# Amazon EC2

> *Amazon Elastic Compute Cloud (EC2)* is a key component of Amazon Web Services (AWS) and plays a vital role in cloud computing. EC2 provides a scalable and flexible infrastructure for hosting virtual servers, also known as *instances*, in the cloud.

The significance of Amazon EC2 lies in its ability to offer on-demand computing resources to users. With EC2, you can quickly provision and launch instances with varying computing power, memory, and storage capabilities, catering to your specific requirements. This flexibility allows you to adapt your infrastructure to changing needs, whether you're a startup, a small business, or an enterprise.

> IMPORTANT: Though AWS EC2 is Free Tier there are some limitations, so you will get charged for AWS EC2 if your use it outside the Free Tier usage. The free tier usage will include for 12 months 750 hours of a micro EC2 usage a month. The details of pricing outside of this usage can be found at the following [link](https://aws.amazon.com/ec2/pricing/). Remember to close any AWS resources after use if using your own AWS account. 

## Motivation

Understanding the basics of Amazon EC2 is valuable in today's cloud-centric world. It equips you with sought-after cloud computing skills, enables efficient infrastructure provisioning, cost optimization, and facilitates seamless application deployment, while fostering collaboration and teamwork within organizations.

## Virtualization and Instances in EC2

> Virtualization is the process of creating virtual versions of hardware, operating systems, storage devices, and other resources. In the context of EC2, virtualization allows for the creation of virtual servers called **instances** that run on AWS infrastructure. It abstracts the underlying physical hardware, enabling multiple instances to run concurrently on the same physical server, thereby maximizing resource utilization and efficiency.

### EC2 Instances

> An EC2 instance represents a virtual server in the cloud. It is a self-contained unit that includes virtual CPUs, memory, storage, and network interfaces. 

When you launch an EC2 instance, you essentially create a virtual machine that runs on AWS's highly available and scalable infrastructure.

Each instance is isolated from other instances running on the same physical server, providing a secure and independent environment. EC2 instances are designed to be reliable and configurable, allowing users to tailor the instance specifications to meet their specific workload requirements.

### Advantages of Using Instances

Some of the main advantages of using instances rather than traditional machines are:

- **Ability to Choose Hardware Configurations**: EC2 provides a wide range of instance types with different hardware configurations. This includes variations in CPU power, memory capacity, storage capabilities, and network performance. Users can select the instance type that best aligns with their application's resource requirements, optimizing performance and cost.

- **Flexibility in Operating Systems and Software**: EC2 supports a variety of operating systems, including popular options like Amazon Linux, Windows Server, and various distributions of Linux. Additionally, users have the flexibility to install and configure software of their choice, ensuring compatibility with their applications.

- **Scalability and Elasticity**: EC2 instances can be easily scaled up or down based on demand. This elasticity allows applications to handle variable workloads and adapt to changing requirements. *Auto Scaling*, a feature of EC2, enables automatic instance provisioning and termination based on predefined scaling policies, ensuring optimal resource utilization. 

- **Enhanced Resource Utilization**: With virtualization, multiple EC2 instances can run on a single physical server, enabling better utilization of computing resources. This leads to cost savings, as you pay only for the resources used by your instances and maximize the efficiency of the underlying infrastructure.


## EC2 Instance Types

EC2 offers a wide range of instance types, each tailored for specific workloads and performance requirements. EC2 instance types offer varying combinations of **compute**, **memory**, and **network** capabilities to cater to different workload requirements. Depending on the nature of your workload, you may need to prioritize one aspect over the others or strike a balance between them.  

- **Compute**: Compute refers to the processing power and CPU capabilities of an EC2 instance. The compute resources determine the instance's ability to perform calculations, execute instructions, and process data.

- **Memory**: Memory, also known as RAM (Random Access Memory), represents the amount of volatile memory available to an EC2 instance. It is used for temporary data storage and faster access to instructions and data during runtime. The memory capacity of an instance type determines how much data it can hold in memory, which is essential for efficient processing of workloads that involve large datasets or memory-intensive applications.

- **Network**: Network capabilities of an EC2 instance refer to its networking performance and bandwidth. This aspect includes the instance's ability to send and receive data over the network. Higher network performance enables faster data transfer, reduced network latency, and increased network bandwidth, resulting in improved application response times and better overall performance.

