2.3 AWS EC2 Instance Lifecycle

Overview

An Amazon EC2 instance transitions through different states from the moment you launch it through to its termination. The following illustration represents the transitions between instance states. 

2.3 AWS EC2 Instance Lifecycle

Launching

  • When you launch an instance, it enters the pending state.
  • After the instance is ready for you, it enters the running state. 
  • As soon as your instance transitions to the running state, you're billed for each second, with a one-minute minimum
  • The instance receives a public DNS name that you can use to contact the instance from the internet.
  • The instance also receives a private DNS name that other instances within the same VPC can use to contact the instance.

Launch an instance using the Launch Instance Wizard

  1. Step 1: Choose an Amazon Machine Image (AMI)
  2. Step 2: Choose an Instance Type
  3. Step 3: Configure Instance Details
  4. Step 4: Add Storage
  5. Step 5: Add Tags
  6. Step 6: Configure Security Group
  7. Step 7: Review Instance Launch and Select Key Pair

Launch an instance from a launch template

  • You can create a launch template that contains the configuration information to launch an instance.
  • Launch templates enable you to store launch parameters so that you do not have to specify them every time you launch an instance.
  • A launch template can contain all or some of the parameters to launch an instance. When you launch an instance using a launch template, you can override parameters that are specified in the launch template. Or, you can specify additional parameters that are not in the launch template.

Lunch template version

  • For each launch template, you can create one or more numbered launch template versions.
  • Each version can have different launch parameters.
  • When you launch an instance from a launch template, you can use any version of the launch template.
  • If you do not specify a version, the default version is used.
  • You can set any version of the launch template as the default version—by default, it's the first version of the launch template.

Launch template restrictions

  • You are limited to creating 5,000 launch templates per Region and 10,000 versions per launch template.
  • Launch template parameters are optional. However, you must ensure that your request to launch an instance includes all required parameters.
  • Launch template parameters are not fully validated when you create the launch template. If you specify incorrect values for parameters, or if you do not use supported parameter combinations, no instances can launch using this launch template. Ensure that you specify the correct values for the parameters and that you use supported parameter combinations. 
  • You can tag a launch template, but you cannot tag a launch template version.
  • Launch template versions are numbered in the order in which they are created. When you create a launch template version, you cannot specify the version number yourself.

Control the use of launch templates

  • By default, IAM users do not have permissions to work with launch templates.
  • You can create an IAM user policy that grants users permissions to create, modify, describe, and delete launch templates and launch template versions. 

Launch an instance using parameters from an existing instance

  • The Amazon EC2 console provides a Launch more like this wizard option that enables you to use a current instance as a base for launching other instances.
  • The Launch more like this wizard option does not clone your selected instance; it only replicates some configuration details. 
  • The following configuration details are copied from the selected instance into the launch wizard:
    • AMI ID
    • Instance type
    • Availability Zone, or the VPC and subnet in which the selected instance is located
    • Public IPv4 address. If the selected instance currently has a public IPv4 address, the new instance receives a public IPv4 address - regardless of the selected instance's default public IPv4 address setting.
    • Placement group, if applicable
    • IAM role associated with the instance, if applicable
    • Shutdown behavior setting (stop or terminate)
    • Termination protection setting (true or false)
    • CloudWatch monitoring (enabled or disabled)
    • Amazon EBS-optimization setting (true or false)
    • Tenancy setting, if launching into a VPC (shared or dedicated)
    • Kernel ID and RAM disk ID, if applicable
    • User data, if specified
    • Tags associated with the instance, if applicable
    • Security groups associated with the instance
  • The following configuration details are not copied from your selected instance. Instead, the wizard applies their default settings or behavior:
    • Number of network interfaces: The default is one network interface, which is the primary network interface (eth0).
    • Storage: The default storage configuration is determined by the AMI and the instance type.

Launch an AWS Marketplace instance

  • You can subscribe to an AWS Marketplace product and launch an instance from the product's AMI using the Amazon EC2 launch wizard.

Bootstrapping

  • A great benefit of the cloud is the ability to script virtual hardware management in a manner that is not possible with on-premises hardware.
  • The process of providing code to be run on an instance at launch is called bootstrapping.
  • UserData is passed to the operating system to be executed as part of the launch process the firsttime the instance is booted.
    • On Linux instances this can be shell script
    • on Windows instances this can be a batch style script or a PowerShell script.
  • The script can perform tasks such as:
    • Applying patches and updates to the OS
    • Enrolling in a directory service
    • Installing application software
    • Copying a longer script or program from storage to be run on the instance
    • Installing Chef or Puppet and assigning the instance a role so the configuration management software can config
  • UserData is stored with the instance and is not encrypted, so it is important to not

    include any secrets such as passwords or keys in the UserData.

