AWS Global Infrastructure Flashcards
A look into the networks
AWS Global Infrastructure
Globally distributed hardware and datacenters that are physically networked. Made up of 32 Launched Regions, 102 Availability Zones, 115 Direct Connection Locations, 550+ Points of Presence, 35 Local Zones, 29 Wavelength Zones
Regions
Geographically distinct locations (consists of one or more AZs) and every region is physically isolated from and independent of every other region in terms of location, power, and water supply. Each region generally has three AZs. Some users are limited to 2 AZs. New services almost always become available first in the US-EAST-1. Not all services are available in all regions. The cost of the AWS services also vary based on the region.
4 factors to consider when choosing a Region
- What Regulatory Compliance does this region meet?
- What is the cost of AWS services in this region?
- What AWS services are available in this region?
- What is the distance or latency to my end-user?
Regional vs Global Services
Regional: AWS scopes their AWS management console on a selected Region. This determines where an AWS service will be launched and what will be seen within an AWS service’s console. You generally don’t explicitly set the Region for a service at the time of creation.
Global: Some AWS services operate across multiple regions, and so the region will be fixed to Global. For these global services at the time of creation:
- There is no concept of region
- A single region must be explicitly chosen
- A group of regions are chosen
AZs - Availability Zones
Physical locations made up of one or more datacenters. These datacenters will be isolated from each other, but they will be close enough to provide low-latency («10ms). It is a common practice to run the workloads in at least 3 AZs to ensure services remain available in case one or two datacenters fail. (High Availability) Availability Zones are represented by a Region Code, followed by a letter (ex: US-EAST-1a). A subnet is associated with an AZ, and you would never choose the AZ when launching resources but use the subnet that is associated with the AZ.
AWS AZs are all redundantly connected to multiple Tier 1 networks
Tier 1 Network
A network that can reach every other network on the internet without purchasing IP transit or paying for peering.
Fault Tolerance
The ability to prevent a failure
Fault Domain (AKA Failure Zone)
It is a section of a network that is vulnerable to damage if a critical device or system fails. The purpose of a fault domain is that if a failure occurs, it will not cascade outside that domain, limiting the damage possibility.
Fault Levels
A collection of Fault Domains. An AWS Region would be a Fault Level and an AZ would be a Fault Domain. Each Amazon Region is designed for isolation from each other, which helps achieve great fault tolerance and stability. Each AZ is isolated, but AZ in a Region are connected to each other via low-latency links. Each AZ is designed as an independent Fault Domain. Multi-AZ is for high availability AKA if there’s a failure in one AZ the other ones are working and can give services without interruption.
AWS Global Network
“Backbone of AWS”. Private expressways, where things move really fast between datacenters.
AWS Global Accelerator & AWS S3 Transfer Acceleration
They both use edge locations as an on-ramp to quickly reach AWS resources in other Regions by traversing the fast AWS Global Network.
How it ties in with PoP:
S3:
When uploading a file to S3, PoP can be used to direct the file to a nearby edge location (PoP). By uploading the file first to a PoP, the data is closer to its final destination, improving upload performance and reducing latency.
After the file is uploaded to the nearby PoP, it travels faster through the AWS network to be stored in Amazon S3.
Global Accelerator:
It utilizes PoPs as the entry points for user traffic to optimize the routing of requests and ensure low-latency, high-performance connectivity.
These PoPs play a crucial role in ensuring the efficiency of Global Accelerator by bringing traffic closer to AWS’s global network and ensuring the best performance for the user, whether it’s for accessing content stored in S3, interacting with EC2 instances, or using any other AWS service.
CDN - Amazon Cloudfront
Uses edge locations as an off-ramp to provide at the edge storage and compute near the end user.
How it ties in with PoP:
You point your website to CloudFront so that it will route requests to the nearest Edge Location cache. It allows you to choose an origin (web server or storage) that will be source of cache. It then caches the contents of the chosen origin and returns to the various edge locations around the world.
VPC Endpoints
Ensures your resources stay within the AWS Network and don’t traverse over the public Internet.
PoP - Point of Presence
Is a global network of edge locations where AWS has infrastructure to optimize delivery of services and content closer to end users.
Edge Locations
Are data centers that hold cache (copy) of the most popular files so that the delivery distance to the the end users are reduced. Shorter distance = faster delivery.
Regional Edge Locations
Are datacenters that hold much large caches. edge locations big bro.
AWS Direct Connect
Private/Dedicated connection between your datacenter, office, co-location, and AWS. It has two very fast network connections: Lower Bandwidth and High Bandwidth. It helps reduce network costs and increase bandwidth throughput (great for high traffic networks). Provides a more consistent network experience than a typical internet connection. (reliable and secure)
Direct Connect Location
Trusted partnered datacenters that you can establish a dedicated high-speed, low-latency connection from your on-premise on AWS.
AWS Local Zones
Are data centers located very close to a densely populated area to provide single-digit millisecond low latency performance for that area. Purpose: To support highly demanding applications sensitive to latencies. Media, Entertainment, Games, etc.
Wavelength Zones
Purpose: to add speed. It allows for edge-computing on 5G networks. Applications will have ultra low latency being as close as possible to the users. I can create a subnet tied to a wavelength zone and then I can launch Virtual Machines to the edge of the targeted 5G Networks.
Data Residency
Compliance Boundaries determine the geographic location of where an organization or cloud resources reside.
Compliance Boundary
A regulatory compliance by a government or organization that describes where data and cloud resources are allowed to reside.
Data Sovereignty
The jurisdictional control/ legal authority that can be asserted over data because of which country the data resides.
For workloads that need to meet compliance boundaries:
AWS Config: Cheaper, Policy as a Code Service, You can create rules to do continuous checks. It will send alerts and can auto fix for you.
AWS Outpost: Expensive, Physical rack of servers, your data is in there.
IAM Policies
It can be used to explicitly deny specific AWS Regions. A Service Control Policy (SCP) are permissions applied organization wide.
GovCloud
AWS for government
AWS in China
AWS China is completely isolated intentionally from AWS Global. Two regions: Ningxia, Beijing.
AWS Ground Station
Allows you to control satellite communications, process data, and scale your operations with convenience.
AWS Outposts
A rack of servers running AWS infrastructure on your physical location.
U
The units used to measure server rack height. 42U is a full rack of servers made by AWS and they can deliver and set it up for you. 1U and 2U are smaller servers that you can integrate into your existing servers.
