CIT 668: System Architecture Amazon Web Services I Topics 1. Economics 2. Key Concepts 3. Key Services 4. Elastic Compute Cloud 5. Creating an EC2 Instance Images from AWS EC2 User Guide or Wikipedia unless otherwise noted. AWS Economics AWS prices its resources based on Time: An hour of CPU time Volume: GB of transferred data Count: Number of messages queued Time and Space: GB-month of data storage Billing is done at beginning of month 1
Amazon Machine Image Instance Availability Zone Region Access Identifiers Elastic Block Store Security Group Key Concepts Amazon Machine Image Virtual root disk image Contains OS Contains most applications Start a VM by Booting an AMI Creates an instance Catalog of pre-built AMIs OS: Linux (many distros), OpenSolaris, Windows Software: Apache, MySQL, Oracle, WordPress, etc. Available at http://aws.amazon.com/amis Instance An instance is a running copy of an AMI. You can launch many instances of the same AMI. Other users can launch instances of that AMI too. But the instances do not interact with each other. 2
Availability Zones Availability Zones are a set of locations with their own power grid and network connections that are not used by another other zones. If a power grid or major ISP goes down, it only affects a single Availability Zone. Regions Regions are a set of AWS Availability Zones located in one geographic area. us-east-1 (Northern Virginia) us-west-1 (Northern California) eu-west-1 (Ireland) ap-southeast-1 (Singapore) Access Identifiers AWS uses a set of different access identifiers Use public key cryptography Public identifier kept on service on instance Can be shared with anyone Private identifier kept on your PC Must keep secret 3
Elastic Block Store Volume An addressable virtual disk Can be attached to an instance Format Mount Store files Volumes have lifetime independent of instance Disk storage persists even if instance terminated Security Group A Security Group defines the set of permitted inbound connections for an instance. Each group has a name Consists of a set of entries Entries specify allowed protocols, ports, and Ips A single Security Group can be applied to multiple instances. Multiple Security Groups can be applied to a single instance. AWS Key Services EC2 Your Server EBS Your Local Drive S3 Your Storage 4
Elastic Compute Cloud (EC2) Amazon EC2 is A web service that enables you to launch and manage server instances Designed to make web-scale computing easier for developers. A simple web service interface that provides programmable control of your cloud resources EC2 Features Elastic Allows you to instantiate one to thousands of server instances either manually or automatically. Flexible Choice of multiple instance types, OS, and software packages. Available SLA commitment 99.95% availability in each region. Pay as You Go Pay for resources as you need them, though reserved instances offer lower pricing for longer commitments. 5
EC2 Instance Types EC2 Standard Instance Types Small Instance 1.7GB RAM Large Instance 7.5GB RAM Extra Large Instance 15GB RAM 1 Virtual Core 2 Virtual Cores 4 Virtual Cores 1 EC2 Compute Unit 160GB instance storage 32-bit platform 4 EC2 Compute Units 850GB instance storage 64-bit platform 8 EC2 Compute Units 1690GB instance storage 64-bit platform 1 EC Compute Unit = Early 2006 1.7 GHz Xeon CPU EC2 Charges 6
EC2 Instance Pricing http://aws.amazon.com/ec2/#pricing EC2 Communications Pricing http://aws.amazon.com/ec2/#pricing S3 and EBS Instance Lifecycles S3-backed Instance EBS-backed Instance Data remains accessible if instance is rebooted or (EBS-only) stopped. Data cannot be recovered after an instance is terminated. http://shlomoswidler.com/2009/07/ec2-instance-life-cycle.html 7
S3 and EBS-backed Instance Differences EC2 Resources Persistent Resources Elastic IP Addresses Elastic Block Storage Volumes Elastic Load Balancers Security Groups Amazon Machine Images Ephemeral Resources Instances, including Instance memory state Instance disk state Non-elastic IP address DNS name How can you maintain a running system if your servers are transient and unreliable? AMI Types Public AMIs made available by Amazon and the EC2 community. Private AMIs that you own and create; may be developed from Public AMIs. Shared AMIs built by developers and shared with the EC2 community. Paid AMIs that you purchase or that come with a service contract from a company such as Red Hat. 8