Understanding the different instance types and their characteristics is crucial for optimizing resource allocation and meeting specific workload needs. Here's an overview of EC2 instance types:

### General Purpose Instances

*General Purpose instances* strike a balance between compute, memory, and networking resources. They are suitable for a variety of workloads, including web servers, small databases, and development/test environments. General Purpose instances are denoted by the letters "T" and "M"(e.g. `t3.micro`, `m5.large`), with varying CPU capabilities and memory configurations.

### Compute Optimized Instances

Compute Optimized instances prioritize high-performance CPU capabilities. They are ideal for compute-intensive workloads that require substantial processing power, such as batch processing, scientific modeling, and high-traffic web servers. Instances labeled with the letter "C" (e.g. `c5.larger`, `c6g.xlarge`) fall into this category.

### Memory Optimized Instances

Memory Optimized instances are designed for memory-intensive workloads that require a large amount of RAM. These instances are well-suited for in-memory databases, real-time analytics, and other memory-intensive applications. Examples include instance families represented by the letter "R" (e.g `r4.large`, `r6g.xlarge`).

### Storage Optimized Instances

Storage optimized instances, denoted by the letter "I" (e.g., `i3.large`, `i3en.xlarge`), focus on providing high-speed, low-latency storage for data-intensive workloads. They are optimized for applications that require high random I/O performance (the speed and efficiency of input/output operations performed on random data or locations within a storage device), such as NoSQL databases, data warehousing, and log processing.

### GPU Instances

GPU instances are equipped with powerful Graphics Processing Units (GPUs) and are optimized for computationally intensive tasks like machine learning, rendering, and video encoding. These instances provide high-performance parallel processing capabilities. Examples include instance families labeled with the letters "P" and "G" (e.g. `p3.2xlarge`, `g4dn.xlarge`).

### Importance of Choosing the Right Instance Type

Choosing the right instance type is crucial for meeting specific workload requirements. By selecting an instance type that aligns with your workload's CPU, memory, storage, and networking needs, you can optimize performance and cost-effectiveness. Overprovisioning or underprovisioning resources can lead to suboptimal performance or unnecessary costs.

Understanding the nuances of instance types empowers you to make informed decisions when provisioning EC2 instances. By selecting the appropriate instance type, you can ensure that your applications have the necessary resources to perform optimally, while efficiently utilizing the available infrastructure.

## Launching an EC2 Instance

We will walk through the process of launching an EC2 instance using the AWS Management Console. Follow the steps below to launch your own EC2 instance and verify its successful deployment:

### Step 1. Access the EC2 Home Page

Log into your AWS account using your admin IAM user credentials. Then navigate to the EC2 service from the Management Console. You can do so using the search bar at the top of the page.

<p align="center">
    <img src="images/LaunchInstance.png" width="650" height="600"/>
</p>

### Step 2. Launching an Instance

In the EC2 Dashboard, click on the **Launch Instance** button to begin the instance creation process. Alternatively you can first navigate to the **Instances (running)** tab from the EC2 home page and select the **Launch instances** button from the instances home page.

### Step 3. Selecting an AMI

In the **Launch an instance** page you will first have to name for your instance that will allow you to easily identify it within your AWS account. Let's name this `my-first-EC2-instance`.

In the **Application and OS Images (Amazon Machine Image)** section, select the desired *Amazon Machine Image (AMI)*.

#### AMIs

> An AMI is a pre-configured template that contains the necessary operating system, software, and configurations to launch an instance in Amazon EC2. Essentially, an AMI is a snapshot or a virtual machine image that serves as the foundation for creating EC2 instances.

An AMI includes the root file system, launch permissions, and block device mappings. It provides a complete package that allows you to quickly and easily launch instances with a specific operating system, software stack, and application environment.

AMIs come in different forms, such as *Amazon-provided AMIs*, *community AMIs*, or *custom AMIs*. Amazon provides a wide range of official AMIs for various operating systems and software configurations. Community AMIs are created and shared by the AWS community. Additionally, you can create your own custom AMIs by capturing and saving the configuration of an existing instance.

<p align="center">
    <img src="images/AMIs.png" width="900" height="500"/>
</p>

*Free tier AMIs* are specific Amazon Machine Images (AMIs) that are eligible for usage within the AWS Free Tier. The AWS Free Tier allows users to explore and experiment with AWS services, including Amazon EC2, at no cost for a limited period or within certain usage limits.

