(sdd419) amazon ec2 networking deep dive and best practices | aws re:invent 2014
DESCRIPTION
Amazon EC2 instances give customers a variety of high-bandwidth networking choices. In this session, we discuss how to choose among Amazon EC2 networking technologies and examine how to get the best performance out of Amazon EC2 enhanced networking and cluster networking. We also share best practices and useful tips for success.TRANSCRIPT
![Page 1: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/1.jpg)
November 12, 2014 | Las Vegas, NV
Becky Weiss, Principal Software Engineer, Amazon EC2 Networking
![Page 2: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/2.jpg)
![Page 3: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/3.jpg)
![Page 4: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/4.jpg)
![Page 5: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/5.jpg)
![Page 6: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/6.jpg)
![Page 7: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/7.jpg)
![Page 8: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/8.jpg)
![Page 9: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/9.jpg)
![Page 10: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/10.jpg)
Elastic
network
interface
Subnet A
us-east-1a10.0.1.0/24
10.0.1.100
Subnet A2
us-east-1a10.0.2.0/24
10.0.1.101
10.0.2.50
10.0.2.51
Subnet C
us-east-1c10.0.3.0/24
10.0.3.99
Instance
1
Instance
2
Instance
3 Instance
4
![Page 11: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/11.jpg)
elastic
network
interface
Subnet A
us-east-1a10.0.1.0/24
10.0.1.100
Subnet A2
us-east-1a10.0.2.0/24
10.0.1.101
10.0.2.50
10.0.2.51
Subnet C
us-east-1c10.0.3.0/24
10.0.3.99
Instance
1
Instance
2
Instance
3 Instance
4
Placement group
![Page 12: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/12.jpg)
Subnet A is in us-east-1a
![Page 13: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/13.jpg)
C:> aws ec2 run-instances --image-id ami-b66ed3de --instance-type c3.8xlarge --subnet-id subnet-c03cfb99 --security-group-ids sg-72caf017 --key-name NetworkingTestSSHKey --count 2
---------------------------------------------------------------------------------
| RunInstances |
+----------------------------------------+--------------------------------------+
| OwnerId | 123456789012 |
| ReservationId | r-9f5404b5 |
+----------------------------------------+--------------------------------------+
| Instances |
|+-----------------------------------+-----------------------------------------+|
|| AmiLaunchIndex | 0 ||
|| Architecture | x86_64 ||
|| ClientToken | None ||
|| EbsOptimized | False ||
|| Hypervisor | xen ||
|| ImageId | ami-b66ed3de ||
![Page 14: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/14.jpg)
C:> aws ec2 run-instances --image-id ami-b66ed3de --instance-type c3.8xlarge --subnet-id subnet-c03cfb99 --security-group-ids sg-72caf017 --key-name NetworkingTestSSHKey --count 2
---------------------------------------------------------------------------------
| RunInstances |
+----------------------------------------+--------------------------------------+
| OwnerId | 123456789012 |
| ReservationId | r-9f5404b5 |
+----------------------------------------+--------------------------------------+
| Instances |
|+-----------------------------------+-----------------------------------------+|
|| AmiLaunchIndex | 0 ||
|| Architecture | x86_64 ||
|| ClientToken | None ||
|| EbsOptimized | False ||
|| Hypervisor | xen ||
|| ImageId | ami-b66ed3de ||
AMI: More about this
choice later…
![Page 15: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/15.jpg)
C:> aws ec2 run-instances --image-id ami-b66ed3de --instance-type c3.8xlarge --subnet-id subnet-c03cfb99 --security-group-ids sg-72caf017 --key-name NetworkingTestSSHKey --count 2
---------------------------------------------------------------------------------
| RunInstances |
+----------------------------------------+--------------------------------------+
| OwnerId | 123456789012 |
| ReservationId | r-9f5404b5 |
+----------------------------------------+--------------------------------------+
| Instances |
|+-----------------------------------+-----------------------------------------+|
|| AmiLaunchIndex | 0 ||
|| Architecture | x86_64 ||
|| ClientToken | None ||
|| EbsOptimized | False ||
|| Hypervisor | xen ||
|| ImageId | ami-b66ed3de ||
Big instance type:
c3.8xlarge
![Page 16: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/16.jpg)
![Page 17: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/17.jpg)
Avg: 0.167msec
![Page 18: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/18.jpg)
NetworkingTestPlacementGroup available cluster
![Page 19: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/19.jpg)
![Page 20: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/20.jpg)
C:> aws ec2 run-instances --image-id ami-b66ed3de --instance-type c3.8xlarge --subnet-id subnet-c03cfb99 --security-group-ids sg-72caf017 --key-name NetworkingTestSSHKey --count 2 --placement GroupName=NetworkingTestPlacementGroup
---------------------------------------------------------------------------------
| RunInstances |
+----------------------------------------+--------------------------------------+
| OwnerId | 123456789012 |
| ReservationId | r-13374839 |
+----------------------------------------+--------------------------------------+
| Instances |
|+-----------------------------------+-----------------------------------------+|
|| AmiLaunchIndex | 0 ||
|| Architecture | x86_64 ||
|| ClientToken | None ||
|| EbsOptimized | False ||
|| Hypervisor | xen ||
|| ImageId | ami-b66ed3de ||
![Page 21: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/21.jpg)
Avg: .099msec
![Page 22: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/22.jpg)
![Page 23: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/23.jpg)
![Page 24: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/24.jpg)
![Page 25: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/25.jpg)
Instance 1 Instance 2
...........
