EC2 stands for “Elastic Compute Cloud.” AWS’s EC2 service allows you spin up remote server instances on the fly. EC2 offers tremendous power and flexibility, but learning the lingo can be a hurdle to newcomers. Here’s a quick breakdown of EC2 tools and terms.
An EC2 instance is a just a remote server that is owned by Amazon. When creating an EC2 instance you choose the operating system that you want to run on your server (Windows or Linux). AWS also offers an Amazon Linux distribution (based on CentOS) that comes with the AWS command line tool preinstalled. You have several configuration options when creating an EC2 instance, such as the instance type (determines available RAM), disk space, and security groups. After launching your instance you can connect to it via ssh using the instance IP address (it’s worth noting that unless you assign your instance an elastic IP address, stopping and starting your instance will always result in a new IP–more about this below).
Amazon Machine Image (AMI)
AMI stands for “Amazon Machine Image.” An image is just a snapshot of an operating system and its applications. If you’ve ever installed Windows from a CD or booted Linux from a flash drive then you’ve used an image. After launching your EC2 instance you will likely want to install files and applications for the instance to run or use. For example, an instance used to serve a WordPress site will need to have Apache, MySQL, PHP, and WordPress installed. If you are a WordPress developer, you may need to do this for many different EC2 instances. Rather than install and configure a LAMP stack for every EC2 instance that will serve a WordPress site, you can you can create an AMI of a single instance and then use this AMI to launch additional instances. Any instance launched with the AMI will start as an exact copy of the original instance at the time that it was used to create the AMI. This way you launch many instances requiring the same files and applications while only having to download and install those applications once.
Elastic Block Store (EBS)
Security groups allow you to control who can access your instance and at which ports. This is important if you’re using EC2 instances to serve web pages. Traditionally http connections are served over port 80 and https connections are served over port 443. If you’re serving a website from your EC2 instance then you can write security rules enabling users to connect to your instance over ports 80 and 443 from any IP address (because you want anyone in the world to be able to see your website). You can also use security groups to disable users from connecting to your instance except from a specified IP address. For example, you may want to require SSH connections to originate from your office computers. You can achieve this by writing security rules that allow users to SSH into your EC2 instances from your office IP address only. Security groups make it possible for you to practice the principle of least privilege to prevent malicious users from connecting to exposed ports on your instance.
Elastic IP (EIP)
EIP stands for “Elastic IP” address. By default every EC2 instance is provided a public IP address. This allows users to connect to your instance over the public internet (for example, to view a website over port 80 or to connect via SSH over port 20). When creating your instance AWS will randomly assign an IP address to your instance from AWS’s pool of available IPs. When you stop or terminate your instance AWS will the instance IP address back to the pool of available IPs and eventually assign that IP to another instance. Your instance will not be publicly accessible until you restart it, at which point it is assigned a new public IP address. This can be a problem if you use services expecting your instance to maintain a consistent IP address. For example, if you have a DNS record associating mywebsite.com with IP address 18.104.22.168.5 and the instance at address 22.214.171.124.5 goes down, rebooting the instance will require you to change the DNS record to point at the new IP address. EIPs allow you to associate a static IP address with an instance. This way your instance will retain its public IP address even when the instance is stopped.
Load balancers allow you to distribute traffic across multiple EC2 instances. It’s often good practice to provide applications that are highly available, meaning that if one instance goes down another instance is available to pick up its load. You can do this by creating a target group comprised of multiple instances across various AWS regions. With the help of a load balancer you can then spread traffic across instances within the target group. Load balancers can also check the health of instances within the target group. If an instance is unhealthy, the load balancer will direct traffic to a different, healthy, target instance. Because instances running web applications receive traffic directly from their load balancers, it’s good practice to blacklist everything but the load balancer IP on ports 80 and 443 of your target instances.
Autoscaling does just what you’d expect: automatically scales the number of instances in your autoscaling group. Instances are created based on the launch configuration you provide (in other words, you simply save the details that you would enter when manually launching an EC2 instance so that AWS can launch those instances automatically). You can configure your autoscaling group to spin up additional instances when traffic spikes and to spin down instances when traffic dies down. This will prevent the performance issues that arise from having too few resources as well as save the money you would spend from having too many. Autoscaling also allows you to set the desired number of instances for your autoscaling group at any given time. This way if any instances go down AWS will automatically spin up instances until your autoscaling group reaches the desired number. For this reason it can be useful to create an autoscaling group even if all you desire is a single instance.