Amazon EC2 - Elastic Compute Cloud

Tổng quan

Amazon Elastic Compute Cloud (EC2) là dịch vụ web cung cấp khả năng compute có thể thay đổi quy mô trong cloud. EC2 giảm thời gian khởi tạo và boot server xuống còn vài phút, cho phép bạn nhanh chóng scale capacity lên hoặc xuống theo yêu cầu.

Khái niệm cơ bản

Instance Types

General Purpose

• T4g, T3, T3a, T2: Burstable performance instances
• M6i, M5, M5a, M4: Balanced compute, memory, và networking
• A1: ARM-based processors với performance/cost tối ưu

Compute Optimized

• C6i, C5, C5n, C4: High-performance processors
• Ideal cho: CPU-intensive applications, scientific modeling, gaming servers

Memory Optimized

• R6i, R5, R5a, R4: Memory-intensive applications
• X1e, X1: High memory instances
• z1d: High frequency và NVMe SSD storage

Storage Optimized

• I3, I3en: NVMe SSD-backed instance storage
• D2, D3: Dense HDD storage
• H1: High disk throughput

Accelerated Computing

• P4, P3: GPU instances cho machine learning
• G4: GPU instances cho graphics workloads
• F1: FPGA instances

Instance Lifecycle

Pending → Running → Stopping → Stopped → Terminating → Terminated
     ↓         ↓         ↓           ↓
   Rebooting  Shutting-down    Starting

States chi tiết:

• Pending: Instance đang được khởi tạo
• Running: Instance đang chạy và có thể sử dụng
• Stopping: Instance đang shutdown
• Stopped: Instance đã shutdown, EBS volumes vẫn attached
• Terminating: Instance đang bị xóa
• Terminated: Instance đã bị xóa hoàn toàn

Pricing Models

On-Demand Instances

• Đặc điểm: Pay per hour/second, không commitment
• Use cases: Development, testing, unpredictable workloads
• Ưu điểm: Flexibility cao
• Nhược điểm: Chi phí cao nhất

Reserved Instances (RI)

• Standard RI: Discount lên đến 75%, không thể modify
• Convertible RI: Discount lên đến 54%, có thể change instance family
• Scheduled RI: Reserve cho specific time windows
• Payment options: All upfront, Partial upfront, No upfront

Spot Instances

• Đặc điểm: Bid cho unused EC2 capacity
• Discount: Lên đến 90% so với On-Demand
• Risk: Có thể bị interrupt với 2-minute notice
• Use cases: Fault-tolerant, flexible start/end time

Dedicated Hosts

• Đặc điểm: Physical server dedicated cho customer
• Use cases: Compliance requirements, server-bound licenses
• Pricing: Per-host billing

Dedicated Instances

• Đặc điểm: Instances chạy trên hardware dedicated
• Khác với Dedicated Hosts: Không control placement
• Use cases: Compliance cần physical isolation

Storage Options

Instance Store

• Đặc điểm: Temporary storage, high IOPS
• Persistence: Data mất khi instance stop/terminate
• Use cases: Caching, temporary processing

Amazon EBS (Elastic Block Store)

• Persistent: Data persist độc lập với instance lifecycle
• Types:
• gp3/gp2: General Purpose SSD
• io2/io1: Provisioned IOPS SSD
• st1: Throughput Optimized HDD
• sc1: Cold HDD

EFS (Elastic File System)

• Đặc điểm: Fully managed NFS
• Scaling: Automatic scaling
• Access: Multiple instances concurrently

Networking

VPC Integration

• Subnets: Public, Private, Database subnets
• Security Groups: Stateful firewall
• NACLs: Stateless subnet-level firewall
• Route Tables: Control traffic routing

IP Addressing

• Private IP: Assigned from subnet CIDR
• Public IP: Dynamic, changes on stop/start
• Elastic IP: Static public IP address

Enhanced Networking

• SR-IOV: Single Root I/O Virtualization
• Placement Groups:
• Cluster: High network performance
• Partition: Large distributed applications
• Spread: Distinct underlying hardware

Security

Key Pairs

• Function: SSH access cho Linux instances
• Components: Public key (AWS), Private key (user)
• Best Practice: Unique key pairs cho different environments

Security Groups

Type        Protocol    Port Range    Source
SSH         TCP         22           My IP
HTTP        TCP         80           0.0.0.0/0
HTTPS       TCP         443          0.0.0.0/0
MySQL       TCP         3306         sg-database

