Chapter 14 - Decoupling Workflows overview

Question 1

SQS queues (Simple Queue Service)

Answer 1

Is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

• Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.
• Get started with SQS in minutes using the AWS console, Command Line Interface or SDK of your choice, and three simple commands.

SQS offers two types of message queues.

1. Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery.
2. SQS FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent.

Question 2

ELBs (Elastic Load Balancers)

Answer 2

• Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances.
• It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones.

Elastic Load Balancing offers four types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault tolerant.

Application Load Balancer

1. Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic
2. Provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers.
3. Application Load Balancer routes traffic to targets within Amazon VPC based on the content of the request.

Network Load Balancer

1. Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Transport Layer Security (TLS) traffic where extreme performance is required.
2. Network Load Balancer routes traffic to targets within Amazon VPC and is capable of handling millions of requests per second while maintaining ultra-low latencies.

Gateway Load Balancer

1. Gateway Load Balancer makes it easy to deploy, scale, and run third-party virtual networking appliances.
2. Providing load balancing and auto scaling for fleets of third-party appliances,
3. Gateway Load Balancer is transparent to the source and destination of traffic.
4. This capability makes it well suited for working with third-party appliances for security, network analytics, and other use cases.

Classic Load Balancer

1. Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and the connection level.
2. Classic Load Balancer is intended for applications that were built within the EC2-Classic network.

Question 3

What type of decoupling makes sense?

Answer 3

• If we’re at a position where I don’t want to process all of that content at the exact same time, and it’s okay if there’s a little bit of delay, use those messaging queues.
• If I need to take one message coming in and fan it out, I might want to set up SNS to SQS to duplicate that workload so each backend can pull in the message whenever it’s ready.

Question 4

FIFO

Answer 4

generally want to prefer the managed AWS tools as opposed to the DIY option, so FIFO should be our primary choice

• going to want to think about including those ordering numbers in the messages themselves,
• and then the consumer of those messages will have to reassemble the order on its end.

Question 5

SNS (Simple Notification Service)

Answer 5

If it talks about any sort of proactive delivery, proactive notification – email, text, push –

• Can use SNS to alert us when our architecture auto-scales.
• We also want to keep in mind using SNS to fan out those messages to our SQS queues.
• CloudWatch loves SNS
• Think about using SNS to act as that notification tool whenever a CloudWatch alarm kicks off.
• In fact, if you need to know about anything happening inside of your AWS account, SNS is the tool that’s going to deliver that message.
• We can set up an SQS dead-letter queue for SNS topics

Question 6

API Gateway

Answer 6

• It acts as a secure front door to handle that external communication coming into your environment.
• If you see a scenario talking about creating or managing an API, look for answers that include API Gateway.
• It supports the use of the Web Application Firewall to help prevent DDoS attacks.
• It’s a fully-managed service that allows you to easily publish, maintain, monitor, and secure your API.
• It allows the outside world to talk to my resources in a way that is controlled, secured, monitored, and helps prevent abuse.
• I can put restrictions around who, what, when, and how my resources can be consumed.
• One of the major reasons that we want to consider using API Gateway in front of our applications is because we can protect our architecture using a WAF, which is a Web Application Firewall.
• When you make that request, to change something about your profile, to post that comment,you are making an API call through API Gateway.
• API Gateway has native integration with Lambda
• If I’m distributing, say, a mobile application, I don’t have to generate an IAM user to make calls to my backend. I can have API Gateway sit in the middle.
• I can create different versions of my API, so I can have my beta, my staging, my test environment.
• It allows me to stop baking those credentials into my applications, so I don’t have to use the access key secret key.
• This is how I get traffic from the public environment into my AWS account when it’s not specifically web traffic.

Question 7

dead-letter queue

Answer 7

• All the dead-letter queue is, it’s just another SQS queue that we can temporarily sideline messages into.
• dead-letter queue are the best sideline
• So instead of having that message languish in that primary SQS queue once we hit the number of retries that I’ve specified, the message is going to get moved to that dead-letter queue.
• The benefit of the dead-letter queue is that I can sideline those problematic messages
• I don’t just have to leave them in that SQS queue forever.
• if we’re going to create a dead-letter queue, we need to have that queue created before we create our primary queue.
• the dead-letter queue is not special. It’s just a standard SQS queue that acts as that reject folder.
• maximum receives. What this says is effectively the maximum retry value.
• set up that CloudWatch alarm to monitor that queue depth, because if the queue starts to fill up, you know we have a really big problem.
• Now, without this alarm, we really wouldn’t have any knowledge that the queue was backing up. So, it is important to select answers on the exam that include this additional step.
• 14 days is the longest a message can live in a dead-letter queue.
  *

Question 8

WAF (Web Application Firewall)

Answer 8

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources.

AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns,

• such as SQL injection
• cross-site scripting.
• You can also customize rules that filter out specific traffic patterns.
• AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of security rules.
• You can deploy AWS WAF on Amazon CloudFront as part of your CDN solution,
• the Application Load Balancer that fronts your web servers or origin servers running on EC2, Amazon API Gateway for your REST APIs, or AWS AppSync for your GraphQL APIs.
• With AWS WAF, you pay only for what you use and the pricing is based on how many rules you deploy and how many web requests your application receives.