Questions and Answers

The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources. For more information about creating policies, see key concepts in Using AWS Identity and Access Management. Here are sample policies.

1. Does multiples ENI’s increase the availability of the machine.?

ANS: No, if instance fails all the ENIs attached to that instance would not be of any use. Multiple ENIs do not increase Availability or Bandwidth of the machine. Rather, they are there for the isolation purpose.

2. Normally in an ON-PREM INFRA, we used to have muti NIC for the webserver not to have a single point of failure in case of one NIC CARD fails? Where as in AWS its a virtual world and I assume its a managed service right? we don't have to worry about the Primary failing at all ?

ANS: On AWS, we handle that scenario via Auto-scaling Group. So that if a machine becomes unreachable, another instance takes its place.

3. The primary ENI can't be detached, Becoz that's the one which makes the instance to have a public and/or private IP right?

ANS: Not so. It is more of a restriction from AWS implementation perspective. In future, they might start allowing it (as you can detach ROOT EBS volume for a stopped machine).

4. Under health check, the ping target, I gave the path index.html. let's assume I have 2 instances and if I want the index.html to reside in a different location for all the 2 instance, let's assume for the 1st one, it's under var/www/HTML and for the second one if its under var/www ..does the ping target as the intelligence to check the file irrespective if its location?

ANS: Given the fact that all the instances behind an ELB are generally kept identical, the path of the file has to be same. Though, if you have some specific use-case for the above scenario, it could be achieved using Application Load Balancer. But, in Classic ELB, it has to be same path. 

5. So the best use case for multi eni would be, Where in a. In a single large instance with multi ENI, that one instance can be part of both private and public subnet b. Having said that, I can have web server facing the internet in the public ENI and the database also in the same instance in the private ENI and configure the security group accordingly.

ANS: Sorry, Incorrect! When you create ENI, you can see that its scope is a Subnet (same way scope of an EC2 is also Subnet). Hence, an EC2 and an ENI would be there only in one subnet (not two).

You can use multi ENI to give 2 different IPs to 2 different user groups. E.g. On an EC2 open port 8080 on IP1 and port 22 on IP2. Also, attach different security groups in above ENIs. Hence, the users would never know they are accessing the same machine.

6. So with multiNIC, I can have multiple websites on the same server, with each Nic attached to one website?

ANS: You can have multiple websites on one machine even without multi-NIC. Different webservers (like IIS) support the same.

7. you had mentioned that the ELB internally creates instances to manage traffic. Just to expand a little on this, So When this ELB creates the internal instance(i assume its not visible to us ) and it consumes the private IP's too right, Does the internal instance gets created per availability zone or per instance? Coz, I attach an ELB to the instance not to the A.Z ?right? I assume it's something like an agent which gets installed per instance and sort of polling the Domain LB? pls, correct my understanding?

ANS: Yes, those instances won't be visible to users as ELB is a managed service. These instances do use ENIs (and hence Private IPs) from the respective subnets. ELB creates one instance in every subnet (you choose while ELB creation). There is no agent running on your instances (e.g. web server). Also, you register your instances to an ELB and hence tell ELB that it could send traffic to these instances.

8. Under Load balancers / instances, down the page under availability zone, ELB had created 2 AZ's. whereas I had all 3 of my instances in the same A.Z, though I can edit it and remove the other A.Z, why does it create an another AZ reference point when all my instances are in only one AZ? 

ANS: While creating ELB, you can clearly choose which subnets you want it to handle. It is recommended that you give 2 subnets in 2 different AZs (based on principle of HA). ELB will launch an internal instance in the subnets you choose while creating ELB.

9. How to convert On-Demand instance into Reserved instance.

I understand that it's supposed to be simply a billing difference, however, the tool that AWS provides to purchase a reserved instance appears to want to create a new instance. It does not provide an interface to select an existing instance to change billing on.

Super-simple scenario. Consider a customer with a single micro EC2 instance that he wants to turn into a reserved instance. How do I do this?

The "Purchase Reserved Instances" wizard in the console appears to be creating a new instance--a new virtual server. It is asking questions like which platform, which availability zone, etc. I hope you can see that my assumption is that if I go through with an RI purchase, I'll end up with a new micro instance rather than simply telling AWS to bill me differently for my existing instance.

A reserved instance is actually just a reservation and no instance will be created when you purchase one. If you have an existing instance, you simply purchase a reservation matching that instance type, platform, and availability zone. Behind the scenes, the billing system is constantly looking at the running instances and your reservations. When there is a match (same type, platform, az), you automatically get the lower hourly rate.

If you go with a Heavy utilization reservation, you will however be charged for the full number of hours each month no matter if you have an instance or not. With Light and Medium, you are only charged when there is an instance up and running.

A reservation isn't tied to any particular instance, meaning that you can launch and terminate instances as you wish. You still work with EC2 in the exact same way as before.

Thank you. I understand now.

I think for the average dummy like me, the reserved instance purchase process feels too much like setting up a new instance. Easy to feel like I'm doing the wrong thing. Since it is important to select the correct instance type and AZ to get the expected benefit, it would be helpful if their process allowed you to select an existing instance to purchase a reserved instance that matches the instance type and AZ--especially since the one-time fee is non refundable.

Thanks!

Let say I got 3 servers and all of them are in the same AZ, same platform.

can I purchased 2 reserved instance then,

does it means that the 2 servers will be billed by the

reserved intance and the other server will be billed by on demand?

Yes. That's exactly what it means.