Chapter 3: Amazon Elastic Compute Cloud (Amazon EC2) and
Amazon Elastic Block Store (Amazon EBS)

1. C. Reserved Instances provide cost savings when you can commit to running instances full time, such as to handle the base traffic. On-Demand Instances provide the flexibility to handle traffic spikes, such as on the last day of the month.

• 按需實例可以提供自由的擴展，應對臨時的負載，支持應對流量峰值

2. B. Spot Instances are a very cost-effective way to address temporary compute needs that are not urgent and are tolerant of interruption. That’s exactly the workload described here. Reserved Instances are inappropriate for temporary workloads. On-Demand Instances are good for temporary workloads, but don’t offer the cost savings of Spot Instances. Adding more queues is a non-responsive answer as it would not address the problem.

• 對于不緊急并且允許中斷的臨時任務可以使用spot instance來降低成本；
• Reserved Instance不是用來支持臨時任務的
• On-Demand instance 雖然是用來支持臨時任務的，但是成本較高；

3. C, D. The Amazon EC2 instance ID will be assigned by AWS as part of the launch process. The administrator password is assigned by AWS and encrypted via the public key. The instance type defines the virtual hardware and the AMI defines the initial software state. You must specify both upon launch.

• AWS的用戶名和密碼是不需要指定的，無論在linux還是windows下，因為aws提供的是public key進行訪問，你登錄后可以設定通過密碼訪問，同時自己也需要創建賬號密碼；
• 必選項創建一個示例一般先選擇instance type，然后選擇ami。
• 可選項：配置instance、添加標簽、設置安全組、添加存儲
• 一個region都是提前選擇好的，但是里邊的az是通過創建subnet的時候需要指定的。如果在配置instance時候，不指定vpc和子網，一般都會使用默認創建的內容。

4. A, C. You can change the instance type only within the same instance type family, or you can change the Availability Zone. You cannot change the operating system nor the
   instance type family.

• 可以改變一個instance的規格，基于相同family類型
• 可以改變instance的az
• 這兩個在instance運行時菜單是不可點擊的，理論上只有stop的時候才可以操作；

5. D. When there are multiple security groups associated with an instance, all the rules are aggregated.

• 當有多個安區組關聯到一個實例上，那么他們是累加的規則
• 當然一個實例可以配置多個安區組sg

6. A, B, E. These are the benefits of enhanced networking.

• SR-IOV 是一種設備虛擬化方法，與傳統虛擬化網絡接口相比，它不僅能提高 I/O 性能，還能降低 CPU 使用率。增強聯網可以提高帶寬，提高每秒數據包數 (PPS) 性能，并不斷降低實例間的延遲。使用增強聯網不收取任何額外費用
• Intel 82599 虛擬功能 (VF) 接口支持10G的增強聯網，支持instance如下：C3、C4、D2、I2、M4 (m4.16xlarge 除外) 和 R3 實例
• Elastic Network Adapter (ENA)支持25G的增強聯網，支持instance如下：C5、C5d、F1、G3、H1、I3、m4.16xlarge、M5、M5d、P2、P3、R4 和 X1

7. A, B, D. The other answers have nothing to do with networking.

• HPC的網絡能力增強必須 先選擇支持增強聯網的實例，開啟網絡增強能力，設定到一個placement group中

8. C. Dedicated Instances will not share hosts with other accounts.

• 您的實例在單租戶硬件上運行。

9. B, C. Instance stores are low-durability, high-IOPS storage that is included for free with the hourly cost of an instance.

• instance的存儲是臨時性的，只要主機stop和terminal就會丟失；
• 較高的iops
• instance提供了默認大小的存儲不收費，對于新增的存儲大小進行收費

10. A, C. There are no tapes in the AWS infrastructure. Amazon EBS volumes persist when the instance is stopped. The data is automatically replicated within an Availability Zone.Amazon EBS volumes can be encrypted upon creation and used by an instance in thesame manner as if they were not encrypted.

• EBS是自動在AZ中復制的。但是不會備份到tape中。
• EBS支持加密創建

11. B. There is no delay in processing when commencing a snapshot.

• 創建一個snapshot是不會有時間延遲的。

12. B. The volume is created immediately but the data is loaded lazily. This means that the volume can be accessed upon creation, and if the data being requested has not yet been restored, it will be restored upon first request.

• EBS從快照中恢復數據是立即可以被訪問的，但是數據加載較慢，如果數據還沒被加載完成就收到請求了，那么基于第一個request，數據將被加載。所以對外展現是立即就可以使用了。

13. A, C. B and D are incorrect because an instance store will not be durable and a magnetic volume offers an average of 100 IOPS. Amazon EBS-optimized instances reserve network bandwidth on the instance for IO, and Provisioned IOPS SSD volumes provide the highest consistent IOPS.

• 首先在啟動的時候選擇EBS優化的instance
• 然后選擇 SSD這種高iops的卷進行存儲；

14. D. Bootstrapping runs the provided script, so anything you can accomplish in a script you can accomplish during bootstrapping.

