AWS Cloud (1) EC2, Infrastructure, Networking

 

Module 2. Compute in the cloud

6. Using EC2 : virtual servers

- Highly flexible

- Cost-effective

- Quick

- much easier to get started : AWS already built datacenters. The servers are online and ready to use

- easily stop or terminate

- You only pay for what you use.

- Multitenancy : Sharing underlying hardware between virtual machines

- flexible configurations : OS, software running on, ...

- Virtual Scaling

- You control the networking aspect of Amazon EC2 : public/private accessible, ...

- Compute as a Service

 

7. EC2 Instance Types

- each EC2 instance type is groupt under an instance family.

- vary CPU, memory, storage, network cacpacity, ... -> you choose

* Instance familes

- General purpose : good balanced resources, diverse wordloads(web servers, code respositoreis)

- Compute optimized: compute intensive taks (Gaming, HPC, Scientific modeling) CPU 사용 고성능 작업

- Memory optimized: memory intensive tasks. 대용량 메모리 제공, 메모리 중심 작업에 적합

- Accelerated computing: Floating number calculations, graphics processing, data pattern matching, utilize hw accelerators. GPU 사용 고성능 작업

- Storage optimized : high performance for locally stored data

 

ex) cafe analogy에서

casher: memory optimized

baristar: compute optimized

latte art: accelerated computing

이런느낌.

 

Lesson7 Quiz

Q1. Which Amazon EC2 instance type is suitable for data warehousing applications?

A1. Storage optimized

 

Q2. Which Amazon EC2 instance type balances compute, memory, and networking resources?

A2. General purpose

 

Q3. Which Amazon EC2 instance type is ideal for high-performance databases?

A3. Memory optimized

 

Q4. Which Amazon EC2 instance type offers high-performance processors?

A4. Compute optimized

 

 

8. EC2 Pricing

multiple billing options:

1) On-Demand : 시간단위(per hour / per second). 리소스 run에 따라 결정. no upfront, no prior.

2) Saving Plans : 시간단위, 1 or 3 year term. low price. flexible pricing models. option 무관함

3) Reserved instances: predictable usage에서. 1 or 3 year term : all upfront / partial upfront / no upfront로 지불 가능

* RI(Reserved Instance) 종류

ⓐ Standard Reserved Instance : 특정 인스턴스타입, 리전, OS 등에 대해 고정된 예약 제공. 할인율이 더 높음

ⓑ Convertible Reserved Instance : 인스턴스 속성 변경 가능. Standard보다 낮은 할인율. 유연성

 

4) Spot Instances: up to 90% off of the on-demand. 중단될 수 있음. good for batch workloads

5) Dedicated Host: physical host dedicated for your EC2. nobody else will share tenancy of that host

 

Quiz

Q. Which Amazon EC2 pricing option provides a discount when you specify a number of EC2 instances to run a specific OS, instance family and size, and tenancy in one Region?

A. Standard Reserved Instances

 

Q. Which Amazon EC2 pricing option provides a discount when you make an hourly spend commitment to an instance family and Region for a 1-year or 3-year term?

A. EC2 Instance Saving Plans

 

9. Scaling EC2

workload는 변동적

- average에 맞출 시: max load에서 모자람

- peak에 맞출 시: 낭비

load에 맞춰 scaling - high availability. cost-effective

 

Scale up : add more power to the maching that are running

* decoupled system으로 필요한 부분에서만 scaling

 

EC2 Auto Scaling

- demand 기반으로 필요한 만큼 인스턴스 생성/종료 (horizontal scaling)

- auto scaling group: set the minimum number of EC2 instances.

* minimum capacity: ASG create이후 즉시 launch할 인스턴스 개수

* desired capacity: launch할 인스턴스 (minimum capa만큼만 필요하더라도 desired만큼 launch)

* maximum capacity: demand가 증가할 때 런치할 수 있는 최대 인스턴스 개수

 

Load Balancing

cafe 예제에서, 고객을 여러 cashiers 중 어디로 가게 할지 정해주는 사람같은거

request go to which instance? - Load Balancing

Properly distribute traffic benefits

- high performance / cost-efficient / highly available / automatically scalable

 

10. Directing Traffic with Elastic Load Balancing

Elastic Load Balancing

- Regional construct : runs at Region level

- automatically scalable

- external traffic뿐만 아니라 FE-BE traffic 등에서도 사용

새 instance launch - ELB에게 알려줌 - load balancing에 사용

 

11. Messaging and Queueing

tightly coupled architecture : single failure가 whole system down을 초래. 수신 app이 다운되면 발신에서 보낸 메시지가 drop

loosely coupled architecture : buffer(message queue)등을 사용. 수신이 fail하더라도 큐에 메시지 쌓임 - 수신app이 복구되면 저장해뒀던 메시지 저장

 

Amazon SQS : Send, store, receive messages between components at any volume

- payload: data contained within a messages

- SQS queues: process되기 전까지 메시지들이 저장되어 있는 곳

ex) 카페예제에서 들어온 주문들을 적어놓는 order board

 

Amazon SNS: send message/notification.

