Instances
  Instance pricing. Reserved Instances are not physical         § Scheduled Reserved Instances are available to launch
  instances, but rather a billing discount applied to the use     within the specified time window you reserve.
  of On-Demand Instances in your account. These On-
                                                                § It allows you to match your capacity reservation to a
  Demand Instances must match certain attributes, such as         predictable recurring schedule that only requires a fraction
  instance type and Region, in order to benefit from the          of a day, a week, or a month.
  billing discount.                                             § AWS does not have any capacity available for Scheduled
Standard Reserved Instances                                       Reserved Instances or any plans to make it available in the
                                                                  future. To reserve capacity, use On-Demand Capacity
§ It provides a discount of up to 75% off on demand. For          Reservations instead
  example, you are paying all up-fronts for 3 year contract.    § Charges are incurred for the time that the instances are
                                                                  scheduled, even if they are not used
§ It is useful when your Application is at the steady-state.
§ Scheduled Reserved Instances (Scheduled Instances) enable           § after purchase cannot be modified, canceled, or resold
  capacity reservations purchase that recurs on a daily, weekly, or
  monthly basis, with a specified start time and duration, for a      § only supported instance types: C3, C4, M4, and R3
  one-year term.                                                      § the required term is 365 days (one year).
§ Capacity is reserved in advance and is always available when        § minimum required utilization is 1,200 hours per year
  needed
                                                                      § purchase up to three months in advance
§ Scheduled Instances are a good choice for workloads that do
  not run continuously, but do run on a regular schedule for e.g.
  weekly or monthly batch jobs
§ EC2 launches the instances, based on the launch specification
  during their scheduled time periods
§ EC2 terminates the EC2 instances three minutes before the end
  of the current scheduled time period to ensure the capacity is
  available for any other Scheduled Instances it is reserved for.
§ Scheduled Reserved instances cannot be stopped or rebooted,
  however, they can be terminated and relaunched within
  minutes of termination
§ It allows you to bid for a price whatever price that you
  want for instance capacity, and providing better savings if
  your applications have flexible start and end times.
§ Spot Instances are useful for those applications that have
  flexible start and end times.
§ It is useful for those applications that are feasible at very
  low compute prices.
§ It is useful for those users who have an urgent need for
  large amounts of additional computing capacity.
§ EC2 Spot Instances provide less discounts as compared to
  On Demand prices.
§ Spot Instances are used to optimize your costs on the
  AWS cloud and scale your application's throughput up to
  10X.
§ EC2 Spot Instances will continue to exist until you
  terminate these instances.
§ A Spot Instance is an instance that uses spare EC2            § Spot Instance request – Requests a Spot Instance. When
  capacity that is available for less than the On-Demand          capacity is available, Amazon EC2 fulfills your request. A
  price. Because Spot Instances enable you to request             Spot Instance request is either one-time or persistent.
  unused EC2 instances at steep discounts, you can lower          Amazon EC2 automatically resubmits a persistent Spot
  your Amazon EC2 costs significantly. The hourly price for       Instance request after the Spot Instance associated with
  a Spot Instance is called a Spot price. The Spot price of       the request is interrupted
  each instance type in each Availability Zone is set by
  Amazon EC2, and is adjusted gradually based on the            § EC2 instance rebalance recommendation – Amazon
  long-term supply of and demand for Spot Instances. Your         EC2 emits an instance rebalance recommendation signal
  Spot Instance runs whenever capacity is available               to notify you that a Spot Instance is at an elevated risk of
                                                                  interruption. This signal provides an opportunity to
§ Spot Instances are a cost-effective choice if you can be        proactively rebalance your workloads across existing or
  flexible about when your applications run and if your           new Spot Instances without having to wait for the two-
  applications can be interrupted. For example, Spot              minute Spot Instance interruption notice.
  Instances are well-suited for data analysis, batch jobs,
  background processing, and optional tasks                     § Spot Instance interruption – Amazon EC2 terminates,
                                                                  stops, or hibernates your Spot Instance when Amazon
§ Spot capacity pool – A set of unused EC2 instances with         EC2 needs the capacity back. Amazon EC2 provides a
  the same instance type (for example, m5.large) and              Spot Instance interruption notice, which gives the instance
  Availability Zone.                                              a two-minute warning before it is interrupted.
§ Spot price – The current price of a Spot Instance per hour.
§ A dedicated host is a physical server with EC2 instance
  capacity which is fully dedicated to your use.