![Page 26: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/26.jpg)
Virtualization layer
eth
0
eth
1
Instance Virtual NICs
Physical NIC
![Page 27: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/27.jpg)
Virtualization layer
eth
0
Instance
Physical NICVF Driver
eth
1
VF
![Page 28: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/28.jpg)
![Page 29: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/29.jpg)
![Page 30: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/30.jpg)
[ec2-user@ip-10-0-3-70 ~]$ ethtool -i eth0
driver: vif
version:
firmware-version:
bus-info: vif-0
…
[ec2-user@ip-10-0-3-70 ~]$ ethtool -i eth0
driver: ixgbevf
version: 2.14.2+amzn
firmware-version: N/A
bus-info: 0000:00:03.0
…
![Page 31: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/31.jpg)
![Page 32: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/32.jpg)
![Page 33: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/33.jpg)
amzn-ami-hvm-2012.03.1.x86_64-ebs
hvm
![Page 34: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/34.jpg)
--attribute sriovNetSupport
InstanceId i-37c5d1d9Not yet!
![Page 35: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/35.jpg)
[ec2-user@ip-10-0-3-125 ~]$ sudo yum update
OS update
![Page 36: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/36.jpg)
reboot-instances
Reboot
(OS update)
(Not shown here: analogous steps for other Linux distros)
![Page 37: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/37.jpg)
![Page 38: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/38.jpg)
Add to Windows driver store
![Page 39: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/39.jpg)
stop-instances
Stop the instance
![Page 40: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/40.jpg)
stop-instances
--sriov-net-support simple
Enable SRIOV
Cannot be undone
![Page 41: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/41.jpg)
start-instances
Start
![Page 42: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/42.jpg)
start-instances
--attribute sriovNetSupport
InstanceId i-37c5d1d9
Value simple
We’re on
![Page 43: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/43.jpg)
![Page 44: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/44.jpg)
modinfo ixgbevf
aws ec2 register-image --name MyEnhancedNetworkingImage--image-location … --sriov-net-support-simple
![Page 45: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/45.jpg)
![Page 46: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/46.jpg)
i2.8xlarge
Storage-optimized instance
![Page 47: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/47.jpg)
require 'mongo‘
'randomdb'
until Time SECONDS_TO_RUN
KEY_MAX
:key
Time
if
:times_accessed
:key
else
:key :value:times_accessed
end
Time
end
Spin in tight loop:
Read a random document
Then write it back
![Page 48: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/48.jpg)
def add_write_statistic
:sample_count
:sum
:minimum :minimum
:maximum :maximum
end
Aggregating statistics for CloudWatch
![Page 49: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/49.jpg)
require 'aws-sdk'
AWS CloudWatch Client
if Time
:namespace 'NetworkingTest/MongoDemo',
:metric_data => [{:metric_name => 'WriteTime',
:dimensions => [{:name => 'RunId', :value => MY_RUN_ID}],
:statistic_values => write_stats}],
:unit => 'Seconds'
Time
:sample_count :sum
end
CloudWatch PutMetricData:
Writing a custom metric
![Page 50: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/50.jpg)
# ec2-run-instances ami-b66ed3de --instance-type c3.large --subnet subnet-c03cfb99 --group sg-72caf017 --placement-group NetworkingTestPlacementGroup --monitor --user-data-file my_startup_script.sh --iam-profile NetworkingTestIAMRole --instance-count 10
RESERVATION r-d13d6f37 123456789012
INSTANCE i-fb6d5352 ami-b66ed3de ip-10-0-1-113.ec2.internal pending NetworkingTestSSHKey 0 c3.large 2014-10-30T13:26:33+0000 us-east-1a monitoring-pending 10.0.1.113 vpc-ca28afaf subnet-c03cfb99 ebs NetworkingTestPlacementGroup hvmxen sg-72caf017 defaultfalse arn:aws:iam::123456789012:instance-profile/NetworkingTestIAMRole
NIC eni-b560caed subnet-c03cfb99 vpc-ca28afaf 123456789012 in-use 10.0.1.113 true
NICATTACHMENT eni-attach-fb6ddf9d 0 attaching 2014-10-30T06:26:33-0800 true
GROUP sg-72caf017 default
...
