AWS Flashcards
What is SQS and where is effective?
- Simple Queue Service - Launched in 2006
- Offer Async Message Based Communication (as opposed to API calls)
- Scalable, Highly Available, Fully Managed and Cost Effective
It is effective:
- Data Processing
- Real-Time Event process (E-commerce)
- Ad-hoc job queue (database snapshot at midnight)
Explain the Message Processing Workflow of SQS
- First, a message is published in the queue
- Then, a message is claimed by the viewer (consumer), and the “visibility countdown” start
- Finally, we could have 2 options:
a. Message is processed and deleted by consumer
b. Visibility timeout expires and the message is returned to the queue (the whole thing can be retried later on)
Why use SQS over API calls
- Decoupling: publisher has no insight into client processing, also services are decoupled*.
- Manage processing rate (do we want to process an event faster or slower)
- Very good for async/”no real time” apps
======
*Coupled dependencies between services WITHOUT SQS
If I have services A and B, and A makes a request to B every time something changes, if B is down, A is down too.
WITH SQS we have a middle man, so if service B goes down is not going to affect service A.
In SQS: Standard vs FIFO queues / Pros and Cons
STANDARD QUEUE
PROs
- Unlimited messages amount to process
CONs
- At least one delivery (one message could be delivered multiple times)
- Best effort ordering (the order of processing the messages is not perfect)
FIFO QUEUE
PROs
- Messages processed in order
- Exactly Once processing per message
- Support multiple channels of Messages (execute messages for different customers, with different queues). Tight a message to a particular group. All the queues can be processed independently
CONs
- 300 TPS (Transaction Per Second) max or 3000 With Batching
- More expensive (25%). Not big deal.
What are common patterns in SQS?
- Use SNS and set messages to different queues
- Use SQS with a Lambda function, so every time I have a new message, the lambda is triggered
- Use “Cloudwatch event” and set the event in SQS and then, if you have a long-running process job use EC2, and if you have a shorter running job, you can use a Lambda
What is SNS?
- Message publishing and processing service
- Allows Fanout to millions of consumers (email, HTTP endpoints, SQS, Texting)
- Fully managed, durable, and auto-scaling:
- Don’t need to worry about infrastructure (even with millions of transactions per second)
- Messages are guaranteed to not be lost (not real-time)
- Consist of topics (for instance, an e-commerce checkout event) and subscriptions
How can you set automatic notification every time your bill goes over X amount of dollars?
you go to Cloudwatch and you set a billing alarm. A billing alarm uses an SNS topic.
what is EC2?
Amazon Elastic Computed Cloud is a web service that provides resizable compute capacity in the cloud.
Reduce the time to have a server to minutes.
Types of EC2?
Dedicated Instances are billed by the number of instances, whereas Dedicated Hosts are billed by the host, irrespective of the number of instances you run on each host. With that in mind, we’re ready to move to the next important section, understanding the various pricing options for AWS instances.
REGULAR EC2 INSTANCE
These are the default AWS instances that most applications use. They are instances in the cloud that are shared between multiple AWS customers. AWS provides isolation between each user’s data. However, multi-tenancy normally comes with the “noisy neighbor” issue, where neighboring instances could affect the performance of your app if they hog up resources on the same host as you. To counter this problem, you have a couple of options.
SPOT INSTANCE
With a Spot instance, you can save money by purchasing the hourly compute power of someone else’s unused EC2 instance. The “Spot Price” is what you’ll pay. Spot instances are useful for running tasks that aren’t critical, and can also be interrupted without disruption (AWS calls these “fault-tolerant” workloads). Think batch jobs, compute-intensive analysis, temporary auto-scaling to meet a short-term spike or another similar usage.
OPTIMIZED EC2 INSTANCE
Compute, memory, and storage-optimized EC2 instances are also available. These instances are designed to deliver an optimized service level for a specific area (storage, memory, or compute). For example, optimized compute instances offer dedicated CPUs of specific varieties and speeds, along with standard network bandwidth and storage options. Storage optimized instances provide optimized access to local storage access (i.e. on the same host) – options include NVMe SSDs or HDDs combined with standard selections for vCPU and memory.
