Skip to content

EC2 Intermediate

Jump to bottom
abk edited this page Nov 13, 2019 · 1 revision

EC2 Intermediate

AMI

  • Amazon Machine Image
  • 2 different types of AMIs
    • Instance store backed AMIs
    • EBS backed AMIs.
  • AMI is a container that contains snapshot, permissions and block device mapping.
    • Preconfigure an instance
    • Create an AMI that includes necessary stuff
    • Create a NEW EC2 with minted AMI.
    • By creating AMI can save time and it’s called AMI pre-baking or AMI baking.
    • Immutable architecture - means, after creation of EC2s, there is no need to change much.

ENIs etc : Network Interface related. Private Instances

  • Private EC2 has ENI with private IP address.
    • Private IP addresses & Private DNS names are are static for the lifetime of the EC2 instance.
    • Multiple Private IP addresses can be there for ENI
    • Multiple ENIs can be attached to EC2.

Public Instances

  • Public EC2 has ENI with public IP address.
    • They will get public IP address and DNS names.
    • They will ALSO receive private IP address and private DNS.
  • You can’t apply public IP address inside the OS (of EC2 instance).
  • Everything in AWS is private internally and it’s internet gateways (IGW) functionality to swap the IP addresses between
private IP and public IP address (if assigned).

Elastic IP address

  • It’s for the AWS region
  • If you create an EIP - you will be charged irrespective it’s attached or not.
  • It’s a creation of link between private IP address to the EIP. 
When this is done, public IP address is removed and EIP (which is also) public is assigned.
  • EIPs can be moved between EC2 resources.
  • If you don’t want to be charged for EIP, first disassociate the EIP from EC2 and then release back to pool.

Instance ROle

  • Type of IAM role that EC2 assumes.
  • You don’t login to a role.
  • Instance roles assume IAM roles on behalf of EC2 via an instance profile, while IAM roles can only be applied to true identities.

EC2 credentials

  • Statically configured using aws configure
  • Use instance IAM roles to assume
  • When user needs to login, IAM roles don’t work.
  • Can associate and disassociate the IAM roles on a running instance.

AWS cli credential ORDER

  1. Aws [command] —profile [profile_name]
  2. Environment variable like AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN
  3. AWS CLI credential file using ~/.aws/credentials
  4. Container credentials (ECS environments)
  5. Instance Profile Credentials
Clone this wiki locally