26. AMI Types (EBS vs Instance Store)
AMI = Amazon Machine Image
AMIs are ready to use EC2 instances with customizations. Represents customization of EC2 instance.
Within custom AMI we can have our own software configuration, OS and monitoring tool…
Faster boot/ configuration time because all the software is pre-packaged through AMI.
AMIs are built for a specific region and can be copied across regions.
We can launch EC2 instances from:
i) Public AMI: AWS provided. Most popular is ‘Amazon Linux 2 AMI’
ii) Custom AMI: Create and maintain by user
iii) AWS Marketplace: An AMI created and sold by someone else
AMI Process (from an EC2 instance)
i) Start an EC2 instance and customize it.
ii) Stop the instance for data integrity
iii) Build an AMI – This will also create EBS snapshots
iv) Launch instances from other AMIs
us-east-1a >> EC2 instance >> AMI >> Create custom AMI >> use this custom AMI in another EC2 instance in us-east-1b
EC2 Image Builder
Used to automate the creation of virtual machines or container images or AMIs. Means able to automate the creation, maintain, validate and test EC2 AMIs.
EC2 Image Builder when runs will create an EC2 instance called ‘Builder EC2 Instance’. This instance is going to build components and customized s/w installs. A new AMI is going to be created out of that instance. EC2 Image Builder will automatically creates a ‘Test EC2 Instance’ from the newly created AMI and going to run bunch of tests that are defined in advance. We can skip the test, if we do not want to run. But the test validates whether AMI is working properly and secured? application running correctly? Once the AMI is tested then the AMI is going to be distributed. The Image Builder is regional service and AMI lets you to distribute across regions.
The image builder can run on a schedule basis. Like weekly schedule or whenever the packages are updated or we can run it manually and is a free service.
Instance Store
High performance hardware disk attached to EC2 instance.
EBS volumes are network drives with good but limited performance. If we want a high performance, then attach a hard disk to EC2 instance. EC2 instance is a virtual machine but it is attached to real hardware server. Some of the servers do have disk space that is directly attached with the physical connection on to the server. Better I/O performance and good throughput.
If we stop or terminate EC2 instance that has an instance store then the storage will be lost and its called Ephemeral storage. Use case: Good for buffer/ cache/ scratch data/ temporary content but not for long term storage. For long term storage EBS would be the best use case. If the underlying server of EC2 instance fails then we have risk of data loss as the hardware attached to the instance also fails. So if we decide to use an instance store then its our responsibility to maintain backups and replications.
Question 1:
A company wants some EBS volumes with maximum possible Provisioned IOPS (PIOPS) to support high-performance database workloads on EC2 instances. The company also wants some EBS volumes that can be attached to multiple EC2 instances in the same Availability Zone. As an AWS Certified Solutions Architect Associate, which of the following options would you identify as correct for the given requirements? (Select two)
Answer: a. Use io2 Block express volumes on Nitro-based EC2 instances to achieve a maximum Provisioned IOPS of 256,000
b. Use io1/ io2 volumes to enable Multi-Attach on Nitro-based EC2 instances
Explanation: EBS io2 Block Express is the next generation of Amazon EBS storage server architecture. It has been built for the purpose of meeting the performance requirements of the most demanding I/O intensive applications that run on Nitro-based Amazon EC2 instances. With io2 Block Express volumes, you can provision volumes with Provisioned IOPS (PIOPS) up to 256,000, with an IOPS:GiB ratio of 1,000:1.
Amazon EBS Multi-Attach enables you to attach a single Provisioned IOPS SSD (io1 or io2) volume to multiple instances that are in the same Availability Zone. You can attach multiple Multi-Attach enabled volumes to an instance or set of instances. Each instance to which the volume is attached has full read and write permission to the shared volume. Multi-Attach makes it easier for you to achieve higher application availability in clustered Linux applications that manage concurrent write operations.
Question 2:
The solo founder at a tech startup has just created a brand new AWS account. The founder has provisioned an EC2 instance 1A which is running in region A. Later, he takes a snapshot of the instance 1A and then creates a new AMI in region A from this snapshot. This AMI is then copied into another region B. The founder provisions an instance 1B in region B using this new AMI in region B. At this point in time, what entities exist in region B?
