# Introduction to Amazon Machine Images

## Learning goals

After setting down his phone, John maps out his learning goals. First, he's going to define the items that he'll need to build an image and then later in the day he'll dive deeper into each of the options. These are his first two learning goals:

What is an AMI? What does it do? Why do I need one?
What additional components do I need to deploy an instance?

## AMIs

Amazon EC2 instances are virtual servers running in the AWS Cloud. How exactly does a server get built in the cloud? A virtual server is made up of code and configuration files that mimic an actual server. You can't insert a USB or DVD or any physical media to begin building a new server, so how does a person build instances in the cloud?  Well, you use an AMI. 

An **Amazon Machine Image (AMI)** is a template that contains the software configuration—for example, an operating system (OS), applications, or tools. You use the AMI and the information contained within it to launch an instance. You must specify an AMI when you launch an instance because it contains all the necessary information and files required to build and launch the instance. If you don't specify an AMI, you cannot launch an instance.

Because the AMI is a configuration template, you can use a single AMI to launch multiple instances. Or you can choose to launch a variety of different instances using different AMIs that contain unique configuration options.

![image.png](attachment:image.png)

Amazon EC2 supports AMIs that use the Linux, Windows, or macOS operating systems. An AMI includes the following pieces.

### Storage
For storage, when you use an Amazon EBS–backed volume, the AMI contains one or more Amazon EBS snapshots. When you use an instance store-backed AMI, the AMI contains a template for the root volume of the instance (for example, an operating system, an application server, and applications).



John makes a note to define the terms Amazon EBS–backed and instance store-backed AMIs. These terms and definitions appear in more detail in the Storage Options lesson of this course.

### Permissions 
The AMI contains the launch permissions that control which AWS accounts can use the AMI to launch instances.

### Mapping
The AMI contains the block device mapping that specifies any additional EBS volumes to attach to the instance when it's launched.

## Anatomy of an instance

John understands that the AMI is a software configuration template that creates Amazon EC2 instances. He's taking note about the different options that can be added to the AMI to customize the settings. Now he needs to learn what lies underneath the template. How do the instances actually run and how are the underlying resources managed?

An EC2 instance is made up of the host's physical hardware components (storage, networking, compute), a hypervisor (software that hides hardware resources from the application OS), and the configuration information from the AMI. Many are familiar with the common elements, like physical hardware and an AMI, but what is a hypervisor and what does it do?

A hypervisor is a piece of virtualization software that allocates resources and manages physical hardware in a virtualized environment. The hypervisor allows multiple operating systems to run on a single physical server. 

AWS has two types of hypervisors: the original hypervisor and the newer Nitro Hypervisor that was launched as part of the AWS Nitro System.

## AWS Nitro System

The majority of EC2 instances run on hardware known as the AWS Nitro System. The AWS Nitro System is built specifically to run instances in the most optimal fashion possible. The AWS Nitro System is a combination of dedicated hardware and a lightweight hypervisor, for faster innovation and enhanced security. This course doesn't cover the AWS Nitro System hardware in depth. But if you want to learn more, you can read all about it on the AWS Nitro System(opens in a new tab) documentation page.

For this course, the important element of the AWS Nitro System hardware is how it uses dedicated hardware to offload input and output (I/O) operations. Let's look at how Amazon EC2 allocated resources when the service was first offered to customers.

When Amazon EC2 originally launched, up to 30% of the host's compute resources were allocated to the hypervisor for managing the hardware. This left only 70% of the resources for the remaining hypervisor functions and the customer instances.

![image.png](attachment:image.png)



## AWS Nitro System resource improvements

Traditionally, a hypervisor's job is to protect the physical hardware and BIOS; virtualize the CPU, storage, and networking; and provide a rich set of management capabilities. With the Nitro System, these functions are separated and offloaded to dedicated hardware and software. Doing this reduces costs and increases performance by delivering practically all of the server resources to your instances.

The following image illustrates how the AWS Nitro System splits the management resources from the hardware resources.

By offloading all hardware, management, and security operations to a dedicated card, the hypervisor no longer has to carve out a portion of compute resources to handle this I/O.

![image.png](attachment:image.png)

## Network interface

The final piece of an instance is the networking components. Each instance comes with an elastic network interface. This is a logical networking component that represents a virtual network card. You can think of it like the network interface (NIC) in your laptop, desktop, or server. The elastic network interface is the element in your instance that allows it to communicate with other instances, servers, features, and anything on the internet.

We will cover the networking components and how to configure them to allow your instance to interact with the world in the Network Options lesson of this course.

## Bare-metal instances

AWS also offers the use of bare-metal instances. Bare-metal instances are different from an instance on a Dedicated Host because a Dedicated Host instance comes with the virtualization software (the hypervisor) preinstalled. Bare-metal instances are ideal for the following applications: 

- Workloads that require access to the hardware feature set
- Applications that need to run in nonvirtualized environments for licensing or support requirements
- Customers who want to use their own hypervisor

Bare metal instances allow Amazon EC2 customers to run applications that benefit from the following:

- Deep performance analysis tools
- Specialized workloads that require direct access to bare-metal infrastructure
- Legacy workloads not supported in virtual environments
- Licensing-restricted Tier 1 business-critical applications

Workloads on bare-metal instances continue to take advantage of all the services and features of the AWS Cloud, such as Amazon EBS. A bare-metal instance has the lowest latency because it does not have the overhead of running a hypervisor.

The following illustration is based on a production application with a 40-microsecond service level agreement (SLA). Choose each numbered marker to read the descriptions. After you have selected the first marker, you can use the < > arrow keys to navigate through the image. The image is a graph with three lines. The top line sits at 80 microseconds and represents the C4 instance. The second line sits at 30 microseconds and represents the C5 instance, and the bottom line sits at 15 microseconds and represents the the bare-metal instance.

![image-2.png](attachment:image-2.png)

John has been working hard to grasp all of the definitions and pieces of Amazon EC2. He's grateful to have this chance to learn more about what makes up an instance. 

It's been a long session, so he's going to grab some coffee. When he comes back, he'll dive into the Amazon EC2 environment and how to configure it within the AWS Cloud.