AWS Concepts Flashcards
5 pillars of AWS Well-Architected Framework
Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization.
Operational Excellence - Definition
Focuses on how you can CONTINUOS IMPROVEMENT your ability to run systems, create better procedures, and gain insights.
Mental Model: Automation
Operational Excellence - Concepts
Focus your efforts where
1) most manual work is required
2) might have the biggest consequence for error.
80/20
Process in place to track, analyze, and improve your operational efforts.
Operational Excellence - Infrastructure as code (IaC)
- IaC is the process of managing infrastructure through machine-readable configuration files
- IaC is a declarative and automated way of provisioning infrastructure
- You can apply the same tools (e.g., git) and processes (e.g., code review) to your infrastructure as you do to your code
- Use services like CloudFormation (YAML, JSON) and SDK (Software Dev Kit) to implement IaC on AWS
Operational Excellence - Observability
- Observability is the process of MEASURING THE INTERNAL STATE of your system to achieve some desired end state. You can improve what you can measure
- Observability consists of collecting, analyzing, and taking action on metrics
- You can collect metrics at the service, application, and account level
- You can analyze metrics through services like CloudWatch Log Insight, Athena, Elasticsearch Service, RDS, and Redshift
- You can act on your metrics by creating monitoring and alarms and dashboards and tracking performance and business KPIs
Security - Definition
How to secure your infrastructure on the cloud.
Shared responsibility between AWS and the customer.
AWS is responsible for the security of the cloud. This includes the physical infrastructure, software, and networking capabilities of AWS cloud services.
The customer is responsible for security in the cloud. This includes the configuration of specific cloud services, the application software, and the management of sensitive data.
Reliability - Definition
How to build services that are RESILIENTS to both service and infrastructure disruptions.
Mental Model: BLAST RADIUS
You can think of blast radius as the maximum impact that might be sustained in the event of a system failure.
To build reliable systems, you want to minimize the blast radius of any individual component.
Performance Efficiency - Definition
How to run services EFFICIENTLY and SCALABLY in the cloud.
Mental Model: CATTLE, not PETS.
The cloud way of thinking about servers is as cattle.
Servers are commodity resources that can be automatically provisioned in seconds.
No single server should be essential to the operation of the service.
Cost Optimization - Definition
Achieve business outcomes while minimizing costs.
Mental Model: OpEx instead of CapEx.
OpEx is an ongoing pay-as-you-go model whereas CapEx is a one-time purchase model.
Reliability - Concepts
In terms of the blast radius, the question of failure is no longer a question of if but a matter of when. To limit the blast radius:
1 - Fault Isolation
Fault isolation limits the blast radius of an incident by using redundant independent components separated through fault isolation zones. Fault isolation zones contain the impact of any failures to the area within the zone.
AWS has fault isolation zones at three levels:
Resource and Request: built into the design of every AWS service
Availability Zone: achieved by deploying your services across multiple AZs
Region: achieved by deploying your services across multiple regions
2 - Limits
Limits are constraints that can be applied to protect your services from excessive load. They are an effective means of limiting the blast radius from both external (e.g., DDoS attack) and internal (e.g., software misconfiguration) incidents.
There are soft limits which can be increased and hard limits which can not
Reliability - Concepts
When you think in terms of the blast radius, the question of failure is no longer a question of if but a matter of when. To deal with failure when it happens, the following techniques can be used to limit the blast radius:
1 - Fault Isolation
Fault isolation limits the blast radius of an incident by using redundant independent components separated through fault isolation zones. Fault isolation zones contain the impact of any failures to the area within the zone.
AWS has fault isolation zones at three levels:
Resource and Request: built into the design of every AWS service
Availability Zone: achieved by deploying your services across multiple AZs
Region: achieved by deploying your services across multiple regions
2 - Limits
Limits are constraints that can be applied to protect your services from excessive load. They are an effective means of limiting the blast radius from both external (e.g., DDoS attack) and internal (e.g., software misconfiguration) incidents.
There are soft limits which can be increased and hard limits which can not
Performance Efficiency - Concepts
In the “pet model” of managing servers, it is quite common to use the same type of server (or even the same server) for multiple workloads - it was too much of a hassle to order and provision different machines. In the “cattle model,” provisioning is cheap and quick which gives us the freedom to select the server type that most closely matches our workload.
The “cattle model” also makes it easy for us to scale our service. Because every server is interchangeable and quick to deploy, we can quickly scale our capacity by adding more servers.
Selection: Selection on AWS is the ability to choose the service that most closely aligns with your workload.
Scaling:
Vertical scaling involves upgrading your underlying compute to a bigger instance type.
PROS easier to implement as you can do it without having to cluster your service.
CONS run into a much lower upper limit (equal to the maximum size of your compute instance)
CONS represents a single point of failure because disruption to your instance can result in your service being completely unavailable.
Horizontal scaling involves increasing the number of underlying instances.
CONS more overhead on the implementation side.
PROS better reliability and much higher limits
Cost Optimization - Concepts
AWS services are pay for use - you get charged on the capacity that you use
You can right size your instances to save money on services that don’t match your workload
You can use serverless technologies to ensure you only pay when customers use your service
You can use reservations to get discounts in exchange for an upfront commitment
You can use spot instances to get discounts running fault-tolerant workloads
Cost Optimization - Concepts
AWS services are pay for use - you get charged on the capacity that you use
- Right-size your instances to save money on services that don’t match your workload e.g. EC2-based services
- Use serverless technologies to ensure you only pay when customers use your service - e.g. Lambda
- Use reservations to get discounts in exchange for an upfront commitment
- Use spot instances to get discounts running fault-tolerant workloads
The cost optimization lifecycle is a continuous process to improve your cloud spend over time. It consists of reviewing, tracking, and optimizing your spend
- Reviewing your spend involves the use of tools like Cost Explorer and the cost and usage report to understand your spend
- Tracking your spend involves the use of cost allocation tags and budgets to filter the data along dimensions relevant to your business
- Optimizing your spend involves using techniques from the previous section as part of an overarching budget goal