- publish/subscribe(endpoints)

- SNS topic : a channel for messages to be delivered

ex) 카페예제에서 제조가 완료되었을 때 고객에게 알림 메시지를 보내는 등

 

Quiz

Q. Which AWS service is the best choice for publishing messages to subscribers?

A. Amazon SNS

 

12. Additional Compute Services

Serverless : You cannot see or access the underlyeig infrastructure

AWS Lambda

trigger detected - automatically lambda function 실행. (auto scalable, high availible...)

- trigger가 많아지면 lamda는 auto scaling

- quick processing에 사용 (less than 15 minutes)

- pay only for the compute time that you consume

- upload code to lambda -> set code to trigger from an event source / 코드는 trigger될때만 실행되며, 그렇게 사용한 compute time에 대해서만 pay

 

AWS Elastic Container service(ECS) / AWS Elastic Kubernetes Service(EKS)

- Container orchestartion tools (여기선 Docker container)

* container: a package for your code. configuration, dependencies... 등을 포함

- host: EC2 instance

 

AWS Fargate

- serverless compute platform for ECS or EKS

 

*정리...

Host traditional applications, Full access to the OS -> Amazon EC2

Host short running functions, Service-oriented applications, Event driven applications, No provisioning or managing servers -> AWS Lambda

Run Docker container-based workloads on AWS -> Amazon ECS or EKS

(위에서 tool을 고른 후에_플랫폼 선택) EC2를 manage할 것 -> AWS Fargate

 

 

Module 2 Quiz

Q. You want to use an Amazon EC2 instance for a batch processing workload. What would be the best Amazon EC2 instance type to use?

A. Compute optimized

Batch processings involves processing data in groups -> high-performance에 유리한 compute optimized

 

Q. What are the contract length options for Amazon EC2 Reserved Instances? (Select TWO.)

A. 1 year, 3 years

 

Q. You have a workload that will run for a total of 6 months and can withstand interruptions. What would be the most cost-efficient Amazon EC2 purchasing option?

A. Spot Instance

중단을 견딜 수 있는 작업이라고 했으므로 ondemand보다 spot이 효율적이다.

 

Q. Which process is an example of Elastic Load Balancing?

A. Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

인스턴스 add/remove는 오토스케일링의 역할이며 위에 명시된 문장만이 ELB의 역할이다.

 

Q. You want to deploy and manage containerized applications. Which service should you use?

A. A mazon Elastic Kubernetes Service (Amazon EKS)

 

 

Module 3. Global Infrastructure and Reliability

16. AWS Global Infrastructure

real data center가 down되는 것을 어떻게 대비할 것인가?

-> Regions

business trafic demand에 가까운 곳에 Region을 두고, 리전 안에는 데이터센터 등 여러 resource 존재

each Region은 isolated.

 

Which Region do you pick?

- Compliance: 규제를 따르는 것이 가장 중요..

- Proximity: customer에게 얼마나 가까운지 - latency를 줄이기 위해

- Feature availability : 원하는 AWS features를 사용 가능한 리전인지

- Pricing : 리전마다 가격 확인...

 

Availabilty Zone

each Region은 multiple data centers로 구성

그 data centers의 group(or single)을 AVAILABILITY ZONE이라고 함

each Region은 logically/phisically isolated된 AZ들로 구성.

- scale에서도 여러 인스턴스들을 여러 AZ에서 관리하여 disaster이 발생해도 continue service할 수 있도록...

Run across at least two Availability Zones in a Region.

대부분의 서비스는 Region 레벨에서 작동하나 AZ끼리 sync는 알아서 맞춰짐

- ex) ELB는 리전단위이며, across all AZ에서 load balancing하므로 모든 AZ의 인스턴스와 communicate

 

Quiz

Q. Which statement best describes an Availability Zone?

A. A single data center or group of data centers within a Region

 

17. Edge Locations

global한 서비스라면? 리전에서 먼 곳의 사용자도 데이터에 접근하고 싶으면? - cache a copy.

Amazon CloudFront - low latency, high speed로 전세계 customer에게 서비스 제공

- Contents Delivery Network (CDN) 

- use Edge locations : 데이터를 캐싱. 리전과 별개. DNS, Amazond Route 53, ... 등도 제공

 

AWS Outposts

- owned, operated by AWS but isolated within your own building.

 

Key points

- Regions : geographically isolated areas

- Regions contain Availability Zondes

- Edge locations run Amazon CloudFront 

 

18. How to Provision AWS Resources

How to interact AWS service? :: API. (Application Programming Interface)

- AWS Management Console / CLI / SDKs / etc.... 로 send APIs, manage services

1) AWS Management Console : web base. test environments. view AWS bills. view monitoring. work with non-technical resources

2) AWS CLI : terminal. makes actions scriptable, repeatable. automation.

