ELB comparison https://www.sumologic.com/aws/elb/aws-elastic-load-balancers-classic-vs-application/
Create additional account on a linux machine
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managing-users.html
Export all the EC2 information in a google drive sheet
you need to enable this pluing and select an iam account keys with ec2 readonly permissions
https://chrome.google.com/webstore/detail/amazon-ec2-reports/mliidcedfplmhaagjiaoidjnljhbflco
Login in a windows machine
The procedure is not the same here the details http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/EC2Win_GetStarted.html#connecting_to_windows_instance
From linux with remmina , i put the secure connection to "RDP" and the connection was enstablish but every 20 seconds fall down. From windows with the default program instead works.
Automation of instance
In this nice article http://www.fittedcloud.com/blog/cloudssh-an-intelligent-ssh-tool-for-cloud-developers/ this developer explain how to automate the day by day job
- Powers up an instance
- Gets its IP address
- SSH to the instance
- Powers down the instance when the SSH session ends and no other SSH sessions exist.
Expand of an hard disk linux and windows
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-expand-volume.html
Copy an instance from a Region to another using AMI
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
steps to do
- connecto to source region
- create a snapshot of the machine to copy
- create an ami from the snapshot
- copy the ami just created to the destination region
- login to the destination region
- create an instance from that ami copied before
Problema con alcune micro
Mi è capitato in una sola micro di avere un bug che al riavvio non riuscivo più ad entrare in ssh perchè il demone non veniva avviato. Cercando un po' sul web parla di storage effimeri da eliminare da fstab. Questo non c'entra niente perchè sulla micro non avevo storage effimeri ma solo uno fisso da 8 GB. Su alcune istanze della stessa ami mi è capitato su altre no.
Per risolvere il problema ho operato così
- spento la macchina in questione
- detach lo storage
- montato su un'altra macchina accessa come storage aggiuntivo, lo monta senza problemi
- modificare il file della conf di ssh come spiegato sotto
- detach storage e attach alla macchina originaria
- riavvio macchina orginaria
Il file è /etc/init/ssh.conf
Ho rimpiazzato il pezzo
start on filesystem
con
start on (started network-interface or started network-manager or started networking)
Riferimenti sui forum https://forums.aws.amazon.com/thread.jspa?threadID=51267 e https://forums.aws.amazon.com/thread.jspa?threadID=51279
Amazon EBS Volume Performance
source http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerformance.html
Amazon EBS Performance Tips
- There is a 5 to 50 percent reduction in IOPS when you first access each block of data on a newly created or restored EBS volume (General Purpose (SSD), Provisioned IOPS (SSD), or Magnetic). You can avoid this performance hit by accessing each block in advance. Prewarm
- General Purpose (SSD) and Provisioned IOPS (SSD) volumes have a throughput limit of 128 MB/s per volume. Some instance types can drive more I/O throughput than you can provision for a single volume. You can join multiple General Purpose (SSD) or Provisioned IOPS (SSD) volumes together in a RAID 0 configuration to use the available bandwidth for these instances. You can also provide redundancy for your volumes with a RAID 1 (mirrored) configuration. For more information,
- Amazon Web Services provides performance metrics for EBS that you can analyze and view with Amazon CloudWatch and status checks that you can use to monitor the health of your volumes. For more information, see Monitoring the Status of Your Volumes.
- Frequent snapshots provide a higher level of data durability, but they may slightly degrade the performance of your application while the snapshot is in progress. This trade off becomes critical when you have data that changes rapidly. Whenever possible, plan for snapshots to occur during off-peak times in order to minimize workload impact.
Some interesting links:
- consideration http://www.n2ws.com/blog/aws-ebs-pricing-hdd-and-ssd.html
- good summary table http://www.fittedcloud.com/resources/
Workload Demand
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-workload-demand.html
Amazon EC2 Instance Configuration
The only way to ensure sustained reliable network bandwidth between your EC2 instance and your EBS volumes is to launch the EC2 instance as EBS-optimized or choose an instance type with 10 Gigabit network connectivity. To see which instance types include 10 Gigabit network connectivity, see Instance Type Details.
