EC2 and EBS

EC2 is one important service in AWS that you can use to launch a VM on your VPC. Based on hardware spec (CPU, memory, and network), there are several types of EC2 instances that are available on AWS. When you launch an EC2 instance, you need to specify VPC, subnet, security group, and SSH keypair. Consequently, all of these must be created beforehand.

Because of previous examples, the only last step is ssh-keypair. Let's make ssh-keypair:

//create keypair (aws_rsa, aws_rsa.pub)
$ ssh-keygen -f ~/.ssh/aws_rsa -N ""
 
//register aws_rsa.pub key to AWS
$ aws ec2 import-key-pair --key-name=my-key --public-key-material "`cat ~/.ssh/aws_rsa.pub`"
{
    "KeyFingerprint": "73:89:80:1f:cc:25:94:7a:ba:f4:b0:81:ae:d8:bb:92",
    "KeyName": "my-key"
} 

//launch public facing host, using Amazon Linux (ami-009d6802948d06e52) on us-east-1
$ aws ec2 run-instances --image-id ami-009d6802948d06e52 --instance-type t2.nano --key-name my-key --security-group-ids sg-03973d9109a19e592 --subnet-id subnet-09f8f7f06c27cb0a0

//launch private subnet host
$ aws ec2 run-instances --image-id ami-009d6802948d06e52 --instance-type t2.nano --key-name my-key --security-group-ids sg-0f4058a729e2c207e --subnet-id subnet-04b78ed9b5f96d76e

After a few minutes, check the EC2 instance's status on the AWS web console; this shows a public subnet host that has a public IP address. On the other hand, a private subnet host doesn't have a public IP address:

Let's use your SSH private key to log in to the EC2 instance using the IPv4 public IP address, as follows:

//add private keys to ssh-agent
$ ssh-add ~/.ssh/aws_rsa

    
//ssh to the public subnet host with -A (forward ssh-agent) option
$ ssh -A [email protected]
...

       __| __|_ )
       _| ( / Amazon Linux 2 AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-2/
1 package(s) needed for security, out of 5 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-0-1-41 ~]$

Now you're in the public subnet host (54.208.77.168), but this host also has an internal (private) IP address because it's deployed in the 10.0.1.0/24 subnet, therefore the private address range must be 10.0.1.110.0.1.254:

[ec2-user@ip-10-0-1-41 ~]$ ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
        inet 10.0.1.41 netmask 255.255.255.0 broadcast 10.0.1.255
        inet6 fe80::cf1:1ff:fe9f:c7b2 prefixlen 64 scopeid 0x20<link>
...

Let's install the nginx web server on the public host as follows:

$ amazon-linux-extras |grep nginx
  4 nginx1.12 available [ =1.12.2 ]
$ sudo amazon-linux-extras install nginx1.12
$ sudo systemctl start nginx

Then, go back to your machine and check the website for 54.208.77.168:

[ec2-user@ip-10-0-1-41 ~]$ exit
logout
Connection to 54.208.77.168 closed.

$ curl -I 54.208.77.168
HTTP/1.1 200 OK
Server: nginx/1.12.2
...

In addition, within the same VPC, there's reachability for other availability zones; therefore, you can SSH from the EC2 host on the public subnet to the private subnet host (10.0.2.116). Note that we're using the ssh -A option that forwards ssh-agent, so there's no need to create a ~/.ssh/id_rsa file on the EC2 host:

[ec2-user@ip-10-0-1-41 ~]$ ssh 10.0.2.116
...

       __| __|_ )
       _| ( / Amazon Linux 2 AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-2/
1 package(s) needed for security, out of 5 available
Run "sudo yum update" to apply all updates.
[ec2-user@ip-10-0-2-116 ~]$

In addition to EC2, there's another important functionality named disk management. AWS provides a flexible disk management service called Elastic Block Store (EBS). You may create one or more persistent data storage that can attach to an EC2 instance. From an EC2 point of view, EBS is one of HDD/SSD. Once you terminate (delete) an EC2 instance, EBS and its contents may remain and then reattach to another EC2 instance.

In the following example, one volume that has 40 GB capacity is created and then attached to a public subnet host (instance ID, i-0f2750f65dd857e54):

//create 40GB disk at us-east-1a (as same as EC2 public subnet instance)
$ aws ec2 create-volume --availability-zone us-east-1a --size 40 --volume-type standard 
{
    "CreateTime": "2018-12-09T22:13:41.000Z",
    "VolumeType": "standard",
    "SnapshotId": "",
    "VolumeId": "vol-006aada6fa87c0060",
    "AvailabilityZone": "us-east-1a",
    "Size": 40,
    "State": "creating",
    "Encrypted": false
}
 
   
//attach to public subnet host as /dev/xvdh
$ aws ec2 attach-volume --device xvdh --instance-id i-0f2750f65dd857e54 --volume-id vol-006aada6fa87c0060
{
    "State": "attaching",
    "InstanceId": "i-0f2750f65dd857e54",
    "AttachTime": "2018-12-09T22:15:32.134Z",
    "VolumeId": "vol-006aada6fa87c0060",
    "Device": "xvdh"
}

After attaching the EBS volume to the EC2 instance, the Linux kernel recognizes /dev/xvdh as specified, and then you need to do partitioning in order to use this device, as follows:

In this example, we made one partition as /dev/xvdh1, so you can create a filesystem in ext4 format on /dev/xvdh1 and then you can mount to use this device on an EC2 instance:

After unmounting the volume, you are free to detach this volume and then re-attach it whenever needed:

$ aws ec2 detach-volume --volume-id vol-006aada6fa87c0060
{ 
    "InstanceId": "i-0f2750f65dd857e54",
    "VolumeId": "vol-006aada6fa87c0060",
    "State": "detaching",
    "Device": "xvdh",
    "AttachTime": "2018-12-09T22:15:32.000Z"
}
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset