04 - Compute Flashcards
EC2 Nitro
1) Underlying Platform for the next generation of EC2 instances
2) New virtualisation technology
3) Allows for better performance (Better networking options, Higher Speed EBS up to 64,000 EBS IOPS)
4) Better underlying security
Application Load Balancer (v2)
1) Routing tables to different target groups:
• Routing based on path in URL (example.com/users & example.com/posts)
• Routing based on hostname in URL (one.example.com & other.example.com)
• Routing based on Query String, Headers (example.com/users?id=123&order=false)
2) ALB are a great fit for micro services & container-based application (example: Docker & Amazon ECS)
3) Has a port mapping feature to redirect to a dynamic port in ECS
Gateway Load Balancer
- Deploy, scale, and manage a fleet of 3rd party network virtual appliances in AWS
- Example: Firewalls, Intrusion Detection and Prevention Systems, Deep Packet Inspection Systems, payload manipulation, …
1) Operates at Layer 3 (Network Layer) – IP Packets
2) Combines the following functions:
* Transparent Network Gateway – single entry/exit for all traffic
* Load Balancer – distributes traffic to your virtual appliances
3) Uses the GENEVE protocol on port 6081
Sticky Sessions – Cookie Names
1) Application-based Cookies
a) Custom cookie
• Generated by the target
• Can include any custom attributes required by the application
• Cookie name must be specified individually for each target group
• Don’t use AWSALB, AWSALBAPP, or AWSALBTG (reserved for use by the ELB)
b) Application cookie
• Generated by the load balancer
• Cookie name is AWSALBAPP
2) Duration-based Cookies
• Cookie generated by the load balancer
• Cookie name is AWSALB for ALB, AWSELB for CLB
Cross-Zone Load Balancing
1) Application Load Balancer
• Always on (can’t be disabled)
• No charges for inter AZ data
2) Network Load Balancer
• Disabled by default
• You pay charges ($) for inter AZ data if enabled
3) Classic Load Balancer
• Disabled by default
• No charges for inter AZ data if enabled
SSL – Server Name Indication (SNI)
1) SNI solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites)
2) It’s a “newer” protocol, and requires the client to indicate the hostname of the target server in the initial SSL handshake
3) The server will then find the correct certificate, or return the default one
Note:
• Only works for ALB & NLB (newer generation), CloudFront
• Does not work for CLB (older generation)
ELB - Connection Draining
Feature naming
• Connection Draining – for CLB
• De-registration Delay – for ALB & NLB
- Time to complete “in-flight requests” while the instance is de-registering or unhealthy
- Stops sending new requests to the EC2 instance which is de-registering
- Between 1 to 3600 seconds (default: 300 seconds)
- Can be disabled (set value to 0)
- Set to a low value if your requests are short
Elastic Beanstalk – Overview
• Elastic Beanstalk is a developer centric view of deploying an application
on AWS
1) It uses all the component’s we’ve seen before: EC2, ASG, ELB, RDS, …
2) Managed service
• Automatically handles capacity provisioning, load balancing, scaling, application health monitoring, instance configuration, …
• Just the application code is the responsibility of the developer
3) We still have full control over the configuration
4) Beanstalk is free but you pay for the underlying instances
IAM Roles for ECS Tasks
EC2 Instance Profile: • Used by the ECS agent • Makes API calls to ECS service • Send container logs to CloudWatch Logs • Pull Docker image from ECR • Reference sensitive data in Secrets Manager or SSM Parameter Store
ECS Task Role:
• Allow each task to have a specific role
• Use different roles for the different ECS Services you run
• Task Role is defined in the task definition
Amazon ECR – Elastic Container Registry
- Store, manage and deploy containers on AWS, pay for what you use
- Fully integrated with ECS & IAM for security, backed by Amazon S3
- Supports image vulnerability scanning, version, tag, image lifecycle
AWS Lambda Integrations - Main ones
1) API Gateway
2) Kinesis
3) DynamoDB
4) S3
5) CloudFront
6) CloudWatch Events Bridge
7) CloudWatch Logs
8) SNS
9) SQS
10) Cognito
AWS Lambda Limits to Know - per region
Execution:
• Memory allocation: 128 MB – 10GB (1 MB increments)
• Maximum execution time: 900 seconds (15 minutes)
• Environment variables (4 KB)
• Disk capacity in the “function container” (in /tmp): 512 MB
• Concurrency executions: 1000 (can be increased)
Deployment:
• Lambda function deployment size (compressed .zip): 50 MB
• Size of uncompressed deployment (code + dependencies): 250 MB
• Can use the /tmp directory to load other files at startup
• Size of environment variables: 4 KB