3) AWS SDKs : interact through various programming languages. 

4) manage tools

- AWS Elastic Beanstalk: EC2-based environments provision에 활용. 

application code와 desired configurations를 AWS Elastic Beanstalk에 provide -> 얘가 build environmets for you. 편함. 재사용성. you can focus on your business app

- AWS CloudFormation : Infrastructure as code tool used to define a wide variety of AWS resources. 얘도 EC2-resource에 한정됨. Cloudformation Template 사용. 재사용성. 자동화

 

Module 3 Quiz

Q. Which statement is TRUE for the AWS global infrastructure?

A. A Region consists of three or more Availability Zones.

 

Q. Which factors should be considered when selecting a Region? (Select TWO.)

A. Compliance with data governance and legal requirements, Proximity to your customers

 

Q. Which statement best describes Amazon CloudFront?

A. A global content delivery service

다른 선지 풀이

- A service that enables you to run infrastructure in a hybrid cloud approach :: AWS Outposts

- A serverless compute engine for containers :: AWS Fargate

- A service that enables you to send and receive messages between software components through a queue :: Amazon SQS

 

Q. Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?

A. Edge location

 

Q. Which action can you perform with AWS Outposts?

A. Extend AWS infrastructure and services to different locations including your on-premises data center.

다른 선지 풀이

- Automate actions for AWS services and applications through scripts. :: AWS CLI

- Access wizards and automated workflows to perform tasks in AWS services.:: AWS Management Console

- Develop AWS applications in supported programming languages. :: AWS SDKs

 

 

Module 4. Networking

22. Conectivity to AWS

VPC(Virtual private cloud)

- private 연결을 제공

Subnets: chunks of IP Address in VPC

- Public traffic: Internet gateway(IGW)를 통해 VPC에 enter.

- Private resources: Virtual private gateway 사용. 특정사용자만 VPC에 접근할 수 있게 함 (VPN Connection)

* VPN도 결국 regular internet connetction을 사용하므로(private하지만) traffic 영향 받음

--> direct way. dedicated way 필요 --> AWS Direct Connect.

AWS Direct Connect : completely dedicated connection 제공

 

23. Subnets and Network Access Contorl Lists

Public subnet : 인터넷 접근 허용

Network access control list(ACL) : 패킷이 오면 enter subnet할 수 있는지 check. approve면 들여보내고 아님 block (서브넷 단위)

- 그럼 인스턴스 단위로 설정하려면?? --> Security group.

Security group: default로 all blocked. 특정 트래픽을 허용하도록 rule 설정 가능. traffic in은 그런데 traffic out은 기본적으로 all allowed.

* key difference

- Security Group : Stateful - 누가 들어왔는지 기억해서 나갈 때는 체크 X

- Network ACL: Stateless (들어온 트래픽 기억 X. 매번 체크)

ex) 같은 AZ 안의 subnet 1 안의 EC2인스턴스 A에서 subnet 2의 EC2인스턴스 B로 트래픽 보내고자 할 때

- 인스턴스A에서 security group 체크 - subnet 1의 boundary에서 network ACL 확인 (target address allowed) - subnet 2의 boundary에서 network ACL 체크 - 인스턴스B의 security group 체크

- return traiffc pattern(B->A): 인스턴스B의 Security group은 automatically allow (stateful) - Subnet 2의 ACL에서 check - Subnet 1의 ACL에서 check - 인스턴스A의 Security group은 automatically allow (stateful)

 

Quiz

Q. Which statement best describes an AWS account’s default network access control list?

A. It is stateless and allows all inbound and outbound traffic.

 

24. Global Networking

Amazon Route 53 : AWS's DNS(domain name service).

- translate website name, IP that computers can read

- ex) 웹사이트 주소 입력 - route 53에서 ip address 반환 - 접속

- Routing policies

1) Latency-based routing

2) Geolocation DNS

3) Geoproximity touting

4) Weighted round robin

- manage your own domain names

 

Amazon CloudFront

- edge location으로 close to customer

- CDN(Content delibery network) : geographic location 기반으로 edge content를 users에게 deliver

 

Quiz

Q. Which statement best describes DNS resolution?

A. Translating a domain name to an IP address

 

Module 4 Quiz

Q. Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?

A. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.

 

Q. Which component can be used to establish a private dedicated connection between your company’s data center and AWS?

A. AWS Direct Connect

Dedicated connection 이니까....

 

Q. Which statement best describes security groups? A. They are stateful and deny all inbound traffic by default.

 

Q. Which component is used to connect a VPC to the internet? A. Internet gateway

 

Q. Which service is used to manage the DNS records for domain names? A.  Amazon Route 53

 

4