Levering the AWS Global Infrastructure Flashcards
Why a Global application
- Global application is an application deployed in multiple geographies
- It could be region or Edge location
- Disaster recovery(DR)
- Attack protection:
Global application in AWS
Global DNS:Routes 53
- Route53 a managed DNS(Domain name system)
- Great to route users to the closet deployment with last latency
- For disaster recovery strategies
Route 53 features are (non exhaustive list): Domain Registration, DNS, Health Checks, Routing Policy
Routing 53 routing policies:
Simple routing policy
- no health checks
- Web browser go to our DNS system
- DNS query and get IPV4 as a result
Weight routing Policies :
- Some kind of load balancing
- can used health check
- Allow us to disturbing the traffic across multiple instances
- Which Route 53 Routing Policies would you use to route traffic to multiple resources in proportions that you specify?
Latency routing Policy:
- minimized latency
- Health check
- Route53 will be used to minimize latency between the user and server by making the user connect to server close to them
Failover Routing policy:
- disaster recovery
- Health check
- We have a client and a primary ec2 instance and a failover> DNS do an health check on the primary ec2 if the primary instance fail, then will be redirected to the the failover
Global content Delivery Network (CDN):
CloudFront
- Replicate part of your application to AWS edge location - decrease latency
- Cache common requests- improve user experience and decreased latency
- Improve read performance, content is cached at the edge
- DDoS protection because worldwide, integration with shield AWS web application firewall
- What does AWS CloudFront use to improve read performance?
( caching content in edge locations) - With which services does CloudFront integrate to protect against web attacks? AWS WAF , and AWS Shield Advanced.
You can use AWS WAF web access control lists (web ACLs) to help minimize the effects of a distributed denial of service (DDoS) attack. For additional protection against DDoS attacks, AWS also provides AWS Shield Standard and AWS Shield Advanced.
Cloudfront - S3 bucket origins
- For distributing files and caching them at the edge
- Enhanced security with cloudfront origin access identity (OAI)
- cloud front can be used as an ingress (to upload files to S3)
Custom origin (HTTP)
- Application load balancer
- EC2 instance
- S3 website ( must first enable the bucket as static S3 website)
- Any HTTP backend you want
Cloudfront works
Cloudfront edge location(allover the world) connected to origin and when the client connect and make an http request to your edge location, the edge location will see if it has it in the cache, if not it will go to the origin to get the request result, and when it retrieve the result, it will cache it to a local cache so if another client want the same content, from the same edge location, then the edge location does not need to go to the origin.
How to use: S3 as an origin
using cloudfront and edge location we can see that the content of our s3 block in one region can be be distributed all around the world through the edge location or point of present
S3 transfer Acceleration
- Accelerate global upload & downloads into Amazon s3: that is far always from you
- Increase transfer speed by transferring files to an AWS edge location which will forward the data to the S3 Bucket in the target region
- You need to enable fast, easy, and secure transfers of files over long distances on S3. Which service would you use?
AWS global Accelerator:
- Improve global application availability and performance using the AWS global network
- 2 Anycast IP
- The Edge location send the traffic to your application
AWS outposts
- are server racks
- AWS will setup and manage “outposts Racks”
- Deploy outposts Racks in your own bata centers to extend AWS service
- Which service can be used to run AWS infrastructure and services on-premises for a hybrid cloud architecture?
AWS outposts : Benefit
- Low latency access to on-prem system
- Local data processing
- Data residency
- Easier migration from on-prem to the cloud
- Fully managed service
- Service that work on outposts:
Ec2, EBS, S3, EKS, ECS, RDS, EMR