ASG, ELB & HA Flashcards

Granular Mastery

1
Q

Global Architecture components

A
  • Global Service Location & Discovery
  • Content Delivery (CDN) and optimization
  • Global health checks & Failover
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regional Architecture Components

A
  • Regional entry point
  • Scaling & Resilience
  • Application services and components
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

WEB Tier

A

WEB Tier - Entry point into an Architecture. An abstraction of the underlying Infrastructure to the customers. Underlying Infrastructure can fail, change, or scale without impacting on customers eg API Gateway, ELB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ELB Architecture

A

ELBs, when deployed, are by default, Configured to run in 2+ AZ’s. 1+ Nodes are placed into a subnet in each AZ and scale with load.
Each ELB is configured with a single
(A) record DNS name. This resolves to the IP Address of the ELB AZ Nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Internet Facing vs Inward facing Load Balancer

A

Inward - ELB has only private IP

Internet-facing - ELB has both public and Private IP

It doesnt affect where the ELB is placed within the AZ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cross Zone Load Balancing

A

Cross Zone Load Balancing is Default in Application Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

EC2/ELB integration

A

EC2 doesn’t need to be public to work with a LB. his is because an Internet facing Load balancer has both private and public IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Classic Load Balancer issues

A
  • CLBs don’t scale
  • HTTPS name requires an individual CLB because SNI isn’t supported
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ALB

A
  • ALB is a Layer 7 Load balancer .. listens on HTTP and/or HTTPS
  • ALB does not understand any other Layer 7 protocols eg.. (SMTP, SSH, Gaming ….)
  • Understands L7 content type, cookies, custom headers, user location and app behaviour
  • It is able to inspect a Layer7 Application protocol information and makes decision from its components
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SSL/TLS Termination

A

Security concerns ensure no end-to-end unbroken ssl conection is allowed.

HTTP HTTPS (SSL/TLS) are always terminated on the ALB - no unbroken SSL isallowed to cross this point into our Application. A new set of security credentials are issued as headers for internal App processing, then the Certificate termination is reversed during Application response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ELB Throughput

A

ALBs are slower than NLB .. more levels of the network stack to process.

The more levels of networking stacks, the more the complexity, the slower the processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ELB Health Checks

A

Only available on ALB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ALB Anatomy (Routing)

A
  • Rules are processed, forwarding decisions and actions are applied.
  • Rules direct connections which arrive at a listener
  • Rules are Processed in priority order
  • Default rule = catchall
  • Rule Conditions:
    • Host-header
    • Http-header
    • Http-request-method
    • Path-pattern
    • Query-string &
    • Source-ip
  • Actions:
    • Forward,
    • Redirect,
    • Fixed-response,
    • Authenticate-oidc(Open ID) &
    • Authenticate-cognito
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

NLB and SSL

A

To use End-to-end unbroken connection (Pass TCP/SSL encrypted connection down to Application Stack, use NLB.

This Forwards TCP to Application … unbroken encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

NLB

A

Layer 4 load balancer …

Protocols:
TCP, TLS, UP, TCP_UDP

  • No visibility or understanding of HTTP or HTTPS
  • No headers, no cookies, no session stickiness

Really Really Really Fast (millions of rps, 25% of ALB latency)

  • They don’t deal with computationally heavy upper Layers of the Networking Stack
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

NLB Use cases

A

SMTP, SSH, Game Servers, financial apps

17
Q

NLB Health Checks

A

Health checks JUST check IMP / TCP Handshake.

NLB is not App Aware, cannot handle detailed health checknn

18
Q

NLB Static IP

A

NLB’s can have static IP’s - useful for whitelisting

19
Q

Use NLB or ALB ??

A
  • Unbroken encryption? … NLB
  • Static IP for whitelisting? … NLB
  • The fastest performance? … NLB (millions rps)
  • Protocols not HTTP or HTTPS? … LB
  • Privatelink? … NLB
  • Otherwise … ALB
20
Q

Launch Configuration / Launch Template

A

LC&LT
* Allow you to define the configuration of an EC2 instance in advance
* AMI, Instance Type, Storage & Key pair
* Networking and Security Groups
* Userdata & IAM Role
* Both are NOT editable - defined once. LT has versions.
* LT provide newer features - including T2/T3 Unlimited, Placement Groups, Capacity Reservations, Elastic Graphics

21
Q

Launch Configuration

A

Is used for deploying ASG.

