# Compute
Learning objectives:
* Elastic Compute Cloud (EC2);
* The Elastic Container Service (ECS);
* The Elastic Container Registry (ECR);
* The Elastic Container Service for Kubernetes (EKS);
* AWS Elastic Beanstalk;
* AWS Lambda;
* AWS Batch;
* Amazon Lightsail;
* Concept of:
    * Elastic Load Balancing
    * EC2 Auto Scaling

# What is Compute in AWS?
Compute resources can be considered the brains and processing power required by applications and systems to carry out computational tasks via a series of instructions.

Compute is closely related to common server components such as CPUs and RAM.

A physical server within a data center would be considered a Compute resource as it may have multiple CPUs and many Gigabytes of RAM.

Within AWS, there are a number of different services and features that offer Compute power to provide different functions:

&emsp;Compute services can comprise of utilising hundreds of EC2 instances (virtual servers) which may be used continuously for months or even years processing millions of instructions.

&emsp;You may only utilise a few hundred milliseconds of compute resource to execute just a few lines of code within AWS Lambda before relinquishing that compute power.

Compute resources can be consumed in different quantities, for different lengths of time, across a range of categories, offering a wide scope of performance and benefit options.<br>
The compute resource will be highly depend on use case as to which Compute resource should be used within AWS.

# Elastic Compute Cloud (EC2)
EC2 allows the deployment of virtual servers within an AWS environment.<br>
Most people will require an EC2 instance within their environment as part of at least one of their solutions.

The EC2 service can be broken down into the following components:
* Amazon Machine Images (AMIs),
* Instance types,
* Instance Purchasing OPtions,
* Tenancy,
* User Data,
* Storage options, and
* Security

## Amazon Machine Images (AMI)
AMIs are essentially templates of preconfigured EC2 instances which allow you to quickly launch a new EC2 instance based on the configuration within the AMI.

An AMI is an image baseline with an operating system and applications alongwith any custom configuration.

You may want to create your own AMI to speed your own deployments.<br>
You do this by:
1. Select and launch an AWS AMI e.g. Linux Server
2. Once the EC2 instance is running, configure and install applications for this instance.
3. If we needed another server to perform the same functionality, we could go through the same process (steps 1-3) or we could:
4. Create a template of the instance that contains all the customisations that was made previously and deploy as many as needed.

### AWS Marketplace
AWS Marketplace is an online store where vendors sell their AMIs.<br>
Such vendors include Cicso, Citrix, and Alert Logic.

Vendor AMIs may have specific applications and configurations premade, such as instances that are optimised with built-in security and monitoring tools or contained database migrations systems.

### Community AMIs
Community AMIs is a repositotu of AMIs that have been created and shared by other AWS members.

## Instance Types
Once you have selected your AMI from any of the different sources, you must then select an instance type.

An instance type defines the size of the instance based on a number of different parameters:
* ECUs - the number of EC2 compute units for the instance
* **vCPUs** - the number of virtal CPUs on the instance
* Physical processor - the underlying processor used on the instance
* Clock speed
* **Memory**
* **Instance storage** - capacity of the local instance store volumns available
* EBS Optimised Storage - defines if the instance supports EBS oprimised storage or not
* **Network performance** - performance level of rate of data transfer
* IPv6 support
* Prcoessor Architecture
* AES-NI (Advanced Encryption Standard - New Instructions) - if the instance supports it for enchanced data protection
* AVX - support for advanced vector extensions, used for audio, video, scientific calculations, and 3D modeling analysis.
* Turbo - does the instance support intel turbo boost or AMD turbo core technologies.

The key parameters to look our for are vCPU, Memory, Instance Storage, and Network Performance.<br>
The use case and application will determine which type should be deployed.

