AWS

Networking and Content Delivery

Amazon VPC

def:provisioning a logically isolated section

• control over your virtual networking resources
• customize the network configuration
• multiple layers of security

VPC&Subnet

• VPCs:
  • Logically isolated from other VPCs
  • Dedicated to your AWS account
  • Belong to a single AWS Region and
  can span multiple Availability Zones
• Subnets:
  • Range of IP addresses that divide a VPC
  • Belong to a single Availability Zone
  • Classified as public or private

VPC security

Security groups

• act at the instance level.
• Default security groups deny all inbound traffic and allow all outbound traffic
• stateful.
  Network access control lists(ACL)
• Network ACLs act at the subnet level.
• A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic.
• Default network ACLs allow all inbound and outbound IPv4 traffic.
• Network ACLs are stateless

Amazon Route 53

def:highly available and scalable Domain Name System (DNS) web service

• route end users to internet applications by translating names
• Connects user requests to infrastructure running in AWS and also outside of AWS
• Is used to check the health of your resources
• Enables you to register domain names

Amazon CloudFront

def:globally distributed system of caching servers
• Fast, global, and secure CDN service
• Global network of edge locations and
Regional edge caches
• Self-service model
• Pay-as-you-go pricing
exam keyword:
distribute content to global users with low latency

Cloud Architecture

AWS Well-Architected Framework

5 Pillars of framework

• Operational excellence:
  Run and monitor systems and provide solution to operation improving process and procedure efficiency
• Security
  Protect information, systems, and assets while delivering
  business value
• Reliability
  Prevent and quickly recover from failures
• Performance efficiency
  Use IT and computing resources efficiently to meet system
  requirements and to maintain that efficiency as demand
  changes and technologies evolve.
• Cost optimization
  lowest price point
  example:
  One of the most important AWS best-practices to follow is the cloud architecture principle of elasticity. How does this principle improve your architecture’s design?

Reliability and availability

Reliability
def:A measure of your system’s ability to provide functionality
when desired by the user

• System:
  all system components
• Probability:
  probability that function as intended for a specified period.
• Mean time between failures:

Availability
• Normal operation time / total time
• A percentage of uptime (for example, 99.9 percent) over time (for example,
1 year)
• Number of 9s – Five 9s means 99.999 percent availability

AWS Trusted Advisor
def:Online tool that provides real-time guidance
gives recommendations in five categories:

• Cost Optimization
• Performance
• Security
• Fault Tolerance
• Service Limits

Automatic Scaling and Monitoring

Cloud Compute

1.compute Services

How to choose:
What is your application design?
What are your usage patterns?
Which configuration settings will you want to manage?

2.EC2

def:Provides virtual machines
full control over the guest operating system
launch instances of any size into an AZ anywhere
Use Amazon CloudWatch to monitor EC2 instances

• Basic monitoring
  Default, no additional cost
  Metric data sent to CloudWatch every 5 minutes
• Detailed monitoring
  Fixed monthly rate for seven pre-selected metrics
  Metric data delivered every 1 minute
  Only instances that are backed by Amazon EBS can
  be stopped

Instance type:

• General Purpose:
  broad range of workloads
• Compute optimized:
  HPC related processor
• Memory optimized:
  HPC database
• Accelerated computing:
  App stream,graphic workloads.
  Supports GPU.
• Storage optimized:
  Low latency and high I/O operation
  For distributed systems.

pricing Model

• On-Demand Instances
• Dedicated Hosts
  Most Expensive
  a physical server
• Dedicated Instances
  Higher costs
  Instances that run in a VPC on hardware
  that is dedicated to a single customer
• Reserved Instances
  Discount on hourly charge
• Scheduled Reserved Instances
  a capacity reservation
  1-year term that is always available on a recurring
  schedule you specify

Simple queue service

Cloud Economics and billing

1. three basic element of pricing

• compute
• storage
• data transfer

2.On-premises vs cloud

3.0AWS organization

• Policy-based account management
• Group based account management
• Application programming interfaces (APIs)
  that automate account management
• Consolidated billing

IAM Policies

enable youto allow or deny access
to AWS services for users, groups, and roles.

Service control policies

enable you toallow or deny access to AWS services for
individuals or group accounts in an organizational unit (OU).

3.1 AWS Billing and Cost Management

• AWS Billing Dashboard
  Tools:
  AWS Budgets && AWS Cost and Usage Report && AWS Cost Explorer

Storage

Amazon Elastic Block Store

def:create individual storage volumes and attach
them to an Amazon

instance.

• automatically replicated within its Availability Zone
• backed up automatically to Amazon S3 through snapshots
• Object vs Block
  Object:Change one block (piece of the file) that contains the character
  Block:Entire file must be updated
• Data transfer
  Inbound data transfer is free.
  Outbound data transfer across Regions incurs charges.

