Please enable JavaScript.

Coggle requires JavaScript to display documents.

AWS SAA-02, EC2, Cloudwatch - Coggle Diagram

- - - - not guaranteed and messages can be delivered more than once.
    - - 能保证顺序
      - strictly maintained and messages are delivered only once
- - - - object name
    - - 基本上就是此檔案的資料本身
    - - 作為版本控管之用
    - - 額外用來記錄 object 相關資訊的資料
  - - - https://s3.us-west-1.amazonaws.com/{Bbucket_name}
      - https://{bucket_name}.s3.us-wset-1.amazonaws.com
    - - s3-website dash (-) Region ‐ http://bucket-name.s3-website-Region.amazonaws.com s3-website dot (.) Region ‐ http://bucket-name.s3-website.Region.amazonaws.com
    - - Encrypted is not enable
      - no bucket policy exists
    - - Configure Server access logging
      - Configure Life cycle policy
    - - allow cross-region access to your Amazon s3 resource
    - - To undelete an object. you must delete the delete marker
  - - - 99.99% availability,
        99.999999999% durability
      - frequently accessed data
    - - 99.9% availability,
        99.999999999% durability
      - long-lived, but less frequently accessed data
      - minimum storage period of 30 days
      - file backups larger than 128 KB
    - - 99.5% availability,
        99.999999999% durability
      - long-lived, but less frequently accessed data
      - requires minimum storage period of 30 days
      - backups larger than 128 KB
    - - 99.9% availability,
        99.999999999% durability
      - move to standard or IA depend on access or not within 30day
    - - requires minimum storage period of 90 days
      - long-term archive and digital preservation
      - limits the minimum size of the object to 40 KB
      - first-byte latency of 3-5 hours when retrieving data from Glacier.
      - Expedited Retrievals
        
        allow you to quickly access your data when occasional urgent requests are required for a subnet of archives
        
        the data is available within 1-5 min
      - Standard retrievals
        
        typically complete within 3 – 5 hours.
      - Bulk retrievals
        
        5 to 12 hours
    - - minimum storage period of 180 days
      - limits the minimum size of the object to 40 KB
      - Standard retrievals
        
        12 hours
      - Bulk retrievals
        
        48 hours
    - - 99.99% availability,
        99.99% durability
  - - - SSL/TLS
    - - S3 Managed keys- SSE-S3
        
        Master key(AES-256) 進行加密
        
        全由 AWS 託管
      - AWS key Management Service, Managed Keys-SSE-KMS
        
        AWS KMS provides an audit trail
      - Server Side Encryption With Customer Provided Keys-SSE-C
  - - - Governance mode
        
        users can't overwrite or delete
      - Compliance mode
        
        objects version can't be overwritten or deleted by any user,
  - - - 如果超過 will automatically manage performance at this scale
    - - when uploading files to S3
    - - when downloading files to S3
  - - - Using bucket Policies & IAM
      - Using bucket ACLs & IAM(individual object). Programmatic Access Only
      - Cross-account IAM Roles(Programmatic AND Console access)
- - - - Default CloudWatch logging enables API request logging
  - - - Cache capacity
      - encrypt cache data
      - Flush entire cache
  - - - Error - “Origin policy cannot be read at the remote resource?”
  - - - requests per second
    - - maximum bucked size
- - - - Multi-AZ- for Disaster Recovery, primary and standby by synchronize
      - Read Replica – For Performance, for scalability
    - - SQL server , Oracle, MySQL server, PostgreSQL, Aurora, MariaDB ( SOPAMM)
    - - Amazon’s Data Warehouse- Redshift
    - - Automated Backups
        
        “retention period” (1 and 35 days)
        
