[AWS - Design Resilient Architectures] 1.2 Design highly available and/or fault-tolerant architectures

Cloud computing models:

• With cloud deployment, nothing is installed on premise, but an Internet connection and network infrastructure solutions
• With hybrid cloud deployment, some resources are installed locally and others are in the cloud
• Intrastructure as Serice (IaaS) references a solution where the entire infrastructure is in the cloud

Main Conecpts:

Services:

• EC2
• ElasticBeantalk 
• Lambda

Storage:

• S3
• EFS (with EC2 connection)
• Glacier
• Storage geteway

Database:

• RDS
• DynamoDB
• ElastiCache
• Redshift

Migration:

• Migration Hub
• Snowball

Netowrking:

• VPC
• CloudFront
• Route 53
• API Gateway
• Direct Connect

Management:

• CloudWatch
• AutoScaling
• CloudFormation
• CloudTrail
• Trusted Advsitor

Security:

• IAM 
• Confnito
• Inspector
• AWS organizations
• CloudHSM
• Directory Service
• WAS & Shield

Application Intergration:

• SNS
• SQS

Regions and Availabliity Zones:

• Region: Physical location or boundary with AWS data center
• Availability Zone:
  • 1-6 data centers
  • Redundant power and networking
  • Multiple availability zones are within regions

 

Advanced EC2

Resource optimization

In AWS Cost Management console gives recommendations to help save money.

Launch: Resource Optimization Recommendations

 

Host Recovery

Restarts EC2 instances when a problem is detected or when a new host is available

Host Recovery

 

Traffic monitoring

It copies network traffic from an elastic network interface (ENI) of an EC2 instance and sned it wherever you want it to go.

What is Traffic Mirroring?

 

Elastic Container Service (ECS)

ECS features

• No virtual machine builds required
• Uses Amazon Faragte to automatically build environments
• Optional: Can use EC2 instances for more control

Container Usage

• Web server
• Application server
• Message queue server
• Each of the backend worker processes

The ECS can be used to launch apps in AWS without deplooying instances directly. (ECS launch EC2 for you)

A multi-tier application can use separate containers for each tier of the application.

The concept of microservcies is supported by ECS.

 

Auto Scaling

Scalable AWS Resources

• EC2 Auto Scaling Groups
• Aurora DB clusters
• DynamoDB global secondary indexes
• DynamoDB tables
• Elastic Container Service (ECS) services
• Spot Fleet requests

Auto Scaling is free to use; however, you may increase costs for more instances, CloudWatch and ELB load balancers.

 

Auto Scaling Groups

• Collection of instances with similar characteristics
  • Can be scaled based on criteria
  • Unhealthy instances can be auto-replaced
    • Any state other than "Running" is unhealthy

Consideration

• Time to launch and configure a server
• Relevant metrics to your application
  • CPU utilization
  • Network throughput
  • Free memory
• What AZs should the Auto Scaling group span?
• Scale to increase or decrease capacity?
• Specify min number of instances always running

Termination policies

Steps it consider when we should scale in:

 

4 Steps to select instances to scale in:

1. First select from AZ with most instances

2. Select from oldest instances

3. Select from closest to next billing hour

4. Select random

You can also build a custom policy to scale in.

• The default Auto Scaling termination policy first terminates instances in the AZ with the most instances
• The ClosestToNextInstanceHour custom termination policy can be used to reduce costs
• The OldestInstance custom termination policy can be useful in terminating the instances most likely to be suffering from "lack of restart" performance issues

 

Auto Scaling Condiguration

• When creating an instance, you can choose to create more than one and launch them in an Auto Scaling group

• You must create a Launch Configuration to create an Auto Scaling Group
• The Launch Configuration contains the instance type, a key pair, security group and more.
• You normaly want to choose multi AZs

Launch Template

Launch Configuration

• Go throught Wizard and create ASG

Using An existing EC2 instance to Launch

• Create an EC2 instance first

Using EC2 launch Wizard

• You can create multi instances and put them into a ASG

 

Elastic Load Balancing (ELB)

• Classic Load Balancer: It is old one... NOT recommeded for newly deployed application: BUT if the application exists for servel years already, you want to choose this one.
• Network Load Balancer: TCP, router, Layer 4
• Application Load Balancer: HTTP / HTTPS, web application, Layer 7

Supprted services

• EC2
• ECS
• Auto Scaling Group
• CloudWatch
• Route53

 

DNS

Overview

• Domain Name System
• Domains are specified boundaries of activity
• DNS provides name to IP address mapping

DNS Records

• A and AAAA
  • Hostname ~ IPv4 or IPv6
• NS
  • Domain > hostname
• MX
  • Mail record
• CNAME
  • Alias for the real name (something.thing.com / anotherthing.thing.com) sub-domain

 Route 53

• Route 53 provides DNS services including domain name registration, DNS resolution and management, and health checking
• Using the Route 53 console, you can configure domain names and host names
• Domain names registered outside of AWS will have to be directed to the Route 53 service

 Route 53 Example:

• Setting up EC2 instances
• Config load balancer (Application)
• Set a Record in Route 53 for load balancer.

Network ACL

In VPC, it controls the inbound rule and outbound rule, can be apply to subnet as well.

 

Flow Log

• Flow logs allow you to log traffic passing through your AWS network
• Flow logs can be created on network interfaces, VPC and on subnets
• Flow logs store the logs in the CloudWatch service or S3
• Because CloudWatch is used to store the flow logs, using them increase cost.

AWS Backup

AWS backup is one central location to backup everything in the cloud, as well as on-premises servers.

AWS continues to update AWS backup features and integrations.