[AWS Certified Solutions Architect] EC2, EBS, EFS, ELB

Public IP : machine can be identified in WWW, must be unique across the whole web

vs

Private IP : machine can only be identified on a private network, must be unique across the private network

vs

Elastic IP : fixed public IP for instnace

​

Placement Groups​ : control over the EC2 instance placement strategy

- Cluster : clusters instances into a low-latency group in a single AZ

Pros : Great network(10Gbps bandwidth) Cons : if the rack fails, all instances fails at the same time

- Spread : spreads instances across underlying HW (max 7 instances per group per AZ)

Pros : span across AZ, reduced risk, EC2 instances are on different physical HW Cons : limited to 7 instances per AZ per placement group

ex) APP that needs to maximaize high availability

- Partition : spreads instances across many different partitions (rely on different sets of racks) within AZ, scales to 100s of EC2 per group, A partition failure can affect many EC2 but won’t affect other partitions

Up to 7 partitions per AZ, Each partition do not share racks with the instances in the oter partitions

​

** Cluster 는 여러 인스턴스를 하나의 rack에 묶음, Spread는 최대7개의 인스턴스를 여러 AZ에서 묶음, Partition 은 다수의 인스턴스를 하나의 rack에 묶음(해당 파티션은 AZ별로 7개까지 가능), 하나의 rack에 묶으면 통신속도 및 성능이 높아지지만 failure에 대한 리스크가 있음

​

ENI : Elastic Network Interface

- Virtual network card bound to a specific AZ

​

EC2 Hibernate : Preserves in-memory(RAM)state, RAM state is written to a file in the root EBS volume, available for On-demand and reserved instnaces, The root EBS volume must be encrypted, instance cannot be hibernated more than 60 days

ex) long-running processing, services that take time to initialize..

​

EC2 Nitro : Underlying Platform with better network options, higher speed EBS

EC2 vCPU : Thread per CPU * CPU

​

EBS Volume : network volume which is bound to a specific AZ

- get billed for all the provisioned capacity (size in GBs, IOPS)

- preserve root volume when instance is terminated ( root volume will be terminated with instance is terminated )

​

Snapshots : make a backup of your EBS volume -> can copy across AZ or Region

AMI : cusomizaion of an EC2 instance, built for specific region

​

Instance Store : high-performance HW , lose their storage if they're stopped, very high IOPS

​

EBS volume types : characterized in Size / Thoughput /IOPS

gp2/gp3 : general purpose SSD, cost effective storage, 1GiB-16TiB, 3000 iops

io1/io2 : highst performance SSD, great for databases workload 16000 IOPS~64000 IOPS(io2 Block Express 256000 IOPS), 4GiB~16TiB ( io2 Block Express 4GiB-64TiB) - support EBS multi attach(same AZ)

st1/sc1 : low cost HDD, cannot be a boot volume, 125MiB-16TiB

​

EBS Encryption : Data at rest is encrypted inside the volume, Data in transit between the instance and the volume is encrypted, All snapshots are encrypted, All volumes created from the snapshot are encrypted

- Leverage key from KMS(AES-256)

- Copying un-encrypted snapshot allows encryption

- Snapshots of encrypted volumes are encrypted

​

** EBS는 네트워크 볼륨으로 AZ안에서 활용할 수 있음. 기본 하나의 EBS는 하나의 EC2에 연결할 수 있지만 io1/io2는 동일 AZ속 여러개의 EC2에 연결할 수 있다. 다른 AZ 및 region으로 옮기기 위해서는 스냅샷 필요. 암호화는 KMS를 사용하며 스냅샷을 만들어 암호화를 설정할 수 있다.

​

EFS : Managed NFS that can be mounted on many EC2 in multi-AZ, pay per use, use security group to control access to EFS, Compatible with Linux based AMI, encryption at rest using KMS

**여러 AZ의 인스턴스에 연결할 수 있는 파일시스템. EBS에 비하면 비용이 들지만 EFS-IA를 통해 절감할 수 있음

​

EBS : can be attaced to only one instance at a time, locked at the AZ level, snapshot is needed when migrates EBS across AZ

vs

EFS : Mounting 100s of instances across AZ, can leverage EFS-IA

​

ELB : managed load balancer, health checks(200 is OK response)

- Classic LB : supports layer4 and layer7, fixed hostname, health checks are TCP or HTTP based

- Application LB : Layer7, load balancing to multiple HTTP app across machines, load balancing to multiple applications on the same machine, support for HTTP/2 and Web Socket

Routing based on path in URL / hostname in URL / Query String, Headers

Great fit for micro services & container based app

Target groups : EC2 instances / ECS tasks / Lambda functions / IP adresses

​

- Network LB : Layer4, forward TCP&UDP traffic to your instances, has one static IP per AZ and supports assigning Elastic IP

Target groups : EC2 instacnes / IP addresses / Application LB

​

- Gateway LB : Operates at layer3, transparent Network Gateway, GENEVE protocol on port 6081

Target groups : EC2 instances / IP Addresses

​

**ELB는 타겟 그룹에 대한 접근을 적절히 분산시켜줌, ALB는 Layer7이기 때문에 HTTP요청내용을 보고 분산시킬 수 있음. NLB는 Layer4로 요청내용 내부까지는 볼 수 없다. ElasticIP를 부여할 수 있다. GWLB는 들어오는 요청을 타겟그룹을 거친 후에 다시 돌아오도록 할 수 있음.

​

Sticky Sessions : Application-based Cookies : Custom cookies, Application cookies

/ Duration-Based Cookies : generated by the LB

​

Cross-Zone LB : each load balancer instance ditributes evenly across all registered instances in all AZ

ALB : Always on / NLB : disabled by default, charges for inter AZ / CLB : disabled by default, no charge for inter AZ

​

SSL/TLS : allows traffic to be encrypted in transit

SNI : multiple SSL certificates onto one web server

ALB, NLB : support multiple listeners with multiple SSL certificates, use SNI / CLB : support only one SSL certificates

​

ASG : scale in/out response to match load, across multiple AZ

ASG alarms : scale an ASG based on CloudWatch alarms -> make scale in/out policies

- Simple/step Scaling : when a CloudWatch alarm is triggered, then...

- Target Tracking Scaling : set-up target usage

- Scheduled Actions : scaling based on knwon usage pattern

- Predictive scaling : ML based

Good metrics to scale on : CPU utilization / Request Count per target / Average Network in, out / Any custom metric

Scaling Cooldowns : after a scaling activity happens, you are in the cooldown period(default 300 secs) ASG will not launch or terminate additional instances -> use ready-to-use AMI

** HA를 구현시켜주는 자동 스케일링 서비스. CloudWatch Alarm을 통해 현재 트래픽, 사용량 등을 파악하여 policy를 만들수 있음.

​

ASG Default termination policy : Find AZ which has the most number of instances -> Delete the one with the oldest launch config

​

ASG launch configuration, launch template : Launch configuration must be re-create everytime -> Launch template can have multiple versions, Provision using both on-demand & Spot Instance

​

출처 : Udemy Ultimate AWS Certified Solution Architecture Associate 2022