Wajid.Pro
Wajid.Pro
AboutContact
AWS

AWS

Architecture
5 Pillars
  • Security, Reliability, Performance Efficiency, Cost Optimization, Operation Excellence.
Web Tier: It contains web servers like Apache. App Tier: It contains app servers. Database Tier: It contains database services like Amazon RDS (Relational Database Service).
  1. When a user visits the app URL, it gets checked by the DNS (Domain Name System) management system called Route 53.
  1. The user request will then go through the load balancer that maintains all the incoming and outgoing traffic.
  1. This traffic will finally go to the web and app tier and then connect with the database tier.
  1. The database tier contains one Amazon ElastiCache for fast data access and one Amazon RDS DB Instance. One more Amazon RDS DB Instance is present in Availability Zone 2 that will act as a standby database for disaster recovery solutions.
  1. One S3 Bucket connects with the Web tier and the database tier for the backup solution to store the static data like images and GIFs.
  1. The request to access the content will go to the Content Delivery Network that is CloudFront.
  1. Also, this complete Architecture can integrate with other services like CloudWatch, Amazon Dynamo DB, SES, AWS SNS, and more.
notion image
VPC
  • VPC is a virtual network inside AWS for one client
    1. AWS supported CIDR block range
    The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).
    Resource
    Default limit
    VPCs per Region
    5
    Subnets per VPC
    200
    IPv4 CIDR blocks per VPC
    5
    IPv6 CIDR blocks per VPC
    5
    Public IP:
    1. Public IP means the machine can be identified on the internet (WWW)
    1. Must be unique across the whole web (not two machines can have the same public IP).
    1. Can be geo-located easily
    Private IP:
    1. Private IP means the machine can only be identified on a private network only
    1. The IP must be unique across the private network
    1. BUT two different private networks (two companies) can have the same IPs.
    1. Machines connect to WWW using an internet gateway (a proxy)
    1. Only a specified range of IPs can be used as private IP
    Note: When you stop/start your instance, the IP address will change. If you reboot the instance, it will keep the same IP addresses. Unfortunately, it is not possible for us to reassign the address to your instance as that address would have been released back into the pool used by other EC2 instances.
    Security Groups
    • Can be attached to multible instances. • Locked down to a region / VPC combination. • Does live "outside" the EC2 - if traffic is blocked the EC2 instance won't see it. • If your application is not accessible (time out), then it's a security group issue. • If your application gives a "connection refused" error, then it's an application error or it's not launched. • All inbound traffic is blocked by default
    ALB vs NLB vs CLB
    Feature
    Application Load Balancer
    Network Load Balancer
    Classic Load Balancer
    Layer
    Layer 7
    Layer 4
    Layer 4
    Protocols
    HTTP, HTTPS
    TCP, TLS
    TCP, SSL/TLS, HTTP, HTTPS
    Platforms
    VPC
    VPC
    EC2-Classic, VPC
    Health checks
    CloudWatch metrics
    Logging
    Zonal fail-over
    Application Load Balancer
    • Web applications with L7 routing (HTTP/HTTPS)
    • Microservices architectures (e.g. Docker containers)
    • Lambda targets
    Network Load Balancer
    • TCP and UDP based applications
    • Ultra-low latency
    • Static IP addresses
    Gateway Load Balancer
    • Load balance virtual appliances such as:
    1. Intrusion detection systems (IDS)
    1. Intrusion prevention systems (IPS)
    1. Next generation firewalls (NGFW)
    1. Web application firewalls (WAF)
    1. Distributed denial of service protection systems (DDoS)
    S3
    Versioning Objects in S3
    • Cannot Be Disabled: Once enabled, versioning cannot be disabled; it can only be suspended temporarily if needed.
    • All Versions: All versions of an object are stored in S3, including all writes and even if an object is deleted.
    • Lifecycle Rules: Versioning can be integrated with lifecycle rules, allowing you to automate the transition of object versions between different storage tiers.
    • Supports MFA: Versioning supports multi-factor authentication, adding an extra layer of security to protect your data.
    S3 Lifecycle Management
    • Automates moving objects between different storage tiers.
    • Can be used in conjunction with versioning.
    • Can be applied to current versions and previous versions.
     
