시작하기. 무료입니다
또는 회원 가입 e메일 주소
Rocket clouds
AWS 저자: Mind Map: AWS

1. 1 Introduction to AWS

1.1. 1. Region

1.1.1. 1. region is a named set of AWS resources in the same geographical area.

1.1.2. 2. A region comprises at least two Availability Zones.

1.2. 2. AZ

1.2.1. 1. Availability Zone is a distinct location within a region that is insulated from failures in other Availability Zones and

1.2.2. 2. provides inexpensive, low-latency network connectivity to other Availability Zones in the same region.

1.3. 3. Deployment

1.3.1. 1. hybrid deployment is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud.

1.3.2. 2. An all-in deployment refers to an environment that exclusively runs in the cloud.

2. 2 S3 and Glacier Storage

2.1. 1. Glacier

2.1.1. provides lowcost archival storage.

2.2. S3

2.2.1. 4. key characteristics of s3

2.2.1.1. All objects have a URL.

2.2.1.2. S3 can store unlimited amounts of data.

2.2.1.3. S3 uses a REST (Representational State Transfer) Application Program Interface (API).

2.2.2. 3. appropriates use cases for s3

2.2.2.1. Storing web content

2.2.2.2. Storing backups for a relational database

2.2.2.3. Storing logs for analytics

2.2.3. 2. Objects are stored in buckets, and objects contain both data and metadata.

2.2.3.1. objects are private by default

3. 3 EC2 and EBS

3.1. 1. EBS provides persistent block-level storage volumes for use with Amazon EC2 instances on the AWS Cloud.

4. 4 VPC

4.1. 1. VPC

4.1.1. VPC lets organizations provision a logically isolated section of the AWS Cloud where they can launch AWS resources in a virtual network that they define.

5. 5 ELB, CloudWatch and Auto Scaling

5.1. 1. CloudWatch

5.1.1. CloudWatch is a monitoring service for AWS Cloud resources and the applications organizations run on AWS.

5.1.2. CloudWatch metrics provide hypervisor visible metrics.

5.2. 2. Auto Scaling

5.2.1. helps maintain application availability and allows organizations to scale Amazon Elastic Compute Cloud (Amazon EC2) capacity up or down automatically according to conditions defined for the particular workload. Not only can it be used to help ensure that the desired number of Amazon EC2 instances are running, but it also allows resources to scale in and out to match the demands of dynamic workloads.

5.2.2. Auto Scaling Group

5.2.2.1. default EC2 capacity (20) for new region.

5.2.2.2. launches instances from an AMI specified in the launch configuration associated with the Auto Scaling group

5.2.2.3. enforces a minimum number of instances in the min-size parameter of the Auto Scaling group.

5.2.2.4. launch configurations

5.2.2.4.1. allows you to change the EC2 instance type and AMI without disrupting the Auto Scaling group.

5.2.2.4.2. facilitates rolling out a patch to an existing set of instances managed by an Auto Scaling group.

5.2.2.4.3. allows you to change security groups associated with the instances launched without having to make changes to the Auto Scaling group.

5.2.2.5. May use instances

5.2.2.5.1. On-Demand Instances

5.2.2.5.2. Spot Instances

5.2.2.6. Supported Plans

5.2.2.6.1. Manual

5.2.2.6.2. Scheduled

5.2.2.6.3. Dynamic

5.2.3. Auto Scaling is designed to scale out based on an event like increased traffic while being cost effective when not needed.

5.2.4. Auto Scaling responds to changing conditions by adding or terminating instances

5.3. ELB

5.3.1. Websites behind ELB

5.3.1.1. An SSL certificate must specify the name of the website in either the subject name or listed as a value in the Subject Alternative Name SAN extension of the certificate in order for connecting clients tonot receive a warning.

5.3.2. When Amazon EC2 instances fail the requisite number of consecutive health checks, the load balancer stops sending traffic to the Amazon EC2 instance.

5.3.3. ELB Health Checks

5.3.3.1. A ping

5.3.3.2. A connection attempt

5.3.3.3. A page request

5.3.4. Connection Draining

5.3.4.1. When connection draining is enabled, the load balancer will stop sending requests to a deregistered or unhealthy instance

5.3.4.2. attempt to complete in-flight requests until a connection draining timeout period is reached, which is 300 seconds by default.