The different instance types are categorised into different family types that offer distinct performance benefits:
* Micro instances - low cost, minimal CPU and memory power
* General purpose - mix of CPU memory and storage, ideal for small-medium databases, tests and development servers, and back-end servers
* Compute optimised - high performance processes installed allowing use for high-performance front end servers, web servers, high-performance science and engineering applications, video encoding and batch processing
* FPGA instances - Field Programmable Gate Arrays, programmed to create application specific hardware accelerations, with high CPU performance, large memory, and high network bandwidth for applications requiring parallel processing power.
* GPU instances - Graphics Processing Unit, used with graphic intensive applications
* Memory optimised - primarily used for large-scale enterprise class in-memory applications, such as performing real time processing of unstructured data. Also ideal for enterprise applications such as Microsoft SharePoint.
* Storage optimised - SSD backed instant sroarage for low latency and very high input/output (I/O) performance, including very high input/output operations per second (IOPS). Ideal use for analytic workloads and no SQL databases, data file systems, and log processing applications.

## Instance Purchasing Options
EC2 instances can be purchased through a number of payment plans:
* On-demand instances
    * Can be launched at any time,
    * Can be used for as long as necessary
    * Flat rate deteremined on the instance type
    * Typically short-term uses
    * Best fit for testing and development environments
* Reserved instances
    * Purchased for a set period of time for discount up to 75%
    * All upfront - complete payment for 1 or 3 year time frame provides the largest discount
    * Partial upfront - smaller upfront payment for smaller discount
    * No upfront - smallest discount is applied
    * Best applied for long term, predictable workloads
* Scheduled instances
    * Pay for the reservations on a recurring schedule e.g. daily, weekly, monthly
    * Set up a scheduled instance to run during a set time frame once a week
    * Note that even if you didn't use the instance you would still be charged.
* Spot instances
    * Bid for unused EC2 compute resources
    * No guarantees for a fixed period of time
    * Fluctuation of prices based on supply and demand
    * Purchase large EC2 instances at a very low price
    * Useful for processing data that can be suddenly interrupted
* On-demand capactity reservations
    * Reserve capacity based on different attributes such as instance type, platform, and tenancy, within a particular availability zone for any perioud of time
    * It could be used in conjuction with your reserved instances discount

## Tenancy
This relates to what underlying host your EC2 instance will reside on, so essentially the physical server within an AWS datacenter.

* Shared Tenancy 
    * EC2 instance is launched on any available host with the required resources
    * The same host can be used by multiple customers
    * AWS Security mechanisms prevent one EC2 instnace accessing another in the same host
* Dedicated instances
    * Hosted on hardware that no other customer can access
    * May be required to meet compliance
    * Dedicated instances inccur additional charges
* Dedicated hosts - same features as dedicated instances as well as:
    * Additional visibility and control on the physical host
    * Allows to use the same host for a number of instances
    * May be required to meet compliance

## User data
User data allows you to enter commands that will run during the first boot cycle of that instance
* Perform functions upon boot such as to pull down any additional software you want
* Download latest OS updates

## Storage options
Selecting storage for the EC2 instance depends on the instance selected, what you intend to use the instance for, and how critical the data is.<br>
There are two categories:
* Persistance storage - available by attaching Elastic Block Storage (EBS) volumes
    * EBS volumes are separated from the EC2 instance
    * These columes are logically attached via AWS network
    * Disconnecting the volumn from the EC2 instance maintains the data
    * Possible to implement encryption and take backup snapshots of all data
* Ephemeral storage - created by EC2 instances using local storage
    * Physically attached to the underlying host
    * When instance is terminated, all saved data on disk is lost
    * Rebooting - data will remain intact
    * Unable to detach instance store volumes from the instance

## Security
During the creation of the EC2 instance you will be asked to select a Security Group for your instance.

At the end of the EC2 instance creation, you will need to select an existing Key Pair or create and download a new one.

A Key pair is made up of a Public Key and a Private Key.<br>
The function of Key Pairs is to encrypt the login information for Linux and Windows EC2 instances, and then decrypt the same information allowing you to authenticate onto the instance.

