Open in app

Sign in

Write

Sign in

AWS EC2 Fundamental

dieutb
5 min readMar 27, 2022

--

Available Regions

  • The location of the service will be hosted. Example: eu-central-1 Europe (Frankfurt), us-east-2 US East (Ohio), etc.
  • The time-serving of the service (request/response) would depend on the location of the user against the service’s location.
  • Each region would have a different services price (old calculator, new calculator). Be careful of the instance type, there is a arm64 system that is not compatible with some libraries/plugins/docker image

VPC (Logically Isolated Virtual Private Cloud)

  • Defines and launches AWS resources (EC2, RDS, etc.) in a logically isolated virtual network. You can launch your AWS resources, such as Amazon EC2 instances into your VPC.
  • As default, VPC can not connect to the Internet. In order to do that we need to have InternetGateway attached
  • Has one DHCP options set.
  • Has many SubNet (max 200)
  • A VPC spans all of the Availability Zones in the Region. The following diagram shows a new VPC with an IPv4 CIDR block.

When creating

  • Has one default Main route table, can create many.
  • Has one default Main network ACL (allows all inbound and outbound IPv4/IPv6 traffic), can create many.

Available Zone

  • Currently ,AWS supports 3 zones (1a, 1b, 1c) in a region.
  • Each zone represents a separated physical power system put on that region. So, when a zone is off, others still may be on for backup.
  • A concrete server would be built in a crossing zone.

SubNet (range of IP addresses in your VPC)

  • reside entirely within one Availability Zone (1a, 1b, 1c) of VPC and cannot span zones
  • Is specified the IPv4/IPV6 CIDR block. For example IPV4 10.0.0.0/24.
  • A subnet can attach to InternetGateway for communicating over the internet (through route table)
  • After creating, SubNet would be connected to a default RouteTable of VPC. We can change the RouteTable or change the config of RouteTable.
  • Limited to 200 in a VPC.
  • Must be associated with a network ACL. If not, it would default associate to the main network ACL of VPC.
  • Can config default (not) to assign new public IP to a new ec2. This is an default option when an instance is created.

Route table

  • Contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
  • Each subnet must be associated with a route table, which specifies the allowed routes for outbound traffic leaving the subnet. Every subnet that you create is automatically associated with the main route table for the VPC. You can change the association, and you can change the contents of the main route table. For more information

Network ACLs (Network Access Control Lists)

  • Manage Inbound/Outbound rule of a subnet
  • Belongs to a VPC
  • Can be set to many Subnets
  • Has many rules that are evaluated in order “Rule number” (recommend that setting Rule number with increments number of 10 or 100). For example: 100, 200, 300

Security Group

  • Manage Inbound/Outbound rule of an instance

InternetGateway

  • The service allows VPC can communicate to the internet

CIDR block (Classless Inter-Domain Routing)

  • IPv4 CIDR blocks limited to 5 per VPC
  • Only one IPv6 CIDR block per VPC
  • There are 32 bits total (each block occupies 8 bits). For example 192.255.255.255/12 (the first 12 bits are used for the host and 20 bits are used for the address network). 2¹² = 4096 addresses

EC2 (Amazon Elastic Compute Cloud)

  • Is a web service that provides secure, resizable compute capacity in the cloud
  • Belong to one Available Region
  • Belong to one VPC (AWS no longer supports classic ec2)
  • Belong to one SubNet (VPC Subnet)
  • Has one IAM (Permission for interaction between services)

Currently, there are 3 ways for an instance EC2 to connect to the internet

1. Internet gateway

  • An instance EC2 has public IP.
  • EC2’s Security Group allows the outside connections (outbound rule).
  • EC2’s NetWorkACLs of SubNet allows connecting to the outside
  • EC2’s RouteTable of SubNet connect to the InternetGateway

2. NAT gateway / Egress-only Internet Gateway

A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances. It only supports IPv4. Similar to NAT gateway, Egress-only Internet Gateway support for IPv6

  • The instance is in the private subnet
  • The instance’s security-group has an outbound rule connecting outside
  • The private subnet connects to the route-table having a NAT gateway

3. NAT instance

  • Create an instance and install NAT on it.
# log in to EC2 console and install NAT
sudo sysctl -w net.ipv4.ip_forward=1
sudo /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo yum install iptables-services
sudo service iptables save
  • The NAT instance must be in the public subnet and able to connect to the internet.
  • The private instance is inside the private subnet.
  • The route table attaches to the private subnet must contain NAT-instance-ID
AWS
Aws Ec2

--

--

dieutb
dieutb

Written by dieutb

11 Followers
25 Following

passion in finding solutions and research some things relate to technical and helpful in life. Also strongly interest in foods, travel, and gentle music :)

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams