AWS - HackMD

# AWS ## Networking and Content Delivery ### Amazon VPC def:provisioning a logically isolated section * control over your virtual networking resources * customize the network configuration * multiple layers of security ### VPC&Subnet * VPCs: • Logically isolated from other VPCs • Dedicated to your AWS account • Belong to a **single AWS Region and can span multiple Availability Zones** * Subnets: • Range of IP addresses that divide a VPC • Belong to a **single Availability Zone** • Classified as public or private ### VPC security **Security groups** * act at the instance level. * Default security groups **deny** all inbound traffic and allow all outbound traffic * stateful. **Network access control lists(ACL)** * Network ACLs act at the subnet level. * A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic. * Default network ACLs allow all inbound and outbound IPv4 traffic. * Network ACLs are stateless ![image](https://hackmd.io/_uploads/HyYw3qy4A.png) ### Amazon Route 53 def:highly available and scalable Domain Name System (DNS) web service * route end users to internet applications by translating names * Connects user requests to infrastructure running in AWS and also outside of AWS * Is used to check the health of your resources * Enables you to register domain names ### Amazon CloudFront def:globally distributed system of caching servers • Fast, global, and secure CDN service • Global network of edge locations and Regional edge caches • Self-service model • Pay-as-you-go pricing exam keyword: distribute content to global users with low latency ## Cloud Architecture ### AWS Well-Architected Framework **5 Pillars of framework** * Operational excellence: Run and monitor systems and provide solution to operation improving **process and procedure efficiency** * Security Protect information, systems, and assets while delivering business value * Reliability Prevent and quickly recover from failures * Performance efficiency Use IT and computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. * Cost optimization lowest price point example: One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture’s design? ### Reliability and availability **Reliability** def:A measure of your system’s ability to provide functionality when desired by the user * System: all system components * Probability: probability that function as intended for a specified period. * Mean time between failures: **Availability** • Normal operation time / total time • A percentage of uptime (for example, 99.9 percent) over time (for example, 1 year) • Number of 9s – Five 9s means 99.999 percent availability ![image](https://hackmd.io/_uploads/Skp9v9k4A.png) **AWS Trusted Advisor** def:Online tool that provides real-time guidance gives recommendations in five categories: * Cost Optimization * Performance * Security * Fault Tolerance * Service Limits ## Automatic Scaling and Monitoring ## Cloud Compute ### 1.compute Services ![image](https://hackmd.io/_uploads/HklJhoTQC.png) **How to choose:** What is your application design? What are your usage patterns? Which configuration settings will you want to manage? ### 2.EC2 def:Provides virtual machines full control over the guest operating system launch instances of any size into an AZ anywhere Use **Amazon CloudWatch** to monitor EC2 instances * Basic monitoring Default, no additional cost Metric data sent to CloudWatch every 5 minutes * Detailed monitoring Fixed monthly rate for seven pre-selected metrics Metric data delivered every 1 minute **Only instances that are backed by Amazon EBS can be stopped** **Instance type:** * General Purpose: broad range of workloads * Compute optimized: HPC related processor * Memory optimized: HPC database * Accelerated computing: App stream,graphic workloads. Supports GPU. * Storage optimized: Low latency and high I/O operation For distributed systems. #### pricing Model * On-Demand Instances * Dedicated Hosts Most Expensive a physical server * Dedicated Instances Higher costs Instances that run in a VPC on hardware that is dedicated to a single customer * Reserved Instances Discount on hourly charge * Scheduled Reserved Instances a capacity reservation 1-year term that is always available on a recurring schedule you specify #### Simple queue service ## Cloud Economics and billing ### 1. three basic element of pricing * compute * storage * data transfer ### 2.On-premises vs cloud ![image](https://hackmd.io/_uploads/BkuSTFoQR.png) ### 3.0AWS organization * Policy-based account management * Group based account management * Application programming interfaces (APIs) that automate account management * Consolidated billing #### IAM Policies enable youto allow or deny access to AWS services for users, groups, and roles. #### Service control policies enable you toallow or deny access to AWS services for individuals or group accounts in an **organizational unit** (OU). ### 3.1 AWS Billing and Cost Management * AWS Billing Dashboard Tools: AWS Budgets && AWS Cost and Usage Report && AWS Cost Explorer ## Storage ### Amazon Elastic Block Store def:create individual storage volumes and attach them to an Amazon instance. * automatically replicated within its Availability Zone * backed up automatically to Amazon S3 through snapshots * Object vs Block Object:Change one block (piece of the file) that contains the character Block:Entire file must be updated * Data transfer Inbound data transfer is free. Outbound data transfer across Regions incurs charges. ### Amazon