# ***Amazon EC2***
  
### ***EC2 Instance Types***  
+ ### General Purpose
+ ### Compute Optimized
+ ### Memory Optimized
+ ### Accelerated Computing
+ ### Storage Optimized 


# ***Connecting to EC2 Instance from a Local Machine.***
  
### Let's check out how to connect to the EC2 instance from a local machine.

## ***From Windows machine:***
+ ### Windows system doesn't have an inbuilt SSH client as in Linux/Mac OS. So, you need to download a third-party client such as PuTTY to connect.
+ ### Also, the key pair needs to be converted to ppk format using Puttygen which you get along with PuTTY and connect using the public IP.

## ***From Linux/Mac:***
+ ### In case of Linux/Mac, this is simple. Connecting the instance involves just a few Linux commands. First, open the terminal and go to the folder where the keys are presents.
+ ### You need to change permissions on keys using chmod 400 samplekeyname.pem.
+ ### Then, enter ssh ec2-user@public IP of instance -i samplekeyname.pem.
+ ### ec2-user is for an Amazon Linux. It differs from one another instances.

### Connection to Windows instance is done through various clients available in the store of Linux/Mac, and from windows system through the regular remote desktop connection client.

### A detailed explanation can be found for reference at AWS Docs.

# ***EC2 CLI Commands***

### Let's check some useful CLI Commands that are used with respect to EC2.

+ ### Launching an instance t2.micro in EC2-VPC:

***aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type t2.micro --key-name MyKeyPair --security-group-ids sg-xxxxxxxx***  
  
+ ### Launching an instance in EC2-classic:  
  
***aws ec2 run-instances --image-id ami-xxxxxxxx --count 1 --instance-type t1.micro --key-name MyKeyPair --security-groups my-sg***  
  
+ ### Tagging an instance:  
  
***aws ec2 create-tags --resources i-xxxxxxxx --tags Key=Name,Value=MyInstance***
  
+ ### Terminating an instance:  
  
***aws ec2 terminate-instances --instance-ids i-5203422c***


# ***Security Group***  
  
### Security Group is defined as the set of rules that control the inbound and outbound traffic and acts as a virtual firewall.

+ ### There can be many security groups associated with a single instance and also different rules that can be set for inbound and outbound traffic.
+ ### By default, security groups allow all outbound traffic.
+ ### Security groups are stateful in nature.
+ ### Security rules are always permissive.
+ ### In security groups, if a single port has more than one rule, then the most permissive rule is applied.
+ ### Every AWS account has a default security group per VPC given.

# ***Elastic Block Store***
### EC2 instances are nothing but servers or systems in the cloud. As it deals with a large amount of data, there should be a data store that is fulfilled by Amazon EBS.

### Elastic Block Store (EBS) is AWS's persistent block storage solution for EC2 instances that can be scaled as per requirement. They provide low-latent, high availability and secure storage.

### These are of two types:

+ ### SSD backed volumes with low-latency and high IOPS used as boot volumes, application transaction volumes and database volumes.
+ ### HDD backed volumes providing high throughput used for big data, data processing, and data warehousing.
  
### EBS supports Point-in-time snapshots used for backups, archiving and creating new snapshots.

# EBS Volumes in Detail
### So far, you know what EBS is all about and what are the types. Now, let's dive deep into it.

+ ### EBS volumes behave like block storage devices, so you can use them as a regular hard drive to store files, spin off OS, use like database, etc.

+ ### EBS volumes can prevail independently that means that they can exist after the instance is terminated or stopped. You pay until you use the data.

+ ### EBS volumes are flexible. They can be modified as required. You can change the size, provisioned IOPS, type of volume, etc.

+ ### EBS volumes when created are replicated by AWS in different AZ's.

+ ### The data in the volumes remain until deleted explicitly.

+ ### EBS volumes are encrypted using industry standard AES-256 encryption and keys are managed by AWS KMS.

# EBS Snapshots
### In AWS, we back up data using Snapshots, and EBS volumes provide the ability to take a snapshot of data. These Snapshots are stored in the storage service of AWS called S3.