        Enable by default
        
        Create a Storage volume snapshot of the entire Database instance
      - Database Snapshots
        
        manual
        
        They are stored even after you delete the original RDS instance
    - - will be a new RDS instance with a new DNS endpoint.
    - - for Disaster Recovery only
      - SQL Server, Oracle ,MySQL Server ,PostgreSQL, MariaDB(SOPMM)
      - Multi-AZ deployments utilize synchronous replication,
    - - Increase performance, for scalability
      - MariaDB, Microsoft SQL Server, MySQL, Oracle, and PostgreSQL(SOPMM)
      - Must have automatic backups turned on in order to deploy a read replica
      - have up to 5 read replica copies
      - Can be Multi-AZ
      - Can be in different regions
      - Asynchronous
    - - Automated backup, read replicas, and snapshots are encrypted
      - supported for MySQL, Oracle, SQL Server, PostgreSQL ,MariaDB & Aurora (AOPMM)
      - using the AWS Key management Service(KMS)
  - - - Stored on SSD storage
      - Spread across 3 geographically distinct data centres
      - Eventual Consistent Reads(Default) 1 秒
      - Strongly Consistent Reads less than 1秒
      - NoSQL database
      - Data stored in JSON format
      - Can enable Auto Scaling, can automatically increase its write capacity
    - - Fully managed
      - Highly available
      - in-memory cache
    - - multiple “all-or-nothing ” operations
      - Financial transaction
      - Up to 25 items or 4 MB of data
    - - Pay-per-request pricing
      - No minimum capacity
      - No charge for read/write - only storage and backups
      - Backup and Restore
        
        Can’t do backup or restore across region
        
        consistent within seconds and retained until deleted
    - - No enable by default
      - Protects against accidental write or delete
      - Restore to any point in the last 35 days
      - latest restorable: five minutes in the past
    - - Stored for 24 hour
    - - DynamoDB is not support in source Database
    - - Encryption at rest using KMS
  - - - Single node(160 Gb)
      - Multi-Node
      - Leader Node
      - Compute Node
    - - Enabled by default with a 1 day retention period
      - Maximum retention period is 35 days
      - Redshift always attempts to maintain at least three copies of your data (the original and replica on the compute nodes and a backup in Amazon S3)
      - asynchronously replicate your snapshots to S3 in another region for disaster recovery
      - Can Cross-Region Snapshot
    - - Backup
      - Compute Node Hours (only charged CN hours)
      - Data transfer(only within a VPC, not outside it )
    - - Encrypted in transit using SSL
      - Encrypted at rest using AES-256 encryption
      - AWS KMS
      - HSM to manage the top-level encryption keys
    - - Current only available in 1 AZ (can no have multi AZ )
      - Can restore snapshot to new AZs
  - - - Start with 10G, Scale 10G ~ 64T(storage Autoscaling)
      - 2 copies of your data is contained in each availability zone, with minimum of 3 availability zones. 6 copies of your data
      - Amazon Aurora Serverless
      - a much lower price point,
      - three times better than PostgreSQL
      - five time better performance than MySQL
      - Support working with schema change
    - - Replicas
        
        Aurora Replicas (currently 15)
        
        MySQL Read Replicas(currently 5)
        
        PostgresQL(currently 1)
        
        Automated failover is only available with Aurora Replicas
    - - Automated backup
        
        Do not impact database performance
        
        are always enabled by default
      - You can also take snapshots with Aurora
        
        not impact on performance
      - share Aurora Snapshots with other AWS account
  - - - If you need to scale horizontally, use Memcached
    - - Can do backups and restore
  - - - homogenous
        
        oracle -> oracle
      - heterogenous
        
        SQL Server -> Amazon Aurora
        
        will need the AWS Schema Conversion Tool(SCT)
        
        Using Amazon s3 bucket will help to save any amount of data
  - - - log data is stored on the master node
- - - - New Users No permission
    - - Roles are more secure than your access key and secret access key on individual EC2 instances
      - Roles are easier to manage
      - Roles can be assigned to an EC2 instance after it is created using both the console & command line
      - Role are universal - you can use them in any region
    - - JSON file
      - Effect/Action/Resource
        
        Effect either Allow or Deny ,Deny會取代Allow when 同時出現時
      - Amazon Resource Name(ARN)
        
        arn:{aws/aws-cn}:{service}:{region}:{account_id}
        
        example: arn:aws:s3::mybucket:
  - - - On-premises directory service
      - Group policies
      - Standalone directory in the cloud
  - - - Microsoft Active directory compaible directory from AWS Directory Service
    - - directory gateway(proxy) for on-premises AD
      - use existing AD deployed at on-premise server
  - - - which AWS resources can I share
        
