Cloud & MLOps ☁️
Compute in the Cloud
EC2: Virtual Machines

EC2: Virtual Machines

The main features of compute in the cloud are:

  • Multitenancy: Sharing underlying hardware between virtual machines.
    • Whenever you launch an EC2, it is multi-tenant. i.e. Multiple customers running workloads on the same hardware. virtual isolation is what separates customers.
  • Vertical Scaling: Increase memory and CPU.
  • CaaS: Compute as a Service.

What is Amazon EC2?

Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud.

  • EC2 is one of the most popular of AWS’ offering
  • EC2 = Elastic Compute Cloud = Infrastructure as a Service
  • It mainly consists in the capability of :
    • Renting virtual machines (EC2)
    • Storing data on virtual drives (EBS)
    • Distributing load across machines (ELB)
    • Scaling the services using an auto-scaling group (ASG)
  • Knowing EC2 is fundamental to understand how the Cloud works

EC2 sizing & configuration options

  • Operating System (OS): Linux, Windows or Mac OS
  • How much compute power & cores (CPU)
  • How much random-access memory (RAM)
  • How much storage space:
    • Network-attached (EBS & EFS)
    • hardware (EC2 Instance Store)
  • Network card: speed of the card, Public IP address
  • Firewall rules: security group
  • Bootstrap script (configure at first launch): EC2 User Data

EC2 User Data

  • It is possible to bootstrap our instances using an EC2 User data script.
  • bootstrapping means launching commands when a machine starts
  • That script is only run once at the instance first start
  • EC2 user data is used to automate boot tasks such as:
    • Installing updates
    • Installing software
    • Downloading common files from the internet
    • Anything you can think of
  • The EC2 User Data Script runs with the root user

EC2 Instance Types - Overview

General Purpose

Provide a balance of compute, memory and networking resources. You can use them for a variety of workloads, such as:

  • Application Servers.
  • Gaming Servers.
  • Backend Servers for enterprise applications.
  • Small and medium databases.

Compute Optimized

  • Great for compute-intensive tasks that require high performance processors:
    • Batch processing workloads
    • Media transcoding
    • High performance web servers
    • High performance computing (HPC)
    • Scientific modeling & machine learning
    • Dedicated gaming servers

Memory Optimized

Are designed to deliver fast performance for workloads that process large datasets in memory.Use cases:

  • High performance, relational/non-relational databases
  • Distributed web scale cache stores
  • In-memory databases optimized for BI (business intelligence)
  • Applications performing real-time processing of big unstructured data

Storage Optimized

Are designed for workloads that require high, sequential read and write access to large datasets on local storage. Use cases:

  • High frequency online transaction processing (OLTP) systems
  • Relational & NoSQL databases
  • Cache for in-memory databases (for example, Redis)
  • Data warehousing applications
  • Distributed file systems

IOPS (Input/Output operations per second) is the metric that measures the performance of a storage device.

Accelerated Computing

Use hardware accelerators, or coprocessors to perform some functions more efficiently than is possible in software running on CPUs.

  • Graphics Processing Units (GPUs) are designed to handle compute-intensive parallel processing tasks.
  • Floating-point number calculations.
  • Data pattern matching.

EC2 Instance Types: example

InstancevCPUMem (GiB)StorageNetwork PerformanceEBS Bandwidth (Mbps)
t2.micro11EBS-OnlyLow to Moderate
c5d.4xlarge16321 x 400 NVMe SSDUp to 10 Gbps4,750
r5.16xlarge64512EBS Only20 Gbps13,600
m5.8xlarge32128EBS Only10 Gbps6,800

t2.micro is part of the AWS free tier (up to 750 hours per month)

Introduction to Security Groups

  • Security Groups are the fundamental of network security in AWS
  • They control how traffic is allowed into or out of our EC2 Instances.
  • Security groups only contain allow rules
  • Security groups rules can reference by IP or by security group

Deeper Dive

  • Security groups are acting as a “firewall” on EC2 instances
  • They regulate:
    • Access to Ports
    • Authorised IP ranges - IPv4 and IPv6
    • Control of inbound network (from other to the instance)
    • Control of outbound network (from the instance to other)