Answer: 1 EC2 instance, 1 AMI and 1 snapshot exist in region B
Explanation: An Amazon Machine Image (AMI) provides the information required to launch an instance. You must specify an AMI when you launch an instance. When the new AMI is copied from region A into region B, it automatically creates a snapshot in region B because AMIs are based on the underlying snapshots. Further, an instance is created from this AMI in region B. Hence, we have 1 EC2 instance, 1 AMI and 1 snapshot in region B.
Question 3:
A company’s application is running on Amazon EC2 instances in a single Region. In the event of a disaster, a solutions architect needs to ensure that the resources can also be deployed to a second Region.
Which combination of actions should the solutions architect take to accomplish this? (Select TWO.)
Options:
A. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify the second Region for the destination
B. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the second Region using that EBS volume
C. Launch a new EC2 instance in the second Region and copy a volume from Amazon S3 to the new instance
D. Detach a volume on an EC2 instance and copy it to an Amazon S3 bucket in the second Region
E. Launch a new EC2 instance from an Amazon Machine Image (AMI) in the second Region
Answer: A & E
Explanation
You can copy an Amazon Machine Image (AMI) within or across AWS Regions using the AWS Management Console, the AWS Command Line Interface or SDKs, or the Amazon EC2 API, all of which support the CopyImage action.
Using the copied AMI the solutions architect would then be able to launch an instance from the same EBS volume in the second Region.
Note: the AMIs are stored on Amazon S3, however you cannot view them in the S3 management console or work with them programmatically using the S3 API.
CORRECT: “Copy an Amazon Machine Image (AMI) of an EC2 instance and specify the second Region for the destination” is a correct answer.
CORRECT: “Launch a new EC2 instance from an Amazon Machine Image (AMI) in the second Region” is also a correct answer.
INCORRECT: “Detach a volume on an EC2 instance and copy it to an Amazon S3 bucket in the second Region” is incorrect. You cannot copy EBS volumes directly from EBS to Amazon S3.
INCORRECT: “Launch a new EC2 instance in the second Region and copy a volume from Amazon S3 to the new instance” is incorrect. You cannot create an EBS volume directly from Amazon S3.
INCORRECT: “Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the second Region using that EBS volume” is incorrect. You cannot create an EBS volume directly from Amazon S3.
Question 4:
A research group needs a fleet of EC2 instances for a specialized task that must deliver high random I/O performance. Each instance in the fleet would have access to a dataset that is replicated across the instances. Because of the resilient application architecture, the specialized task would continue to be processed even if any instance goes down, as the underlying application architecture would ensure the replacement instance has access to the required dataset.
Which of the following options is the MOST cost-optimal and resource-efficient solution to build this fleet of EC2 instances?
Options
A. Use EBS based EC2 instances
B. Use EC2 instances with EFS mount points
C. Use EC2 instances with access to S3 based storage
D. Use Instance Store based EC2 instances
Answer: D
Explanation
Correct option:
Use Instance Store based EC2 instances
An instance store provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. Instance store is ideal for the temporary storage of information that changes frequently such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers. Instance store volumes are included as part of the instance’s usage cost.
As Instance Store based volumes provide high random I/O performance at low cost (as the storage is part of the instance’s usage cost) and the resilient architecture can adjust for the loss of any instance, therefore you should use Instance Store based EC2 instances for this use-case.
Incorrect options:
Use EBS based EC2 instances – EBS based volumes would need to use Provisioned IOPS (io1) as the storage type and that would incur additional costs. As we are looking for the most cost-optimal solution, this option is ruled out.
Use EC2 instances with EFS mount points – Using EFS implies that extra resources would have to be provisioned. As we are looking for the most resource-efficient solution, this option is also ruled out.
Use EC2 instances with access to S3 based storage – Using EC2 instances with access to S3 based storage does not deliver high random I/O performance, this option is just added as a distractor.