![Page 51: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/51.jpg)
# ec2-run-instances ami-b66ed3de --instance-type c3.large --subnet subnet-c03cfb99 --group sg-72caf017 --placement-group NetworkingTestPlacementGroup --monitor --user-data-file my_startup_script.sh --iam-profile NetworkingTestIAMRole --instance-count 10
RESERVATION r-d13d6f37 123456789012
INSTANCE i-fb6d5352 ami-b66ed3de ip-10-0-1-113.ec2.internal pending NetworkingTestSSHKey 0 c3.large 2014-10-30T13:26:33+0000 us-east-1a monitoring-pending 10.0.1.113 vpc-ca28afaf subnet-c03cfb99 ebs NetworkingTestPlacementGroup hvmxen sg-72caf017 defaultfalse arn:aws:iam::123456789012:instance-profile/NetworkingTestIAMRole
NIC eni-b560caed subnet-c03cfb99 vpc-ca28afaf 123456789012 in-use 10.0.1.113 true
NICATTACHMENT eni-attach-fb6ddf9d 0 attaching 2014-10-30T06:26:33-0800 true
GROUP sg-72caf017 default
...
CloudWatch detailed monitoring:
1-minute metrics
![Page 52: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/52.jpg)
# ec2-run-instances ami-b66ed3de --instance-type c3.large --subnet subnet-c03cfb99 --group sg-72caf017 --placement-group NetworkingTestPlacementGroup --monitor --user-data-file my_startup_script.sh --iam-profile NetworkingTestIAMRole --instance-count 10
RESERVATION r-d13d6f37 123456789012
INSTANCE i-fb6d5352 ami-b66ed3de ip-10-0-1-113.ec2.internal pending NetworkingTestSSHKey 0 c3.large 2014-10-30T13:26:33+0000 us-east-1a monitoring-pending 10.0.1.113 vpc-ca28afaf subnet-c03cfb99 ebs NetworkingTestPlacementGroup hvmxen sg-72caf017 defaultfalse arn:aws:iam::123456789012:instance-profile/NetworkingTestIAMRole
NIC eni-b560caed subnet-c03cfb99 vpc-ca28afaf 123456789012 in-use 10.0.1.113 true
NICATTACHMENT eni-attach-fb6ddf9d 0 attaching 2014-10-30T06:26:33-0800 true
GROUP sg-72caf017 default
...
Startup script file
![Page 53: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/53.jpg)
# cat startup_script.sh
Download client test script from S3
Then gogogo!
![Page 54: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/54.jpg)
# ec2-run-instances ami-b66ed3de --instance-type c3.large --subnet subnet-c03cfb99 --group sg-72caf017 --placement-group NetworkingTestPlacementGroup --monitor --user-data-file my_startup_script.sh --iam-profile NetworkingTestIAMRole --instance-count 10
RESERVATION r-d13d6f37 123456789012
INSTANCE i-fb6d5352 ami-b66ed3de ip-10-0-1-113.ec2.internal pending NetworkingTestSSHKey 0 c3.large 2014-10-30T13:26:33+0000 us-east-1a monitoring-pending 10.0.1.113 vpc-ca28afaf subnet-c03cfb99 ebs NetworkingTestPlacementGroup hvmxen sg-72caf017 defaultfalse arn:aws:iam::123456789012:instance-profile/NetworkingTestIAMRole
NIC eni-b560caed subnet-c03cfb99 vpc-ca28afaf 123456789012 in-use 10.0.1.113 true
NICATTACHMENT eni-attach-fb6ddf9d 0 attaching 2014-10-30T06:26:33-0800 true
GROUP sg-72caf017 default
...
Security best practice:
Launch instances with IAM roles if
they need to access any AWS
resources
![Page 55: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/55.jpg)
# aws iam list-role-policies --role-name NetworkingTestIAMRole
{
"PolicyNames": [
"NetworkingTestIAMRole-CloudWatchPolicy",
"NetworkingTestIAMRole-S3Policy"
]
}
![Page 56: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/56.jpg)
# aws iam get-role-policy --role-name NetworkingTestIAMRole --policy-name NetworkingTestIAMRole-S3Policy
Allow retrieving objects from a particular S3 bucket
![Page 57: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/57.jpg)
# aws iam get-role-policy --role-name NetworkingTestIAMRole --policy-name NetworkingTestIAMRole-CloudWatchPolicy
Allow CloudWatch PutMetricData
![Page 58: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/58.jpg)
Label WriteTime
389483.0 2014-10-29T02:30:00Z Seconds
390189.0 2014-10-29T02:33:00Z Seconds
392373.0 2014-10-29T02:34:00Z Seconds
392387.0 2014-10-29T02:32:00Z Seconds
377256.0 2014-10-29T02:31:00Z Seconds
SampleCount statistic:How many of these WriteTime statistics
were written across all instances during
each minute?
![Page 59: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/59.jpg)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
“WriteTime” SampleCount statisticby number of client instances
TPS, regular TPS, enhanced
![Page 60: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/60.jpg)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
DiskWriteBytes 1-minute Sum statisticby number of client instances
Regular Enhanced
![Page 61: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/61.jpg)
![Page 62: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/62.jpg)
Placement group
![Page 63: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/63.jpg)
Instance
Virtualization layer
VF driver
![Page 64: (SDD419) Amazon EC2 Networking Deep Dive and Best Practices | AWS re:Invent 2014](https://reader034.vdocuments.net/reader034/viewer/2022042700/5589e618d8b42aa50c8b45e4/html5/thumbnails/64.jpg)