Section 7 - EC2 Instance Storage

EBS Volume
- An EBS (Elastic Block Store) Volume is a network drive you can attach to your instances while they run
- Think of them as a "network USB stick"
- uses the network to communicate the instance, which means there might be a bit of latency
- can be detached from an EC2 instance and attached to another one quickly
- Allows your instances to persist data, even after their termination
- They can only be mounted to one instance at a time (at the CCP level)
- They are bound to a specific availability zone
- to move a volume across, you first need to snapshot it
  - EBS Snapshots
  - Make a backup (snapshot) of your EBS volume at a point in time
  - Not necessary to detach volume to do snapshot (recommended)
  - Can copy snapshots across AZ or Region
- Have a provisioned capacity (size in GBs, and IOPS)
- Billed for all provisioned capacity'
- Can increase the capacity of the drive over time
- Delete on termination attribute
- Controls the EBS behavior when an EC2 instance terminates
  - By default the root ebs volume is deleted (attribute enabled)
  - By default any other attached EBS volume is not deleted (attribute disabled)
- Use: preserve root volume when an instance is terminated
AMI - Amazon Machine Images
- Customization of an EC2 Instance
- can add your own software, config, os, monitoring…
- faster boot/configuration time because all your software is pre-packaged
- Built for a specific region (can be copied across)
- Launch EC2 instance from:
- Public AMI: AWS provided
- Own AMI: make and maintain them yourself
- AWS Marketplace AMI: made by someone else (potentially sold/bought)
- Process
- Start Ec2 instance and customize it
- Stop instance (for data integrity)
- Build an AMI - will also create EBS snapshot
- Launch instances from other AMIs
EC2 Instance Store
- EBS volumes are good but "limited" performance
- If you need a high-performance hardware disk, use EC2 Instance Store
- Better I/O Performance
- Good for buffer/cache/scratch data/temporary content
- Risk of data loss if hardware fails
- Backups and Replication are your responsibility
EBS Volume Types
- Types
- gp2/gp3 (SSD): General purpose SSD volume that balances price and performance for a wide variety of workloads
  - development and test environments
  - cost effective storage, low latency
  - System boot volumes, virtual desktops, development and test environments
  - Volume Size: 1 GiB- 16 YiB
  - Max IOPS per volume: 16,000
  - gp3:
  - Can increase IOPs independently
  - gp2:
  - Size of the volume and IOPs are linked
- Provisioned IOPS (PIOPS) SSD
  - Critical business application with sustained IOPS performance
  - Great for database workloads (sensitive to storage perf and consistency)
  - io1/io2 (SSD): Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
  - EBS Multi-Attach - attach the same EBS volume to multiple EC2 instances in the same AZ
    - Must use a file system that's cluster-aware (not XFS, EX4, etc..)
    - each instance has full read and write permissions to the volume
    - Use case:
    - Achieve higher application availability
    - Applications must manage concurrent write operations
- st 1 (HDD): Low cost HDD volume designed for frequently accessed, throughput intensive workloads
  - Uses: Big data, data warehouses, log processing
  - Cannot be a boot bolume
  - Throughput Optimized HDD
  - Max: 500 MiB/s
- sc 1 (HDD): Lowest cose HDD volume designed for les frequently accessed workloads
  - Uses:
  - for data that is infrequently accessed
  - scenarios where lowest cost is important
  - Max: 250 MiB/s
- EBS volumes are characterized in size/throughput/IOPS (I/O Ops Per Sec)
- Only gp2/gp3 and io 1/io2 can be used as boot volumes
EBS Encryption
- Get the following:
- Data at rest is encrypted inside the volume
- All the data in flight moving between the instance and the volume is encrypted
- All snapshots are encrypted
- All volumes created from the snapshot
- Handled transparently
- Minimum impact on latency
- leverages keys from KMS (AES-256)
- Copying an unencrypted snapshot allows encryption
- Snapshots of encrypted volumes are encrypted
- Process:
- Create an EBS snapshot of the volume
- Encrypt the EBS Snapshot (using copy)
- Create new ebs volume from the snapshot (volume will also be encrypted)
- Can attach the encrypted volume to the original instance
EFS - Elastic File System
- Managed NFS (network file system) that can be mounted on many EC2 instances across AZ
- Highly available, scalable, expensive (3 * gp2) but pay per use
- Use cases: content management, web serving, data sharing, wordpress
- Uses security group to control access to EFS
- Compatible with Linux based AMI (not windows)
- Encryption at rest using KMS
- No capacity planning
- EFS Scale:
- 1000s of concurrent NFS clients, 10 GB+ throughput
- Grow to Petabyte scale network file system automatically
- Performance Mode (set at EFS creation time):
- General purpose (default): latency-sensitive use cases (web sever, CMS, etc…)
- Max I/O - higher latency, throughput, highly parallel (big data, media processing)
- Throughput Mode:
- Bursting (1 TB)
- Provisioned: set your throughput regardless of storage size
Storage Tiers (lifecycle management feature - move file after N days)
- Standard: for frequently accessed files
- Infrequent access (EFS-IA): cost to retrieve files, lower price to store
EFS vs EBS
- EBS:
- EBS Volumes:
  - only attached to one instance at a time
  - locked to AZ
  - gp2: IO increases if the disk size increases
  - io 1: can increase IO independently
- To migrate an EBS volume across AZ
  - Take a snapshot
  - Restore the snapshot to another AZ
  - EBS backups use IO and you shouldn't run them while your application is handling a lot of traffic
- Root EBS volumes of instances get terminated by default if the EC2 instance gets terminated (can disable)
- EFS
- Can mount multiple instance across multiple AZs
- EFS share website files
- Only for linux instances (POSIX)
- Higher price point than EBS
  - Can leverage EFS-IA for cost savings