General Class Notes After learning.

EC2 Tag--------> An EC2 tag in AWS is a key-value pair that you can assign to an EC2
instance (or other AWS resources) to organize and manage them more effectively. Tags
consist of a key (a label or identifier) and an optional value (a description or additional
information). They help you easily identify and categorize your resources, especially when
managing a large number of instances.

Example:

 Key: Environment
 Value: Production

This tag indicates that a particular EC2 instance is part of your production environment.

Why use EC2 Tags?

1. Organization: Tags help you categorize your EC2 instances based on function, project,
department, or environment.
2. Cost tracking: Tags can be used to monitor and allocate costs to different teams or projects.
3. Search and filtering: You can easily search and filter EC2 instances based on tags, making
management simpler.
4. Automation: AWS services can use tags for automation, such as shutting down instances
with specific tags at a certain time.

Amazon Machine Image (AMI) ------->An Amazon Machine Image (AMI) is a template in
AWS that contains the necessary information to launch an EC2 instance. It includes the
operating system (like Linux, Windows), application server, and any software or
configurations you need. When you start an EC2 instance, you select an AMI that acts as the
"blueprint" for how your instance will be set up.

Key Components of an AMI:

1. Operating System: Defines which OS will be on your EC2 instance (e.g., Ubuntu, Windows,
Amazon Linux).
2. Application Software: Any pre-installed software, such as web servers (like Apache) or
databases.
3. Configuration Settings: Custom settings like memory, disk, or security settings can also be
saved in an AMI.
4. Storage Volumes: Defines what storage (disk) is included when launching the instance.

Types of AMIs:

 Pre-configured AMIs: AWS provides many standard AMIs with different operating systems.
 Custom AMIs: You can create your own AMI based on your specific needs, like customized
software or settings.
 Marketplace AMIs: Third-party vendors offer AMIs with specific software pre-installed.
Example:

If you're running a web server, you can use an AMI that has Ubuntu and a web server like
Apache already installed. Every time you need a new server, you launch an instance using
this AMI, saving time since everything is pre-configured.

In short, an AMI is a reusable template that simplifies the process of launching instances with
the desired configurations and software.

 The AWS Marketplace is an online store where you can buy and sell software and services
that run on AWS. It offers pre-configured software solutions, such as security tools,
databases, operating systems, and business applications that you can easily deploy on your
AWS account.

 A Community AMI in AWS is a type of Amazon Machine Image (AMI) that is shared
publicly by other AWS users or organizations. These AMIs are available for anyone to use,
and they often include custom configurations, software, or tools that the creator has set up.

Example:

 If you're looking for a pre-configured server with specific software (like a certain
database or web framework), you can search for a Community AMI that someone has
already created. You can then launch an EC2 instance using this AMI instead of
setting everything up from scratch.
 In simple terms, a Community AMI is a shared template for setting up servers, created
by the AWS user community.

 My AMI refers to an Amazon Machine Image (AMI) that you create and own in your
AWS account. It’s a customized template of a server that includes your chosen
operating system, software, and settings.

 Example:

 You set up an EC2 instance with a specific configuration (like Ubuntu with Apache
and custom settings), then save it as your own AMI. Now, you can quickly launch
new instances with the same setup whenever you need, without having to configure
everything again.
 In short, My AMI is a personal template you create for easily launching pre-
configured EC2 instances.

Instance Types.
In cloud computing, "Instance Types" refer to different configurations of virtual machines
(VMs) that provide varying amounts of resources like CPU, memory (RAM), storage, and
networking capacity. These instances allow you to run applications based on your needs
without managing physical hardware. Here's a simple explanation of instance types, their
functions, and how to select them:
1. General Purpose Instances

 Function: These are balanced in terms of CPU, memory, and networking. Suitable for a wide
range of applications.
 Use Cases: Web servers, development environments, small databases.
 Example: AWS t3.micro, Azure B-series, Google Cloud e2.

2. Compute Optimized Instances

 Function: Designed for tasks requiring high CPU performance relative to memory.
 Use Cases: High-performance web servers, batch processing, scientific modeling.
 Example: AWS c5, Azure F-series, Google Cloud n2-highcpu.

3. Memory Optimized Instances

 Function: Provide a large amount of RAM compared to the CPU, ideal for memory-intensive
tasks.
 Use Cases: Large databases, in-memory caches like Redis, SAP HANA.
 Example: AWS r5, Azure E-series, Google Cloud m1-megamem.

4. Storage Optimized Instances

 Function: Designed for applications requiring high, fast, and efficient disk storage
performance.
 Use Cases: Large-scale data processing, database workloads, big data analytics.
 Example: AWS i3, Azure Lsv2, Google Cloud n2d-highmem.