VM Import/Export

  • Easily import Virtual Machines (VMs) from your existing environment as an Amazon EC2 instance and export them back to your on-premises environment.
  • You can only export previously imported Amazon EC2 instances. Instances launched within AWS from AMIs cannot be exported.

Instance Metadata

  • Instance metadata is data about your instance that you can use to configure or manage the running instance.
  • This is unique in that it is a mechanism to obtain AWS properties of the instance from within the OS without making a call to the AWS API.
  • Instance metadata includes a wide variety of attributes, including:
    • The associated security groups
    • The instance ID
    • The instance type
    • The AMI used to launch the instance
  • An HTTP call to http://169.254.169.254/latest/meta-data/ will return the top node of the instance metadata tree.

Connect to your Linux instance

  • If your local computer operating system is Linux or macOS X
    • SSH Client
    • EC2 Instance Connect
    • AWS Systems Manager Session Manager
  • If your local computer operating system is Windows
    • PuTTY
    • SSH Client
    • AWS Systems Manager Session Manager
    • Windows Subsysten for Linux

General prerequisites for connecting to your instance

  • Get information about your instance
  • Enable inbound SSH traffic from your IP address to your instance.
  • Locate the private key
  • (Optional) Get the instance fingerprint

Connect to your Linux instance using SSH

  • To transfer a file to the destination on the instance:
    • ssh -i /path/my-key-pair.pem my-instance-user-name@my-instance-public-dns-name
  • To transfer a file from your Amazon EC2 instance to your computer
    • scp -i /path/my-key-pair.pem /path/my-file.txt ec2-user@my-instance-public-dns-name:path/

Connect to your Linux instance using EC2 Instance Connect

  • Amazon EC2 Instance Connect provides a simple and secure way to connect to your Linux instances using Secure Shell (SSH).
  • With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys. 
  • To use EC2 Instance Connect to connect to an instance, you need to configure every instance that will support using Instance Connect (this is a one-time requirement for each instance), and you need to grant permission to every IAM principal that will use Instance Connect. 

Set up EC2 Instance Connect

  • Tasks to set up Instance Connect
    • Task 1: Configure network access to an instance
    • Task 2: (Conditional) Install EC2 Instance Connect on an instance
      • Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later are preconfigured with EC2 Instance Connect. Others do not.
    • Task 3: (Optional) Install the EC2 Instance Connect CLI
    • Task 4: Configure IAM permissions for EC2 Instance Connect
      • ​​​​​​​For your IAM principals to connect to an instance using EC2 Instance Connect, you must grant them permission to push the public key to the instance. 
      • You grant them the permission by creating an IAM policy and attaching the policy to the IAM principals that require the permission
  • Limitations
    • The following Linux distributions are supported:
      • Amazon Linux 2 (any version)
      • Ubuntu 16.04 or later
    • If you configured the AuthorizedKeysCommand and AuthorizedKeysCommandUser settings for SSH authentication, the EC2 Instance Connect installation will not update them. As a result, you cannot use Instance Connect.

Connect using EC2 Instance Connect

  • Limitations
    • The following Linux distributions are supported:
      • Amazon Linux 2 (any version)
      • Ubuntu 16.04 or later
    • To connect using the Amazon EC2 console (browser-based client), the instance must have a public IPv4 address.
    • If the instance does not have a public IP address, you can connect to the instance using an SSH client or the EC2 Instance Connect CLI, and over a private network, such as from a machine within the same VPC or from a machine connected to the VPC over VPN or AWS Direct Connect.
  • EC2 Instance Connect does not support connecting using an IPv6 address.
  • Connect using the Amazon EC2 console (browser-based client)
  • Connect using the EC2 Instance Connect CLI: mssh i-001234a4bf70dec41EXAMPLE
  • Connect using your own key and SSH client
    • ssh-keygen -t rsa -f my_rsa_key
    • aws ec2-instance-connect send-ssh-public-key \ --instance-id i-001234a4bf70dec41EXAMPLE \ --availability-zone us-west-2b \ --instance-os-user ec2-user \ --ssh-public-key file://my_rsa_key.pub
    • ssh -o "IdentitiesOnly=yes" -i my_rsa_key ec2-user@ec2-198-51-100-1.compute-1.amazonaws.com

​​​​​​​​​​​​​​​​​​​​​Connect to your Linux instance from Windows using PuTTY

  • PuTTY does not natively support the private key format for SSH keys. PuTTY provides a tool named PuTTYgen, which converts keys to the required format for PuTTY. You must convert your private key (.pem file) into this format (.ppk file) in order to connect to your instance using PuTTY.
  • Transfer files to your Linux instance using the PuTTY Secure Copy client(command line tool)
  • Transfer files to your Linux instance using WinSCP

