Performance Efficiency - Network performance options

Question 1

Network considerations

Answer 1

• Latency
• Throughput: size of the pipe to move data from a point to another
• AWS services:
• Direct Connect: provides security and a defined throughput between data center and AWS
• VPC endpoints: allows to connect to other AWS services using a VPC through a private AWS network, not internet (i.e. when a S3 bucket needs internet to connect to a specific VPC)
• EC2 instance types: some instance have better network performance than others

Question 2

Regions and AZs - Characteristics

Answer 2

• Regions and AZs are isolated from each other. But every AZ is connected through high throughput
• Each AZ has redundant power and network connectivity
• Criteria to choose regions:
• Laws and regulations
• User location to reduce latency
• Data location to reduce cost and latency time
• Costs: prices may vary in some services

Question 3

Local zones - Characteristics

Answer 3

• Built in large cities where there isn’t a region to provide very low latency access
• Connected to a nearby region with high throughput low latency connections
• It has a subset of available AWS services such as EC2, EBS, VPC, RDS, and others
• Can use Direct Connect as a link to the local zone, so a VPC can be extended to include services of a local zone

Question 4

CloudFront - Characteristics

Answer 4

• It serves as a CDN to store static content and dynamic content (intelligent caching)
• Edge locations (EL) are part of the AWS global network and are outside of regions
• Can use Geo restriction feature, or from a third party, to perform two things: allow access to specific content from a whitelist of countries, or prohibit access to specific content from a blacklist of countries
• Lambda@Edge is a feature that lets you run serverless code closer to the users of your application, which improves performance and reduces latency

Question 5

CloudFront - Origins

Answer 5

• An origin is the origin of the file that CloudFront will distribute
• Can be either an S3 bucket, an EC2 instance, an ELB, a Route 53, or a external resource
• A custom origin is a HTTP server. Can be an EC2 instance or an external web server
• Objects are cached for 24 hours by default

Question 6

CloudFront - Dynamic Content Delivery

Answer 6

• Using CloudFront dynamic content delivery can be improved, when provided by web applications / APIs directly from an ELB / EC2 instances to end users on the internet
• It boosts the performance, availability, and security. End users connections are terminated at CloudFront locations closer to them to reduce latency

Question 7

CloudFront - Restrict access to S3 by using OAI

Answer 7

1. Create a special CloudFront user called an origin access identity (OAI)
2. Associate the user with the CloudFront distribution
3. Configure a S3 bucket policy so that CloudFront can use the OAI to access the files

NOTE: Only can be used to restrict access to S3, not other services like EC2 or ELB

Question 8

CloudFront - Signed URLs and Signed Cookies

Answer 8

• They allow to control who can access your content
• When you use both, signed URLs take precedence over signed cookies
• When to use signed URLs:
• To restrict access to individual files
• Users are using a client that doesn’t support cookies
• When to use signed cookies:
• To provide access to multiple restricted files, for example, all of the files in the subscribers’ area of a website
• Don’t want to change your current URLs

Question 9

CloudFront - Pricing

Answer 9

• For on-demand pricing, charges apply for transfers out from ELs, and HTTP / HTTPS requests
• Can agreed a 1 year commitment on the self-service CloudFront Savings Bundle to save up to 30% compared to on-demand
• Also can have custom pricing based on minimum traffic commitments, which may be 10 TB/month or higher

Question 10

Route 53 - Characteristics

Answer 10

• It’s a highly available and scalable DNS web service
• Can perform three main functions in any combination: domain registration, DNS routing, and health checking
• Alias records can be created to point AWS resources or another Route 53 record in the same hosted zone. Some resources could be a CloudFront distribution, an ElasticBeanstalk environment, an ELB, or a S3 bucket

Question 11

Route 53 - Common supported records

Answer 11

• Alias record points a hostname to an AWS resource. CNAME record points a hostname to any other hostname
• Alias works for root and non-root domains. CNAME works only for non-root domains
• Alias can point to an ELB, CloudFront distribution, Elastic Beanstalk environment, S3 bucket (static website), or another record in the same hosted zone
• CNAME points to any DNS record that is hosted anywhere
• An A record points a hostname to an IPV4 address. An AAAA record points a hostname to an IPV6 address

Question 12

Route 53 - Routing policies

Answer 12

• Simple routing policy: for a single resource that performs a given function for a domain
• Failover routing policy: to configure active-passive failover
• Geolocation routing policy: to route traffic based on the location of the users
• Geo-proximity routing policy: to route traffic based on the location of your resources
• Latency routing policy: when you use multiple regions, to route traffic to the Region that provides the best latency with less round-trip time
• Multi-value answer routing policy: to route traffic approximately randomly to multiple resources, such as web servers
• Weighted routing policy: to route traffic to multiple resources in proportions that you specify

Question 13

Route 53 - Public Hosted zones

Answer 13

• Contain records that specify how to route traffic on the internet.
• Can be created in two ways:
• When you register a domain with Route 53, AWS creates a hosted zone automatically
• When you transfer a DNS service from an existing domain to Route 53, you must create a hosted zone for the domain

Question 14

Route 53 - Private Hosted zones

Answer 14

• Contain records that specify how to route traffic in one or more VPCs
• Here is how to use them:
  1. Create a private hosted zone, and specify the VPCs associated with the hosted zone
  2. Create records in the hosted zone that determine how Route 53 responds to DNS queries within and among your VPCs
  3. When an application submits a DNS query, Route 53 returns the corresponding IP address
  4. The application uses the returned IP address

Question 15

Route 53 - Pricing

Answer 15

• Hosted zones: charged for each managed hosted zone
• DNS queries: charged for DNS queries answered by Route 53. Except for queries to Alias A records mapped to ELBs, CloudFront distributions, Elastic Beanstalk environments, API Gateways, VPC endpoints, or S3 buckets
• Domain names: charged annually for each domain name registered via or transferred into Route 53