Security Groups Diagram

Good to know

  • Can be attached to multiple instances
  • Locked down to a region / VPC combination
  • Does live “outside” the EC2 - if traffic is blocked the EC2 instance won’t see it
  • It’s good to maintain one separate security group for SSH access
  • If your application is not accessible (time out), then it’s a security group issue
  • If your application gives a “connection refused“ error, then it’s an application error or it’s not launched
  • All inbound traffic is blocked by default
  • All outbound traffic is authorized by default

Classic Ports to know

  • 22 = SSH (Secure Shell) - log into a Linux instance
  • 21 = FTP (File Transfer Protocol) - upload files into a file share
  • 22 = SFTP (Secure File Transfer Protocol) - upload files using SSH
  • 80 = HTTP - access unsecured websites
  • 443 = HTTPS - access secured websites
  • 3389 = RDP (Remote Desktop Protocol) - log into a Windows instance

EC2 Instance Launch Types

On Demand Instance

  • Pay for what you use:
    • Linux or Windows - billing per second, after the first minute
    • All other operating systems - billing per hour
  • Has the highest cost but no upfront payment
  • No long-term commitment
  • Default one when you launch an EC2 instance
  • Recommended for short-term and un-interrupted workloads, where you can't predict how the application will behave
  • Are ideal for short-term, irregular workloads that cannot be interrupted. The instance runs continuously until you stop them, and you pay for only the compute time you use.

Reserved Instances

Are billed discounts applied to the use of On-Demand instances in your account. You can purchase Standard Reserved and Convertible Reserved Instances for a 1-year or 3-year term, and schedule reserved instances for a 1-year term. At the end of the reserved instance term, you can continue using the Amazon EC2 instance without interruption. However, you are charged On-Demand rates until you Terminate the instance or Purchase a new reserved instance that matches the instance attributes (type, region, platform).

  • Up to 72% discount compared to On-demand (Best long-term value)
  • You reserve a specific instance attributes (Instance Type, Region, Tenancy, OS)
  • Reservation Period - 1 year (+discount) or 3 years (+++discount)
  • Payment Options - No Upfront (+), Partial Upfront (++), All Upfront (+++)
  • Reserved Instance’s Scope - Regional or Zonal (reserve capacity in an AZ)
  • Recommended for steady-state usage applications (think database)
  • You can buy and sell in the Reserved Instance Marketplace
  • Use case: steady state or predictable usage
  • Reduced Pricing is based on Term x Class Offering x Payment Option
  • In terms of Payment options, 'no upfront' is interesting as you can use for a year and pay at the end of the year.
  • Reserved Instances can be shared between multiple accounts. You can always sell those to someone else with those contracts.

Class offerings include:

  • Standard Up to 75% reduced pricing compared to on-demand. Cannot change RI (Reserved Instance) Attributes. Cant change to a larger onstance type.
  • Convertible Up to 66% reduced pricing compared to on-demand. Allows you to change RI Attributes (instance type, instance family, OS, scope and tenancy) if greater or equal in value.
  • Scheduled You reserve instances for specific time periods eg. once a week for a few hours. Savings vary

Savings Plans

Enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. This term commitment results in savings of up to 72% over On-Demand costs. Any usage up to the commitment is charged at the discounted Saving Plan rate. Any usage beyond the commitment is charged at regular On-Demand rates.

  • Get a discount based on long-term usage (up to 72% - same as RIs)
  • Commit to a certain type of usage ($10/hour for 1 or 3 years)
  • Usage beyond EC2 Savings Plans is billed at the On-Demand price
  • Locked to a specific instance family & AWS region (e.g., M5 in us-east-1)
  • Flexible across:
    • Instance Size (e.g., m5.xlarge, m5.2xlarge)
    • OS (e.g., Linux, Windows)
    • Tenancy (Host, Dedicated, Default)

Spot Instances

These are ideal for workloads with flexible start and end times, or that can withstand interruptions. Spot instances use unused Amazon EC2 computing capacity and offer you cost savings at up to 90% off of On-Demand prices. You get the biggest savings with this. To maximise the use of their idle servers (like when hotels offers vacant room or plane with vacant seats). Only Caveat is that if another customer who pays a higher price wants to use the compute resource, AWS will give the capacity away. This instance can be terminated at any given time. If it is terminated, that hour is not charged by AWS.