### These snapshots can be used to create more volumes and also to move volumes to a different AZs.

### These snapshots are very much helpful in data migration, changing the geographic location of EC2, and disaster recovery.

### Unencrypted snapshots can be shared publicly, and encrypted snapshots can be shared with only a few AWS accounts.

# Instance Store

### What if you need to store some temporary data and delete it later when worked on it? EBS block store are costly so how would you deal with it? To fulfill this purpose, we have Instance Store in EC2.

### Instance store provides temporary block storage for your EC2 instances to work with cache, buffers, scratch data, and other temporary data.

### This storage is present on disks that are attached to the host computer.

# EC2 CLI Commands
### Let's check out some useful CLI commands :

+ ### To create a security group in a specified VPC:

***aws ec2 create-security-group --group-name my-sg --description "My security group" --vpc-id vpc-1a2b3c4d***

+ ### To add a specific rule to a Security group (SSH):
***aws ec2 authorize-security-group-ingress --group-id sg-903004f8 --protocol tcp --port 22 --cidr 203.0.113.0/24***

+ ### To list the details of a security group :

***aws ec2 describe-security-groups --group-names my-sg***

+ ### To delete a security group by name:
***aws ec2 delete-security-group --group-name my-sg***

# EC2 Key Pairs

### Key pairs are fundamental components used to login to a Linux or Unix EC2 instances. In Windows, these pairs allow to decrypt and view the password.

+ ### AWS uses public-key cryptography to encrypt and decrypt the login data.

+ ### A Key pair is a combination of public and private key in which EC2 stores public key and user stores private key.

+ ### These keys are 2048 bit SSH-2 RSA keys only.

+ ### This key is stored in ~/.ssh/authorized_keys on a Linux instance.

# Elastic IP Address
### AWS provides every instance with a default IPv4 address, which is used to connect with the running instance.

### This has a vulnerability that when the instance reboots the IPv4 address gets changed. In such a case, it is hard to manage the continuous traffic during troubleshooting and mask the failure.

### So, we need a Static IP. These are provided by AWS as Elastic IP addresses.

### An Elastic IP address is a static IPv4 address attached to your account that helps in dynamic cloud computing.

# EC2 CLI Commands

### To create a new network interface in a security group:
+ ### ***aws ec2 create-network-interface  --description "my network interface" --groups sg-903004f8 --private-ip-address 10.0.2.17***
### To delete a network interface by id:
+ ### ***aws ec2 delete-network-interface --network-interface-id eni-e5aa89a3***
### To get details of network interfaces:
+ ### ***aws ec2 describe-network-interfaces***
### To detach an ENI from an instance:
+ ### ***aws ec2 detach-network-interface --attachment-id eni-attach-66c4350a***
### To modify attributes of an ENI (one at a time):
+ ### ***aws ec2 modify-network-interface-attribute --network-interface-id eni-686ea200 --attachment AttachmentId=eni-attach-43348162,DeleteOnTermination=false***

# Types of Load Balancers
### There are three types of Load balancers in AWS; of which, Classic load balancer is the oldest. They are listed below:

+ ### Application Load Balancer: These are best suited for load balancing HTTP/HTTPS traffic. They operate at layer 7 and are application intended. These load balancers are intelligent and can be used to send specific requests to specific servers, advanced request routing, etc.  
  
+ ### Network Load Balancer: These are used when extreme performance is required. They operate at layer 4 and used for balancing TCP/SSL traffic. They are used to handle millions of requests per second and provide ultra-low latency.  
  
+ ### Classic Load Balancer: These are also known as Elastic load Balancers. Here, load balancing can be done for HTTP/HTTPS traffic. Use layer 7 specific features such as X-Forwarded and sticky session and 4 layer features when the traffic is TCP.

# Sticky Sessions
### Sticky Sessions is a feature used in Elastic load balancers, also called as session affinity.

+ ### This feature enables to bind a user's session to a particular required instance and also ensures that the same instance handles this session.

