[ 1. What is EC2? ]
EC2 인스턴스는 AWS에서 제공하는 대여형 가상머신
NAS 와 같은 역할을 하는 EBS, 로드밸런싱을 수행하는 ELB, 서버 트래픽에 따라 인스턴스 수를 증가/증감 시키는 ASG 등이 함께 사용된다
- EC2 is one of most popular of AWS offering
- It mainly consists in capability of :
1) renting virtual machines(ec2)
2) storing data on virtual drives(EBS)
3) distributing load across machines(ELB)
4) Scaling the services using an auto-scaling group(ASG)
* AMI (amazon machine image) : amazon linux2, redhat, Ubuntu, window ...
[ EC2 생성 후 접속 방법 (WINDOW10) ]
> ssh -i pem파일경로 EC2-user@EC2의공인IP
Permission denied(권한문제) 에러발생시 해결 방법(window 에서의 chmod 방법) :
techsoda.net/windows10-pem-file-permission-settings/
[ 2. Security Groups ]
EC2의 inbound/outbound 방화벽 정책으로 SG 를 한개 설정하여 여러개의 EC2 인스턴스에 동일하게 적용시킬 수 있다. (region 제약)
- Security Groups are the fundamental of network security in AWS
- They control how traffic is allowed into or out of our EC2 Machines
- acting as a "firewall" on EC2 instances
- They regulate :
1) Access to Ports
2) Authorised IP ranges (CIDR) - ipv4 and ipv6
3) Control of inbound/outbound network
- can be attached to multiple EC2 instances
- locked down to a region /VPC combination
* if your application is not accessible (time out), then it's a security group issue (방화벽 문제)
* if your application gives a "connection refused" error, then it's an application error or it's not launched
- All inbound traffic is blocked by default
- All outbound traffic is authorised by default
[ # EC2 에 Apache 설치 ]
1) EC2 에 접속
2) > sudo su
root 로 switch user
3) > yum update -y
force update machine
4) > yum install -y httpd.x86_64
아파치 설치
5) > systemctl start httpd.service
서비스 시작
6) > enable httpd.service
enabled across reboots
7) curl localhost:80
테스트
8) ec2publicip:80
외부에서 접속해보기 -> connection time out 발생
9) Security group 의 inbound 설정에 http 80 포트 추가
10) 재시도 성공 확인

security groups can communicate straight through to other instances
[ 3. Elastic IPs ]
고정된 공인 아이피, Elastic IP 설정시 EC2 인스턴스를 재기동해도 공인아이피가 바뀌는 현상이 나타나지 않는다
Elastic IP를 사용하기 보단, DNS (Route 53) 을 사용 하는게 구조적으로 낫다
- Elastic IP is a public IPv4 IP you own as long as you don't delete it
* if restart EC2 instance, it can change its public IP
- if you need to have a fixed public IP for your instance, you need an Elastic IP
- with an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
- you can only have 5 Elastic IP in your account (can increase if you ask AWS)
* try to avoid using Elastic IP :
1) They often reflect poor architectural decisions
2) Instead, use a random public IP and register a DNS name to it
[ 3. EC2 User Data ]
인스턴스 런칭시 실행되는 초기 스크립트로써 업데이트수행/프로그램설치 등을 EC2 런칭과 동시에 수행시키고자 할 때 사용한다 (AMI 를 사용하여 대체할 수 있다)
- It is possible to bootstrap our instances using an EC2 User data script
- bootstrapping means launching commands when a machine starts
- That script is only run once at the instance first start (인스턴스 런칭과 동시에 스크립트 실행)
- EC2 user data is used to automate boot tasks such as:
1) Installing updates
2) Downloading common files from the internet
* The EC2 User Data Script runs with the root user
* where to put/change user data
생성시 : configure instance details step 의 advanced details 에서 설정
생성후 : instance 우클릭 > instance settings > change user data
[ 4. EC2 Instance Launch Types ]
EC2 인스턴스는 아래와 같이 5가지 런치타입이 존재한다.
애플리케이션의 목적에 따라 런치타입을 바꾸어 비용절감을 할 수 있다.
1. On Demand Instances : short workload, predictable pricing
2. Reserved : (Minimum 1year)
- Reserved Instances: long workloads
- Convertible Reserved Instances: long workloads with flexible instances
- Scheduled Reserved Instances: eg. every Thursday between 3 and 6 pm
3. Spot Instances : short workloads, for cheap, can lose instances (less reliable)
4. Dedicated Instances : no other customers will share your hardware
5. Dedicated Hosts : book an entire physical server, control instance placement
1. EC2 On Demand
필요시에만 사용, 비쌈
- Pay for what you use (billing per second, after the first minute)
- Has the highest cost but no upfront payment
- No long term commitment
- Recommended for short-term and un-interrupted workloads, where you can't predict how the application will behave.
2. EC2 Reserved Instances
일정 기간에 대한 선불제, 비교적 저렴
- Up to 75% discount compared to On-demand
- Pay upfront for what you use with long term commitment
- Reservation period can be 1 or 3 years
- Reserve a specific instance type
- Recommended for steady state useage applications(think database)
* Convertible Reserved Instance
- can change the EC2 instance type
- Up to 54% discount
* Scheduled Reserved Instances
- launch within time window you reserve
- When you require a fraction of day/week/month
3. EC2 Spot Instances
여유자원을 싸게 사용하는 방식으로 사용자가 최대 입찰 가격을 정해놓고 사용, 가격이 최대가격이상이 되면 중지
- Can get a discount of up to 90% compared to On-demand
- Instances that you can "lose" at any point of time if your max prices is less then the current spot price
- The Most cost-efficient instances in AWS
- Useful for workloads that are resilient(회복력있는/탄력적인) to failure
eg. Batch jobs, Data analysis, Image processing
- Not great for critical jobs or databases
- Great combo : Reserved Instances for baseline + On-Demand & Spot for peeks
4. EC2 Dedicated Hosts
사용자 전용의 물리적 서버, 딮한 설정 가능
- Physical dedicated EC2 server for your use
- Full control of EC2 Instance placement
- Visibility into the underlying sockets/physical cores of the hardware
- Allocated for your account for a 3 year period reservation
- More expensive
- Useful for software that have complicated licensing model
Or for companies that have strong regulatory or compliance needs
5. EC2 Dedicated Instances
계정에 귀속된 인스턴스
- Instances running on hardware that's dedicated to you
- May share hardware with other instances in same account
- No control over instance placement (can move hardware after Stop/Start)
'infra & cloud > AWS' 카테고리의 다른 글
| [AWS] ENI (Elastic Network Interfaces), EC2 Hibernate (0) | 2021.03.14 | 
|---|---|
| [AWS] EC2 Placement Groups (0) | 2021.03.14 | 
| [AWS] 1-4. AMI, how to copy AMI (0) | 2021.03.14 | 
| [AWS] 1-3. EC2 Instances Launch types, Instance Types (0) | 2021.03.13 | 
| [AWS] 1-1. AZ (Availability Zones), IAM (Identity and Access Management) (0) | 2021.03.10 |