IAM Roles

• Instance Profiles: Attach IAM roles to EC2
• Benefits: No hardcoded credentials
• Rotation: Automatic credential rotation

Systems Manager

• Session Manager: Browser-based shell access
• Parameter Store: Secure storage cho configuration
• Patch Manager: Automated patching

Monitoring và Management

CloudWatch Metrics

Basic Monitoring (5-minute intervals)

• CPUUtilization
• NetworkIn/NetworkOut
• DiskReadOps/DiskWriteOps

Detailed Monitoring (1-minute intervals)

• Additional cost
• More granular data

CloudWatch Logs

• Agent: Collect logs from instances
• Log Groups: Organize logs
• Retention: Configurable retention periods

AWS Config

• Configuration tracking: Monitor instance changes
• Compliance: Check against rules
• History: Configuration change history

Auto Scaling

Auto Scaling Groups (ASG)

Auto Scaling Group:
  MinSize: 2
  MaxSize: 10
  DesiredCapacity: 4
  LaunchTemplate: my-template
  AvailabilityZones: [us-west-2a, us-west-2b]

Launch Templates

• Next generation: Replace Launch Configurations
• Features: Multiple versions, mixed instance types
• Benefits: More configuration options

Scaling Policies

• Target Tracking: Maintain specific metric value
• Step Scaling: Scale based on CloudWatch alarms
• Simple Scaling: Basic scaling actions

High Availability và Disaster Recovery

Multi-AZ Deployment

Region: us-west-2
├── AZ-2a: Web Servers
├── AZ-2b: Web Servers  
└── AZ-2c: Web Servers

Elastic Load Balancer Integration

• Application Load Balancer: Layer 7 routing
• Network Load Balancer: Layer 4, high performance
• Classic Load Balancer: Legacy, basic load balancing

Backup Strategies

• EBS Snapshots: Point-in-time backups
• AMI Creation: Instance-level backups
• Cross-Region: Copy AMIs/snapshots across regions

Best Practices

Security

1. Regular Updates: Keep OS và applications updated
2. Least Privilege: Minimal required permissions
3. Network Segmentation: Use security groups effectively
4. Encryption: Encrypt data at rest và in transit

Performance

1. Right Sizing: Monitor usage và adjust instance types
2. Placement Groups: Use cho high-performance computing
3. Enhanced Networking: Enable cho supported instances
4. Storage Optimization: Choose appropriate EBS types

Cost Optimization

1. Reserved Instances: Plan cho predictable workloads
2. Spot Instances: Use cho fault-tolerant workloads
3. Instance Scheduling: Stop instances when not needed
4. Resource Tagging: Track costs effectively

Management

1. Automation: Use Systems Manager, CloudFormation
2. Monitoring: Set up CloudWatch alarms
3. Documentation: Maintain instance inventory
4. Change Management: Track configuration changes

Common Use Cases

Web Applications

Architecture:
Internet Gateway → ALB → EC2 Instances (Multi-AZ) → RDS

Batch Processing

Architecture:
S3 → Lambda → EC2 Spot Instances → Results to S3

High Performance Computing

Architecture:
Cluster Placement Group → Compute Optimized Instances → EFS

Troubleshooting

Common Issues

1. Instance won't start
2. Check security group rules
3. Verify subnet configuration

4. Check instance limits

5. Performance issues

6. Monitor CloudWatch metrics
7. Check network bandwidth

8. Verify storage performance

9. Connection problems

10. Verify security groups
11. Check NACLs
12. Confirm route tables

Diagnostic Tools

• Instance Connect: Browser-based SSH
• Serial Console: Direct console access
• VPC Flow Logs: Network traffic analysis
• CloudTrail: API call logging

Exam Tips cho AWS SAA

Key Points

1. Instance Types: Understand use cases cho each family
2. Pricing Models: Know when to use each model
3. Storage: Differences between instance store và EBS
4. Networking: Security groups vs NACLs
5. Auto Scaling: Components và strategies

Common Questions

• Which instance type cho specific workload?
• How to achieve high availability?
• Cost optimization strategies
• Security best practices
• Monitoring và troubleshooting

Best Practices for Exam

1. Practice: Hands-on experience với EC2
2. Scenarios: Understand real-world use cases
3. Integration: Know how EC2 works với other services
4. Troubleshooting: Common problems và solutions