The Public Key is used to login with the username and password.

The Private Key decrypts this data allowing you to gain access to the login credentials (Windows) or to remotelu connect onto the instance via SSH (Linux).

The Public Key is held and kept by AWS, the Private Key is the responsibility of the user to keep and ensure it is not lost.

It is possible to use the same Key Pair on multiple instances.

You can set up additional less priviledged access controls, such as local Windows accounts.

It is the reponsibility of the user to maintain and install the latest OS and security patches released by the OS vendor as dictated within the AWS shared responsibility model.

# EC2 Container Service (ECS)
This service allows the use of Docker-enabled applications packaged as containers across a cluster of EC2 instances without requiring you to manage a complex and administrativelty heavy cluster management system.

The burden of managing your own cluster management system is abstracted with the ECS service by passing that responsibility over to AWS specifically through the use of the AWS Fargate.

## AWS Fargate
AWS Fargate is an engine used to enable ECS to run containers without having to manage and provision instances and clusters for containers.

## Docker
Docker is a piece of software that allows you to automate the installation and distributions of applications inside Linux Containers.

## Containers
Containers hold everything an applications needs to run from within its container package.

They are decoupled from the operating system, making Container applications very portable.

## ECS
ECS removes the need for you to manage your own cluster management system thanks to its interaction with AWS Fargate.

With Amazon ECS there is no need to install any management or monitoring software for the cluster.

## Launching an ECS cluster
When launching an ECS cluster, there are 2 deployment modes:

### Fargate Launch
Requires you to specify the CPU and memory required, define networking and IAM policies, in addition to you having to package your application into containers.

### EC2 Launch
You are responsible for patching and scaling your instances and you can specify instance type and how many containers should be in a cluster.

## Monitoring Containers
Monitoring is taken care of through the use of Amazon CloudWatch.

You can easily create alarms based off these metrics, providing you notification of when specific events occur, such as a your cluster size scaling up or down.

## Amazon ECS Cluster
An Amazon ECS cluster is comprised of a collection of EC2 instances.

Features such as Securtiy Groups, Elastic Load Blanacing, and Auto Scaling can be used with these instances.

These instances still operate in much the same way as a single EC2 instance.

Clusters act as a resource pool, aggregating resources such as CPU and memory

Clusters are dynamically scalable and multiple instances can be used.

Clusters can only scale in a single region.

Containers can be scheduled to be deployed across your cluster.

Instances within the cluster also have a Docker daemon and an ECS agent.

# Amazon Elastic Container Registry (ECR)
ECR provides a secure location to store and manage your docker images.

This is a fully managed service, so you do not need to provision any infrastructure to allow you to create this registry of docker images.

This service allows developers to push, pull, and manage their library of docker images in a central and secure location.

The components used in ECR:
* Registry
* Authorisation token
* Repository
* Repository policy
* Image

## Registry
The ECR registry allows you to host and store your docker images in as well as create image repositories.

Your account will have read and write access by default to any images you create within the registry and any repositories.

Access to your registry and images can be controlled via IAM policies in adddition to repository policies.

Before your docker client can access your registry lit needs to be authenticated as an AWS user via an Authorisation Token.

## Authorisation Token
To begin the authorisation process to communicate your docker client with your default registry, you can run the get-login command using the AWS CLI

`aws ecr get-login --region region --no-include-email`

This will produce an output response which will be a docker login command

`docker login -u AWS -p password`<br>
`https://aws_account_id.dkr.ecr.region.amazonaws.com`

This process produces an authorisation token that can be used within the registry for 12 hours.

## Repository 
These are objects within your registry that allow you to group together and secure different docker images.

You can create multiple repositories with the registry allowing you to organise and manage your docker images into different categories.

Using policies from both IAM and repository policies you can assign set permissions to each repository.