> For this example, we will select **Amazon Linux 2 AMI(HVM) - Kernel 5.10, SSD Volume Type** which is part of the Free Tier.

### Step 4. Selecting an Instance Type

Scroll through the list of available instance types and locate the `t3.micro` which is part of the General Purpose family. We will use this as it's part of the Free Tier offering for instance types.

### Step 5. Configuring the Networking Settings

Leave the networking settings as the default, as we will cover networking in detail in a later lesson.

### Step 6. Configuring the Storage Options

Leave the storage options as the default, as we will cover storage in detail in a later lesson.

### Step 7. Create a Key Pair

Click on the **Launch instance** button to launch your first instance. You will be redirected to the following page:

<p align="center">
    <img src="images/CreateKeyPair.png" width="800" height="500"/>
</p>

#### Key Pair

> In Amazon EC2, a *key pair* is a secure method of accessing your EC2 instances. It consists of a *public key* and a corresponding *private key*. The public key is used to encrypt data that can only be decrypted using the private key. Key pairs are essential for establishing secure remote access to your EC2 instances.

When launching an EC2 instance, you have the option to create a new key pair or use an existing one. If creating a new key pair, you generate a pair of cryptographic keys: a public key and a private key. The private key is stored on your local machine, while the public key is associated with the EC2 instance.

> To securely access your EC2 instance after creation, you will use the private key to authenticate yourself. The public key associated with the instance is stored on the instance itself, allowing it to authenticate the private key when you attempt to connect.

##### **Importance of Key Pairs**

Key pairs provide a secure and encrypted method for remote access to your EC2 instances. By using a key pair, you eliminate the need to transmit passwords over the network, reducing the risk of unauthorized access. Key pairs play a crucial role in maintaining the security and integrity of your EC2 instances and the data they hold. 

##### **Key Pair Management**

It is essential to securely store your private key and prevent unauthorized access to it. If you lose your private key, you may be unable to access your EC2 instance. In such cases, you may need to create a new key pair and associate it with a new instance or use other recovery methods.

> For our example walkthrough we will create a new key pair. You will only need to give the key pair a name and then click on the **Create key pair** button. You might then be prompted to a pop-up that asks you if you want to allow downloads from the AWS console. Allowing this will save the newly created key pair locally. We will need this later to connect to the EC2 instance once it's created.

### Step 8. Launch the Instance

Finally, click on the **Launch instance** button again. The creation process might take a few minutes to complete. Once the process has finalised, you should be able to see the new instance in the **Instances** tab in the EC2 console.

<p align="center">
    <img src="images/FirstEC2.png" width="900" height="450"/>
</p>

Let's look in more detail at the information displayed in the **Instances** tab of the Amazon EC2 console:

- **Name**: This shows the name you have assigned to your EC2 instance. This is a user-defined name that helps you identify and distinguish between multiple instances.

- **Instance ID**: This displays a unique identifier assigned to each EC2 instance. It is a string of characters that uniquely identifies your instance within your AWS account.

- **Instance State**: This indicates the current state of the instance. Common states include `running` (the instance is up and running), `stopped` (the instance is halted but not terminated), and `terminated` (the instance has been permanently shut down).

- **Instance Type**: This displays the type of instance that you have launched, such as `t3.micro`, `m5.large`, etc. It represents the combination of CPU, memory, storage, and networking capabilities of the instance.

- **Public IP**: This shows the public IP address assigned to the instance, which allows it to be accessed over the internet

- **Private IP**: This displays the private IP address assigned to the instance, which is used for communication within the Virtual Private Cloud (VPC) network. We will talk in detail about VPCs in a future lesson.

- **Availability Zone**: This indicates the specific data center location where the instance is physically hosted. AWS regions have multiple availability zones, allowing for redundancy and fault tolerance.

- **Key Name**: This shows the name of the key pair associated with the instance. This key pair is used for secure access to the instance.

- **Security Group**: This displays the security groups associated with the instance. Security groups act as virtual firewalls and control inbound and outbound traffic to the instance. We will cover them in more detail in a future lesson.