Connect using WSL

  • WSL is a free download and enables you to run native Linux command line tools directly on Windows, alongside your traditional Windows desktop, without the overhead of a virtual machine.
  • To connect to your instance using SSH
  • Transfer files to Linux instances from Linux using SCP

Connect using Session Manager

  • Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon EC2 instances through an interactive one-click browser-based shell or through the AWS CLI
  • You can use Session Manager to start a session with an instance in your account.
  • After the session is started, you can run bash commands as you would through any other connection type

Instance stop and start (Amazon EBS-backed instances only)

  • You can stop and start your instance if it has an Amazon EBS volume as its root device.
  • The instance retains its instance ID
  • When you stop a running instance, the following happens:
    • The instance performs a normal shutdown and stops running; its status changes to stopping and then stopped.
    • Any Amazon EBS volumes remain attached to the instance, and their data persists.
    • Any data stored in the RAM of the host computer or the instance store volumes of the host computer is gone.
    • In most cases, the instance is migrated to a new underlying host computer when it's started (for dedicated host, it remains on the current host).
    • The instance retains its private IPv4 addresses and any IPv6 addresses when stopped and started. We release the public IPv4 address and assign a new one when you start it.
    • The instance retains its associated Elastic IP addresses. You're charged for any Elastic IP addresses associated with a stopped instance. With EC2-Classic, an Elastic IP address is dissociated from your instance when you stop it. 
    • When you stop and start a Windows instance, the EC2Config service performs tasks on the instance, such as changing the drive letters for any attached Amazon EBS volumes. 
    • If your instance is in an Auto Scaling group, the Amazon EC2 Auto Scaling service marks the stopped instance as unhealthy, and may terminate it and launch a replacement instance. 
    • When you stop a ClassicLink instance, it's unlinked from the VPC to which it was linked. You must link the instance to the VPC again after starting it. 
  • You can modify the following attributes of an instance only when it is stopped:
    • Instance type
    • User data
    • Kernel
    • RAM disk
  • We don't charge usage or data transfer fees for your instance after you stop it, but we do charge for the storage for any Amazon EBS volumes.
  • Each time you start a stopped instance we charge a minimum of one minute for usage.

Instance hibernate (Amazon EBS-backed instances only)

  • You can hibernate an instance only if it's enabled for hibernation and it meets the hibernation prerequisites.
  • When you hibernate a running instance, the following happens:
    • When you initiate hibernation, the instance moves to the stopping state. Amazon EC2 signals the operating system to perform hibernation (suspend-to-disk). The hibernation freezes all of the processes, saves the contents of the RAM to the EBS root volume, and then performs a regular shutdown.
    • After the shutdown is complete, the instance moves to the stopped state.
    • Any EBS volumes remain attached to the instance, and their data persists, including the saved contents of the RAM.
    • Any Amazon EC2 instance store volumes remain attached to the instance, but the data on the instance store volumes is lost.
    • The instance retains its private IPv4 addresses and any IPv6 addresses
    • Amazon EC2 releases the public IPv4 address.
    • The instance retains its associated Elastic IP addresses. You're charged for any Elastic IP addresses associated with a hibernated instance. With EC2-Classic, an Elastic IP address is disassociated from your instance when you hibernate it. 
    • When you hibernate a ClassicLink instance, it's unlinked from the VPC to which it was linked. You must link the instance to the VPC again after starting it.
  • When you start your instance:
    • it enters the pending state, and we move the instance to a new host computer(for dedicated host instance, host will not change)
    • the operating system reads in the contents of the RAM from the EBS root volume, before unfreezing processes to resume its state.
    • the Amazon EBS root volume is restored to its previous state and the RAM contents are reloaded
    • Previously attached data volumes are reattached and the instance retains its instance ID.
    • the instance continues to retain its private IPv4 addresses and any IPv6 addresses.
    • assigns a new public IPv4 address to the instance.
  • Don't charge usage for a hibernated instance when it is in the stopping state, don't charge usage for data transfer fees, but charge for the storage for any Amazon EBS volumes, including storage for the RAM data

Hibernation prerequisites

  • Supported instance families
    • C3, C4, C5
    • I3
    • M3, M4, M5, M5a, M5ad
    • R3, R4, R5, R5a, R5ad
    • T2, T3, T3a
  • Instance RAM size - must be less than 150 GB.
  • Instance size - not supported for bare metal instances.
  • Supported AMIs (must be an HVM AMI that supports hibernation)
  • Root volume type - must be an EBS volume, not an instance store volume.
  • Supported EBS volume types - General Purpose SSD (gp2 and gp3) or Provisioned IOPS SSD (io1 and io2). 
  • EBS root volume size - must be large enough to store the RAM contents and accommodate your expected usage
  • EBS root volume encryption - To use hibernation, the root volume must be encrypted to ensure the protection of sensitive content that is in memory at the time of hibernation.
  • Enable hibernation at launch - You cannot enable hibernation on an existing instance (running or stopped). 
  • Purchasing options - This feature is available for On-Demand Instances and Reserved Instances.

