Previously, we talked about some foundation services, security, database options and elasticity in AWS. This article will like a cheat sheet to summarize what we learnt. In fact, I list out some important points which will appear on AWS examination, especially for solution architecture associate and professional.
EC2 is resizable compute capacity. Users can complete control of your computing resources. It reduced time required to obtain and boot new server instances. We can use tags to help manage Amazon EC2 resources.
- An AMI defines root volumes (OS, app server, etc), launch permissions and what block volumes to attach.
- When launching an EC2 instance from an AMI, we can launch multiple instances of a different types.
- Storage-optimized instance can be used for a system designed for data warehousing, logging, or data-processing applications.
VPCs and Subnets
Simply speaking, VPC provision a private, isolated virtual network on the AWS cloud. It completely controls over our virtual network environment.
- We can customize the network configuration for our VPC such as selection of IP address range, creation of subnets, configuration of route tables and network gateways.
- Usually, we use public subnet for web server while private subnet for application server.
- When we want to control inbound and outbound traffic, we will use security groups for EC2 while Network ACLs for subnet.
- We can create a VPN connection to our remote network by using an Amazon EC2 instance in our VPC that is running a software VPN appliance.
S3 is a storage for the internet and natively online through HTTP access. EBS is a persistent block level storage volumes. It offers consistent and low-latency performance. Instance storage is local, complimentary direct attached block storage. It is optimal for up to 365,000 read IOPS. Also, it has no persistence.
- There are some common use cases for Amazon S3: storage and backup, application file hosting, media hosting, software delivery and store AMIs and snapshots.
- Data is stored using Amazon S3 as objects.
- EBS would be best suited for an application that require a database, file system, or access to raw block-level storage.
Shared Responsibility Model
- Under the shared responsibility model, security of the platform, OS, firewall configuration and network traffic protection are responsibilities of the customer.
- By using API endpoints, AWS allows HTTPS access so that we can establish secure communication sessions with our AWS services, including SSL and TLS using customer access points.
- We are able to define accept traffic only from a load balancer for our security group to prevent individual clients from overloading a single server.
AWS Identity and Access Management (IAM)
- We can assign policies to IAM users, groups and roles.
- We may assume IAM roles for IAM users, applications and services.
- AWS IAM is not appropriate for OS and application authentication.
- It is considered a best practice to use roles for applications that run on Amazon EC2 instances.
- CloudTrail can be used to record AWS API calls for accounts, deliver log files to an Amazon S3 bucket, make calls using AWS management console, AWS SDKs, AWS CLI and higher-level AWS services.
Amazon Relational Database Service (RDS)
- We could use MySQL, MariaDB, Microsoft SQL server, Oracle or PostgreSQL with RDS.
- Automatic backups on RDS are enabled by default.
- Security groups control which IP address or EC2 instances can connect to our databases on a DB instance.
- Provision a multi-AZ DB instance which will automatically replicate the data to a standby instance in a different AZ.
- Amazon DynamoDB allows us to store any amount of data with no limits.
- It provides fast, predictable performance using SSD.
- It allows us to easily provision and change the request capacity needed for each table.
- RDS is not fully managed by AWS while DynamoDB is full managed service.
- CloudWatch is a metrics repository. AWS products put metrics into the repository, and we retrieve statistics based on the metrics. Statistics can be graphically presented in the CloudWatch console.
- We can set alarms to receive notifications on specific metrics.
- Also, we can create custom application-specific metrics of our own.
- Auto scaling launch configuration is a template that an auto scaling group uses to launch EC2 instances.
- We can set minimum, maximum and desired number of instances in auto scaling group. And we can also declare the scaling policies.
- Auto scaling is available at no additional charge.
- Trusted advisor proves AWS customers with performance and security recommendations in 4 categories: cost optimization, security, fault tolerance and performance improvement.
- In addition, Trusted advisor can help improve performance by checking service limits where usage is more than 80% of the service limit.
To sum up, we have reviewed the foundational services like EC2, S3 and VPC, security like security group and IAM, database like RDS and DynamoDB and Elasticity like ELB, CloudWatch and autoscaling. Practice makes perfect. I have written other hands-on configuration articles, please follow and try to use these services if possible.