Question 5:
The DevOps team at a multi-national company is helping its subsidiaries standardize EC2 instances by using the same Amazon Machine Image (AMI). Some of these subsidiaries are in the same AWS region but use different AWS accounts whereas others are in different AWS regions but use the same AWS account as the parent company. The DevOps team has hired you as a solutions architect for this project.
Which of the following would you identify as CORRECT regarding the capabilities of AMIs? (Select three)
Options:
A• Copying an AMI backed by an encrypted snapshot results in an unencrypted target snapshot
B• You can share an AMI with another AWS account
C• You cannot share an AMI with another AWS account
D• You cannot copy an AMI across AWS Regions
E• Copying an AMI backed by an encrypted snapshot cannot result in an unencrypted target snapshot
F• You can copy an AMI across AWS Regions
Answer: B, E & F
Explanation
Correct options:
You can copy an AMI across AWS Regions
You can share an AMI with another AWS account
Copying an AMI backed by an encrypted snapshot cannot result in an unencrypted target snapshot
An Amazon Machine Image (AMI) provides the information required to launch an instance. An AMI includes the following:
One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance.
Launch permissions that control which AWS accounts can use the AMI to launch instances.
A block device mapping that specifies the volumes to attach to the instance when it’s launched.
You can copy an AMI within or across AWS Regions using the AWS Management Console, the AWS Command Line Interface or SDKs, or the Amazon EC2 API, all of which support the CopyImage action. You can copy both Amazon EBS-backed AMIs and instance-store-backed AMIs. You can copy AMIs with encrypted snapshots and also change encryption status during the copy process. Therefore, the option – “You can copy an AMI across AWS Regions” – is correct.
Copying AMIs across regions: via – https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
The following table shows encryption support for various AMI-copying scenarios. While it is possible to copy an unencrypted snapshot to yield an encrypted snapshot, you cannot copy an encrypted snapshot to yield an unencrypted one. Therefore, the option – “Copying an AMI backed by an encrypted snapshot cannot result in an unencrypted target snapshot” is correct.
via – https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html
You can share an AMI with another AWS account. To copy an AMI that was shared with you from another account, the owner of the source AMI must grant you read permissions for the storage that backs the AMI, either the associated EBS snapshot (for an Amazon EBS-backed AMI) or an associated S3 bucket (for an instance store-backed AMI). Therefore, the option – “You can share an AMI with another AWS account” – is correct.
Incorrect options:
You cannot copy an AMI across AWS Regions
You cannot share an AMI with another AWS account
Copying an AMI backed by an encrypted snapshot results in an unencrypted target snapshot
These three options contradict the details provided in the explanation above.
Question 6:
A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database (less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck.
What is the MOST cost-efficient way to improve the database response times?
A. Put the temporary database on a new 50-GB EBS gp2 volume
B. Move the temporary database onto instance storage (Correct)
C. Put the temporary database on a new 50-GB EBS io1 volume with a 3000 IOPS allocation
D. Enable EBS optimization on the instance and keep the temporary files on the existing volume
Explanation
EC2 Instance Stores are high-speed ephemeral storage that is physically attached to the EC2 instance. The i3.large instance type comes with a single 475GB NVMe SSD instance store so it would be a good way to lower cost and improve performance by using the attached instance store. As the files are temporary, it can be assumed that ephemeral storage (which means the data is lost when the instance is stopped) is sufficient.
CORRECT: “Move the temporary database onto instance storage” is the correct answer.
INCORRECT: “Put the temporary database on a new 50-GB EBS io1 volume with a 3000 IOPS allocation” is incorrect. Moving the DB to a new 50-GB EBS io1 volume with a 3000 IOPS allocation will improve performance but is more expensive so will not be the most cost-efficient solution.
INCORRECT: “Put the temporary database on a new 50-GB EBS gp2 volume” is incorrect. Moving the DB to a new 50-GB EBS gp2 volume will not result in a performance improvement as you get IOPS allocated per GB so a smaller volume will have lower performance.
INCORRECT: “Enable EBS optimization on the instance and keep the temporary files on the existing volume” is incorrect. Enabling EBS optimization will not lower cost. Also, EBS Optimization is a network traffic optimization, it does not change the I/O performance of the volume.