最後更新: 2022-05-05

目錄

• Instance
• Instance Type
• AMI
• OS AMI
• SSD storage
• Instances 's Credit specification
• ECUs 量
• Placement group
• Capacity Reservation setting (open|none)
• Monitoring
• Modify ‘Deletion on Termination’ flag for EBS volume
• 將 EBS 轉成加密
• EC2 serial console
• user_data
• AWS prefix list
• AWS EC2 - CLI

 

---

Instance

 

AMI PV vs HVM

• PV: Paravirtual
• HVM: Hardware Virtual Machine

PV

Paravirtual guests can run on host hardware that does not have explicit support for virtualization.
(Intel Virtualization Technology)

Boot

PV AMIs boot with a special boot loader called PV-GRUB,

  which starts the boot cycle and then chain loads the kernel specified in the menu.lst file on your image.

HVM boot by executing the master boot record of the root block device of your image.

Performance

PV guests had better performance than HVM guests in many cases,

  but because of enhancements in HVM virtualization and

  the availability of PV drivers for HVM AMIs, this is no longer true.

 

---

Instance Types

 

tx

Unlimited mode(default): burstable, baseline(24-hour period), spikes

Baseline

• t3.micro       10% (per vCPU)
• t3.small       20% (per vCPU)
• t3.medium   20% (per vCPU)
• t3.large       30% (per vCPU)

t3

• Intel Xeon Platinum 8000 series processor (Turbo CPU clock speed of up to 3.1 GHz)

t3a

• AMD EPYC 7000 series processor (Turbo clock speed of up to 2.5 GHz)

t4g

• Arm-based

c5

• c5.xlarge    $0.216    4C    8 GiB
• t3.large    $0.1168    2C    8 GiB
• t3.xlarge    $0.2336    4C    16 GiB

 

---

Web Console Tips

 

# search by tag Name

Name:MyTagName

 

---

AMI

 

Deregister your Linux AMI

When you deregister an AMI:

 * it doesn't affect any instances that you've already launched from the AMI.

 * it doesn't affect the snapshot(s) that were created for the volume(s) of the instance during the AMI creation process.

 * You'll continue to incur storage costs for the snapshots.

Share an AMI with specific AWS accounts

Tags

User-defined tags that you attach to a shared AMI are available only to your AWS account and

not to the other accounts that the AMI is shared with.

Region

AMIs are a regional resource. When you share an AMI, it is only available in that Region.

To make an AMI available in a different Region, copy the AMI to the Region and then share it.

Usage

When you share an AMI, users can only launch instances from the AMI. They can’t delete, share, or modify it.

However, after they have launched an instance using your AMI, they can then create an AMI from their instance.

Billing

You are not billed when your AMI is used by other AWS accounts to launch instances.

The accounts that launch instances using the AMI are billed for the instances that they launch.

Step

https://console.aws.amazon.com/ec2/

# In Source A/C

[1]

https://ap-east-1.console.aws.amazon.com/ec2/v2/

Select YOUR_INSTANCE > Actions > Image and templates > Create image

[2]

AMIs > Select YOUR_AMI > Actions > Edit AMI Permissions > Choose "Private"  > Under "Shared accounts" > "Add account ID"

Note: "create volume" permissions

Add "create volume" permissions to associated snapshots when creating account permissions.

Setting that permission will allow a user from the other account to create an EBS volume from that snapshot,
independent of the AMI that you share with them.

If you don't check it, then they'll only be able to use the AMI (which uses that snapshot) to launch an instance,
but they won't be able to create a separate EBS volume from it.

If you have access to an AMI, you can always create a new one from it by launching an instance from the original AMI,
then saving a new AMI from that instance.
AFAIK, there is no way to prevent that because once they have the instance launched from the AMI, it's out of your control.

# In Dest. A/C

[3]

EC2 > Images > AMIs > Private images

 

---

OS AMI

 

Centos AWS

https://wiki.centos.org/Cloud/AWS

 

 

---

SSD storage

 

General Purpose

 

Baseline I/O performance for General Purpose SSD storage is 3 IOPS for each GiB, with a minimum of 100 IOPS.

 

---

Instances 's Credit specification

 

Instance can sustain high CPU utilization for any period of time whenever required.

Setting

T3 instances launch as unlimited by default.

It can be enabled or disabled at any time for a running or stopped instance.

Credits

If the average CPU usage over a 24-hour period exceeds the baseline, you incur charges for surplus credits.

When its CPU utilization falls below the baseline,

it uses the CPU credits that it earns to pay down the surplus credits that it spent earlier.

The hourly instance price automatically covers all CPU usage spikes

  if the average CPU utilization of the instance is at or below the baseline over a rolling 24-hour period or

  the instance lifetime, whichever is shorter.

1 CPU credit 相當於

• One vCPU at 100% utilization for one minute
• One vCPU at 50% utilization for two minutes
• Two vCPUs at 25% utilization for two minutes

Earning CPU credits

t3.nano

CPU credits earned per hour: 6
Maximum earned credits that can be accrued: 144
vCPUs: 2
Baseline utilization per vCPU: 5%

t3.micro     

CPU credits earned per hour: 12
Maximum earned credits that can be accrued: 288
vCPUs: 2
Baseline utilization per vCPU: 10%

Maximum earned credits that can be accrued:

相當於 24hr 內可以賺到幾多 credits

For T3 and T4g, the CPU credit balance persists for 7 days after an instance stops and the credits are lost thereafter.