Simple Storage Service def:Data objects in buckets Virtually **unlimited** storage Granular access to bucket and objects redundantly stored in the Region seamless scaling Access the data anywhere * S3 Bucket Types: * Standard 存取頻率較 standard 低 * Intelligent-Tiering: 自動使用者優化，將不常存取的檔案移動到較為便宜的 access tier，常用的則會留在 standard tier 自動成本最佳化最多幫使用者將資料移動到 IA tier * Standard-Infrequent Access (Amazon S3 Standard-IA) Infrequent but需要的時候還是可以馬上取得 * One Zone-Infrequent Access (Amazon S3 One Zone-IA) * Glacier 封存資料用(例如：稽核用的 log)，但不應該拿來備份用的 * Glacier Deep Archive 存取時間>12 小時費用最便宜 **We Dont pay for** Transfers IN to Amazon S3 Transfers OUT from Amazon S3 to Amazon CloudFront or Amazon EC2 in the same Region ### Amazon Elastic File System def:File system provide file storage **over a network** **Petabyte-scale, low-latency** file system **Shared** storage **Elastic** capacity * Application: big data and analytics, media processing workflows, content management, web serving, and home directories ### Amazon Simple Storage Service Glacier def:a data archiving service that is designed **for security**, durability, and an extremely low cost. supports the encrypted data through **SSL or TLS**. Vault Lock feature enforces compliance through a **policy** **low-cost and long-term backup** **lifecycle policies** enable you to delete or move objects based on age. ## Databases ### Relational Database Service def:typical relational DB * Managed vs unmanaged if Scaling, fault tolerance, and availability are managed by yourself. * Challenge: • Server maintenance and energy footprint • Software installation and patches • Database backups and high availability • Limits on scalability • Data security • Operating system (OS) installation and patches **you only manage Application optimization,aws will manage the remaining** ### DynamoDB Fast and flexible **NoSQL** database service for any scale Consists of Tables, items, and attributes two kinds of primary keys: Partition key Sort Key summary: Runs exclusively on SSDs. Replicates your tables automatically across your choice of AWS Regions. Works well for **mobile, web, gaming, adtech, and Internet of Things (IoT)** applications no limits on table size or throughput ### Redshift def:Parallel processing architecture Automation and scaling Compatibility Use case: Enterprise data warehouse (EDW) big data Software as a service (SaaS) ### Aurora def:Enterprise-class relational database MySQL or PostgreSQL Automated tasks ## Automatic Scaling and Monitoring ### Elastic Load Balancing def:Distributes incoming application or network traffic across multiple targets in a single or across multiple Availability Zones. ![image](https://hackmd.io/_uploads/rJ8ozcJN0.png) • Amazon CloudWatch metrics verify that the system is performing as expected and creates an alarm for unexpected situation • Access logs Capture detailed information about requests to l.b • AWS CloudTrail logs API interactions in AWS services. ### Amazon CloudWatch • Monitors – * AWS resources • Applications that run on AWS * Collects and tracks – • Standard metrics • Custom metrics * Alarms – • Send notifications to an Amazon SNS topic • Perform Amazon EC2 Auto Scaling or Amazon EC2 actions * Events – • Define rules to match changes in AWS environment and route these events to one or more target functions or streams for processing ### AWS Auto Scaling def:automatically adjusts capacity to maintain steady, predictable Can be used to scale dynamoDB performance at the **lowest possible cost** * simple, powerful user interface ### AWS artifact def:AWS Artifact provides on-demand access to select security reports ## Availability zone ![image](https://hackmd.io/_uploads/SyYCSI4NC.png) ## Lab 1 ### AWS IAM *def:a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS * Exploring pre-created IAM Users and Groups * Inspecting IAM policies as applied to the pre-created groups * Following a real-world scenario, adding users to groups with specific capabilities enabled * Locating and using the IAM sign-in URL * Experimenting with the effects of policies on service access **Objective:** Identity and Access Management Users and their access Roles and their permissions federated users and their permissions #### User Groups Managed Policies are *pre-built policies*(built either by AWS or by your administrators) that *can be attached to IAM Users and Groups* group *has a* Managed Policy ##### Structure of Manage policy: Effect Action Resource ##### Admin Has different policy it has an Inline Policy, which is a policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations. ### AWS network #### computer network def:two or more client machines that are connected together to share resources * A network can be logically partitioned into subnets * requires a device (such as a router or switch) to connect all the clients together * each client has an ip address * The combined total of the four numbers for an IP address is 32 bits in binary format. ipv4:32bits ipv6:128bits **CIDR:** * An IP address (which is the first address of the network) * a slash character (/) * Finally, a number that tells you how many bits of the routing prefix must be fixed or allocated for the network identifier #### VPC def:provisioning a logically isolated section of the AWS Cloud (called a virtual private cloud, or VPC) where you can launch your AWS resources. **elastic network interface** * Attach to an instance. * Detach from the instance, and attach to another instance to redirect network traffic.