Amazon Simple Storage Service

def:Data objects in buckets
Virtually unlimited storage
Granular access to bucket and objects
redundantly stored in the Region
seamless scaling
Access the data anywhere

• S3 Bucket Types:

• Standard
  存取頻率較 standard 低

• Intelligent-Tiering:
  自動使用者優化，將不常存取的檔案移動到較為便宜的 access tier，常用的則會留在 standard tier
  自動成本最佳化
  最多幫使用者將資料移動到 IA tier

• Standard-Infrequent Access (Amazon S3 Standard-IA)
  Infrequent but需要的時候還是可以馬上取得

• One Zone-Infrequent Access (Amazon S3 One Zone-IA)

• Glacier
  封存資料用(例如：稽核用的 log)，但不應該拿來備份用的

• Glacier Deep Archive
  存取時間>12 小時
  費用最便宜
  We Dont pay for
  Transfers IN to Amazon S3
  Transfers OUT from Amazon S3 to Amazon CloudFront or Amazon EC2 in the same
  Region

Amazon Elastic File System

def:File system provide file storage over a network
Petabyte-scale, low-latency file system
Shared storage
Elastic capacity

• Application:
  big data and analytics, media processing workflows,
  content management, web serving, and home directories

Amazon Simple Storage Service Glacier

def:a data archiving service that is designed for security,
durability, and an extremely low cost.
supports the encrypted data through SSL or TLS.
Vault Lock feature enforces compliance through a policy
low-cost and long-term backup
lifecycle policies enable you to delete or move objects based on
age.

Databases

Relational Database Service

def:typical relational DB

• Managed vs unmanaged
  if Scaling, fault tolerance, and availability are managed by yourself.
• Challenge:
  • Server maintenance and energy footprint
  • Software installation and patches
  • Database backups and high availability
  • Limits on scalability
  • Data security
  • Operating system (OS) installation and patches
  you only manage Application optimization,aws will manage the remaining

DynamoDB

Fast and flexible NoSQL database service for any scale
Consists of Tables, items, and attributes
two kinds of primary keys:
Partition key
Sort Key
summary:
Runs exclusively on SSDs.
Replicates your tables automatically across your
choice of AWS Regions.
Works well for mobile, web, gaming, adtech, and
Internet of Things (IoT) applications
no limits on table size or throughput

Redshift

def:Parallel processing architecture
Automation and scaling
Compatibility
Use case:
Enterprise data warehouse (EDW)
big data
Software as a service (SaaS)

Aurora

def:Enterprise-class relational database
MySQL or PostgreSQL
Automated tasks

Automatic Scaling and Monitoring

Elastic Load Balancing

def:Distributes incoming application or network traffic across multiple targets in a single or across multiple Availability Zones.

• Amazon CloudWatch metrics
verify that the system is performing as expected and creates an alarm for unexpected situation
• Access logs
Capture detailed
information about requests to l.b
• AWS CloudTrail logs
API interactions in AWS services.

Amazon CloudWatch

• Monitors –

• AWS resources
  • Applications that run on AWS
• Collects and tracks –
  • Standard metrics
  • Custom metrics
• Alarms –
  • Send notifications to an Amazon SNS
  topic
  • Perform Amazon EC2 Auto Scaling or
  Amazon EC2 actions
• Events –
  • Define rules to match changes in AWS
  environment and route these events to
  one or more target functions or
  streams for processing

AWS Auto Scaling

def:automatically adjusts capacity to maintain steady, predictable
Can be used to scale dynamoDB
performance at the lowest possible cost

• simple, powerful user interface

AWS artifact

def:AWS Artifact provides on-demand access to select security reports

Availability zone

Lab 1

AWS IAM

*def:a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS

• Exploring pre-created IAM Users and Groups
• Inspecting IAM policies as applied to the pre-created groups
• Following a real-world scenario, adding users to groups with specific capabilities enabled
• Locating and using the IAM sign-in URL
• Experimenting with the effects of policies on service access
  Objective:
  Identity and Access Management
  Users and their access
  Roles and their permissions
  federated users and their permissions

User Groups

Managed Policies are pre-built policies(built either by AWS or by your administrators) that can be attached to IAM Users and Groups
group has a Managed Policy

Structure of Manage policy:

Effect
Action
Resource

Admin Has different policy

it has an Inline Policy, which is a policy assigned to just one User or Group. Inline Policies are typically used to apply permissions for one-off situations.

AWS network

computer network

def:two or more client machines that are connected together to share resources

• A network can be logically partitioned into subnets
• requires a device (such as a router or switch) to connect all the clients together
• each client has an ip address
• The combined total of the four numbers for an IP address is 32 bits in binary format.
  ipv4:32bits
  ipv6:128bits
  CIDR:
• An IP address (which is the first address of the network)
• a slash character (/)
• Finally, a number that tells you how many bits of the routing prefix must be fixed or allocated for the network identifier

VPC

def:provisioning a logically isolated section of the AWS Cloud (called a virtual private cloud, or VPC) where you can launch your AWS resources.
elastic network interface

• Attach to an instance.
• Detach from the instance, and attach to another instance to redirect network traffic.