  • they are not Editable, Have no versioning capability.
  • Launch Templates can have versions
22
Q

Launch Template

A
  • Launch templates can be used to save time when provisioning EC2 instances from the console UI/CLI.
  • Can also be used to Launch an ASG
23
Q

ASG Launch Template

A

Launch templates can be used to save time when provisioning EC2 instances from the console UI/CLI

24
Q

ASG - Scaling Policies

A
  • Manual Scaling - Manually adjust the desired capacity [Default]
  • Scheduled Scaling - Time based adjustment - e.g. Sales..
  • Dynamic Scaling
  • Simple - “CPU above 50% +1”, “CPU Below 50 - 1”
  • Stepped Scaling - Bigger +/- based on difference
  • Target Tracking - Desired Aggregate CPU = 40% ..ASG handle it
25
Simple Scaling Metrics Types
Simple scale Metrics are not only limited to EC2 CPU it includes metrices from any possible AWS services such as * EC2 Disk usage * Network * SQS Queue length * Disk I/O * Application custom metrics eg, **response time** This is made possible by installing Cloudwatch agent
26
Target tracking Supported Metrics
Average CPU Utilization Average Network In Average Network Out Request Count per target (Relevant to ALB)
27
Cool down Period
use to minimize Autoscaling actions due to rapid spikes in traffic, it helps to avoid costs associated with constantly adding and removing instances(some Instances have minimum charges) **AWS** *As a best practice, we recommend that you do not use simple scaling policies and scaling cooldowns. In most cases, a target tracking scaling policy or a step scaling policy is better for scaling performance. For a scaling policy that changes the size of your Auto Scaling group proportionally as the value of the scaling metric decreases or increases, we recommend target tracking over either simple scaling or step scaling.*
28
ASG Self-Healing
Using EC2 Status checks to replace unhealthy instances(by termination and Provisioning. This helps in fixing most Isolated issues on specific instances.
29
EC2 **Instance Recovery Hack**
AKA Single Instance HA Steps 1. Deploy a single instance per subnet 2. Configure ASG to 1:1:1 3. ASG will replace any failed instance i.e Instance Recovery
30
ASG Key Points
* use more, smaller instances instead of fewer larger instances - granularity * Autoscaling Groups are free * Only the resources created are billed ... * Use cool downs to avoid rapid scaling * Use with ALB's for elasticity - abstraction * ASG defines WHEN and WHERE, LT defines WHAT
31
ASG Life Cycle Hooks
Lifecycle hooks enable you to perform custom actions by pausing instances as an Auto Scaling group **Launches** or **Terminates** them. When an instance is paused, **it remains in a wait state either until you complete the lifecycle action using the complete-lifecycle-action command or the CompleteLifecycleAction operation**, or until the timeout period ends (one hour by default). * LCH can be integrated with EventBridge or SNS Notifications, allowing for the system to perform event driven processes based on a Launch or Termination off EC2 instance within an ASG. **Lifecycle Hook Default time: ** State changes when timeout (3600s default) expires or CompleteLifecycleAction
32
ASG Health Check Types
1. EC2 (Default) 2. ELB (Can be enabled) 3. Custom **EC2 Health checks:** * Stopping, * Stopped, * Terminated, * Shutting Down or * **Impaired** (not passing the 2/2 status) = UNHEALTHY **ELB Health checks** HEALTHY = Running & passing ELB health check * Since ALB is Application-aware, this can be configured flexibly for features such as 1. Text Pattern Matching, 2. Path Based **Custom Health Check** Instances marked healthy & unhealthy by an external system/tool.
33
Health Check grace period
ASG will consider a booting instance Unhealthy and start deploying anotherin order to. deliver it's predefined desired state Configurable value which needs to expire before health check action kicks in. Delay before starting checks. useful for system launch, bootstrapping and application start Default 300s