Compute & Load Balancing Flashcards
EC2 R Instance Types
Applications that need a lot of RAM (e.g in memory cache)
EC2 C Instance Types
Applications that need good CPU (e.g databases or compute)
EC2 M Instance Types
Applications that are balanced (e.g general or web apps)
EC2 I Instance Types
Applications that need good local I/O (e.g databases)
EC2 G Instance Types
Applcations that need a GPU (e.g video rendering or machine learning)
EC2 T2/T3 Instance Types
Burstable instances
EC2 Cluster Placement Strategy
Clusters instances into a low latency group in a single AZ
* Pro: Low latency
* Con: If the rack fails, all instances fail
EC2 Spread Placement Strategy
Spreads instances across underlying hardware
* Pro: span across AZs, reduce risk of simultaneous failure
* Con: Limited to 7 instances per group per AZ
EC2 Partition Placement Strategy
Spreads instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups in different partitions
How to move instances between placement groups
- Stop the instance
- Use the CLI to modify the placement
- Start the instance
EC2 Instance Launch Type
- On demand: short workload, predictable pricing, reliable
- Spot: short workload, cheap, can lose instances
- Reserved: minimum 1 year
- Dedicated: no other customers will share hardware
- Dedicated host: book an entire physical server and control instance placement
AWS Saving Plans
Get a discount based on long-term usage, any usage beyond is billed as on-demand
EC2 Saving Plans
Up to 72% discount (same as standars RIs)
1. Select instance family and region
2. Flexible across size, OS and tenancy
Compute Saving Plans
Up to 66% discount (same as Convertible RIs)
1. Ability to move between instance families, region, compute type (EC2, Fargate, Lambda)
EC2 Graviton
Family of processors designed to deliver the best price performance for your cloud workloads
EC2 Enhanced Networking
Higher bandwidth, higher pps, lower latency
* Elastic Network Adapter (ENA) up to 100 Gbps
* Legacy: Intel 82599 VF
Elastic Fabric Adapter
Improved Elastic Network Adapter, only works for Linux. Great for inter node communication, tightly coupled workloads.
Auto Scaling Groups
Dynamic Scaling Policies
- Target tracking scaling: Increase and decrease the capacity based on a CloudWatch metric and a target value
- Simple step scaling: Increase and decrease capacity based on a set of scaling adjustments
- Scheduled actions
Auto Scaling Groups
Predictive Scaling
Continously forecast load and schedule scaling ahead
EC2 Spot Instances discount
Up to 90% compared to On-Demand
Spot Fleets
Set of Spot Instances and On-Demand Instances.
- Define launch pools (instance type, OS, AZ)
- Can have multiple pools to choose from
Strategies to allocate Spot Instance
- lowestPrice
- diversified distributed across all pools
- capacityOptimized
- priceCapacityOptimized (recommended) pools with highest capacity, then select the lowest price
ECS - ALB Integration
Dynamic Port Mapping so multiple instances of the same task can be deployed on the same EC2 instance
Note: host and awsvpc networking do not support Dynamic Port Mapping
ECS networking
- none: don’t have external connectivity and port mappings can’t be specified
- bridge: uses Docker’s built-in virtual network
- host: maps container ports directly to the ENI of the instance that hosts the task. A port on a host can’t be used by multiple tasks.
- awsvpc: the task is allocated an elastic network interface (default for Fargate)
Fargate Spot Instances
Specify minimum number of regular tasks that should run at all times and then add tasks on Fargate Spot to improve service performance in a cost-efficient way.
ECR Image Scanning
- Manual scan or scan on push
- Basic scanning (common CVE)
- Enhanced scanning: Leverages Inspector
Data Volumes EKS
Specify StorageClass manifest, leverages a Container Storage Interface compliant.
Support with EBS, EFS, and FSx.
AWS App Runner
Fully managed service that builds and deploy web applications and APIs
ECS Anywhere
Run containers on customer managed infrastructure. Install ECS Container Agent and SSM Agent, deploy with EXTERNAL launch type.
EKS Distro
Kubernetes distribution mantained by AWS
EKS Anywhere
Create and operate Kubernetes clusters outside AWS. Reduce support costs and avoid maintaining 3rd party tools
EKS Connector
Connect an EKS Anywhere cluster to AWS.
- Fully connected & Partially Disconnected to levarage the EKS console
Lambda & Code Deploy
CodeDeploy can help automate traffic shift for Lambda aliases.
- Linear: grow traffic every N minutes
- Canary: try x% then 100%
- AllAtOnce
Lambda Logging, Monitoring and Tracing
- CloudWatch
- X-Ray: run a deamon and should use AWS SDK in code
Lambda Aynchronous vs Synchronous Invocation
- Synchronous: Error handling must happen client side
- Asynchronous: Lambda attepts to retry on 3 errors. The processing must be idempotent
Protocols supported by load balancers
- Classic Load Balancer: HTTP, HTTPS, TCP, SSL
- Application Load Balancer: HTTP HTTPS, WebSocket
- Network Load Balancer: TCP, TLS, UDP
- Gateway Load Balancer: IP
Difference in certificates between LB and ALB
LB supports only one SSL certificate, it can have many Subject Alternate Name (SAN). ALB supports Server Name Indication (SNI), which allows to present multiple certificates.