• 通過user data這個內容，您可以完成安全更新、應用版本升級、配置os的服務

15. C. The public half of the key pair is stored on the instance, and the private half can then be used to connect via SSH.

• 新創建的instance都是通過私鑰訪問的。

16. B, C. These are the possible outputs of VM Import/Export.

• vm的導入導出支持ami創建和instance創建

17. B, D. Neither the Windows machine name nor the Amazon EC2 instance ID can be resolved into an IP address to access the instance.

• 能解析成一個IP的只有 public dns name和eip

18. A. None of the other options will have any effect on the ability to connect.

• 訪問不了一般都是vpc的安全組問題或者子網的ACL設置問題

19. C. A short period of heavy traffic is exactly the use case for the bursting nature of general-purpose SSD volumes—the rest of the day is more than enough time to build up enough IOPS credits to handle the nightly task. Instance stores are not durable, magnetic volumes cannot provide enough IOPS, and to set up a Provisioned IOPS SSD volume to handle the peak would mean spending money for more IOPS than you need.

• 短期的高負載沒必要使用 專屬的iops ssd，直接使用標準版本的ssd盤就可以了。aws提供了一個instance積分的制度，可以動態調整IOPS。

20. B. There is a very small hourly charge for allocated elastic IP addresses that are not associated with an instance.

• 當eip 掛在的instance停機了，是需要收費的
• 當eip掛在的instance在使用，是不需要收費的，AWS的理念是讓大家不要浪費eip
• EIP一般被用到slb場景，當instance stop后再開機，EIP是不會變的，而默認分配的public ip 會改變；

知識點總結

• Know the basics of launching an Amazon ec2 instance. To launch an instance, you must specify an AMI, which defines the software on the instance at launch, and an instance type, which defines the virtual hardware supporting the instance (memory, vCPUs, and so on).

• 了解創建一個EC2實例的基本輸入信息。

• 必須指定一個AMI：定義了實例啟動時操作系統及軟件；

• 指定一個實例類型：定了一個虛擬硬件的的規格 memory、vCPU等

• Know what architectures are suited for what Amazon ec2 pricing options. Spot Instances are best suited for workloads that can accommodate interruption. Reserved Instances are best for consistent, long-term compute needs. On-Demand Instances provide flexible compute to respond to scaling needs.

• 知道適合不同架構的EC2定價選擇；

• Spot instance 適合可以隨時終端的負載；

• Reserved instance 適合長期持續訪問的計算需求；

• On-Demand instances：提供了按需擴展的自由計算能力；

• Know how to combine multiple pricing options that result in cost optimization and scalability. On-Demand Instances can be used to scale up a web application running on Reserved Instances in response to a temporary traffic spike. For a workload with several Reserved Instances reading from a queue, it’s possible to use Spot Instances to alleviate heavy traffic in a cost-effective way. These are just two of countless examples where a workload may use different pricing options.

• 了解如何組合多個定價選擇

• On-Demand instances可以用作解決臨時流量峰值的解決方案；

• 對于一個從queue中讀取消費消息的Reserved Instances，有很大可能可以使用Spot instances去解決流量高峰，從而獲得更高的性價比；

• Know the benefits of enhanced networking. Enhanced networking enables you to get significantly higher PPS performance, lower network jitter, and lower latencies.

• enhanced networking 可以讓我們顯著的獲得更高的PPS性能，低網絡抖動，低延遲；

• Know the capabilities of vm import/export. VM Import/Export allows you to import existing VMs to AWS as Amazon EC2 instances or AMIs. Amazon EC2 instances that were imported through VM Import/Export can also be exported back to a virtual environment.

• 了解VM import/export能力，VM import/export允許你導入現有的VMs到AWS作為EC2實例或者AMIs。 Amazon EC2實例可以通過VM導入，也可以被導出到虛擬環境中；

• Know the methods for accessing an instance over the internet. You can access an Amazon EC2 instance over the web via public IP address, elastic IP address, or public DNS name. There are additional ways to access an instance within an Amazon VPC, including private IP addresses and ENIs.

• 了解通過internet訪問instance的方法：通過public IP、EIP、public DNS name。

• 還有一些額外的方法：private IP 和 ENIs；

• Know the lifetime of an instance store. Data on an instance store is lost when the instance is stopped or terminated. Instance store data survives an OS reboot.

• 了解instance store的生命周期；instance被stopped或者terminated的時候，instance本身的store data將被清空。但是OS reboot的時候 instance的store data會被保存；

• Know the properties of the Amazon EC2 pricing options. On-Demand Instances require no up-front commitment, can be launched any time, and are billed by the hour. Reserved Instances require an up-front commitment and vary in cost depending on whether they are paid all up front, partially up front, or not up front. Spot Instances are launched when your bid price exceeds the current spot price. Spot Instances will run until the spot price exceeds your bid price, in which case the instance will get a two-minute warning and terminate.