5.3.5. supported types of load balancer

5.3.5.1. Internet-facing

5.3.5.2. Internal

5.3.5.3. HTTPS using SSL

6. 6 IAM

6.1. IAM Policies

6.1.1. Service Name

6.1.2. Action

6.2. IAM Security Features

6.2.1. MFA

6.3. Actions Authorized by IAM

6.3.1. Launching a Linux EC2 instance

6.4. EC2 roles

6.4.1. Key rotation is not necessary.

6.5. temporary security tokens

7. 7 Databases and AWS

7.1. 1. Databases

7.1.1. 1. DynamoDB

7.1.1.1. 1. non-relational database

7.1.1.1.1. 1. NoSQL databases like Amazon DynamoDB excel at scaling to hundreds of thousands of requests with key/value access to user profile and session

7.1.1.2. 2. fully managed, fast, and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale.

7.1.1.3. 3. DynamoDB tables

7.1.1.3.1. 1. Local secondary indexes can only be created when the table is being created

7.1.1.3.2. 2. You can only have one local secondary index

7.1.2. 2. RDS

7.1.2.1. 1. OLTP

7.1.2.1.1. 1. Online Transaction Processing

7.1.2.2. 2. RDS provides managed relational databases.

7.1.2.3. 3. increase resiliency

7.1.2.3.1. 1. split out the MySQL dB onto RDS Instance with Multi-AZ enabled

7.1.2.4. 4. RDS supports Microsoft SQL Server Enterprise edition and the license is available only under the BYOL model

7.1.2.5. 5. MySQL

7.1.2.5.1. 1. handle the load

7.1.3. 3. Redshift

7.1.3.1. 1. best suited for traditional Online Analytics Processing (OLAP) transactions

7.2. 2. read replicas

7.2.1. 1. to increase performance, use read replicas to scale out the database and thus maximize read performance

7.2.2. 2. read replicas and a Multi-AZ deployment allow you to replicate your data and reduce the time to failover

7.3. 3. DB Snapshots

7.3.1. 1. can be used to restore a complete copy of the database at a specific point in time

7.3.2. 2. DB snapshots allow you to back up and recover your data

7.4. 4. Multi-AZ supported db engines

7.4.1. 1. MS SQL Server, MySQL, Aurora, PostgreSQL, Oracle...

7.5. 5. database failover

7.5.1. 1. Force a Multi-AZ failover from one Availability Zone to another by rebooting the primary instance using the Amazon RDS console.

7.5.1.1. 1. rebooting the primary instance using the Amazon RDS console.

7.6. 6. General Purpose (SSD) volumes are generally the right choice for databases that have bursts of activity

7.7. 7. offload read requests

7.7.1. 1. Add a read replica DB instance, and configure the client’s application logic to use a read-replica.

7.7.2. 2. Create a caching environment using ElastiCache to cache frequently used data. Update the application logic to read/write from the cache.

7.8. 8. securing the database

7.8.1. 1. requires a multilayered approach that secures the infrastructure, the network, and the database itself

8. 8 SQS, SWF, and SNS

8.1. 1. SQS

8.1.1. 1. SQS is a fast, reliable, scalable, fully managed message queuing service that allows organizations to decouple the components of a cloud application. With Amazon SQS, organizations can transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be always available.

8.1.2. 2. SQS visibility timeout

8.1.2.1. 1. max 12 hours

8.1.2.2. 2. default 30 sec

8.1.3. 3. properties

8.1.3.1. 1. Message ID

8.1.3.2. 2. Body

8.2. 2. SWF

8.2.1. helps developers build, run, and scale background jobs that have parallel or sequential steps.

8.3. 3. SNS

8.3.1. provides a messaging bus complement to Amazon SQS; however, it doesn’t provide the decoupling of components necessary for this scenario.

8.4. 2. SNS features

8.4.1. 1. Publishers

8.4.2. 2. Subscribers

8.4.3. 3. Topics

8.4.3.1. 1. ARN created

8.5. 1. Supported Protocols

8.5.1. 1. HTTPS

8.5.2. 2. AWS Lambda

8.5.3. 3. Email-JSON

9. 9 DNS and Route 53

9.1. 1. Route 53 provides a highly available and scalable cloud Domain Name System (DNS) web service.

10. 10 ElastiCache

10.1. 1. ElastiCache is a service that provides in-memory cache in the cloud.

11. 11 Additional Key Services

11.1. 1. CloudFront is a web service that provides a CDN to speed up distribution of your static and dynamic web content—for example, .html, .css, .php, image, and media files—to end users. Amazon CloudFront delivers content through a worldwide network of edge locations.

11.2. 2. CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources.

11.3. 3. CloudTrail records AWS API calls, and Amazon Redshift is a data warehouse, neither of which would be useful as an architecture component for decoupling components.

12. 12 Security on AWS

13. 13 AWS Risk and Compliance

14. 14 Architecture Best Practices