5. GPU Instances

 Function: Equipped with Graphics Processing Units (GPUs) for tasks like machine learning,
video rendering, and scientific computations.
 Use Cases: Machine learning, AI models, gaming, video processing.
 Example: AWS p4, Azure NCv3, Google Cloud a2.

How to Select the Right Instance Type:

1. Understand Your Workload:

o General applications: Use general-purpose instances.
o CPU-intensive: Use compute-optimized instances.
o Memory-heavy tasks: Opt for memory-optimized instances.
o Large storage needs: Choose storage-optimized instances.
o Specialized tasks (AI, video processing): Go for GPU instances.

2. Estimate Resources Needed:

o Determine how much CPU, RAM, and storage your application needs.

3. Budget:
o Balance between cost and performance. Start with a smaller instance and scale up as
needed.
 4. Test and Monitor:
o Try different instances to see which provides the best performance for your workload.

Conclusion:

Selecting the right instance type depends on your application's resource needs and budget. If
unsure, start with a general-purpose instance and adjust as you understand more about your
workload.

In AWS (Amazon Web Services), a key pair is used for securely accessing EC2 (Elastic
Compute Cloud) instances. It consists of two parts:

1. Private Key: This is a file that you download and keep safe on your local machine.
It's used to authenticate and securely connect (usually via SSH) to your EC2 instance.
2. Public Key: This part is stored on the EC2 instance by AWS when you launch it. It
matches the private key and helps verify your identity when you connect.

Together, the key pair ensures that only someone with the matching private key can access
the instance.

keypair type
When creating a key pair in AWS for EC2 instances, you can choose between two types of
key pairs based on the encryption algorithm:

1. RSA (Rivest-Shamir-Adleman):
o Most commonly used type.
o Uses an asymmetric cryptographic algorithm to generate the key pair.
o You can choose key lengths of 2048, 3072, or 4096 bits (with 2048 being the
default).
o The private key is saved in a .pem file, typically used for SSH access to Linux
instances.

2. ED25519 (Edwards-curve Digital Signature Algorithm 25519):

o A newer and faster algorithm compared to RSA.
o Provides high security with a smaller key size, usually 256 bits.
o Also saves the private key in a .pem file for secure SSH access.

Both types are supported for secure authentication when connecting to your EC2 instances,
with RSA being more widely compatible, while ED25519 is more modern and efficient.

Security Group.
In AWS EC2, security groups act as virtual firewalls that control inbound and outbound
traffic to and from your EC2 instances. They provide an easy way to define rules that allow
or block specific types of traffic based on IP addresses, protocols, and ports.
Key Features of Security Groups:

1. Instance-Level Firewall:
o Security groups are applied directly to EC2 instances, and each instance can have one
or more security groups.

2. Stateful:
o This means that if you allow inbound traffic on a certain port, the corresponding
outbound traffic is automatically allowed. For example, if an incoming HTTP request
is allowed, the outgoing response is automatically permitted.

3. Default Deny:
o By default, all inbound traffic is blocked, and all outbound traffic is allowed. You
need to explicitly allow the traffic you want.

Components of a Security Group Rule:

 Protocol: Defines the type of traffic, such as TCP, UDP, or ICMP (used for ping requests).
 Port Range: Specifies the port numbers that are allowed, like port 80 for HTTP or port 22 for
SSH.
 Source (Inbound) or Destination (Outbound): Defines the IP address or range that is
allowed or blocked. This could be a single IP, a range (CIDR notation), or another security
group.

Inbound Rules:

These rules control the incoming traffic that is allowed to your EC2 instance.

 Example: Allowing SSH access from a specific IP address:

o Protocol: TCP
o Port Range: 22
o Source: Your public IP address (e.g., 203.0.113.1/32)
o Effect: Only you can access the instance via SSH, preventing unauthorized access.

 Example: Allowing HTTP access to your web server from anywhere:

o Protocol: TCP
o Port Range: 80
o Source: 0.0.0.0/0 (This allows traffic from any IP address on the internet)
o Effect: Anyone can access your web server via HTTP.

Outbound Rules:

These rules control the traffic leaving your EC2 instance. By default, all outbound traffic is
allowed, but you can restrict it if needed.

 Example: Allowing outbound traffic for software updates:

o Protocol: TCP
o Port Range: 443 (for HTTPS)
o Destination: 0.0.0.0/0 (all internet addresses)
o Effect: Your instance can connect to the internet to download updates over HTTPS.
Example Scenario: Hosting a Web Server on EC2

You want to run a web server on an EC2 instance and allow users to access it, but you also
want to ensure that only you can access it via SSH for administrative purposes.