• 了解Amazon EC2的定價模型；

• On-Demand instance：不需要提前付款，可以隨時啟動，按小時付費；

• Reserved instance：需要一個預付協議，可以選擇是否全部預付，部分預付，或者不預付，不同的選擇價格不同；

• Spot Instance：在spot價格超過當前競標價，在spot價格高于你的競標價時停止，停止時將有一個提前兩分鐘的警告，然后終止；

• Know what determines network performance. Every instance type is rated for low, moderate, high, or 10 Gbps network performance, with larger instance types generally having higher ratings. Additionally, some instance types offer enhanced networking, which provides additional improvement in network performance.

• 了解網絡性能決策。每個instance type被定級為low，moderate，high或者10 Gbps的網絡性能；Larger instance type一般有較高的定級；

• 另外，一些instance type提供enhance networking，可以提供網絡上的性能改善；

• Know what instance metadata is and how it’s obtained. Metadata is information about an Amazon EC2 instance, such as instance ID, instance type, and security groups, that is available from within the instance. It can be obtained through an HTTP call to a specific IP address.

• 了解什么是instance的元數據以及如何獲取。元數據是EC2的信息，例如instanceID，instance type，安全組。他可以通過http調用特定IP的方式獲??；

• Know how security groups protect instances. Security groups are virtual firewalls controlling traffic in and out of your Amazon EC2 instances. They are deny by default, and you can allow traffic by adding rules specifying traffic direction, port, protocol, and destination address (via Classless Inter-Domain Routing [CIDR] block). They are applied at the instance level, meaning that traffic between instances in the same security group must adhere to the rules of that security group. They are stateful, meaning that an outgoing rule will allow the response without a correlating incoming rule.

• 了解安全組是如何保護instance的。安全組是虛擬的防火墻用來控制EC2流量的進出；默認是deny所有，你可以指定規則指明流量的進出、端口和協議，以及目標地址。他們適用于instance level，意味著相同安全組內的instance擁有相同的流量規則。他們是有狀態的，意味著出口規則定義完成后，入口規則就不需要定制了；

• Know how to interpret the effect of security groups. When an instance is a member of multiple security groups, the effect is a union of all the rules in all the groups.

• 了解如何中斷安全組的效果。當一個instance是多個安全組的一員，對instance的影響是多個安全組的并集；

• Know the different Amazon ebs volume types, their characteristics, and their appropriate workloads. Magnetic volumes provide an average performance of 100 IOPS and can be provisioned up to 1 TB. They are good for cold and infrequently accessed data. General-purpose SSD volumes provide three IOPS/GB up to 10,000 IOPS, with smaller volumes able to burst 3,000 IOPS. They can be provisioned up to 16 TB and are appropriate for dev/test environments, small databases, and so forth. Provisioned IOPS SSD can provide up to 20,000 consistent IOPS for volumes up to 16 TB. They are the best choice for workloads such as large databases executing many transactions.

• 了解不同AWS EBS卷類型,他們的特點，他們適合的負載能力。

• 普通磁盤支持 500的IOPS/

• General-purpose SSD 卷提供 10000的IOPS,16TB存儲量,比較適合dev/test環境，小型數據庫等；

• Provisioned IOPS SSD 提供20000的IOPS，16TB存儲量，比較適合大型數據庫負載，執行多事務性程序；

  
  
  image.png

• Know how to encrypt an Amazon ebs volume. Any volume type can be encrypted at launch. Encryption is based on AWS KMS and is transparent to applications on the attached instances.

• 了解如何加密一個EBS卷。任何類型的卷都可以在launch的時候加密；加密是基于AWS的KMS，在應用調取的時候自動解密轉換；

• Understand the concept and process of snapshots. Snapshots provide a point-in-time backup of an Amazon EBS volume and are stored in Amazon S3. Subsequent snapshots are incremental—they only store deltas. When you request a snapshot, the point-in-time snapshot is created immediately and the volume may continue to be used, but the snapshot may remain in pending status until all the modified blocks have been transferred to Amazon S3. Snapshots may be copied between regions.

• 了解Snapshots的概念。Snapshots提供了一個按照時間點備份EBS卷的策略，同時將Snapshots存儲在S3。順序的snapshots是增量的存儲；

• 當你設置一個snapshot， point-in-time的snapshot被立即創建了，同時這個卷也許持續被使用。但是當snapshot是pending狀態的時候，可能是在等待modified blocks被傳輸到S3。

• Snapshots 也可以跨region復制。

• Know how Amazon ebs-optimized instances affect Amazon ebs performance. In addition to the IOPS that control the performance in and out of the Amazon EBS volume, use Amazon EBS-optimized instances to ensure additional, dedicated capacity for Amazon EBS I/O.

• 了解AWS的ebs-optimized instance如何影響 ebs的性能；IOPS是控制in and out的EBS卷，使用EBS-optimized instance可以保證額外的，專屬的EBS IO；