Basic Services Flashcards
ELB
- region wide
- can be deployed to multiple AZ
- internal (private IP) or external
- capable of sticky sessions
- integrates with auto scaling
- health checks for EC2 instances
- integrated with route53
- cannot attach an Elastic IP or EIP or public IP
VPC
- allows to create a virtual network
- allows to create subnets inside it
- you need to assign a CIDR block range when creating a new VPC (this cannot be changed i.e. 192.168.0.0/16)
vpc peering
- cannot have overlapping network addresses
- limit is 50 vpc peers per vpc (could be raised to 125 by request)
NAT Gateway
- its a managed service you can use instead of hosting a NAT instance
- each subnets needs to have one NAT
- it is HA, available in each AZ
Subnets
- belongs to a VPC
- also need to select a AZ where the subnet should reside
- also takes a CIDR range i.e. 192.168.1.0/24
Creating a AWS Network
- Create a new VPC
CIDR range 192.168.0.0/16 - Create subnets
DMZ - 192.168.1.0/24, AZ1
DB - 192.168.2.0/24, AZ2 - Create Internet Gateway
By default it is detached from the VPC, you need to attach it to the VPC - Create Route table
- in the routes, target=igw-id, destination=0.0.0.0/0,
- attach the route table to the DMZ subnet
(what ever is put in DMZ will route to internet)
5 Create an Web EC2 instance
- select DMZ for subnet
- add an EIP
- Create a DB EC2 instance
- no EIP
- subnet = DB
At this point you should be able to login to Web instance and ping go out to the internet. But you will not be able to do it from DB instance since its in a private subnet and not natted.
- Create a new NAT Gateway
- add it to the DMZ subnet
- associate it with a new EIP
8 Create new route table
target=NAT Gateway, destination=0.0.0.0/0, subnet=DB
Now you should be able to route traffic from DB to internet but nothing from outside the VPC can communicate with DB instance.
Route 53
two modes
- public hosted zones
- private hosted zone
Placement Groups
- logical grouping of instances in a single AZ
- cant span multiple AZ
- name has to unique across AWS accounts (like S3 bucket)
- provides low latency and high bandwidth
- only the following ec2 types are supported - c3,
S3 Classes
- standars
- Infrequent Access (IA)
- reduced redundancy (RR)
S3 features
- versioning
- cross region replication
- permissions scheme
- time limited access
##Optimize for PUT - divide file into smaller pieces and upload in parallel
optimizing for GET
- use Cloud Front - low latency access, cache object
- range based gets
- randomize file name to avoid hot sports in storage
Securing S3
- bucket policies
- backup to different bucket
EBS Volumes
- need not be attached to EC2 instance
- can only be attached to one instance at a time
- encrypted
Glacier
- long term retention
- expensive to get data back
RDS
- multi AZ deployments
- can increase instance size, capacity etc
- its not does not scale automatically as Dynamo db, you have to manually provision stuff
- its a master slave setup, where both of them are in different AZ
- multi AZ master slave is not for scaling its for DR
- read replicas as for scaling
Dynamo DB
- fully managed highly scalable NoSQL database
- automatically replicates data across 3 AZ’s
CloudTrail v/s CloudWatch
CloudTrail
logs every event in AWS
CloudWatch
- Monitoring service
- not enabled by default
- can enable per region
- can set alarms on metrics
EC2 instance Costs
On Demand
- pay as you go
- good for autoscaling loads
Reserved Standard
- lower hourly rate instances based on yearly commitment
- good for constant running loads
Reserved Scheduled
- only reserve for some time of day or day of month.
- need to schedule it and the capacity will only be available during that time
Spot Instances
- bid for instances, they can be taken off anytime AWS has higher bid.
- good for grid computing
Dedicated Hosts
- runs on physical machine, you have complete visibility on the machine
- useful for license type scenarios
- most expensive
- complete isolation
Dedicated Instances
- same as hosts but you do not have visibility on the type of hardware but it still run on dedicated box.
EC2 Instance Family
- General Purpose
t2, m3, m4
These letters specify a similarity with hardware processor. So all t machines will have the same processor so will all m machines. - Compute Optimized
c3, c4 - Memory Optimized
r3 - ram3 - Storage Optimized
i2, d2 - GPU
g3
====
T2 (small) 1 CPU 2 GB RAM
T2 (XLarge) 4 CPU, 16GB RAM
C5 - Compute Intensive
R4 - Memory Intensive
EC2 Instances Types
On Demand
- pay by second no upfront cost
Reserved
- pay upfront with discount (1-3 years)
Spot Instances
- Bid and request instances, no guarantee they will be provided
- good for large loads
Scheduled Instances
- instances available on schedule (1 year cycle)
Dedicated Instances
- pay by hour
- single tenant hardware
- hardware not shared by others
Dedicated Hosts
- fully dedicated server
- can be used for compliance needs i.e. licensing etc
Autoscaling
Launch Configuration
- describes the template to launch the EC2 instance i.e. AMI, type, SG, Key etc
Autoscaling Groups
- collection of EC2 instances
- healthcheck
- desired capacity
- scaling plans (ways to scale)
1. scaling policy
2. based on a schedule
Scaling Policy Types
- simple scaling
- step scaling
Setting up ELB
- ELB
- external internal
- select subnets
- select security group
- select port http or https 80, 443
- select health checkcs - port/protocol - Launch Config
- select AMI
- select instance type
- select IAM role
- key
- no public ip address since ELB already has one
- select SG - Autoscaling Group
- select group size - initial size
- VPC
- subnets (public 1, public 2)
- ELB instance
- health check from ELB
- Add Scaling policies
a. increase group size
- create alarm - avg CPU > 80 for 5 mins take action of adding 2 instances and then wait for 5 mins
b. decrease group size
- create alarm - avg CPU < 50 for 5 mins take action of removing 2 instances and then wait for 5 mins