    Auto Scaling
    Dynamic Scaling Policies
    1. Target Tracking Scaling
        • Most simple and easy to set up
        • Example: We want the average ASG CPU to stay at around 40%
    1. Simple/Stepped Scaling
        • When a CloudWatch Alarm is triggered (ex: CPU > 70%), then add 2 units
        • When CloudWatch alarm is triggered (ex: CPU < 30%), then remove 1
    1. Scheduled Actions
        • Anticipate a scaling based on known usage patterns
        • Ex: increase the min capacity to 10 at 5pm on Fridays
    RDS
    RDS Multi-AZ
    Read Replicas
    Description
    An exact copy of your production database in another Availability Zone.
    A read-only copy of your primary database in the same AZ, cross-AZ, or cross-region.
    Purpose
    Used for DR (Disaster Recovery).
    Used to increase or scale read performance.
    Failover
    In the event of a failure, RDS will automatically failover to the standby instance.
    -
    Workload Type
    -
    Great for read-heavy workloads and takes the load off your primary database for read-only workloads.
    Example Use Case
    -
    Business Intelligence reporting jobs.
    RDS Automated Backup
    • Point-In-Time Recovery: Recover your database to any point in time within a "retention period" of 1-35 days.
    • Full Daily Backup: RDS takes a full daily backup, or snapshot, and also stores transaction logs throughout the day.
    • The Recovery Process: When you perform a recovery, AWS will first choose the most recent daily backup. AWS then applies transaction logs relevant to that day, up to the recovery point.
    RDS Snapshots:
    • Snapshots are not automated: DB Snapshots are performed manually, meaning they are initiated by the user.
    • No Retention Period: Manual snapshots are not deleted, even if the original RDS instance, along with any automated backups, is deleted.
    • Backup to a Known State: You have the ability to back up your DB instance to a known state as frequently as desired. This allows you to restore to a specific state at any given time.
    Migration of Database from EC2 to RDS Database
    # ec2db is the current db 
# rdsdb is the RDS db which is created when RDS is configured.
# -p = password
# -P = port
mysqldump -u root -p ec2db > ec2db.sql
mysql -h <replace-rds-end-point-here> -P 3306 -u rdsuser -p rdsdb < ec2db.sql
mysql -h <replace-rds-end-point-here> -P 3306 -u rdsuser -p

# Commands to check the db if migrated properly 
USE rdsdb
SELECT * FROM table1;
    SQl vs NoSQL
    Feature
    SQL
    NoSQL
    Best Use Case
    Data Structure
    Structured
    Unstructured
    Well-defined, structured data with complex relationships
    Query Language
    SQL
    Varies by database
    Complex queries, joins, transactions, and reporting
    Scalability
    Vertical
    Horizontal
    Traditional scaling with vertical hardware resources
    Schema
    Fixed
    Dynamic
    Rigid, predefined schema, and data consistency requirements
    Flexibility
    Limited
    High
    Agile development, frequent schema changes, evolving needs
    Performance
    Optimized for complex queries and joins
    Varies by database
    High-speed data retrieval, real-time data analysis and high-throughput scenarios
    Examples
    MySQL, Oracle, Redshift, PostgreSQL, Oracle, SQL Server, and AWS Aurora
    MongoDB, Redis, DynamoDB
    E-commerce platforms, financial systems, content management systems, real-time analytics
    Route53
    notion image
    Route 53 is AWS's Domain Name System (DNS) service. It serves as the DNS resolver for VPCs and typically operates on the IP address 169.254.169.253 within a VPC.
    Route 53 performs three main functions:
    1. Domain registration
    1. DNS routing
    1. Health checking.
    Zones are utilized with DNS servers to store records related to a domain. Examples of top-level domains include amazon.com, example.com, and swas.in. Sub-domains, such as academy.amazon.com, are also common. Zones hold DNS record set information, including details about the authoritative name server for a particular domain name. Route 53 provides hosted zones, which act as containers for DNS records. Each zone includes information about the IP address to which a domain name resolves and the mail server to which email should be forwarded.
    AWS offers two types of hosted zones:
    • Public hosted zones, which hold records specifying how to route internet-based traffic.
    • Private hosted zones, which hold records specifying how to route traffic within a VPC.
     
    Other Services
    Other Services