1. Inbound Rules:
o SSH Access (for you to manage the instance):
 Protocol: TCP
 Port Range: 22
 Source: Your IP address (e.g., 203.0.113.1/32)
o HTTP Access (for users to visit your website):
 Protocol: TCP
 Port Range: 80
 Source: 0.0.0.0/0 (all IP addresses)

2. Outbound Rules (default):

o By default, your EC2 instance can connect to any internet service (e.g., for updates or
connecting to APIs).

Summary:

 Security Groups act as a firewall that controls traffic to and from your EC2 instances.
 Inbound Rules allow traffic from specific sources on certain ports.
 Outbound Rules control traffic leaving your instance (default is all allowed).
 Example: You can create a rule to allow SSH access only from your IP, and HTTP access
from anywhere.

This setup ensures secure, controlled access to your EC2 instances.

ChatGPT can make mistakes. Check important info.

Protocols.
In AWS, protocols are used to manage network traffic to and from your resources, especially
when configuring security groups, network access control lists (NACLs), and load balancers.
While AWS itself doesn't define new protocols, it supports a wide range of well-known
network protocols.

Here are the major protocols supported in AWS:

Common Protocols:

1. TCP (Transmission Control Protocol):

o Connection-oriented protocol for reliable communication.
o Commonly used for services like SSH (port 22), HTTP (port 80), HTTPS (port 443).

2. UDP (User Datagram Protocol):

o Connectionless protocol, used for fast, lightweight communication.
o Used by services like DNS (port 53), DHCP, and gaming applications.

3. ICMP (Internet Control Message Protocol):

o Used for sending error messages and operational information (like "ping").

4. HTTP (Hypertext Transfer Protocol):

o Port 80, used for unencrypted web traffic.

5. HTTPS (Hypertext Transfer Protocol Secure):

o Port 443, used for encrypted web traffic.

6. SSH (Secure Shell):

o Port 22, used for secure remote login and command execution on servers.

7. RDP (Remote Desktop Protocol):

o Port 3389, used for remote desktop connections to Windows instances.

8. DNS (Domain Name System):

o Port 53, used for domain name resolution.

9. SMTP (Simple Mail Transfer Protocol):

o Port 25, used for sending emails.

10. POP3 (Post Office Protocol 3):

 Port 110, used for receiving emails.

11. IMAP (Internet Message Access Protocol):

 Port 143, used for retrieving and managing emails.

12. FTP (File Transfer Protocol):

 Port 21, used for transferring files between client and server.

13. SFTP (SSH File Transfer Protocol):

 Port 22, used for secure file transfer (runs over SSH).

14. NTP (Network Time Protocol):

 Port 123, used to synchronize clocks over a network.

 15. LDAP (Lightweight Directory Access Protocol):

 Port 389, used for directory services like AWS Directory Service.

16. SMB/CIFS (Server Message Block/Common Internet File System):

 Ports 445 and 139, used for shared file access in Windows environments.

Other Protocols Available in AWS:

1. All Protocols (ALL):

o Allows all protocols (not recommended for security reasons).

2. ESP (Encapsulating Security Payload):

o Used for securing VPN traffic.

3. AH (Authentication Header):
o Used in IPSec to authenticate VPN traffic.

4. GRE (Generic Routing Encapsulation):

o Used for tunneling different network protocols.

5. VPC Peering Protocols:

o Used for connecting different VPCs securely.

Custom Protocol Numbers:

AWS also allows you to specify custom protocols by using their protocol numbers. For
example:

 Protocol 6: TCP
 Protocol 17: UDP
 Protocol 1: ICMP

Summary:

AWS supports all standard networking protocols like TCP, UDP, ICMP, HTTP, HTTPS,
and more. The protocols cover a wide range of use cases, from web traffic to file transfers,
and remote management to email communication.

In security groups or NACLs, you define rules that apply to these protocols, specifying which
ones are allowed or blocked for your resources.

Volume Types
AWS offers different types of EBS (Elastic Block Store) volumes to store data, each with
specific features for performance and cost:
 1. General Purpose SSD (gp3 and gp2):
o gp3: Flexible and fast, good for most applications. You can adjust speed
(IOPS) and data transfer (MB/s) as needed.
o gp2: Automatically adjusts speed based on size but less flexible.
2. Provisioned IOPS SSD (io2 and io1):
o High-performance storage for critical apps like databases. You can set the
speed (IOPS) you need.
3. Throughput Optimized HDD (st1):
o Hard drive storage for big, frequently accessed data (like large logs or media
files).
4. Cold HDD (sc1):
o Cheaper hard drive storage for infrequently accessed data (like backups).

Each volume type is designed for different tasks, from everyday use to heavy-duty
performance and cost-saving storage options.