AWS Usage an SAA Holder Didn’t Know
When I passed SAA in 2021, I didn’t have much work experience on AWS. In this article, I will share what I’ve learned during my work and my study for SAP and MLS.
Who should read this page
People who are at the Cloud Practitioner or Solutions Architect Associate level
People who are studying for other AWS certifications
People who studied AWS but don’t have much work experience
1. What are burstable EC2 instances?
When I learned for SAA, the Udemy instructor just said “t family is burstable”. I didn’t know how EC2 instances can burst and how long the burst may last.
Cost
In order to understand this concept, cost is an important factor. t instances (burstable instances) are much cheaper than the other instances with the same CPU and RAM if you only see the price list.
For example, t3.mediam is $0.0416 per hour, while c5.large is $0.085 per hour in US East (Ohio), even though both are 2 vCPU, 4GiB instances.
Why?
It’s because you can’t fully use t instance’s CPU at the listed price!
Credit
So how do t instances work? Each instance has its baseline of CPU utilization. For example, t2.micro’s baseline is 10%. If less than 10% is used, then you can get “credits”. On the other hand, if more than 10% is used, you have to spend “credits” to keep “burst”.
If you use more than 10% of CPU and spend all credits, then you have to choose either (1) pay more to keep “burst” or (2) stop and forcefully make the CPU utilization below the baseline. You can set up this behavior in the instances page.
Select an instance → Click “Actions” → Click “Instance settings” → “Change credit specification”.
Use case
Because of this specification, burstable instances can be used for websites, for example. Websites are not busy at night, so your instance can save credits, and there are many visitors during the day when your instance may need to spend credits.
Reference
2. Instance stores and EBS volumes
My knowledge about instance stores and EBS volumes were like this below:
Instance stores: Super fast, ephemeral
EBS volumes: Not as fast as instance stores, permanent
I didn’t know how to use them exactly.
The fact is, when creating an EC2 instance, both root volume and additional volumes (“add new volume” button) are EBS volumes.
Then how can we use instance stores? You have to choose an instance type that has an instance store. “Storage” in compare instance types page means instance stores.
3. VPC Endpoints: Difference between gateways and interfaces
S3 and DynamoDB have both gateway endpoints and interface endpoints, so which one should we choose?
Gateway endpoints are free of charge but interface endpoints aren’t free, so use gateway endpoints if possible.
“If possible”? Yes, gateway endpoints have limitations.
In short, one gateway endpoint is only for one specific VPC. If you want to use Transit Gateway etc. to access S3/DynamoDB from a VPC without a gateway endpoint, there is no natively supported method. Therefore, interface endpoints may be easier for you to set up.
Reference
https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
4. Systems Manager Session Manager
When I studied AWS, I didn’t know how useful Session Manager is.
Without Session Manager, you would have to set up a bastion server by yourself to secure access. However, Session Manager makes bastion servers obsolete.
If your instance has these 3 things, then you can SSH into your instance. (There are other conditions, but you don’t have to pay too much attention to them in many cases. Please refer to the reference for more details.)
- IAM Policy: AmaonSSMManagedInstanceCore
- Public IP or NAT Gateway (outbound 443 access)
- SSM Agent (You don’t have to think about this if using Amazon Linux 2.)
The point is you don’t even allow any inbound access via security group nor create SSH keys.
The usage is also simple. Just click “Connect” button on the top right of instances page.
Reference
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-prerequisites.html