## Repository Policy
There are a number of different IAM managed policies to help you controll acces to ECR:

`AmazonEC2ContainerRegistryFullAccess`<br>
`AmazonEC2ContainerRegistryPowerUser`<br>
`AmazonEC2ContainerRegistryReadOnly`

Repository policies are resource-based policies.

You need to ensure you add a principal to the policy to determine who has access and what permissions they have.

For an AWS user to gain access to the registry they ill require access to the `ecr:GetAuthorizationToken` API call.

Once they have this access, repository policies can control what actions those users can perform on each of the repositories.

# Image
Once you have configured your registry, repositories and security controls, and authenticated your docker client with ECR, you can then begin storing your docker images in the required repositories.

To push an image into ECR, use the docker push command.

To retrieve and image, use the docker pull command.

# Amazon Elastic Container Service for Kubernetes (EKS)
## What is Kubernetes
Kubernetes is an open-source container orchestration tool designed to automate, deploy, scale, and operate containerised applications.

It can grow from tens, thousands, or even millions of containers.

It is container-runtime-agnostic - it can be used to run RocKeT and Docker containers.

## What is EKS
AWS provides a managed service allowing you to run Kubernetes across your AWS infrastructure without having to take care of provisioning and running the Kubernetes management infrastructure in what's referred to as the control plane.

You only need to provision and maintain the worker nodes.

## Kubernetes control plane
There are a number of components that make up the control plane and these include a number of different APIs, the kubelet processes and the Kubernetes Master.

The control plane schedules containers onto nodes.<br>
Scheduling refers to the decision process of placing containers onto nodes in accordance with their declared compute requirements.

The control plane also tracks the state of all Kubernetes objects by continually monitoring the objects.

In EKS, AWS is responsibile for provisioning, scaling, and managing the control plane, and they do this by utilising multiple availability zones for additional resilence.

## Worker nodes
Kubernetes clusters are composed of nodes.

A node is a worker machine in Kubernetes.<br>
It runs as an on-demand EC2 instance and includes software to run containers.

For Each node created, a speicific AMI is used, which also ensures Docker and the kubelet is installed for security controls.

Once the worker nodes are provisioned they can then connect to EKS using an endpoint.

## Working with EKS
1. Create an EKS Service Role
    * Before you begin working with EKS you need to configure and create an IAM service role that allows EKS to provision and confidure specific resources.
    * The role needs to have the following permissions policies attached to the role:
        * AmazonEKSServicePolicy
        * AmazonEKSClusterPolicy
2. Create an EKS Cluster VPC
    * Create and run a CloudFormation stack based on the template below, which will configure a new VPC for you to use with EKS.
3. Install kubectl and the AWS-IAM-Authenticator
    * Kubectl is a command line utility for Kubernetes.
    * The IAM-Authenticator is require to authenticate with the EKS cluster.
4. Create an EKS Cluster
    * You can now create your EKS cluster using the details and information from the VPC created in step 1 and 2.
5. Configure kubectl for EKS
    * Using the `update-kubeconfig` command via the AWS CLI you need to create a kubeconfig file for your EKS cluster.
6. Provision and configure Worker Nodes
    * Once the EKS ccluster shows an 'Active' status you can launch your worker nodes using CloudFormation based on the template.
7. Configure the Worker Node to join the EKS Cluster
    * Using a oconfiguration map, you must replace the `<ARN of instance role (not instance profile)>` with the NodeInstanceRole value from step 6.

Your EKS Cluster and worker nodes are now configured ready to deploy your applications with Kubernetes.

# AWS Elastic Beanstalk
AWS Elastic Beanstalk is an AWS managed service that takes your uploaded code of your web application code and automatically provisions and deploys the required resources within AWS to make the web application operational.

These resources include EC2, Auto Scaling, application health-monitoring and Elastic Load Balancing, in addition to capacity provisioning.

An ideal service for engineers who may not have familiarity or the necessary skills within AWS to deploy, provision, monitor andd scale the correct environment to run the developed applications.

