2017 AWSome day Taichung sharing

2017 AWSome day Taichung sharing

Kimi2017/02/24

Retro• EC2

• VPC

• Load Balancer

• Auto Scaling

• VPC

• CloudWatch

• RDS

• S3

• DynamoDB

• IAM

• CloudTrail

• EBS

• Glacier

• AWS Architect

What is cloud?

What is cloud?

• On-demand

• Resources

• Pay-as-you-go

Cloud computing generation

• Cost less

• High ability

• New skill to cloud

• Amazon Web Service (AWS)

• Microsoft Azure

• Google Cloud Platform

Region, AZ and Edge• Region

• Availability Zones

• Edge

Region and AZ

Example:Region: TaiwanAZ:3

Taipei

Taichung

Kaohsiung

Edge• Route 53 - Domain name service

• Cloud Front - Content Delivery Network (CDN)

Instance• Meta Data

- Instance resume (e.g. Memory size)• User Data

- User customize

- e.g. pre-configuration script

- Only execution at first launch

(restart/reboot don’t take effect)

Muti-AZ Instance

EC2 pricing

VPC

S3 Tips• Bucket name

- Unique of the world

• Object limit

- 5 TB

S3 Encryption

• Server side

- Cost on aws side

• Client side

- Cost on user side

Another cheaper storage solution

• AWS Glacier

- Cold Storage

- Very Cheap

EBS Tips• Single AZ

• Alive if EC2 instance terminated• Expensive than S3

EBS backup• Create a EBS snapshot

• Store it into S3

• Create a new EBS volume

• Attach snapshot to new EBS

Instance Storage

Instance

Instance

InstanceStorage EBS

Instance Storage Tips• Fast Read/Write IOPS

• It's size based on EC2 instance type.

• Automatically deletes when stop, fails or terminated

IAM

• User

• Role

• Policy

IAM - User

IAM - User Permission

IAM - User Group

IAM Role• Access permission between AWS services

• Not all of the AWS services have “Role” setting

• Any actions must add permission in “Role”.

IAM Role use case - ECS

ECS

Front-end

Back-endC2C

ECR

IAM Role use case - ECS

ECSEC2 ECR S3

1.

IAM Role use case - ECS

ECSEC2 ECR

ECR Access

S3

1.

IAM Role use case - ECS

ECSEC2 ECR

ECR Access

S3

1.

ECSEC2 ECR

ECR Access

S3

2.

S3 Access

IAM - Policy

Access service via Role

• Hard code access key

• High Risk

awsConfig({ region: 'us-east-1' // explicitly set AWS region sslEnabled: true, // override whether SSL is enabled maxRetries: 3, // override the number of retries for a request accessKeyId: 'your_aws_access_key', // can omit access key and secret key secretAccessKey: 'your_secret_key' // if relying on a profile or IAM profile: 'profile_name', // name of profile from ~/.aws/credentials timeout: 15000 // optional timeout in ms. Will use AWS_TIMEOUT });

Cloud Tail• Records AWS API calls for accounts.

SQL vs NoSQL

RDS• Fast to deploy

• Fast to scale

• Easy to Backup

- Automatic

- Manual backup via Snapshots

Cross-Region DB

Multi-AZ RDS

Classis Load Balancer

Auto scaling

CloudWatch• A monitoring service

• Visibility• Connecting a lots of AWS services

Scale Up vs Scale Down

CPU: i5MEM: 4GB

CPU: i7*2MEM: 16GB

Scale UpScale Down

Scale In vs Scale OutCPU: i5

MEM: 4GB

CPU: i5MEM: 4GB

CPU: i5MEM: 4GB…

CPU: i5MEM: 4GB

Scale Out

Scale In