Block Device Mapping Map system devices to AWS block storage. VM Device Name AWS Volume ID Status Timestamp DeleteOnTermination Security Credentials Credentials to Administer Instances AWS Management Console: Amazon account Query and Third Party UIs: Secret access key SOAP, EC2 CLI: X.509 certificate and private key Credentials to Connect to an Instance Amazon EC2 key pair Windows administrator password Credentials to Build Instances UNIX: X.509 certificate and private key Windows: Amazon account 9
Instance Network Addresses EC2 instances assigned 2 IPs at launch Private RFC1918 IP address for internal use Public IP address NAT-mapped to private IP EC2 instances assigned 2 DNS names at launch Internal: resolves only inside EC2 Public: associated with instance until stopped Elastic IP addresses Static IP addresses you map to an instance Can keep and remap elastic IP addresses Charged only for allocated but unused elastic IPs Can tag AMIs Instances EBS Volumes EBS Snapshots but not Elastic IPs Key pairs Security groups Using Tags Elastic Block Service (EBS) 10
EBS provides Off-instance storage Persistence beyond instance lifetime High availability and reliability Attach and detach from running instance Exposure as device with an instance EBS Snapshots Ability to capture current state for backup Can instantiate many copies of EBS volume Creating an Instance 11
Configuring EC2 Credentials 1. Login to kosh.nku.edu 2. Add the following stanza to your.bashrc EC2_HOME=/usr/local/amazon export PATH=$EC2_HOME/BIN:$PATH EC2_PRIVATE_KEY=$EC2_HOME/keys/nku-ec2.pk EC2_CERT=$EC2_HOME/keys/nku-ec2.pem export EC2_HOME EC2_PRIVATE_KEY EC2_CERT 3. Source your.bashrc PROMPT>..bashrc 4. Check that your configuration is functioning: PROMPT> ec2-describe-regions REGION eu-west-1 ec2.eu-west-1.amazonaws.com REGION us-east-1 ec2.us-east-1.amazonaws.com REGION us-west-1 ec2.us-west-1.amazonaws.com REGION ap-southeast-1 ec2.ap-southeast-1.amazonaws.com Create a Keypair To login to your instance, you ll need a public key pair. You can generate the key pair as follows: PROMPT> ec2-add-keypair USERNAME tail n +2 > id_rsa-username PROMPT> chmod 400 id_rsa-username The file contents will look like this: PROMPT> ec2-describe-keypairs KEYPAIR nku ce:ed:11:75:16:81:a5:d3:38:42:1b:2b:02:4d:19:88:21:6e:ac:31 KEYPAIR USERNAME fb:61:d4:d3:47:0d:09:12:e1:b3:8c:4d:d9:74:c4:8d:fc:cc:31:ac Starting an Instance Select an small instance AMI ID from ec2-describe-images PROMPT> ec2-run-instances ami-3ac33653 -k USERNAME RESERVATION r-918c81fb 137367125081 default INSTANCE i-e3bf6d8f ami-3ac33653 pending test-keypair4 0 m1.small 2011-01- 17T02:10:12+0000 us-east-1b aki-407d9529 monitoring-disabled ebs paravirtual xen Check the status of the instance External DNS name PROMPT> ec2-describe-instances i-e3bf6d8f RESERVATION r-918c81fb 137367125081 default INSTANCE i-e3bf6d8f ami-3ac33653 ec2-184-73-126- 185.compute-1.amazonaws.com domu-12-31-39-02-e5-46.compute- 1.internal running test-keypair4 0 m1.small 2011-01-17T02:10:12+0000 us-east-1b aki-407d9529 monitoring-disabled 184.73.126.185 10.248.234.180 ebs paravirtual xen BLOCKDEVICE /dev/sda1 vol-7e8a3116 2011-01- 17T02:10:17.000Z 12
Logging onto an Instance PROMPT> ssh -i id_rsa-username ec2- user@-184-73-126-185.compute- 1.amazonaws.com _ ) Amazon Linux AMI _ ( / Beta \ See /etc/image-release-notes for latest release notes. :-) [ec2-user@domu-12-31-39-00-e5-97 ~]$ Stopping an Instance PROMPT> ec2-stop-instances i-e3bf6d8f INSTANCE i-e3bf6d8f running stopping Key Points EC2 bills for time, data transfer, and storage AMIs are virtual disk images A single AMI may have many instances Instances are running VMs Run in an Availability Zone in one of 4 regions Use keypair to access via ssh as ec2-user On instance termination Local storage is lost DNS name and IP address are lost Use elastic IPs or own DNS for permanent addresses 13