§ The physical EC2 server is the dedicated host that can
  help you to reduce costs by allowing you to use your
  existing server-bound software licenses. For example,
  Vmware, Oracle, SQL Server depending on the licenses
  that you can bring over to AWS and then they can use the
  Dedicated host.
§ Dedicated hos ts are us ed to a d d r e s s c o m p l i a n c e
  requirements and reduces host by allowing to use your
  existing server-bound server licenses.
§ It can be purchased as a Reservation for up to 70% off
  On-Demand price.
• General Purpose Instances
• Compute Optimized Instances
• Memory-Optimized Instances
• Storage Optimized Instances
• Accelerated Computing
  Instances
§ General purpose instances provide a balance of compute,
  memory and networking resources, and can be used for a
  variety of diverse workloads. These instances are ideal for
  applications that use these resources in equal proportions
  such as web servers and code repositories.
§ The most basic and all rounder AWS EC2 instances are
  the General Purpose Instances. They provide a perfect
  balance of computing, memory and networking resource.
  The below image shows the important points of both the
  sub class of the General Purpose Instance.
§ General-purpose instances offer a good mix of compute,
  memory, and networking resources and can be used for a
  wide range of workloads. These instances are ideal for
  applications like web servers and code repositories that
  use these resources in equal parts.
General Purpose - T3/T4g Instance                                                    General Purpose - Mac Instance
§ The T3/T4g have a baseline CPU performance of 2.5 GHz.                             § AWS EC2 now provides macOS as an option for
                                                                                       development. These are based on the Apple Mac Mini
  These instance can burst to higher performance for shorter                           computer. It uses the Intel core I7 processor with 3.2 GHz
  duration. The T3/T4g are burstable instance for this reason.                         (4.6 GHz Turbo) performance. There is only the
                                                                                       mac1.metal option.
§ This burst is paid with CPU credits. When the instance is idle it
                                                                                     § macOS products can use these instance for development,
  leads to accumulation of CPU Credits.                                                testing.
§ The T4g is the AWS Graviton2 Processor.                                            General Purpose - Arm Instance (A1)
§ The ideal use case for these instances are micro-service, low-                     § The ARM based processor for AWS EC2 instance. It fully
  latency application, development environment.                                        supports the ARM based development environment.
                                                                                     § Web server, micro-services, are some of the workload
§ Yo u s h o u l d b e s a f e t o n o t r e l y o n t h e b u r s t a b l e C P U     example for these instance.
  performance.
                                                                                     § If you have to pick one instance, then pick the M5
General Purpose - M5 Instance                                                          instance in this general category.
                                                                                     § Use a T3/T4g only if you want to use the free tier service.
§ These are, the more stable instance, in comparison to the
  T2/T4a Instance. They use a 3.1 GHz Intel Processor. These                         § The other ARM and Mac instance, are very specific. You
  should be the first choice for anyone starting out on AWS.                           should use them till you do not have a specific need for
                                                                                       these instance
  These instances provide a better baseline performance.
§ The best use case for M5 Instance are small and midsize
  databases, data processing tasks.
§ The AWS Compute Optimizer service analyzes the
  resources used in the AWS environment and provides
  suggestions to rightsize user applications. The service can
  help organizations reduce costs by up to 25% through its
  optimization recommendations for existing EC2 servers.
§ This machine learning-driven service makes
  recommendations based on analysis of CloudWatch
  metrics of EC2 instances and AWS Auto Scaling groups,
  as well as identifying patterns and optimal resources for a
  given workload. These recommendations reflect optimal
  usage of resources—since over-provisioning leads to
  additional costs, and under-provisioning leads to
  performance degradation. AWS Compute Optimizer
  provides greater functionality than other AWS tools, such
  as AWS Trusted Advisor and AWS Cost Explorer.
• The server you need to use for higher compute power.
  They support 3.6 GHz to 3.9 GHz compute power.
• The cost of a C5.large is cheaper than then General
  Purpose M instance. You need little higher compute power
  than use the C5 instance.
• Compute optimized instances are ideal for compute-bound
  applications that benefit from high-performance
  processors.
• Memory optimized instances are designed to deliver fast
  performance for workloads that process large data sets in
  memory.
• RAM has a direct impact on any compute operation. If
  you need higher RAM, then these are the instance you
  should use. They support 4.0 GHz compute frequency.
