Basic Services Flashcards
ELB
- region wide
- can be deployed to multiple AZ
- internal (private IP) or external
- capable of sticky sessions
- integrates with auto scaling
- health checks for EC2 instances
- integrated with route53
- cannot attach an Elastic IP or EIP or public IP
VPC
- allows to create a virtual network
- allows to create subnets inside it
- you need to assign a CIDR block range when creating a new VPC (this cannot be changed i.e. 192.168.0.0/16)
vpc peering
- cannot have overlapping network addresses
- limit is 50 vpc peers per vpc (could be raised to 125 by request)
NAT Gateway
- its a managed service you can use instead of hosting a NAT instance
- each subnets needs to have one NAT
- it is HA, available in each AZ
Subnets
- belongs to a VPC
- also need to select a AZ where the subnet should reside
- also takes a CIDR range i.e. 192.168.1.0/24
Creating a AWS Network
- Create a new VPC
CIDR range 192.168.0.0/16 - Create subnets
DMZ - 192.168.1.0/24, AZ1
DB - 192.168.2.0/24, AZ2 - Create Internet Gateway
By default it is detached from the VPC, you need to attach it to the VPC - Create Route table
- in the routes, target=igw-id, destination=0.0.0.0/0,
- attach the route table to the DMZ subnet
(what ever is put in DMZ will route to internet)
5 Create an Web EC2 instance
- select DMZ for subnet
- add an EIP
- Create a DB EC2 instance
- no EIP
- subnet = DB
At this point you should be able to login to Web instance and ping go out to the internet. But you will not be able to do it from DB instance since its in a private subnet and not natted.
- Create a new NAT Gateway
- add it to the DMZ subnet
- associate it with a new EIP
8 Create new route table
target=NAT Gateway, destination=0.0.0.0/0, subnet=DB
Now you should be able to route traffic from DB to internet but nothing from outside the VPC can communicate with DB instance.
Route 53
two modes
- public hosted zones
- private hosted zone
Placement Groups
- logical grouping of instances in a single AZ
- cant span multiple AZ
- name has to unique across AWS accounts (like S3 bucket)
- provides low latency and high bandwidth
- only the following ec2 types are supported - c3,
S3 Classes
- standars
- Infrequent Access (IA)
- reduced redundancy (RR)
S3 features
- versioning
- cross region replication
- permissions scheme
- time limited access
##Optimize for PUT - divide file into smaller pieces and upload in parallel
optimizing for GET
- use Cloud Front - low latency access, cache object
- range based gets
- randomize file name to avoid hot sports in storage
Securing S3
- bucket policies
- backup to different bucket
EBS Volumes
- need not be attached to EC2 instance
- can only be attached to one instance at a time
- encrypted
Glacier
- long term retention
- expensive to get data back
RDS
- multi AZ deployments
- can increase instance size, capacity etc
- its not does not scale automatically as Dynamo db, you have to manually provision stuff
- its a master slave setup, where both of them are in different AZ
- multi AZ master slave is not for scaling its for DR
- read replicas as for scaling
Dynamo DB
- fully managed highly scalable NoSQL database
- automatically replicates data across 3 AZ’s
CloudTrail v/s CloudWatch
CloudTrail
logs every event in AWS
CloudWatch
- Monitoring service
- not enabled by default
- can enable per region
- can set alarms on metrics
