Please enable JavaScript.

Coggle requires JavaScript to display documents.

AWS (S3 (Lifecycle Management (Can be used in conjunction with versioning,…

- - - - enables fast, easy and secure transfers of files over long distances between your end users and an S3 bucket. It takes advantage of Amazon CloudFront's globally distributed edge locations.
  - - - Edge locations are not just READ only, you can write to them too
      - Objects are cached for the life of the TTL (Time to Live)
      - You can clear cached objects, but you will be charged
      - This is the location where content will be cached. This is separate to an AWS Region/AZ.
  - - - For data that is accessed less frequent, but requires rapid access when needed (retrieval fee)
    - - 99.99% availability 11-9% durability, stored redundantly across multiple facilities, and is designed to sustain the loss of 2 facilities concurrently
    - - lower-cost option for IA data, but do not require the multiple AZ data resilience
    - - Expedited
        
        minutes retrieval time
      - Standard
        
        3-5 hours retrieval time
      - Bulk
        
        5-12 hours retrieval time
  - - - Server-side
        
        KMS (SSE-KMS)
        
        Customer Provided (SSE-C)
        
        Amazon S3 Managed Keys (SSE-S3)
    - - CSE-KMS
      - CSE-C
    - - SSL/TLS
  - - - For flat files, stored directly on S3.
    - - Stored Volumes
        
        Entire Dataset is stored on site and is asynchronously backed up to S3
      - Cached Volumes
        
        Entire dataset is stored on S3 and the most frequently accessed data is cached on site
    - - Used for backup and uses popular backup applications like NetBackup, Backup Exec, Veeam ...
  - - - petabyte-scale data transport solution to transfer large amounts of data in/out AWS
    - - Snowball + Larger capacity and compute
    - - Exabyte-scale transfer used to move extremely large amounts of data to AWS
      - 100 PM per snowmobile, 45-foot long ruggedized shipping container, pulled by a semi-trailer truck
- - - - Allows you to pay a fixed rate by the hour (or by the second with no commitment
        
        Perfect for users that want the low cost & flexibility of EC2 without any up-front payment or long-term commitment
        
        Applications with short term, spiky or unpredictable workloads that cannot be interrupted
        
        Applications being developed or tested on EC2 for first time
    - - Provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance.
        
        Applications with steady state or predictable usage
        
        Applications that require reserved capacity
        
        Users can make up-front payments to reduce their total computing costs even further
        
        Standard RIs (Up to 75% off on-demand)
        
        Convertible RIs (Up to 54% off on-demand)
        Change to RI of equal or greater value
        
        Scheduled RIs to launch within the time window you reserve.
    - - enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times
        
        Applications that have flexible start and end times
        
        Applications that are only feasible at very low compute prices
        
        Users with an urgent need for large amounts of additional computing capacity
    - - Physical EC2 server dedicated for your use. Dedicated hosts can help you reduce costs by allowing you to use your existing server-bound software licenses
        
        Useful for regulatory requirements that may not support multi-tenant virtualization
        
        Great for licensing which does not support multi-tenancy or cloud deployments
        
        Can be purchased on-demand (hourly)
        
        Can be purchased as a Reservation for up to 70% off the on-demand price
    - - FIGHT-DR-MC-PIX
  - - - Region
      - Operating System
      - Architecture (32 vs 64)
      - Launch Permissions
      - Storage for the Root Device
        
        Instance Store (EPHEMERAL STORAGE)
        
        EBS Backend Volumes
    - - For EBS root device for an instance launched fro the AMI is an Amazon EBS volume create from an EBS Snapshot
      - For Instance store root device for an instance launched from the AMI is an instance store volume created from a template stored in S3
      - Instance Store Volumes cannot be stopped. If the underlying host fails, you will lose your data
      - EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped
      - By default, both ROOT volumes will be deleted on termination, however with EBS volumes, you can tell AWS to keep the root device volume
  - - - Allows you to create storage volumes and attach them to EC2
      - Once attached, you can create a file system on top of these volumes, run a database, ....
      - EBS volumes are placed in a specific AZ, where they are automatically replicated to protect you from the failure of a single component
      - Types
        
        General Purpose SSD (GP2)
        
        Balances Both price & performance.
        