  The baseline instance, has 16 GiB RAM in them. This is
  more than the Compute Optimized and General Purpose
  Instance.
There are 3 types of sub classification in these memory
optimized instances.
§   Memory Optimized - R instance
§   Memory Optimized - X instance
§   Memory Optimized - Z instance
• Memory-optimized instances offer a large memory size
  designed for memory intensive applications including in-
  memory applications, in-memory databases (such as SAP
  HANA), in-memory analytics solutions, High Performance
  Computing, Electronic Design Automation, scientific computing
  and enterprise applications.
• Storage optimized instances are designed for workloads
  that require high, sequential read and write access to very
  large data sets on local storage. They are optimized to
  deliver tens of thousands of low-latency, random I/O
  operations per second (IOPS) to applications. For more
  information, including the technology used
• These instance provides the variety in the Hard Disk or
  local storage option.
There are 3 sub classification of these instances.
• Storage Optimized - D Instance
• Storage Optimized - I Instance
• Storage Optimized - H Instance
• The Storage Optimized instances are optimized for companies
  who seek to launch workloads in need of high, sequential read
  and write access to extremely huge data sets on that are found on
  local storage. These instances are designed for the sake of
  delivering thousands of low-latencies random IOPS to apps.
• Accelerated computing instances use hardware
  accelerators, or co-processors, to perform some functions,
  such as floating point number calculations, graphics
  processing, or data pattern matching, more efficiently than
  is possible in software running on CPUs. These instances
  enable more parallelism for higher throughput on
  compute-intensive workloads.
• If you require high processing capability, you'll benefit
  from using accelerated computing instances, which
  provide access to hardware-based compute accelerators
  such as Graphics Processing Units (GPUs), Field
  Programmable Gate Arrays (FPGAs), or AWS Inferentia.
• Till now all the instance type was using similar hardware.
  Ther e w a s n o s p e c i a l h a r d w a r e u s e d t o i m p r o v e
  performance. The Accelerated Computing instance
  changes that. It uses specific hardware for specific tasks.
  Like a GPU for both GPU intensive work or parallel
  processing.
• It even uses hardware accelerators for FPGA and AWS
  Inferentia for AWS AI/ML work load.
There is four sub classification of the Accelerated Computing
Instance.
• Accelerated Computing - P Instance
• Accelerated Computing - G Instance
• Accelerated Computing - F Instance
• Accelerated Computing - Inf1 Instance
§ An Amazon Machine Image (AMI) is a supported and
  maintained image provided by AWS that provides the
  information required to launch an instance. You must
  specify an AMI when you launch an instance. You can
  launch multiple instances from a single AMI when you
  require multiple instances with the same configuration.
  You can use different AMIs to launch instances when you
  require instances with different configurations.
§ One or more Amazon Elastic Block Store (Amazon EBS)
  snapshots, or, for instance-store-backed AMIs, a template
  for the root volume of the instance (for example, an
  operating system, an application server, and applications).
§ Launch permissions that control which AWS accounts can
  use the AMI to launch instances.
§ A block device mapping that specifies the volumes to
  attach to the instance when it's launched.
§ An Amazon Machine Image (AMI) is a master image for
  the creation of virtual servers -- known as EC2 instances -
  - in the Amazon Web Services (AWS) environment.
§ The machine images are like templates that are configured with      § Hardware virtual machines - HVM guests are fully
  an operating system and other software that determine the user's      virtualized, and the underlying hardware has to be emulated
  operating environment. AMI types are categorized according to         for the guests to use. With PV, the guest OS is modified to run
  region, operating system, system architecture -- 32- or 64-bit --     without requiring that emulation. HVM requires that the host
  launch permissions and whether they are backed by Amazon              machine have a specific feature available on its hardware,
  Elastic Block Store (EBS) or backed by the instance store.            whereas PV requires that the guest OS have a specific feature
                                                                        present in the software.
§ Each AMI includes a template for the root volume required for
  a particular type of instance. A typical example might contain
  an operating system, an application server and applications.
  Permissions are also controlled to ensure that AMI launches are
  restricted to the appropriate AWS accounts. block device
  mapping ensures that the correct volumes are attached to the
  launched instance.
