IAM (Identity Access Management)
IAM is a webservice that enables you to manage the
access to AWS services and resources securely.
IAM is used to create users, group, roles and
policies. It also provides Identity federation (active directory, face book,
linked in…).
It provides MFA (Multi factor Authentication)
Roles and policies are used when if you want to access
one service from other. Suppose if you want to use S3 from EC2 then you need to
attach S3 Access role in EC2
EC2
Different pricing models
1. On
Demand: by minute, seconds or hours
2. Spot:
bidding
3. Reserved:
1 year or 3 year
4. Dedicated
Hosts: Dedicated hosts, no multi tenants.
EC2 Instance Types
EBS Volumes
Ø SSD
General Purpose-GP2 – (Up to 10,000 IOPS)
Ø SSD
Provisioned IOPS IO1 – (More than 10,000 IOPS)
Ø HDD,
Throughput Optimized ST1: frequently accessed workloads
Ø HDD,
Cold – SC1: less frequently accessed data
Ø HDD
Magnetic: standard, cheap, infrequently accessed stored
Boot volumes can only be SSD General Purpose OR SSD Provisioned
OR HDD Magnetic.
You can not mount 1 EBS volume to multiple EC2
instances.
S3
S3 is Object based, and used to upload files not for
installing operating system.
Files can be from 0 Bytes to 5TB
There is unlimited stored
Files are stored in buckets
S3 is a universal namespace i.e. names must be unique
globally
S3 allows versioning, it keeps the all versions in
full size
S3 consistency model
Read after write consistency for PUTS of new objects
Eventual consistency for overwrite PUTS and DELETS
S3 Stored Tiers
Ø S3 Standard:
99.99% availability, 99.999999999% durability stored redundantly across
multiple devices in multiple faciliyies and is designed to sustain the losss of
two facility concurrently.
Ø S3 -IA
(Infrequently Accessed): For data that is accessed infrequently. Lower fee than
s3, but you are charged a retrieval fee.
Ø S3 One Zone -IA: want
to a lower-cost option for infrequently accessed data, but do not require the
multiple availability zone data resilience.
Ø Glacier:
Very cheap, but used for archival only. A Standard retrieval time takes 3-5
hours.
Encryption
Ø In
Transit
o
SSL/TLS
Ø At
Rest
o
Server-Side Encryption
§ S3
managed Keys – SSE-S3
§ AWS
Key Management service, managed Keys -SSE-KMS
§ Server
Side Encryption With Customer Provided Keys -SSE-C
o
Client Side Encryption
Storage Gateway
Ø File
Gateway: For flat files, stored directly on S3
Ø Volume
Gateway
o
Stored Volumes: Entire Dataset is stored
on site and is asynchronously backed up to S3
o
Cached Volumes: Entire datasets is stored
on S3 and the most frequently accessed data is cached on site
Ø Gateway
Virtual Tape Library
o
Used for backup and uses popular backup
applications like NetBackup, backup exec, Veeam etc.
Ø Snowball
o
Snowball
o
Snowball Edge: snowball + EC2 Compute
o
Snowmobile
Database on AWS
Ø RDS
– OLTP
o
SQL
o
MySQL
o
PostgreSQl
o
Oracle
o
Aurora
o
MariaDB
Ø DynamoDB
– No SQL
Ø RedShift
-OLAP
Ø Elasticache
– In memory caching
o
Memcached
o
Redis
Read
Replica
You can have read replicas, so that the application
can read from read replicas instead of main database. You can also have read
replicas of Read replicas but you need to watch for lag. At this time, you can
have five read replicas for each database.
Route53
Route53 is Amazons DNS service
Routing Policies available on AWS
Ø Simple
Routing
Ø Weighted
Routing
Ø Latency
based Routing
Ø Failover
Routing
Ø Geolocation
Routing
Ø Multi
value Answer Routing
Application Services
SQS
Ø Amazon
SQS is a web service that gives access to messages queue
Ø SQS
is pull based, not push based
Ø Messages
are 256 KB in size
Ø Messages
can be kept in the queue from 1 minute to 14 days. The default is 4 days
Ø You
need to consider Visibility Time out while reading the messages
Ø SQS
guarantees that your messages will be processed at least once.
Ø Queues
can be either standard or FIFO.
SNS
SNS is used to send notifications
SNS is push based
SNS
Subscribers
ü HTTP
ü HTTPS
ü Email
ü Email-Json
ü SQS
ü Application
ü Lambda
No comments:
Post a Comment