November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Amazon Web Services (AWS)

Amazon Web Services (AWS)

  • Extensive set of cloud services available via the Internet
  • On-demand, virtually endless, elastic resources
  • Pay-per-use with no up-front costs (with optional commitment)
  • Self-serviced and programmable

 

 

 

Elastic Compute Cloud (EC2)

  • One of the core services of AWS
  • Virtual machines (or instances) as a service
  • Dozens of instance types that vary in performance and cost
  • Instance is created from an Amazon Machine Image (AMI), which in turn can be created again from instances

 

 

 

Regions and Availability Zones (AZ)

Notes: We will only use Ireland (eu-west-1) region in this workshop. See also A Rare Peek Into The Massive Scale of AWS.

Networking in AWS

Exercise: Launch an EC2 instance

  1. Log-in to gofore-crew.signin.aws.amazon.com/console
  2. Switch to Ireland region and go to EC2 dashboard
  3. Launch a new EC2 instance according instructor guidance
  • In “Configure Instance Details”, pass a User Data script under Advanced
  • In “Configure Security Group”, use a recognizable, unique name

#!/bin/sh
# When passed as User Data, this script will be run on boot
touch /new_empty_file_we_created.txt
echo "It works!" > /it_works.txt

Exercise: SSH into the instance

SSH into the instance (find the IP address in the EC2 console)

# Windows Putty users must convert key to .ppk (see notes)
ssh -i your_ssh_key.pem ubuntu@instance_ip_address

View instance metadata

curl http://169.254.169.254/latest/meta-data/

View your User Data and find the changes your script made

curl http://169.254.169.254/latest/user-data/
ls -la /

Notes: You will have to reduce keyfile permissions chmod og-xrw mykeyfile.pem. If you are on Windows and use Putty, you will have to convert the .pem key to .ppk key using puttygen (Conversions -> Import key -> *.pem file -> Save private key. Now you can use your *.ppk key with Putty: Connection -> SSH -> Auth -> Private key file)

Exercise: Security groups

Setup a web server that hosts the id of the instance

mkdir ~/webserver && cd ~/webserver
curl http://169.254.169.254/latest/meta-data/instance-id > index.html
python -m SimpleHTTPServer

Configure the security group of your instance to allow inbound requests to your web server from anywhere. Check that you can access the page with your browser.

Exercise: Security groups

Delete the previous rule. Ask a neighbor for the name of their security group, and allow requests to your server from your neighbor’s security group.

Have your neighbor access your web server from his/her instance.

# Private IP address of the web server (this should work)
curl 172.31.???.???:8000
# Public IP address of the web server (how about this one?)
curl 52.??.???.???:8000

Speaking of IP addresses, there is also Elastic IP Address. Later on, we will see use cases for this, as well as better alternatives.

Also, notice the monitoring metrics. These come from CloudWatch. Later on, we will create alarms based on the metrics.

Elastic Block Store (EBS)

  • Block storage service (virtual hard drives) with speed and encryption options
  • Disks (or volumes) are attached to EC2 instances
  • Snapshots can be taken from volumes
  • Alternative to EBS is ephemeral instance store

EC2 cost


Identity and Access Management

Identity and Access Management (IAM)

Notes: Always use roles inside instances (do not store credentials there), or something bad might happen.

Quiz: Users on many levels

Imagine running a content management system, discussion board or blog web application in EC2. How many different typesof user accounts you might have?


Virtual Private Cloud

Virtual Private Cloud (VPC)

  • Heavy-weight virtual IP networking for EC2 and RDS instances. Integral part of modern AWS, all instances are launched into VPCs (not true for EC2-classic)
  • An AWS root account can have many VPCs, each in a specific region
  • Each VPC is divided into subnets, each bound to an availability zone
  • Each instance connects to a subnet with a Elastic Network Interface

 

 

 

 

VPC with Public and Private Subnets

Access Control Lists

 

 

 

 

Auto Scaling

 

 

Provisioning capacity as needed

  • Changing the instance type is vertical scaling (scale up, scale down)
  • Adding or removing instances is horizontal scaling (scale out, scale in)
  • 1 instance 10 hours = 10 instances 1 hour

Auto Scaling instances

  • Launch Configuration describes the configuration of the instance. Having a good AMI and bootstrapping is crucial.
  • Auto Scaling Group contains instances whose lifecycles are automatically managed by CloudWatch alarms or schedule
  • Scaling Plan refers when scaling happens and what triggers it.

Scaling Plans

  • Maintain current number of instances
  • Manual scaling by user interaction or via API
  • Scheduled scaling
  • Dynamic Auto Scaling. A scaling policy describes how the group scales in or out. You should always have policies for both directions. Policy cooldowns control the rate in which scaling happens.

Auto Scaling Group Lifecycle

Auto Scaling Group Lifecycle

Elastic Load Balancer

  • Route traffic to an Auto Scaling Group (ASG)
  • Runs health checks to instances to decide whether to route traffic to them
  • Spread instances over multiple AZs for higher availability
  • ELB scales itself. Never use ELB IP address. Pre-warm before flash traffic.

 

Public networking

Route 53

  • Domain Name System (DNS)
  • Manage DNS records of hosted zones
  • Round Robin, Weighted Round Robin and Latency-based routing

CloudFront

  • Content Delivery Network (CDN)
  • Replicate static content from S3 to edge locations
  • Also supports dynamic and streaming content

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>