The responsibility is passed on to AWS Elastic Beanstalk to deploy the correct infrastructure to run the uploaded code.

You can continue to support and maintain the environment as you would with a custom built environment.

You can perform some maintenance tasks from the Elastic Beanstalk dashboard itself.

AWS Elastic Beanstalk is able to operate with a variety of platforms and programming languages:
* Pakcer builder
* Single container docker
* Multicontainer docker
* Preconfigured docker
* Go
* Java SE
* Java with Tomcat.NET on Windows Server with IIS
* Node.js
* PHP
* Python
* Ruby

The service itself is free to use.<br>
There is no cost associated with Elastic Beanstalk, however any resources that are created on the application's behalf, such as EC2 instances, you will be charged for as per the standard pricing policies at the time of deployment.

## Elastic Beanstalk core components
### Application verion
An application version is a very specific resource to a section of deployable code.

The application version will point typically to S3, simple storage service to where the deployable code may reside.

### Environment
An environment refers to an application version that has been deployed on AWS resources, which are configured an provisioned by AWS Elastic Beanstalk. 

At this stage, the application is deployed as a solution and becomes operational within your environment.

The environment is comprised of ALL the resources created by Elastic Beanstalk and not just an EC2 instance with your uploaded code.

### Environment configurations
This is a collection of parameters and settings that dictate how an environment will have its resources provisioned by Elastic Beanstalk and how these resources will behave.

### Environment tier
If the application manages and handels HTTP requests then the app will be run in a web server environment.

If the application does not process HTTP requests, and instead perhaps pulls data from an SQS queue, then it would run in a worker environment.

### Configuration template
This is the template that provides the baseline for creating a new, unique, environment configuration.

### Platform
Platform is a culmination of components in which you can build your application upon using Elastic Beanstalk.

These comprise of the operating system of the instance, the programming language, the server type (web or application), and components of Elastic Beanstalk itself, and as a whole can be defined as a platform.

### Applications
An application is a collection of different elements, such as environments, environment configurations and application versions.

#### Web Server Environment
This is typically used for standard web applications that operate and serve requests over HTTP port 80:
* Route 53
* Elastic Load Balancer
* Auto Scaling
* EC2
* Security Groups

#### Worker Environment 
It is used by applications that will have a back-end processing task, that will interact with AWS SQS:
* SQS Queue
* IAM Service Role
* Auto Scaling
* EC2

## Elastic Beanstalk Workflow
AWS Elastic Beanstalk operates a very simple workflow process for your application deployment and ongoing management.

1. Create application
2. Upload version
    * Upload application version
    * Upload additional configuration information
3. Launch environment
4. Manage Environment
    * Deploy new versions of the application
    * Changes in the environment configuration will automatically update the environment should new code require additional resources.

# AWS Lambda
AWS Lambda is a serverless compute service that allows you to run your application code without having to manage EC2 instances.

Serverless means that you do not need to provision or manage the compute resources to run the code, instead this is managed and provisioned by AWS.

The service does not require compute power to carry out the code requests, but because the AWS user does not need to be concerned with what managing this compute power or where its provisioned from, it's considered serverless from the user perspective.

You only ever have to pay for compute power when Lambda is in use via Lambda Functions.

AWS Lambda charges compute power per 100ms of use only when running code, in addition to the number of times your code runs.

## Working with AWS Lambda
There are 4 essential steps:
1. Upload code to Lambda, or write it within the code editors provided by Lambda.
    * Languages supported: 
        * Node.js
        * Java
        * C#
        * Python
        * Go
        * Powershell
        * Ruby
2. Configure Lambda functions to execute upon triggers from supported event sources.
    * E.g. An object is uploaded to an S3 bucket
3. Once the specific trigger is initiated, Lambda will run the code (as per the Lambda function) using only the require compute power as defined.
4. AWS recourds the compute time in milliseconds and the quantity of Lambda functions run to ascertain the cost of the service.