+ ### Sticky sessions use user's session cookies to bind user session to a particular instance.

+ ### If the client has own session cookie, the ELB follows the duration predefined by cookie and if there isn't any cookie you can define your duration.

# Load Banalcers

## <u>Application Load Balancers</u>
### The Classic or Elastic load balancers are traditional load balancers and are not intelligent. In production or real-life scenarios, smart applications are very much useful. So to fulfill this need, we have Application Load Balancers. These load balancers support the following functions:

+ ### Path-based routing
+ ### Host-based routing
+ ### Routing requests to multiple applications on a single instance.
+ ### Targets outside VPC for load balancing.
+ ### Containerized applications

## <u>Network Load Balancers</u>
### So, from the types of load balancers, we came to know that Network load balancers are used for high-speed applications. They operate at the fourth layer of the OSI model.

### A Network Load Balancer can handle the following.

+ ### Millions of requests per second.
+ ### It opens a TCP protocol on the specified port to the target listener.
+ ### A network interface is created by AWS in each availability zone.
+ ### Each load balancer node in AZ will get a static IP.
+ ### Targets outside VPC can be used for load balancing.
+ ### Requests to multiple applications running on a single EC2 instance.
+ ### Support for containerized applications.
+ ### Monitoring of health of each service independently.

# Target Groups
### Target Groups are a grouping of servers that are targeted by the application load balancers for routing the requests. They form the major component of application load balancers.

+ ### You can define the rules in target groups for the traffic to get targeted to the servers.
+ ### You define the protocol and port number which are used to route the traffic from load balancer to the group.
+ ### The target may be an instance or IP address.
+ ### Health checkup needs to be configured (same as in ELB)for the group.
+ ### These target group also respond with a status code. These codes can be configured as you wish. These are not displayed to end user but exchanges in the background.
### Before you save the created target groups, add the required registered list.

# Monitoring

## <u>Automated Monitoring Tools</u>
### The primary automated tools used for monitoring EC2 instances are:

+ ### System status checks: These monitor the AWS systems required for your instances. They detect the problems present, which require AWS involvement to repair. When a system check fails, you can wait for AWS to repair or you can do it on your own. These checks are performed every minute and returns a pass or fail. Alarms can also be set based on the results.

+ ### Instance status checks: These checks monitor network and software configuration of your instance and they detect the problems which need your involvement to solve. When an instance check fails, you need to repair it.

+ ### Amazon CloudWatch: Amazon cloud watch monitors services and applications in AWS in real time. We can collect and track metrics. Cloudwatch alarms can be used to send notifications or make changes in the resource or applications based on predefined rules.

### System status checks are enabled at the dashboard of EC2 instances or through API. You can find more at AWS Documentation.

# CloudWatch Components
### The components of cloudWatch that are used in the monitoring are :

+ ### CloudWatch Alarms: These monitor a metric for a specified time and compare them with the threshold and perform actions, which might be a notification or some action on resources. These alarms invoke actions only for sustained state change.

+ ### CloudWatch Events: An event is generated when a change occurs in EC2 instance. These events are delivered to cloudwatch events in real time. For these events, you can specify actions when events match with a rule defined by you. You can also set up scheduled events.

+ ### CloudWatch Logs: These logs are used to monitor, store and access your log files from EC2 instances. CloudWatch Logs also can track the number of errors that occur in your application logs and send you a notification whenever the rate exceeds a threshold specified.

# Auto Scaling Components
+ ### Auto Scaling Groups:

### Auto Scaling groups are group of instances in which you can define the minimum and maximum number of instances. They are used to logically group instances. Auto-scaling assures that the size never goes above or below the limits.

+ ### Launch Configurations:

### Auto Scaling group uses a launch configuration as a template for its EC2 instances. You can specify all the required information like AMI ID, instance type, key pair, security groups, and block device mapping for your instances while creating a launch configuration.

+ ### Scaling Options:

### Scaling of instances can be configured as per your need. You can configure as on the occurrence of specified conditions or a schedule or the load, etc.