ec2实例类型
refer: https://aws.amazon.com/cn/ec2/instance-types/
General_Purpose | 通用 | 通用实例提供计算、内存和联网资源三方面的平衡,可用于各种不同的工作负载。这些实例非常适合于以相同比例使用这些资源的应用程序,如 Web 服务器和代码存储库。 | |
Compute_Optimized | 计算优化型 | 计算优化型实例非常适用于从高性能处理器获取的受计算限制的应用程序。属于此系列的实例非常适用于批处理工作负载、媒体转码、高性能 Web 服务器、高性能计算 (HPC)、科学建模、专用游戏服务器和广告服务器引擎、机器学习推理和其他计算密集型应用程序。 | |
Memory_Optimized | 内存优化型 |
| 内存优化型实例旨在提高可处理内存中大型数据集的工作负载的性能。 |
Accelerated_Computing | 加速计算 | 加速计算实例使用硬件加速器或协同处理器来执行浮点数计算、图形处理或数据模式匹配等功能,比使用在 CPU 上运行的软件更高效。 | |
Storage_Optimized | 存储优化型 |
| 存储优化型实例旨在用于需要对本地存储上的大型数据集进行高速连续读写访问的工作负载。它们经过了优化,每秒可以向应用程序交付数以万计的低延迟、随机 I/O 操作 (IOPS)。 |
命名约定
实例类型名称由实例系列、世代和大小组成。它们还可以表示其他功能,例如:
- a – AMD 处理器
- g – AWS Graviton 处理器
- i – 英特尔处理器
- d – 实例存储卷
- n – 网络优化
- b – 数据块存储优化
- e – 额外的存储或内存
- z – 高频率
m5.2xlarge
- m: 实例系列 instance class
- 5: 世代 generation (AWS improves them over time)
- 2xlarge: 大小 size within the instance class
Introduction to Security Groups
- Security groups only contain allow rules
- Security groups rules can reference by IP or by security group
Security Groups Good to know
- Can be attached to multiple instances
- Locked down to a region / VPC combination
- Does live "outside" the EC2 – if traffic is blocked the EC2 instance won't see it
- It's good to maintain one separate security group for SSH access
- If your application is not accessible (time out), then it's a security group issue
- If your application gives a "connection refused" error, then it's an application error or it's not launched
- All inbound traffic is blocked
- All outbound traffic is authorised
Classic Ports to know
- 22 = SSH (Secure Shell) - log into a Linux instance
- 21 = FTP (File Transfer Protocol) – upload files into a file share
- 22 = SFTP (Secure File Transfer Protocol) – upload files using SSH
- 80 = HTTP – access unsecured websites
- 443 = HTTPS – access secured websites
- 3389 = RDP (Remote Desktop Protocol) – log into a Windows instance
EC2 Instances Purchasing Options
On-Demand Instances:
- ·Pay for what you use:
- Linux or Windows-billing per second after the first minute
- All other operating systems-billing per hour
- Has the highest cost but no upfront payment
- No long-term commitment
- ·Recommended forshort-term and un-interrupted workloads, where you can't predict how the application will behave
EC2 Reserved Instance 预留实例:
- (1年或3年两个选项) 预定且可预付(无预付、部分预付、全预付)
- Reserved Instances 标准预留实例: long workloads
- 相较于On-demand, 高达72%的折扣
- 特定实例类型, 不能更改 You reserve a specific instance attributes (InstanceType, Region, TenancyOS)
- Reservation Period-1 year (+discount), or 3 years (+++discount)
- Payment Options (支付选项:预付比例) - No Upfront(+), Partial Upfront(++), All Upfront(+++)
- Reserved Instance's Scope - Regional or Zonal (reserve capacity in an AZ
- Recommended for steady-state usage applications (think database)
- You can buy and sell in the Reserved Instance Marketplace
- Scheduled Reserved Instances 只有US East (N. Virginia), US West (Oregon),EU (Ireland) 支持,用于定期执行的任务,比如安全扫描等。 every Thursday between 3 and 6 pm
- Convertible Reserved Instances 可转换预留实例: long workloads with flexible instances
- 可转换预留实例的折扣额度较小,但允许在合同期间更改某些其他实例类型、更改其他属性
Can change the EC2 instance type, instance familyOS scope and tenancy - Up to 66% discount
EC2 Savings Plans(1 & 3 years)
- commitment to an amount of usage, long workload 承诺在1年或3年期,每个月最低消费额,超出额度部分,按照on-demand的价格支付;锁定
- Get a discount based on long-term usage (up to 72% - same as Reserved Instances)
- Commit to a certain type of usage ($10/hour for 1 or 3 years)
- Usage beyond EC2 Savings Plans is billed at the On-Demand price
- Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
- Flexible across:
- Instance Size (e.g., m5.large, m5.2xlarge)
- OS (e.g., Linux, Windows)
- Tenancy (Host, Dedicated, Default)
Spot Instances:
- short workloads, cheap, can lose instances (less reliable)
- Useful for workloads that are resilient to failure: Batch jobs, Data analysis, Image processing, Any distributed workloads, Workloads with a flexible start and end time
- 如果主动终止一个竞价实例,需要为当前这个完整小时付费
- 如果因为价格上涨,AWS终止了你的竞价实例,那么这个小时的费用会被免除
Dedicated Hosts:
- 适用于限制数据出境的、绑定系统的license等情况,贵!
- A physical server with EC2 instance capacity fully dedicated to your use
- Allows you address compliance requirements and use your existing server-bound software licenses (per-socket, per-core, per-VM software licenses)
- Purchasing Options:
- On-demand - pay per second for active Dedicated Host
- Reserved -1 or 3 years (No Upfront, Partial Upfront, All Upfront)
- The most expensive option
- Useful for software that have complicated licensing model (BYOL - Bring Your Own License)
- Or for companies that have strong regulatory or compliance needs
Dedicated Instances:
- No other customers will share your hardware
- May share hardware with other instances in same account
- No control over instance placement (can move hardware after Stop / Start)
Capacity Reservations
- Reserve On-Demand instances capacity in a specific AZ for any duration
- You always have access to EC2 capacity when you need it
- No time commitment (create/cancel anytime), no billing discounts
- Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts
- You're charged at On-Demand rate whether you run instances or not 运行与否都要付钱
- Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ
价格示例:
与选择的区域、类型有关,此为m4.large在同一区域的价格对比:
EC2 User Data
- 使用EC2 User Data 脚本,在首次启动时,执行一次
- 使用场景: 如安装软件(如anti-virus)、打补丁、下载文件、 系统加固等等
IAM Roles for EC2 Instance
禁止提供安全凭证用于aws configure, 已经启用的,可以在IAM中停用凭证,并将客户端的 ~/.aws/crendentials 文件删除。
正确方式:
- 在 IAM 页面,左侧菜单栏选择 Role , 创建角色,可信实体 -- AWS服务, 使用案例 -- EC2, 下一步后在权限策略中搜索并选择SupportUser后下一步,创建角色名称ExecuteProwler 后点击按钮创建角色。
- 在 EC2 页面,选中需要使用aws cli的实例, 依次点击按钮 操作 --> 安全 --> 修改IAM角色, 添加角色ExcuteProwler。
