AWS Solutions Architect Associate4 - Implementing and Troubleshooting IaaS Products
Global Infra
- overview
- region > AZ > DC
- Availability zones
- each AZ is designed to be a separate fault domain
- recommend deploying your apps in multiple AZz for redundancy
- Regions
- traffic within the region (between AZs) is private
- traffic between regions is public via internet
VPC
- What’s a VPC
- a private set of networks dedicated to a single customer within an AWS region
- Create and setup IP addressing
- private:
- public:
- Public - IPv4, ephermeral
- EIP - staci IPv4, reassigin to any instance in the AZ
- IPv6 - public
-
- CIDR blocks
- classless inter-domain routing
-
-
- IP subnets
- Internet gateways
- used for go out VPC
- NAT
- Network Address Translation
- For internal networks only, can’t be used on the internet
- Routers and firewalls use NAT to translate a private address into a public IPv4 that can communicate on the internet
- NAT gateway:
-
- NAT instance:
-
- VPC peering
- Network connecton allowing 2 VPCs to route traffic between each other
- VPCs can be in the same or a different region
- limitaltions: can’t overlapping IPs (No CIDR overlap)
- leverages private networking, not the public internet
-
- AWS direct connect
- a permaantment connectoin between your dc and the AWS cloud via a WAN connection
- require telecome provider to establish a WAN connection
- connected vai a virtual gateway within the VPC
- uses Border Gateay Protocol(BGP) and private autonomous systme number (ASNs) for routing
- VPGs (virtual private gateways) in VPC
-
- VPN connectivity
- AWS-Managed VPN
- a hardware virtual private gateway (VPG)
- AWS VPN CloudHub
- a multipoint VPN endpoint for branch offices
- Customer-provided VPN solution
-
- AWS-Managed VPN
- IP route tables
- VPC use cases
- single-tier public website
- a VPC with a single public subnet only
- multi-tier: not depent on data in other DC
- a VPC with a single public subnet and private subnetß
- multi-tier: transfer private data between DC
- a VPC with a single public and private subnets and hardware VPN access
- Restore/Migrate your private DC in cloud
- a VPC with a single private subnets and hardware VPN access
- single-tier public website
- NACLs and security groups
- NACLs
- network access control lists operate like firewar rules for an entire subnet
- each subnet has a default NACL that permits all in boudn and outboudn traffic until other rules are set
- Security groups
- act as a virtual firewarll at the instance level, not the subnet level
-
- Compare
-
- NACLs
EC2
- What’s EC2?
- EC2 stands for Elastic Compute Cloud
- EC2 instances are vm
- Provide scalable, secure compute space in the cloud
- Billed per second or per hour
- What’s an EC2 instance type
- eg: T2.micro
- T represents the family
- define capabilites such as storage, memory and cpu options
- 2 represents the generation
- verson number
- micro represents the size
- T represents the family
- each type for a specific purpose
- eg: T2.micro
- Types
- Family type: C
-
- Family type: X and R
-
- Family type: D, H and I
-
- Family type: F, G and P
-
- Family type: T
-
- Graphics optimized instance
- Elastic GPU
- an elastic GPU to an EC2 instance to accelerate the performance of the graphics in your app
- Bare Metal instance type
- Elastic GPU
- EC2 purchasing options
- EC2 instances
- on-demand
- reserved instances (RI)
- standard RI
- convertible RI
- scheduled RI
- spot instances
- caveats
- dedicated instances
- dedicated hosts
- EC2 instances
- Instance Size and Implications
- size always match your workload resource requirements to the instance type and size
- storage for EC2
- instance store
- local, ephemeral storage for templrary data
- network
- persistent storage on EBS, EFS, or S3
- instance store
- Placement groups
- determin where instances are placed on the physical hardwar
- two options
- cluster placemnt groups
- in one AZ for low latency
- spread placement groups
- between AZs
- cluster placemnt groups
- Deploy EC2
- Launch Tempates
- Instance Metada
- dynamic data
- user data
- Caveats
- key pairs
- Trouble shooting
- tools
- AWS cloudwatch
- monitor the resource and apps in AWS
- Trusted Advisor
- monitor env and give recommendataions on how to improve
- VPC Flow Logs
- allows you to gather infor about the IP traffic going to and from the network interface in your VPC
- Console
- OS-level tools
- AWS cloudwatch
- tools
AMI
- What’s an AMI?
- contains the infro needed to launch an EC2 instance
- components of an AMI
- a template
- OS, apps, data, configuration …
- launch permissions
- a block device mapping
- a template
- Actions on AMI
- create an AMI
- copy AMIs to other regions
- deploy an EC2 instance from an AMI
- AMI security and updates
- keep instance up to date
AWS Storage
- What’s storage?
- a place to store your data
- used for
- os
- apps and their data
- archiving data, logs and so on
- compliance requirements
- options:
- EBS, EC2 store, EFS, S3/Glacier
- Types of Storage
- Block
- EBS (more persistent)
- EC2 store (more temporary)
-
- File storage
- EFS
-
- Object storage
- S3
- Glacier
-
-
- Block
- EBS (Elastic Block Storage)
- can be attached to instance in the same AZ
- can be launched as encrypted volumes for added security
- dynaimcally
- zdt
- Use Cases:
- boot drives for any OS
- recommended storage option for running a db
- big data processing
- can be primary storage for data requiring frequent and granular updates
- Typs of EBS volums
- cold HDD
- throughput-optimized HDD
- general purpose SSD
- provisioned IOPS SSD
- EBS optimized instances
- EC2 instance store
- provides temporary block-level storage
- the dta only persistes for the life of the instance
- volume types
- HDD
- SSD
- NVMe: None-volatile memory express
- Use cases:
- temporary storage of info that changes a log
- temporary data, such as scratch data, buffes and cache
- replicated data that’s copied across multiple instance
- EFS (Elastic File System)
- Use cases:
- big data storage
- container storage
- content serving
- enterprise apps
- media processing workflows
- any time multiple instances need access to the same data
- Use cases:
- S3 and Glacier
-
- Other storage and data device
- Storage gateway
- hybrid service: allow your on-premises apps to use AWS cloud storage
- typs:
- tape gateway
- file gateway
- volume gateway
- cached volumes
- stored volumes
- snowball
- service helps you transfer terabyptes to petabytes of data to AWS S3
- snowmobile
- Storage gateway
- Troubleshooting
- instance type
- provisioned IOPs
- EBS optimized
S3
- What’s S3?
- simple storage service
- object storage
- S3 is designed to store as much data as needed with access from anywhere on the internet
- data is stored in buckets
- Use Cases:
- store data from
- IOT
- website
- mobile apps
- other AWS service
- store data from
- S3 Features
- each bucket has a globally unique URL
- 11 nines of durability
- multipart upload
- S3 storage classes
- S3 standard access
- S3 standard infrequent acess (IA)
- S3 reduced redundancy storage (RRS)
- glacier
- retrieval options
-
- vaults
-
- Versioning
- keeping multiple variations of an object in the same bucket
- Lifecycle Polices
- move objects to a different storage class
- actions:
- transaction: defines when objects move to a new storage class
- expiration: defines when an object expires and S3 will automatically delete the specified object or version
- Cross-Region Replication
- enable automatic and asynchronous copies of objects across two buckets in two different regions
