Upload
yu-lin-huang
View
104
Download
1
Embed Size (px)
Citation preview
2017 AWSome day Taichung sharing
Kimi2017/02/24
Retro• EC2
• VPC
• Load Balancer
• Auto Scaling
• VPC
• CloudWatch
• RDS
• S3
• DynamoDB
• IAM
• CloudTrail
• EBS
• Glacier
• AWS Architect
What is cloud?
What is cloud?
• On-demand
• Resources
• Pay-as-you-go
Cloud computing generation
• Cost less
• High ability
• New skill to cloud
• Amazon Web Service (AWS)
• Microsoft Azure
• Google Cloud Platform
Region, AZ and Edge• Region
• Availability Zones
• Edge
Region and AZ
Example:Region: TaiwanAZ:3
Taipei
Taichung
Kaohsiung
Edge• Route 53 - Domain name service
• Cloud Front - Content Delivery Network (CDN)
Instance• Meta Data
- Instance resume (e.g. Memory size)• User Data
- User customize
- e.g. pre-configuration script
- Only execution at first launch
(restart/reboot don’t take effect)
Muti-AZ Instance
EC2 pricing
VPC
S3 Tips• Bucket name
- Unique of the world
• Object limit
- 5 TB
S3 Encryption
• Server side
- Cost on aws side
• Client side
- Cost on user side
Another cheaper storage solution
• AWS Glacier
- Cold Storage
- Very Cheap
EBS Tips• Single AZ
• Alive if EC2 instance terminated• Expensive than S3
EBS backup• Create a EBS snapshot
• Store it into S3
• Create a new EBS volume
• Attach snapshot to new EBS
Instance Storage
Instance
Instance
InstanceStorage EBS
Instance Storage Tips• Fast Read/Write IOPS
• It's size based on EC2 instance type.
• Automatically deletes when stop, fails or terminated
IAM
• User
• Role
• Policy
IAM - User
IAM - User Permission
IAM - User Group
IAM Role• Access permission between AWS services
• Not all of the AWS services have “Role” setting
• Any actions must add permission in “Role”.
IAM Role use case - ECS
ECS
Front-end
Back-endC2C
ECR
IAM Role use case - ECS
ECSEC2 ECR S3
1.
IAM Role use case - ECS
ECSEC2 ECR
ECR Access
S3
1.
IAM Role use case - ECS
ECSEC2 ECR
ECR Access
S3
1.
ECSEC2 ECR
ECR Access
S3
2.
S3 Access
IAM - Policy
Access service via Role
• Hard code access key
• High Risk
awsConfig({ region: 'us-east-1' // explicitly set AWS region sslEnabled: true, // override whether SSL is enabled maxRetries: 3, // override the number of retries for a request accessKeyId: 'your_aws_access_key', // can omit access key and secret key secretAccessKey: 'your_secret_key' // if relying on a profile or IAM profile: 'profile_name', // name of profile from ~/.aws/credentials timeout: 15000 // optional timeout in ms. Will use AWS_TIMEOUT });
Cloud Tail• Records AWS API calls for accounts.
SQL vs NoSQL
RDS• Fast to deploy
• Fast to scale
• Easy to Backup
- Automatic
- Manual backup via Snapshots
Cross-Region DB
Multi-AZ RDS
Classis Load Balancer
Auto scaling
CloudWatch• A monitoring service
• Visibility• Connecting a lots of AWS services
Scale Up vs Scale Down
CPU: i5MEM: 4GB
CPU: i7*2MEM: 16GB
Scale UpScale Down
Scale In vs Scale OutCPU: i5
MEM: 4GB
CPU: i5MEM: 4GB
CPU: i5MEM: 4GB…
CPU: i5MEM: 4GB
Scale Out
Scale In