        App Mesh
        
        Aurora
        
        CodeBuild
        
        EC2
        
        EC2 Image Builder
        
        License Manager
        
        Resource Group
        
        Route 53
- - - - not just READ only –you can write to them
    - - This can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer or Route53.
    - - Two different types of distribution
        
        Web Distribution
        
        used for Website
        
        RTMP
        
        Used for Media Streaming
  - - - 1 file = 1 URL
      - Restrict access to files in cloudfront caches
      - Provide access only to authorized users for a specified time period
      - Use signed URLs in the following cases
        
        you want to restrict access to individual file
        
        Your user are using a client that doesn't support cookies
    - - 1 cookie = multiple files
- - - - An application that can initiate(start) a workflow
    - - Control the flow of activity tasks in a workflow execution
    - - Carry out the activity tasks
- - - - Entire Dataset is stored on site and is asynchronously backed up to S3.
    - - Entire Dataset is stored on S3 and the most frequently accessed data is cached on site.
- - - - Shard 主要儲存kinesis streams data
      - Retention period: 24hour -> 7day
      - Has persistence default
    - - 不像 kinesis streaming 可有shard儲存
      - 不care data persistence
    - - 提供開發者可以使用標準SQL查詢來分析即時串流資料,
      - 可以發送至Redshift、Amazon S3、Amazon Elasticsearch Service或Kinesis Streams等其他AWS服務中使用
- - - - 負責user account or password, 例如 email address, password…
      - 拿JWT : JSON web token 去 User Pool
- - - - Grouping of instance within a single Availability zone
      - Used for very low latency or high network throughput or both
      - 選擇 instance type 時，至少要選擇有 10Gb 以上網路的 instance type 才能享受到 placement group 的所帶來的優勢
      - Can’t span multiple Availability Zones
      - AWS recommend homogenous instances within it
      - within a rack, if the rack fails, all instance fail at the same time
    - - Can span multiple Availability Zones and regions
      - only have 7 instances per Availability Zone Group
      - Individual Critical EC2 instances
      - This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka
      - provides high availability
      - provide access to distinct racks
    - - can be used to deploy large distributed and replicated workloads, such as HDFS, HBase, and Cassandra, across distinct racks
      - has its own set of racks
- - - - RAID 0- Striped, No Redundancy, Good Performance.
      - RAID 1- Mirrored, Redundancy
      - RAID 5 – Good for reads, bad write , AWS doesn’t recommend ever putting RAID 5’S on EBS
      - RAID 10 –Striped & Mirrored, Good Redundancy ,Good Performance
- - - - Is useful of
        
        Users that want the low cost and flexibility of AWS EC2 without any up-front payment of long-term commitment
        
        Application with short term, spiky , or unpredictable workload that cannot be interrupted.
        
        Application being developed or tested on EC2 for the first time
  - - - Standard Reserved instance
        
        (up to 75% off on-demand)
      - Convertible Reserved instance
        
        (up to 54% off on-demand)
        
        可改變的東西比較多
      - Schedule Reserved instance
    - - Application with steady state or predictable usage
      - Application that require reserved capacity
      - User able to make upfront payments to reduce their total computing cost even further
      - Choose Reserved Instances for continuous persistent load
  - - - App that have flexibles start and end times
      - App that are only feasible at very low compute price
      - Users with urgent computing needs for large amount of additional capacity.
      - Useful Task
        
        Big data and analytic
        
        Containerized workload
        
        CI/CD Testing
        
        Web service
        
        Image and media rendering
        
        High-performance computing
    - - If the Spot instance is terminated by AWS EC2, you will not be charged for a partial hour of usage
      - If you terminate the instance yourself, you will be charged for any hour in which the instance ran.
      - Choose Spot instances for fault tolerant and Spiky loads
      - 如果bid price>spot price,費用就會拿spot price＊台數算,但後來如果bid price < spot price的話就會終止
    - - persistent workload
      - critical Job
      - Database
  - - - Regulatory requirements that may not support multi-tenant virtualization
      - Great for licensing which does not support multi-tenant or cloud deployments
      - Can be purchased On-Demand(hourly)
      - Can be purchased as a reservation for up to 70% off the On-Demand price
- - - - General Purpose(SSD)(gp2)
        