ALB Target Groups
- EC2 instances
- ECS tasks
- Lambda functions (HTTP request is translated into a JSON event)
- IP addresses (must be private)
Use case for NLB
Extreme performance. Less latency (100ms vs 400ms for ALB).
* EC2 instances
* IP addresses
* ALB
Use case ALB as target group for NLB
When you need to have an static IP address
NLB
Zonal DNS Name
Use to determine the IP address of an specific node to limit cross-zone traffic.
https://aws.amazon.com/es/blogs/networking-and-content-delivery/resolve-dns-names-of-network-load-balancer-nodes-to-limit-cross-zone-traffic/
Cross zone load balancing
Each load balancer node distributes traffic across the registered targets in all enabled Availability Zones.
It costs for NLB and GLB, other balancers doesn’t generate charge.
https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html#cross-zone-load-balancing
Sticky Sessions in Load Balancers
The same client is always redirected to the same instance behind. It works for CLB and ALB.
LB Request Routing Algorithm
Least Outstanding Requests
The next instance to receive the request is the one that has the lowest number of pending requests
(ALB and CLB)
LB Request Routing Algorithm
Round Robin
Equally choose the targets from the target group.
(ALB and CLB)
LB Request Routing Algorithm
Flow Hash
Selects a target based on the protocol, IP Address, port and TCP sequence number. Each connection is routed to a singe target for the life of the connection.
Works with NLB.
API Gateway limits
- 29 seconds timeout to respond a request
- 10 MB max payload size
API Gateway response pane
The response consists of an HTTP status code, a set of additional headers that are specified by parameter mappings, and a payload that is generated by a non-VTL mapping template.
API Gateway
WebSocket API
- Two way interactive communication between a users browser and a server
- Server can push information to the client
- This enables stateful applications
AWS AppSync
Enables developers to connect their applications and services to data and events with secure, serverless and high-performing GraphQL and Pub/Sub APIs.
AWS AppSync Events
- Real time updates and events
- Pub/Sub channels
- Event handlers to transform before publish
AWS AppSync Authorization
Perform authorization on Cognito users bases on the groups they belong to.
EC2 with Elastic IP
The Elastic IP Address is moved to an standby instance.
* Quick failover
* Helpful if the client resolves by static public IP address
* Doesn’t scale
DNS based load balancing
Ability to use multiple instances
* Route53 TTL implies clients might not be able to access if their instance fails
* Adding an instance may not receive full traffic due tu DNS TTL
AWS Outposts
Server racks within your on-premises infrastructure that offers AWS services (EC2, EBS,S3, EKS, ECS, RDS and EMR), APIs and tools.
Your are responsible of physical security.
S3 on AWS Outposts
Store and retrieve data locally, reducing data transfers to AWS regions. Storage class named S3 Outposts.
To access from AWS use S3 Access Point or syncrnonize with DataSync
AWS WaveLength
Brings AWS services to the edge of 5G networks, with infrastructure embedded within the telecommunications providers. No additional charges.
It is connected to AWS Regions.
AWS Local Zones
Extensions of an AWS Region to place AWS services closer to end users to run latency sensitive applications.
Amazon CloudFront
Improves read performance because contents is cached at the edge. Expose external HTTPS
Amazon CloudFront - Origins
- S3 Buckets: For distributing and loading files. You can use Origin Acccess Control for security.
- S3 configured as a website: Enable Static Webshite Hosting
- MediaStore & MediaPackage: Deliver video on demand
- Custom origin: HTTP endpoints
CloudFront vs S3 Cross Region Replication
CloudFront
Great for static content that mus be available everywhere
S3 Cross Region Replication
Great for dynamic content that needs to be available at low-latency in few regions
CloudFront Origin Groups
A primary and secondary origin to increase availability and do failover. Origins can be cross regions.
CloudFront Geo Restrictions
Restrict which countries can access distribution
CloudFront Pricess Classes
- Price class all: best performance
- Price class 200: most regions, but excludes the most expensive
- Price class 100: only the least expensive regions
CloudFront Functions & Lambda Edge deployment
Lambda Edge Functions are deployed at Regional Edge Caches. While CloudFront Functions are deployed at Edge Locations.
When to use Lambda Edge over CloudFront Functions
- Longer execution time (more than 1ms)
- Adjustable CPU or Memory
- Access to the request body or file system
- Network access
- Third party APIs calls
- Loading content based on User Agent
CloudFront Functions use cases
- Cache key normalization: Transform request attributes (headers, cookies, query strings, URL)
- Header manipulation
- URL rewrites or redirects
- Request authentication & authorization
ElastiCache Use Cases
- Database cache
- User Session Store
ElastiCache
Redis vs Memcached
Redis:
* Multi AZ with auto-failover
* Read replicas
* Peristent
Memcached
* Multi node for partitioning data
* Non persistent
* Multi-threaded architecture
AppStream 2.0
Fully managed application streaming service that provides users with instant access to their desktop applications from anywhere.
Access SaaS products through AWS Private Link
- The service provider creates an endpoint service
- You create an interface VPC endpoint, establishes connections between subnets in your VPC and the endpoint service
Associating a VPC and a private hosted zone in different accounts
- Using the account that created the hosted zone, authorize the association of the VPC
- Using the account that created the VPC, associate the VPC with the hosted zone
- Delete the authorization to associate the VPC with the hosted zone.