Instance reboot

  •  recommend that you use Amazon EC2 to reboot your instance instead of running the operating system reboot
  • Rebooting an instance is equivalent to rebooting an operating system.
  • The instance remains on the same host computer and maintains its public DNS name, private IP address, and any data on its instance store volumes.
  • Rebooting an instance doesn't start a new instance billing period

Instance retirement

  • When an instance reaches its scheduled retirement date, it is stopped or terminated by AWS.
  • If your instance root device is an Amazon EBS volume, the instance is stopped, and you can start it again at any time.
  • If your instance root device is an instance store volume, the instance is terminated, and cannot be used again. Convert your instance to an EBS-backed instance

Instance termination

  • Each Amazon EBS-backed instance supports the InstanceInitiatedShutdownBehavior  attribute, which controls whether the instance stops or terminates when you initiate shutdown from within the instance itself 
  • By default, Amazon EBS root device volumes are automatically deleted when the instance terminates,any additional EBS volumes that you attach persist even after the instance terminates. This behavior is controlled by the volume's DeleteOnTermination attribute, which you can modify.

Termination Protection

  • To prevent termination via the AWS Management Console, CLI, or API
  • This helps to prevent accidental termination through human error.
  • It does not prevent termination triggered by an OS shutdown command, termination from an Auto Scaling group, or termination of a Spot Instance due to Spot price changes
  • You can't enable termination protection for Spot Instances

Differences between reboot, stop, hibernate, and terminate

The following table summarizes the key differences between rebooting, stopping, hibernating, and terminating your instance.

Characteristic Reboot Stop/start (Amazon EBS-backed instances only) Hibernate (Amazon EBS-backed instances only) Terminate

Host computer

The instance stays on the same host computer

We move the instance to a new host computer (though in some cases, it remains on the current host).

We move the instance to a new host computer (though in some cases, it remains on the current host).

None

Private and public IPv4 addresses

These addresses stay the same

The instance keeps its private IPv4 address. The instance gets a new public IPv4 address, unless it has an Elastic IP address, which doesn't change during a stop/start.

The instance keeps its private IPv4 address. The instance gets a new public IPv4 address, unless it has an Elastic IP address, which doesn't change during a stop/start.

None

Elastic IP addresses (IPv4)

The Elastic IP address remains associated with the instance

The Elastic IP address remains associated with the instance

The Elastic IP address remains associated with the instance

The Elastic IP address is disassociated from the instance

IPv6 address

The address stays the same

The instance keeps its IPv6 address

The instance keeps its IPv6 address

None

Instance store volumes

The data is preserved

The data is erased

The data is erased

The data is erased

Root device volume

The volume is preserved

The volume is preserved

The volume is preserved

The volume is deleted by default

RAM (contents of memory)

The RAM is erased

The RAM is erased

The RAM is saved to a file on the root volume

The RAM is erased

Billing

The instance billing hour doesn't change.

You stop incurring charges for an instance as soon as its state changes to stopping. Each time an instance transitions from stopped to running, we start a new instance billing period, billing a minimum of one minute every time you start your instance.

You incur charges while the instance is in the stopping state, but stop incurring charges when the instance is in the stopped state. Each time an instance transitions from stopped to running, we start a new instance billing period, billing a minimum of one minute every time you start your instance.

You stop incurring charges for an instance as soon as its state changes to shutting-down.

Managing Instances

  • Tags can help you manage not just your Amazon EC2 instances, but also many of your AWS Cloud services.
  • Tags are key/value pairs you can associate with your instance or other service.

Monitoring Instances

  • Amazon CloudWatch

Modifying an Instance

Instance Type

  1. To resize an instance, set the state to Stopped.
  2. Choose the “Change Instance Type” function in the tool of your choice select the desired instance type.
  3. Restart the instance and the process is complete

Security Groups

  • For instances outside of an Amazon VPC (called EC2-Classic), the association of the security groups cannot be changed after launch.
  • If an instance is running in an Amazon VPC, you can change which security groups are associated with an instance while the instance is running.

Reference

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html 

https://aws.amazon.com/ec2/?ec2-whats-new.sort-by=item.additionalFields.postDateTime&ec2-whats-new.sort-order=desc​​​​​​​​​​​​​​

AWS Certified Solutions Architect Official Study Guide - Associate

AWS Certified Solutions Architect Study Guide- Associate 2nd Edition

 

上一篇:关于Linux下aws-cli-2版本的安装


下一篇:[AWS DA] Database types & SSL