§ Paravirtualization - This is a virtualization technique that can
  improve the performance of guest operating systems by
  eliminating the overhead of emulating hardware and by using
  knowledge of the guest operating system (OS). It is an approach
  to virtualization that is effective for high-performance
  computing (HPC) applications, such as those used in scientific
  computing, transactional databases and other enterprise
  computing that require rapid processing. PV requires close
  cooperation between the virtual machine monitor and the guest
  operating system, as well as a modified operating system kernel.
§ EBS-backed
§ Instance store-backed
§ EBS is nothing but a volume that provides you persistent
  storage.
§ When you run an EC2 instance that provides you temporary
  storage, if you delete an EC2 instance then the data stored in
  the EC2 instance will also be deleted. To make a data
  persistent, Amazon provides an EBS Volume. If you launch an
  EC2 instance and want to make some data persistent, then you
  need to attach an instance with the EBS Volume so that your
  data would be available even on deleting an EC2 instance.
§ When you launch an EC2 instance, it will always have a root
  device as an EBS Volume which makes the data persistent.
  Therefore, we can say that when we delete an EC2 instance,
  then the data is available in a root device.
§ In EBS - backed instances, you will be charged or billed for
  the storage of static data such as operating systems files, etc.
§ The cost of adding the EBS Volume to an EC2 instance is
  minimal.
§ EBS backed instances are the instances that are connected to the        § It supports stopping as well as restarting of an instance by
  storage drives over the network. Unlike instance store volumes,           saving the state to EBS volume.
  these storage drives are not connected physically to the instances
  but are accessed by the instances over the network. These drives        § Data persists in EBS volume. If an instance is terminated,
  result in slow performance, but the data is persistent on the drives.     no data would be lost.
§ EBS (Elastic block storage) volumes are flexible, and the               § Boot time It takes less than 1 min.
  characteristics of these volumes can be changed at any time. You        § Size limit 1 TB
  can change the volume size, volume type, and provisioned IOPS
  of the volume connected to the production instance without              § AMI is very easily created by using a single command.
  downtime. These volumes can also be used for data that is               § It is less expensive.
  frequently updated, like database storage or root drive of the
  instance.                                                               § Can be selected as Root Volume and attached as
                                                                            additional volumes
§ Multiple EBS volumes can be attached to the same instance, and
  for this, the instance and the EBS volumes must be in the same          § EBS backed Instances can be of maximum 64TiB volume
  availability zone. You can also create an EBS volume without              size depending upon the OS,
  connecting it to any instance. Similarly, an EBS volume can also
                                                                          § EBS volume can be attached as additional volumes when
  be connected to multiple instances depending upon the instance
                                                                            the Instance is launched and even when the Instance is up
  and volume type.
                                                                            and running
§ When an EBS-backed instance is in a stopped state, various
  instance– and volume-related tasks can be done for e.g. you can
  modify the properties of the instance, you can change the size of
  your instance or update the kernel it is using, or you can attach
  your root volume to a different running instance for debugging
  or any other purpose
§ EBS volumes are AZ scoped and tied to a single AZ where
  created.
§ EBS volumes are automatically replicated within that zone to
  prevent data loss due to the failure of any single hardware
  component
§ AMI creation is easy using a Single command
§ EBS backed Instances can be upgraded for instance type, Kernel,
  RAM disk, and user data
§ In Instance-Store, an instance consists of storage approx 1
  TB or 2 TB which is temporary storage. As soon as the
  instance is terminated, all the data will be lost. For
  example, if you launch an instance, and deploy the
  database in it. If you delete an instance, then all the data
  will be lost and this becomes the challenge. In such a
  scenario, you can add an additional EBS Volume that also
  stores the data, so even if you delete an instance, your data
  would not be lost.
§ An Instance store backed instance is an EC2 instance
  using an Instance store as root device volume created
  from a template stored in S3.
§ Instance store volumes access storage from disks that are
  physically attached to the host computer.
§ When an Instance stored instance is launched, the image
  that is used to boot the instance is copied to the root
  volume (typically sda1)
§ Instance store provides temporary block-level storage for           § AMI creation requires the usage of AMI tools and needs
  instances.                                                            to be executed from within the running instance.
§ Data on an instance store volume persists only during the life of   § Instance store backed Instances cannot be upgraded
  the associated instance; if an instance is stopped or terminated,
  any data on instance store volumes is lost.                         § In this case, an instance cannot be stopped. It can be either
                                                                        in a running or terminated state.
§ Boot time is slower than EBS backed volumes and usually less
  than 5 min                                                          § Data does not persist so when instance is terminated, data
                                                                        would be lost.
