[SAA + SAP] 30. More solution Architectures
Event Processing
- SQS: Lambda will poll the message from SQS, if failed to processing, will do retry, after max of times, will send to DLQ
- SNS: If failed, do retry on Lambda side, after max of times send to DLQ
Caching
- Static content will be cached by using CloudFront
- Dynamic content can also be cache at CloudFront, use TTL to control the cache; closest to the user location
- API Gateway, is regional service, can do caching as well
- Can use Redis, DAX for DB caching
Blocking IP Address in AWS
- You can use NACL on VPC level to block IP addresses
- ALB has Security Group and has connection Termintaion
- EC2 can stay in private subnet
- NLB doesn't have Security Group
- EC2 will see Client'IP address
- CloudFront, can use Geo location to block one country Ip addresses to access
- Use extra service WAF, to do more advanced IP address filtering
- NACL is not helpful anymore, because ALB' security group allows all CloudFront IP addresses, not client IP address
High Performance Computing (HPC)
- For a destributed EC2 system (EC2 instances need to talk to each others), use a Clouster Placement Group for good network perofrmance
- EC2 Enhanced Netowrking for better Compute and networking
- Use Elastic Netowrk Adapter (ENA)
- Elastic Fabric Adapter (EFA), only for Linux
EC2 Instance High Availability
- How to failover to a Standby EC2 instances?
- We can create a CloudWatch alarm based on CPU for example
- then trigger a Lambda
- Start the instance
- Attach the Elastic IP to Standby
- Deattach the Elastic IP from old instances
- EIP can only attach one instance
- You have 2 AZ
- ASG Setting with 1min, 1max, 1 desired
- Use EIP
- When EC2 in AZ1 fail
- ASG will create another instance in AZ2
- Attach EIP to new instances
- If EC2 in AZ1 failed
- ASG will terminate the instance
- We can use ASG Terminate lifecycle hook to create a EBS Snapshot to S3
- Then ASG will create another EC2 instance in AZ2
- Use ASG Launch lifecycle hook to attach EBS snapshot to the new instances
- Have to use NLB because SSH is Layer 4
- Each AZ can have one NLB talk to Bastion Host
EFA is an Ehanced ENA. for linux