- **Launch Time**: This indicates the date and time when the instance was initially launched

## EC2 Instance Page

The EC2 Instance Page provides a comprehensive view of an individual EC2 instance within the Amazon EC2 console. This page includes various sections and information that allow you to manage, monitor, and configure the instance effectively. 

<p align="center">
    <img src="images/EC2InstancePage.png" width="800" height="550"/>
</p>

Let's explore the key sections of the EC2 instance page:

### 1. Instance Summary

At the top of the instance page, you will find the instance summary, which provides a quick overview of the instance's key details. This summary typically includes the instance ID, instance state, instance type, availability zone, launch time, public IP address, private IP address, public DNS name, and private DNS name.

### 2. Security

The security section showcases the security groups associated with the instance. You can manage inbound and outbound traffic rules, controlling access to the instance. We will learn how to set this up in a later lesson.

### 3. Networking

The networking section presents details about the instance's network interfaces, private IP addresses, public IP addresses, and associated VPC and subnet.

- **Public IP Address**: The public IP address is assigned to the instance and allows it to be accessed over the internet. It serves as the public-facing address for the instance.
- **Private IP Address**: The private IP address is used for communication within the Virtual Private Cloud (VPC) network. It is used for internal network traffic between instances, and other AWS resources within the same VPC. We will talk more about VPCs in a later lesson.
- **Public DNS Name**: The public DNS name is a unique hostname that can be used to access the instance over the internet. It is associated with the public IP address of the instance.
- **Private DNS Name**: The private DNS name is used for internal communication within the VPC network. It enables other instances within the same VPC to communicate with each other using the private IP addresses.

### 4. Storage

The storage section provides detailed information about the storage configuration of the instance. Understanding how storage works in EC2 is behind the scope of this lesson.

### 5. Monitoring

The monitoring section displays real-time metrics for the instance's CPU utilization, network traffic, and disk I/O. Graphs and charts provide visibility into the performance and resource usage of the instance over time.

### 6. Tags

The tags section allows you to assign metadata in the form of key-value pairs to the instance. Tags help organize and categorize instances based on specific attributes or purposes.


## Managing EC2 Instances

Properly managing EC2 instances is crucial for their availability, security, and efficient utilization of resources. There are several common management tasks involved in maintaining EC2 instances.

### Connecting to EC2 Instances

When working with EC2 instances, it's essential to establish a secure connection to access and manage them. The AWS Management Console provides several connection options to connect to your EC2 instances based on your requirements and preferences.

The **Connect** button in the AWS Management Console offers convenient ways to establish connections to EC2 instances. When you select an instance and click on the **Connect** button, you'll see various connection options available based on the services enabled for your instance.

<p align="center">
    <img src="images/ConnectInstance.png" width="750" height="550"/>
</p>

#### EC2 Instance Connect

EC2 Instance Connect is a browser-based *Secure Shell (SSH)* connection method provided by AWS. 

> SSH is a cryptographic network protocol that provides secure communication and remote access capabilities over an unsecured network. SSH is widely used for secure remote administration of systems and secure file transfers.

Instance Connect allows you to connect to your EC2 instances directly from the AWS Management Console. With EC2 Instance Connect, you can securely access your instances without requiring key pairs or opening inbound traffic in your security group.

To connect using EC2 Instance Connect you just have to click **Connect** under the **EC2 Instance Connect** in the Connect page. This will open a new window that has an established connection to the EC2 instance.

<p align="center">
    <img src="images/EC2InstanceConnect.png" width="700" height="450"/>
</p>

#### Session Manager

Session Manager is a fully managed AWS Systems Manager capability that provides secure and auditable instance management. It enables you to establish a browser-based shell and file transfer capabilities, eliminating the need to open inbound SSH ports.

> The difference between **Session Manager** and **EC2 Instance Connect** is that Session Manager is a fully managed service within AWS Systems Manager that provides a browser-based shell and advanced management capabilities for EC2 instances. It does not require SSH keys or inbound SSH access. On the other hand, EC2 Instance Connect is a browser-based SSH connection method that allows direct access to Linux instances without the need for SSH keys or inbound SSH ports.

