The commoditization of technology has reached its pinnacle with the advent of the recent paradigm of Cloud Computing. Infosys Cloud Computing blog is a platform to exchange thoughts, ideas and opinions with Infosys experts on Cloud Computing

« AWS Datalake - Let's Dive Deep | Main

Demystifying- AWS Instance Tenancy

Multitenancy is one of the five core features of cloud computing. It makes larger pool of computing resources available to large group of people without compromising security and confidentiality. Since resources are utilized more efficiently, multitenancy brings cost-effectiveness.
To visualize tenancy, let's take an example of apartments in a building. Each resident has access and authorization to their flats. However, all residents share common areas, electricity, water and amenities. 
In this article will explore tenancy scenarios in AWS cloud context and try to understand various offerings.

Primarily AWS has below tenancy models:

  1)  Shared / Default Tenancy 
  2)  Dedicated Tenancy

           a)  Dedicated Instance
           b)  Dedicated Host 
  3)  Bare Metal 

Shared/ Default Tenancy

Launched in 2006, this is default tenancy model in AWS cloud environment. In this model virtual machines from different customers shares same underlying hardware. These virtual machines are isolated from one another at hypervisor level. So even they share same server but still the individual VM's from different customers can't interact with each other.

This is the most cost-effective model and often used unless there is a restriction due to licensing or regulatory compliance. This in true sense is commoditization of IT services in cloud computing.

When a VM in shared tenancy model is launched or requested, AWS will carve out the requested infra capacity on any of the available physical hardware. This is chosen randomly by a process transparent to customer. We do not have any control on this decision. Once VM is launched, it is identified by instance ID and you won't get details of underlying host, like host ID.

This instance to host association is temporary and persist till VM is powered ON. Once VM is shutdown, the capacity on the physical server is released to resource pool and only the data on persistent storage remains. This is a really powerful feature as it allows to reduce cost when you shut down the instances which are not in use.
Once started, AWS again looks for available physical host to place this instance. This will result in the change in underlying hardware.

InstanceTenancy-3.pngHowever, when instance is rebooted, the underlying hardware doesn't get changed as reboot being OS level activity.

Dedicated Tenancy

On the other hand, there is dedicated tenancy model in AWS under which the physical host will have only the instances (dedicated or shared) belonging to same customer account. This host will not be shared with other customers and this way will provide host level isolation. Even the instances belonging to AWS accounts linked to a single payer account are also isolated at physical host level.

This is suitable for the use cases where shared model is undesirable due to government regulations dictating against sharing the physical host. For example, earlier under Health Insurance Portability and Accountability Act (HIPAA), it was mandated that instance need to be hosted on dedicated resource.

It is also applicable for the cases where there are license restrictions, like bring your own license (BYOL) where application licenses need physical cores and sockets visibility.

In whichever case if instance hosted on shared physical host is unacceptable, dedicated tenancy model is the option. However, it comes with additional cost.

To understand dedicated tenancy in detail, let's look at the comparison between shared and dedicated tenancy.

AWS has two launch types under dedicated tenancy model.
  1)  Dedicated Instance
  2)  Dedicated Host

AWS introduced dedicated instance type in 2011, later in 2015 they also came up with dedicated host type. Both dedicated host and dedicated instance allow instance to run on a hardware dedicated to your account. They use same physical hardware, equally secure and same in performance. However, advantage with dedicated host type launch is that it gives additional control and visibility to place the instance on chosen dedicated (physical) server or in other words we can decide on which physical server our instance should be hosted.


Dedicated Instance
Advantages of dedicated instances launch type:
  • Dedicated instances support auto scaling.
  • RDS can run on dedicated database instance. To achieve this, we have to create a VPC with dedicated tenancy and launch RDS instance with an approved dedicated instance type.

  • When instance tenancy of a VPC is set to dedicated some AWS, services won't work and some instances type can't be launched. 
  • There is no instance placement control.

Dedicated Host
Advantages of dedicated host launch type:
  • Affinity
  • Instance placement controls
  • Visibility of sockets and physical cores

Affinity- This is an option in dedicated host type launch. When turned on it will create a relationship between host ID and the instance. So even if the instance is stopped and restarted, it will still run on the specified dedicated host unlike shared tenancy or dedicated instance where underlying hardware can change on stop and start.

Instance placement controls- Dedicated host gives more control and allow to maintain instance placement scheme or to decide that on which hardware the instance will persist. This is a very useful option to address corporate compliance, government regulatory requirements and licensing requirements. 

Visibility of sockets and physical cores - For the migration use cases where existing licenses which are bound to physical cores, sockets or VM's need to be reused, dedicated host is the suitable option. For example, with dedicated host you can use your existing VM, core, socket based licenses for SUSE Linux Enterprise Server, Red Hat Enterprise Linux, Microsoft Windows Server, Microsoft SQL Server licenses. 