  • Can get a discount of up to 90% compared to On-demand
  • Instances that you can “lose” at any point of time if your max price is less than the current spot price
  • The MOST cost-efficient instances in AWS
  • Useful for workloads that can handle interruptions (server randomly stopping and starting)
    • Batch jobs
    • Data analysis
    • Image processing
    • Any distributed workloads
    • Workloads with a flexible start and end time
    • For non-critical background jobs.
  • Not suitable for critical jobs or databases

Dedicated Hosts

These are the most expensive. They are physical servers with Amazon EC2 instances capacity that is fully dedicated to your use. You can use your existing per-socket, per-core, or per-VM software licenses to help maintain license compliance.

  • A physical server with EC2 instance capacity fully dedicated to your use
  • Normally used if you must meet regulatory requirements. When you have a strict server bound licencing that won't support multi-latency or cloud deployment
  • Single tenant, is when a single customer has dedicated hardware. Physical isolation is what separates customers in this case, as opposed to virtual isolation with multi-tenancy.
  • Purchasing Options:
    • On-demand - pay per second for active Dedicated Host
    • Reserved - 1 or 3 years (No Upfront, Partial Upfront, All Upfront)
  • The most expensive option
  • Useful for software that have complicated licensing model (BYOL - Bring Your Own License)
  • Or for companies that have strong regulatory or compliance needs

Dedicated Instances

  • Instances run on hardware that’s dedicated to you
  • May share hardware with other instances in same account
  • No control over instance placement (can move hardware after Stop / Start)

Capacity Reservations

  • Reserve On-Demand instances capacity in a specific AZ for any duration
  • You always have access to EC2 capacity when you need it
  • No time commitment (create/cancel anytime), no billing discounts
  • Combine with Regional Reserved Instances and Savings Plans to benefit from billing discounts
  • You’re charged at On-Demand rate whether you run instances or not
  • Suitable for short-term, uninterrupted workloads that needs to be in a specific AZ

Which purchasing option is right for me?

  • On demand: coming and staying in resort whenever we like, we pay the full price
  • Reserved: like planning ahead and if we plan to stay for a long time, we may get a good discount.
  • Savings Plans: pay a certain amount per hour for certain period and stay in any room type (e.g., King, Suite, Sea View, …)
  • Spot instances: the hotel allows people to bid for the empty rooms and the highest bidder keeps the rooms. You can get kicked out at any time
  • Dedicated Hosts: We book an entire building of the resort
  • Capacity Reservations: you book a room for a period with full price even you don’t stay in it

Price Comparison Example

This if for an m4.large in us-east-1:

Price TypePrice (per hour)
Spot Instance (Spot Price)$0.038 - $0.039 (up to 61% off)
Reserved Instance (1 year)$0.062 (No Upfront) - $0.058 (All Upfront)
Reserved Instance (3 years)$0.043 (No Upfront) - $0.037 (All Upfront)
EC2 Savings Plan (1 year)$0.062 (No Upfront) - $0.058 (All Upfront)
Reserved Convertible Instance (1 year)$0.071 (No Upfront) - $0.066 (All Upfront)
Dedicated HostOn-Demand Price
Dedicated Host ReservationUp to 70% off
Capacity ReservationsOn-Demand Price

Shared Responsibility Model for EC2

Infrastructure (global network security)Security Groups rules
Isolation on physical hostsOperating-system patches and updates
Replacing faulty hardwareSoftware and utilities installed on the EC2 instance
Compliance validationIAM Roles assigned to EC2 & IAM user access management, Data security on your instance

EC2 Summary

  • EC2 Instance: AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data
  • Security Groups: Firewall attached to the EC2 instance
  • EC2 User Data: Script launched at the first start of an instance
  • SSH: start a terminal into our EC2 Instances (port 22)
  • EC2 Instance Role: link to IAM roles
  • Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance