The AWS Policy Generator is a tool that enables you to
create policies that control access to Amazon Web Services (AWS) products and
resources. For more information about creating policies, see key concepts in
Using AWS Identity and Access Management. Here are sample policies.
1. Does multiples ENI’s increase the availability of the machine.?
ANS: No, if instance fails all the ENIs attached to
that instance would not be of any use. Multiple ENIs do not increase
Availability or Bandwidth of the machine. Rather, they are there for the
isolation purpose.
2. Normally in an ON-PREM INFRA, we used to have muti
NIC for the webserver not to have a single point of failure in case of one NIC
CARD fails? Where as in AWS its a virtual world and I assume its a managed
service right? we don't have to worry about the Primary failing at all ?
ANS: On AWS, we handle that scenario via Auto-scaling
Group. So that if a machine becomes unreachable, another instance takes its
place.
3. The primary ENI can't be detached, Becoz that's the
one which makes the instance to have a public and/or private IP right?
ANS: Not so. It is more of a restriction from AWS
implementation perspective. In future, they might start allowing it (as you can
detach ROOT EBS volume for a stopped machine).
4. Under health check, the ping target, I gave the path index.html. let's assume I have 2 instances and if I want the index.html to reside in a different location for all the 2 instance, let's assume for the 1st one, it's under var/www/HTML and for the second one if its under var/www ..does the ping target as the intelligence to check the file irrespective if its location?
ANS: Given the fact that all the instances behind an ELB are generally kept identical, the path of the file has to be same. Though, if you have some specific use-case for the above scenario, it could be achieved using Application Load Balancer. But, in Classic ELB, it has to be same path.
5. So the best use case for multi eni would be, Where
in a. In a single large instance with multi ENI, that one instance can be part
of both private and public subnet b. Having said that, I can have web server
facing the internet in the public ENI and the database also in the same
instance in the private ENI and configure the security group accordingly.
ANS: Sorry, Incorrect! When you create ENI, you can
see that its scope is a Subnet (same way scope of an EC2 is also Subnet).
Hence, an EC2 and an ENI would be there only in one subnet (not two).
You can use multi ENI to give 2 different IPs to 2
different user groups. E.g. On an EC2 open port 8080 on IP1 and port 22 on IP2.
Also, attach different security groups in above ENIs. Hence, the users would
never know they are accessing the same machine.
6. So with
multiNIC, I can have multiple websites on the same server, with each Nic
attached to one website?
ANS: You can have multiple websites on one machine
even without multi-NIC. Different webservers (like IIS) support the same.
7. you had mentioned that the ELB internally creates
instances to manage traffic. Just to expand a little on this, So When this ELB
creates the internal instance(i assume its not visible to us ) and it consumes
the private IP's too right, Does the internal instance gets created per
availability zone or per instance? Coz, I attach an ELB to the instance not to
the A.Z ?right? I assume it's something like an agent which gets installed per
instance and sort of polling the Domain LB? pls, correct my understanding?
ANS: Yes, those instances won't be visible to users as
ELB is a managed service. These instances do use ENIs (and hence Private IPs)
from the respective subnets. ELB creates one instance in every subnet (you
choose while ELB creation). There is no agent running on your instances (e.g.
web server). Also, you register your instances to an ELB and hence tell ELB
that it could send traffic to these instances.
8. Under Load balancers / instances, down the page
under availability zone, ELB had created 2 AZ's. whereas I had all 3 of my
instances in the same A.Z, though I can edit it and remove the other A.Z, why
does it create an another AZ reference point when all my instances are in only
one AZ?
ANS: While creating ELB, you can clearly choose which
subnets you want it to handle. It is recommended that you give 2 subnets in 2
different AZs (based on principle of HA). ELB will launch an internal instance
in the subnets you choose while creating ELB.
9. How to convert On-Demand instance into Reserved
instance.
I understand that it's supposed to be simply a billing
difference, however, the tool that AWS provides to purchase a reserved instance
appears to want to create a new instance. It does not provide an interface to
select an existing instance to change billing on.
Super-simple scenario. Consider a customer with a
single micro EC2 instance that he wants to turn into a reserved instance. How
do I do this?
The "Purchase Reserved Instances" wizard in
the console appears to be creating a new instance--a new virtual server. It is
asking questions like which platform, which availability zone, etc. I hope you
can see that my assumption is that if I go through with an RI purchase, I'll
end up with a new micro instance rather than simply telling AWS to bill me
differently for my existing instance.
A reserved instance is actually just a reservation and
no instance will be created when you purchase one. If you have an existing
instance, you simply purchase a reservation matching that instance type, platform,
and availability zone. Behind the scenes, the billing system is constantly
looking at the running instances and your reservations. When there is a match
(same type, platform, az), you automatically get the lower hourly rate.
If you go with a Heavy utilization reservation, you
will however be charged for the full number of hours each month no matter if
you have an instance or not. With Light and Medium, you are only charged when
there is an instance up and running.
A reservation isn't tied to any particular instance,
meaning that you can launch and terminate instances as you wish. You still work
with EC2 in the exact same way as before.
Thank you. I understand now.
I think for the average dummy like me, the reserved
instance purchase process feels too much like setting up a new instance. Easy
to feel like I'm doing the wrong thing. Since it is important to select the
correct instance type and AZ to get the expected benefit, it would be helpful
if their process allowed you to select an existing instance to purchase a
reserved instance that matches the instance type and AZ--especially since the
one-time fee is non refundable.
Thanks!
Let say I got 3 servers and all of them are in the
same AZ, same platform.
can I purchased 2 reserved instance then,
does it means that the 2 servers will be billed by the
reserved intance and the other server will be billed
by on demand?
Yes. That's exactly
what it means.