        Ratio of 3 IOPS per GB up to 10,000 IOPS & the ability to burst up to 3000 IOPS for extended periods of time for volumes at 3334 GiB & above
        
        Provisioned IOPS SSD (IO1)
        
        Designed for I/O intensive applications such as large relational or NoSQL databases
        
        Use if you need more than 10,000 IOPS
        
        Can provision up to 20,000 IOPS per volume
        
        Throughput Optimized HDD (ST1)
        
        Big Data
        
        Data warehouses
        
        Log processing
        
        Cannot be a boot volume
        
        Cold HDD (SC1)
        
        Lowest cost storage for infrequently accessed workloads
        
        File server
        Cannot be a boot volume
        
        Magnetic (Standard)
        
        Lowest cost per gigabyte of all EBS volume types that is bootable. Ideal for workloads where data is accessed infrequently, and application where the lowest storage cost is important
      - Volumes & Snapshots
        
        Volumes Exist on EBS
        
        Virtual Hard Disk
        
        Snapshots exist on S3
        
        Snapshots are point in time copies of Volumes
        
        Snapshots are incremental - This means that only the blocks that have changed since your last snapshot are moved to S3
        
        To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot
        
        However you can take a snap while the instance is running
        
        You can create AMIs from EBS-backed instances and Snapshots
        
        You can change EBS volume sizes on the fly, including changing the size and storage type
        
        Volumes will ALWAYS be in the same AZ as the EC2 instance
        
        To move an EC2 volume from one AZ/Region to another, take a snap or image of it, then copy it to the new AZ/Region
        
        Snapshots of encrypted volumes are encrypted automatically.
        
        Volumes restored from encrypted snapshots are encrypted automatically
        
        You can share snapshots, but only if they are unencrypted
        
        These snapshots can be shared with other AWS accounts or made public
        
        RAID (Redundant Array of Independent Disk)
        
        RAID 0 - Striped, No Redundancy, Good Performance
        
        RAID 1 - Mirrored, Redundancy
        
        RAID 5 - Good for reads, bad for writes, AWS does not recommend ever putting RAID 5's on EBS
        
        RAID 10 - Striped & Mirrored, Good Redundancy , Good Performance
        
        Problem - Take a snapshot, the snapshot excludes data held in the cache by applications and the OS. This tends not to matter on a single volume, however using multiple volumes in a RAID array, this can be a problem due to interdependencies of the array.
        
        Solution - Take an application consistent snapshot
        
        Stop the application from writing to disk
        
        Flush all caches to disk
        
        Freeze the file system
        
        Unmount the RAID array
        
        Shutting down the associated EC2 instance
        
        To create a snapshot for EBS volumes that serve as root devices, you should stop the instance before taking the snapshot
        
        Security
        
        Snapshots of encrypted volumes are encrypted automatically
        
        Volumes restored from encrypted snapshots are encrypted automatically
        
        You can share snapshots, but only if they are unencrypted
        
        These snapshots can be shared with other AWS accounts or made public
- - - - Default Metrics
        
        Disk
        
        Network
        
        Check Host (Hypervisor)
        
        *RAM is custom metric*
        
        CPU
- - - - VPC
        
        Security Group
        
        A virtual firewall controls traffic to/from app
        
        All inbound traffic is blocked by default
        
        All Outbound traffic is Allowed
        
        Changes to Security Groups take effect immediately
        
        You can have any number of EC2 instances within a security group
        
        You can have multiple security groups attached to EC2 instances
        
        Security Groups are STATEFUL
        
        If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again
        
        You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists
        
        You can specify allow rules, but not deny rules
        
        Virtual Private Cloud (VPC) let you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual network environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.
        
        What can you do with VPC?
        
        Launch instances into a subnet of your choosing
        
        Assign custom IP address ranges in each subnet
        
        Configure route tables between subnets
        
        Create internet gateway and attach it to our VPC
        
        Much better security control over your AWS resources
        
        Instance security groups
        
        Subnet network access control lists (ACLs)
        
        VPC Peering
        
        Allows you to connect one VPC with another via a direct network route using private IP addresses
        
        Instances behave as if they were on the same private network
        
        You can peer VPC's with other AWS accounts as well as with other VPCs in the same account
        
        Peering is in a star configuration: ie 1 central VPC peers with 4 others. NO TRANSITIVE PEERING!!!
        
        VPC Flow Logs
        
        a feature that enables you to capture information about the IP addresses going to and from network interfaces to your VPC. Logs are stored in CloudWatch.