Welcome to the Second Tutorial of this AWS Series.
Let me just mention the new and interesting AWS concepts we are gonna learn today:-
- Security Groups
- Public vs Private IP
- EC2 is one of most popular Resource offered by AWS. Knowing EC2 is fundamental to understand how the AWS Cloud works.
- The major AWS offerings components related to EC2 are:-
- Renting virtual machines (EC2)
- Storing data on virtual drives (EBS)
- Distributing load across machines (ELB)
- Scaling the services using an auto-scaling group (ASG)
- You can use EC2 using what is known as an EC2 instance. You can create an EC2 instance on AWS and connect to it using SSH Protocol. SSH allows you to control a remote machine, using the command line. For doing SSH on Windows you can use a free tool called Putty.
- You can connect to your EC2 instance using your Browser as well.
- It is possible to Bootstrap(launching commands when the machine starts) our Instances using an EC2 User Data Script. This Script will run only once when the Instance is started. It is generally used to automate boot-up tasks like
- Installing updates
- Installing software
- Downloading common files from the internet
- EC2 has option for various kind of Instances each with different Pricing and suited for different task. They are as follows:-
- On demand: Come and use EC2 whenever you like. You have to pay the full price.
- Reserved: This is like Planning ahead of time how much you need to you and for how long. This has a good discount upto 75%.
- Spot Instances: Can get a discount of up to 90% compared to On-demand. This is the most cost-efficient instances in AWS. Useful only for workloads that are resilient to failure because you may loose it at any point of time if your max price is less than the current spot price.
- Dedicated Instances: These are instances running on hardware that’s dedicated to you.
- Security Groups forms the fundamental for Network Security in AWS. Their job is to control how/which traffic is allowed in or out of your EC2 Machines. Security Groups act as a "firewall" on the EC2 instances.
- Security Groups are used to Regulate:-
- Access to Ports on EC2.
- What IP ranges are Authorized, both IPv4 and IPv6.
- Control of the incoming network requests from "other sources" to the EC2 instance.
- Control of the outgoing network requests from EC2 instance to "other sources".
- Security Groups can be attached to multiple EC2 instances. And since it's outside the EC2, if any traffic is blocked it won't be seen by the EC2 instance.
- As a Rule of thumb you should maintain a separate Security Group for your SSH accesses. By default Security Groups Blocks all the incoming traffic and Allows all the outgoing traffic.
Public vs Private IP
- Public IP means the machine can be identified on the internet(www) whereas Private IP means the machine can only be identified on a private network only.
- Public IP Must be unique across the whole world wide web i.e. not two machines can have the same public IP. Private IP must be unique only across the private network i.e. 2 different Private Networks (Companies) can use the same IP.
- In case of Private IP, machines connect to web using a NAT(network address translator) and an internet gateway i.e. proxy.
- In case of EC2, it uses Public IP for www and a Private IP for the internal AWS Network. But when you restart an EC2 instance, it can change its Public IP. When doing SSH on EC2 Instance we can only use Public IP.
- If you need a fixed Public IP for your instance, you need to use something known as a Elastic IP. An Elastic IP is a public IPv4 IP you own as long as you don’t delete it and you can attach it to only 'one' EC2 instance at a time. AWS gives you only 5 Elastic IP for your Account.
- The main use of Elastic IP is by Companies to hide the failure of an instance or software by remapping the failed address to another instance in your account.