## Componenets of AWS Lambda
The following elements form the key constructs of a Lambda Application:
* The Lambda function is complied of your own code that you want Lambda to invoke as per defined triggers.
* Events sources are AWS services that can be used to trigger your Lambda functions.
* A Triggetr is essentially an operation from an even source that causes the function to invoke.
* Downstream resources are resources that are required during th execution of your Lambda Function.
* Log streams help to identify issues and troubleshoot issues with your Lambda function.<br>
  These log streams would essentially be a sequence of events that all come from the same function and recorded in CloudWatch.

## Creating Lambda functions
At a high level, the configuration steps for creating a Lambda function via the AWS Management console could consist of:
1. Selecting a Blueprint
  * Select a blueprint template provided by AWS Lambda.
  * E.g. *S3-get-object* - an Amazon S3 trigger that retrieves metadata for the object that is being updated.
2. Configure Triggers
  * Define the triggers for your Lambda function.
  * E.g. specifying the S3 bucket for your function.
3. Configure Function
  * Upload code or edit in-line
  * Define the required resources maximum execution timeout, IAM Role and Handler Name.

# AWS Batch
AWS Batch is used to manage and run batch computing workloads within AWS.

## What is batch computing
Batch Computing is primarily used in specialist use cases which require a vast amount of compute power across a cluster of coumpute resources to complete batch processing executing a series of tasks.

With AWS Batch many of these constraints, administration activites and maintenance tasks are removed.

You can seamlessly create a cluster of compute resources which is highly scalable taking advanrage of the elasticity of AWS coping with any level of batch processing whilst optimising the distribution of the workloads.

All provisioning, monitoring, maintenance and management of the clusters is taken care of by AWS.

## AWS Batch Components
1. Jobs<br>
A Job is classed as the unit of work that is to be run by AWS Batch.
    * A job can be executable file, an application within an ECS Cluster or a shell script.
    * Jobs run on EC2 Instances as a containerised application.
    * Jobs can have different states such as Submitted, Pending, Running, Failed, etc.
2. Job Definitions<br>
These define specific parameters for the Jobs themselves and dictate how the Job will run and with what configuration.<br>
For example:
    * How many vCPUs to use for the container
    * Which data volumnes should be used
    * Which IAM role should be used to allow access for AWS Batch to communicate with other AWS services
    * Mount points
3. Job Queues<br>
Jobs that are scheduled are placed into a Job Queue until they are run.
    * You can have multiple queues with different priorities
    * On-demand and Spot instances are supported
    * AWS Batch can bid on your behalf for Spot instances
4. Job Scheduling<br>
The Job Scheduler takes care of when a Job should be run and from which Compute Environment.
    * Typically it will operate on a first-in-first-out basis
    * It ensures that highter priority queues are run first
5. Compute Environments<br>
These are the environments containing the compute resources to carry out the Job
    * Managed Environments
        * The service will handle provisioning, scaling, and termination of Compute instances
        * This environment is created as an Amazon ECS Cluster
    * Unmanaged Environments
        * These environments are provisioned, managed, and maintained by you
        * It gives greater customisation but requires greater administration and maintenance
        * It requires you to create the necessary Amazon ECS Cluster

# Amazon Lightsail
Amazon Lightsail is essentially a Virtual Private Server (VPS) backed by AWS infrastructure, much like an EC2 instance but without as many configurable steps throughout its creation.

It has been disigned to be simple, quick, and very easy to use at a low cost point, for small scale use cases by small businesses or single users.

It is commonly used to host simple websites, small applications, and blogs.

You can run multiple Lightsail instances together allowing them to communicate.

It is possible to connect it to other AWS resources and to your existing VPC running within AWS via a peering connection.

## Deploying a Lightsail instance

A Lightsail instance can be deployed from a single page with just a few simple configuration options.

Amazon Lightsail can be accessed either via the AWS console under the Compute category, or directly through the homepage of AWS Lightsail which sits outside of the AWS Management Console.