§ Can be selected as Root Volume and attached as additional
  volumes                                                             § Boot time It usually takes less than 5 min.
§ Instance store backed Instances can be of a maximum 10GiB           § Size limit 10 - 16 TB
  volume size                                                         § To create an AMI, it requires installation and AMI tools.
§ Instance store volume can be attached as additional volumes only    § It is more expensive as compared to Instance Store-
  when the instance is being launched and cannot be attached once       backed instance.
  the Instance is up and running.
§ Instance store backed Instances cannot be stopped, as when
  stopped and started AWS does not guarantee the instance would
  be launched in the same host, and hence the data is lost.
§ A security group is a virtual firewall which is controlling
  the traffic to your EC2 instances.
§ When you first launch an EC2 instance, you can associate
  it with one or more security groups.
§ A Security group is the first defence against hackers.
§ An AWS security group acts as a virtual firewall for your
  EC2 instances to control incoming and outgoing traffic.
  Both inbound and outbound rules control the flow of
  traffic to and traffic from your instance, respectively.
§ AWS Security Groups help you secure your cloud
  environment by controlling how traffic will be allowed
  into your EC2 machines. With Security Groups, you can
  ensure that all the traffic that flows at the instance level is
  only through your established ports and protocols.
• When launching an instance on Amazon EC2, you need to assign
  it to a particular security group. You can add rules to each security
  group that allow traffic to or from designated services including
  associated instances
• Like whitelists, security group rules are always permissive. It’s
  not possible to create rules that deny access. For example, you
  may have traffic coming from an Elastic Load Balancer (ELB) to
  a subnet with web servers. You AWS Security Group can list that
  ELB as their sole permitted source.
• Security groups are stateful, which means that if an inbound
  request passes, then the outbound request will pass as well.
Multiple AWS Security Groups
§ You can specify one or more security groups for each EC2 instance, with a
  maximum of five per network interface. Additionally, each instance in a
  subnet in your VPC can be assigned to a different set of security groups. In
  allowing traffic to reach an instance, Amazon EC2 evaluates all of the rules
  from all of the security groups associated.
§ Once rules are added or modified, they will be automatically applied to all
  instances that are associated with the security group
§ With tools like CloudGuard, you can visualize your cloud security posture
  at the infrastructure level (VPCs, security groups, EC2 and RDS instances,
  Amazon S3 buckets, Elastic Load Balancers, etc.) and interactively detect
  configuration drift.
§ A Bastion Host is a special purpose computer on a host
  designed and configured to withstand attacks.
§ The computer hosts a single application, for example, a
  proxy server and all the other services are removed to
  reduce the threat to the computer.
§ A Bastion host is hardened due to its location and purpose,
  which is either on the outside of a firewall or
  demilitarized zone, i.e., public subnet and it usually
  accesses from untrusted networks or computers.
§ A Bastion host is a special-purpose server or an instance
  that is used to configure to work against the attacks or
  threats. It is also known as the ‘jump box’ that acts like a
  proxy server and allows the client machines to connect to
  the remote server. It is basically a gateway between the
  private subnet and the internet. It allows the user to
  connect private network from an external network and act
  as proxy to other instances.
§ Security plays an important role in all sectors. When a user is
  using any service its concern is that his/her data should be
  secured while sharing their data in that service. There is always
  a chance that some malicious attacks or threats take place when
  the user is using some services. Although Amazon is capable of
  providing excellent security to its service. Amazon suggested to
  use SSH or RDP for more security to instances and services.
  Bastion Host is one of the services provided by the AWS in
  order to avoid unnecessarily exposing users’ data on the internet.
  Bastion host tightens the access of the resources, gateways,
  instances, etc. These hosts are accessed with the help of SSH or
  RDP protocols.
§ Bastion Host is launched in Public subnets and acts as a proxy to
  the instances in a private subnet.
§ It provides security by reducing the attacks on your
  infrastructure.
§ A Bastion host is used to to administer EC2 instances using SSH
  or RDP securely. Bastion hosts are also known as jump boxes in
  Australia.
§ You cannot use NAT Gateway as a Bastion host. If you SSH or
  RDP to an instance in a private subnet, you need to configure a
  Bastion host. You cannot use NAT Gateway.
§ EBS Snapshots are point-in-time images or copies of your
  EBS Volume. These are stored on S3, which can be
  accessed through Elastic Cloud Computing APIs or AWS
  Console. While EBS volumes are availability zone (AZ’s)
  specific but, Snapshots are Region-specific.