DEDICATED INSTANCE / RESERVED
These are virtual private cloud (VPC) instances that are blocked for use by a single customer. They are Isolated at the host level, so all instances running on the host would be reserved for a single customer. But there’s another option if you want even more isolation and control over your infrastructure.
DEDICATED HOST
Dedicated Hosts enable the same level of isolation as Dedicated Instances, but additionally, they give you visibility into the physical host. This is required if your applications use libraries and frameworks with licensing terms that restrict them to a single server. Or some applications may need to be hosted on a dedicated server for compliance purposes. In these cases, a Dedicated Instance is your only option.
PRICING
ON-DEMAND PRICING
With on-demand pricing, you pay by the hour for usage of an AWS instance.
- The benefit of on-demand pricing is that you don’t have to plan in advance how many instances you need. This gives you maximum flexibility.
- However, it comes at a cost. On-demand pricing is the highest of the lot.
SPOT INSTANCES
With Spot Instances, users bid for the price of spare EC2 Instances. There’s a market price for spare instances, and only if this market price meets your instance will you be allotted the instance. Similarly, when the market price reduces, you’ll automatically lose your instance so your charge doesn’t shoot up. This model is a bit more complex than on-demand pricing, but it could save 50-90% of your total costs.
RESERVED INSTANCES
Finally, if you can reliably predict approximately how much compute resources your applications need in advance, you should consider Reserved Instances (RIs).
Dedicated hosts
Explain Security groups in EC2
- A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic.
- Blocks all traffic EXCEPT the PORTS, PROTOCOLS, and SOURCES you specify.
For instance, access throw HTTP (if it is a web server), or SQL, the ports, etc.
All inbound traffic is blocked by default, but you can go and enable individual ports.
EC2 can be assigned to multiple security groups.
Every time you make a change in the security group, that change took effect immediately. (exam question)
All outbound is enabled by default.
The security Group is assigned to a VPC. When you create an instance of EC2, the security group that you can select are the ones that were created on the VPC selected
What is IAM?
Identity Access Management:
- Core service in AWS that helps you control access to RESOURCES (S3, lambda, etc)
- The users perform ACTIONS to resources (create a bucket in S3)
- Authorizations to make ACTIONS depends on POLICIES
What is a VPC
A Virtual Private CLoud is your isolated network in the cloud.
A VPC should be from ONE “region” but could have elements from different “Availability Zones” (data centers).
The subnets inside a VPC (subnetworks inside your VPC), each of them should be on one Availability Zone. So you can’t have a subnet that is in 2 Availability Zones.
Inside the VPC you have your own IP Range and every subnet has a subset of the VPC range.
https://www.youtube.com/watch?v=bGDMeD6kOz0&ab_channel=SamMeech-Ward
What do you use to control the access to a VPC?
- You can have SECURITY GROUPS inside the VPC, and assign for each EC2 instance used inside the subnets, a security group, to control the input and output of data.
AWS Security Groups help you secure your cloud environment by controlling how traffic will be allowed into your EC2 machines. With Security Groups, you can ensure that all the traffic that flows at the instance level is only through your established ports and protocols.
- And for the connections to the VPC, we can use Network Access Control List (NACL).
A Network Access Control List (NACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.
What you can do to make a Subnet private?
You can
- BLOCK outgoing to internet
- set No Public IP
Sometimes you want your private subnet to connect to the internet to upgrade the packages for example. We can do that by redirecting outgoing access to the internet throw a NAT GATEWAY (NAT = Network Address Translation). So with that you can access internet INDIRECTLY
what is EBS? Name the 5 different types
Amazon Elastic Block Storage is basically a virtual hard disk storage in the cloud.
It is automatically replicated between different Availability Zones to protect you from failure. But the volume will always be in the same availability zone as the instance of the EC2
The 5 different types are:
- General Purposse (SSD)
- Provisioned IOPS (SSD)
- Throughput optimised Hard disk drive (magnetic, not SSD)
- Cold Hard Disk Drive
- Magnetic
https://docs.google.com/document/d/1h7O_-Wyt2EnBkFQ54WM2t7mVVirwVlwDo50OLuNK–I/edit