Baseline utilization:

它是 Per vCPU

(number of credits earned/number of vCPUs)/60 minutes = %

i.e. t3.nano

6 / 2 / 60 = 5%

Credits Usage

Spent surplus credits are tracked by the CloudWatch metric CPUSurplusCreditBalance

CPUCreditUsage

CPUCreditBalance

T2/T3 Unlimited Mode Pricing

For T2 and T3 instances in Unlimited mode, CPU Credits are charged at per vCPU-hour

• $0.05 per vCPU-Hour for Linux, RHEL and SLES
• $0.096 per vCPU-Hour for Windows and Windows with SQL Web

When to use unlimited mode versus fixed CPU (breakeven CPU usage)

If a T3 instance continuously bursts at 100% CPU,

you end up paying approximately 1.5 times the price of an equivalently-sized M5 instance.

T3 instance 累計幾多 % CPU 後應選用 M5 instance

t3.large     42.5%
t3.xlarge     52.5%
t3.2xlarge     52.5%

 

 

---

ECUs 量

 

 - ECU = EC2 Compute Unit
 - processing power metric
 - 引入原因: 不同 HW 有不同 vCPU 很難比較

 

---

Placement group

 

When you launch a new EC2 instance, the EC2 service attempts to spread out across underlying hardware

There is no charge for creating a placement group.

Cluster

packs instances close together inside an Availability Zone.
(low network latency)

* Start fails if there isn't enough capacity for the instance

Partition -

No two partitions within a placement group share the same racks
(Each rack has its own network and power source)

Spread

distinct underlying hardware

 

---

Capacity Reservation setting (open|none)

 

 

Capacity Reservation setting (open|none)

open - The instance can run in any open Capacity Reservation that has matching attributes
(instance type, platform, Availability Zone).

none - The instance avoids running in a Capacity Reservation even if one is available.

By creating Capacity Reservations

you ensure that you always have access to EC2 capacity when you need it,
for as long as you need it.
You can create Capacity Reservations at any time,
without entering into a one-year or three-year term commitment,
and the capacity is available immediately.
Billing starts as soon as the capacity is provisioned and the Capacity Reservation enters the active state.
When you no longer need it, cancel the Capacity Reservation to stop incurring charges.

To create a Capacity Reservation using the console

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/

2. Choose Capacity Reservations, and then choose Create Capacity Reservation.

3. ...

Pricing

When the Capacity Reservation enters the active state,

you are charged the equivalent On-Demand rate whether you run instances in the reserved capacity or not.

 

---

Monitoring

 

Status Check Failed (Any)

Any = Instance || System

Status Check Failed (Instance)

Amazon EC2 checks the health of the instance by sending an
        address resolution protocol (ARP) request to the network interface (NIC).

Status Check Failed (System)

• Loss of network connectivity
• Loss of system power
• Software issues on the physical host
• Hardware issues on the physical host

Disk metrics

Those metrics are not for EBS volumes, they are for instance store volumes.

For EBS volumes, see the metrics for the individual volumes.

Remark: instance store

An instance store provides temporary block-level storage for your instance.

This storage is located on disks that are physically attached to the host computer.

For caches, scratch data, and other temporary content

The virtual devices for instance store volumes are ephemeral[0-23]

• You can't detach an instance store volume.
• Instance store persists only during the lifetime of its associated instance. (Running)
• You can't make an instance store volume available after you launch the instance.

Network in/out

in: The number of bytes received by the instance on all network interfaces.

out: The number of bytes sent out by the instance on all network interfaces.

 

---

Modify ‘Deletion on Termination’ flag for EBS volume

 

 * The only way to do this is by using the AWS CLI

aws ec2 modify-instance-attribute --instance-id ID --block-device-mappings file://my.json

file://my.json

[
    {
    "DeviceName": "/dev/sda1",
    "Ebs": {
      "DeleteOnTermination": false
      }
    }
]

 

---

將 EBS 轉成加密

 

1. Create a snapshot for volume                                     # On Volumes menu

2. Create an EBS volume from the unencrypted snapshot # On Snapshots menu

 * 這時要選加密

3. Stop the EC2 instance

4. Detach the existing volume

5. Attach the new volume

6. Start the EC2 Instance

 

---

EC2 serial console

 

Error msg

This account is not authorized to use the EC2 serial console

To connect to this instance using the EC2 serial console, the account must be authorized in the EC2 account settings.

EC2 > Settings

 

---

user_data

 

When a user data script is processed, it is copied to and run from /var/lib/cloud/instances/instance-id/.
The script is not deleted after it is run and can be found in this directory with the name user-data.txt
So to check if your shell script made to the server refer this directory and the file.

The cloud-init output log file (/var/log/cloud-init-output.log) captures console output of your user_data shell script.

 

---

AWS prefix list

 

A managed prefix list is a set of one or more CIDR blocks.

可以在 security groups, route tables 使用

There are two types of prefix lists:

• Customer-managed prefix lists
• AWS-managed prefix lists

 * You can modify a prefix list. When you add or remove entries, we create a new version of the prefix list.

 * When you create a prefix list, you must specify the maximum number of entries(Max entries) that the prefix list can support.

 * A prefix list applies only to the Region where you created it.

Max entries

if you create a prefix list with 20 maximum entries and

    you reference that prefix list in a security group rule, this counts as 20 security group rules.

 * The value must be greater than or equal to the number of prefix list entries.

 

Limit

• Customer-managed Prefix lists per Region     100
• Versions per prefix list     1,000

 

---

Check account id create instance

 

curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | jq -r .accountId