§ Your Snapshot size must be either same or larger than the
  size of the original volume from which the snapshot is
  taken.
§ As per Amazon, each AWS account can have a maximum
  of up to 5000 images or copies Volumes and up to 10,000
  EBS Snapshots created.
§ A snapshot, when created, shows a ‘pending ‘ status,
  which then converts into ‘complete’ once the snapshot
  creation is successful.
§ Snapshot is a backup of root storage that is attached to the EC2-     § Automation: The data stored in the AWS EBS will be
  Instance to know how to create AWS EC-instance refer to                 dynamical meas the data will continuously added to the
  Amazon EC2 – Creating an Elastic Cloud Compute Instance. The            volume so instead of performing manually you can
  snapshot which you are going to take at first it consist of all the     automate the whole processes like you can set the timer in
  data which is present in the EBS eventually snapshots you are
  going to take will consist only the data which is newly added and       the snapshots configuration while creating AWS snapshots
  this snapshots are also called incremental snapshots.                   then snapshots will be automatically with in the certain
                                                                          intervals of time.
§ AWS will chanrge you based on the amount of data is going to be
  backed up in single snapshot. Snapshot source volume will not         § Cost-effective: The design of AWS Snapshots will make
  decide the cost will decide by the amount of data is being backed       them effective for the cost wise. Because AWS snapshots
  up. For example if size of EBS volume is 100 GiB and the data           will follow the incremental type which the data added new
  you have been backed up is 60 GiB using snapshot then amazon            to the existing storage will only been taken as an
  will only charges you for the 60 GiB only.                              snapshots not the entire data. The pricing will only
§ Snapshots and the volumes which are created by using each them          depends on the amount of data have been backed up.
  will be in the state of encryption form.
                                                                        § Secure: The data which is been backed up using AWS
§ The snapshots which is copied from the un-encrypted snapshots           snapshots will have an encryption and also you can re-
  can be un-encrypted while the process of coping.                        encrypt the snapshots depending on the requirement.
§ If the snapshots is already encrypted before you copy you can re-     § High Availability: The snapshots which we have taken
  encrypted the snapshots with the different keys based on your
  requirements.                                                           will directly stored to amazon S3 for long term purpose.
                                                                          S3 is designed for 99.99999999% (11 nines) durability,
§ The EBS volume created by using the encrypted snapshots then            ensuring higher availability of your EBS Snapshots.
  the volume will also be in encrypted format.
§ Backup and restore: Main purpose of amazon snapshot is to take
  the backup of EBS volumes in the form of encryption by which
  you can avoid the loss of data and also if any accidental deletion
  will happen you will be in safer side.
§ Disaster Recovery: It is an rare case scenario in AWS but if any
  disaster was occurred in the region where you configured the
  data then you can recover it back by using AWS snapshots.
§ Testing and Development: Environments for testing and
  development can be built using Amazon EBS snapshots. This is
  a useful method for testing new setups or software without
  disrupting your live environment.
§ In Amazon Web Services, an EC2 key pair consists of a
  public key and a private key that is used to securely
  communicate with EC2 instances.
§ The public key is stored on the EC2 instance and is used
  to encrypt messages that can only be decrypted by the
  corresponding private key, which is kept by the user who
  generated the key pair. The private key is used to decrypt
  messages that have been encrypted with the public key.
§ When launching an EC2 instance, you have the option to
  specify a key pair that will be used to encrypt login
  information and authenticate connections to the instance.
§ If you do not specify a key pair when launching an
  instance, you will not be able to access it without
  additional steps, such as creating a new key pair or using
  an existing one.
We can create a Key Pair with two methods:
§ When we are launching an EC2 Instance
§ We can also create a only Key Pair separately.
§ A key pair, consisting of a public key and a private key, is a set of
  security credentials that you use to prove your identity when
  connecting to an Amazon EC2 instance.
§ Amazon EC2 stores the public key on your instance, and you
  store the private key. For Linux instances, the private key allows
  you to securely SSH into your instance.
§ As an alternative to key pairs, you can use AWS Systems
  Manager Session Manager to connect to your instance with an
  interactive one-click browser-based shell or the AWS Command
  Line Interface (AWS CLI).
§ Anyone who possesses your private key can connect to your
  instances, so it's important that you store your private key in a
  secure place.