[SAA + SAP] 30. More solution Architectures

Event Processing

  • SQS: Lambda will poll the message from SQS, if failed to processing, will do retry, after max of times, will send to DLQ
  • SNS: If failed, do retry on Lambda side, after max of times send to DLQ

 

Caching

  • Static content will be cached by using CloudFront
  • Dynamic content can also be cache at CloudFront, use TTL to control the cache; closest to the user location
  • API Gateway, is regional service, can do caching as well
  • Can use Redis, DAX for DB caching 

Blocking IP Address in AWS

  • You can use NACL on VPC level to block IP addresses
  • ALB has Security Group and has connection Termintaion
  • EC2 can stay in private subnet

  • NLB doesn't have Security Group
  • EC2 will see Client'IP address

  • CloudFront, can use Geo location to block one country Ip addresses to access 
  • Use extra service WAF, to do more advanced IP address filtering
  • NACL is not helpful anymore, because ALB' security group allows all CloudFront IP addresses, not client IP address

High Performance Computing (HPC)

  • For a destributed EC2 system (EC2 instances need to talk to each others), use a Clouster Placement Group for good network perofrmance

  • EC2 Enhanced Netowrking for better Compute and networking
  • Use Elastic Netowrk Adapter (ENA)
  • Elastic Fabric Adapter (EFA), only for Linux

 EC2 Instance High Availability

  • How to failover to a Standby EC2 instances?
  • We can create a CloudWatch alarm based on CPU for example
  • then trigger a Lambda
    • Start the instance 
    • Attach the Elastic IP to Standby
    • Deattach the Elastic IP from old instances
    • EIP can only attach one instance

  • You have 2 AZ
  • ASG Setting with 1min, 1max, 1 desired
  • Use EIP 
  • When EC2 in AZ1 fail

  • ASG will create another instance in AZ2
  • Attach EIP to new instances

  • If EC2 in AZ1 failed
  • ASG will terminate the instance
  • We can use ASG Terminate lifecycle hook to create a EBS Snapshot to S3
  • Then ASG will create another EC2 instance in AZ2
  • Use ASG Launch lifecycle hook to attach EBS snapshot to the new instances

  • Have to use NLB because SSH is Layer 4
  • Each AZ can have one NLB talk to Bastion Host

EFA is an Ehanced ENA. for linux

 

posted @ 2021-08-19 21:29  Zhentiw  阅读(71)  评论(0编辑  收藏  举报