In this page http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-ec2-config.html there is a list of images and Dedicated EBS Throughput (Mbps) Max 16K IOPS** Max Bandwidth (MB/s)
I/O Characteristics - What are IOPS?
- IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is 256 KB or smaller) as one IOPS.
- I/O operations that are larger than 256 KB are counted in 256 KB capacity units. For example, a 1,024 KB I/O operation would count as 4 IOPS.
- When you provision a 4,000 IOPS volume, you can transfer up to 4,000 chunks of data per second
- This configuration could transfer 4,000 32 KB chunks, 2,000 64 KB chunks, or 1,000 128 KB chunks of data per second as well, before hitting the 128 MB/s per volume throughput limit.
- For 32 KB or smaller I/O operations, you should see the amount of IOPS that you have provisioned, provided that you are driving enough I/O to keep the drives busy.
- For smaller I/O operations, you may even see an IOPS value that is higher than what you have provisioned (when measured on the client side), and this is because the client may be coalescing multiple smaller I/O operations into a smaller number of large chunks.
Pre-Warming Amazon EBS Volumes
you can avoid this performance hit in a production environment by writing to or reading from all of the blocks on your volume before you use it; this process is called pre-warming. Writing to all of the blocks on a volume is preferred, but that is not an option for volumes that were restored from a snapshot.
in this page http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-prewarm.html is written like do this with the dd command in linux
RAID Configuration
how create a raid 0 or 1 in linux http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/raid-config.html
Benchmark Volumes
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/benchmark_piops.html
how to do benchmarck with xfsprogs in linux
Linux AMI
if you want use postfix on linux ami you need to remove sendmail installed by default , like is showed here
http://cybart.com/how-to-install-and-configure-postfix-on-amazon-ec2/
/etc/init.d/sendmail stop
yum remove sendmail
/etc/init.d/postfix start
edit the main.cf and restart postfix
check the log in /var/log/maillog
Reading userdata user-data user_data inside a machine
curl http://169.254.169.254/latest/user-data
Cloud-init / userdata in a windows machine
- as you can read here http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html you need to specify that you are using a powershell in the insert box
<powershell>
echo "eu-west-1.compute.internal eu-west-1.ec2-utilities.amazonaws.com" > c:\lab1.txt
Invoke-WmiMethod -class win32_networkadapterconfiguration -name setdnssuffixsearchorder -argumentlist @("eu-west-1.compute.internal", "eu-west-1.ec2-utilities.amazonaws.com", "lab1"), $null
</powershell>
Nice Script to add ad hoc rule for tmp access
#!/bin/zsh
ip=`curl -s https://api.ipify.org`
aws ec2 authorize-security-group-ingress --profile btsz --region=eu-west-1 --protocol tcp --port 22 --cidr $ip/32 --group-id sg-xxxxx
ssh -A -i ~/.ssh/mykey.pem ec2-user@myipmachineordns
aws ec2 revoke-security-group-ingress --profile btsz --region=eu-west-1 --protocol tcp --port 22 --cidr $ip/32 --group-id sg-xxxxx
Reset the password for EC2 windows instance
If you restore from an AMI snapshot backup the password from the webconsole it is not available again
To enable it again go to
SYSTEMS MANAGER SERVICES ==> Automations ==> Run Automations
"Document name" and choose the AWSSupport-ResetAccess
Instance ID the id of the instance to reset,
subnet the same subnet of the instance to modify
AssumeRole, it is not necessary setup
It is necessary wait 20/30 minutes so the changes is done.
The machine will be stopped and started
if you want to see this process look the video in this page https://aws.amazon.com/de/premiumsupport/knowledge-center/reset-admin-password/ from minute 7
Important seems you cannot run more than 1 in parallel otherwise, I had 1 fail when I tried 2 restore in parallel