Instance Placement in Dedicated Host Vs Dedicated instance 

Capacity Reservation- Dedicated Host
Dedicated hosts need to be allocated first. While allocating you need to choose instance size and type which will define number of sockets and physical cores on dedicated host. Therefore, the choice of instance type will define the number of instances which can be launched on that host.

For example, if you choose a c5.xlarge instance to be launched on dedicated host which will have 2 sockets and 36 physical cores, you'll be allowed to launch maximum of 18 c5.xlarge instance on that host.



Dedicated instance Pricing 
There are 2 components for AWS dedicated instance pricing.

  1. Per hour instance usage fee.
  2. Dedicated Per region fee - Irrespective of number of dedicated instances running, an additional fee of 2USD per hour is charged per region.
Reserved dedicated instances can be purchased to further reduce cost up to 70%.

Dedicated Host Pricing
  • Complete physical server is reserved irrespective of the number of instances to be hosted on it. The price of dedicated host depends on the region and instance family. An hourly charge is applied for entire host till it is released.
  • For example, to reserve a dedicated host in N.Virginia region to launch m5 instance family and hourly charge of $5.069 will be applicable.
  • Point to be noted here is that each dedicated host can have same instance type/family. You can't mix instance families. For example, if a dedicated host is allocated with c3.xlarge instance family, the host can have upto 8 c3.xlarge or 4 c3.2xlarge instances. 

Limitations of Dedicated Host
  • For each instance family only two on-demand dedicated hosts are allowed per region. This is a soft limit and increase can be requested.
  • The instance launched on dedicated host doesn't get counted against instance limit. It is independent for dedicated host limit.
  • With dedicated host some operating systems can't be used even if they are available on AWS marketplace or offered by AWS itself. Example, SUSE Linux, RHEL and Windows AMIs.
  • Dedicated Host only supports instance launch within VPC.
  • RDS, auto-scaling, placement groups and free tier usage are not supported for dedicated host.
  • EBS volume still runs on multi tenancy hardware even if EC2 instance is dedicated instance/host.

Limitations of Changing Tenancy After Launch
So far, we have seen that any instance launched in VPC has one of the below tenancy attribute: -
  • Shared Tenancy- Where customer's instances run on multitenant host.
  • Dedicated Instance - Where customers instances run on single-tenant host.
  • Dedicated Host - Where customers instances run on single-tenant host with instance placement control and visibility of sockets and cores.
Once instance is launched there are some limitation in changing the tenancy.
  • If instance is launched with default tenancy, it can't be changed to dedicated or host.
  • If an instance is launched with dedicated instance or host type tenancy it can't be changed to default tenancy.
  • However, tenancy can be changed from dedicated instance to dedicated host or vice versa.
Similarly, VPC also has a tenancy attribute which is defined during VPC creation. These are: -

Default - In the VPC with default tenancy attribute, both default and dedicated tenancy instances can be launched. 
Dedicated- In VPC with dedicated tenancy attribute, by default all instance will be launched as dedicated instances unless specified as dedicated hosts. Instances with default tenancy can't be launched in such VPC's.

Point to be noted here is that if VPC is launched with dedicated tenancy attribute it can be changed to default tenancy attribute. But if VPC is launched with default tenancy attribute it can't be changed to dedicated tenancy later.
As of now this tenancy can be changed through AWS CLI, AWS SDK or AWS EC2 API. Change through console is not supported.

Bare Metal Instance
Introduced in 2017, bare metal instances are non-virtualized AWS instances. There is no hypervisor. The OS runs directly on the host or the physical box/server. The OS will have access to complete hardware of the physical device.
Spinning up a bare metal instance is same as any other instance, just select bare metal in instance type. Most of latest generation AMI's and compatible with bare metal instances.


Once launched, similar to any other instance in AWS, bare metal instances are also placed in a VPC, we can attach EBS volume and connect through SSH/RDP.
Alike other EC2 instances, the bare metal instances also take advantage of other AWS services such as AWS cloudwatch, AWS autoscaling, AWS elastic load balancer and can also access full suite of AWS analytics, mobile, IoT, security and artificial intelligence services.

Cost wise, its equal to the largest instance in the family because here complete server is blocked for customer.
Below is the example from AWS calculator where an m5.24xlarge instance and m5.metal instance has same cost:


Bare metal instance families - currently instance families supported for bare metal instances are m5. metal, r5. metal and with instance store m5d.metal, r5d.metal and z1d.metal.

These bare metal instance are suitable for below use cases: -
  • Where software need to run without hypervisor layer directly on the hardware.
  • If customer wants to run his own hypervisor and manage it.

Here, it's very important to understand that in dedicated host whole server is reserved for you. You pay for whole box irrespective of whatever size of instance you run on it. No stopping of instance concept.
In bare metal, you can stop and restart the instance. Billing stops and underlying hardware might change. You do not get to know host ID.
Even its running on full physical host and there is no virtualization but still underlying host is not fix. 


-- This article is written under Atul's guidance.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.