        General purpose, balance both price and performance
        
        Volume Size
        
        1 GT - 16TB
        
        Max IOPS
        
        12,600
      - Provisioned IOPS(SSD) (io1)
        
        Use Case
        
        Database
        
        Volume Size
        
        4GB - 16TB
        
        Max IOPS
        
        64,000
    - - Throughput Optimized Hard Disk Drive(st1)
        
        Use Case
        
        Big Data & Data Warehouse, log processing
        
        frequently accessed
        
        Volume Size
        
        500G - 16TB
        
        Max IOPS
        
        500
      - Cold Hard Disk Drive(sc1)
        
        Use Case
        
        File Server
        
        Used infrequently, not throughout
        
        Volume Size
        
        500G - 1TB
        
        Max IOPs
        
        250
      - Magnetic (standard)
        
        Use Case
        
        workloads where data is infrequently accessed
        
        Volume Size
        
        1 GB - 1TB
- - - - EBS: Scale up to 64,000 IOPS with Provisioned IOPS (PIOPS)
      - Instance store: Scale to million of IOPS ; low latency
    - - Amazon S3
      - Amazon EFS
      - Amazon FSx for Linux
  - - - Snowball, snowmobile (terabytes/petabytes worth of data)
        
        Snowball
        
        Used for offline data transfer between on-premise & s3 bucket
      - AWS DataSync
        
        store on S3, EFS, FSx for Windows, etc.
      - Direct Connect
  - - - EC2 instance that are GPU and CPU optimized
      - EC2 fleets(Spot instances or Spot Fleets)
      - Placement groups (cluster placement group)
      - Enhanced networking single root I/O virtualization(SR-IOV)
      - Elastic Network Adapter(ENA) or Intel 82599 Virtual Function(VF) interface
      - Elastic Fabric Adapter(EFA)
- - - - essentially a virtual network card
  - - - Use single root I/O vituralization (SR-IOV) to provide high-performance lower CPU utilization on supported instance type
      - two mechanisms
        
        Elastic Network Adapter(ENA)
        
        Support low latency and high throughput
        
        no high-performance
        
        intel 82599 Virtual Funcation(VF) Interface
  - - - network device that you attach to
        your EC2 instance to accelerate high performance computing HPC and machine learning applications.
      - Support low latency and high throughput and high-performance
      - One EFA can be attached to an Amazon EC2 instance
- - - - General Purpose performance mode
        
        for latency-sensitive use cases(low latency)
        
        web serving environments, content management systems, home directories, and general file serving
      - Max I/O performance mode
        
        higher latencies for file metadata operations.
        
        uch as big data analysis, media processing, and genomic analysis
- - - - I – for IOPS
      - G – Graphics
      - H – High Disk Throughput
      - T – Cheap general purpose
      - D – For Density
      - R – For RAM
      - M – Main choice for general purpose apps
      - C – for Compute
      - P – Graphics(think Pics)
      - X – Extreme Memory
      - Z – Extreme Memory AND CPU
      - A – Arm-based workloads
      - U – Bare Metal
      - F- for FPGA
- - - - The root device for an instance launched from the AMI is an Amazon EBS volume created from an Amazon EBS snapshot.
      - EBS backend instance can be stopped
    - - 他是最直覺的資料儲存方式，就像我們平常使用電腦，將資料儲存在電腦硬碟中一樣
      - Boot from instance store 無法選擇多項的 instance type (e.g t2.micro.. )
      - cannot be stopped. If the underlying host fails, you will lose your data
      - called Ephemeral storage
      - Some instance types do not support instance store volume
      - Instance store data is lost
        
        Underlying disk drive fails
        
        instance stopped
        
        Instance terminates
- - - - Region(see regions and Availability zone)
      - Operating System
      - Architecture(32bit 64-bit)
      - Launch Permission
      - Storage for the Root Device(Root Device Volume)
        
        Instance Store(ephemeral Storage)
        
        EBS Backed Volumes