To use Session Manager there are a few prerequisites that need to be met:
- **SSM Agent**: The SSM Agent is a software component that needs to be installed and kept upt to date on the EC2 instances to leverage the full capabilities of AWS Systems Manager and manage your instances efficiently
- **Network and Security Group Configuration**: The appropriate network settings need to be set to allow the necessary communication between the EC2 instances and the AWS Systems Manager service
- **IAM Permissions**: The IAM user needs to have the necessary permissions to access the AWS Systems Manager service and execute Session Manager commands

> Connecting to an EC2 instance using Session Manager requires advanced setup and is besides the scope of this lesson. You only need to be aware of the difference between using Session Manager and EC2 Instance Connect.

#### SSH client

SSH is a widely used protocol for connecting to remote instances using SSH key pairs. To connect to an EC2 instance via SSH, you need to have the private key associated with the key pair used during instance launch.

To connect using an SSH client:

1. Ensure you have the private key file (`.pem`) associated with the key pair used for the instance. This is the file you have downloaded locally when you created the EC2 instance.

2. Open the terminal on your local machine. You will need to set the the appropriate permissions for the private key file to ensure it is only accessible by the owner: `chmod 400 /path/to/private_key.pem`.

<p align="center">
    <img src="images/SSHClient.png" width="650" height="500"/>
</p>

3. Use the SSH command to connect to the instance. You can find the exact command to connect to your EC2 instance under **Example** in the **SSH client** tab. The command should have the following structure : `ssh -i /path/to/private_key.pem ec2-user@public_dns_name`. If you are already in the folder where your `.pem` file is located you don't need to specify the filepath.

4. When accessing the EC2 client using SSH for the first time you may encounter a message about the authenticity of the host. This message is prompted because the SSH client does not recognize the remote host and wants to verify its authenticity to ensure secure communication. You can type `yes` to confirm and continue connecting. By doing so, the key fingerprint will be stored in your SSH client's `known_hosts` file, and future connections to the same host will not prompt the same message. If during this process you are logged off the instance just run the `ssh` command again and you will be reconnected.

> If you are not able to successfully ran the `ssh` connect command don't worry, this means your security group rules might need to be updated. We will cover this in detail in the next lesson, so don't worry about it for now.

#### EC2 Serial Console

The EC2 Serial Console provides access to the system console of your EC2 instance, enabling troubleshooting and debugging, even in situations where normal SSH access might not be available. It allows you to view and interact with the instance's boot process, BIOS, and operating system console output.

> Connecting to an EC2 instance using EC2 Serial Console requires advanced setup and is besides the scope of this lesson.

> The preferred connection type through this course will be using the SSH client.

### Instance State

In the EC2 Instance home page, under **Instance state** you have the possibility to stop, start, reboot or terminate the instance.

<p align="center">
    <img src="images/InstanceState.png" width="900" height="550"/>
</p>

- **Starting Instances**: When you start an instance, you transition it from a stopped or terminated state to a running state. By starting an instance, you enable it to process requests, execute tasks, and serve applications.

- **Stopping Instances**: Stopping an instance brings it to a halt and places it in a stopped state. When an instance is stopped, the underlying resources are released, and you are not charged for instance hours. However, keep in mind that associated storage charges may still apply.

- **Rebooting Instances**: Rebooting an instance involves restarting it without changing its underlying resources. This action is often used for troubleshooting purposes or applying system updates that require a restart.

- **Terminating Instances**: Terminating an instance permanently shuts it down and releases all associated resources. It's important to note that terminated instances cannot be restored or recovered. It is recommended to ensure you have taken appropriate backups of any important data before proceeding with instance termination.

## Key Takeaways

- EC2 is a web service offered by AWS that allows you to provision and manage virtual servers in the cloud
- EC2 instances are virtual servers running on AWS infrastructure, offering scalability, flexibility, and cost-effectiveness
- EC2 instances are virtual servers that run on the AWS infrastructure and provide computing resources, such as CPU, memory, storage, and network capabilities
- EC2 provides a variety of instance types, including General Purpose, Compute Optimized, Memory Optimized, and GPU instances
- Instance types differ in terms of CPU, memory, storage, and network capabilities, allowing you to choose the right combination for your workload requirements
- Amazon Machine Images (AMIs) serve as templates for launching instances, providing pre-configured operating systems, software configurations, and data
- Launching an EC2 instance involves selecting an instance type, configuring instance details, choosing storage options, and setting up security groups
- Common management tasks for EC2 instances include starting, stopping, rebooting, terminating, and connecting to instances
- Key pairs play a significant role in securely accessing instances via SSH